From 712fa0f6a2bc3ecf602f5729647ed6f52b6352fc Mon Sep 17 00:00:00 2001
From: Jean-Michel Picod <jmichel@google.com>
Date: Mon, 14 Dec 2020 19:43:59 +0100
Subject: [PATCH] Small improvements on kernel patch

---
 patches/tock/07-firmware-protect.patch | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/patches/tock/07-firmware-protect.patch b/patches/tock/07-firmware-protect.patch
index d002647..365b20a 100644
--- a/patches/tock/07-firmware-protect.patch
+++ b/patches/tock/07-firmware-protect.patch
@@ -186,7 +186,7 @@ index ae458b3..f536dad 100644
      Ipc                   = 0x10000,
 diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
 new file mode 100644
-index 0000000..dc46a13
+index 0000000..8cf63d6
 --- /dev/null
 +++ b/capsules/src/firmware_protection.rs
 @@ -0,0 +1,85 @@
@@ -204,8 +204,8 @@ index 0000000..dc46a13
 +//! # use kernel::static_init;
 +//!
 +//! let crp = static_init!(
-+//!     capsules::firware_protection::FirmwareProtection<'static>,
-+//!     capsules::firware_protection::FirmwareProtection::new(
++//!     capsules::firmware_protection::FirmwareProtection,
++//!     capsules::firmware_protection::FirmwareProtection::new(
 +//!         nrf52840::uicr::Uicr,
 +//!         board_kernel.create_grant(&grant_cap),
 +//!     );
@@ -288,7 +288,7 @@ index e4423fe..7538aad 100644
  pub mod ft6x06;
  pub mod fxos8700cq;
 diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
-index 3bb8b5a..19c2e90 100644
+index 3bb8b5a..ea96cb2 100644
 --- a/chips/nrf52/src/uicr.rs
 +++ b/chips/nrf52/src/uicr.rs
 @@ -1,13 +1,14 @@
@@ -307,7 +307,7 @@ index 3bb8b5a..19c2e90 100644
  
  const UICR_BASE: StaticRef<UicrRegisters> =
      unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
-@@ -210,3 +211,46 @@ impl Uicr {
+@@ -210,3 +211,49 @@ impl Uicr {
          self.registers.approtect.write(ApProtect::PALL::ENABLED);
      }
  }
@@ -334,19 +334,22 @@ index 3bb8b5a..19c2e90 100644
 +        if current_level == level {
 +            return ReturnCode::EALREADY;
 +        }
++
 +        unsafe { NVMC.configure_writeable() };
 +        if level >= ProtectionLevel::JtagDisabled {
 +            self.set_ap_protect();
 +        }
++
 +        if level >= ProtectionLevel::FullyLocked {
 +            // Prevent CPU debug and flash patching. Leaving these enabled could
 +            // allow to circumvent protection.
 +            self.registers
 +                .debugctrl
 +                .write(DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
-+            // TODO(jmichel): Kill bootloader if present
++            // TODO(jmichel): prevent returning into bootloader if present
 +        }
 +        unsafe { NVMC.configure_readonly() };
++
 +        if self.get_protection() == level {
 +            ReturnCode::SUCCESS
 +        } else {