diff --git a/application_processor/build.rs b/application_processor/build.rs index a334e7a..29666d9 100644 --- a/application_processor/build.rs +++ b/application_processor/build.rs @@ -159,6 +159,17 @@ fn main() { } rust_code.push_str("];\n"); + // this start address is pass the end of the address max size binary can load to from bootloader + // (0x10046000) there is an extra page in between just in case + let flash_data_range_start = 0x10048000; + let flash_data_range_end = 0x1007c000; + // the address where we store state that can change in flash at + // must be multiple of 128 + let flash_data_addr = rand::thread_rng() + .gen_range((flash_data_range_start / 128)..(flash_data_range_end / 128)) * 128; + + rust_code.push_str(&format!("pub const FLASH_DATA_ADDR: usize = {flash_data_addr};\n")); + let out_path = PathBuf::from(env::var("OUT_DIR").unwrap()); std::fs::write(out_path.join("ectf_params.rs"), rust_code).unwrap(); @@ -167,7 +178,7 @@ fn main() { let mut rng = rand::thread_rng(); - let flash_length = 0x00070000; + let flash_length = 0x00038000; let ram_length = 0x00020000; let flash_origin = 0x1000e000; let ram_origin = 0x20000000; diff --git a/application_processor/src/ap_driver.rs b/application_processor/src/ap_driver.rs index 1ffab36..25ea6df 100644 --- a/application_processor/src/ap_driver.rs +++ b/application_processor/src/ap_driver.rs @@ -10,7 +10,7 @@ use design_utils::{component_id_to_i2c_addr, messages::ProtocolError, I2C_FREQUE use rand_core::{RngCore, SeedableRng}; use rand_chacha::ChaCha20Rng; -use crate::ectf_params::{COMPONENTS, COMPONENT_KEYS}; +use crate::ectf_params::COMPONENTS; use crate::ApError; pub const FLASH_ADDR: usize = (FLASH_BASE_ADDR + FLASH_SIZE) - (2 * FLASH_PAGE_SIZE); @@ -60,14 +60,11 @@ impl ApDriver { core::ptr::read(FLASH_DATA) }; - // Write Component IDs from flash if first boot e.g. flash unwritten + // if flash is not initialized, component ids we are provisioned for if flash_data.flash_magic != FLASH_MAGIC { flash_data.flash_magic = FLASH_MAGIC; flash_data.components_len = COMPONENTS.len(); flash_data.components[..COMPONENTS.len()].copy_from_slice(COMPONENTS.as_slice()); - - // FIXME - //self.save_flash_data(flash_data); } self.flash_data = Some(flash_data); @@ -76,8 +73,7 @@ impl ApDriver { } pub fn save_flash_data(&mut self, flash_data: FlashData) { - // safety: nothing else is present at the flash address - // TODO: verify this + // safety: nothing else is present at the flash address, linker script only uses bottom half of flash unsafe { self.flash.erase_page(FLASH_ADDR) .expect("could not erase flash page"); @@ -179,18 +175,11 @@ pub struct ProvisionedComponent { pub key_index: usize, } -impl ProvisionedComponent { - pub fn get_pubkey(&self) -> &'static [u8; 32] { - &COMPONENT_KEYS[self.key_index].pubkey - } -} - /// Datatype for information stored in flash #[repr(C)] #[derive(Debug, Default, Clone, Copy, Pod, Zeroable)] pub struct FlashData { pub(crate) components_len: usize, - // TODO: use tinyvec for this pub(crate) components: [ProvisionedComponent; 2], pub(crate) flash_magic: u32, } @@ -215,10 +204,4 @@ impl FlashData { None } - - /// Checks if a provisioned component is currently using the given public key index - pub fn is_key_index_in_use(&self, key_index: usize) -> bool { - self.components[..self.components_len].iter() - .any(|component| component.key_index == key_index) - } } diff --git a/application_processor/src/post_boot/mod.rs b/application_processor/src/post_boot/mod.rs index 9be0752..ef4e551 100644 --- a/application_processor/src/post_boot/mod.rs +++ b/application_processor/src/post_boot/mod.rs @@ -14,7 +14,6 @@ mod messaging; // return codes used by the c code const SUCCESS_RETURN: c_int = 0; -const ERROR_RETURN: c_int = -1; // definition of c post boot function extern "C" { @@ -52,11 +51,10 @@ extern "C" fn secure_send(address: I2cAddr, buf: *const u8, len: u8) -> c_int { slice::from_raw_parts(buf, len.into()) }; - // TODO: maybe panic here, don't let post boot decide what to do in event of error - match with_driver(|driver| messaging::secure_send(driver, address, message)) { - Ok(_) => SUCCESS_RETURN, - Err(_) => ERROR_RETURN, - } + with_driver(|driver| messaging::secure_send(driver, address, message)) + .expect("could not send message to component"); + + SUCCESS_RETURN } #[no_mangle] @@ -66,12 +64,11 @@ extern "C" fn secure_receive(address: I2cAddr, buffer: *mut u8) -> c_int { (buffer as *mut [u8; MAX_POST_BOOT_MESSAGE_SIZE]).as_mut().unwrap() }; - // TODO: maybe panic here, don't let post boot decide what to do in event of error - match with_driver(|driver| messaging::secure_receive(driver, address, recv_buf)) { - // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE - Ok(recv_len) => recv_len.try_into().unwrap(), - Err(_) => ERROR_RETURN, - } + // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE + with_driver(|driver| messaging::secure_receive(driver, address, recv_buf)) + .expect("could not recieve message from component") + .try_into() + .unwrap() } #[no_mangle] diff --git a/component/build.rs b/component/build.rs index f03ba47..d72afd9 100644 --- a/component/build.rs +++ b/component/build.rs @@ -142,7 +142,7 @@ fn main() { let mut rng = rand::thread_rng(); - let flash_length = 0x00070000; + let flash_length = 0x00038000; let ram_length = 0x00020000; let flash_origin = 0x1000e000; let ram_origin = 0x20000000; diff --git a/component/src/main.rs b/component/src/main.rs index 183e257..e454d06 100644 --- a/component/src/main.rs +++ b/component/src/main.rs @@ -175,8 +175,6 @@ fn process_boot( // received enc(m3 || cid || rb + 1 || signature) let mut encrypted_message: EncryptedMessage> = driver.recv_struct()?; let signed_message = encrypted_message.get_decrypted_data(&BOOT_CR_KEY)?; - // TODO: glitch protect this signature check - //let message = signed_message.get_data_verified(&AP_PUBKEY)?; let message: BootMessageFinalize = postcard::from_bytes(&signed_message.message_data)?; check_or_error_jump_table!( diff --git a/component/src/post_boot/mod.rs b/component/src/post_boot/mod.rs index a8de85e..3c8932b 100644 --- a/component/src/post_boot/mod.rs +++ b/component/src/post_boot/mod.rs @@ -16,7 +16,7 @@ extern "C" { // FIXME: don't use static mut static mut COMPONENT_DRIVER: Option = None; -fn with_driver(f: impl FnOnce(&mut ComponentDriver) -> T) -> T { +unsafe fn with_driver(f: impl FnOnce(&mut ComponentDriver) -> T) -> T { unsafe { f(COMPONENT_DRIVER.as_mut().unwrap()) } @@ -41,8 +41,10 @@ extern "C" fn secure_send(buffer: *const u8, len: u8) { slice::from_raw_parts(buffer, len.into()) }; - with_driver(|driver| messaging::secure_send(driver, message)) - .expect("secure send failed"); + unsafe { + with_driver(|driver| messaging::secure_send(driver, message)) + .expect("secure send failed"); + } } #[no_mangle] @@ -53,8 +55,10 @@ extern "C" fn secure_receive(buffer: *mut u8) -> c_int { }; // messaging::secure_recieve ensrues recv_len does not exceed MAX_POST_BOOT_MESSAGE_SIZE - let recv_len = with_driver(|driver| messaging::secure_receive(driver, recv_buf)) - .expect("secure receive failed"); + let recv_len = unsafe { + with_driver(|driver| messaging::secure_receive(driver, recv_buf)) + .expect("secure receive failed") + }; recv_len.try_into().unwrap() } diff --git a/max78000_hal/src/committed_array.rs b/max78000_hal/src/committed_array.rs index 5e13aea..d900a4a 100644 --- a/max78000_hal/src/committed_array.rs +++ b/max78000_hal/src/committed_array.rs @@ -27,7 +27,6 @@ pub struct CommittedArray { inner: UnsafeCell, } -// TODO: maybe use tinyvec struct CommittedArrayData { data_len: usize, data: [u8; COMMITTED_ARRAY_CAPACITY], diff --git a/max78000_hal/src/gpio.rs b/max78000_hal/src/gpio.rs index 1a43d47..f73c05d 100644 --- a/max78000_hal/src/gpio.rs +++ b/max78000_hal/src/gpio.rs @@ -89,7 +89,6 @@ macro_rules! make_configure_io { }); // only 2 of the functions we need are supported - // FIXME: the msdk writes to en3_clr, but that pin does not exist in the docs or generated bindings? match $options.function { GpioPinFunction::Input => { $regs.outen_clr().write(|outen_clr| { diff --git a/max78000_hal/src/i2c.rs b/max78000_hal/src/i2c.rs index 280adb4..cf96773 100644 --- a/max78000_hal/src/i2c.rs +++ b/max78000_hal/src/i2c.rs @@ -152,26 +152,19 @@ impl I2cInner { let peripheral_clock = Gcr::with(|gcr| gcr.get_peripheral_clock_frequency()); - // copied from msdk let ticks_total = peripheral_clock / hz; - let mut hi_ticks = (ticks_total >> 1) - 1; - let low_ticks = hi_ticks; + let ticks_per_hi_low = (ticks_total >> 1) - 1; - // FIXME: what does this even mean? - if ticks_total % 1 != 0 { - hi_ticks += 1; - } - - if hi_ticks > 0x1ff || low_ticks == 0 { + if ticks_per_hi_low > 0x1ff || ticks_per_hi_low == 0 { panic!("invalid clock speed"); } self.regs.clkhi().write(|clkhi| { - clkhi.hi().variant(hi_ticks as u16) + clkhi.hi().variant(ticks_per_hi_low as u16) }); self.regs.clklo().write(|clklo| { - clklo.lo().variant(low_ticks as u16) + clklo.lo().variant(ticks_per_hi_low as u16) }); } }