From b10811e13e90f5eef1437bfefe01e81c5faf5d4f Mon Sep 17 00:00:00 2001 From: Paul Selkirk Date: Tue, 28 Jun 2016 01:20:42 -0400 Subject: Only SO and wheel are allowed to upload. Also add bootloader upload. --- projects/hsm/Makefile | 3 +- projects/hsm/cryptech_upload | 28 ++++++++++----- projects/hsm/mgmt-bootloader.c | 81 ++++++++++++++++++++++++++++++++++++++++++ projects/hsm/mgmt-bootloader.h | 51 ++++++++++++++++++++++++++ projects/hsm/mgmt-cli.c | 8 +++-- projects/hsm/mgmt-firmware.c | 69 +++++++++++++++++++++++++++++++++++ projects/hsm/mgmt-firmware.h | 42 ++++++++++++++++++++++ projects/hsm/mgmt-fpga.c | 14 ++++++++ 8 files changed, 284 insertions(+), 12 deletions(-) create mode 100644 projects/hsm/mgmt-bootloader.c create mode 100644 projects/hsm/mgmt-bootloader.h create mode 100644 projects/hsm/mgmt-firmware.c create mode 100644 projects/hsm/mgmt-firmware.h (limited to 'projects') diff --git a/projects/hsm/Makefile b/projects/hsm/Makefile index 06cfcc2..acb9962 100644 --- a/projects/hsm/Makefile +++ b/projects/hsm/Makefile @@ -3,7 +3,8 @@ PROJ = hsm # objs in addition to $(PROJ).o OBJS = crc32.o \ mgmt-cli.o \ - mgmt-dfu.c \ + mgmt-firmware.c \ + mgmt-bootloader.c \ mgmt-fpga.c \ mgmt-keystore.c \ mgmt-masterkey.c \ diff --git a/projects/hsm/cryptech_upload b/projects/hsm/cryptech_upload index 3dddcdc..722e37b 100755 --- a/projects/hsm/cryptech_upload +++ b/projects/hsm/cryptech_upload @@ -40,8 +40,7 @@ import getpass from binascii import crc32 -CHUNK_SIZE = 256 -FIRMWARE_CHUNK_SIZE = 256 +FIRMWARE_CHUNK_SIZE = 4096 FPGA_CHUNK_SIZE = 4096 @@ -101,16 +100,20 @@ def _read(dst): #print ("Read {!r}".format(res)) return res +pin = None def _execute(dst, cmd): + global pin _write(dst, '\r') prompt = _read(dst) if prompt.endswith('Username: '): _write(dst, 'so\r') prompt = _read(dst) - if prompt.endswith('Password: '): - _write(dst, getpass.getpass('SO PIN: ') + '\r') - prompt = _read(dst) + if prompt.endswith('Password: '): + if not pin: + pin = getpass.getpass('SO PIN: ') + _write(dst, pin + '\r') + prompt = _read(dst) if not prompt.endswith('> '): #sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt)) return prompt @@ -123,14 +126,16 @@ def send_file(filename, args, dst): size = s.st_size src = open(filename, 'rb') if args.fpga: - # Skip header in FPGA bitstream file - #size -= 0x64 - #src.read(0x64) chunk_size = FPGA_CHUNK_SIZE response = _execute(dst, 'fpga bitstream upload') elif args.firmware: chunk_size = FIRMWARE_CHUNK_SIZE response = _execute(dst, 'firmware upload') + if 'Rebooting' in response: + response = _execute(dst, 'firmware upload') + elif args.bootloader: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, 'bootloader upload') if 'Access denied' in response: print 'Access denied' return False @@ -176,9 +181,14 @@ def send_file(filename, args, dst): src.close() if args.fpga: + # tell the fpga to read its new configuration _execute(dst, 'fpga reset') - _execute(dst, 'exit') + if args.fpga or args.bootloader: + # log out of the CLI + # firmware upgrade reboots, doesn't need an exit + _execute(dst, 'exit') + return True diff --git a/projects/hsm/mgmt-bootloader.c b/projects/hsm/mgmt-bootloader.c new file mode 100644 index 0000000..a062fd9 --- /dev/null +++ b/projects/hsm/mgmt-bootloader.c @@ -0,0 +1,81 @@ +/* + * mgmt-bootloader.c + * ----------------- + * CLI code for updating the bootloader. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#define HAL_OK CMSIS_HAL_OK +#include "stm-init.h" +#include "stm-uart.h" +#include "stm-flash.h" +#include "mgmt-cli.h" +#include "mgmt-misc.h" +#include "mgmt-bootloader.h" + +#undef HAL_OK +#define HAL_OK LIBHAL_OK +#include "hal.h" +#undef HAL_OK + +extern hal_user_t user; + +static uint32_t dfu_offset; + +static int _flash_write_callback(uint8_t *buf, size_t len) +{ + stm_flash_write32(dfu_offset, (uint32_t *)buf, sizeof(buf)/4); + dfu_offset += DFU_UPLOAD_CHUNK_SIZE; + return 1; +} + +static int cmd_bootloader_upload(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + if (user < HAL_USER_SO) { + cli_print(cli, "Permission denied."); + return CLI_ERROR; + } + + uint8_t buf[DFU_UPLOAD_CHUNK_SIZE]; + dfu_offset = DFU_BOOTLOADER_ADDR; + + cli_receive_data(cli, buf, sizeof(buf), _flash_write_callback); + + cli_print(cli, "DFU offset now: %li (%li chunks)", dfu_offset, dfu_offset / DFU_UPLOAD_CHUNK_SIZE); + return CLI_OK; +} + +void configure_cli_bootloader(struct cli_def *cli) +{ + cli_command_root(bootloader); + + cli_command_node(bootloader, upload, "Upload new bootloader image"); +} diff --git a/projects/hsm/mgmt-bootloader.h b/projects/hsm/mgmt-bootloader.h new file mode 100644 index 0000000..31dbefc --- /dev/null +++ b/projects/hsm/mgmt-bootloader.h @@ -0,0 +1,51 @@ +/* + * mgmt-bootloader.h + * --------------- + * Management CLI bootloader upgrade code. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_BOOTLOADER_H +#define __STM32_CLI_MGMT_BOOTLOADER_H + +#include + +/* symbols defined in the linker script (STM32F429BI_bootloader.ld) */ +extern uint32_t CRYPTECH_BOOTLOADER_START; +extern uint32_t CRYPTECH_BOOTLOADER_END; +extern uint32_t CRYPTECH_DFU_CONTROL; + +#define DFU_BOOTLOADER_ADDR ((uint32_t) &CRYPTECH_BOOTLOADER_START) +#define DFU_BOOTLOADER_END_ADDR ((uint32_t) &CRYPTECH_BOOTLOADER_END) +#define DFU_UPLOAD_CHUNK_SIZE 4096 + +extern void configure_cli_bootloader(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_BOOTLOADER_H */ diff --git a/projects/hsm/mgmt-cli.c b/projects/hsm/mgmt-cli.c index 7789dd1..eeeaef5 100644 --- a/projects/hsm/mgmt-cli.c +++ b/projects/hsm/mgmt-cli.c @@ -43,7 +43,8 @@ #include "stm-led.h" #include "mgmt-cli.h" -#include "mgmt-dfu.h" +#include "mgmt-firmware.h" +#include "mgmt-bootloader.h" #include "mgmt-fpga.h" #include "mgmt-misc.h" #include "mgmt-show.h" @@ -235,6 +236,7 @@ static int check_auth(const char *username, const char *password) if (hal_rpc_login(client, user, password, strlen(password)) == LIBHAL_OK) return CLI_OK; + user = HAL_USER_NONE; return CLI_ERROR; } @@ -250,7 +252,8 @@ int cli_main(void) configure_cli_show(&cli); configure_cli_fpga(&cli); configure_cli_misc(&cli); - configure_cli_dfu(&cli); + configure_cli_firmware(&cli); + configure_cli_bootloader(&cli); configure_cli_keystore(&cli); configure_cli_masterkey(&cli); @@ -258,6 +261,7 @@ int cli_main(void) embedded_cli_loop(&cli); /* embedded_cli_loop returns when the user enters 'quit' or 'exit' */ cli_print(&cli, "\nLogging out...\n"); + user = HAL_USER_NONE; } /*NOTREACHED*/ diff --git a/projects/hsm/mgmt-firmware.c b/projects/hsm/mgmt-firmware.c new file mode 100644 index 0000000..1a0e184 --- /dev/null +++ b/projects/hsm/mgmt-firmware.c @@ -0,0 +1,69 @@ +/* + * mgmt-firmware.c + * --------------- + * CLI code for managing the loaded firmware. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#define HAL_OK CMSIS_HAL_OK +#include "stm-init.h" +#include "mgmt-cli.h" +#include "stm-uart.h" +#include "stm-flash.h" + +#undef HAL_OK +#define HAL_OK LIBHAL_OK +#include "hal.h" +#undef HAL_OK + +extern hal_user_t user; + +static int cmd_firmware_upload(struct cli_def *cli, const char *command, char *argv[], int argc) +{ + if (user < HAL_USER_SO) { + cli_print(cli, "Permission denied."); + return CLI_ERROR; + } + + /* reboot and let the bootloader handle the upload */ + cli_print(cli, "\n\n\nRebooting\n\n\n"); + HAL_NVIC_SystemReset(); + + /*NOTREACHED*/ + return CLI_OK; +} + +void configure_cli_firmware(struct cli_def *cli) +{ + cli_command_root(firmware); + + cli_command_node(firmware, upload, "Upload new firmware image"); +} diff --git a/projects/hsm/mgmt-firmware.h b/projects/hsm/mgmt-firmware.h new file mode 100644 index 0000000..af7c67c --- /dev/null +++ b/projects/hsm/mgmt-firmware.h @@ -0,0 +1,42 @@ +/* + * mgmt-firmware.h + * --------------- + * Management CLI Device Firmware Upgrade code. + * + * Copyright (c) 2016, NORDUnet A/S All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are + * met: + * - Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of the NORDUnet nor the names of its contributors may + * be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __STM32_CLI_MGMT_FIRMWARE_H +#define __STM32_CLI_MGMT_FIRMWARE_H + +#include + +extern void configure_cli_firmware(struct cli_def *cli); + +#endif /* __STM32_CLI_MGMT_FIRMWARE_H */ diff --git a/projects/hsm/mgmt-fpga.c b/projects/hsm/mgmt-fpga.c index b6eea3d..b74392e 100644 --- a/projects/hsm/mgmt-fpga.c +++ b/projects/hsm/mgmt-fpga.c @@ -32,6 +32,8 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* Rename both CMSIS HAL_OK and libhal HAL_OK to disambiguate */ +#define HAL_OK CMSIS_HAL_OK #include "stm-init.h" #include "stm-uart.h" #include "stm-fpgacfg.h" @@ -40,9 +42,16 @@ #include "mgmt-fpga.h" #include "mgmt-misc.h" +#undef HAL_OK +#define HAL_OK LIBHAL_OK +#include "hal.h" +#undef HAL_OK + #include +extern hal_user_t user; + static volatile uint32_t dfu_offset = 0; @@ -54,6 +63,11 @@ static int _flash_write_callback(uint8_t *buf, size_t len) { static int cmd_fpga_bitstream_upload(struct cli_def *cli, const char *command, char *argv[], int argc) { + if (user < HAL_USER_SO) { + cli_print(cli, "Permission denied."); + return CLI_ERROR; + } + uint8_t buf[BITSTREAM_UPLOAD_CHUNK_SIZE]; dfu_offset = 0; -- cgit v1.2.3