okay, release stuff is good

2017-04-28 20:13:00 -07:00 · 2017-04-28 20:13:00 -07:00 · 8fd0d7f01c
parent 7f66bf6456
commit 8fd0d7f01c
4 changed files with 23 additions and 11 deletions
--- a/board/bootstub.c
+++ b/board/bootstub.c
@ -49,12 +49,12 @@ int main() {
    goto good;
  }

-  // allow debug cert if unlocked
-  if ( ((FLASH->OPTCR>>8)&0xFF) == 0xAA ) {
-    if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
-      goto good;
-    }
+  // allow debug if built from source
+#ifdef ALLOW_DEBUG
+  if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+    goto good;
  }
+#endif

 // here is a failure
  fail();
--- a/board/build.mk
+++ b/board/build.mk
@ -5,7 +5,12 @@ CC = arm-none-eabi-gcc
 OBJCOPY = arm-none-eabi-objcopy
 OBJDUMP = arm-none-eabi-objdump

-CERT = ../certs/debug
+ifeq ($(RELEASE),1)
+  CERT = ../../pandaextra/certs/release
+else
+  CERT = ../certs/debug
+  CFLAGS += "-DALLOW_DEBUG"
+endif

 MACHINE = $(shell uname -m)
 OS = $(shell uname -o)
--- a/boardesp/Makefile
+++ b/boardesp/Makefile
@ -6,10 +6,12 @@ LDFLAGS = -Teagle.app.v6.ld
 OBJCP = xtensa-lx106-elf-objcopy
 SDK_BASE = esp-open-sdk/ESP8266_NONOS_SDK_V1.5.4_16_05_20

-CERT = ../certs/debugesp
-
-flash: user1.bin
-	./tools/esptool.py write_flash 0 $(SDK_BASE)/bin/boot_v1.5.bin 0x01000 user1.bin 0x3FE000 $(SDK_BASE)/bin/blank.bin
+ifeq ($(RELEASE),1)
+  CERT = ../../pandaextra/certs/releaseesp
+else
+  CERT = ../certs/debugesp
+  CFLAGS += "-DALLOW_DEBUG"
+endif

 flashall: user1.bin user2.bin
 	./tools/esptool.py write_flash 0 $(SDK_BASE)/bin/boot_v1.5.bin 0x01000 user1.bin 0x81000 user2.bin 0x3FE000 $(SDK_BASE)/bin/blank.bin
--- a/boardesp/tcp_ota.c
+++ b/boardesp/tcp_ota.c
@ -323,7 +323,12 @@ LOCAL void ICACHE_FLASH_ATTR ota_rx_cb(void *arg, char *data, uint16_t len) {
                        espconn_send(conn, buf, strlen(buf));*/

                        if (RSA_verify(&releaseesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE) ||
-                            RSA_verify(&debugesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
+                          #ifdef ALLOW_DEBUG
+                            RSA_verify(&debugesp_rsa_key, rsa, RSANUMBYTES, digest, SHA_DIGEST_SIZE)
+                          #else
+                            false
+                          #endif
+                          ) {
                          // We've flashed all of the firmware now, reboot into the new firmware.
                          os_printf("Preparing to update firmware.\n");