You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by GitBox <gi...@apache.org> on 2019/10/22 14:10:39 UTC
[GitHub] [mynewt-core] agross-korg commented on a change in pull request
#2061: Fixup OTP provisioning script and secure boot process
agross-korg commented on a change in pull request #2061: Fixup OTP provisioning script and secure boot process
URL: https://github.com/apache/mynewt-core/pull/2061#discussion_r337540254
##########
File path: hw/mcu/dialog/da1469x/src/hal_system_start.c
##########
@@ -61,3 +70,91 @@ hal_system_restart(void *img_start)
hal_system_start(img_start);
}
+
+#if MYNEWT_VAL(BOOT_CUSTOM_START) && MCUBOOT_MYNEWT
+#define IMAGE_TLV_AES_NONCE 0x50
+#define IMAGE_TLV_SECRET_ID 0x60
+
+sec_text_ram_core void
+boot_custom_start(uintptr_t flash_base, struct boot_rsp *rsp)
+{
+ int rc;
+ struct image_tlv_iter it;
+ const struct flash_area *fap;
+ uint32_t off;
+ uint16_t len;
+ uint8_t type;
+ uint8_t buf[16];
+ uint8_t key;
+ uint32_t nonce[2];
+ bool has_aes_nonce;
+ bool has_secret_id;
+ DMA_Type *dma_regs = DMA;
+ uint32_t jump_addr = flash_base + rsp->br_image_off +
+ rsp->br_hdr->ih_hdr_size;
+
+ BOOT_LOG_INF("Custom initialization");
+
+ rc = flash_area_open(flash_area_id_from_image_slot(0), &fap);
+ assert(rc == 0);
+
+ rc = bootutil_tlv_iter_begin(&it, rsp->br_hdr, fap, IMAGE_TLV_ANY, true);
+ assert(rc == 0);
+
+ has_aes_nonce = has_secret_id = false;
+ while (true) {
+ rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
+ assert(rc >= 0);
+
+ if (rc > 0) {
+ break;
+ }
+
+ if (type == IMAGE_TLV_AES_NONCE) {
+ assert(len == 8);
+
+ rc = flash_area_read(fap, off, buf, len);
+ assert(rc == 0);
+
+ BOOT_LOG_INF("NONCE=[0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x, 0x%02x]",
+ buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
+
+ nonce[0] = __builtin_bswap32(*(uint32_t *)buf);
+ nonce[1] = __builtin_bswap32(*(uint32_t *)(buf + 4));
+ has_aes_nonce = true;
+ } else if (type == IMAGE_TLV_SECRET_ID) {
+ assert(len == 4);
+
+ rc = flash_area_read(fap, off, buf, len);
+ assert(rc == 0);
+
+ BOOT_LOG_INF("ID=[0x%02x, 0x%02x, 0x%02x, 0x%02x]",
+ buf[0], buf[1], buf[2], buf[3]);
+
+ key = buf[0];
+ has_secret_id = true;
+ }
+ }
+
+ assert(has_aes_nonce && has_secret_id);
+
+ /* securely DMA hardware key from secret storage to QSPI decrypt engine */
+ QSPIC->QSPIC_CTR_CTRL_REG = 0;
+ QSPIC->QSPIC_CTR_SADDR_REG = rsp->br_image_off +
+ rsp->br_hdr->ih_hdr_size;
+ QSPIC->QSPIC_CTR_EADDR_REG = QSPIC->QSPIC_CTR_SADDR_REG +
+ rsp->br_hdr->ih_img_size - 1;
+ dma_regs->DMA7_A_START_REG = MCU_OTPM_BASE + 0xb00 + (32 * key);
+ dma_regs->DMA7_B_START_REG = QSPIC->QSPIC_CTR_KEY_0_3_REG;
+ dma_regs->DMA7_LEN_REG = 8;
+ dma_regs->DMA7_CTRL_REG = 0x35;
Review comment:
I'll check the CMSIS to see if they have bitwise #defines.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services