Skip to content

Commit

Permalink
security upgrades (#397)
Browse files Browse the repository at this point in the history
* security upgrades

* Gated DFU entry from debug console as well
  • Loading branch information
geohot authored Dec 10, 2019
1 parent 7c13bec commit eadb0db
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 5 deletions.
10 changes: 10 additions & 0 deletions board/bootstub.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
#define BOOTSTUB

#define VERS_TAG 0x53524556
#define MIN_VERSION 2

#include "config.h"
#include "obj/gitversion.h"

Expand Down Expand Up @@ -90,6 +93,13 @@ int main(void) {
uint8_t digest[SHA_DIGEST_SIZE];
SHA_hash(&_app_start[1], len-4, digest);

// verify version, last bytes in the signed area
uint32_t vers[2] = {0};
memcpy(&vers, ((void*)&_app_start[0]) + len - sizeof(vers), sizeof(vers));
if (vers[0] != VERS_TAG || vers[1] < MIN_VERSION) {
goto fail;
}

// verify RSA signature
if (RSA_verify(&release_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
goto good;
Expand Down
13 changes: 8 additions & 5 deletions board/main.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,14 @@ void debug_ring_callback(uart_ring *ring) {
while (getc(ring, &rcv)) {
(void)putc(ring, rcv); // misra-c2012-17.7: cast to void is ok: debug function

// jump to DFU flash
if (rcv == 'z') {
enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
NVIC_SystemReset();
}
// only allow bootloader entry on debug builds
#ifdef ALLOW_DEBUG
// jump to DFU flash
if (rcv == 'z') {
enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
NVIC_SystemReset();
}
#endif

// normal reset
if (rcv == 'x') {
Expand Down
5 changes: 5 additions & 0 deletions board/spi_flasher.h
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,12 @@ int usb_cb_control_msg(USB_Setup_TypeDef *setup, uint8_t *resp, bool hardwired)
// so it's blocked over wifi
switch (setup->b.wValue.w) {
case 0:
#ifdef ALLOW_DEBUG
if (hardwired) {
#else
// no more bootstub on UNO
if (hardwired && hw_type != HW_TYPE_UNO) {
#endif
puts("-> entering bootloader\n");
enter_bootloader_mode = ENTER_BOOTLOADER_MAGIC;
NVIC_SystemReset();
Expand Down
6 changes: 6 additions & 0 deletions crypto/sign.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,9 @@
from Crypto.PublicKey import RSA
import binascii

# increment this to make new hardware not run old versions
VERSION = 2

rsa = RSA.importKey(open(sys.argv[3]).read())

with open(sys.argv[1], "rb") as f:
Expand All @@ -15,6 +18,9 @@

with open(sys.argv[2], "wb") as f:
if os.getenv("SETLEN") is not None:
# add the version at the end
dat += b"VERS" + struct.pack("I", VERSION)
# add the length at the beginning
x = struct.pack("I", len(dat)) + dat[4:]
# mock signature of dat[4:]
dd = hashlib.sha1(dat[4:]).digest()
Expand Down

0 comments on commit eadb0db

Please sign in to comment.