forked from commaai/panda
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbootstub.c
More file actions
98 lines (77 loc) · 2.16 KB
/
bootstub.c
File metadata and controls
98 lines (77 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
#define VERS_TAG 0x53524556
#define MIN_VERSION 2
// ********************* Includes *********************
#include "flasher.h"
#include "boards/board.h"
#include "config.h"
#include "critical.h"
// platform includes
#ifdef STM32H7
#include "stm32h7/stm32h7_config.h"
#elif defined(STM32F4)
#include "stm32f4/stm32f4_config.h"
#endif
#include "drivers/led.h"
#include "drivers/pwm.h"
#include "drivers/usb.h"
#include "early_init.h"
#include "provision.h"
#include "crypto/rsa.h"
#include "crypto/sha.h"
#include "obj/cert.h"
#include "obj/gitversion.h"
// cppcheck-suppress unusedFunction ; used in headers not included in cppcheck
void __initialize_hardware_early(void) {
early_initialization();
}
void fail(void) {
soft_flasher_start();
}
// know where to sig check
extern void *_app_start[];
// FIXME: sometimes your panda will fail flashing and will quickly blink a single Green LED
// BOUNTY: $200 coupon on shop.comma.ai or $100 check.
int main(void) {
// Init interrupt table
init_interrupts(true);
disable_interrupts();
clock_init();
detect_board_type();
#ifdef PANDA_JUNGLE
current_board->set_panda_power(true);
#endif
if (enter_bootloader_mode == ENTER_SOFTLOADER_MAGIC) {
enter_bootloader_mode = 0;
soft_flasher_start();
}
// validate length
int len = (int)_app_start[0];
if ((len < 8) || (len > (0x1000000 - 0x4000 - 4 - RSANUMBYTES))) goto fail;
// compute SHA hash
uint8_t digest[SHA_DIGEST_SIZE];
SHA_hash(&_app_start[1], len-4, digest);
// verify version, last bytes in the signed area
uint32_t vers[2] = {0};
memcpy(&vers, ((void*)&_app_start[0]) + len - sizeof(vers), sizeof(vers));
if (vers[0] != VERS_TAG || vers[1] < MIN_VERSION) {
goto fail;
}
// verify RSA signature
if (RSA_verify(&release_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
goto good;
}
// allow debug if built from source
#ifdef ALLOW_DEBUG
if (RSA_verify(&debug_rsa_key, ((void*)&_app_start[0]) + len, RSANUMBYTES, digest, SHA_DIGEST_SIZE)) {
goto good;
}
#endif
// here is a failure
fail:
fail();
return 0;
good:
// jump to flash
((void(*)(void)) _app_start[1])();
return 0;
}