path: root/projects/bootloader/dfu.c



/*
 * dfu.c
 * ------------
 * Receive new firmware from MGMT UART and write it to STM32 internal flash.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
#define HAL_OK CMSIS_HAL_OK
#include "dfu.h"
#include "stm-led.h"
#include "stm-uart.h"
#include "stm-flash.h"
#undef HAL_OK

#define HAL_OK LIBHAL_OK
#include "hal.h"
#include "hal_internal.h"
#undef HAL_OK

#include <string.h>

static int getline(char *buf, int len)
{
    int i;
    uint8_t c;

    for (i = 0; i < len; ++i) {
        if (uart_recv_char(&c, HAL_MAX_DELAY) != CMSIS_HAL_OK)
            return -1;
        if (c == '\r') {
            buf[i] = '\0';
            break;
        }
        buf[i] = c;
    }
    return i;
}

static void uart_flush(void)
{
    uint8_t c;
    while (uart_recv_char(&c, 0) == CMSIS_HAL_OK) { ; }
}

static int do_login(void)
{
    char username[8];
    char pin[hal_rpc_max_pin_length];
    hal_client_handle_t client = { -1 };
    hal_user_t user;
    int n;

    uart_flush();
    uart_send_string("\r\nUsername: ");
    if (getline(username, sizeof(username)) <= 0)
        return -1;
    if (strcmp(username, "wheel") == 0)
        user = HAL_USER_WHEEL;
    else if (strcmp(username, "so") == 0)
        user = HAL_USER_SO;
    else if (strcmp(username, "user") == 0)
        user = HAL_USER_NORMAL;
    else
        user = HAL_USER_NONE;

    uart_flush();
    uart_send_string("\r\nPassword: ");
    if ((n = getline(pin, sizeof(pin))) <= 0)
        return -1;

    uart_flush();

    hal_ks_init_read_only_pins_only();

    if (hal_rpc_login(client, user, pin, n) != LIBHAL_OK) {
        uart_send_string("\r\nAccess denied\r\n");
        return -1;
    }
    return 0;
}

int dfu_receive_firmware(void)
{
    uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE;
    hal_crc32_t crc = 0, my_crc = hal_crc32_init();
    uint32_t filesize = 0, counter = 0;
    uint8_t buf[DFU_UPLOAD_CHUNK_SIZE];

    if (do_login() != 0)
        return -1;

    /* Fake the CLI */
    uart_send_string("\r\ncryptech> ");
    char cmd[64];
    if (getline(cmd, sizeof(cmd)) <= 0)
        return -1;
    if (strcmp(cmd, "firmware upload") != 0) {
        uart_send_string("\r\nInvalid command \"");
        uart_send_string(cmd);
        uart_send_string("\"\r\n");
        return -1;
    }

    uart_send_string("OK, write size (4 bytes), data in 4096 byte chunks, CRC-32 (4 bytes)\r\n");

    /* Read file size (4 bytes) */
    uart_receive_bytes((void *) &filesize, sizeof(filesize), 10000);
    if (filesize < 512 || filesize > DFU_FIRMWARE_END_ADDR - DFU_FIRMWARE_ADDR) {
        uart_send_string("Invalid filesize ");
        uart_send_integer(filesize, 1);
        uart_send_string("\r\n");
	return -1;
    }

    HAL_FLASH_Unlock();

    uart_send_string("Send ");
    uart_send_integer(filesize, 1);
    uart_send_string(" bytes of data\r\n");

    while (filesize) {
	/* By initializing buf to the same value that erased flash has (0xff), we don't
	 * have to try and be smart when writing the last page of data to the memory.
	 */
	memset(buf, 0xff, sizeof(buf));

	if (filesize < n) {
	    n = filesize;
	}

	if (uart_receive_bytes((void *) buf, n, 10000) != CMSIS_HAL_OK) {
	    return -2;
	}
	filesize -= n;

	/* After reception of a chunk but before ACKing we have "all" the time in the world to
	 * calculate CRC and write it to flash.
	 */
	my_crc = hal_crc32_update(my_crc, buf, n);
	stm_flash_write32(offset, (uint32_t *)buf, sizeof(buf)/4);
	offset += DFU_UPLOAD_CHUNK_SIZE;

	/* ACK this chunk by sending the current chunk counter (4 bytes) */
	counter++;
	uart_send_bytes((void *) &counter, 4);
	led_toggle(LED_BLUE);
    }

    my_crc = hal_crc32_finalize(my_crc);

    HAL_FLASH_Lock();

    uart_send_string("Send CRC-32\r\n");

    /* The sending side will now send its calculated CRC-32 */
    uart_receive_bytes((void *) &crc, sizeof(crc), 10000);

    uart_send_string("CRC-32 0x");
    uart_send_hex(crc, 1);
    uart_send_string(", calculated CRC 0x");
    uart_send_hex(my_crc, 1);
    if (crc == my_crc) {
	uart_send_string("CRC checksum MATCHED\r\n");
        return 0;
    } else {
	uart_send_string("CRC checksum did NOT match\r\n");
    }

    led_on(LED_RED);
    led_on(LED_YELLOW);

    /* Better to erase the known bad firmware */
    stm_flash_erase_sectors(DFU_FIRMWARE_ADDR, DFU_FIRMWARE_END_ADDR);

    led_off(LED_YELLOW);

    return 0;
}
/*
 * dfu.c
 * ------------
 * Receive new firmware from MGMT UART and write it to STM32 internal flash.
 *
 * Copyright (c) 2016, NORDUnet A/S All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 * - Redistributions of source code must retain the above copyright notice,
 *   this list of conditions and the following disclaimer.
 *
 * - Redistributions in binary form must reproduce the above copyright
 *   notice, this list of conditions and the following disclaimer in the
 *   documentation and/or other materials provided with the distribution.
 *
 * - Neither the name of the NORDUnet nor the names of its contributors may
 *   be used to endorse or promote products derived from this software
 *   without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
#define HAL_OK CMSIS_HAL_OK
#include "dfu.h"
#include "stm-led.h"
#include "stm-uart.h"
#include "stm-flash.h"
#undef HAL_OK

#define HAL_OK LIBHAL_OK
#include "hal.h"
#include "hal_internal.h"
#undef HAL_OK

#include <string.h>

static int getline(char *buf, int len)
{
    int i;
    uint8_t c;

    for (i = 0; i < len; ++i) {
        if (uart_recv_char(&c, HAL_MAX_DELAY) != CMSIS_HAL_OK)
            return -1;
        if (c == '\r') {
            buf[i] = '\0';
            break;
        }
        buf[i] = c;
    }
    return i;
}

static void uart_flush(void)
{
    uint8_t c;
    while (uart_recv_char(&c, 0) == CMSIS_HAL_OK) { ; }
}

static int do_login(void)
{
    char username[8];
    char pin[hal_rpc_max_pin_length];
    hal_client_handle_t client = { -1 };
    hal_user_t user;
    int n;

    uart_flush();
    uart_send_string("\r\nUsername: ");
    if (getline(username, sizeof(username)) <= 0)
        return -1;
    if (strcmp(username, "wheel") == 0)
        user = HAL_USER_WHEEL;
    else if (strcmp(username, "so") == 0)
        user = HAL_USER_SO;
    else if (strcmp(username, "user") == 0)
        user = HAL_USER_NORMAL;
    else
        user = HAL_USER_NONE;

    uart_flush();
    uart_send_string("\r\nPassword: ");
    if ((n = getline(pin, sizeof(pin))) <= 0)
        return -1;

    uart_flush();

    hal_ks_init_read_only_pins_only();

    if (hal_rpc_login(client, user, pin, n) != LIBHAL_OK) {
        uart_send_string("\r\nAccess denied\r\n");
        return -1;
    }
    return 0;
}

int dfu_receive_firmware(void)
{
    uint32_t offset = DFU_FIRMWARE_ADDR, n = DFU_UPLOAD_CHUNK_SIZE;
    hal_crc32_t crc = 0, my_crc = hal_crc32_init();
    uint32_t filesize = 0, counter = 0;
    uint8_t buf[DFU_UPLOAD_CHUNK_SIZE];

    if (do_login() != 0)
        return -1;

    /* Fake the CLI */
    uart_send_string("\r\ncryptech> ");
    char cmd[64];
    if (getline(cmd, sizeof(cmd)) <= 0)
        return -1;
    if (strcmp(cmd, "firmware upload") != 0) {
        uart_send_string("\r\nInvalid command \"");
        uart_send_string(cmd);
        uart_send_string("\"\r\n");
        return -1;
    }

    uart_send_string("OK, write size (4 bytes), data in 4096 byte chunks, CRC-32 (4 bytes)\r\n");

    /* Read file size (4 bytes) */
    uart_receive_bytes((void *) &filesize, sizeof(filesize), 10000);
    if (filesize < 512 || filesize > DFU_FIRMWARE_END_ADDR - DFU_FIRMWARE_ADDR) {
        uart_send_string("Invalid filesize ");
        uart_send_integer(filesize, 1);
        uart_send_string("\r\n");
	return -1;
    }

    HAL_FLASH_Unlock();

    uart_send_string("Send ");
    uart_send_integer(filesize, 1);
    uart_send_string(" bytes of data\r\n");

    while (filesize) {
	/* By initializing buf to the same value that erased flash has (0xff), we don't
	 * have to try and be smart when writing the last page of data to the memory.
	 */
	memset(buf, 0xff, sizeof(buf));

	if (filesize < n) {
	    n = filesize;
	}

	if (uart_receive_bytes((void *) buf, n, 10000) != CMSIS_HAL_OK) {
	    return -2;
	}
	filesize -= n;

	/* After reception of a chunk but before ACKing we have "all" the time in the world to
	 * calculate CRC and write it to flash.
	 */
	my_crc = hal_crc32_update(my_crc, buf, n);
	stm_flash_write32(offset, (uint32_t *)buf, sizeof(buf)/4);
	offset += DFU_UPLOAD_CHUNK_SIZE;

	/* ACK this chunk by sending the current chunk counter (4 bytes) */
	counter++;
	uart_send_bytes((void *) &counter, 4);
	led_toggle(LED_BLUE);
    }

    my_crc = hal_crc32_finalize(my_crc);

    HAL_FLASH_Lock();

    uart_send_string("Send CRC-32\r\n");

    /* The sending side will now send its calculated CRC-32 */
    uart_receive_bytes((void *) &crc, sizeof(crc), 10000);

    uart_send_string("CRC-32 0x");
    uart_send_hex(crc, 1);
    uart_send_string(", calculated CRC 0x");
    uart_send_hex(my_crc, 1);
    if (crc == my_crc) {
	uart_send_string("CRC checksum MATCHED\r\n");
        return 0;
    } else {
	uart_send_string("CRC checksum did NOT match\r\n");
    }

    led_on(LED_RED);
    led_on(LED_YELLOW);

    /* Better to erase the known bad firmware */
    stm_flash_erase_sectors(DFU_FIRMWARE_ADDR, DFU_FIRMWARE_END_ADDR);

    led_off(LED_YELLOW);

    return 0;
}