add support for using EFMUB1 bootloader and disabling it. no programmer needed

2017-01-28 21:51:02 -05:00 · 2017-01-28 21:51:02 -05:00 · 8931b3205b
commit 8931b3205b
--- a/firmware/inc/app.h
+++ b/firmware/inc/app.h
@ -38,11 +38,15 @@
 #define U2F_MASTER_KEY_SLOT			1
 #define U2F_TEMP_KEY_SLOT			2

+// Uncomment these to fit firmware with a bootloader.
 #define U2F_SUPPORT_WINK
 #define U2F_SUPPORT_HID_LOCK
 #define U2F_SUPPORT_RNG_CUSTOM
 #define U2F_SUPPORT_SEED_CUSTOM
+
+// Uncomment this to make configuration firmware
 //#define ATECC_SETUP_DEVICE
+
 //#define U2F_PRINT
 //#define U2F_BLINK_ERRORS

@ -116,6 +120,8 @@ struct APP_DATA
 #define U2F_CONFIG_LOAD_TRANS_KEY		0x85
 #define U2F_CONFIG_LOAD_WRITE_KEY		0x86
 #define U2F_CONFIG_LOAD_ATTEST_KEY		0x87
+#define U2F_CONFIG_BOOTLOADER			0x88
+#define U2F_CONFIG_BOOTLOADER_DESTROY	0x89

 struct config_msg
 {
--- a/firmware/src/custom.c
+++ b/firmware/src/custom.c
@ -39,8 +39,6 @@ uint8_t custom_command(struct u2f_hid_msg * msg)
 	struct atecc_response res;
 	uint8_t ec;

-	if (msg->cid != U2FHID_BROADCAST) return 0;
-
 	switch(msg->pkt.init.cmd)
 	{
 #ifdef U2F_SUPPORT_RNG_CUSTOM
@ -80,6 +78,29 @@ uint8_t custom_command(struct u2f_hid_msg * msg)

 			break;
 #endif
+		case U2F_CONFIG_BOOTLOADER:
+
+			atecc_send_recv(ATECC_CMD_READ,
+					ATECC_RW_DATA, ATECC_EEPROM_DATA_SLOT(8), NULL, 0,
+					appdata.tmp, sizeof(appdata.tmp), &res);
+
+			if (res.buf[0] == 0xff)
+			{
+				*((uint8_t SI_SEG_DATA *)0x00) = 0xA5;
+				RSTSRC = RSTSRC_SWRSF__SET | RSTSRC_PORSF__SET;
+			}
+
+
+			break;
+		case U2F_CONFIG_BOOTLOADER_DESTROY:
+
+			memset(appdata.tmp,0,4);
+
+			atecc_send_recv(ATECC_CMD_WRITE,
+					ATECC_RW_DATA, ATECC_EEPROM_DATA_SLOT(8), appdata.tmp, 4,
+					appdata.tmp, sizeof(appdata.tmp), &res);
+
+			break;
 		default:
 			return 0;
 	}
--- a/firmware/src/main.c
+++ b/firmware/src/main.c
@ -143,7 +143,7 @@ int16_t main(void) {
 	int8_t grad_inc = 0;
 	int8_t ii;
 	data uint8_t xdata * clear = 0;
-	int8_t i;
+	data int8_t i;

 	enter_DefaultMode_from_RESET();
 	rgb_hex(0);
--- a/tools/u2f_zero_client/client.py
+++ b/tools/u2f_zero_client/client.py
@ -64,6 +64,8 @@ class commands:
    U2F_CONFIG_LOAD_TRANS_KEY = 0x85
    U2F_CONFIG_LOAD_WRITE_KEY = 0x86
    U2F_CONFIG_LOAD_ATTEST_KEY = 0x87
+    U2F_CONFIG_BOOTLOADER = 0x88
+    U2F_CONFIG_BOOTLOADER_DESTROY = 0x89

    U2F_CUSTOM_RNG = 0x21
    U2F_CUSTOM_SEED = 0x22
@ -82,6 +84,8 @@ if len(sys.argv) not in [2,3,4,5,6]:
    print('     wipe: wipe all registered keys on U2F Zero.  Must also press button 5 times.  Not reversible.')
    print('     list: list all connected U2F Zero tokens.')
    print('     wink: blink the LED')
+    print('     bootloader: put device in bootloader mode')
+    print('     bootloader-destroy: permanently disable the bootloader')
    sys.exit(1)

 def open_u2f(SN=None):
@ -198,10 +202,10 @@ def do_configure(h,pemkey,output):

    time.sleep(0.250)

-    h.write([0,commands.U2F_CONFIG_GENKEY])
-    data = read_n_tries(h,5,64,1000)
-    data = array.array('B',data).tostring()
-    pubkey = binascii.hexlify(data)
+    #h.write([0,commands.U2F_CONFIG_GENKEY])
+    #data = read_n_tries(h,5,64,1000)
+    #data = array.array('B',data).tostring()
+    #pubkey = binascii.hexlify(data)

    wkey = [random.randint(0,255)&0xff for x in range(0,32)]
    rkey = [random.randint(0,255)&0xff for x in range(0,32)]
@ -212,6 +216,7 @@ def do_configure(h,pemkey,output):


    wkey = get_write_mask(''.join([chr(x) for x in wkey]))
+    print('wkey',wkey)
    rkey = get_write_mask(''.join([chr(x) for x in rkey]))


@ -232,10 +237,26 @@ def do_configure(h,pemkey,output):


    print('writing keys to ', output)
-    print(data)
-    open(output,'w+').write(pubkey +'\n' + wkey + '\n' + rkey)
+    open(output,'w+').write(wkey + '\n' + rkey)
+
+    print( 'Done.  Putting device in bootloader mode.')
+    h.write([0,commands.U2F_CONFIG_BOOTLOADER])
+    data = read_n_tries(h,5,64,1000)
+    if data[1] != 1:
+        die('failed to put device in bootloader mode.')
+
+def bootloader(h):
+    h.write([0,commands.U2F_CONFIG_BOOTLOADER])
+    h.write([0,0xff,0xff,0xff,0xff,commands.U2F_CONFIG_BOOTLOADER])
+    print('If this device has an enabled bootloader, the LED should be turned off.')
+
+
+def bootloader_destroy(h):
+    h.write([0,commands.U2F_CONFIG_BOOTLOADER_DESTROY])
+    h.write([0,0xff,0xff,0xff,0xff,commands.U2F_CONFIG_BOOTLOADER_DESTROY])
+    print('Device bootloader mode removed.  Please double check by running bootloader command.')
+

-    print( 'Done')



@ -335,6 +356,12 @@ if __name__ == '__main__':
    elif action == 'wink':
        h = open_u2f(SN)
        do_wink(h)
+    elif action == 'bootloader':
+        h = open_u2f(SN)
+        bootloader(h)
+    elif action == 'bootloader-destroy':
+        h = open_u2f(SN)
+        bootloader_destroy(h)
    else:
        print( 'error: invalid action: ', action)
        sys.exit(1)