aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Selkirk <paul@psgd.org>2016-06-28 01:20:42 -0400
committerPaul Selkirk <paul@psgd.org>2016-06-28 01:20:42 -0400
commitb10811e13e90f5eef1437bfefe01e81c5faf5d4f (patch)
treeffb8e318a9e4ce87e888dc9af646f6fe6d3ffd70
parent75ddc749d6f86bbb5d0f7ca8fc52eeb1fb531426 (diff)
Only SO and wheel are allowed to upload.
Also add bootloader upload.
-rw-r--r--projects/hsm/Makefile3
-rwxr-xr-xprojects/hsm/cryptech_upload28
-rw-r--r--projects/hsm/mgmt-bootloader.c81
-rw-r--r--projects/hsm/mgmt-bootloader.h51
-rw-r--r--projects/hsm/mgmt-cli.c8
-rw-r--r--projects/hsm/mgmt-firmware.c69
-rw-r--r--projects/hsm/mgmt-firmware.h42
-rw-r--r--projects/hsm/mgmt-fpga.c14
8 files changed, 284 insertions, 12 deletions
diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile
index 06cfcc2..acb9962 100644
--- a/projects/hsm/Makefile
+++ b/projects/hsm/Makefile
@@ -3,7 +3,8 @@ PROJ = hsm
# objs in addition to $(PROJ).o
OBJS = crc32.o \
mgmt-cli.o \
- mgmt-dfu.c \
+ mgmt-firmware.c \
+ mgmt-bootloader.c \
mgmt-fpga.c \
mgmt-keystore.c \
mgmt-masterkey.c \
diff --git a/projects/hsm/cryptech_upload b/projects/hsm/cryptech_upload
index 3dddcdc..722e37b 100755
--- a/projects/hsm/cryptech_upload
+++ b/projects/hsm/cryptech_upload
@@ -40,8 +40,7 @@ import getpass
from binascii import crc32
-CHUNK_SIZE = 256
-FIRMWARE_CHUNK_SIZE = 256
+FIRMWARE_CHUNK_SIZE = 4096
FPGA_CHUNK_SIZE = 4096
@@ -101,16 +100,20 @@ def _read(dst):
#print ("Read {!r}".format(res))
return res
+pin = None
def _execute(dst, cmd):
+ global pin
_write(dst, '\r')
prompt = _read(dst)
if prompt.endswith('Username: '):
_write(dst, 'so\r')
prompt = _read(dst)
- if prompt.endswith('Password: '):
- _write(dst, getpass.getpass('SO PIN: ') + '\r')
- prompt = _read(dst)
+ if prompt.endswith('Password: '):
+ if not pin:
+ pin = getpass.getpass('SO PIN: ')
+ _write(dst, pin + '\r')
+ prompt = _read(dst)
if not prompt.endswith('> '):
#sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt))
return prompt
@@ -123,14 +126,16 @@ def send_file(filename, args, dst):
size = s.st_size
src = open(filename, 'rb')
if args.fpga:
- # Skip header in FPGA bitstream file
- #size -= 0x64
- #src.read(0x64)
chunk_size = FPGA_CHUNK_SIZE
response = _execute(dst, 'fpga bitstream upload')
elif args.firmware:
chunk_size = FIRMWARE_CHUNK_SIZE
response = _execute(dst, 'firmware upload')
+ if 'Rebooting' in response:
+ response = _execute(dst, 'firmware upload')
+ elif args.bootloader:
+ chunk_size = FIRMWARE_CHUNK_SIZE
+ response = _execute(dst, 'bootloader upload')
if 'Access denied' in response:
print 'Access denied'
return False
@@ -176,9 +181,14 @@ def send_file(filename, args, dst):
src.close()
if args.fpga:
+ # tell the fpga to read its new configuration
_execute(dst, 'fpga reset')
- _execute(dst, 'exit')
+ if args.fpga or args.bootloader:
+ # log out of the CLI
+ # firmware upgrade reboots, doesn't need an exit
+ _execute(dst, 'exit')
+
return True
diff --git a/projects/hsm/mgmt-bootloader.c b/projects/hsm/mgmt-bootloader.c
new file mode 100644
index 0000000..a062fd9
--- /dev/null
+++ b/projects/hsm/mgmt-bootloader.c
@@ -0,0 +1,81 @@
+/*
+ * mgmt-bootloader.c
+ * -----------------
+ * CLI code for updating the bootloader.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
+#include "stm-init.h"
+#include "stm-uart.h"
+#include "stm-flash.h"
+#include "mgmt-cli.h"
+#include "mgmt-misc.h"
+#include "mgmt-bootloader.h"
+
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
+extern hal_user_t user;
+
+static uint32_t dfu_offset;
+
+static int _flash_write_callback(uint8_t *buf, size_t len)
+{
+ stm_flash_write32(dfu_offset, (uint32_t *)buf, sizeof(buf)/4);
+ dfu_offset += DFU_UPLOAD_CHUNK_SIZE;
+ return 1;
+}
+
+static int cmd_bootloader_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ if (user < HAL_USER_SO) {
+ cli_print(cli, "Permission denied.");
+ return CLI_ERROR;
+ }
+
+ uint8_t buf[DFU_UPLOAD_CHUNK_SIZE];
+ dfu_offset = DFU_BOOTLOADER_ADDR;
+
+ cli_receive_data(cli, buf, sizeof(buf), _flash_write_callback);
+
+ cli_print(cli, "DFU offset now: %li (%li chunks)", dfu_offset, dfu_offset / DFU_UPLOAD_CHUNK_SIZE);
+ return CLI_OK;
+}
+
+void configure_cli_bootloader(struct cli_def *cli)
+{
+ cli_command_root(bootloader);
+
+ cli_command_node(bootloader, upload, "Upload new bootloader image");
+}
diff --git a/projects/hsm/mgmt-bootloader.h b/projects/hsm/mgmt-bootloader.h
new file mode 100644
index 0000000..31dbefc
--- /dev/null
+++ b/projects/hsm/mgmt-bootloader.h
@@ -0,0 +1,51 @@
+/*
+ * mgmt-bootloader.h
+ * ---------------
+ * Management CLI bootloader upgrade code.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __STM32_CLI_MGMT_BOOTLOADER_H
+#define __STM32_CLI_MGMT_BOOTLOADER_H
+
+#include <libcli.h>
+
+/* symbols defined in the linker script (STM32F429BI_bootloader.ld) */
+extern uint32_t CRYPTECH_BOOTLOADER_START;
+extern uint32_t CRYPTECH_BOOTLOADER_END;
+extern uint32_t CRYPTECH_DFU_CONTROL;
+
+#define DFU_BOOTLOADER_ADDR ((uint32_t) &CRYPTECH_BOOTLOADER_START)
+#define DFU_BOOTLOADER_END_ADDR ((uint32_t) &CRYPTECH_BOOTLOADER_END)
+#define DFU_UPLOAD_CHUNK_SIZE 4096
+
+extern void configure_cli_bootloader(struct cli_def *cli);
+
+#endif /* __STM32_CLI_MGMT_BOOTLOADER_H */
diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c
index 7789dd1..eeeaef5 100644
--- a/projects/hsm/mgmt-cli.c
+++ b/projects/hsm/mgmt-cli.c
@@ -43,7 +43,8 @@
#include "stm-led.h"
#include "mgmt-cli.h"
-#include "mgmt-dfu.h"
+#include "mgmt-firmware.h"
+#include "mgmt-bootloader.h"
#include "mgmt-fpga.h"
#include "mgmt-misc.h"
#include "mgmt-show.h"
@@ -235,6 +236,7 @@ static int check_auth(const char *username, const char *password)
if (hal_rpc_login(client, user, password, strlen(password)) == LIBHAL_OK)
return CLI_OK;
+ user = HAL_USER_NONE;
return CLI_ERROR;
}
@@ -250,7 +252,8 @@ int cli_main(void)
configure_cli_show(&cli);
configure_cli_fpga(&cli);
configure_cli_misc(&cli);
- configure_cli_dfu(&cli);
+ configure_cli_firmware(&cli);
+ configure_cli_bootloader(&cli);
configure_cli_keystore(&cli);
configure_cli_masterkey(&cli);
@@ -258,6 +261,7 @@ int cli_main(void)
embedded_cli_loop(&cli);
/* embedded_cli_loop returns when the user enters 'quit' or 'exit' */
cli_print(&cli, "\nLogging out...\n");
+ user = HAL_USER_NONE;
}
/*NOTREACHED*/
diff --git a/projects/hsm/mgmt-firmware.c b/projects/hsm/mgmt-firmware.c
new file mode 100644
index 0000000..1a0e184
--- /dev/null
+++ b/projects/hsm/mgmt-firmware.c
@@ -0,0 +1,69 @@
+/*
+ * mgmt-firmware.c
+ * ---------------
+ * CLI code for managing the loaded firmware.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
+#include "stm-init.h"
+#include "mgmt-cli.h"
+#include "stm-uart.h"
+#include "stm-flash.h"
+
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
+extern hal_user_t user;
+
+static int cmd_firmware_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
+{
+ if (user < HAL_USER_SO) {
+ cli_print(cli, "Permission denied.");
+ return CLI_ERROR;
+ }
+
+ /* reboot and let the bootloader handle the upload */
+ cli_print(cli, "\n\n\nRebooting\n\n\n");
+ HAL_NVIC_SystemReset();
+
+ /*NOTREACHED*/
+ return CLI_OK;
+}
+
+void configure_cli_firmware(struct cli_def *cli)
+{
+ cli_command_root(firmware);
+
+ cli_command_node(firmware, upload, "Upload new firmware image");
+}
diff --git a/projects/hsm/mgmt-firmware.h b/projects/hsm/mgmt-firmware.h
new file mode 100644
index 0000000..af7c67c
--- /dev/null
+++ b/projects/hsm/mgmt-firmware.h
@@ -0,0 +1,42 @@
+/*
+ * mgmt-firmware.h
+ * ---------------
+ * Management CLI Device Firmware Upgrade code.
+ *
+ * Copyright (c) 2016, NORDUnet A/S All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * - Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * - Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * - Neither the name of the NORDUnet nor the names of its contributors may
+ * be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __STM32_CLI_MGMT_FIRMWARE_H
+#define __STM32_CLI_MGMT_FIRMWARE_H
+
+#include <libcli.h>
+
+extern void configure_cli_firmware(struct cli_def *cli);
+
+#endif /* __STM32_CLI_MGMT_FIRMWARE_H */
diff --git a/projects/hsm/mgmt-fpga.c b/projects/hsm/mgmt-fpga.c
index b6eea3d..b74392e 100644
--- a/projects/hsm/mgmt-fpga.c
+++ b/projects/hsm/mgmt-fpga.c
@@ -32,6 +32,8 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */
+#define HAL_OK CMSIS_HAL_OK
#include "stm-init.h"
#include "stm-uart.h"
#include "stm-fpgacfg.h"
@@ -40,9 +42,16 @@
#include "mgmt-fpga.h"
#include "mgmt-misc.h"
+#undef HAL_OK
+#define HAL_OK LIBHAL_OK
+#include "hal.h"
+#undef HAL_OK
+
#include <string.h>
+extern hal_user_t user;
+
static volatile uint32_t dfu_offset = 0;
@@ -54,6 +63,11 @@ static int _flash_write_callback(uint8_t *buf, size_t len) {
static int cmd_fpga_bitstream_upload(struct cli_def *cli, const char *command, char *argv[], int argc)
{
+ if (user < HAL_USER_SO) {
+ cli_print(cli, "Permission denied.");
+ return CLI_ERROR;
+ }
+
uint8_t buf[BITSTREAM_UPLOAD_CHUNK_SIZE];
dfu_offset = 0;