made flash data address randomized and removed some todos and fixmes

Purdue-eCTF · Mar 8, 2024 · 29a50f3 · 29a50f3
1 parent 840ee51
commit 29a50f3
Show file tree

Hide file tree

Showing 9 changed files with 38 additions and 54 deletions.
diff --git a/application_processor/build.rs b/application_processor/build.rs
@@ -159,6 +159,17 @@ fn main() {
     }
     rust_code.push_str("];\n");
 
+    // this start address is pass the end of the address max size binary can load to from bootloader
+    // (0x10046000) there is an extra page in between just in case
+    let flash_data_range_start = 0x10048000;
+    let flash_data_range_end = 0x1007c000;
+    // the address where we store state that can change in flash at
+    // must be multiple of 128
+    let flash_data_addr = rand::thread_rng()
+        .gen_range((flash_data_range_start / 128)..(flash_data_range_end / 128)) * 128;
+
+    rust_code.push_str(&format!("pub const FLASH_DATA_ADDR: usize = {flash_data_addr};\n"));
+
     let out_path = PathBuf::from(env::var("OUT_DIR").unwrap());
     std::fs::write(out_path.join("ectf_params.rs"), rust_code).unwrap();
 
@@ -167,7 +178,7 @@ fn main() {
 
         let mut rng = rand::thread_rng();
 
-        let flash_length = 0x00070000;
+        let flash_length = 0x00038000;
         let ram_length = 0x00020000;
         let flash_origin = 0x1000e000;
         let ram_origin = 0x20000000;

diff --git a/application_processor/src/ap_driver.rs b/application_processor/src/ap_driver.rs
@@ -10,7 +10,7 @@ use design_utils::{component_id_to_i2c_addr, messages::ProtocolError, I2C_FREQUE
 use rand_core::{RngCore, SeedableRng};
 use rand_chacha::ChaCha20Rng;
 
-use crate::ectf_params::{COMPONENTS, COMPONENT_KEYS};
+use crate::ectf_params::COMPONENTS;
 use crate::ApError;
 
 pub const FLASH_ADDR: usize = (FLASH_BASE_ADDR + FLASH_SIZE) - (2 * FLASH_PAGE_SIZE);
@@ -60,14 +60,11 @@ impl ApDriver {
                 core::ptr::read(FLASH_DATA)
             };
 
-            // Write Component IDs from flash if first boot e.g. flash unwritten
+            // if flash is not initialized, component ids we are provisioned for
             if flash_data.flash_magic != FLASH_MAGIC {
                 flash_data.flash_magic = FLASH_MAGIC;
                 flash_data.components_len = COMPONENTS.len();
                 flash_data.components[..COMPONENTS.len()].copy_from_slice(COMPONENTS.as_slice());
-
-                // FIXME
-                //self.save_flash_data(flash_data);
             }
 
             self.flash_data = Some(flash_data);
@@ -76,8 +73,7 @@ impl ApDriver {
     }
 
     pub fn save_flash_data(&mut self, flash_data: FlashData) {
-        // safety: nothing else is present at the flash address
-        // TODO: verify this
+        // safety: nothing else is present at the flash address, linker script only uses bottom half of flash
         unsafe {
             self.flash.erase_page(FLASH_ADDR)
                 .expect("could not erase flash page");
@@ -179,18 +175,11 @@ pub struct ProvisionedComponent {
     pub key_index: usize,
 }
 
-impl ProvisionedComponent {
-    pub fn get_pubkey(&self) -> &'static [u8; 32] {
-        &COMPONENT_KEYS[self.key_index].pubkey
-    }
-}
-
 /// Datatype for information stored in flash
 #[repr(C)]
 #[derive(Debug, Default, Clone, Copy, Pod, Zeroable)]
 pub struct FlashData {
     pub(crate) components_len: usize,
-    // TODO: use tinyvec for this
     pub(crate) components: [ProvisionedComponent; 2],
     pub(crate) flash_magic: u32,
 }
@@ -215,10 +204,4 @@ impl FlashData {
 
         None
     }
-
-    /// Checks if a provisioned component is currently using the given public key index
-    pub fn is_key_index_in_use(&self, key_index: usize) -> bool {
-        self.components[..self.components_len].iter()
-            .any(|component| component.key_index == key_index)
-    }
 }
diff --git a/application_processor/src/post_boot/mod.rs b/application_processor/src/post_boot/mod.rs
@@ -14,7 +14,6 @@ mod messaging;
 
 // return codes used by the c code
 const SUCCESS_RETURN: c_int = 0;
-const ERROR_RETURN: c_int = -1;
 
 // definition of c post boot function
 extern "C" {
@@ -52,11 +51,10 @@ extern "C" fn secure_send(address: I2cAddr, buf: *const u8, len: u8) -> c_int {
         slice::from_raw_parts(buf, len.into())
     };
 
-    // TODO: maybe panic here, don't let post boot decide what to do in event of error
-    match with_driver(|driver| messaging::secure_send(driver, address, message)) {
-        Ok(_) => SUCCESS_RETURN,
-        Err(_) => ERROR_RETURN,
-    }
+    with_driver(|driver| messaging::secure_send(driver, address, message))
+        .expect("could not send message to component");
+
+    SUCCESS_RETURN
 }
 
 #[no_mangle]
@@ -66,12 +64,11 @@ extern "C" fn secure_receive(address: I2cAddr, buffer: *mut u8) -> c_int {
         (buffer as *mut [u8; MAX_POST_BOOT_MESSAGE_SIZE]).as_mut().unwrap()
     };
 
-    // TODO: maybe panic here, don't let post boot decide what to do in event of error
-    match with_driver(|driver| messaging::secure_receive(driver, address, recv_buf)) {
-        // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE
-        Ok(recv_len) => recv_len.try_into().unwrap(),
-        Err(_) => ERROR_RETURN,
-    }
+    // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE
+    with_driver(|driver| messaging::secure_receive(driver, address, recv_buf))
+        .expect("could not recieve message from component")
+        .try_into()
+        .unwrap()
 }
 
 #[no_mangle]

diff --git a/component/build.rs b/component/build.rs
@@ -142,7 +142,7 @@ fn main() {
 
         let mut rng = rand::thread_rng();
 
-        let flash_length = 0x00070000;
+        let flash_length = 0x00038000;
         let ram_length = 0x00020000;
         let flash_origin = 0x1000e000;
         let ram_origin = 0x20000000;

diff --git a/component/src/main.rs b/component/src/main.rs
@@ -175,8 +175,6 @@ fn process_boot(
     // received enc(m3 || cid || rb + 1 || signature)
     let mut encrypted_message: EncryptedMessage<SignedMessage<BootMessageFinalize>> = driver.recv_struct()?;
     let signed_message = encrypted_message.get_decrypted_data(&BOOT_CR_KEY)?;
-    // TODO: glitch protect this signature check
-    //let message = signed_message.get_data_verified(&AP_PUBKEY)?;
     let message: BootMessageFinalize = postcard::from_bytes(&signed_message.message_data)?;
 
     check_or_error_jump_table!(

diff --git a/component/src/post_boot/mod.rs b/component/src/post_boot/mod.rs
@@ -16,7 +16,7 @@ extern "C" {
 // FIXME: don't use static mut
 static mut COMPONENT_DRIVER: Option<ComponentDriver> = None;
 
-fn with_driver<T>(f: impl FnOnce(&mut ComponentDriver) -> T) -> T {
+unsafe fn with_driver<T>(f: impl FnOnce(&mut ComponentDriver) -> T) -> T {
     unsafe {
         f(COMPONENT_DRIVER.as_mut().unwrap())
     }
@@ -41,8 +41,10 @@ extern "C" fn secure_send(buffer: *const u8, len: u8) {
         slice::from_raw_parts(buffer, len.into())
     };
 
-    with_driver(|driver| messaging::secure_send(driver, message))
-        .expect("secure send failed");
+    unsafe { 
+        with_driver(|driver| messaging::secure_send(driver, message))
+            .expect("secure send failed");
+    }
 }
 
 #[no_mangle]
@@ -53,8 +55,10 @@ extern "C" fn secure_receive(buffer: *mut u8) -> c_int {
     };
 
     // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE
-    let recv_len = with_driver(|driver| messaging::secure_receive(driver, recv_buf))
-        .expect("secure receive failed");
+    let recv_len = unsafe {
+        with_driver(|driver| messaging::secure_receive(driver, recv_buf))
+            .expect("secure receive failed")
+    };
 
     recv_len.try_into().unwrap()
 }

diff --git a/max78000_hal/src/committed_array.rs b/max78000_hal/src/committed_array.rs
@@ -27,7 +27,6 @@ pub struct CommittedArray {
     inner: UnsafeCell<CommittedArrayData>,
 }
 
-// TODO: maybe use tinyvec
 struct CommittedArrayData {
     data_len: usize,
     data: [u8; COMMITTED_ARRAY_CAPACITY],

diff --git a/max78000_hal/src/gpio.rs b/max78000_hal/src/gpio.rs
@@ -89,7 +89,6 @@ macro_rules! make_configure_io {
         });
 
         // only 2 of the functions we need are supported
-        // FIXME: the msdk writes to en3_clr, but that pin does not exist in the docs or generated bindings?
         match $options.function {
             GpioPinFunction::Input => {
                 $regs.outen_clr().write(|outen_clr| {

diff --git a/max78000_hal/src/i2c.rs b/max78000_hal/src/i2c.rs
@@ -152,26 +152,19 @@ impl I2cInner {
 
         let peripheral_clock = Gcr::with(|gcr| gcr.get_peripheral_clock_frequency());
 
-        // copied from msdk
         let ticks_total = peripheral_clock / hz;
-        let mut hi_ticks = (ticks_total >> 1) - 1;
-        let low_ticks = hi_ticks;
+        let ticks_per_hi_low = (ticks_total >> 1) - 1;
 
-        // FIXME: what does this even mean?
-        if ticks_total % 1 != 0 {
-            hi_ticks += 1;
-        }
-
-        if hi_ticks > 0x1ff || low_ticks == 0 {
+        if ticks_per_hi_low > 0x1ff || ticks_per_hi_low == 0 {
             panic!("invalid clock speed");
         }
 
         self.regs.clkhi().write(|clkhi| {
-            clkhi.hi().variant(hi_ticks as u16)
+            clkhi.hi().variant(ticks_per_hi_low as u16)
         });
 
         self.regs.clklo().write(|clklo| {
-            clklo.lo().variant(low_ticks as u16)
+            clklo.lo().variant(ticks_per_hi_low as u16)
         });
     }
 }