status-im
/
keycard-pro
mirror of https://github.com/status-im/keycard-pro.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove hardcoded bootloader key

This commit is contained in:
Michele Balistreri 2024-11-08 07:45:39 +09:00
parent 822a12e2ea
commit f3c6c9b6b6
No known key found for this signature in database
GPG Key ID: E9567DA33A4F791A
3 changed files with 37 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
bootloader/bootloader.c
View File

@ -10,12 +10,7 @@ struct boot_vectable {
#define BOOTVTAB ((struct boot_vectable *)HAL_FLASH_FW_START_ADDR)
__attribute__((section(".fw_verification_key"))) __attribute__((__used__)) const uint8_t FW_PUB[] = {
0x95, 0xbf, 0x0a, 0xc8, 0x60, 0xea, 0xf0, 0x57, 0xdb, 0x73, 0xf0, 0x9b, 0x3e, 0xb8, 0x0c, 0x08,
0xb7, 0xac, 0xe5, 0xd5, 0xb2, 0x78, 0x97, 0x08, 0x08, 0x11, 0x2e, 0xaf, 0x45, 0xdd, 0x06, 0xb0,
0x62, 0x5d, 0x66, 0x7f, 0x10, 0x30, 0x41, 0x1b, 0xca, 0x91, 0x24, 0x2a, 0xb4, 0x08, 0x86, 0x89,
0x06, 0x60, 0x47, 0xf0, 0xd3, 0x89, 0x1a, 0x68, 0xd6, 0x5a, 0x7e, 0xff, 0x0c, 0x59, 0x77, 0x20,
};
__attribute__((section(".fw_verification_key"))) __attribute__((__used__)) const uint8_t FW_PUB[64];
bool verify_firmware() {
uint8_t* const fw_area = (uint8_t*) HAL_FLASH_FW_START_ADDR;

5
stm32/.cproject
View File

@ -219,6 +219,7 @@
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug.1093676277.1586505413" moduleId="org.eclipse.cdt.core.settings" name="BL">
<macros>
<stringMacro name="KEYFILE" type="VALUE_TEXT" value="${ProjDirPath}/../deployment/fw-test-key.txt"/>
<stringMacro name="BOOTKEY" type="VALUE_TEXT" value="${ProjDirPath}/../deployment/bootloader-pubkey.txt"/>
</macros>
<externalSettings/>
<extensions>
@ -231,7 +232,7 @@
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactExtension="elf" artifactName="${ProjName}-bootloader" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" cleanCommand="rm -rf" description="" errorParsers="org.eclipse.cdt.core.GASErrorParser;org.eclipse.cdt.core.GmakeErrorParser;org.eclipse.cdt.core.GLDErrorParser;org.eclipse.cdt.core.CWDLocator;org.eclipse.cdt.core.GCCErrorParser" id="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug.1093676277.1586505413" name="BL" parent="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug">
<configuration artifactExtension="elf" artifactName="${ProjName}-bootloader" buildArtefactType="org.eclipse.cdt.build.core.buildArtefactType.exe" buildProperties="org.eclipse.cdt.build.core.buildArtefactType=org.eclipse.cdt.build.core.buildArtefactType.exe,org.eclipse.cdt.build.core.buildType=org.eclipse.cdt.build.core.buildType.debug" cleanCommand="rm -rf" description="" errorParsers="org.eclipse.cdt.core.GASErrorParser;org.eclipse.cdt.core.GmakeErrorParser;org.eclipse.cdt.core.GLDErrorParser;org.eclipse.cdt.core.CWDLocator;org.eclipse.cdt.core.GCCErrorParser" id="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug.1093676277.1586505413" name="BL" parent="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug" postbuildStep="python ../../tools/bootloader-perso.py -p ${BOOTKEY} -e stm32-bootloader.elf -o stm32-bootloader.bin">
<folderInfo id="com.st.stm32cube.ide.mcu.gnu.managedbuild.config.exe.debug.1093676277.1586505413." name="/" resourcePath="">
<toolChain id="com.st.stm32cube.ide.mcu.gnu.managedbuild.toolchain.exe.debug.83285502" name="MCU ARM GCC" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.toolchain.exe.debug">
<option id="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.target_mcu.83363956" name="MCU" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.target_mcu" useByScannerDiscovery="true" value="STM32H573VITx" valueType="string"/>
@ -242,7 +243,7 @@
<option id="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.target_board.1925820197" name="Board" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.target_board" useByScannerDiscovery="false" value="custom" valueType="string"/>
<option id="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.defaults.426993783" name="Defaults" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.defaults" useByScannerDiscovery="false" value="com.st.stm32cube.ide.common.services.build.inputs.revA.1.0.6 || BL || true || Executable || com.st.stm32cube.ide.mcu.gnu.managedbuild.option.toolchain.value.workspace || STM32H573VITx || 0 || 0 || arm-none-eabi- || ${gnu_tools_for_stm32_compiler_path} || ../Core/Inc | ../Drivers/STM32H5xx_HAL_Driver/Inc | ../Drivers/STM32H5xx_HAL_Driver/Inc/Legacy | ../Drivers/CMSIS/Device/ST/STM32H5xx/Include | ../Drivers/CMSIS/Include || || || USE_HAL_DRIVER | STM32H573xx || || Drivers | Core/Startup | Core || || || ${workspace_loc:/${ProjName}/STM32H573VITX_FLASH.ld} || true || NonSecure || || secure_nsclib.o || || None || || || " valueType="string"/>
<option id="com.st.stm32cube.ide.mcu.debug.option.cpuclock.578164038" name="Cpu clock frequence" superClass="com.st.stm32cube.ide.mcu.debug.option.cpuclock" useByScannerDiscovery="false" value="250" valueType="string"/>
<option id="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.convertbinary.1071996359" name="Convert to binary file (-O binary)" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.convertbinary" useByScannerDiscovery="false" value="true" valueType="boolean"/>
<option id="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.convertbinary.1071996359" name="Convert to binary file (-O binary)" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.option.convertbinary" useByScannerDiscovery="false" value="false" valueType="boolean"/>
<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="com.st.stm32cube.ide.mcu.gnu.managedbuild.targetplatform.749781075" isAbstract="false" osList="all" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.targetplatform"/>
<builder buildPath="${workspace_loc:/stm32}/Debug" id="com.st.stm32cube.ide.mcu.gnu.managedbuild.builder.1423906168" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.builder"/>
<tool id="com.st.stm32cube.ide.mcu.gnu.managedbuild.tool.assembler.1569602998" name="MCU GCC Assembler" superClass="com.st.stm32cube.ide.mcu.gnu.managedbuild.tool.assembler">

33
tools/bootloader-perso.py Normal file
View File

@ -0,0 +1,33 @@
# This tool is for development only, not to be used for releases
import argparse
import tempfile
import subprocess
import pathlib
def elf_to_bin(elf_path, out_path):
subprocess.run(["arm-none-eabi-objcopy", "-O", "binary", "--gap-fill=255", elf_path, out_path], check=True)
def replace_elf_section(elf_path, section_name, section_content):
subprocess.run(["arm-none-eabi-objcopy", "--update-section", f'.{section_name}={section_content}', elf_path, elf_path], check=True)
def main():
parser = argparse.ArgumentParser(description='Create a database from a token and chain list')
parser.add_argument('-p', '--public-key', help="the public key file")
parser.add_argument('-e', '--elf', help="the bootloader ELF file")
parser.add_argument('-o', '--output', help="the output binary file")
args = parser.parse_args()
with open(args.public_key) as f:
pub_key = bytearray.fromhex(f.read())
with tempfile.NamedTemporaryFile('wb', delete=False) as f:
f.write(pub_key)
f.close()
replace_elf_section(args.elf, "header", f.name)
pathlib.Path.unlink(f.name)
elf_to_bin(args.elf, args.output)
if __name__ == "__main__":
main()