From b6e05828e94e6ba0099a75135b67f9a74e947cde Mon Sep 17 00:00:00 2001 From: Michael Cardell Widerkrantz Date: Mon, 24 Mar 2025 15:53:37 +0100 Subject: [PATCH] fw: Only allow a specific app to start from first flash Store size and app digest in ROM and compare to what we are booting. --- hw/application_fpga/fw/tk1/main.c | 27 +++++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/hw/application_fpga/fw/tk1/main.c b/hw/application_fpga/fw/tk1/main.c index 2db406c..b3a87c5 100644 --- a/hw/application_fpga/fw/tk1/main.c +++ b/hw/application_fpga/fw/tk1/main.c @@ -43,6 +43,19 @@ static volatile struct reset *resetinfo = (volatile struct reset *)TK1_ struct partition_table part_table; +// Locked down what app can start from first flash slot to be exactly +// this size, producing this digest. +// +// To update this, compute the BLAKE2s digest of the app.bin and +// insert the size in bytes. +#define APP_SIZE_SLOT0 21684 +// BLAKE2s digest of testloadapp.bin +const uint8_t allowed_app_digest[32] = { + 0x3a, 0x34, 0x6f, 0x1f, 0xb7, 0x7f, 0xa6, 0x71, 0x9b, 0x69, 0x8, + 0x36, 0xa0, 0x5, 0xe, 0x26, 0x48, 0x8d, 0xab, 0x6a, 0x51, 0xa6, + 0xe1, 0x18, 0x53, 0xa3, 0x64, 0xc6, 0x5b, 0x42, 0x49, 0xb7, +}; + // Context for the loading of a TKey program struct context { uint32_t left; // Bytes left to receive @@ -557,14 +570,12 @@ int main(void) assert(1 != 2); } - #if defined(SIMULATION) run(&ctx); #endif - // TODO Lie and tell filesystem we have a 128 kiB device app - // on flash. - part_table.pre_app_data[0].size = 0x20000; + // Hardocde size of slot 0 + part_table.pre_app_data[0].size = APP_SIZE_SLOT0; // part_table.pre_app_data[1].size = 0x20000; // TODO Just start something from flash without looking in @@ -616,6 +627,14 @@ int main(void) break; } + if (ctx.flash_slot == 0) { + print_digest(allowed_app_digest); + if (!memeq(ctx.digest, allowed_app_digest, 32)) { + puts(IO_CDC, "app not allowed!\r\n"); + assert(1 == 2); + } + } + // CDI = hash(uds, hash(app), uss) compute_cdi(ctx.digest, ctx.use_uss, ctx.uss);