aboutsummaryrefslogtreecommitdiff
path: root/bin/cryptech_upload
diff options
context:
space:
mode:
authorFredrik Thulin <fredrik@thulin.net>2016-08-11 10:14:11 +0200
committerFredrik Thulin <fredrik@thulin.net>2016-08-11 10:14:11 +0200
commitad0703886a80ba9e3eec0eb023243f691d53de75 (patch)
tree50c7efd2a39b2a08a9074d9e0a29c79338445a04 /bin/cryptech_upload
parent39c948094d40a67ee1e6b019636e77185655a5f4 (diff)
import from local directory
Diffstat (limited to 'bin/cryptech_upload')
-rwxr-xr-xbin/cryptech_upload294
1 files changed, 294 insertions, 0 deletions
diff --git a/bin/cryptech_upload b/bin/cryptech_upload
new file mode 100755
index 0000000..680a0ac
--- /dev/null
+++ b/bin/cryptech_upload
@@ -0,0 +1,294 @@
+#!/usr/bin/env python
+#
+# Copyright (c) 2016, NORDUnet A/S All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# - Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# - Neither the name of the NORDUnet nor the names of its contributors may
+# be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+"""
+Utility to upload a new firmware image or FPGA bitstream.
+"""
+
+import os
+import sys
+import time
+import struct
+import serial
+import getpass
+import os.path
+import tarfile
+import argparse
+import platform
+
+from binascii import crc32
+
+FIRMWARE_CHUNK_SIZE = 4096
+FPGA_CHUNK_SIZE = 4096
+
+
+def parse_args():
+ """
+ Parse the command line arguments
+ """
+
+ share_directory = "/usr/share" if platform.system() == "Linux" else "/usr/local/share"
+
+ default_tarball = os.path.join(share_directory, "cryptech-alpha-firmware.tar.gz")
+
+ if not os.path.exists(default_tarball):
+ default_tarball = None
+
+ parser = argparse.ArgumentParser(description = __doc__,
+ formatter_class = argparse.ArgumentDefaultsHelpFormatter,
+ )
+
+ parser.add_argument("-d", "--device",
+ default = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE", "/dev/ttyUSB0"),
+ help = "Name of management port USB serial device",
+ )
+
+ parser.add_argument("--firmware-tarball",
+ type = argparse.FileType("rb"),
+ default = default_tarball,
+ help = "Location of firmware tarball",
+ )
+
+ parser.add_argument("--username",
+ choices = ("so", "wheel"),
+ default = "so",
+ help = "Username to use when logging into the HSM",
+ )
+
+ actions = parser.add_mutually_exclusive_group(required = True)
+ actions.add_argument("--fpga",
+ action = "store_true",
+ help = "Upload FPGA bitstream",
+ )
+ actions.add_argument("--firmware", "--hsm",
+ action = "store_true",
+ help = "Upload HSM firmware image",
+ )
+ actions.add_argument("--bootloader",
+ action = "store_true",
+ help = "Upload bootloader image (dangerous!)",
+ )
+
+ parser.add_argument("--simon-says-whack-my-bootloader",
+ action = "store_true",
+ help = "Confirm that you really want to risk bricking the HSM",
+ )
+
+ parser.add_argument("-i", "--explicit-image",
+ type = argparse.FileType("rb"),
+ help = "Explicit source image file for upload, overrides firmware tarball")
+
+ return parser.parse_args()
+
+
+def _write(dst, data):
+ dst.write(data)
+ #if len(data) == 4:
+ # print("Wrote 0x{!s}".format(data.encode("hex")))
+ #else:
+ # print("Wrote {!r}".format(data))
+
+
+def _read(dst):
+ res = ""
+ x = dst.read(1)
+ while not x:
+ x = dst.read(1)
+ while x:
+ res += x
+ x = dst.read(1)
+ #print ("Read {!r}".format(res))
+ return res
+
+wheel_pin = 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding'
+
+def _execute(dst, cmd):
+ global wheel_pin
+ pin = None
+ if args.username == 'wheel':
+ pin = wheel_pin
+ _write(dst, "\r")
+ prompt = _read(dst)
+ if prompt.endswith("Username: "):
+ _write(dst, args.username + "\r")
+ prompt = _read(dst)
+ if prompt.endswith("Password: "):
+ if not pin:
+ pin = getpass.getpass("{} PIN: ".format(args.username))
+ _write(dst, pin + "\r")
+ prompt = _read(dst)
+ if not prompt.endswith(("> ", "# ")):
+ print("Device does not seem to be ready for a file transfer (got {!r})".format(prompt))
+ return prompt
+ _write(dst, cmd + "\r")
+ response = _read(dst)
+ return response
+
+def send_file(src, size, args, dst):
+ if args.fpga:
+ chunk_size = FPGA_CHUNK_SIZE
+ response = _execute(dst, "fpga bitstream upload")
+ elif args.firmware:
+ chunk_size = FIRMWARE_CHUNK_SIZE
+ response = _execute(dst, "firmware upload")
+ if "Rebooting" in response:
+ response = _execute(dst, "firmware upload")
+ elif args.bootloader:
+ chunk_size = FIRMWARE_CHUNK_SIZE
+ response = _execute(dst, "bootloader upload")
+ if "Access denied" in response:
+ print "Access denied"
+ return False
+ if not "OK" in response:
+ print("Device did not accept the upload command (got {!r})".format(response))
+ return False
+
+ crc = 0
+ counter = 0
+ # 1. Write size of file (4 bytes)
+ _write(dst, struct.pack("<I", size))
+ response = _read(dst)
+ if not response.startswith("Send "):
+ print response
+ return False
+
+ # 2. Write file contents while calculating CRC-32
+ while True:
+ data = src.read(chunk_size)
+ if not data:
+ break
+ dst.write(data)
+ print("Wrote {!s} bytes (chunk {!s}/{!s})".format(len(data), counter, int(size / chunk_size)))
+ # read ACK (a counter of number of 4k chunks received)
+ while True:
+ ack_bytes = dst.read(4)
+ if len(ack_bytes) == 4:
+ break
+ print("ERROR: Did not receive an ACK, got {!r}".format(ack_bytes))
+ dst.write("\r") # eventually get back to the CLI prompt
+ ack = struct.unpack("<I", ack_bytes)[0]
+ if ack != counter + 1:
+ print("ERROR: Did not receive the expected counter as ACK (got {!r}/{!r}, not {!r})".format(ack, ack_bytes, counter))
+ flush = dst.read(100)
+ print("FLUSH data: {!r}".format(flush))
+ return False
+ counter += 1
+
+ crc = crc32(data, crc) & 0xffffffff
+
+ _read(dst)
+
+ # 3. Write CRC-32 (4 bytes)
+ _write(dst, struct.pack("<I", crc))
+ response = _read(dst)
+ print response
+
+ src.close()
+
+ if args.fpga:
+ # tell the fpga to read its new configuration
+ _execute(dst, "fpga reset")
+
+ if args.fpga or args.bootloader:
+ # log out of the CLI
+ # firmware upgrade reboots, doesn't need an exit
+ _execute(dst, "exit")
+
+ return True
+
+
+dire_bootloader_warning = '''
+ WARNING
+
+Updating the bootloader risks bricking your HSM! If something goes
+badly wrong here, or you upload a bad bootloader image, you will not
+be able to recover without an ST-LINK programmer.
+
+In most cases a normal "--firmware" upgrade should be all that is
+necessary to bring your HSM up to date, there is seldom any real need
+to update the bootloader.
+
+Do not proceed with this unless you REALLY know what you are doing.
+
+If you got here by accident, ^C now, without answering the PIN prompt.
+'''
+
+
+def main():
+ global args
+ args = parse_args()
+
+ if args.bootloader and not args.simon_says_whack_my_bootloader:
+ sys.exit("You didn't say \"Simon says\"")
+
+ if args.bootloader:
+ print dire_bootloader_warning
+
+ if args.explicit_image is None and args.firmware_tarball is None:
+ sys.exit("No source file specified for upload and firmware tarball not found")
+
+ if args.explicit_image:
+ src = args.explicit_image # file-like object, thanks to argparse
+ size = os.fstat(src.fileno()).st_size
+ if size == 0: # Flashing from stdin won't work, sorry
+ sys.exit("Can't flash from a pipe or zero-length file")
+ print "Uploading from explicitly-specified file {}".format(args.explicit_image.name)
+
+ else:
+ tar = tarfile.open(fileobj = args.firmware_tarball)
+ print "Firmware tarball {} content:".format(args.firmware_tarball.name)
+ tar.list(True)
+ if args.fpga:
+ name = "alpha_fmc.bit"
+ elif args.firmware:
+ name = "hsm.bin"
+ elif args.bootloader:
+ name = "bootloader.bin"
+ else:
+ # Somebody updated other part of this script without updating this part :(
+ sys.exit("Don't know which component to select from firmware tarball, sorry")
+ try:
+ size = tar.getmember(name).size
+ except KeyError:
+ sys.exit("Expected component {} missing from firmware tarball {}".format(name, args.firmware_tarball.name))
+ src = tar.extractfile(name)
+ print "Uploading {} from {}".format(name, args.firmware_tarball.name)
+
+ print "Initializing serial port and synchronizing with HSM, this may take a few seconds"
+ dst = serial.Serial(args.device, 921600, timeout = 2)
+ send_file(src, size, args, dst)
+ dst.close()
+
+
+if __name__ == "__main__":
+ try:
+ main()
+ except KeyboardInterrupt:
+ pass