kopia lustrzana https://github.com/solokeys/solo1
store all info in same page, dont use authenticator state
rodzic
d33749fc16
commit
9ac2aa90c3
|
@ -53,7 +53,6 @@ typedef struct
|
||||||
uint16_t key_lens[MAX_KEYS];
|
uint16_t key_lens[MAX_KEYS];
|
||||||
uint8_t key_space[KEY_SPACE_BYTES];
|
uint8_t key_space[KEY_SPACE_BYTES];
|
||||||
uint8_t data_version;
|
uint8_t data_version;
|
||||||
uint8_t flags;
|
|
||||||
} AuthenticatorState_0x01;
|
} AuthenticatorState_0x01;
|
||||||
|
|
||||||
typedef AuthenticatorState_0x01 AuthenticatorState;
|
typedef AuthenticatorState_0x01 AuthenticatorState;
|
||||||
|
|
|
@ -192,8 +192,8 @@ void device_init_button(void)
|
||||||
}
|
}
|
||||||
|
|
||||||
int solo_is_locked(){
|
int solo_is_locked(){
|
||||||
uint8_t flags = ((AuthenticatorState *) STATE1_PAGE_ADDR)->flags;
|
uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
|
||||||
return (flags & SOLO_FLAG_LOCKED) != 0;
|
return (device_settings & SOLO_FLAG_LOCKED) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/** device_migrate
|
/** device_migrate
|
||||||
|
@ -211,18 +211,20 @@ static void device_migrate(){
|
||||||
extern uint8_t attestation_solo_cert_der[];
|
extern uint8_t attestation_solo_cert_der[];
|
||||||
extern uint8_t attestation_hacker_cert_der[];
|
extern uint8_t attestation_hacker_cert_der[];
|
||||||
|
|
||||||
AuthenticatorState state;
|
uint64_t device_settings = ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings;
|
||||||
authenticator_read_state(&state);
|
uint32_t configure_tag = (uint32_t)(device_settings >> 32);
|
||||||
if (state.flags == 0xFF)
|
|
||||||
|
if (configure_tag != ATTESTATION_CONFIGURED_TAG)
|
||||||
{
|
{
|
||||||
printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
|
printf1(TAG_RED,"Migrating certificate and lock information to data segment.\r\n");
|
||||||
// do migrate.
|
|
||||||
state.flags = 0;
|
device_settings = ATTESTATION_CONFIGURED_TAG;
|
||||||
|
device_settings <<= 32;
|
||||||
|
|
||||||
// Read current device lock level.
|
// Read current device lock level.
|
||||||
uint32_t optr = FLASH->OPTR;
|
uint32_t optr = FLASH->OPTR;
|
||||||
if ((optr & 0xff) != 0xAA){
|
if ((optr & 0xff) != 0xAA){
|
||||||
state.flags |= SOLO_FLAG_LOCKED;
|
device_settings |= SOLO_FLAG_LOCKED;
|
||||||
}
|
}
|
||||||
|
|
||||||
uint8_t tmp_attestation_key[32];
|
uint8_t tmp_attestation_key[32];
|
||||||
|
@ -273,9 +275,10 @@ static void device_migrate(){
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Save.
|
// Save / done.
|
||||||
authenticator_write_state(&state,0);
|
flash_write_dword(
|
||||||
authenticator_write_state(&state,1);
|
(uint32_t) & ((flash_attestation_page *)ATTESTATION_PAGE_ADDR)->device_settings,
|
||||||
|
(uint64_t)device_settings);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -67,13 +67,14 @@ typedef struct flash_memory_st flash_memory_st;
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
|
static_assert(sizeof(flash_memory_st) == 256*1024, "Data structure doesn't match flash size");
|
||||||
|
|
||||||
#define ATTESTATION_FORMAT 0x5A01
|
#define ATTESTATION_CONFIGURED_TAG 0xaa551e78
|
||||||
|
|
||||||
struct flash_attestation_page{
|
struct flash_attestation_page{
|
||||||
uint8_t attestation_key[32];
|
uint8_t attestation_key[32];
|
||||||
// DWORD padded.
|
// DWORD padded.
|
||||||
|
uint64_t device_settings;
|
||||||
uint64_t attestation_cert_size;
|
uint64_t attestation_cert_size;
|
||||||
uint8_t attestation_cert[2048 - 32 - 8];
|
uint8_t attestation_cert[2048 - 32 - 8 - 8];
|
||||||
} __attribute__((packed));
|
} __attribute__((packed));
|
||||||
|
|
||||||
typedef struct flash_attestation_page flash_attestation_page;
|
typedef struct flash_attestation_page flash_attestation_page;
|
||||||
|
|
Ładowanie…
Reference in New Issue