lock flash based on state setting

targets/stm32l432/src/app.h

@@ -9,6 +9,8 @@
 #include <stdint.h>
 #include "version.h"
 
+#define SOLO
+
 #define DEBUG_UART      USART1
 
 #ifndef DEBUG_LEVEL
@@ -46,6 +48,9 @@
 void printing_init();
 void hw_init(int lf);
 
+// Return 1 if Solo is secure/locked.
+int solo_is_locked();
+
 //#define TEST
 //#define TEST_POWER
 

targets/stm32l432/src/device.c

@@ -191,6 +191,11 @@ void device_init_button(void)
     }
 }
 
+int solo_is_locked(){
+    uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags;
+    return (flags & SOLO_FLAG_LOCKED) != 0;
+}
+
 /** device_migrate
  * Depending on version of device, migrates:
  * * Moves attestation certificate to data segment. 
@@ -208,10 +213,9 @@ static void device_migrate(){
 
     AuthenticatorState state;
     authenticator_read_state(&state);
-    printf1(TAG_GREEN,"flags: %02x\r\n", state.flags);
-    // if (state.flags == 0xFF)
+    if (state.flags == 0xFF)
     {
-        printf1(TAG_GREEN,"MIGRATING\r\n");
+        printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
         // do migrate.
         state.flags = 0;
 

targets/stm32l432/src/flash.c

@@ -13,6 +13,7 @@
 #include "flash.h"
 #include "log.h"
 #include "device.h"
+#include "app.h"
 
 static void flash_lock(void)
 {
@@ -31,16 +32,10 @@ static void flash_unlock(void)
 // Locks flash and turns off DFU
 void flash_option_bytes_init(int boot_from_dfu)
 {
-#ifndef FLASH_ROP
-#define FLASH_ROP 0
-#endif
-#if FLASH_ROP == 0
     uint32_t val = 0xfffff8aa;
-#elif FLASH_ROP == 2
-    uint32_t val = 0xfffff8cc;
-#else
-    uint32_t val = 0xfffff8b9;
-#endif
+    if (solo_is_locked()){
+        val = 0xfffff8cc;
+    }
 
     if (boot_from_dfu)
     {

targets/stm32l432/src/memory_layout.h

@@ -20,6 +20,9 @@
 #define	STATE2_PAGE		      (PAGES - 2)
 #define	STATE1_PAGE		      (PAGES - 1)
 
+#define	STATE1_PAGE_ADDR		(0x08000000 + ((STATE1_PAGE)*PAGE_SIZE)) 
+#define	STATE2_PAGE_ADDR		(0x08000000 + ((STATE2_PAGE)*PAGE_SIZE)) 
+
 // Storage of FIDO2 resident keys
 #define RK_NUM_PAGES    10
 #define RK_START_PAGE   (PAGES - 14)