diff options
Diffstat (limited to 'bin/cryptech_upload')
| -rwxr-xr-x | bin/cryptech_upload | 294 |
1 files changed, 294 insertions, 0 deletions
diff --git a/bin/cryptech_upload b/bin/cryptech_upload new file mode 100755 index 0000000..680a0ac --- /dev/null +++ b/bin/cryptech_upload @@ -0,0 +1,294 @@ +#!/usr/bin/env python +# +# Copyright (c) 2016, NORDUnet A/S All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +Utility to upload a new firmware image or FPGA bitstream. +""" + +import os +import sys +import time +import struct +import serial +import getpass +import os.path +import tarfile +import argparse +import platform + +from binascii import crc32 + +FIRMWARE_CHUNK_SIZE = 4096 +FPGA_CHUNK_SIZE = 4096 + + +def parse_args(): + """ + Parse the command line arguments + """ + + share_directory = "/usr/share" if platform.system() == "Linux" else "/usr/local/share" + + default_tarball = os.path.join(share_directory, "cryptech-alpha-firmware.tar.gz") + + if not os.path.exists(default_tarball): + default_tarball = None + + parser = argparse.ArgumentParser(description = __doc__, + formatter_class = argparse.ArgumentDefaultsHelpFormatter, + ) + + parser.add_argument("-d", "--device", + default = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE", "/dev/ttyUSB0"), + help = "Name of management port USB serial device", + ) + + parser.add_argument("--firmware-tarball", + type = argparse.FileType("rb"), + default = default_tarball, + help = "Location of firmware tarball", + ) + + parser.add_argument("--username", + choices = ("so", "wheel"), + default = "so", + help = "Username to use when logging into the HSM", + ) + + actions = parser.add_mutually_exclusive_group(required = True) + actions.add_argument("--fpga", + action = "store_true", + help = "Upload FPGA bitstream", + ) + actions.add_argument("--firmware", "--hsm", + action = "store_true", + help = "Upload HSM firmware image", + ) + actions.add_argument("--bootloader", + action = "store_true", + help = "Upload bootloader image (dangerous!)", + ) + + parser.add_argument("--simon-says-whack-my-bootloader", + action = "store_true", + help = "Confirm that you really want to risk bricking the HSM", + ) + + parser.add_argument("-i", "--explicit-image", + type = argparse.FileType("rb"), + help = "Explicit source image file for upload, overrides firmware tarball") + + return parser.parse_args() + + +def _write(dst, data): + dst.write(data) + #if len(data) == 4: + # print("Wrote 0x{!s}".format(data.encode("hex"))) + #else: + # print("Wrote {!r}".format(data)) + + +def _read(dst): + res = "" + x = dst.read(1) + while not x: + x = dst.read(1) + while x: + res += x + x = dst.read(1) + #print ("Read {!r}".format(res)) + return res + +wheel_pin = 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding' + +def _execute(dst, cmd): + global wheel_pin + pin = None + if args.username == 'wheel': + pin = wheel_pin + _write(dst, "\r") + prompt = _read(dst) + if prompt.endswith("Username: "): + _write(dst, args.username + "\r") + prompt = _read(dst) + if prompt.endswith("Password: "): + if not pin: + pin = getpass.getpass("{} PIN: ".format(args.username)) + _write(dst, pin + "\r") + prompt = _read(dst) + if not prompt.endswith(("> ", "# ")): + print("Device does not seem to be ready for a file transfer (got {!r})".format(prompt)) + return prompt + _write(dst, cmd + "\r") + response = _read(dst) + return response + +def send_file(src, size, args, dst): + if args.fpga: + chunk_size = FPGA_CHUNK_SIZE + response = _execute(dst, "fpga bitstream upload") + elif args.firmware: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "firmware upload") + if "Rebooting" in response: + response = _execute(dst, "firmware upload") + elif args.bootloader: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "bootloader upload") + if "Access denied" in response: + print "Access denied" + return False + if not "OK" in response: + print("Device did not accept the upload command (got {!r})".format(response)) + return False + + crc = 0 + counter = 0 + # 1. Write size of file (4 bytes) + _write(dst, struct.pack("<I", size)) + response = _read(dst) + if not response.startswith("Send "): + print response + return False + + # 2. Write file contents while calculating CRC-32 + while True: + data = src.read(chunk_size) + if not data: + break + dst.write(data) + print("Wrote {!s} bytes (chunk {!s}/{!s})".format(len(data), counter, int(size / chunk_size))) + # read ACK (a counter of number of 4k chunks received) + while True: + ack_bytes = dst.read(4) + if len(ack_bytes) == 4: + break + print("ERROR: Did not receive an ACK, got {!r}".format(ack_bytes)) + dst.write("\r") # eventually get back to the CLI prompt + ack = struct.unpack("<I", ack_bytes)[0] + if ack != counter + 1: + print("ERROR: Did not receive the expected counter as ACK (got {!r}/{!r}, not {!r})".format(ack, ack_bytes, counter)) + flush = dst.read(100) + print("FLUSH data: {!r}".format(flush)) + return False + counter += 1 + + crc = crc32(data, crc) & 0xffffffff + + _read(dst) + + # 3. Write CRC-32 (4 bytes) + _write(dst, struct.pack("<I", crc)) + response = _read(dst) + print response + + src.close() + + if args.fpga: + # tell the fpga to read its new configuration + _execute(dst, "fpga reset") + + if args.fpga or args.bootloader: + # log out of the CLI + # firmware upgrade reboots, doesn't need an exit + _execute(dst, "exit") + + return True + + +dire_bootloader_warning = ''' + WARNING + +Updating the bootloader risks bricking your HSM! If something goes +badly wrong here, or you upload a bad bootloader image, you will not +be able to recover without an ST-LINK programmer. + +In most cases a normal "--firmware" upgrade should be all that is +necessary to bring your HSM up to date, there is seldom any real need +to update the bootloader. + +Do not proceed with this unless you REALLY know what you are doing. + +If you got here by accident, ^C now, without answering the PIN prompt. +''' + + +def main(): + global args + args = parse_args() + + if args.bootloader and not args.simon_says_whack_my_bootloader: + sys.exit("You didn't say \"Simon says\"") + + if args.bootloader: + print dire_bootloader_warning + + if args.explicit_image is None and args.firmware_tarball is None: + sys.exit("No source file specified for upload and firmware tarball not found") + + if args.explicit_image: + src = args.explicit_image # file-like object, thanks to argparse + size = os.fstat(src.fileno()).st_size + if size == 0: # Flashing from stdin won't work, sorry + sys.exit("Can't flash from a pipe or zero-length file") + print "Uploading from explicitly-specified file {}".format(args.explicit_image.name) + + else: + tar = tarfile.open(fileobj = args.firmware_tarball) + print "Firmware tarball {} content:".format(args.firmware_tarball.name) + tar.list(True) + if args.fpga: + name = "alpha_fmc.bit" + elif args.firmware: + name = "hsm.bin" + elif args.bootloader: + name = "bootloader.bin" + else: + # Somebody updated other part of this script without updating this part :( + sys.exit("Don't know which component to select from firmware tarball, sorry") + try: + size = tar.getmember(name).size + except KeyError: + sys.exit("Expected component {} missing from firmware tarball {}".format(name, args.firmware_tarball.name)) + src = tar.extractfile(name) + print "Uploading {} from {}".format(name, args.firmware_tarball.name) + + print "Initializing serial port and synchronizing with HSM, this may take a few seconds" + dst = serial.Serial(args.device, 921600, timeout = 2) + send_file(src, size, args, dst) + dst.close() + + +if __name__ == "__main__": + try: + main() + except KeyboardInterrupt: + pass |