From e4e0a3a84ef7c56964048bcc9417a98ba92a3ab5 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 5 Aug 2019 16:44:08 +0200 Subject: [PATCH 01/27] Add code responsible for firmware version verification in the bootloader --- targets/stm32l432/bootloader/bootloader.c | 68 +++++++++++++++++++---- targets/stm32l432/src/memory_layout.h | 2 +- 2 files changed, 59 insertions(+), 11 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index db22f2d..f41755d 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -19,6 +19,12 @@ #include "ctap_errors.h" #include "log.h" +static volatile version_t current_firmware_version __attribute__ ((section (".flag2"))) __attribute__ ((__used__)) = { + .major = SOLO_VERSION_MAJ, + .minor = SOLO_VERSION_MIN, + .patch = SOLO_VERSION_PATCH, + .reserved = 0 +}; extern uint8_t REBOOT_FLAG; @@ -57,6 +63,9 @@ static void erase_application() } #define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) +#define VERSION_ADDR (AUTH_WORD_ADDR-8) +#define BOOT_VERSION_PAGE (APPLICATION_START_PAGE-1) +#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE) #define LAST_PAGE (APPLICATION_END_PAGE-1) static void disable_bootloader() { @@ -103,6 +112,39 @@ int is_bootloader_disabled() return *auth == 0; } +#include "version.h" +bool is_firmware_version_newer_or_equal() +{ + printf1(TAG_BOOT,"Current firmware version: %d.%d.%d.%d\r\n", + current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved); + volatile version_t new_version = *((volatile version_t *) VERSION_ADDR); + printf1(TAG_BOOT,"Uploaded firmware version: %d.%d.%d.%d\r\n", + new_version.major, new_version.minor, new_version.patch, new_version.reserved); + dump_hex1(TAG_BOOT, (uint32_t *) VERSION_ADDR, 20); + + printf1(TAG_BOOT,"AUTH_WORD_ADDR: %p\r\n", AUTH_WORD_ADDR); + printf1(TAG_BOOT,"VERSION_ADDR: %p\r\n", VERSION_ADDR); + printf1(TAG_BOOT,"APPLICATION_END_ADDR: %p\r\n", APPLICATION_END_ADDR); + printf1(TAG_BOOT,"BOOT_VERSION_ADDR: %p\r\n", BOOT_VERSION_ADDR); + printf1(TAG_BOOT,"BOOT_VERSION_PAGE: %d\r\n", BOOT_VERSION_PAGE); + + const bool allowed = is_newer(&new_version, ¤t_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF; + if (allowed){ + printf1(TAG_BOOT, "Update allowed, setting new firmware version as current.\r\n"); +// current_firmware_version.raw = new_version.raw; + uint8_t page[PAGE_SIZE]; + memmove(page, (uint8_t*)BOOT_VERSION_ADDR, PAGE_SIZE); + memmove(page, &new_version, 4); + printf1(TAG_BOOT, "Writing\r\n"); + flash_erase_page(BOOT_VERSION_PAGE); + flash_write(BOOT_VERSION_ADDR, page, PAGE_SIZE); + printf1(TAG_BOOT, "Finish\r\n"); + } else { + printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n"); + } + return allowed; +} + /** * Execute bootloader commands * @param klen key length - length of the bootloader request @@ -125,10 +167,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) return CTAP1_ERR_INVALID_LENGTH; } #ifndef SOLO_HACKER - uint8_t * pubkey = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20" - "\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce" - "\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7" - "\x1f\xa8\x14\xf2"; + extern uint8_t *pubkey_nitrokey_boot; const struct uECC_Curve_t * curve = NULL; #endif @@ -148,6 +187,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) || ((uint32_t)ptr+len) > APPLICATION_END_ADDR) { printf1(TAG_BOOT,"Bound exceeded [%08lx, %08lx]\r\n",APPLICATION_START_ADDR,APPLICATION_END_ADDR); + printf1(TAG_BOOT, "Expected version addrs: %p, %p\r\n", BOOT_VERSION_ADDR, VERSION_ADDR); return CTAP2_ERR_NOT_ALLOWED; } @@ -170,7 +210,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) break; case BootDone: // Writing to flash finished. Request code validation. - printf1(TAG_BOOT, "BootDone: "); + printf1(TAG_BOOT, "BootDone: \r\n"); #ifndef SOLO_HACKER if (len != 64) { @@ -185,17 +225,24 @@ int bootloader_bridge(int klen, uint8_t * keyh) crypto_sha256_final(hash); curve = uECC_secp256r1(); // Verify incoming signature made over the SHA256 hash - if (! uECC_verify(pubkey, - hash, - 32, - req->payload, - curve)) + if ( + !uECC_verify(pubkey_nitrokey_boot, hash, 32, req->payload, curve) + ) { + printf1(TAG_BOOT, "Signature invalid\r\n"); return CTAP2_ERR_OPERATION_DENIED; } #endif + if (!is_firmware_version_newer_or_equal()){ + printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n"); + dump_hex1(TAG_BOOT, (uint32_t *) VERSION_ADDR, 20); + printf1(TAG_BOOT, "Rebooting...\r\n"); + REBOOT_FLAG = 1; + return CTAP2_ERR_OPERATION_DENIED; + } // Set the application validated, and mark for reboot. authorize_application(); + REBOOT_FLAG = 1; break; case BootCheck: @@ -218,6 +265,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) break; case BootReboot: printf1(TAG_BOOT, "BootReboot.\r\n"); + printf1(TAG_BOOT, "Application authorized: %d.\r\n", is_authorized_to_boot()); REBOOT_FLAG = 1; break; case BootDisable: diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 71178dc..c9c832b 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -27,7 +27,7 @@ // Start of application code #ifndef APPLICATION_START_PAGE -#define APPLICATION_START_PAGE (10) +#define APPLICATION_START_PAGE (11) #endif #define APPLICATION_START_ADDR (0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE)) From d618081dd0475a2edd1e3f382ebd73ee5a26337e Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Mon, 5 Aug 2019 16:58:35 +0200 Subject: [PATCH 02/27] Add version code --- fido2/version.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/fido2/version.h b/fido2/version.h index fe5f293..95c98f3 100644 --- a/fido2/version.h +++ b/fido2/version.h @@ -17,5 +17,21 @@ #define SOLO_VERSION __STR(SOLO_VERSION_MAJ) "." __STR(SOLO_VERSION_MIN) "." __STR(SOLO_VERSION_PATCH) #endif +#include +#include + +typedef struct { + union{ + uint32_t raw; + struct { + uint8_t major; + uint8_t minor; + uint8_t patch; + uint8_t reserved; + }; + }; +} version_t; + +bool is_newer(const version_t* const newer, const version_t* const older); #endif From beb5a5892cbc357b923093c86023b2507eacd5a3 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 6 Aug 2019 16:45:12 +0200 Subject: [PATCH 03/27] Add linker scripts --- .../stm32l432/linker/bootloader_stm32l4xx.ld | 13 +++++++++++ targets/stm32l432/linker/stm32l4xx.ld | 23 ++++++++++++++++--- 2 files changed, 33 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx.ld b/targets/stm32l432/linker/bootloader_stm32l4xx.ld index cccd9c6..53b87cf 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx.ld @@ -12,9 +12,17 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; +/* +flash2 is for storing bootloader data, like last used firmware version. +_bconfig_start should be equal to (APPLICATION_START_PAGE-1) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +*/ + +_bconfig_start = 0x08000000 + 10*2048; + MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 20K + flash2 (rx) : ORIGIN = 0x08000000 + 10*2048, LENGTH = 2K ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -39,6 +47,11 @@ SECTIONS _etext = .; } >flash + .flag2 _bconfig_start : + { + KEEP(*(.flag2)) ; + } > flash2 + _sidata = LOADADDR(.data); .data : diff --git a/targets/stm32l432/linker/stm32l4xx.ld b/targets/stm32l432/linker/stm32l4xx.ld index 4e43df7..d5c53f2 100644 --- a/targets/stm32l432/linker/stm32l4xx.ld +++ b/targets/stm32l432/linker/stm32l4xx.ld @@ -14,13 +14,23 @@ _MIN_STACK_SIZE = 0x400; /* Memory layout of device: - 20 KB 198KB-8 38 KB - | bootloader | application | secrets/data | + 20+2 KB 198KB-2KB -8 38 KB + | bootloader | application | secrets/data | + + Last 8 bytes in application space are occupied by bootloader flags - app + authorization and bootloader activation flag. */ +/* Current firmware version number +Should be equal to (APPLICATION_END_ADDR-8) from targets/stm32l432/src/memory_layout.h:40 */ +_version_start = 0x08000000 + (128-19)*2048-8-8; + +/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ + MEMORY { - flash (rx) : ORIGIN = 0x08005000, LENGTH = 198K - 8 + flash (rx) : ORIGIN = 0x08005000 + 2K, LENGTH = 198K - 8 - 8 - 2K + flash_v (rx) : ORIGIN = 0x08000000 + (128-19)*2048 - 8 - 8, LENGTH = 8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -47,6 +57,13 @@ SECTIONS _sidata = LOADADDR(.data); + + .flag _version_start : + { + KEEP(*(.flag)) ; + } > flash_v + + .data : { . = ALIGN(8); From 118e1291522f69db56fa94ade751c1c12279fc57 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 6 Aug 2019 16:46:20 +0200 Subject: [PATCH 04/27] Set firmware version in the flash --- fido2/version.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 fido2/version.c diff --git a/fido2/version.c b/fido2/version.c new file mode 100644 index 0000000..dd8da5b --- /dev/null +++ b/fido2/version.c @@ -0,0 +1,13 @@ +#include "version.h" + + +static const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) = { + .major = SOLO_VERSION_MAJ, + .minor = SOLO_VERSION_MIN, + .patch = SOLO_VERSION_PATCH, + .reserved = 0 +}; + +// from tinycbor, for a quick static_assert +#include +cbor_static_assert(sizeof(version_t) == 4); From 9248c6462c6d848611e97d85fc4d025f36ba3cb5 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Tue, 6 Aug 2019 16:56:02 +0200 Subject: [PATCH 05/27] Add missing is_newer and pubkey --- fido2/version_check.c | 8 ++++++++ targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c | 3 +++ 2 files changed, 11 insertions(+) create mode 100644 fido2/version_check.c create mode 100644 targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c diff --git a/fido2/version_check.c b/fido2/version_check.c new file mode 100644 index 0000000..f60d4ef --- /dev/null +++ b/fido2/version_check.c @@ -0,0 +1,8 @@ +#include "version.h" + +// FIXME test version check function +bool is_newer(const version_t* const newer, const version_t* const older){ + return (newer->major > older->major) || + (newer->major == older->major && newer->minor > older->minor) || + (newer->major == older->major && newer->minor == older->minor && newer->patch >= older->patch); +} diff --git a/targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c b/targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c new file mode 100644 index 0000000..6b68745 --- /dev/null +++ b/targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c @@ -0,0 +1,3 @@ +#include "stdint.h" + +uint8_t *pubkey_nitrokey_boot = (uint8_t *) "\x7b\x2a\x9c\xf8\x21\xf6\x91\x40\x9d\x6c\x42\xe1\xbb\xa1\x31\x82\x6c\x25\x39\x31\x5b\x59\x3c\x8e\x07\x8d\xfa\x0a\x3d\x21\x35\x6f\x58\x81\x4c\xf6\xd8\xf5\x6e\x6f\x62\xc8\x32\xd3\x13\x6f\xe1\xd6\x2d\x81\x52\xbf\x5f\x9e\xa9\x29\xc9\x9d\x9e\x2c\x89\x5f\x1b\x68"; From 188a34d1da8b10fe375e9e4a5abdca8dd817a420 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 13:39:16 +0200 Subject: [PATCH 06/27] Add missing Makefile entry. Rename pubkey file. --- .../{pubkey_nitrokey_bootloader.c => pubkey_bootloader.c} | 0 {fido2 => targets/stm32l432/bootloader}/version_check.c | 0 targets/stm32l432/build/bootloader.mk | 1 + 3 files changed, 1 insertion(+) rename targets/stm32l432/bootloader/{pubkey_nitrokey_bootloader.c => pubkey_bootloader.c} (100%) rename {fido2 => targets/stm32l432/bootloader}/version_check.c (100%) diff --git a/targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c b/targets/stm32l432/bootloader/pubkey_bootloader.c similarity index 100% rename from targets/stm32l432/bootloader/pubkey_nitrokey_bootloader.c rename to targets/stm32l432/bootloader/pubkey_bootloader.c diff --git a/fido2/version_check.c b/targets/stm32l432/bootloader/version_check.c similarity index 100% rename from fido2/version_check.c rename to targets/stm32l432/bootloader/version_check.c diff --git a/targets/stm32l432/build/bootloader.mk b/targets/stm32l432/build/bootloader.mk index 4fa4513..473360b 100644 --- a/targets/stm32l432/build/bootloader.mk +++ b/targets/stm32l432/build/bootloader.mk @@ -2,6 +2,7 @@ include build/common.mk # ST related SRC = bootloader/main.c bootloader/bootloader.c +SRC += bootloader/pubkey_bootloader.c bootloader/version_check.c SRC += src/init.c src/redirect.c src/flash.c src/rng.c src/led.c src/device.c SRC += src/fifo.c src/crypto.c src/attestation.c src/sense.c SRC += src/startup_stm32l432xx.s src/system_stm32l4xx.c From 17ceb7b9e87e6ce3dd61040ff59bf928a9404654 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 14:32:53 +0200 Subject: [PATCH 07/27] Make the public key generic --- targets/stm32l432/bootloader/bootloader.c | 4 ++-- targets/stm32l432/bootloader/pubkey_bootloader.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index f41755d..dc9a407 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -167,7 +167,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) return CTAP1_ERR_INVALID_LENGTH; } #ifndef SOLO_HACKER - extern uint8_t *pubkey_nitrokey_boot; + extern uint8_t *pubkey_boot; const struct uECC_Curve_t * curve = NULL; #endif @@ -226,7 +226,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) curve = uECC_secp256r1(); // Verify incoming signature made over the SHA256 hash if ( - !uECC_verify(pubkey_nitrokey_boot, hash, 32, req->payload, curve) + !uECC_verify(pubkey_boot, hash, 32, req->payload, curve) ) { printf1(TAG_BOOT, "Signature invalid\r\n"); diff --git a/targets/stm32l432/bootloader/pubkey_bootloader.c b/targets/stm32l432/bootloader/pubkey_bootloader.c index 6b68745..f3ed754 100644 --- a/targets/stm32l432/bootloader/pubkey_bootloader.c +++ b/targets/stm32l432/bootloader/pubkey_bootloader.c @@ -1,3 +1,3 @@ #include "stdint.h" -uint8_t *pubkey_nitrokey_boot = (uint8_t *) "\x7b\x2a\x9c\xf8\x21\xf6\x91\x40\x9d\x6c\x42\xe1\xbb\xa1\x31\x82\x6c\x25\x39\x31\x5b\x59\x3c\x8e\x07\x8d\xfa\x0a\x3d\x21\x35\x6f\x58\x81\x4c\xf6\xd8\xf5\x6e\x6f\x62\xc8\x32\xd3\x13\x6f\xe1\xd6\x2d\x81\x52\xbf\x5f\x9e\xa9\x29\xc9\x9d\x9e\x2c\x89\x5f\x1b\x68"; +uint8_t *pubkey_boot = (uint8_t *) "\x7b\x2a\x9c\xf8\x21\xf6\x91\x40\x9d\x6c\x42\xe1\xbb\xa1\x31\x82\x6c\x25\x39\x31\x5b\x59\x3c\x8e\x07\x8d\xfa\x0a\x3d\x21\x35\x6f\x58\x81\x4c\xf6\xd8\xf5\x6e\x6f\x62\xc8\x32\xd3\x13\x6f\xe1\xd6\x2d\x81\x52\xbf\x5f\x9e\xa9\x29\xc9\x9d\x9e\x2c\x89\x5f\x1b\x68"; From efddd2f3a844fac8cfc9e4dbee7ab89db4077d4b Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Wed, 7 Aug 2019 14:34:54 +0200 Subject: [PATCH 08/27] Use the same public bootloader key as before --- targets/stm32l432/bootloader/pubkey_bootloader.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/targets/stm32l432/bootloader/pubkey_bootloader.c b/targets/stm32l432/bootloader/pubkey_bootloader.c index f3ed754..37e0477 100644 --- a/targets/stm32l432/bootloader/pubkey_bootloader.c +++ b/targets/stm32l432/bootloader/pubkey_bootloader.c @@ -1,3 +1,6 @@ #include "stdint.h" -uint8_t *pubkey_boot = (uint8_t *) "\x7b\x2a\x9c\xf8\x21\xf6\x91\x40\x9d\x6c\x42\xe1\xbb\xa1\x31\x82\x6c\x25\x39\x31\x5b\x59\x3c\x8e\x07\x8d\xfa\x0a\x3d\x21\x35\x6f\x58\x81\x4c\xf6\xd8\xf5\x6e\x6f\x62\xc8\x32\xd3\x13\x6f\xe1\xd6\x2d\x81\x52\xbf\x5f\x9e\xa9\x29\xc9\x9d\x9e\x2c\x89\x5f\x1b\x68"; +uint8_t * pubkey_boot = (uint8_t*)"\xd2\xa4\x2f\x8f\xb2\x31\x1c\xc1\xf7\x0c\x7e\x64\x32\xfb\xbb\xb4\xa3\xdd\x32\x20" + "\x0f\x1b\x88\x9c\xda\x62\xc2\x83\x25\x93\xdd\xb8\x75\x9d\xf9\x86\xee\x03\x6c\xce" + "\x34\x47\x71\x36\xb3\xb2\xad\x6d\x12\xb7\xbe\x49\x3e\x20\xa4\x61\xac\xc7\x71\xc7" + "\x1f\xa8\x14\xf2"; From 35e52f49687474bf44c93937111e0c1704776ba7 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Thu, 22 Aug 2019 12:52:50 +0200 Subject: [PATCH 09/27] Initial modification to move bootloader data after the application --- targets/stm32l432/bootloader/bootloader.c | 5 ---- .../stm32l432/linker/bootloader_stm32l4xx.ld | 6 ++--- targets/stm32l432/linker/stm32l4xx.ld | 12 ++++++--- targets/stm32l432/src/memory_layout.h | 25 +++++++++++++++++-- 4 files changed, 35 insertions(+), 13 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index dc9a407..c5b29ef 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -62,11 +62,6 @@ static void erase_application() } } -#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) -#define VERSION_ADDR (AUTH_WORD_ADDR-8) -#define BOOT_VERSION_PAGE (APPLICATION_START_PAGE-1) -#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE) -#define LAST_PAGE (APPLICATION_END_PAGE-1) static void disable_bootloader() { // Clear last 4 bytes of the last application page-1, which is 108th diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx.ld b/targets/stm32l432/linker/bootloader_stm32l4xx.ld index 53b87cf..6b5e6d8 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx.ld @@ -14,15 +14,15 @@ _MIN_STACK_SIZE = 0x400; /* flash2 is for storing bootloader data, like last used firmware version. -_bconfig_start should be equal to (APPLICATION_START_PAGE-1) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +_bconfig_start should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin */ -_bconfig_start = 0x08000000 + 10*2048; +_bconfig_start = 0x08000000 + 216*1024; MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 20K - flash2 (rx) : ORIGIN = 0x08000000 + 10*2048, LENGTH = 2K + flash2 (rx) : ORIGIN = 0x08000000 + 216*1024, LENGTH = 2K ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } diff --git a/targets/stm32l432/linker/stm32l4xx.ld b/targets/stm32l432/linker/stm32l4xx.ld index d5c53f2..e53c246 100644 --- a/targets/stm32l432/linker/stm32l4xx.ld +++ b/targets/stm32l432/linker/stm32l4xx.ld @@ -16,21 +16,27 @@ _MIN_STACK_SIZE = 0x400; Memory layout of device: 20+2 KB 198KB-2KB -8 38 KB | bootloader | application | secrets/data | + -----------> +len | 20 KB/10p| 196KB-8-8/98p | 8B | 2kB/1p | 38 KB/19p | +pos | 0->20 KB | 20->216KB-8-8 | 216KB-8-8->216KB-8 | 216kB -> 218 kB | 218->256 KB | +posp | 0-10 | 10-113 | 113-113 | 113-114 | 113-128 | +desc | bootloader | application | firmware version | bootloader data | secrets/data | Last 8 bytes in application space are occupied by bootloader flags - app authorization and bootloader activation flag. + Previous 8 bytes are application version. */ /* Current firmware version number Should be equal to (APPLICATION_END_ADDR-8) from targets/stm32l432/src/memory_layout.h:40 */ -_version_start = 0x08000000 + (128-19)*2048-8-8; +_version_start = 0x08000000 + 216*1024-8-8; /* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ MEMORY { - flash (rx) : ORIGIN = 0x08005000 + 2K, LENGTH = 198K - 8 - 8 - 2K - flash_v (rx) : ORIGIN = 0x08000000 + (128-19)*2048 - 8 - 8, LENGTH = 8 + flash (rx) : ORIGIN = 0x08000000 + 20K, LENGTH = 196K - 8 - 8 + flash_v (r) : ORIGIN = 0x08000000 + 196K - 8 - 8, LENGTH = 8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index c9c832b..41ff02c 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -27,7 +27,7 @@ // Start of application code #ifndef APPLICATION_START_PAGE -#define APPLICATION_START_PAGE (11) +#define APPLICATION_START_PAGE (10) #endif #define APPLICATION_START_ADDR (0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE)) @@ -37,10 +37,31 @@ // End of application code. Leave some extra room for future data storage. // NOT included in application -#define APPLICATION_END_PAGE ((PAGES - 19)) +#define APPLICATION_END_PAGE ((PAGES - 20)) #define APPLICATION_END_ADDR ((0x08000000 + ((APPLICATION_END_PAGE)*PAGE_SIZE))-8) // Bootloader state. #define AUTH_WORD_ADDR (APPLICATION_END_ADDR) +#define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) +#define VERSION_ADDR (AUTH_WORD_ADDR-8) +#define BOOT_VERSION_PAGE (APPLICATION_END_PAGE) +#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE) +#define LAST_PAGE (APPLICATION_END_PAGE-1) + + +struct flash_memory_st{ + uint8_t bootloader[20*1024]; + uint8_t application[196*1024-16]; + uint8_t app_version[8]; + uint8_t auth_word[8]; + uint8_t bootloader_data[2*1024]; + uint8_t user_data[38*1024]; +} __attribute__((packed)); + +typedef struct flash_memory_st flash_memory_st; + +static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size"); + + #endif From 9ddba5dfc329b9afb032833706710815af411a88 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Aug 2019 17:45:43 +0200 Subject: [PATCH 10/27] Add extra linker script changes --- .../linker/bootloader_stm32l4xx_extra.ld | 13 ++++++++ targets/stm32l432/linker/stm32l4xx_extra.ld | 31 ++++++++++++++++++- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld index 3e1efd7..dcaebf0 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld @@ -12,9 +12,17 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; +/* +flash2 is for storing bootloader data, like last used firmware version. +_bconfig_start should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +*/ + +_bconfig_start = 0x08000000 + 216*1024; + MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 32K + flash2 (rx) : ORIGIN = 0x08000000 + 216*1024, LENGTH = 2K ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -39,6 +47,11 @@ SECTIONS _etext = .; } >flash + .flag2 _bconfig_start : + { + KEEP(*(.flag2)) ; + } > flash2 + _sidata = LOADADDR(.data); .data : diff --git a/targets/stm32l432/linker/stm32l4xx_extra.ld b/targets/stm32l432/linker/stm32l4xx_extra.ld index 6948c90..f6e669b 100644 --- a/targets/stm32l432/linker/stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/stm32l4xx_extra.ld @@ -12,9 +12,31 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; +/* + Memory layout of device: + 20+2 KB 198KB-2KB -8 38 KB + | bootloader | application | secrets/data | + -----------> +len | 32 KB/16p| 184KB-8-8/98p | 8B | 2kB/1p | 38 KB/19p | +pos | 0->32 KB | 32->216KB-8-8 | 216KB-8-8->216KB-8 | 216kB -> 218 kB | 218->256 KB | +posp | 0-16 | 16-113 | 113-113 | 113-114 | 113-128 | +desc | bootloader | application | firmware version | bootloader data | secrets/data | + + Last 8 bytes in application space are occupied by bootloader flags - app + authorization and bootloader activation flag. + Previous 8 bytes are application version. + */ + +/* Current firmware version number +Should be equal to (APPLICATION_END_ADDR-8) from targets/stm32l432/src/memory_layout.h:40 */ +_version_start = 0x08000000 + 216*1024-8-8; + +/* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ + MEMORY { - flash (rx) : ORIGIN = 0x08008000, LENGTH = 186K - 8 + flash (rx) : ORIGIN = 0x08000000 + 20K + 12K, LENGTH = 216K - 20K - 12K - 8 - 8 + flash_v (rx) : ORIGIN = 0x08000000 + 216K - 8 - 8, LENGTH = 8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -41,6 +63,13 @@ SECTIONS _sidata = LOADADDR(.data); + + .flag _version_start : + { + KEEP(*(.flag)) ; + } > flash_v + + .data : { . = ALIGN(8); From 1100b159a9c9f3ffb7fa302a87ecafd5f069b121 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Aug 2019 17:51:22 +0200 Subject: [PATCH 11/27] Refactor. Add debug code. Use %u for unsigned. Use volatile pointer instead of memory storage. --- targets/stm32l432/bootloader/bootloader.c | 30 ++++++++++++++--------- targets/stm32l432/src/memory_layout.h | 2 +- 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index c5b29ef..8a06983 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -110,26 +110,34 @@ int is_bootloader_disabled() #include "version.h" bool is_firmware_version_newer_or_equal() { - printf1(TAG_BOOT,"Current firmware version: %d.%d.%d.%d\r\n", + printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u\r\n", current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved); - volatile version_t new_version = *((volatile version_t *) VERSION_ADDR); - printf1(TAG_BOOT,"Uploaded firmware version: %d.%d.%d.%d\r\n", - new_version.major, new_version.minor, new_version.patch, new_version.reserved); - dump_hex1(TAG_BOOT, (uint32_t *) VERSION_ADDR, 20); + volatile version_t * new_version = ((volatile version_t *) NEW_FW_VERSION_ADDR); + printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u\r\n", + new_version->major, new_version->minor, new_version->patch, new_version->reserved); + dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR, 8); + dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR+8, 8); - printf1(TAG_BOOT,"AUTH_WORD_ADDR: %p\r\n", AUTH_WORD_ADDR); - printf1(TAG_BOOT,"VERSION_ADDR: %p\r\n", VERSION_ADDR); printf1(TAG_BOOT,"APPLICATION_END_ADDR: %p\r\n", APPLICATION_END_ADDR); printf1(TAG_BOOT,"BOOT_VERSION_ADDR: %p\r\n", BOOT_VERSION_ADDR); printf1(TAG_BOOT,"BOOT_VERSION_PAGE: %d\r\n", BOOT_VERSION_PAGE); - const bool allowed = is_newer(&new_version, ¤t_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF; + flash_memory_st * ptr = 0x08000000; + printf1(TAG_BOOT,"AUTH_WORD_ADDR: %p\r\n", AUTH_WORD_ADDR); + printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", NEW_FW_VERSION_ADDR); + printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", ptr->app_version ); + printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", new_version ); + printf1(TAG_BOOT,"current firm add: %p\r\n", ¤t_firmware_version ); + printf1(TAG_BOOT," ptr->bootloader_data "); + dump_hex1(TAG_BOOT, (uint8_t *) ptr->bootloader_data, 8); + + const bool allowed = is_newer(new_version, ¤t_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF; if (allowed){ printf1(TAG_BOOT, "Update allowed, setting new firmware version as current.\r\n"); // current_firmware_version.raw = new_version.raw; uint8_t page[PAGE_SIZE]; memmove(page, (uint8_t*)BOOT_VERSION_ADDR, PAGE_SIZE); - memmove(page, &new_version, 4); + memmove(page, new_version, 4); printf1(TAG_BOOT, "Writing\r\n"); flash_erase_page(BOOT_VERSION_PAGE); flash_write(BOOT_VERSION_ADDR, page, PAGE_SIZE); @@ -182,7 +190,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) || ((uint32_t)ptr+len) > APPLICATION_END_ADDR) { printf1(TAG_BOOT,"Bound exceeded [%08lx, %08lx]\r\n",APPLICATION_START_ADDR,APPLICATION_END_ADDR); - printf1(TAG_BOOT, "Expected version addrs: %p, %p\r\n", BOOT_VERSION_ADDR, VERSION_ADDR); + printf1(TAG_BOOT, "Expected version addrs: %p, %p\r\n", BOOT_VERSION_ADDR, NEW_FW_VERSION_ADDR); return CTAP2_ERR_NOT_ALLOWED; } @@ -230,7 +238,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) #endif if (!is_firmware_version_newer_or_equal()){ printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n"); - dump_hex1(TAG_BOOT, (uint32_t *) VERSION_ADDR, 20); + dump_hex1(TAG_BOOT, (uint32_t *) NEW_FW_VERSION_ADDR, 20); printf1(TAG_BOOT, "Rebooting...\r\n"); REBOOT_FLAG = 1; return CTAP2_ERR_OPERATION_DENIED; diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 41ff02c..7700dab 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -44,7 +44,7 @@ #define AUTH_WORD_ADDR (APPLICATION_END_ADDR) #define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) -#define VERSION_ADDR (AUTH_WORD_ADDR-8) +#define NEW_FW_VERSION_ADDR (AUTH_WORD_ADDR-8) #define BOOT_VERSION_PAGE (APPLICATION_END_PAGE) #define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE) #define LAST_PAGE (APPLICATION_END_PAGE-1) From ea803aab952f569370648daef49f400d8a811dca Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Fri, 23 Aug 2019 17:52:51 +0200 Subject: [PATCH 12/27] Make the flash memory structure depend on the APPLICATION_START_PAGE macro --- targets/stm32l432/src/memory_layout.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 7700dab..60fc3d8 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -51,8 +51,8 @@ struct flash_memory_st{ - uint8_t bootloader[20*1024]; - uint8_t application[196*1024-16]; + uint8_t bootloader[APPLICATION_START_PAGE*2*1024]; + uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-16]; uint8_t app_version[8]; uint8_t auth_word[8]; uint8_t bootloader_data[2*1024]; From 7042b0b656da92eb996cda7dfe3b627fb57f07da Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:08:40 +0200 Subject: [PATCH 13/27] Move app version to the end of the firmware code, without specific address. Move bootloader config 8B forward. --- .../linker/bootloader_stm32l4xx_extra.ld | 2 +- targets/stm32l432/linker/stm32l4xx_extra.ld | 33 +++++++------------ 2 files changed, 13 insertions(+), 22 deletions(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld index dcaebf0..e3087b5 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld @@ -17,7 +17,7 @@ flash2 is for storing bootloader data, like last used firmware version. _bconfig_start should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin */ -_bconfig_start = 0x08000000 + 216*1024; +_bconfig_start = 0x08000000 + 216*1024+8; MEMORY { diff --git a/targets/stm32l432/linker/stm32l4xx_extra.ld b/targets/stm32l432/linker/stm32l4xx_extra.ld index f6e669b..f0784e1 100644 --- a/targets/stm32l432/linker/stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/stm32l4xx_extra.ld @@ -13,30 +13,22 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* - Memory layout of device: - 20+2 KB 198KB-2KB -8 38 KB - | bootloader | application | secrets/data | - -----------> -len | 32 KB/16p| 184KB-8-8/98p | 8B | 2kB/1p | 38 KB/19p | -pos | 0->32 KB | 32->216KB-8-8 | 216KB-8-8->216KB-8 | 216kB -> 218 kB | 218->256 KB | -posp | 0-16 | 16-113 | 113-113 | 113-114 | 113-128 | -desc | bootloader | application | firmware version | bootloader data | secrets/data | +len | 32 KB/16p| 184KB-8-8/98p | 2kB/1p | 38 KB/19p | +pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB | +posp | 0-16 | 16-113 | 113-114 | 113-128 | +desc | bootloader | application | bootloader data | secrets/data | Last 8 bytes in application space are occupied by bootloader flags - app authorization and bootloader activation flag. Previous 8 bytes are application version. */ -/* Current firmware version number -Should be equal to (APPLICATION_END_ADDR-8) from targets/stm32l432/src/memory_layout.h:40 */ -_version_start = 0x08000000 + 216*1024-8-8; - +/* Current firmware version number is stored at the very end of the firmware code */ /* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ MEMORY { - flash (rx) : ORIGIN = 0x08000000 + 20K + 12K, LENGTH = 216K - 20K - 12K - 8 - 8 - flash_v (rx) : ORIGIN = 0x08000000 + 216K - 8 - 8, LENGTH = 8 + flash (rx) : ORIGIN = 0x08000000 + 20K + 12K, LENGTH = 216K - 20K - 12K - 8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -63,13 +55,6 @@ SECTIONS _sidata = LOADADDR(.data); - - .flag _version_start : - { - KEEP(*(.flag)) ; - } > flash_v - - .data : { . = ALIGN(8); @@ -79,6 +64,12 @@ SECTIONS _edata = .; } >ram AT> flash + .flag : + { + . = ALIGN(8); + KEEP(*(.flag)) ; + } > flash + .bss : { . = ALIGN(4); From 40c3c13b07691610a55838c0671f9409b71af191 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:12:26 +0200 Subject: [PATCH 14/27] Correct flash2 region. Rename _bconfig_start->bootloader_configuration. --- targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld index e3087b5..105abd2 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld @@ -14,15 +14,15 @@ _MIN_STACK_SIZE = 0x400; /* flash2 is for storing bootloader data, like last used firmware version. -_bconfig_start should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin */ -_bconfig_start = 0x08000000 + 216*1024+8; +bootloader_configuration = 0x08000000 + 216*1024+8; MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 32K - flash2 (rx) : ORIGIN = 0x08000000 + 216*1024, LENGTH = 2K + flash2 (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -47,7 +47,7 @@ SECTIONS _etext = .; } >flash - .flag2 _bconfig_start : + .flag2 bootloader_configuration : { KEEP(*(.flag2)) ; } > flash2 From 22293f82f27193e84c1e792c4183309e52554693 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:13:30 +0200 Subject: [PATCH 15/27] Rename flash2 -> flash_cfg --- targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld index 105abd2..fbb96da 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx_extra.ld @@ -13,8 +13,8 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* -flash2 is for storing bootloader data, like last used firmware version. -bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +flash_cfg is for storing bootloader data, like last used firmware version. +bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin */ bootloader_configuration = 0x08000000 + 216*1024+8; @@ -22,7 +22,7 @@ bootloader_configuration = 0x08000000 + 216*1024+8; MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 32K - flash2 (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8 + flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -50,7 +50,7 @@ SECTIONS .flag2 bootloader_configuration : { KEEP(*(.flag2)) ; - } > flash2 + } > flash_cfg _sidata = LOADADDR(.data); From 3a1ea275cca44fb0ea204d4a21e1572d688e7b7e Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:16:00 +0200 Subject: [PATCH 16/27] Move _extra* debug linker scripts content to main --- .../stm32l432/linker/bootloader_stm32l4xx.ld | 12 +++---- targets/stm32l432/linker/stm32l4xx.ld | 33 +++++++------------ 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/targets/stm32l432/linker/bootloader_stm32l4xx.ld b/targets/stm32l432/linker/bootloader_stm32l4xx.ld index 6b5e6d8..8460687 100644 --- a/targets/stm32l432/linker/bootloader_stm32l4xx.ld +++ b/targets/stm32l432/linker/bootloader_stm32l4xx.ld @@ -13,16 +13,16 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* -flash2 is for storing bootloader data, like last used firmware version. -_bconfig_start should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash2 origin +flash_cfg is for storing bootloader data, like last used firmware version. +bootloader_configuration should be equal to (APPLICATION_END_PAGE) page address, from targets/stm32l432/src/memory_layout.h:30; and equal to flash_cfg origin */ -_bconfig_start = 0x08000000 + 216*1024; +bootloader_configuration = 0x08000000 + 216*1024+8; MEMORY { flash (rx) : ORIGIN = 0x08000000, LENGTH = 20K - flash2 (rx) : ORIGIN = 0x08000000 + 216*1024, LENGTH = 2K + flash_cfg (rx) : ORIGIN = 0x08000000 + 216*1024+8, LENGTH = 2K-8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -47,10 +47,10 @@ SECTIONS _etext = .; } >flash - .flag2 _bconfig_start : + .flag2 bootloader_configuration : { KEEP(*(.flag2)) ; - } > flash2 + } > flash_cfg _sidata = LOADADDR(.data); diff --git a/targets/stm32l432/linker/stm32l4xx.ld b/targets/stm32l432/linker/stm32l4xx.ld index e53c246..6baad59 100644 --- a/targets/stm32l432/linker/stm32l4xx.ld +++ b/targets/stm32l432/linker/stm32l4xx.ld @@ -13,30 +13,22 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* - Memory layout of device: - 20+2 KB 198KB-2KB -8 38 KB - | bootloader | application | secrets/data | - -----------> -len | 20 KB/10p| 196KB-8-8/98p | 8B | 2kB/1p | 38 KB/19p | -pos | 0->20 KB | 20->216KB-8-8 | 216KB-8-8->216KB-8 | 216kB -> 218 kB | 218->256 KB | -posp | 0-10 | 10-113 | 113-113 | 113-114 | 113-128 | -desc | bootloader | application | firmware version | bootloader data | secrets/data | +len | 32 KB/16p| 184KB-8-8/98p | 2kB/1p | 38 KB/19p | +pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB | +posp | 0-16 | 16-113 | 113-114 | 113-128 | +desc | bootloader | application | bootloader data | secrets/data | Last 8 bytes in application space are occupied by bootloader flags - app authorization and bootloader activation flag. Previous 8 bytes are application version. */ -/* Current firmware version number -Should be equal to (APPLICATION_END_ADDR-8) from targets/stm32l432/src/memory_layout.h:40 */ -_version_start = 0x08000000 + 216*1024-8-8; - +/* Current firmware version number is stored at the very end of the firmware code */ /* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ MEMORY { - flash (rx) : ORIGIN = 0x08000000 + 20K, LENGTH = 196K - 8 - 8 - flash_v (r) : ORIGIN = 0x08000000 + 196K - 8 - 8, LENGTH = 8 + flash (rx) : ORIGIN = 0x08000000 + 20K, LENGTH = 216K - 20K - 8 ram (xrw) : ORIGIN = 0x20000000, LENGTH = 48K sram2 (rw) : ORIGIN = 0x10000000, LENGTH = 16K } @@ -63,13 +55,6 @@ SECTIONS _sidata = LOADADDR(.data); - - .flag _version_start : - { - KEEP(*(.flag)) ; - } > flash_v - - .data : { . = ALIGN(8); @@ -79,6 +64,12 @@ SECTIONS _edata = .; } >ram AT> flash + .flag : + { + . = ALIGN(8); + KEEP(*(.flag)) ; + } > flash + .bss : { . = ALIGN(4); From 7fddd587040ac174fab6e8f2a3326437b0bc7cc4 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:49:31 +0200 Subject: [PATCH 17/27] Bootloader: get uploaded application version from the 4 last bytes of its firmware --- targets/stm32l432/bootloader/bootloader.c | 14 ++++++-------- targets/stm32l432/build/application.mk | 1 + targets/stm32l432/src/memory_layout.h | 2 +- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index 8a06983..e8b79b8 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -19,7 +19,7 @@ #include "ctap_errors.h" #include "log.h" -static volatile version_t current_firmware_version __attribute__ ((section (".flag2"))) __attribute__ ((__used__)) = { +volatile version_t current_firmware_version __attribute__ ((section (".flag2"))) __attribute__ ((__used__)) = { .major = SOLO_VERSION_MAJ, .minor = SOLO_VERSION_MIN, .patch = SOLO_VERSION_PATCH, @@ -106,15 +106,13 @@ int is_bootloader_disabled() uint32_t * auth = (uint32_t *)(AUTH_WORD_ADDR+4); return *auth == 0; } +uint8_t * last_addr; #include "version.h" bool is_firmware_version_newer_or_equal() { - printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u\r\n", - current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved); - volatile version_t * new_version = ((volatile version_t *) NEW_FW_VERSION_ADDR); - printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u\r\n", - new_version->major, new_version->minor, new_version->patch, new_version->reserved); + + volatile version_t * new_version = ((volatile version_t *) last_addr); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR, 8); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR+8, 8); @@ -127,6 +125,7 @@ bool is_firmware_version_newer_or_equal() printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", NEW_FW_VERSION_ADDR); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", ptr->app_version ); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", new_version ); + printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR last_addr: %p\r\n", last_addr ); printf1(TAG_BOOT,"current firm add: %p\r\n", ¤t_firmware_version ); printf1(TAG_BOOT," ptr->bootloader_data "); dump_hex1(TAG_BOOT, (uint8_t *) ptr->bootloader_data, 8); @@ -208,8 +207,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) } // Do the actual write flash_write((uint32_t)ptr,req->payload, len); - - + last_addr = (uint8_t *)ptr + len - 8 + 4; break; case BootDone: // Writing to flash finished. Request code validation. diff --git a/targets/stm32l432/build/application.mk b/targets/stm32l432/build/application.mk index 848887f..d2acd99 100644 --- a/targets/stm32l432/build/application.mk +++ b/targets/stm32l432/build/application.mk @@ -10,6 +10,7 @@ SRC += $(DRIVER_LIBS) $(USB_LIB) SRC += ../../fido2/apdu.c ../../fido2/util.c ../../fido2/u2f.c ../../fido2/test_power.c SRC += ../../fido2/stubs.c ../../fido2/log.c ../../fido2/ctaphid.c ../../fido2/ctap.c SRC += ../../fido2/ctap_parse.c ../../fido2/main.c +SRC += ../../fido2/version.c SRC += ../../fido2/extensions/extensions.c ../../fido2/extensions/solo.c SRC += ../../fido2/extensions/wallet.c diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 60fc3d8..1f32200 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -46,7 +46,7 @@ #define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) #define NEW_FW_VERSION_ADDR (AUTH_WORD_ADDR-8) #define BOOT_VERSION_PAGE (APPLICATION_END_PAGE) -#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE) +#define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8) #define LAST_PAGE (APPLICATION_END_PAGE-1) From cb13fb65deccd26ced2d0493c257b9bc6f54611a Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:51:17 +0200 Subject: [PATCH 18/27] Store version in the bootloader. Debug code. --- fido2/ctap.c | 6 ++++++ fido2/version.c | 2 +- fido2/version.h | 2 ++ targets/stm32l432/bootloader/bootloader.c | 13 +++++++++++++ targets/stm32l432/bootloader/main.c | 8 ++++++++ 5 files changed, 30 insertions(+), 1 deletion(-) diff --git a/fido2/ctap.c b/fido2/ctap.c index dea0f3f..c7b6e62 100644 --- a/fido2/ctap.c +++ b/fido2/ctap.c @@ -1712,8 +1712,14 @@ static void ctap_state_init() ctap_reset_rk(); } +#include "version.h" void ctap_init() { + printf1(TAG_ERR,"Current firmware version address: %p\r\n", &firmware_version); + printf1(TAG_ERR,"Current firmware version: %d.%d.%d.%d (%02x.%02x.%02x.%02x)\r\n", + firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved, + firmware_version.major, firmware_version.minor, firmware_version.patch, firmware_version.reserved + ); crypto_ecc256_init(); authenticator_read_state(&STATE); diff --git a/fido2/version.c b/fido2/version.c index dd8da5b..d8c2252 100644 --- a/fido2/version.c +++ b/fido2/version.c @@ -1,7 +1,7 @@ #include "version.h" -static const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) = { +const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) = { .major = SOLO_VERSION_MAJ, .minor = SOLO_VERSION_MIN, .patch = SOLO_VERSION_PATCH, diff --git a/fido2/version.h b/fido2/version.h index 95c98f3..3671c16 100644 --- a/fido2/version.h +++ b/fido2/version.h @@ -33,5 +33,7 @@ typedef struct { } version_t; bool is_newer(const version_t* const newer, const version_t* const older); +const version_t firmware_version ; + #endif diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index e8b79b8..eec838b 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -112,7 +112,20 @@ uint8_t * last_addr; bool is_firmware_version_newer_or_equal() { + printf1(TAG_BOOT, "Dump last 8 bytes: %p\r\n", last_addr); + dump_hex1(TAG_BOOT, last_addr, 8); + + printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", + current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved, + current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved + ); + dump_hex1(TAG_BOOT, (uint8_t*)(¤t_firmware_version) - 16, 32); volatile version_t * new_version = ((volatile version_t *) last_addr); + printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", + new_version->major, new_version->minor, new_version->patch, new_version->reserved, + new_version->major, new_version->minor, new_version->patch, new_version->reserved + ); + dump_hex1(TAG_BOOT, (uint8_t *) last_addr, 8); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR, 8); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR+8, 8); diff --git a/targets/stm32l432/bootloader/main.c b/targets/stm32l432/bootloader/main.c index c3bf736..1448ea7 100644 --- a/targets/stm32l432/bootloader/main.c +++ b/targets/stm32l432/bootloader/main.c @@ -138,6 +138,14 @@ int main() printf1(TAG_GEN,"recv'ing hid msg \n"); + extern volatile version_t current_firmware_version; + printf1(TAG_BOOT,"Current firmware version address: %p\r\n", ¤t_firmware_version); + printf1(TAG_BOOT,"Current firmware version: %d.%d.%d.%d (%02x.%02x.%02x.%02x)\r\n", + current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved, + current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved + ); + dump_hex1(TAG_BOOT, (uint8_t*)(¤t_firmware_version) - 16, 32); + while(1) { From 9dae7b2e7c570342f2e96bc62957a8a8b819ed94 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:51:47 +0200 Subject: [PATCH 19/27] Makefile: fix flashboot recipe --- targets/stm32l432/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/targets/stm32l432/Makefile b/targets/stm32l432/Makefile index e7db178..8473b7d 100644 --- a/targets/stm32l432/Makefile +++ b/targets/stm32l432/Makefile @@ -90,8 +90,7 @@ flash_dfu: solo.hex bootloader.hex # STM32_Programmer_CLI -c port=usb1 -halt -e all --readunprotect STM32_Programmer_CLI -c port=usb1 -halt -rdu -d all.hex -flashboot: solo.hex bootloader.hex - $(VENV) $(merge_hex) solo.hex bootloader.hex all.hex +flashboot: bootloader.hex STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect STM32_Programmer_CLI -c port=SWD -halt -d bootloader.hex -rst From 8023347c8e535fd283a83da96bcff18ee69d14e0 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:52:24 +0200 Subject: [PATCH 20/27] Makefile: add debug info --- targets/stm32l432/build/application.mk | 1 + targets/stm32l432/build/bootloader.mk | 1 + 2 files changed, 2 insertions(+) diff --git a/targets/stm32l432/build/application.mk b/targets/stm32l432/build/application.mk index d2acd99..6e5e445 100644 --- a/targets/stm32l432/build/application.mk +++ b/targets/stm32l432/build/application.mk @@ -70,6 +70,7 @@ all: $(TARGET).elf %.elf: $(OBJ) $(CC) $^ $(HW) $(LDFLAGS) -o $@ + @echo "Built version: $(VERSION_FLAGS)" %.hex: %.elf $(SZ) $^ diff --git a/targets/stm32l432/build/bootloader.mk b/targets/stm32l432/build/bootloader.mk index 473360b..cc61913 100644 --- a/targets/stm32l432/build/bootloader.mk +++ b/targets/stm32l432/build/bootloader.mk @@ -66,6 +66,7 @@ all: $(TARGET).elf %.elf: $(OBJ) $(CC) $^ $(HW) $(LDFLAGS) -o $@ + arm-none-eabi-size $@ %.hex: %.elf $(CP) -O ihex $^ $(TARGET).hex From 987b04523dddac14bfdfcf0067899b20720296ae Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:52:54 +0200 Subject: [PATCH 21/27] Correct memory layout --- targets/stm32l432/src/memory_layout.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 1f32200..79bd891 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -54,13 +54,17 @@ struct flash_memory_st{ uint8_t bootloader[APPLICATION_START_PAGE*2*1024]; uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-16]; uint8_t app_version[8]; - uint8_t auth_word[8]; - uint8_t bootloader_data[2*1024]; + uint8_t auth_word[4]; + uint8_t bootloader_disabled[4]; + // place for more user data + uint8_t _reserved_application_end_mark[8]; + uint8_t bootloader_data[2*1024-8]; uint8_t user_data[38*1024]; } __attribute__((packed)); typedef struct flash_memory_st flash_memory_st; +#include static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size"); From 74181406fe46b046d463ba8638bcaa01dc401213 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 08:58:53 +0200 Subject: [PATCH 22/27] Rename last_addr->last_written_app_address --- targets/stm32l432/bootloader/bootloader.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index eec838b..b535dd4 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -106,26 +106,26 @@ int is_bootloader_disabled() uint32_t * auth = (uint32_t *)(AUTH_WORD_ADDR+4); return *auth == 0; } -uint8_t * last_addr; +uint8_t * last_written_app_address; #include "version.h" bool is_firmware_version_newer_or_equal() { - printf1(TAG_BOOT, "Dump last 8 bytes: %p\r\n", last_addr); - dump_hex1(TAG_BOOT, last_addr, 8); + printf1(TAG_BOOT, "Dump last 8 bytes: %p\r\n", last_written_app_address); + dump_hex1(TAG_BOOT, last_written_app_address, 8); printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved, current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved ); dump_hex1(TAG_BOOT, (uint8_t*)(¤t_firmware_version) - 16, 32); - volatile version_t * new_version = ((volatile version_t *) last_addr); + volatile version_t * new_version = ((volatile version_t *) last_written_app_address); printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", new_version->major, new_version->minor, new_version->patch, new_version->reserved, new_version->major, new_version->minor, new_version->patch, new_version->reserved ); - dump_hex1(TAG_BOOT, (uint8_t *) last_addr, 8); + dump_hex1(TAG_BOOT, (uint8_t *) last_written_app_address, 8); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR, 8); dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR+8, 8); @@ -138,7 +138,7 @@ bool is_firmware_version_newer_or_equal() printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", NEW_FW_VERSION_ADDR); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", ptr->app_version ); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", new_version ); - printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR last_addr: %p\r\n", last_addr ); + printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR last_written_app_address: %p\r\n", last_written_app_address ); printf1(TAG_BOOT,"current firm add: %p\r\n", ¤t_firmware_version ); printf1(TAG_BOOT," ptr->bootloader_data "); dump_hex1(TAG_BOOT, (uint8_t *) ptr->bootloader_data, 8); @@ -220,7 +220,7 @@ int bootloader_bridge(int klen, uint8_t * keyh) } // Do the actual write flash_write((uint32_t)ptr,req->payload, len); - last_addr = (uint8_t *)ptr + len - 8 + 4; + last_written_app_address = (uint8_t *)ptr + len - 8 + 4; break; case BootDone: // Writing to flash finished. Request code validation. From e3ff1361965cc9d8732f08d2f2601b580e67f10c Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 09:03:15 +0200 Subject: [PATCH 23/27] Remove obsolete region for the app static firmware version address --- targets/stm32l432/bootloader/bootloader.c | 4 ---- targets/stm32l432/src/memory_layout.h | 4 +--- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index b535dd4..73739a8 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -126,8 +126,6 @@ bool is_firmware_version_newer_or_equal() new_version->major, new_version->minor, new_version->patch, new_version->reserved ); dump_hex1(TAG_BOOT, (uint8_t *) last_written_app_address, 8); - dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR, 8); - dump_hex1(TAG_BOOT, (uint8_t *) NEW_FW_VERSION_ADDR+8, 8); printf1(TAG_BOOT,"APPLICATION_END_ADDR: %p\r\n", APPLICATION_END_ADDR); printf1(TAG_BOOT,"BOOT_VERSION_ADDR: %p\r\n", BOOT_VERSION_ADDR); @@ -135,8 +133,6 @@ bool is_firmware_version_newer_or_equal() flash_memory_st * ptr = 0x08000000; printf1(TAG_BOOT,"AUTH_WORD_ADDR: %p\r\n", AUTH_WORD_ADDR); - printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", NEW_FW_VERSION_ADDR); - printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", ptr->app_version ); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", new_version ); printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR last_written_app_address: %p\r\n", last_written_app_address ); printf1(TAG_BOOT,"current firm add: %p\r\n", ¤t_firmware_version ); diff --git a/targets/stm32l432/src/memory_layout.h b/targets/stm32l432/src/memory_layout.h index 79bd891..8a66a71 100644 --- a/targets/stm32l432/src/memory_layout.h +++ b/targets/stm32l432/src/memory_layout.h @@ -44,7 +44,6 @@ #define AUTH_WORD_ADDR (APPLICATION_END_ADDR) #define LAST_ADDR (APPLICATION_END_ADDR-2048 + 8) -#define NEW_FW_VERSION_ADDR (AUTH_WORD_ADDR-8) #define BOOT_VERSION_PAGE (APPLICATION_END_PAGE) #define BOOT_VERSION_ADDR (0x08000000 + BOOT_VERSION_PAGE*FLASH_PAGE_SIZE + 8) #define LAST_PAGE (APPLICATION_END_PAGE-1) @@ -52,8 +51,7 @@ struct flash_memory_st{ uint8_t bootloader[APPLICATION_START_PAGE*2*1024]; - uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-16]; - uint8_t app_version[8]; + uint8_t application[(APPLICATION_END_PAGE-APPLICATION_START_PAGE)*2*1024-8]; uint8_t auth_word[4]; uint8_t bootloader_disabled[4]; // place for more user data From 3c7bf5a26432e4917070c05a30dd31c93119c256 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 09:44:08 +0200 Subject: [PATCH 24/27] Remove obsolete debug messages --- targets/stm32l432/bootloader/bootloader.c | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index 73739a8..1405012 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -112,32 +112,15 @@ uint8_t * last_written_app_address; bool is_firmware_version_newer_or_equal() { - printf1(TAG_BOOT, "Dump last 8 bytes: %p\r\n", last_written_app_address); - dump_hex1(TAG_BOOT, last_written_app_address, 8); - printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved, current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved ); - dump_hex1(TAG_BOOT, (uint8_t*)(¤t_firmware_version) - 16, 32); volatile version_t * new_version = ((volatile version_t *) last_written_app_address); printf1(TAG_BOOT,"Uploaded firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n", new_version->major, new_version->minor, new_version->patch, new_version->reserved, new_version->major, new_version->minor, new_version->patch, new_version->reserved ); - dump_hex1(TAG_BOOT, (uint8_t *) last_written_app_address, 8); - - printf1(TAG_BOOT,"APPLICATION_END_ADDR: %p\r\n", APPLICATION_END_ADDR); - printf1(TAG_BOOT,"BOOT_VERSION_ADDR: %p\r\n", BOOT_VERSION_ADDR); - printf1(TAG_BOOT,"BOOT_VERSION_PAGE: %d\r\n", BOOT_VERSION_PAGE); - - flash_memory_st * ptr = 0x08000000; - printf1(TAG_BOOT,"AUTH_WORD_ADDR: %p\r\n", AUTH_WORD_ADDR); - printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR: %p\r\n", new_version ); - printf1(TAG_BOOT,"NEW_FW_VERSION_ADDR last_written_app_address: %p\r\n", last_written_app_address ); - printf1(TAG_BOOT,"current firm add: %p\r\n", ¤t_firmware_version ); - printf1(TAG_BOOT," ptr->bootloader_data "); - dump_hex1(TAG_BOOT, (uint8_t *) ptr->bootloader_data, 8); const bool allowed = is_newer(new_version, ¤t_firmware_version) || current_firmware_version.raw == 0xFFFFFFFF; if (allowed){ @@ -198,7 +181,6 @@ int bootloader_bridge(int klen, uint8_t * keyh) || ((uint32_t)ptr+len) > APPLICATION_END_ADDR) { printf1(TAG_BOOT,"Bound exceeded [%08lx, %08lx]\r\n",APPLICATION_START_ADDR,APPLICATION_END_ADDR); - printf1(TAG_BOOT, "Expected version addrs: %p, %p\r\n", BOOT_VERSION_ADDR, NEW_FW_VERSION_ADDR); return CTAP2_ERR_NOT_ALLOWED; } @@ -245,7 +227,6 @@ int bootloader_bridge(int klen, uint8_t * keyh) #endif if (!is_firmware_version_newer_or_equal()){ printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n"); - dump_hex1(TAG_BOOT, (uint32_t *) NEW_FW_VERSION_ADDR, 20); printf1(TAG_BOOT, "Rebooting...\r\n"); REBOOT_FLAG = 1; return CTAP2_ERR_OPERATION_DENIED; From 3621f2ed4ff691938dd5b466c912c11b6fe4d04c Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 10:14:50 +0200 Subject: [PATCH 25/27] Add missed doc update in the linker script --- targets/stm32l432/linker/stm32l4xx.ld | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/targets/stm32l432/linker/stm32l4xx.ld b/targets/stm32l432/linker/stm32l4xx.ld index 6baad59..3bdcfb0 100644 --- a/targets/stm32l432/linker/stm32l4xx.ld +++ b/targets/stm32l432/linker/stm32l4xx.ld @@ -13,9 +13,9 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* -len | 32 KB/16p| 184KB-8-8/98p | 2kB/1p | 38 KB/19p | -pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB | -posp | 0-16 | 16-113 | 113-114 | 113-128 | +len | 20 KB/10p| 196KB-8-8/98p | 2kB/1p | 38 KB/19p | +pos | 0->20 KB | 20->216KB-8-8 | 216kB -> 218 kB | 218->256 KB | +posp | 0-10 | 10-113 | 113-114 | 113-128 | desc | bootloader | application | bootloader data | secrets/data | Last 8 bytes in application space are occupied by bootloader flags - app From a053bbc669a09655f2d8f26c93f510feebd6eee8 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 10:26:01 +0200 Subject: [PATCH 26/27] Do not verify version for the hacker edition --- targets/stm32l432/bootloader/bootloader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/targets/stm32l432/bootloader/bootloader.c b/targets/stm32l432/bootloader/bootloader.c index 1405012..325572e 100644 --- a/targets/stm32l432/bootloader/bootloader.c +++ b/targets/stm32l432/bootloader/bootloader.c @@ -224,13 +224,13 @@ int bootloader_bridge(int klen, uint8_t * keyh) printf1(TAG_BOOT, "Signature invalid\r\n"); return CTAP2_ERR_OPERATION_DENIED; } -#endif if (!is_firmware_version_newer_or_equal()){ printf1(TAG_BOOT, "Firmware older - update not allowed.\r\n"); printf1(TAG_BOOT, "Rebooting...\r\n"); REBOOT_FLAG = 1; return CTAP2_ERR_OPERATION_DENIED; } +#endif // Set the application validated, and mark for reboot. authorize_application(); From a5e1dc2a0c2fa3914560b8eb36b37684aa3aff24 Mon Sep 17 00:00:00 2001 From: Szczepan Zalega Date: Sat, 24 Aug 2019 11:27:28 +0200 Subject: [PATCH 27/27] Correct linker documentation --- targets/stm32l432/linker/stm32l4xx.ld | 3 +-- targets/stm32l432/linker/stm32l4xx_extra.ld | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/targets/stm32l432/linker/stm32l4xx.ld b/targets/stm32l432/linker/stm32l4xx.ld index 3bdcfb0..7378208 100644 --- a/targets/stm32l432/linker/stm32l4xx.ld +++ b/targets/stm32l432/linker/stm32l4xx.ld @@ -20,10 +20,9 @@ desc | bootloader | application | bootloader data | secrets/data Last 8 bytes in application space are occupied by bootloader flags - app authorization and bootloader activation flag. - Previous 8 bytes are application version. */ -/* Current firmware version number is stored at the very end of the firmware code */ +/* Current firmware version number is concatenated to the firmware code - see .flag marker */ /* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ MEMORY diff --git a/targets/stm32l432/linker/stm32l4xx_extra.ld b/targets/stm32l432/linker/stm32l4xx_extra.ld index f0784e1..2496d35 100644 --- a/targets/stm32l432/linker/stm32l4xx_extra.ld +++ b/targets/stm32l432/linker/stm32l4xx_extra.ld @@ -13,17 +13,16 @@ _estack = 0x2000c000; _MIN_STACK_SIZE = 0x400; /* -len | 32 KB/16p| 184KB-8-8/98p | 2kB/1p | 38 KB/19p | +len | 32 KB/16p| 184KB-8-8/92p | 2kB/1p | 38 KB/19p | pos | 0->32 KB | 32->216KB-8-8 | 216kB -> 218 kB | 218->256 KB | posp | 0-16 | 16-113 | 113-114 | 113-128 | desc | bootloader | application | bootloader data | secrets/data | Last 8 bytes in application space are occupied by bootloader flags - app authorization and bootloader activation flag. - Previous 8 bytes are application version. */ -/* Current firmware version number is stored at the very end of the firmware code */ +/* Current firmware version number is concatenated to the firmware code - see .flag marker */ /* flash length is (APPLICATION_END_PAGE-20*1024), where 20K is bootloader */ MEMORY