panda/board/bootstub.c

#define BOOTSTUB

#ifdef STM32F4
  #define PANDA
  #include "stm32f4xx.h"
  #include "stm32f4xx_hal_gpio_ex.h"
#else
  #include "stm32f2xx.h"
  #include "stm32f2xx_hal_gpio_ex.h"
#endif

#include "early.h"
#include "libc.h"
#include "spi.h"

#include "crypto/rsa.h"
#include "crypto/sha.h"

#include "obj/cert.h"

#include "spi_flasher.h"

void __initialize_hardware_early() {
  early();
}

void fail() {
#ifdef PANDA
  volatile int i;
  // detect usb host
  GPIOA->PUPDR |= GPIO_PUPDR_PUPDR11_0;
  for (i=0;i<PULL_EFFECTIVE_DELAY;i++);
  int no_usb = GPIOA->IDR & (1 << 11);
  GPIOA->PUPDR &= ~(GPIO_PUPDR_PUPDR11_0);

  if (no_usb) {
    // no usb host, go to SPI flasher
    spi_flasher();
  } else {
    // has usb host, go to USB flasher
    enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
    NVIC_SystemReset();
  }
#else
  enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
  NVIC_SystemReset();
#endif
}

int main() {
  clock_init();

  // validate length
  int len = (int)_app_start[0];
  if ((len < 8) || (((uint32_t)&_app_start[0] + RSANUMBYTES) >= 0x8100000)) fail();

  // compute SHA hash
  uint8_t digest[SHA_DIGEST_SIZE];
  SHA_hash(&_app_start[1], len-4, digest);

  // verify RSA signature
  if (RSA_verify(&release_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
    goto good;
  }

  // allow debug if built from source
#ifdef ALLOW_DEBUG
  if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
    goto good;
  }
#endif

// here is a failure
  fail();
good:
  // jump to flash
  ((void(*)()) _app_start[1])();
  return 0;
}
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#define BOOTSTUB`

initial commit 2017-04-06 19:11:36 -06:00			`#ifdef STM32F4`
			`#define PANDA`
			`#include "stm32f4xx.h"`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#include "stm32f4xx_hal_gpio_ex.h"`
initial commit 2017-04-06 19:11:36 -06:00			`#else`
			`#include "stm32f2xx.h"`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#include "stm32f2xx_hal_gpio_ex.h"`
initial commit 2017-04-06 19:11:36 -06:00			`#endif`

			`#include "early.h"`
refactor libc, add crypto libraries to bootstub 2017-04-17 14:57:34 -06:00			`#include "libc.h"`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#include "spi.h"`
initial commit 2017-04-06 19:11:36 -06:00
signing is coming along 2017-04-25 19:03:58 -06:00			`#include "crypto/rsa.h"`
			`#include "crypto/sha.h"`

			`#include "obj/cert.h"`

make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#include "spi_flasher.h"`
add bootloader lock support 2017-04-27 21:32:16 -06:00
initial commit 2017-04-06 19:11:36 -06:00			`void __initialize_hardware_early() {`
			`early();`
			`}`

signing is coming along 2017-04-25 19:03:58 -06:00			`void fail() {`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#ifdef PANDA`
add usb failure mode to st bootstub 2017-05-03 23:28:22 -06:00			`volatile int i;`
			`// detect usb host`
			`GPIOA->PUPDR \|= GPIO_PUPDR_PUPDR11_0;`
			`for (i=0;i<PULL_EFFECTIVE_DELAY;i++);`
			`int no_usb = GPIOA->IDR & (1 << 11);`
			`GPIOA->PUPDR &= ~(GPIO_PUPDR_PUPDR11_0);`

			`if (no_usb) {`
			`// no usb host, go to SPI flasher`
			`spi_flasher();`
			`} else {`
			`// has usb host, go to USB flasher`
			`enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;`
			`NVIC_SystemReset();`
			`}`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#else`
signing is coming along 2017-04-25 19:03:58 -06:00			`enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;`
			`NVIC_SystemReset();`
make flashing over SPI work 2017-04-28 20:32:09 -06:00			`#endif`
signing is coming along 2017-04-25 19:03:58 -06:00			`}`

initial commit 2017-04-06 19:11:36 -06:00			`int main() {`
add mock stuff for signing 2017-04-17 14:57:34 -06:00			`clock_init();`

signing is coming along 2017-04-25 19:03:58 -06:00			`// validate length`
fix warnings in board build 2017-05-01 23:59:10 -06:00			`int len = (int)_app_start[0];`
add usb failure mode to st bootstub 2017-05-03 23:28:22 -06:00			`if ((len < 8) \|\| (((uint32_t)&_app_start[0] + RSANUMBYTES) >= 0x8100000)) fail();`
signing is coming along 2017-04-25 19:03:58 -06:00
			`// compute SHA hash`
fix warnings in board build 2017-05-01 23:59:10 -06:00			`uint8_t digest[SHA_DIGEST_SIZE];`
signature checking works on ST 2017-04-26 11:41:57 -06:00			`SHA_hash(&_app_start[1], len-4, digest);`
signing is coming along 2017-04-25 19:03:58 -06:00
			`// verify RSA signature`
add release cert support 2017-04-28 16:06:01 -06:00			`if (RSA_verify(&release_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {`
			`goto good;`
signature checking works on ST 2017-04-26 11:41:57 -06:00			`}`
add mock stuff for signing 2017-04-17 14:57:34 -06:00
okay, release stuff is good 2017-04-28 21:13:00 -06:00			`// allow debug if built from source`
			`#ifdef ALLOW_DEBUG`
			`if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {`
			`goto good;`
add release cert support 2017-04-28 16:06:01 -06:00			`}`
okay, release stuff is good 2017-04-28 21:13:00 -06:00			`#endif`
add release cert support 2017-04-28 16:06:01 -06:00
			`// here is a failure`
			`fail();`
			`good:`
add mock stuff for signing 2017-04-17 14:57:34 -06:00			`// jump to flash`
			`((void(*)()) _app_start[1])();`
initial commit 2017-04-06 19:11:36 -06:00			`return 0;`
			`}`