remove unused code in bootloader

add temporary command to force flash locking
keep initialize last_addr and reject if it doesnt change
2020-02-13 17:17:23 -05:00 · 2020-02-13 17:17:23 -05:00 · 2020-02-13 17:17:23 -05:00 · 2020-02-12 14:52:53 -05:00 · 2020-02-12 14:52:53 -05:00 · 2020-02-06 13:41:07 -05:00
6 changed files with 39 additions and 6 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-3.0.1
+3.1.0
--- a/docs/solo/customization.md
+++ b/docs/solo/customization.md
@ -45,7 +45,7 @@ email=example@example.com
 openssl ecparam -genkey -name "$curve" -out root_key.pem -rand seed.bin
 # generate a "signing request"
-openssl req -new -key root_key.pem -out root_key.pem.csr  -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
+openssl req -new -key root_key.pem -out root_key.pem.csr  -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
 # self sign the request
 openssl x509 -trustout -req -days 18250  -in root_key.pem.csr -signkey root_key.pem -out root_cert.pem -sha256
@ -82,7 +82,7 @@ email=example@example.com
 openssl ecparam -genkey -name "$curve" -out device_key.pem -rand seed.bin
 # generate a "signing request"
-openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=example.com/emailAddress=$email"
+openssl req -new -key device_key.pem -out device_key.pem.csr -subj "/C=$country/ST=$state/O=$organization/OU=$unit/CN=$CN/emailAddress=$email"
 # sign the request
 openssl x509 -req -days 18250  -in device_key.pem.csr -extfile v3.ext -CA root_cert.pem -CAkey root_key.pem -set_serial 01 -out device_cert.pem -sha256
@ -119,7 +119,7 @@ First, [Build your solo application and bootloader](/solo/building).
 Print your attestation key in a hex string format.  Using our utility script:
 ```
-python tools/print_x_y.py device_key.pem
+python3 tools/gencert/print_x_y.py device_key.pem
 ```
 Merge the `bootloader.hex`, `solo.hex`, attestion key, and certificate into one firmware file.
--- a/fido2/ctaphid.c
+++ b/fido2/ctaphid.c
@ -542,6 +542,9 @@ extern void _check_ret(CborError ret, int line, const char * filename);
 uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE_BUFFER * wb);
 extern void solo_lock_if_not_already();
 uint8_t ctaphid_handle_packet(uint8_t * pkt_raw)
 {
    uint8_t cmd = 0;
@ -762,6 +765,16 @@ uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE
            return 1;
        break;
        // Remove on next release
 #if !defined(IS_BOOTLOADER) && defined(SOLO)
        case 0x99:
            solo_lock_if_not_already();
            wb->bcnt = 0;
            ctaphid_write(wb, NULL, 0);
            return 1;
        break;
 #endif
 #if !defined(IS_BOOTLOADER) && (defined(SOLO_EXPERIMENTAL))
        case CTAPHID_LOADKEY:
            /**
--- a/targets/stm32l432/bootloader/bootloader.c
+++ b/targets/stm32l432/bootloader/bootloader.c
@ -50,7 +50,7 @@ typedef struct {
    uint8_t payload[255 - 10];
 } __attribute__((packed)) BootloaderReq;
-uint8_t * last_written_app_address;
+uint8_t * last_written_app_address = 0;
 /**
 * Erase all application pages. **APPLICATION_END_PAGE excluded**.
@ -58,7 +58,7 @@ uint8_t * last_written_app_address;
 static void erase_application()
 {
    int page;
-    last_written_app_address = (uint8_t*) APPLICATION_START_ADDR;
+    last_written_app_address = (uint8_t*) 0;
    for(page = APPLICATION_START_PAGE; page < APPLICATION_END_PAGE; page++)
    {
        flash_erase_page(page);
@ -114,6 +114,10 @@ int is_bootloader_disabled()
 bool is_firmware_version_newer_or_equal()
 {
    if (last_written_app_address == 0) {
        return false;
    }
    printf1(TAG_BOOT,"Current firmware version: %u.%u.%u.%u (%02x.%02x.%02x.%02x)\r\n",
          current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved,
          current_firmware_version.major, current_firmware_version.minor, current_firmware_version.patch, current_firmware_version.reserved
--- a/targets/stm32l432/src/device.c
+++ b/targets/stm32l432/src/device.c
@ -199,6 +199,20 @@ int solo_is_locked(){
    return tag == ATTESTATION_CONFIGURED_TAG && (device_settings & SOLO_FLAG_LOCKED) != 0;
 }
 // Locks solo flash from debugging.  Locks on next reboot.
 // This should be removed in next Solo release.
 void solo_lock_if_not_already() {
    uint8_t buf[2048];
    memmove(buf, (uint8_t*)ATTESTATION_PAGE_ADDR, 2048);
    ((flash_attestation_page *)buf)->device_settings |= SOLO_FLAG_LOCKED;
    flash_erase_page(ATTESTATION_PAGE);
    flash_write(ATTESTATION_PAGE_ADDR, buf, 2048);
 }
 /** device_migrate
 * Depending on version of device, migrates:
 * * Moves attestation certificate to data segment. 
--- a/targets/stm32l432/src/init.c
+++ b/targets/stm32l432/src/init.c
@ -146,12 +146,14 @@ void device_set_clock_rate(DEVICE_CLOCK_RATE param)
        case DEVICE_LOW_POWER_IDLE:
            SET_CLOCK_RATE0();
        break;
 #if !defined(IS_BOOTLOADER)
        case DEVICE_LOW_POWER_FAST:
            SET_CLOCK_RATE1();
        break;
        case DEVICE_FAST:
            SET_CLOCK_RATE2();
        break;
 #endif
    }
 }
Author	SHA1	Message	Date
Conor Patrick	15a4fdfa66	remove unused code in bootloader	2020-02-13 17:17:23 -05:00
Conor Patrick	e713daba26	add temporary command to force flash locking	2020-02-13 17:17:23 -05:00
Conor Patrick	b78f2cd2e7	keep initialize last_addr and reject if it doesnt change	2020-02-13 17:17:23 -05:00
Arno Onken	601c98000a	Correct path for gencert tools and use python3	2020-02-12 14:52:53 -05:00
Arno Onken	ab1c9417b1	Fix certification information	2020-02-12 14:52:53 -05:00
Conor Patrick	f6d96013e1	bump 3.1.0	2020-02-06 13:41:07 -05:00