path: root/projects/bootloader/bootloader.c

  

/*
 * bootloader.c
 * ------------
 * Bootloader to either install new firmware received from the MGMT UART,
 * or jump to previously installed firmware.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 * Copyright: 2020, The Commons Conservancy Cryptech Project
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the copyright holder nor the names of its
 *   contributors may be used to endorse or promote products derived from
 *   this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* Ignore "deprecated" warnings in ARM-supplied CMSIS code:
 *
 * libraries/mbed/targets/cmsis/core_cm4.h:85:28: warning: listing the stack pointer register 'sp' in a clobber list is deprecated
 * libraries/mbed/targets/cmsis/core_cm4.h:85:28: note: the value of the stack pointer after an 'asm' statement must be the same as it was before the statement
 *
 * This comes from our use of __set_MSP to set the stack pointer when
 * switching tasks. If GCC ever decides to actually forbid this, then
 * we'll have to figure out something else, possibly a native assembly
 * function.
 */
#pragma GCC diagnostic ignored "-Wdeprecated"

#include "stm-init.h"
#include "stm-led.h"
#include "stm-uart.h"
#include "stm-fmc.h"
#include "dfu.h"

/* stub these out to avoid linker error */
void fpgacfg_init(void) { }
void sdram_init(void) { }
void *hal_allocate_static_memory(const size_t size) { return 0; }

/* Linker symbols are strange in C. Make regular pointers for sanity. */
__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL;
__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START;
/* The first word in the firmware is an address to the stack (msp) */
__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START;
/* The second word in the firmware is a pointer to the code
 * (points at the Reset_Handler from the linker script).
 */
__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1;

typedef  void (*pFunction)(void);

/* called from Reset_Handler */
void check_early_dfu_jump(void)
{
    /* Check if we've just rebooted in order to jump to the firmware. */
    if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) {
	*dfu_control = 0;
        pFunction loaded_app = (pFunction) *dfu_code_ptr;
        /* Set the stack pointer to the correct one for the firmware */
        __set_MSP(*dfu_msp_ptr);
        /* Set the Vector Table Offset Register */
        SCB->VTOR = (uint32_t) dfu_firmware;
        loaded_app();
        while (1);
    }
}

int should_dfu()
{
    int i;
    uint8_t rx = 0;

    /* While blinking the blue LED for 5 seconds, see if we receive a CR on the MGMT UART.
     * We've discussed also requiring one or both of the FPGA config jumpers installed
     * before allowing DFU of the STM32 - that check could be done here.
     */
    led_on(LED_BLUE);
    for (i = 0; i < 50; i++) {
	HAL_Delay(100);
	led_toggle(LED_BLUE);
	if (uart_recv_char(&rx, 0) == HAL_OK) {
	    if (rx == 13) return 1;
	}
    }
    return 0;
}

/* Sleep for specified number of seconds -- used after bad PIN. */
void hal_sleep(const unsigned seconds) { HAL_Delay(seconds * 1000); }

int main(void)
{
    int status;

    stm_init();

    uart_send_string("\r\n\r\nThis is the bootloader speaking...");

    if (should_dfu()) {
	led_off(LED_BLUE);
	if ((status = dfu_receive_firmware()) != 0) {
	    /* Upload of new firmware failed, reboot after lighting the red LED
	     * for three seconds.
	     */
	    led_off(LED_BLUE);
	    led_on(LED_RED);
	    uart_send_string("dfu_receive_firmware failed: ");
	    uart_send_hex(status, 2);
	    uart_send_string("\r\n\r\nRebooting in three seconds\r\n");
	    HAL_Delay(3000);
	    HAL_NVIC_SystemReset();
	    while (1) {};
	}
    }

    /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump
     * after rebooting back into this main() function.
     */
    *dfu_control = HARDWARE_EARLY_DFU_JUMP;

    uart_send_string("loading firmware\r\n\r\n");

    /* De-initialize hardware by rebooting */
    HAL_NVIC_SystemReset();
    while (1) {};
}
/*
 * bootloader.c
 * ------------
 * Bootloader to either install new firmware received from the MGMT UART,
 * or jump to previously installed firmware.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 * Copyright: 2020, The Commons Conservancy Cryptech Project
 * SPDX-License-Identifier: BSD-3-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the copyright holder nor the names of its
 *   contributors may be used to endorse or promote products derived from
 *   this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* Ignore "deprecated" warnings in ARM-supplied CMSIS code:
 *
 * libraries/mbed/targets/cmsis/core_cm4.h:85:28: warning: listing the stack pointer register 'sp' in a clobber list is deprecated
 * libraries/mbed/targets/cmsis/core_cm4.h:85:28: note: the value of the stack pointer after an 'asm' statement must be the same as it was before the statement
 *
 * This comes from our use of __set_MSP to set the stack pointer when
 * switching tasks. If GCC ever decides to actually forbid this, then
 * we'll have to figure out something else, possibly a native assembly
 * function.
 */
#pragma GCC diagnostic ignored "-Wdeprecated"

#include "stm-init.h"
#include "stm-led.h"
#include "stm-uart.h"
#include "stm-fmc.h"
#include "dfu.h"

/* stub these out to avoid linker error */
void fpgacfg_init(void) { }
void sdram_init(void) { }
void *hal_allocate_static_memory(const size_t size) { return 0; }

/* Linker symbols are strange in C. Make regular pointers for sanity. */
__IO uint32_t *dfu_control = &CRYPTECH_DFU_CONTROL;
__IO uint32_t *dfu_firmware = &CRYPTECH_FIRMWARE_START;
/* The first word in the firmware is an address to the stack (msp) */
__IO uint32_t *dfu_msp_ptr = &CRYPTECH_FIRMWARE_START;
/* The second word in the firmware is a pointer to the code
 * (points at the Reset_Handler from the linker script).
 */
__IO uint32_t *dfu_code_ptr = &CRYPTECH_FIRMWARE_START + 1;

typedef  void (*pFunction)(void);

/* called from Reset_Handler */
void check_early_dfu_jump(void)
{
    /* Check if we've just rebooted in order to jump to the firmware. */
    if (*dfu_control == HARDWARE_EARLY_DFU_JUMP) {
	*dfu_control = 0;
        pFunction loaded_app = (pFunction) *dfu_code_ptr;
        /* Set the stack pointer to the correct one for the firmware */
        __set_MSP(*dfu_msp_ptr);
        /* Set the Vector Table Offset Register */
        SCB->VTOR = (uint32_t) dfu_firmware;
        loaded_app();
        while (1);
    }
}

int should_dfu()
{
    int i;
    uint8_t rx = 0;

    /* While blinking the blue LED for 5 seconds, see if we receive a CR on the MGMT UART.
     * We've discussed also requiring one or both of the FPGA config jumpers installed
     * before allowing DFU of the STM32 - that check could be done here.
     */
    led_on(LED_BLUE);
    for (i = 0; i < 50; i++) {
	HAL_Delay(100);
	led_toggle(LED_BLUE);
	if (uart_recv_char(&rx, 0) == HAL_OK) {
	    if (rx == 13) return 1;
	}
    }
    return 0;
}

/* Sleep for specified number of seconds -- used after bad PIN. */
void hal_sleep(const unsigned seconds) { HAL_Delay(seconds * 1000); }

int main(void)
{
    int status;

    stm_init();

    uart_send_string("\r\n\r\nThis is the bootloader speaking...");

    if (should_dfu()) {
	led_off(LED_BLUE);
	if ((status = dfu_receive_firmware()) != 0) {
	    /* Upload of new firmware failed, reboot after lighting the red LED
	     * for three seconds.
	     */
	    led_off(LED_BLUE);
	    led_on(LED_RED);
	    uart_send_string("dfu_receive_firmware failed: ");
	    uart_send_hex(status, 2);
	    uart_send_string("\r\n\r\nRebooting in three seconds\r\n");
	    HAL_Delay(3000);
	    HAL_NVIC_SystemReset();
	    while (1) {};
	}
    }

    /* Set dfu_control to the magic value that will cause the us to call do_early_dfu_jump
     * after rebooting back into this main() function.
     */
    *dfu_control = HARDWARE_EARLY_DFU_JUMP;

    uart_send_string("loading firmware\r\n\r\n");

    /* De-initialize hardware by rebooting */
    HAL_NVIC_SystemReset();
    while (1) {};
}