lock flash based on state setting

2019-10-27 08:58:12 -04:00 · 2019-10-27 08:58:12 -04:00 · 89e218e561
commit 89e218e561
parent 666cd6a0ba
4 changed files with 21 additions and 14 deletions
--- a/targets/stm32l432/src/app.h
+++ b/targets/stm32l432/src/app.h
@ -9,6 +9,8 @@
 #include <stdint.h>
 #include "version.h"

+#define SOLO
+
 #define DEBUG_UART      USART1

 #ifndef DEBUG_LEVEL
@ -46,6 +48,9 @@
 void printing_init();
 void hw_init(int lf);

+// Return 1 if Solo is secure/locked.
+int solo_is_locked();
+
 //#define TEST
 //#define TEST_POWER

--- a/targets/stm32l432/src/device.c
+++ b/targets/stm32l432/src/device.c
@ -191,6 +191,11 @@ void device_init_button(void)
    }
 }

+int solo_is_locked(){
+    uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags;
+    return (flags & SOLO_FLAG_LOCKED) != 0;
+}
+
 /** device_migrate
 * Depending on version of device, migrates:
 * * Moves attestation certificate to data segment. 
@ -208,10 +213,9 @@ static void device_migrate(){

    AuthenticatorState state;
    authenticator_read_state(&state);
-    printf1(TAG_GREEN,"flags: %02x\r\n", state.flags);
-    // if (state.flags == 0xFF)
+    if (state.flags == 0xFF)
    {
-        printf1(TAG_GREEN,"MIGRATING\r\n");
+        printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
        // do migrate.
        state.flags = 0;

--- a/targets/stm32l432/src/flash.c
+++ b/targets/stm32l432/src/flash.c
@ -13,6 +13,7 @@
 #include "flash.h"
 #include "log.h"
 #include "device.h"
+#include "app.h"

 static void flash_lock(void)
 {
@ -31,16 +32,10 @@ static void flash_unlock(void)
 // Locks flash and turns off DFU
 void flash_option_bytes_init(int boot_from_dfu)
 {
-#ifndef FLASH_ROP
-#define FLASH_ROP 0
-#endif
-#if FLASH_ROP == 0
    uint32_t val = 0xfffff8aa;
-#elif FLASH_ROP == 2
-    uint32_t val = 0xfffff8cc;
-#else
-    uint32_t val = 0xfffff8b9;
-#endif
+    if (solo_is_locked()){
+        val = 0xfffff8cc;
+    }

    if (boot_from_dfu)
    {
--- a/targets/stm32l432/src/memory_layout.h
+++ b/targets/stm32l432/src/memory_layout.h
@ -20,6 +20,9 @@
 #define	STATE2_PAGE		      (PAGES - 2)
 #define	STATE1_PAGE		      (PAGES - 1)

+#define	STATE1_PAGE_ADDR		(0x08000000 + ((STATE1_PAGE)*PAGE_SIZE)) 
+#define	STATE2_PAGE_ADDR		(0x08000000 + ((STATE2_PAGE)*PAGE_SIZE)) 
+
 // Storage of FIDO2 resident keys
 #define RK_NUM_PAGES    10
 #define RK_START_PAGE   (PAGES - 14)