Merge pull request #356 from Foundation-Devices/SFT-2384-scv-bootloader

SFT-2384: scv bootloader

ports/stm32/boards/Passport/bootloader/Makefile

@@ -14,7 +14,7 @@
 
 include constants.mk
 
-BOOTLOADER_VERSION = 2.0
+BOOTLOADER_VERSION = 2.1
 
 # Toolchain
 TOOLCHAIN = arm-none-eabi-

ports/stm32/boards/Passport/bootloader/factory-test.c

@@ -8,6 +8,7 @@
 #include <stdlib.h>
 #include <limits.h>
 
+#include "flash.h"
 #include "lvgl.h"
 #include "images.h"
 #include "backlight.h"
@@ -591,6 +592,29 @@ void factory_test_external_flash(uint32_t param1, uint32_t param2) {
         return;
     }
 #endif /* if 0 */
+
+    // Copy SCV secret from a temporary location in MCU FLASH memory into the SPI FLASH
+    uint8_t* supply_chain_key = (uint8_t*)USER_SETTINGS_FLASH_ADDR;
+    bool     is_erased        = true;
+    for (uint32_t i = 0; i < 32; i++) {
+        if (supply_chain_key[i] != 0xFF) {
+            is_erased = false;
+        }
+    }
+    if (is_erased) {
+        factory_test_set_result_error(105, "SCV is empty");
+        return;
+    }
+
+    if (!spi_clear_scv_key()) {
+        factory_test_set_result_error(100, "Couldn't remove SCV key from SPI FLASH");
+        return;
+    }
+    if (!spi_set_scv_key(supply_chain_key)) {
+        factory_test_set_result_error(105, "Failed to copy SCV to SPI FLASH");
+        return;
+    }
+
     if (spi_flash_deinit() != HAL_OK) {
         factory_test_set_result_error(100, "spi_deinit() failed");
         return;

ports/stm32/boards/Passport/bootloader/se-atecc608a.c

@@ -11,6 +11,7 @@
 #include <string.h>
 #include <stdio.h>
 
+#include "spiflash.h"
 #include "flash.h"
 #include "hash.h"
 #include "pprng.h"
@@ -195,24 +196,33 @@ int se_setup_config(rom_secrets_t* secrets) {
                     break;
 
                 case KEYNUM_supply_chain: {
-                    // SCV key is in user settings flash
-                    uint8_t* supply_chain_key = (uint8_t*)USER_SETTINGS_FLASH_ADDR;
-                    bool     is_erased        = true;
+                    if (spi_setup() != HAL_OK) {
+                        return -11;
+                    }
+
+                    // Read SCV key from the SPI FLASH
+                    // It was written there by the factory test bootloader
+                    uint8_t supply_chain_key[32] = {0xff,};
+                    if (!spi_get_scv_key(&supply_chain_key[0])) {
+                        return -11;
+                    }
+
+                    bool is_erased = true;
                     for (uint32_t i = 0; i < 32; i++) {
                         if (supply_chain_key[i] != 0xFF) {
                             is_erased = false;
                         }
                     }
 
-                    // If the scv key is not set in flash, then don't proceed, else validation will never work!
+                    // If the scv key is not set in SPI flash, then don't proceed, else validation will never work!
                     if (is_erased) {
                         return -11;
                     }
 
                     int rc = se_write_data_slot(kn, supply_chain_key, 32, false);
 
                     // Always erase the supply chain key, even if the write failed
-                    flash_sector_erase(USER_SETTINGS_FLASH_ADDR);
+                    spi_clear_scv_key();
 
                     if (rc) return -7;
                 } break;

ports/stm32/boards/Passport/bootloader/ui.c

@@ -463,19 +463,17 @@ void ui_draw_wrapped_text(uint16_t x, uint16_t y, uint16_t max_width, char* text
 }
 
 // Show message and then delay or wait for button press
-bool ui_show_message(
-    char* title, char* message, const lv_img_dsc_t* left_btn, const lv_img_dsc_t* right_btn, bool center) {
+bool ui_show_message(char* title, char* message, char* left_btn, char* right_btn, bool center) {
     return ui_show_message_color(title, message, left_btn, right_btn, center, COLOR_BLACK, COLOR_WHITE);
 }
 
-// Show message and then delay or wait for button press
-bool ui_show_message_color(char*               title,
-                           char*               message,
-                           const lv_img_dsc_t* left_btn,
-                           const lv_img_dsc_t* right_btn,
-                           bool                center,
-                           uint16_t            header_text_color,
-                           uint16_t            header_bg_color) {
+bool ui_show_message_color(char*    title,
+                           char*    message,
+                           char*    left_btn,
+                           char*    right_btn,
+                           bool     center,
+                           uint16_t header_text_color,
+                           uint16_t header_bg_color) {
     bool exit             = false;
     bool result           = false;
     bool is_left_pressed  = false;
@@ -555,15 +553,15 @@ void ui_show_fatal_error(char* error) {
     while (true) {
         if (show_error) {
             // Show the error
-            if (ui_show_message("Fatal Error", error, &ICON_EMAIL, &ICON_SHUTDOWN, true)) {
+            if (ui_show_message("Fatal Error", error, "Contact Us", "Shutdown", true)) {
                 display_clean_shutdown();
             } else {
                 show_error = false;
             }
         } else {
             // Show Contact Info
-            if (ui_show_message("Contact", "\nContact us at:\n\[email protected]", &ICON_BACK,
-                                &ICON_SHUTDOWN, true)) {
+            if (ui_show_message("Contact", "\nContact us at:\n\[email protected]", "Back",
+                                "Shutdown", true)) {
                 display_clean_shutdown();
             } else {
                 show_error = true;
@@ -575,7 +573,7 @@ void ui_show_fatal_error(char* error) {
 void ui_show_hex_buffer(char* title, uint8_t* data, uint32_t length) {
     char buf[512];
     bytes_to_hex_str(data, length, buf, 8, "\n");
-    ui_show_message(title, buf, &ICON_SHUTDOWN, &ICON_CHECKMARK, true);
+    ui_show_message(title, buf, "Shutdown", "OK", true);
 }
 
 #endif /* FACTORY_TEST */

ports/stm32/boards/Passport/common/spiflash.c

@@ -287,3 +287,30 @@ HAL_StatusTypeDef spi_sector_erase(uint32_t addr) {
 
     return rv;
 }
+
+#define SPI_ADDR_SCV_KEY (0x00000000)
+#define SPI_SCV_KEY_SIZE (32)
+
+bool spi_get_scv_key(uint8_t* buf) {
+    if (spi_read(SPI_ADDR_SCV_KEY, SPI_SCV_KEY_SIZE, buf) == HAL_OK) {
+        return true;
+    }
+
+    return false;
+}
+
+bool spi_set_scv_key(uint8_t* buf) {
+    if (spi_write(SPI_ADDR_SCV_KEY, SPI_SCV_KEY_SIZE, buf) == HAL_OK) {
+        return true;
+    }
+
+    return false;
+}
+
+bool spi_clear_scv_key() {
+    if (spi_sector_erase(SPI_ADDR_SCV_KEY) == HAL_OK) {
+        return true;
+    }
+
+    return false;
+}

ports/stm32/boards/Passport/framebuffer.h

@@ -7,7 +7,11 @@
 
 #include <stdint.h>
 
+#ifdef SCREEN_MODE_COLOR
+#include "lvgl.h"
+#else
 #include "lvgl/lvgl.h"
+#endif
 
 #if defined(SCREEN_MODE_MONO) && defined(SCREEN_MODE_COLOR)
 #error "SCREEN_MODE_MONO and SCREEN_MODE_COLOR cannot be used at the same time"

ports/stm32/boards/Passport/include/eeprom.h

@@ -20,6 +20,4 @@ HAL_StatusTypeDef eeprom_write(uint16_t offset, uint8_t* buffer, uint8_t len);
 uint16_t eeprom_get_screen_brightness(uint16_t _default);
 bool     eeprom_set_screen_brightness(uint16_t brightness);
 
-#define EEPROM_EMPTY_TIMESTAMP (0xFFFFFFFF)
-
 #endif /* __EEPROM_H__ */

ports/stm32/boards/Passport/include/spiflash.h

@@ -24,4 +24,8 @@ extern HAL_StatusTypeDef spi_read_id(uint32_t *id_out);
 extern HAL_StatusTypeDef spi_chip_erase(void);
 extern HAL_StatusTypeDef spi_is_busy(bool* busy);
 
+bool spi_get_scv_key(uint8_t* buf);
+bool spi_set_scv_key(uint8_t* buf);
+bool spi_clear_scv_key();
+
 #endif /* _SPIFLASH_H_ */