From 89e218e5612cbcdf209c5b81a53d4db82854f529 Mon Sep 17 00:00:00 2001
From: Conor Patrick <conorpp94@gmail.com>
Date: Sun, 27 Oct 2019 08:58:12 -0400
Subject: [PATCH] lock flash based on state setting

---
 targets/stm32l432/src/app.h           |  5 +++++
 targets/stm32l432/src/device.c        | 10 +++++++---
 targets/stm32l432/src/flash.c         | 13 ++++---------
 targets/stm32l432/src/memory_layout.h |  7 +++++--
 4 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/targets/stm32l432/src/app.h b/targets/stm32l432/src/app.h
index 351e4ca..6b0dbe8 100644
--- a/targets/stm32l432/src/app.h
+++ b/targets/stm32l432/src/app.h
@@ -9,6 +9,8 @@
 #include <stdint.h>
 #include "version.h"
 
+#define SOLO
+
 #define DEBUG_UART      USART1
 
 #ifndef DEBUG_LEVEL
@@ -46,6 +48,9 @@
 void printing_init();
 void hw_init(int lf);
 
+// Return 1 if Solo is secure/locked.
+int solo_is_locked();
+
 //#define TEST
 //#define TEST_POWER
 
diff --git a/targets/stm32l432/src/device.c b/targets/stm32l432/src/device.c
index 2285038..9b22cc0 100644
--- a/targets/stm32l432/src/device.c
+++ b/targets/stm32l432/src/device.c
@@ -191,6 +191,11 @@ void device_init_button(void)
     }
 }
 
+int solo_is_locked(){
+    uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags;
+    return (flags & SOLO_FLAG_LOCKED) != 0;
+}
+
 /** device_migrate
  * Depending on version of device, migrates:
  * * Moves attestation certificate to data segment. 
@@ -208,10 +213,9 @@ static void device_migrate(){
 
     AuthenticatorState state;
     authenticator_read_state(&state);
-    printf1(TAG_GREEN,"flags: %02x\r\n", state.flags);
-    // if (state.flags == 0xFF)
+    if (state.flags == 0xFF)
     {
-        printf1(TAG_GREEN,"MIGRATING\r\n");
+        printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
         // do migrate.
         state.flags = 0;
 
diff --git a/targets/stm32l432/src/flash.c b/targets/stm32l432/src/flash.c
index 0dec23d..355b206 100644
--- a/targets/stm32l432/src/flash.c
+++ b/targets/stm32l432/src/flash.c
@@ -13,6 +13,7 @@
 #include "flash.h"
 #include "log.h"
 #include "device.h"
+#include "app.h"
 
 static void flash_lock(void)
 {
@@ -31,16 +32,10 @@ static void flash_unlock(void)
 // Locks flash and turns off DFU
 void flash_option_bytes_init(int boot_from_dfu)
 {
-#ifndef FLASH_ROP
-#define FLASH_ROP 0
-#endif
-#if FLASH_ROP == 0
     uint32_t val = 0xfffff8aa;
-#elif FLASH_ROP == 2
-    uint32_t val = 0xfffff8cc;
-#else
-    uint32_t val = 0xfffff8b9;
-#endif
+    if (solo_is_locked()){
+        val = 0xfffff8cc;
+    }
 
     if (boot_from_dfu)
     {
diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h
index 88002bf..19a3356 100644
--- a/targets/stm32l432/src/memory_layout.h
+++ b/targets/stm32l432/src/memory_layout.h
@@ -17,8 +17,11 @@
 #define	COUNTER1_PAGE	(PAGES - 3)
 
 // State of FIDO2 application
-#define	STATE2_PAGE		(PAGES - 2)
-#define	STATE1_PAGE		(PAGES - 1)
+#define	STATE2_PAGE		      (PAGES - 2)
+#define	STATE1_PAGE		      (PAGES - 1)
+
+#define	STATE1_PAGE_ADDR		(0x08000000 + ((STATE1_PAGE)*PAGE_SIZE)) 
+#define	STATE2_PAGE_ADDR		(0x08000000 + ((STATE2_PAGE)*PAGE_SIZE)) 
 
 // Storage of FIDO2 resident keys
 #define RK_NUM_PAGES    10