[Cryptech-Commits] [sw/stm32] 01/03: Check jumpers JP7 and JP8 before accepting new firmware or bootloader images.

git at cryptech.is git at cryptech.is
Mon Jul 11 03:16:15 UTC 2016

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch parade_of_half_baked_ideas created (now 26a3439)
Next message (by thread): [Cryptech-Commits] [sw/stm32] 02/03: Try to restrict wheel user to only setting pins.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch parade_of_half_baked_ideas
in repository sw/stm32.

commit 35b8b35dc6dbf8fff62817a1de3820004af085ae
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Sun Jul 10 22:42:57 2016 -0400

    Check jumpers JP7 and JP8 before accepting new firmware or bootloader images.
    
    Unfortunately, we can't read the jumper GPIOs directly, as that just gives
    us the last values written to them, so we see if we can read the FPGA
    configuration memory.
---
 projects/bootloader/bootloader.c | 21 ++++++++++++++-------
 projects/hsm/mgmt-bootloader.c   | 14 ++++++++++++++
 projects/hsm/mgmt-firmware.c     | 13 +++++++++++++
 3 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/projects/bootloader/bootloader.c b/projects/bootloader/bootloader.c
index 3040bd1..8417256 100644
--- a/projects/bootloader/bootloader.c
+++ b/projects/bootloader/bootloader.c
@@ -36,6 +36,7 @@
 #include "stm-led.h"
 #include "stm-uart.h"
 #include "stm-fmc.h"
+#include "stm-fpgacfg.h"
 #include "dfu.h"
 
 #undef HAL_Delay
@@ -68,21 +69,27 @@ void check_early_dfu_jump(void)
     }
 }
 
-int should_dfu()
+static int should_dfu()
 {
-    int i;
-    uint8_t rx = 0;
+    /* JP7 and JP8 must be installed in order to reprogram the FPGA.
+     * We extend this to an enabling mechanism for reflashing the firmware.
+     * Unfortunately, we can't read JP7 and JP8 directly, as that just gives
+     * us the last things written to them, so we see if we can read the
+     * FPGA configuration memory.
+     */
+    fpgacfg_access_control(ALLOW_ARM);
+    if (fpgacfg_check_id() != 1)
+        return 0;
 
     /* While blinking the blue LED for 5 seconds, see if we receive a CR on the MGMT UART.
-     * We've discussed also requiring one or both of the FPGA config jumpers installed
-     * before allowing DFU of the STM32 - that check could be done here.
      */
     led_on(LED_BLUE);
-    for (i = 0; i < 50; i++) {
+    for (int i = 0; i < 50; i++) {
 	HAL_Delay(100);
 	led_toggle(LED_BLUE);
+        uint8_t rx = 0;
 	if (uart_recv_char2(STM_UART_MGMT, &rx, 0) == HAL_OK) {
-	    if (rx == 13) return 1;
+	    if (rx == '\r') return 1;
 	}
     }
     return 0;
diff --git a/projects/hsm/mgmt-bootloader.c b/projects/hsm/mgmt-bootloader.c
index a062fd9..d2d7ffe 100644
--- a/projects/hsm/mgmt-bootloader.c
+++ b/projects/hsm/mgmt-bootloader.c
@@ -37,6 +37,8 @@
 #include "stm-init.h"
 #include "stm-uart.h"
 #include "stm-flash.h"
+#include "stm-fpgacfg.h"
+
 #include "mgmt-cli.h"
 #include "mgmt-misc.h"
 #include "mgmt-bootloader.h"
@@ -64,6 +66,18 @@ static int cmd_bootloader_upload(struct cli_def *cli, const char *command, char
         return CLI_ERROR;
     }
 
+    /* JP7 and JP8 must be installed in order to reprogram the FPGA.
+     * We extend this to an enabling mechanism for reflashing the firmware.
+     * Unfortunately, we can't read JP7 and JP8 directly, as that just gives
+     * us the last things written to them, so we see if we can read the
+     * FPGA configuration memory.
+     */
+    fpgacfg_access_control(ALLOW_ARM);
+    if (fpgacfg_check_id() != 1) {
+	cli_print(cli, "ERROR: Check that jumpers JP7 and JP8 are installed.");
+        return CLI_ERROR;
+    }
+
     uint8_t buf[DFU_UPLOAD_CHUNK_SIZE];
     dfu_offset = DFU_BOOTLOADER_ADDR;
 
diff --git a/projects/hsm/mgmt-firmware.c b/projects/hsm/mgmt-firmware.c
index 1a0e184..e4d3b0c 100644
--- a/projects/hsm/mgmt-firmware.c
+++ b/projects/hsm/mgmt-firmware.c
@@ -38,6 +38,7 @@
 #include "mgmt-cli.h"
 #include "stm-uart.h"
 #include "stm-flash.h"
+#include "stm-fpgacfg.h"
 
 #undef HAL_OK
 #define HAL_OK LIBHAL_OK
@@ -53,6 +54,18 @@ static int cmd_firmware_upload(struct cli_def *cli, const char *command, char *a
         return CLI_ERROR;
     }
 
+    /* JP7 and JP8 must be installed in order to reprogram the FPGA.
+     * We extend this to an enabling mechanism for reflashing the firmware.
+     * Unfortunately, we can't read JP7 and JP8 directly, as that just gives
+     * us the last things written to them, so we see if we can read the
+     * FPGA configuration memory.
+     */
+    fpgacfg_access_control(ALLOW_ARM);
+    if (fpgacfg_check_id() != 1) {
+	cli_print(cli, "ERROR: Check that jumpers JP7 and JP8 are installed.");
+        return CLI_ERROR;
+    }
+
     /* reboot and let the bootloader handle the upload */
     cli_print(cli, "\n\n\nRebooting\n\n\n");
     HAL_NVIC_SystemReset();

Previous message (by thread): [Cryptech-Commits] [sw/stm32] branch parade_of_half_baked_ideas created (now 26a3439)
Next message (by thread): [Cryptech-Commits] [sw/stm32] 02/03: Try to restrict wheel user to only setting pins.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Commits mailing list