From 01c0250df9fa075e5827e91d7fb02df9f2f64eaf Mon Sep 17 00:00:00 2001 From: Corey Lakey Date: Thu, 12 Aug 2021 21:37:47 -0700 Subject: [PATCH] PASS1-94: Prevent installing user-signed firmware if no user-key installed (#38) * PASS1-94: Prevent installing user-signed firmware if no user signing key installed * Fixed case where user pubkey was removed manually * Fixed text to match other areas where text is used * Update text message for developer pubkey * Hard coded user signed field to false Co-authored-by: Ken Carpenter <62639971+FoundationKen@users.noreply.github.com> --- ports/stm32/boards/Passport/modfoundation.c | 17 +++++++++++++---- ports/stm32/boards/Passport/modules/actions.py | 11 +++++++++-- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ports/stm32/boards/Passport/modfoundation.c b/ports/stm32/boards/Passport/modfoundation.c index 7fab79d..ab6744b 100644 --- a/ports/stm32/boards/Passport/modfoundation.c +++ b/ports/stm32/boards/Passport/modfoundation.c @@ -1276,7 +1276,7 @@ System_validate_firmware_header(mp_obj_t self, mp_obj_t header) // New header passport_firmware_header_t* new_fwhdr = (passport_firmware_header_t*)header_info.buf; - mp_obj_t tuple[3]; + mp_obj_t tuple[4]; bool is_valid = verify_header(header_info.buf); @@ -1303,7 +1303,10 @@ System_validate_firmware_header(mp_obj_t self, mp_obj_t header) vstr_add_strn(&vstr, (const char*)new_fwhdr->info.fwdate, strlen((const char*)new_fwhdr->info.fwdate)); tuple[2] = mp_obj_new_str_from_vstr(&mp_type_str, &vstr); - return mp_obj_new_tuple(3, tuple); + // Is this user-signed firmware? + tuple[3] = mp_const_false; + + return mp_obj_new_tuple(4, tuple); } } else { // Invalid header @@ -1317,7 +1320,10 @@ System_validate_firmware_header(mp_obj_t self, mp_obj_t header) vstr_add_strn(&vstr, (const char*)msg, strlen(msg)); tuple[2] = mp_obj_new_str_from_vstr(&mp_type_str, &vstr); - return mp_obj_new_tuple(3, tuple); + // No header = no user signed firmware + tuple[3] = mp_const_false; + + return mp_obj_new_tuple(4, tuple); } // is_valid @@ -1329,7 +1335,10 @@ System_validate_firmware_header(mp_obj_t self, mp_obj_t header) // No error message tuple[2] = mp_const_none; - return mp_obj_new_tuple(3, tuple); + // Is this user-signed firmware? + tuple[3] = (new_fwhdr->signature.pubkey1 == FW_USER_KEY) ? mp_const_true : mp_const_false; + + return mp_obj_new_tuple(4, tuple); } /// def System_set_user_firmware_pubkey(self, pubkey) -> None diff --git a/ports/stm32/boards/Passport/modules/actions.py b/ports/stm32/boards/Passport/modules/actions.py index 86cd521..8c12326 100644 --- a/ports/stm32/boards/Passport/modules/actions.py +++ b/ports/stm32/boards/Passport/modules/actions.py @@ -346,12 +346,19 @@ async def update_firmware(*a): return # Validate the header - is_valid, version, error_msg = system.validate_firmware_header(header) + is_valid, version, error_msg, is_user_signed = system.validate_firmware_header(header) if not is_valid: system.turbo(False) await ux_show_story('Firmware header is invalid.\n\n{}'.format(error_msg), title='Error', left_btn='BACK', right_btn='OK', center=True, center_vertically=True) return + if is_user_signed: + pubkey_result, pubkey = read_user_firmware_pubkey() + if not pubkey_result or is_all_zero(pubkey): + system.turbo(False) + await ux_show_story('Install a Developer PubKey before loading non-Foundation firmware.\n\n', title='Error', left_btn='BACK', right_btn='OK', center=True, center_vertically=True) + return + system.turbo(False) # Give the user a chance to confirm/back out @@ -2057,4 +2064,4 @@ async def remove_user_firmware_pubkey(*a): title='Remove', center=True, center_vertically=True) - clear_cached_pubkey() \ No newline at end of file + clear_cached_pubkey()