Skip to content
Permalink
Browse files

introduce new memory layout

firmware header is now stored with code, not within the storage sectors
  • Loading branch information...
prusnak committed Jan 27, 2019
1 parent fe39d10 commit 07231d936e41335b3ec44c4c6eb336be006890d0
@@ -134,8 +134,10 @@ endif

ifeq ($(MEMORY_PROTECT), 0)
CFLAGS += -DMEMORY_PROTECT=0
$(info MEMORY_PROTECT=0)
else
CFLAGS += -DMEMORY_PROTECT=1
$(info MEMORY_PROTECT=1)
endif

ifeq ($(DEBUG_RNG), 1)
@@ -159,7 +161,7 @@ flash: $(NAME).bin
$(OPENOCD) -c "init; reset halt; flash write_image erase $(NAME).bin 0x8000000; exit"

upload: sign
trezorctl firmware_update -f $(NAME).bin
trezorctl firmware_update -f $(NAME).bin -s

sign: $(NAME).bin
$(PYTHON) ../bootloader/firmware_sign.py -f $(NAME).bin
@@ -24,6 +24,7 @@
#include <libopencm3/cm3/scb.h>

#include "bootloader.h"
#include "signatures.h"
#include "buttons.h"
#include "setup.h"
#include "usb.h"
@@ -33,8 +34,9 @@
#include "layout.h"
#include "rng.h"
#include "timer.h"
#include "memory.h"

void layoutFirmwareHash(const uint8_t *hash)
void layoutFirmwareFingerprint(const uint8_t *hash)
{
char str[4][17];
for (int i = 0; i < 4; i++) {
@@ -43,68 +45,53 @@ void layoutFirmwareHash(const uint8_t *hash)
layoutDialog(&bmp_icon_question, "Abort", "Continue", "Compare fingerprints", str[0], str[1], str[2], str[3], NULL, NULL);
}

void show_halt(void)
bool get_button_response(void)
{
do {
delay(100000);
buttonUpdate();
} while (!button.YesUp && !button.NoUp);
return button.YesUp;
}

static void show_halt(void)
{
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Unofficial firmware", "aborted.", NULL, "Unplug your TREZOR", "contact our support.", NULL);
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Unofficial firmware", "aborted.", NULL, "Unplug your TREZOR,", "reinstall firmware.", NULL);
shutdown();
}

void show_unofficial_warning(const uint8_t *hash)
static void show_unofficial_warning(const uint8_t *hash)
{
layoutDialog(&bmp_icon_warning, "Abort", "I'll take the risk", NULL, "WARNING!", NULL, "Unofficial firmware", "detected.", NULL, NULL);

do {
delay(100000);
buttonUpdate();
} while (!button.YesUp && !button.NoUp);

if (button.NoUp) {
show_halt(); // no button was pressed -> halt
bool but = get_button_response();
if (!but) { // no button was pressed -> halt
show_halt();
}

layoutFirmwareHash(hash);
layoutFirmwareFingerprint(hash);

do {
delay(100000);
buttonUpdate();
} while (!button.YesUp && !button.NoUp);

if (button.NoUp) {
show_halt(); // no button was pressed -> halt
but = get_button_response();
if (!but) { // no button was pressed -> halt
show_halt();
}

// everything is OK, user pressed 2x Continue -> continue program
}

void __attribute__((noreturn)) load_app(int signed_firmware)
static void __attribute__((noreturn)) load_app(int signed_firmware)
{
// zero out SRAM
memset_reg(_ram_start, _ram_end, 0);

jump_to_firmware((const vector_table_t *) FLASH_PTR(FLASH_APP_START), signed_firmware);
}

bool firmware_present(void)
{
#ifndef APPVER
if (memcmp(FLASH_PTR(FLASH_META_MAGIC), "TRZR", 4)) { // magic does not match
return false;
}
if (*((const uint32_t *)FLASH_PTR(FLASH_META_CODELEN)) < 4096) { // firmware reports smaller size than 4kB
return false;
}
if (*((const uint32_t *)FLASH_PTR(FLASH_META_CODELEN)) > FLASH_TOTAL_SIZE - (FLASH_APP_START - FLASH_ORIGIN)) { // firmware reports bigger size than flash size
return false;
}
#endif
return true;
}

void bootloader_loop(void)
static void bootloader_loop(void)
{
oledClear();
oledDrawBitmap(0, 0, &bmp_logo64);
if (firmware_present()) {
if (firmware_present_new()) {
oledDrawStringCenter(90, 10, "TREZOR", FONT_STANDARD);
oledDrawStringCenter(90, 30, "Bootloader", FONT_STANDARD);
oledDrawStringCenter(90, 50, VERSTR(VERSION_MAJOR) "." VERSTR(VERSION_MINOR) "." VERSTR(VERSION_PATCH), FONT_STANDARD);
@@ -115,7 +102,7 @@ void bootloader_loop(void)
}
oledRefresh();

usbLoop(firmware_present());
usbLoop();
}

int main(void)
@@ -136,19 +123,26 @@ int main(void)
uint16_t state = gpio_port_read(BTN_PORT);
int unpressed = ((state & BTN_PIN_YES) == BTN_PIN_YES || (state & BTN_PIN_NO) == BTN_PIN_NO);

if (firmware_present() && unpressed) {
if (firmware_present_new() && unpressed) {

oledClear();
oledDrawBitmap(40, 0, &bmp_logo64_empty);
oledRefresh();

uint8_t hash[32];
int signed_firmware = signatures_ok(hash);
const image_header *hdr = (const image_header *)FLASH_PTR(FLASH_FWHEADER_START);

uint8_t fingerprint[32];
int signed_firmware = signatures_new_ok(hdr, fingerprint);
if (SIG_OK != signed_firmware) {
show_unofficial_warning(hash);
show_unofficial_warning(fingerprint);
timer_init();
}

if (SIG_OK != check_firmware_hashes(hdr)) {
layoutDialog(&bmp_icon_error, NULL, NULL, NULL, "Broken firmware", "detected.", NULL, "Unplug your TREZOR,", "reinstall firmware.", NULL);
shutdown();
}

mpu_config_off();
load_app(signed_firmware);
}
@@ -21,20 +21,20 @@
#define __BOOTLOADER_H__

#define VERSION_MAJOR 1
#define VERSION_MINOR 6
#define VERSION_PATCH 1
#define VERSION_MINOR 8
#define VERSION_PATCH 0

#define STR(X) #X
#define VERSTR(X) STR(X)

#define VERSION_MAJOR_CHAR "\x01"
#define VERSION_MINOR_CHAR "\x06"
#define VERSION_PATCH_CHAR "\x01"
#define VERSION_MINOR_CHAR "\x08"
#define VERSION_PATCH_CHAR "\x00"

#include <stdint.h>
#include <stdbool.h>
#include "memory.h"

void layoutFirmwareHash(const uint8_t *hash);
bool firmware_present(void);
void layoutFirmwareFingerprint(const uint8_t *hash);
bool get_button_response(void);

#endif
@@ -1,4 +1,4 @@
#!/usr/bin/env python
#!/usr/bin/env python3
import sys
import os

0 comments on commit 07231d9

Please sign in to comment.
You can’t perform that action at this time.