We don't use any .data or .bss segment at all to keep all the firmware
variables in the stack in protected fw_ram.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
This means firmware's stack shouldn't be accessible to programs
running in app_mode.
It also means we don't need to take special care of secure_ctx which
can now be an ordinary stack variable.
Nonetheless we zero out secure_ctx after final use and inline some
assembler to zero out the entire fw_ram after use, just before
switching to app_mode.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
For every state, define a constant bitstring with allowed commands and
check incoming command agains that.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
- We always assert on allowed commands in a state.
- We don't allow FW_CMD_LOAD_APP to be used twice.
- Enter fail state on read buffer overrun, header endpoint not for us,
header parse error, and unknown firmware command.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
UDS is now byte readable (but not writable).
Use UDS and USS directly in a blake2s_update() instead of
concatenating them into fw_ram. UDS will still live for a short while
in fw_ram in the blake2s context buffer but will soon be overwritten.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Use new wordcpy_s() and memcpy_s() functions from lib.c.
Add a local memcpy() which compiling with -Os seems to demand. Why?
Signed-off-by: Daniel Lublin <daniel@lublin.se>
We define macros for them that expand to nothing or to a constant to
avoid any extra function calls to dummy functions when running on real
hardware with no console.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduce memcpy_s() and wordcpy_s() that takes the destination buffer
size as an argument. Use assert() which aborts our program to an
eternal loop if we hit problems.
Sprinkle asserts elsewhere as well.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduces offsets for setting addresses to check for execution and
offset for controlling the execution monitor.
- TK1_MMIO_TK1_CPU_MON_CTRL
- TK1_MMIO_TK1_CPU_MON_FIRST
- TK1_MMIO_TK1_CPU_MON_LAST
* ch552 firmware: add ch55x support files directly
* Add sdcc compiler to docker image, for building CH552 firmware
* Rework production test script
* Add menu-based test runner
* Rewrite production test flows as lists of individual tests
* Add both production flows and manual tests to menu
* Switch to using included binaries
* production test: Update message format
* test_txrx_touchpad: Retry if device communications fail
* production test: put all binaries in binaries/ folder
* binaries/top.bin: replace broken binary
* flash_check: Check for explicit flash IDs
* Document most test procedures
* Test plan documentation
* Sample udev rules
* Production test: allow external references to be overridden
* Remove outdated descriptions
* Correct shebang
* Update shebangs to comply with PEP 394
Change the python scripts to call python instead of python3, as this
works cross platform. See:
https://peps.python.org/pep-0394/#for-python-script-publishers
* Move production test to higher-level directory
* Clarify production test setup
* Move USB C connector test to separate directory
Co-authored-by: Michael Cardell Widerkrantz <mc@tillitis.se>