option to disable solo bootloader

targets/stm32l442/bootloader/bootloader.c

@@ -24,6 +24,7 @@ typedef enum
     BootVersion = 0x44,
     BootReboot = 0x45,
     BootBootloader = 0x46,
+    BootDisable = 0x47,
 } BootOperation;
 
 
@@ -46,12 +47,30 @@ static void erase_application()
     }
 }
 
+#define LAST_ADDR       (APPLICATION_END_ADDR-2048 + 8)
+#define LAST_PAGE       (APPLICATION_END_PAGE-1)
+static void disable_bootloader()
+{
+    uint8_t page[PAGE_SIZE];
+    memmove(page, (uint8_t*)LAST_ADDR, PAGE_SIZE);
+    memset(page+PAGE_SIZE -4, 0, 4);
+    flash_erase_page(LAST_PAGE);
+    flash_write(LAST_ADDR, page, PAGE_SIZE);
+}
+
 static void authorize_application()
 {
-    uint32_t zero = 0;
-    uint32_t * ptr;
-    ptr = (uint32_t *)AUTH_WORD_ADDR;
-    flash_write((uint32_t)ptr, (uint8_t *)&zero, 4);
+    // uint32_t zero = 0;
+    // uint32_t * ptr;
+    // ptr = (uint32_t *)AUTH_WORD_ADDR;
+    // flash_write((uint32_t)ptr, (uint8_t *)&zero, 4);
+    uint8_t page[PAGE_SIZE];
+    if (is_authorized_to_boot())
+        return;
+    memmove(page, (uint8_t*)LAST_ADDR, PAGE_SIZE);
+    memset(page+PAGE_SIZE -8, 0, 4);
+    flash_erase_page(LAST_PAGE);
+    flash_write(LAST_ADDR, page, PAGE_SIZE);
 }
 
 int is_authorized_to_boot()
@@ -60,6 +79,12 @@ int is_authorized_to_boot()
     return *auth == 0;
 }
 
+int is_bootloader_disabled()
+{
+    uint32_t * auth = (uint32_t *)(AUTH_WORD_ADDR+4);
+    return *auth == 0;
+}
+
 int bootloader_bridge(int klen, uint8_t * keyh)
 {
     static int has_erased = 0;
@@ -150,7 +175,22 @@ int bootloader_bridge(int klen, uint8_t * keyh)
             break;
         case BootReboot:
             printf1(TAG_BOOT, "BootReboot.\r\n");
-            device_reboot();
+            REBOOT_FLAG = 1;
+            break;
+        case BootDisable:
+            printf1(TAG_BOOT, "BootDisable %08lx.\r\n", *(uint32_t *)(AUTH_WORD_ADDR+4));
+            if (req->payload[0] == 0xcd && req->payload[1] == 0xde
+               && req->payload[2] == 0xba && req->payload[3] == 0xaa)
+            {
+                disable_bootloader();
+                version = 0;
+                u2f_response_writeback(&version,1);
+            }
+            else
+            {
+                version = CTAP2_ERR_OPERATION_DENIED;
+                u2f_response_writeback(&version,1);
+            }
             break;
 #ifdef SOLO_HACKER
         case BootBootloader:

targets/stm32l442/bootloader/main.c

@@ -95,22 +95,26 @@ int main(int argc, char * argv[])
         }
     }
 
+
 #ifdef SOLO_HACKER
-    stboot_time = millis();
-    if ( RCC->CSR & (1<<29) )// check if there was independent watchdog reset
+    if (!is_bootloader_disabled())
     {
-        RCC->CSR |= (1<<23); // clear reset flags
-        goto start_bootloader;
+        stboot_time = millis();
+        if ( RCC->CSR & (1<<29) )// check if there was independent watchdog reset
+        {
+            RCC->CSR |= (1<<23); // clear reset flags
+            goto start_bootloader;
+        }
     }
 #endif
 
-    if (boot && is_authorized_to_boot())
+    if (is_authorized_to_boot() && (boot || is_bootloader_disabled()))
     {
         BOOT_boot();
     }
     else
     {
-        printf1(TAG_RED,"Not authorized to boot\r\n");
+        printf1(TAG_RED,"Not authorized to boot (%08x == %08lx)\r\n", AUTH_WORD_ADDR, *(uint32_t*)AUTH_WORD_ADDR);
     }
     start_bootloader:
 
@@ -156,7 +160,7 @@ int main(int argc, char * argv[])
         {
             stboot_time = millis();
         }
-        if ((millis() - stboot_time) > 2000)
+        if ((millis() - stboot_time) > 5000)
         {
             boot_st_bootloader();
         }

targets/stm32l442/merge_hex.py

@@ -25,4 +25,9 @@ first[AUTH_WORD_ADDR+1] = 0
 first[AUTH_WORD_ADDR+2] = 0
 first[AUTH_WORD_ADDR+3] = 0
 
+first[AUTH_WORD_ADDR+4] = 0xff
+first[AUTH_WORD_ADDR+5] = 0xff
+first[AUTH_WORD_ADDR+6] = 0xff
+first[AUTH_WORD_ADDR+7] = 0xff
+
 first.tofile(sys.argv[len(sys.argv)-1], format='hex')

targets/stm32l442/src/device.c

@@ -170,7 +170,7 @@ void heartbeat()
     {
         state = !state;
     }
-    if (but) led_rgb((val*b));
+    if (but) led_rgb(((val * r)<<8) | ((val*b) << 16) | (val*g));
     else
         led_rgb(((val * g)<<8) | ((val*r) << 16) | (val*b));
 }

targets/stm32l442/src/flash.c

@@ -20,8 +20,13 @@ static void flash_unlock()
 // Locks flash and turns off DFU
 void flash_option_bytes_init(int boot_from_dfu)
 {
-#if DEBUG_LEVEL
+#ifndef FLASH_ROP
+#define FLASH_ROP 0
+#endif
+#if FLASH_ROP == 0
     uint32_t val = 0xfffff8aa;
+#elif FLASH_ROP == 2
+    uint32_t val = 0xfffff8cc;
 #else
     uint32_t val = 0xfffff8b9;
 #endif