remove unused code in bootloader

STABLE_VERSION

@@ -1 +1 @@
-3.1.2
+3.1.0

docs/solo/building.md

@@ -104,24 +104,9 @@ solo mergehex bootloader.hex solo.hex bundle.hex
 
 `bundle.hex` is our complete firmware build.  Note it is in this step that you can
 include a custom attestation certificate or lock the device from debugging/DFU.
-By default the "hacker" attestation certifcate and key is used.  Use the `--lock` flag
-to make this permanent.
+By default the "hacker" attestation certifcate and key is used.
 
 ```
-solo mergehex  \
-    --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
-    --attestation-cert attestation.der \
-    solo.hex \
-    bootloader.hex \
-    bundle.hex
-```
-
-**Warning**: If you use `--lock`, this will permanently lock the device to this new bootloader.  You
-won't be able to program the bootloader again or be able to connect a hardware debugger.
-The new bootloader may be able to accept (signed) updates still, depending on how you configured it.
-
-```
-# Permanent!
 solo mergehex  \
     --attestation-key "0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF" \
     --attestation-cert attestation.der \
@@ -133,5 +118,9 @@ solo mergehex  \
 
 See [here for more information on custom attestation](/solo/customization/).
 
+If you use `--lock`, this will permanently lock the device to this new bootloader.  You
+won't be able to program the bootloader again or be able to connect a hardware debugger.
+The new bootloader may be able to accept (signed) updates still, depending on how you configured it.
+
 To learn more about normal updates or a "full" update, you should [read more on Solo's boot stages](/solo/bootloader-mode).
 

docs/solo/customization.md

@@ -74,7 +74,7 @@ Note you must use a prime256v1 curve for this step, and you must leave the unit/
 country=US
 state=Maine
 organization=OpenSourceSecurity
-unit="Authenticator Attestation"    # MUST KEEP THIS AS "Authenticator Attestation" for FIDO2.
+unit="Authenticator Attestation"
 CN=example.com
 email=example@example.com
 
@@ -134,8 +134,6 @@ solo mergehex  \
     bundle.hex
 ```
 
-**Warning**: Using the `--lock` flag prevents the DFU from being accessed on the device again.  It's recommended to try first without the `--lock` flag to make sure it works.
-
 Now you have a newly created `bundle.hex` file with a custom attestation key and cert.  You can [program this `bundle.hex` file
 with Solo in DFU mode](/solo/programming#procedure).
 

fido2/ctap_parse.c

@@ -666,8 +666,8 @@ uint8_t ctap_parse_extensions(CborValue * val, CTAP_extensions * ext)
         if (ret == CborErrorOutOfMemory)
         {
             printf2(TAG_ERR,"Error, rp map key is too large. Ignoring.\n");
-            check_ret( cbor_value_advance(&map) );
-            check_ret( cbor_value_advance(&map) );
+            cbor_value_advance(&map);
+            cbor_value_advance(&map);
             continue;
         }
         check_ret(ret);
@@ -1353,21 +1353,11 @@ uint8_t ctap_parse_client_pin(CTAP_clientPin * CP, uint8_t * request, int length
                 break;
             case CP_getKeyAgreement:
                 printf1(TAG_CP,"CP_getKeyAgreement\n");
-                if (cbor_value_get_type(&map) != CborBooleanType)
-                {
-                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
-                    return CTAP2_ERR_INVALID_CBOR_TYPE;
-                }
                 ret = cbor_value_get_boolean(&map, &CP->getKeyAgreement);
                 check_ret(ret);
                 break;
             case CP_getRetries:
                 printf1(TAG_CP,"CP_getRetries\n");
-                if (cbor_value_get_type(&map) != CborBooleanType)
-                {
-                    printf2(TAG_ERR,"Error, expecting cbor boolean\n");
-                    return CTAP2_ERR_INVALID_CBOR_TYPE;
-                }
                 ret = cbor_value_get_boolean(&map, &CP->getRetries);
                 check_ret(ret);
                 break;

fido2/ctaphid.c

@@ -779,37 +779,30 @@ uint8_t ctaphid_custom_command(int len, CTAP_RESPONSE * ctap_resp, CTAPHID_WRITE
         case CTAPHID_LOADKEY:
             /**
              * Load external key.  Useful for enabling backups.
-             * bytes:                   4                     4                      96
-             * payload:  version [maj rev patch RFU]| counter_replacement (BE) | master_key |
+             * bytes:            4                   96
+             * payload: | counter_increase (BE) | master_key |
              * 
              * Counter should be increased by a large amount, e.g. (0x10000000)
              * to outdo any previously lost/broken keys.
             */
             printf1(TAG_HID,"CTAPHID_LOADKEY\n");
-            if (len != 104)
+            if (len != 100)
             {
                 printf2(TAG_ERR,"Error, invalid length.\n");
                 ctaphid_send_error(wb->cid, CTAP1_ERR_INVALID_LENGTH);
                 return 1;
             }
-            param = ctap_buffer[0] << 16;
-            param |= ctap_buffer[1] << 8;
-            param |= ctap_buffer[2] << 0;
-            if (param != 0){
-                ctaphid_send_error(wb->cid, CTAP2_ERR_UNSUPPORTED_OPTION);
-                return 1;
-            }
 
             // Ask for THREE button presses
             if (ctap_user_presence_test(8000) > 0)
-                if (ctap_user_presence_test(2000) > 0)
-                    if (ctap_user_presence_test(2000) > 0)
+                if (ctap_user_presence_test(8000) > 0)
+                    if (ctap_user_presence_test(8000) > 0)
                     {
-                        ctap_load_external_keys(ctap_buffer + 8);
-                        param = ctap_buffer[7];
-                        param |= ctap_buffer[6] << 8;
-                        param |= ctap_buffer[5] << 16;
-                        param |= ctap_buffer[4] << 24;
+                        ctap_load_external_keys(ctap_buffer + 4);
+                        param = ctap_buffer[3];
+                        param |= ctap_buffer[2] << 8;
+                        param |= ctap_buffer[1] << 16;
+                        param |= ctap_buffer[0] << 24;
                         ctap_atomic_count(param);
 
                         wb->bcnt = 0;

fido2/version.c

@@ -1,17 +1,12 @@
 #include "version.h"
-#include "app.h"
 
-const version_t firmware_version 
-#ifdef SOLO
-__attribute__ ((section (".flag"))) __attribute__ ((__used__)) 
-#endif
-    =  {
-      .major = SOLO_VERSION_MAJ,
-      .minor = SOLO_VERSION_MIN,
-      .patch = SOLO_VERSION_PATCH,
-      .reserved = 0
-    };
 
+const version_t firmware_version __attribute__ ((section (".flag"))) __attribute__ ((__used__)) =  {
+  .major = SOLO_VERSION_MAJ,
+  .minor = SOLO_VERSION_MIN,
+  .patch = SOLO_VERSION_PATCH,
+  .reserved = 0
+};
 
 // from tinycbor, for a quick static_assert
 #include <compilersupport_p.h>

targets/stm32l432/build/application.mk

@@ -84,5 +84,4 @@ cbor:
 	cd ../../tinycbor/ && make clean
 	cd ../../tinycbor/ && make CC="$(CC)" AR=$(AR) \
 LDFLAGS="$(LDFLAGS_LIB)" \
-CFLAGS="$(CFLAGS) -Os  -DCBOR_PARSER_MAX_RECURSIONS=3"
-
+CFLAGS="$(CFLAGS) -Os"

targets/stm32l432/src/device.c

@@ -577,11 +577,7 @@ uint32_t ctap_atomic_count(uint32_t amount)
         return lastc;
     }
 
-    if (amount > 256){
-        lastc = amount;
-    } else {
-        lastc += amount;
-    }
+    lastc += amount;
 
     if (lastc/256 > erases)
     {