stm32/mboot: Verify signature of fsload packed DFU files before writing.
When verifying the DFU contents, the signature of signed/encrypted files is also now checked in this initial, dry-run stage.
This commit is contained in:
parent
80055c2cdc
commit
bc856a1e29
|
@ -151,13 +151,11 @@ static int fsload_program_file(bool write_to_flash) {
|
|||
if (res != l) {
|
||||
return -MBOOT_ERRNO_DFU_READ_ERROR;
|
||||
}
|
||||
if (write_to_flash) {
|
||||
res = do_write(elem_addr, buf, l);
|
||||
if (res != 0) {
|
||||
return res;
|
||||
}
|
||||
elem_addr += l;
|
||||
res = do_write(elem_addr, buf, l, !write_to_flash);
|
||||
if (res != 0) {
|
||||
return res;
|
||||
}
|
||||
elem_addr += l;
|
||||
s -= l;
|
||||
}
|
||||
|
||||
|
|
|
@ -715,11 +715,15 @@ void do_read(mboot_addr_t addr, size_t len, uint8_t *buf) {
|
|||
#endif
|
||||
}
|
||||
|
||||
int do_write(uint32_t addr, const uint8_t *src8, size_t len) {
|
||||
int do_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run) {
|
||||
#if MBOOT_ENABLE_PACKING
|
||||
return mboot_pack_write(addr, src8, len);
|
||||
return mboot_pack_write(addr, src8, len, dry_run);
|
||||
#else
|
||||
return hw_write(addr, src8, len);
|
||||
if (dry_run) {
|
||||
return 0;
|
||||
} else {
|
||||
return hw_write(addr, src8, len);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -844,7 +848,7 @@ void i2c_slave_process_rx_end(i2c_slave_t *i2c) {
|
|||
// Mark the 2 lower bits to indicate invalid app firmware
|
||||
buf[1] |= APP_VALIDITY_BITS;
|
||||
}
|
||||
int ret = do_write(i2c_obj.cmd_wraddr, buf + 1, len);
|
||||
int ret = do_write(i2c_obj.cmd_wraddr, buf + 1, len, false);
|
||||
if (ret < 0) {
|
||||
len = ret;
|
||||
} else {
|
||||
|
@ -866,7 +870,7 @@ void i2c_slave_process_rx_end(i2c_slave_t *i2c) {
|
|||
len = -1;
|
||||
} else {
|
||||
buf &= ~APP_VALIDITY_BITS;
|
||||
int ret = do_write(APPLICATION_ADDR, (void*)&buf, 4);
|
||||
int ret = do_write(APPLICATION_ADDR, (void*)&buf, 4, false);
|
||||
if (ret < 0) {
|
||||
len = ret;
|
||||
} else {
|
||||
|
@ -940,7 +944,7 @@ static int dfu_process_dnload(void) {
|
|||
} else if (dfu_context.wBlockNum > 1) {
|
||||
// write data to memory
|
||||
uint32_t addr = (dfu_context.wBlockNum - 2) * DFU_XFER_SIZE + dfu_context.addr;
|
||||
ret = do_write(addr, dfu_context.buf, dfu_context.wLength);
|
||||
ret = do_write(addr, dfu_context.buf, dfu_context.wLength, false);
|
||||
}
|
||||
if (ret == 0) {
|
||||
return DFU_STATE_DNLOAD_IDLE;
|
||||
|
|
|
@ -113,7 +113,7 @@ int hw_write(uint32_t addr, const uint8_t *src8, size_t len);
|
|||
|
||||
int do_page_erase(uint32_t addr, uint32_t *next_addr);
|
||||
void do_read(mboot_addr_t addr, size_t len, uint8_t *buf);
|
||||
int do_write(uint32_t addr, const uint8_t *src8, size_t len);
|
||||
int do_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run);
|
||||
|
||||
const uint8_t *elem_search(const uint8_t *elem, uint8_t elem_id);
|
||||
int fsload_process(void);
|
||||
|
|
|
@ -206,7 +206,7 @@ static int mboot_pack_handle_firmware(void) {
|
|||
}
|
||||
}
|
||||
|
||||
int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len) {
|
||||
int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run) {
|
||||
if (addr == APPLICATION_ADDR) {
|
||||
// Base address of main firmware, reset any previous state
|
||||
firmware_chunk_base_addr = 0;
|
||||
|
@ -274,6 +274,9 @@ int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len) {
|
|||
}
|
||||
|
||||
// Signature passed, we have valid chunk.
|
||||
if (dry_run) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (firmware_chunk_buf.header.format == MBOOT_PACK_CHUNK_META) {
|
||||
// Ignore META chunks.
|
||||
|
|
|
@ -75,7 +75,7 @@ extern const uint8_t mboot_pack_secretbox_key[hydro_secretbox_KEYBYTES];
|
|||
// Implementation
|
||||
|
||||
void mboot_pack_init(void);
|
||||
int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len);
|
||||
int mboot_pack_write(uint32_t addr, const uint8_t *src8, size_t len, bool dry_run);
|
||||
|
||||
#endif // MBOOT_ENABLE_PACKING
|
||||
|
||||
|
|
Loading…
Reference in New Issue