forked from 3devo/ChildbusBootloader
-
Notifications
You must be signed in to change notification settings - Fork 4
/
bootloader.cpp
391 lines (327 loc) · 12.2 KB
/
bootloader.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
/*
* Copyright (C) 2017 3devo (http://www.3devo.eu)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <string.h>
#include <stdio.h>
#include "Config.h"
#include "Bus.h"
#include "BaseProtocol.h"
#include "SelfProgram.h"
#include "bootloader.h"
#include "led.hpp"
#include "crash_dump_shared.hpp"
#include "otp.hpp"
#include "power_panic.hpp"
#include "iwdg.hpp"
#include "fan.hpp"
#include "Gpio.h"
extern "C" void _init() {}
struct Commands {
// See also ProtocolCommands in BaseProtocol.h
static const uint8_t GET_HARDWARE_INFO = 0x03;
static const uint8_t START_APPLICATION = 0x05;
static const uint8_t WRITE_FLASH = 0x06;
static const uint8_t FINALIZE_FLASH = 0x07;
static const uint8_t READ_FLASH = 0x08;
static const uint8_t GET_FINGERPRINT = 0x0e;
static const uint8_t COMPUTE_FINGERPRINT = 0x0f;
static const uint8_t READ_OTP = 0x10;
// These were removed and should not be used
static const uint8_t RESERVED_02 = 0x02; ///< POWER_UP_DISPLAY
static const uint8_t RESERVED_04 = 0x04; ///< GET_SERIAL_NUMBER
static const uint8_t RESERVED_09 = 0x09; ///< GET_HARDWARE_REVISION
static const uint8_t RESERVED_0a = 0x0a; ///< GET_NUM_CHILDREN
static const uint8_t RESERVED_0b = 0x0b; ///< SET_CHILD_SELECT
static const uint8_t RESERVED_0d = 0x0d; ///< GET_EXTRA_INFO
static const uint8_t RESERVED_46 = 0x46; ///< RESET
static const uint8_t RESERVED_44 = 0x44; ///< RESET_ADDRESS
};
struct VersionInfoInFlash {
uint8_t hw_compatible_version; uint8_t hw_revision; uint8_t hw_type; uint32_t bl_version;
};
// Put version info into flash, so applications can read this to
// determine the hardware version. The linker puts this at a fixed
// position at the end of flash.
constexpr const struct VersionInfoInFlash version_info __attribute__((__section__(".version"), __used__)) = {
HARDWARE_COMPATIBLE_REVISION,
HARDWARE_REVISION,
INFO_HW_TYPE,
BL_VERSION,
};
struct __attribute__((packed)) ApplicationStartupArguments {
uint8_t modbus_address;
};
struct ApplicationStartupArguments application_startup_arguments __attribute__((__section__(".app_args"), __used__)) = {
.modbus_address = 0xFF,
};
// Check that the version info size used by the linker (which must be
// hardcoded...) is correct.
static_assert(sizeof(version_info) == VERSION_SIZE, "Version section has wrong size?");
// Exit the bootloader
// Either check the internal unsalted fingerprint
// or get salt and fingerprint from buddy
volatile bool bootloaderExit = false; ///< Exit with check of the internal fingerprint
volatile bool bootloaderFingerprintMatch = false; ///< True if fingerprint was checked by buddy
// Note that we must buffer a full erase page size (not smaller), since
// we must know at the start of an erase page whether any byte in the
// entire page is changed to decide whether or not to erase.
static uint8_t writeBuffer[FLASH_ERASE_SIZE];
static uint32_t nextWriteAddress = 0;
// Helper function that is declared but not defined, to allow
// semi-static assertions (where input to a check is not really const,
// but can be derived by the optimizer, so if the check passes, the call
// to this function is optimized away, and if not, produces a linker
// error).
void compiletime_check_failed();
// Disable compile-time check (doesn't work on gcc 7 without LTO)
void compiletime_check_failed() {}
static bool equalToFlash(uint32_t address, uint16_t len) {
uint16_t offset = 0;
while (len > 0) {
if (writeBuffer[offset] != SelfProgram::readByte(address + offset))
return false;
--len;
++offset;
}
return true;
}
static uint8_t commitToFlash(uint32_t address, uint16_t len) {
// If nothing needs to be changed, then don't
if (equalToFlash(address, len))
return 0;
uint16_t offset = 0;
while (len > 0) {
uint16_t pageLen = len < FLASH_WRITE_SIZE ? len : FLASH_WRITE_SIZE;
uint8_t err = SelfProgram::writePage(address + offset, &writeBuffer[offset], pageLen);
if (err)
return err;
len -= pageLen;
offset += pageLen;
}
return 0;
}
static cmd_result handleWriteFlash(uint32_t address, uint8_t *data, uint16_t len, uint8_t *dataout) {
if (address == 0)
nextWriteAddress = 0;
// Only consecutive writes are supported
if (address != nextWriteAddress)
return cmd_result(Status::INVALID_ARGUMENTS);
nextWriteAddress += len;
while (address < nextWriteAddress) {
writeBuffer[address % sizeof(writeBuffer)] = *data;
++data;
++address;
if (address % sizeof(writeBuffer) == 0) {
uint8_t err = commitToFlash(address - sizeof(writeBuffer), sizeof(writeBuffer));
if (err) {
dataout[0] = err;
return cmd_result(Status::COMMAND_FAILED, 1);
}
}
}
return cmd_ok();
}
/**
* @brief Get revision from datamatrix from OTP.
* @return revision number (only VV field of datamatrix, no factorify ID)
*/
uint8_t get_revision() {
OTP_v5 otp = get_OTP_data();
if (otp.version != 5) {
return 0;
}
if ((otp.datamatrix[4] != '-') // Separator between factorify product ID and revision
|| (otp.datamatrix[5] < '0') || (otp.datamatrix[5] > '9') // Revision is two decimal digits
|| (otp.datamatrix[6] < '0') || (otp.datamatrix[6] > '9')) {
return 0;
}
return (otp.datamatrix[5] - '0') * 10 + (otp.datamatrix[6] - '0');
}
/**
* @brief Read FLASH or read OTP.
* @param cmd either Commands::READ_FLASH or Commands::READ_OTP
* @param datain input data
* @param len number of bytes in datain
* @param dataout response output data
* @param maxLen max number of bytes in dataout
* @return command result, possibly with number of used bytes in dataout
*/
cmd_result readMemory(uint8_t cmd, uint8_t *datain, uint8_t len, uint8_t *dataout, uint8_t maxLen) {
if (len != 4+1)
return cmd_result(Status::INVALID_ARGUMENTS);
uint32_t address = datain[0] << 24 | datain[1] << 16 | datain[2] << 8 | datain[3];
uint8_t readlen = datain[4];
uint32_t memOffset;
uint32_t memSize;
if (cmd == Commands::READ_FLASH) {
memSize = APPLICATION_SIZE;
memOffset = FLASH_BASE + FLASH_APP_OFFSET;
} else {
memSize = OTP_SIZE;
memOffset = OTP_START_ADDR;
}
if ((readlen > maxLen) || ((address + readlen) > memSize)) {
return cmd_result(Status::INVALID_ARGUMENTS);
}
if (cmd == Commands::READ_FLASH) {
memcpy(dataout, (uint8_t*)(memOffset + address), readlen);
} else {
read_otp(address, dataout, readlen);
}
return cmd_ok(readlen);
}
cmd_result processCommand(uint8_t cmd, uint8_t *datain, uint8_t len, uint8_t *dataout, uint8_t maxLen) {
if (maxLen < 5)
compiletime_check_failed();
switch (cmd) {
case Commands::GET_HARDWARE_INFO: {
if (len != 0)
return cmd_result(Status::INVALID_ARGUMENTS);
const size_t hw_info_size = 11;
if (maxLen < hw_info_size)
compiletime_check_failed();
// Type 42 dwarf or type 43 modular bed
static_assert(sizeof(INFO_HW_TYPE) == sizeof(uint8_t), "INFO_HW_TYPE won't fit to 1 byte!");
dataout[0] = INFO_HW_TYPE;
// Hardware revision
uint16_t hardware_revision = get_revision();
dataout[1] = hardware_revision >> 8;
dataout[2] = hardware_revision;
// Bootloader version as a commit counter, MSB
uint32_t bl_version = BL_VERSION;
dataout[3] = bl_version >> 24;
dataout[4] = bl_version >> 16;
dataout[5] = bl_version >> 8;
dataout[6] = bl_version;
// Available flash size is up to startApplication, MSB
uint32_t size = SelfProgram::applicationSize;
dataout[7] = size >> 24;
dataout[8] = size >> 16;
dataout[9] = size >> 8;
dataout[10] = size;
return cmd_ok(hw_info_size);
}
case Commands::START_APPLICATION:
if (len == 0) { // No fingerprint, need to check internal fingerprint
bootloaderFingerprintMatch = false;
bootloaderExit = true;
} else if (len == (sizeof(SelfProgram::appFwFingerprintSalt) + sizeof(SelfProgram::appFwFingerprint))) { // Check with fingerprint that was already calculated
if (((static_cast<uint32_t>(datain[0]) << 24 | datain[1] << 16 | datain[2] << 8 | datain[3]) == SelfProgram::appFwFingerprintSalt)
&& (memcmp(SelfProgram::appFwFingerprint, &datain[4], sizeof(SelfProgram::appFwFingerprint)) == 0)) {
bootloaderFingerprintMatch = true;
}
bootloaderExit = true;
} else {
return cmd_result(Status::INVALID_ARGUMENTS);
}
dataout[0] = bootloaderFingerprintMatch; // Report if fingerprint calculation is skipped
return cmd_ok(1);
case Commands::WRITE_FLASH:
{
if (len < 4)
return cmd_result(Status::INVALID_ARGUMENTS);
uint32_t address = datain[0] << 24 | datain[1] << 16 | datain[2] << 8 | datain[3];
return handleWriteFlash(address, datain + 4, len - 4, dataout);
}
case Commands::FINALIZE_FLASH:
{
if (len != 0)
return cmd_result(Status::INVALID_ARGUMENTS);
uint32_t pageAddress = nextWriteAddress & ~(sizeof(writeBuffer) - 1);
uint8_t err = commitToFlash(pageAddress, nextWriteAddress - pageAddress);
if (err) {
dataout[0] = err;
return cmd_result(Status::COMMAND_FAILED, 1);
} else {
dataout[0] = SelfProgram::eraseCount;
SelfProgram::eraseCount = 0;
return cmd_ok(1);
}
}
case Commands::READ_FLASH:
case Commands::READ_OTP:
return readMemory(cmd, datain, len, dataout, maxLen);
case Commands::GET_FINGERPRINT: {
uint8_t offset = 0;
uint8_t size = sizeof(SelfProgram::appFwFingerprint);
if (len == 2) { // Buddy wants only a chunk of the fingerprint
offset = datain[0];
size = datain[1];
if ((offset + size) > sizeof(SelfProgram::appFwFingerprint)) {
return cmd_result(Status::INVALID_ARGUMENTS);
}
} else if (len != 0) {
return cmd_result(Status::INVALID_ARGUMENTS);
}
if (!SelfProgram::appFwFingerprintValid)
return cmd_result(Status::COMMAND_FAILED);
memcpy(dataout, &SelfProgram::appFwFingerprint[offset], size);
return cmd_ok(size);
}
case Commands::COMPUTE_FINGERPRINT: {
if (len != 4) {
return cmd_result(Status::INVALID_ARGUMENTS);
}
SelfProgram::appFwFingerprintSalt = datain[0] << 24 | datain[1] << 16 | datain[2] << 8 | datain[3];
SelfProgram::calculateSaltedFingerprint(SelfProgram::appFwFingerprintSalt);
return cmd_ok();
}
default:
return cmd_result(Status::COMMAND_NOT_SUPPORTED);
}
}
// Used to read the FW_DESCRIPTOR section persistent data, used attribute is to make sure it's not optimized away
__attribute__((used)) const puppy_crash_dump::FWDescriptor * const fw_descriptor
= reinterpret_cast<puppy_crash_dump::FWDescriptor *>(puppy_crash_dump::APP_DESCRIPTOR_OFFSET + FLASH_APP_OFFSET + 0x08000000 );
extern "C" {
void runBootloader() {
ClockInit();
BusInit();
// Configure watchdog
WatchdogStart();
WatchdogReset();
// Avoid doing anything as long as power panic is active
WaitForEndOfPowerPanic();
led::set_rgb(0, 0, 0x0f); // blue: bl is running
StartFan();
bool busy = true;
while (busy || !bootloaderExit) {
#if !defined(BUS_USE_INTERRUPTS)
busy = BusUpdate();
#endif // defined(BUS_USE_INTERRUPTS)
WatchdogReset();
}
//Check with unsalted fingerprint if necessary
if (bootloaderFingerprintMatch == false) {
bootloaderFingerprintMatch = SelfProgram::checkUnsaltedFingerprint(fw_descriptor->fingerprint); // Calculate and check match with fingerprint in descriptors
}
if (fw_descriptor->stored_type == puppy_crash_dump::FWDescriptor::StoredType::crash_dump
|| !bootloaderFingerprintMatch
#if NEEDS_ADDRESS_CHANGE
|| getConfiguredAddress() == INITIAL_ADDRESS
#endif
){
while(true) {
led::set_rgb(0x0f, 0x08, 0x00); // orange: not safe to start
WatchdogReset();
}
}
led::set_rgb(0, 0x0f, 0x0f); // cyan: fw is about to start
application_startup_arguments.modbus_address = getConfiguredAddress();
BusDeinit();
ClockDeinit();
}
}