Small improvements on kernel patch
This commit is contained in:
Jean-Michel Picod
@@ -186,7 +186,7 @@ index ae458b3..f536dad 100644
|
|||||||
Ipc = 0x10000,
|
Ipc = 0x10000,
|
||||||
diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
|
diff --git a/capsules/src/firmware_protection.rs b/capsules/src/firmware_protection.rs
|
||||||
new file mode 100644
|
new file mode 100644
|
||||||
index 0000000..dc46a13
|
index 0000000..8cf63d6
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ b/capsules/src/firmware_protection.rs
|
+++ b/capsules/src/firmware_protection.rs
|
||||||
@@ -0,0 +1,85 @@
|
@@ -0,0 +1,85 @@
|
||||||
@@ -204,8 +204,8 @@ index 0000000..dc46a13
|
|||||||
+//! # use kernel::static_init;
|
+//! # use kernel::static_init;
|
||||||
+//!
|
+//!
|
||||||
+//! let crp = static_init!(
|
+//! let crp = static_init!(
|
||||||
+//! capsules::firware_protection::FirmwareProtection<'static>,
|
+//! capsules::firmware_protection::FirmwareProtection,
|
||||||
+//! capsules::firware_protection::FirmwareProtection::new(
|
+//! capsules::firmware_protection::FirmwareProtection::new(
|
||||||
+//! nrf52840::uicr::Uicr,
|
+//! nrf52840::uicr::Uicr,
|
||||||
+//! board_kernel.create_grant(&grant_cap),
|
+//! board_kernel.create_grant(&grant_cap),
|
||||||
+//! );
|
+//! );
|
||||||
@@ -288,7 +288,7 @@ index e4423fe..7538aad 100644
|
|||||||
pub mod ft6x06;
|
pub mod ft6x06;
|
||||||
pub mod fxos8700cq;
|
pub mod fxos8700cq;
|
||||||
diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
|
diff --git a/chips/nrf52/src/uicr.rs b/chips/nrf52/src/uicr.rs
|
||||||
index 3bb8b5a..19c2e90 100644
|
index 3bb8b5a..ea96cb2 100644
|
||||||
--- a/chips/nrf52/src/uicr.rs
|
--- a/chips/nrf52/src/uicr.rs
|
||||||
+++ b/chips/nrf52/src/uicr.rs
|
+++ b/chips/nrf52/src/uicr.rs
|
||||||
@@ -1,13 +1,14 @@
|
@@ -1,13 +1,14 @@
|
||||||
@@ -307,7 +307,7 @@ index 3bb8b5a..19c2e90 100644
|
|||||||
|
|
||||||
const UICR_BASE: StaticRef<UicrRegisters> =
|
const UICR_BASE: StaticRef<UicrRegisters> =
|
||||||
unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
|
unsafe { StaticRef::new(0x10001000 as *const UicrRegisters) };
|
||||||
@@ -210,3 +211,46 @@ impl Uicr {
|
@@ -210,3 +211,49 @@ impl Uicr {
|
||||||
self.registers.approtect.write(ApProtect::PALL::ENABLED);
|
self.registers.approtect.write(ApProtect::PALL::ENABLED);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -334,19 +334,22 @@ index 3bb8b5a..19c2e90 100644
|
|||||||
+ if current_level == level {
|
+ if current_level == level {
|
||||||
+ return ReturnCode::EALREADY;
|
+ return ReturnCode::EALREADY;
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
+ unsafe { NVMC.configure_writeable() };
|
+ unsafe { NVMC.configure_writeable() };
|
||||||
+ if level >= ProtectionLevel::JtagDisabled {
|
+ if level >= ProtectionLevel::JtagDisabled {
|
||||||
+ self.set_ap_protect();
|
+ self.set_ap_protect();
|
||||||
+ }
|
+ }
|
||||||
|
+
|
||||||
+ if level >= ProtectionLevel::FullyLocked {
|
+ if level >= ProtectionLevel::FullyLocked {
|
||||||
+ // Prevent CPU debug and flash patching. Leaving these enabled could
|
+ // Prevent CPU debug and flash patching. Leaving these enabled could
|
||||||
+ // allow to circumvent protection.
|
+ // allow to circumvent protection.
|
||||||
+ self.registers
|
+ self.registers
|
||||||
+ .debugctrl
|
+ .debugctrl
|
||||||
+ .write(DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
|
+ .write(DebugControl::CPUNIDEN::DISABLED + DebugControl::CPUFPBEN::DISABLED);
|
||||||
+ // TODO(jmichel): Kill bootloader if present
|
+ // TODO(jmichel): prevent returning into bootloader if present
|
||||||
+ }
|
+ }
|
||||||
+ unsafe { NVMC.configure_readonly() };
|
+ unsafe { NVMC.configure_readonly() };
|
||||||
|
+
|
||||||
+ if self.get_protection() == level {
|
+ if self.get_protection() == level {
|
||||||
+ ReturnCode::SUCCESS
|
+ ReturnCode::SUCCESS
|
||||||
+ } else {
|
+ } else {
|
||||||
|
|||||||
Reference in New Issue
Block a user