When requested, verify app digest before running

2025-03-26 00:28:15 -04:00 · 2025-03-18 09:16:58 +01:00 · 2025-03-18 09:16:58 +01:00 · 6ad32f7317
commit 6ad32f7317
parent 6067d130a2
2 changed files with 18 additions and 5 deletions
--- a/hw/application_fpga/fw/reset_test/main.c
+++ b/hw/application_fpga/fw/reset_test/main.c
@ -88,8 +88,8 @@ int main(void)
 			break;

 		case '4': {
-			uint8_t string[] = "83da11b65f9c3721879bc4d9cffa6eac236"
-					   "8dcd9562aedde4002e6108ac939b3";
+			uint8_t string[] = "0123456789abcdef0123456789abcdef012"
+					   "3456789abcdef0123456789abcdef";
 			rst.type = START_CLIENT_VER;
 			hex_string_to_bytes(string, (uint8_t *)&rst.app_digest,
 					    sizeof(rst.app_digest));
@ -97,10 +97,12 @@ int main(void)
 		} break;

 		case '5': {
-			uint8_t string[] = "ef1337a922945fd87683b71ed275e02af44"
-					   "b3489057a29d14fd78daff8b73a28";
+			uint8_t tkeylibs_example_app_digest[] =
+			    "96bb4c90603dbbbe09b9a1d7259b5e9e61bedd89a897105c30"
+			    "c9d4bf66a98d97";
 			rst.type = START_CLIENT_VER;
-			hex_string_to_bytes(string, (uint8_t *)&rst.app_digest,
+			hex_string_to_bytes(tkeylibs_example_app_digest,
+					    (uint8_t *)&rst.app_digest,
 					    sizeof(rst.app_digest));
 			syscall(TK1_SYSCALL_RESET, (uint32_t)&rst, 0, 0);
 		} break;
--- a/hw/application_fpga/fw/tk1/main.c
+++ b/hw/application_fpga/fw/tk1/main.c
@ -612,6 +612,17 @@ int main(void)
 			break;

 		case FW_STATE_START:
+			if (ctx.ver_digest != NULL) {
+				print_digest(ctx.digest);
+				if (!memeq(ctx.digest, (void*)ctx.ver_digest, sizeof(ctx.digest))) {
+					debug_puts("Digests do not match\n");
+					state = FW_STATE_FAIL;
+					break;
+				}
+			}
+
+			memset((void*)resetinfo->app_digest, 0, sizeof(resetinfo->app_digest));
+
 			jump_to_app();
 			break;  // Not reached