lock flash based on state setting
This commit is contained in:
Conor Patrick
parent
666cd6a0ba
commit
89e218e561
@ -9,6 +9,8 @@
|
|||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include "version.h"
|
#include "version.h"
|
||||||
|
|
||||||
|
#define SOLO
|
||||||
|
|
||||||
#define DEBUG_UART USART1
|
#define DEBUG_UART USART1
|
||||||
|
|
||||||
#ifndef DEBUG_LEVEL
|
#ifndef DEBUG_LEVEL
|
||||||
@ -46,6 +48,9 @@
|
|||||||
void printing_init();
|
void printing_init();
|
||||||
void hw_init(int lf);
|
void hw_init(int lf);
|
||||||
|
|
||||||
|
// Return 1 if Solo is secure/locked.
|
||||||
|
int solo_is_locked();
|
||||||
|
|
||||||
//#define TEST
|
//#define TEST
|
||||||
//#define TEST_POWER
|
//#define TEST_POWER
|
||||||
|
|
||||||
|
|||||||
@ -191,6 +191,11 @@ void device_init_button(void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int solo_is_locked(){
|
||||||
|
uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags;
|
||||||
|
return (flags & SOLO_FLAG_LOCKED) != 0;
|
||||||
|
}
|
||||||
|
|
||||||
/** device_migrate
|
/** device_migrate
|
||||||
* Depending on version of device, migrates:
|
* Depending on version of device, migrates:
|
||||||
* * Moves attestation certificate to data segment.
|
* * Moves attestation certificate to data segment.
|
||||||
@ -208,10 +213,9 @@ static void device_migrate(){
|
|||||||
|
|
||||||
AuthenticatorState state;
|
AuthenticatorState state;
|
||||||
authenticator_read_state(&state);
|
authenticator_read_state(&state);
|
||||||
printf1(TAG_GREEN,"flags: %02x\r\n", state.flags);
|
if (state.flags == 0xFF)
|
||||||
// if (state.flags == 0xFF)
|
|
||||||
{
|
{
|
||||||
printf1(TAG_GREEN,"MIGRATING\r\n");
|
printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
|
||||||
// do migrate.
|
// do migrate.
|
||||||
state.flags = 0;
|
state.flags = 0;
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,7 @@
|
|||||||
#include "flash.h"
|
#include "flash.h"
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "device.h"
|
#include "device.h"
|
||||||
|
#include "app.h"
|
||||||
|
|
||||||
static void flash_lock(void)
|
static void flash_lock(void)
|
||||||
{
|
{
|
||||||
@ -31,16 +32,10 @@ static void flash_unlock(void)
|
|||||||
// Locks flash and turns off DFU
|
// Locks flash and turns off DFU
|
||||||
void flash_option_bytes_init(int boot_from_dfu)
|
void flash_option_bytes_init(int boot_from_dfu)
|
||||||
{
|
{
|
||||||
#ifndef FLASH_ROP
|
|
||||||
#define FLASH_ROP 0
|
|
||||||
#endif
|
|
||||||
#if FLASH_ROP == 0
|
|
||||||
uint32_t val = 0xfffff8aa;
|
uint32_t val = 0xfffff8aa;
|
||||||
#elif FLASH_ROP == 2
|
if (solo_is_locked()){
|
||||||
uint32_t val = 0xfffff8cc;
|
val = 0xfffff8cc;
|
||||||
#else
|
}
|
||||||
uint32_t val = 0xfffff8b9;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if (boot_from_dfu)
|
if (boot_from_dfu)
|
||||||
{
|
{
|
||||||
|
|||||||
@ -20,6 +20,9 @@
|
|||||||
#define STATE2_PAGE (PAGES - 2)
|
#define STATE2_PAGE (PAGES - 2)
|
||||||
#define STATE1_PAGE (PAGES - 1)
|
#define STATE1_PAGE (PAGES - 1)
|
||||||
|
|
||||||
|
#define STATE1_PAGE_ADDR (0x08000000 + ((STATE1_PAGE)*PAGE_SIZE))
|
||||||
|
#define STATE2_PAGE_ADDR (0x08000000 + ((STATE2_PAGE)*PAGE_SIZE))
|
||||||
|
|
||||||
// Storage of FIDO2 resident keys
|
// Storage of FIDO2 resident keys
|
||||||
#define RK_NUM_PAGES 10
|
#define RK_NUM_PAGES 10
|
||||||
#define RK_START_PAGE (PAGES - 14)
|
#define RK_START_PAGE (PAGES - 14)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user