[OpenBIOS] r647 - cpu/x86/pc/olpc cpu/x86/pc/olpc/images dev/geode/display dev/video/common ofw/termemu

Author: wmb Date: 2007-09-29 21:25:03 +0200 (Sat, 29 Sep 2007) New Revision: 647

Added: cpu/x86/pc/olpc/images/check.565 cpu/x86/pc/olpc/images/check.bmp cpu/x86/pc/olpc/images/darkdot.565 cpu/x86/pc/olpc/images/darkdot.bmp cpu/x86/pc/olpc/images/develkey.565 cpu/x86/pc/olpc/images/develkey.bmp cpu/x86/pc/olpc/images/lightdot.565 cpu/x86/pc/olpc/images/lightdot.bmp cpu/x86/pc/olpc/images/lock.565 cpu/x86/pc/olpc/images/lock.bmp cpu/x86/pc/olpc/images/minus.565 cpu/x86/pc/olpc/images/minus.bmp cpu/x86/pc/olpc/images/plus.565 cpu/x86/pc/olpc/images/plus.bmp cpu/x86/pc/olpc/images/sad.565 cpu/x86/pc/olpc/images/sad.bmp cpu/x86/pc/olpc/images/topkey.565 cpu/x86/pc/olpc/images/topkey.bmp cpu/x86/pc/olpc/images/unlock.565 cpu/x86/pc/olpc/images/unlock.bmp cpu/x86/pc/olpc/images/x.565 cpu/x86/pc/olpc/images/x.bmp cpu/x86/pc/olpc/images/xogray.565 cpu/x86/pc/olpc/images/xogray.bmp cpu/x86/pc/olpc/images/yellowdot.565 cpu/x86/pc/olpc/images/yellowdot.bmp Modified: cpu/x86/pc/olpc/crypto.bth cpu/x86/pc/olpc/crypto.fth cpu/x86/pc/olpc/fw.bth cpu/x86/pc/olpc/gui.fth cpu/x86/pc/olpc/images/sd.565 cpu/x86/pc/olpc/images/sd.bmp cpu/x86/pc/olpc/loaddropins.fth cpu/x86/pc/olpc/security.fth dev/geode/display/gxfb.fth dev/video/common/rectangle16.fth ofw/termemu/fb16.fth Log: New pretty-boot scheme tied in with security (omnibus checkin of many files)

Modified: cpu/x86/pc/olpc/crypto.bth =================================================================== --- cpu/x86/pc/olpc/crypto.bth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/crypto.bth 2007-09-29 19:25:03 UTC (rev 647) @@ -6,6 +6,7 @@ fload ${BP}/cpu/x86/pc/olpc/versions.fth

" wget http://dev.laptop.org/pub/firmware/crypto/bios_verify-$%7BCRYPTO_VERSION%7D.... -O verify.img" expand$ $sh +" wget http://dev.laptop.org/pub/firmware/crypto/bios_hasher-$%7BCRYPTO_VERSION%7D.... -O hasher.img" expand$ $sh " wget http://dev.laptop.org/pub/firmware/crypto/testkeys/os.public -O os.public" expand$ $sh " wget http://dev.laptop.org/pub/firmware/crypto/testkeys/fw.public -O fw.public" expand$ $sh " wget http://dev.laptop.org/pub/firmware/crypto/testkeys/lease.public -O lease.public" expand$ $sh

Modified: cpu/x86/pc/olpc/crypto.fth =================================================================== --- cpu/x86/pc/olpc/crypto.fth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/crypto.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -5,18 +5,24 @@ h# d0000 constant verify-bss \ The address the code is linked to run at h# 10000 constant /verify-bss

-0 [if] -h# c0000 constant hasher-base \ The address the code is linked to run at +1 [if] +h# 70000 constant hasher-base \ The address the code is linked to run at +h# 80000 constant hasher-bss +h# 18000 constant /hasher-bss variable hashlen d# 128 buffer: hashbuf

+: get-hasher ( -- ) + " hasher" find-drop-in 0= if 4drop true exit then ( prog$ ) + 2dup hasher-base swap move free-mem ( hashname$ ) +; + : hash ( data$ hashname$ -- result$ ) - " hasher" find-drop-in 0= if 4drop true exit then ( data$ hashname$ prog$ ) - 2dup hasher-base swap move free-mem ( data$ hashname$ ) - d# 128 hashlen ! - 2>r swap hashlen hashbuf 2swap 2r> $cstr ( &reslen resbuf datalen databuf hashname-cstr ) + $cstr hashbuf hashlen ( databuf datalen hashname-cstr resbuf &reslen )

+ hasher-bss /hasher-bss erase + hasher-base dup h# 10 - sp-call abort" Hash failed" drop 4drop ( ) hashbuf hashlen @ ; @@ -25,7 +31,9 @@ 0 value crypto-loaded? : load-crypto ( -- error? ) crypto-loaded? if false exit then - " verify" find-drop-in 0= if true exit then ( prog$ ) + " verify" find-drop-in 0= if + ." Can't find crypto code" cr true exit + then ( prog$ ) 2dup verify-base swap move free-mem ( ) true to crypto-loaded? false

Modified: cpu/x86/pc/olpc/fw.bth =================================================================== --- cpu/x86/pc/olpc/fw.bth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/fw.bth 2007-09-29 19:25:03 UTC (rev 647) @@ -272,7 +272,7 @@ ." Interacting due to botched resume" cr hex interact then i-key-wait if - " patch false fast-boot? startup" eval +\ " patch false fast-boot? startup" eval ." Interacting" cr hex interact then [ifdef] lx-devel @@ -335,6 +335,7 @@ \ fload ${BP}/cpu/x86/pc/olpc/carousel.fth \ Carouseled NAND writing fload ${BP}/cpu/x86/pc/olpc/crypto.fth \ Cryptographic image validation fload ${BP}/cpu/x86/pc/olpc/lzip.fth \ Access zip images from memory +fload ${BP}/cpu/x86/pc/olpc/gamekeys.fth fload ${BP}/cpu/x86/pc/olpc/security.fth fload ${BP}/cpu/x86/pc/olpc/setwp.fth fload ${BP}/ofw/gui/ofpong.fth @@ -438,23 +439,9 @@ \ fload ${BP}/cpu/x86/pc/report.fth fload ${BP}/ofw/core/dualconsole.fth

-0 value game-key-mask - -: read-game-keys ( -- ) -[ifdef] lx-devel false exit [then] - board-revision h# b18 < if - h# 100 to game-key-mask - exit - then - - game-key@ dup to game-key-mask if - ." Release the game key to continue" cr - begin d# 100 ms game-key@ 0= until - then -; : fast-boot? ( -- flag ) [ifdef] rom-loaded - game-key-mask h# 120 and 0= + button-x game-key? 0= [else] false [then] @@ -506,11 +493,6 @@ then ;

-: optional-startup ( -- ) - probe-usb - ?usb-keyboard -; - : go-hook-freeze [ ' go-hook behavior compile, ] 0 " set-source" $call-screen @@ -519,13 +501,13 @@ : unfreeze ( -- ) ['] usb-quiet to go-hook ;

: ?sound ( -- ) - game-key-mask h# 40 and 0= if sound then + button-rotate game-key? 0= if sound then ; : ?freeze ( -- ) - game-key-mask h# 40 and 0= if freeze then + button-rotate game-key? 0= if freeze then ; : ?games ( -- ) - game-key-mask h# 20 and if + rocker-right game-key? if time&date 5drop 1 and if pong else life-demo then then ; @@ -540,36 +522,51 @@

console-start read-game-keys +[ifdef] notdef fast-boot? if - stdout off +( D) stdout off \ banner probe-pci ?sound open-keyboard +( D) \ ?games ?freeze - ['] false to interrupt-auto-boot? +\ ['] false to interrupt-auto-boot? probe-usb \ " nand" $dev-update-flash interpreter-init -[ifndef] lx-devel - enable-power-button -[then] - auto-boot - screen-ih stdout ! - ?usb-keyboard + secure-startup +( D) screen-ih stdout ! \ +( D) ?usb-keyboard \ else - banner +( D) banner \ stdout off probe-pci ?sound open-keyboard +( D) ?games \ + ?freeze + probe-usb +( D) ?usb-keyboard \ + interpreter-init + secure-startup + then +[else] + stdout off \ + probe-pci + ?sound + open-keyboard ?games ?freeze - optional-startup + ['] false to interrupt-auto-boot? + probe-usb +\ " nand" $dev-update-flash interpreter-init -[ifndef] lx-devel - enable-power-button + secure-startup + ['] (interrupt-auto-boot?) to interrupt-auto-boot? + screen-ih stdout ! + banner + ?usb-keyboard [then] - auto-boot - then + auto-boot

blue-letters ." Type 'help' for more information." black-letters cr cr

Modified: cpu/x86/pc/olpc/gui.fth =================================================================== --- cpu/x86/pc/olpc/gui.fth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/gui.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -3,6 +3,7 @@

d# 0 d# 0 2value first-icon-xy 0 0 2value icon-xy +0 0 2value last-xy 0 value text-y

: ?next-row ( -- ) @@ -14,15 +15,15 @@ then ;

-: show-565 ( image-adr,len -- ) +: prep-565 ( image-adr,len -- bits-adr x y w h ) drop dup " C565" comp abort" Not in C565 format" dup 4 + le-w@ to image-width dup 6 + le-w@ to image-height 8 + ?next-row + icon-xy to last-xy icon-xy image-width image-height - " draw-rectangle" $call-screen ;

: $get-image ( filename$ -- true | adr,len false ) @@ -34,13 +35,21 @@ ; : $show ( filename$ -- ) not-screen? if 2drop exit then - $get-image if exit then 2dup show-565 free-mem + 0 to image-width \ In case $show fails + $get-image if exit then + 2dup prep-565 " draw-transparent-rectangle" $call-screen + free-mem ; -: $show&advance ( filename$ -- ) - 0 to image-width \ In case $show fails - $show +: $show-opaque ( filename$ -- ) + not-screen? if 2drop exit then + $get-image if exit then + 2dup prep-565 " draw-rectangle" $call-screen + free-mem +; +: advance ( -- ) icon-xy image-width 0 d+ to icon-xy ; +: $show&advance ( filename$ -- ) $show advance ;

: fix-cursor ( -- ) cursor-on ['] user-ok to (ok) user-ok ;

@@ -247,7 +256,7 @@

\ Make the terminal emulator use a region that avoids the logo area : avoid-logo ( -- ) - 0 h# f ( fg-color bg-color ) + screen-ih package( foreground-color background-color )package ( fg-color bg-color ) screen-wh drop char-wh drop d# 80 * - 2/ ( fg-color bg-color x ) text-y ( fg-color bg-color x y ) char-wh drop d# 80 * ( fg-color bg-color x y w ) @@ -309,7 +318,9 @@ avoid-logo

0 to image-width 0 to image-height \ In case $show-bmp fails - " rom:olpc.565" $show&advance +[ifdef] old-way + " rom:olpc.565" $show&advance +[then]

icon-xy to first-icon-xy

@@ -347,13 +358,13 @@

h# 32 buffer: icon-name

-: show-icon-file ( basename$ -- ) +: show-icon ( basename$ -- ) " rom:" icon-name pack $cat ( ) " .565" icon-name $cat ( ) - icon-name count $show&advance ( ) + icon-name count $show ( ) ;

-: ?show-icon ( adr len -- ) +: ?show-package-icon ( adr len -- ) locate-device if exit then ( phandle )

" icon" 2 pick get-package-property 0= if ( phandle prop$ ) @@ -362,19 +373,19 @@ then ( phandle )

" iconname" 2 pick get-package-property 0= if ( phandle prop$ ) - get-encoded-string show-icon-file ( phandle ) + get-encoded-string show-icon advance ( phandle ) drop exit then ( phandle )

" name" 2 pick get-package-property 0= if ( phandle prop$ ) - get-encoded-string show-icon-file ( phandle ) + get-encoded-string show-icon advance ( phandle ) drop exit then ( phandle )

drop ; : (?show-device) ( adr len -- adr len ) - not-screen? 0= if 2dup ?show-icon then + not-screen? 0= if 2dup ?show-package-icon then ; ' (?show-device) to ?show-device

Added: cpu/x86/pc/olpc/images/check.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/check.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/check.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/check.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/darkdot.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/darkdot.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/darkdot.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/darkdot.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/develkey.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/develkey.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/develkey.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/develkey.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/lightdot.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/lightdot.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/lightdot.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/lightdot.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/lock.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/lock.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/lock.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/lock.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/minus.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/minus.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/minus.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/minus.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/plus.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/plus.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/plus.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/plus.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/sad.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/sad.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/sad.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/sad.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Modified: cpu/x86/pc/olpc/images/sd.565 =================================================================== (Binary files differ)

Modified: cpu/x86/pc/olpc/images/sd.bmp =================================================================== (Binary files differ)

Added: cpu/x86/pc/olpc/images/topkey.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/topkey.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/topkey.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/topkey.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/unlock.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/unlock.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/unlock.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/unlock.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/x.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/x.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/x.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/x.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/xogray.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/xogray.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/xogray.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/xogray.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/yellowdot.565 =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/yellowdot.565 ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Added: cpu/x86/pc/olpc/images/yellowdot.bmp =================================================================== (Binary files differ)

Property changes on: cpu/x86/pc/olpc/images/yellowdot.bmp ___________________________________________________________________ Name: svn:executable + * Name: svn:mime-type + application/octet-stream

Modified: cpu/x86/pc/olpc/loaddropins.fth =================================================================== --- cpu/x86/pc/olpc/loaddropins.fth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/loaddropins.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -28,13 +28,34 @@

" ${BP}/ofw/inet/telnetd.fth" " telnetd" $add-deflated-dropin

- " ${BP}/cpu/x86/pc/olpc/images/olpclogo.565" " olpc.565" $add-deflated-dropin - " ${BP}/cpu/x86/pc/olpc/images/laptop.565" " nandflash.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/lightdot.565" " lightdot.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/yellowdot.565" " yellowdot.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/darkdot.565" " darkdot.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/lock.565" " lock.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/unlock.565" " unlock.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/plus.565" " plus.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/minus.565" " minus.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/x.565" " x.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/sad.565" " sad.565" $add-deflated-dropin + +\ " ${BP}/cpu/x86/pc/olpc/images/topkey.565" " topkey.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/dot0.565" " mark0.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/dot1.565" " mark1.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/dot2.565" " mark2.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/dot3.565" " mark3.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/lock2.565" " lock2.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/unlock2.565" " unlock2.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/check.565" " check.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/leasekey.565" " leasekey.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/xogray.565" " xogray.565" $add-deflated-dropin +\ " ${BP}/cpu/x86/pc/olpc/images/olpclogo.565" " olpc.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/laptop.565" " nand.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/laptop.565" " fastnand.565" $add-deflated-dropin " ${BP}/cpu/x86/pc/olpc/images/ethernet.565" " ethernet.565" $add-deflated-dropin - " ${BP}/cpu/x86/pc/olpc/images/usbkey.565" " usbdisk.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/usbkey.565" " disk.565" $add-deflated-dropin " ${BP}/cpu/x86/pc/olpc/images/wireless.565" " wlan.565" $add-deflated-dropin " ${BP}/cpu/x86/pc/olpc/images/xo.565" " xo.565" $add-deflated-dropin - " ${BP}/cpu/x86/pc/olpc/images/sd.565" " sdmmc.565" $add-deflated-dropin + " ${BP}/cpu/x86/pc/olpc/images/sd.565" " sd.565" $add-deflated-dropin

" ${BP}/ofw/termemu/gallant.obf" " font" $add-deflated-dropin

@@ -43,3 +64,5 @@ " fw.public" " fwpubkey" $add-dropin \ Incompressible " lease.public" " leasepubkey" $add-dropin \ Incompressible " developer.public" " develpubkey" $add-dropin \ Incompressible + + " hasher.img" " hasher" $add-deflated-dropin

Modified: cpu/x86/pc/olpc/security.fth =================================================================== --- cpu/x86/pc/olpc/security.fth 2007-09-29 19:16:30 UTC (rev 646) +++ cpu/x86/pc/olpc/security.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -3,7 +3,11 @@

\ Specs at http://wiki.laptop.org/go/Firmware_Security

-: developer-device-list " disk sd nand" ; +: security-failure ( -- ) + ." Security failure" cr + d# 10000 ms power-off +; + : boot-device-list " disk sd nand" ;

true value debug-security? @@ -131,7 +135,8 @@ \ bundle whose name is constructed from the current settings of the \ device (DN), path (PN), filename head (CN), and filename body (FN).

-: bundle-present? ( -- flag ) +: bundle-present? ( fn$ -- flag ) + fn-buf place bundle-name$ " Trying " ?lease-debug 2dup ?lease-debug-cr ['] (boot-read) catch if 2drop false exit then @@ -166,6 +171,11 @@ hashname place ( data$ sig$ )

pubkey$ hashname count signature-bad? 0= ( okay? ) + dup if + " Signature valid" ?lease-debug-cr + else + " Signature invalid" ?lease-debug-cr + then ;

\ earliest is the earliest acceptable date value (in seconds). @@ -374,12 +384,6 @@ 4drop -1 exit then ( sig$ expiration$ ) check-machine-signature ( -1|1 ) - - dup 0< if - " has bad signature" ?lease-debug-cr - else - " valid" ?lease-debug-cr - then ;

\ lease-valid? tries to read a lease file from the currently-selected @@ -391,6 +395,7 @@ " ${DN}:\security\lease.sig" expand$ ( name$ ) " Trying " ?lease-debug 2dup ?lease-debug-cr r/o open-file if drop false exit then ( ih ) + load-started >r ( r: ih ) " Lease " ?lease-debug ( r: ih ) leasekey$ to pubkey$ ( r: ih ) @@ -400,8 +405,8 @@ then ( actual -eof? ) while ( actual ) sec-line-buf swap check-lease case ( -1|0|1 ) - 1 of r> close-file drop true exit endof - -1 of r> close-file drop false exit endof + 1 of r> close-file drop " unlock" show-icon true exit endof + -1 of r> close-file drop " lock" show-icon false exit endof endcase repeat r> close-file drop false @@ -414,7 +419,7 @@ \ present) or "actos.zip" (the activation version of the OS).

: ?leased ( -- ) - lease-valid? if " run" else " act" then cn-buf place + lease-valid? if " run" else " act" then cn-buf place ;

\ olpc-load-image is factor that is close the top level of the @@ -425,22 +430,18 @@ \ "runos.zip" according to whether or not a valid lease for \ this machine is present on the same device.

-: olpc-load-image ( list$ dirname$ -- okay? ) - pn-buf place ( list$ ) +: olpc-load-image ( list$ -- okay? ) begin dup while ( list$ ) bl left-parse-string ( list$ devname$ ) dn-buf place ( list$' ) ?leased ( list$ ) - bundle-present? if ( list$ ) + " os" bundle-present? if ( list$ ) " OS found - " ?lease-debug 0 hashname c! oskey$ to pubkey$ img$ sig$ valid? if - " Signature valid" ?lease-debug-cr img$ tuck load-base swap move !load-size 2drop true exit - else - " Signature invalid" ?lease-debug-cr then then ( list$ ) repeat ( list$ ) @@ -453,21 +454,41 @@ \ the NAND FLASH for an alternate OS image.

: secure-load ( -- okay? ) - load-crypto if ( ) - ." Can't get crypto code" cr ( ) - false exit - then ( ) + load-crypto if false exit then

get-my-sn if false exit then get-date if false exit then

- " os" fn-buf place - - boot-device-list " \boot" olpc-load-image if true exit then - " nand" " \boot-alt" olpc-load-image if true exit then + " \boot" pn-buf place boot-device-list olpc-load-image if true exit then + " \boot-alt" pn-buf place " nand" olpc-load-image if true exit then false ;

+0 value alternate? +: set-alternate ( -- ) + button-o game-key? if true to alternate? exit then + h# 82 cmos@ [char] A = if + [char] N h# 82 cmos! + true to alternate? exit + then + false to alternate? +; + +0 0 2value base-xy +: show-check ( -- ) + icon-xy base-xy to icon-xy " check" show-icon to icon-xy +; +: +icon-xy ( delta-x,y -- ) icon-xy d+ to icon-xy ; + +: show-dot ( -- ) + alternate? if " yellowdot" else " lightdot" then show-icon +; +: show-x ( -- ) " x" show-icon ; +: show-sad ( -- ) " sad" show-icon ; +: show-lock ( -- ) " lock" show-icon ; +: show-unlock ( -- ) " unlock" show-icon ; + + \ secure-load-ramdisk is called during the process of preparing an \ OS image for execution. It looks for an initrd bundle file on \ the same device where the OS image was found, in a file named @@ -490,27 +511,28 @@ ['] load-path behavior >r ( r: xt ) ['] ramdisk-buf to load-path ( r: xt )

- " rd" fn-buf place - bundle-present? if + d# 16 0 +icon-xy show-dot + \ cn-buf is already set as a result of the ?leased that + \ happened before loading the OS file + " rd" bundle-present? if r> to load-path

" RD found - " ?lease-debug 0 hashname c! img$ sig$ valid? if - " Signature valid" ?lease-debug-cr + show-unlock load-base to ramdisk-adr img$ dup to /ramdisk ( adr len ) load-base swap move ( ) exit else - " Signature invalid" ?lease-debug-cr + show-unlock fail-load then then r> to load-path ;

- \ secure-boot performs the secure boot process

: secure-boot ( -- ) @@ -527,12 +549,12 @@ " wp" find-tag if 2drop true to secure? then ;

-\ ?secure-boot performs either the secure boot algorithm or the +\ do-secure-boot performs either the secure boot algorithm or the \ historical boot algorithm depending on the presence of a "wp" \ manufacturing data tag.

-: ?secure-boot ( -- ) secure? if secure-boot else boot then ; -" ?secure-boot" ' boot-command set-config-string-default +: do-secure-boot ( -- ) secure? if secure-boot else boot then ; +\ " do-secure-boot" ' boot-command set-config-string-default

\ check-devel-key tests the developer signature string "dev01$". @@ -559,8 +581,10 @@

: has-developer-key? ( -- flag ) " ${DN}:\security\develop.sig" expand$ ( name$ ) + " Trying " ?lease-debug 2dup ?lease-debug-cr r/o open-file if drop false exit then ( ih ) >r + load-started begin sec-line-buf /sec-line-max r@ read-line if ( actual -eof? ) 2drop r> close-file drop false exit @@ -577,71 +601,153 @@ \ developer? searches a list of devices (given by "developer-device-list") \ for a valid developer key

-: developer? ( -- flag ) - get-my-sn if false exit then +: checked-load-started ( -- ) + not-screen? if exit then + show-check +; +\ ' checked-load-started to load-started +\ noop to load-started

- load-crypto if ( ) - ." Can't get crypt code" cr ( ) - false exit - then ( ) +: ?toggle-secure ( -- ) button-x game-key? if secure? 0= to secure? then ;

- developer-device-list ( list$ ) - begin dup while ( list$ ) - bl left-parse-string dn-buf place ( list$' ) - has-developer-key? if ( list$' ) - 2drop true exit - then ( list$ ) - repeat ( list$ ) - 2drop false +6 buffer: fw#buf +: (fw-version) ( base-adr -- n ) + h# f.ffc7 + fw#buf 5 move + fw#buf 4 + c@ bl = if [char] 0 fw#buf 4 + c! then + base @ >r d# 36 base ! + fw#buf 5 $number if + show-x + ." Invalid firmware version number" security-failure + then + pop-base ;

+: firmware-up-to-date? ( img$ -- ) + /flash <> if show-x ." Invalid Firmware image" security-failure then ( adr ) + (fw-version) ( file-version# ) + rom-pa (fw-version) ( file-version# rom-version# ) + u<= +;

-fexit +: load-from-device ( devname$ -- done? )

-Firmware security use cases: + d# 16 0 +icon-xy show-dot + null$ cn-buf place + " bootfw" bundle-present? if + " FW found - " ?lease-debug

-a) load image signing: + img$ firmware-up-to-date? if + " plus" show-icon + " current FW is up-to-date" ?lease-debug-cr + else + " minus" show-icon + " new - " ?lease-debug + 0 hashname c! + fwkey$ to pubkey$ + img$ sig$ valid? if + img$ tuck flash-buf swap move ( len ) + ?image-valid ( ) + true to file-loaded? + " Updating firmware" ?lease-debug

-Package: {run,act}{os,rd}.zip -Expiration: none -Signed object: OS or RD image file in .zip file -Signature: sha256_rsa256.sig in .zip file -Verification Algorithm: sha256 -> rsa256 -Verification Key: OLPC-run-public-key + \ Latch alternate? flag for next startup + alternate? if [char] A h# 82 cmos! then

-Rule: Don't run the image if the signature fails + reflash \ Should power-off and reboot + show-x + ." Reflash returned, unexpectedly" cr + security-failure + then + show-lock + then + then

-b) Firmware update key + d# 16 0 +icon-xy show-dot + ?leased \ Sets cn-buf

-Package: /boot/bootfw.zip -Expiration: none (but should be versioned to avoid repeated updates) -Signed object: image in .zip file -Signature1: sha255.rsa in .zip file -Signature2: whirl.rsa in .zip file -Verification Algorithm: sha256 -> rsa256, whirlpool -> rsa256 -Verification Key: OLPC-fw-public-key + d# 16 0 +icon-xy show-dot + " os" bundle-present? if + " OS found - " ?lease-debug + 0 hashname c! + oskey$ to pubkey$ + img$ sig$ valid? if + img$ tuck load-base swap move !load-size + show-unlock + true exit + then + show-lock + then + false ( done? ) +;

-Rule: If the developer key is valid, enter unlocked firmware state +: filesystem-present? ( -- flag ) + " ${DN}:" expand$ ( name$ ) + open-dev dup if dup close-dev then + 0<> +;

-c) Developer key +0 0 2value next-xy +: load-from-list ( list$ -- devkey? ) + begin dup while ( list$ ) + bl left-parse-string ( list$ devname$ ) + 2dup dn-buf place ( list$ devname$ )

-Package: /security/develop.key -Expiration: none -Signed object: <serial#>:<uuid>:00000000T000000Z (representing the machine) -Signature: rsa256 data in sig01 line -Verification Algorithm: rsa256 -Verification Key: OLPC-devel-public-key + show-icon ( list$ xy ) + icon-xy to base-xy + icon-xy image-width 0 d+ to next-xy ( list$ )

-Rule: If the developer key is valid, enter unlocked firmware state + filesystem-present? if

-d) Activation lease + d# 5 d# 77 +icon-xy show-dot + has-developer-key? if + show-unlock + true exit + then

-Package: /security/lease -Expiration: Yes - time on signature line -Signed object: <serial#>:<uuid>:<expiration time> (representing the machine) -Signature: rsa256 data in sig01 line -Verification Algorithm: rsa256 -Verification Key: OLPC-act-public-key + load-from-device if + 2drop + ['] secure-load-ramdisk to load-ramdisk + " init-program" $find if execute go then + show-x + security-failure + then + then

-Rule: If the lease is invalid, invoke act{os,rd}.zip instead of run{os,rd}.zip + next-xy to icon-xy + repeat ( list$ ) + " sad" show-icon + 2drop false +;

+: text-on screen-ih stdout ! ; +: persistent-devkey? ( -- flag ) " dk" find-tag dup if nip nip then ; + +: all-devices$ ( -- list$ ) " disk sd fastnand nand" ; +: secure-startup ( -- ) + ['] noop to ?show-device + ['] noop to load-done + ['] noop to load-started + + set-alternate + + d# 552 d# 383 to icon-xy " rom:xogray.565" $show-opaque + d# 410 d# 540 to icon-xy \ For boot progress reports + + button-check game-key? if text-on then + ?toggle-secure + + secure? 0= if exit then + + persistent-devkey? if exit then + + get-my-sn if ." No serial number" cr show-sad security-failure then + get-date if ." Invalid system date" cr show-sad security-failure then + + load-crypto if show-sad security-failure then ( ) + + alternate? if " \boot-alt" else " \boot" then pn-buf place + + all-devices$ load-from-list if exit then \ Returns only if no images found + + ." Boot failed" cr show-sad security-failure +;

Modified: dev/geode/display/gxfb.fth =================================================================== --- dev/geode/display/gxfb.fth 2007-09-29 19:16:30 UTC (rev 646) +++ dev/geode/display/gxfb.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -555,9 +555,10 @@ map-frame-buffer bytes/pixel case 1 of frame-buffer-adr /fb h# 0f fill endof - 2 of frame-buffer-adr /fb h# ffff wfill endof + 2 of frame-buffer-adr /fb h# c0 dup dup rgb>565 wfill endof 4 of frame-buffer-adr /fb h# ffff.ffff lfill endof endcase + 7 to background-color ;

: display-remove ( -- )

Modified: dev/video/common/rectangle16.fth =================================================================== --- dev/video/common/rectangle16.fth 2007-09-29 19:16:30 UTC (rev 646) +++ dev/video/common/rectangle16.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -29,6 +29,24 @@ loop ( adr' wbytes fbadr' ) 3drop ; + +: draw-transparent-rectangle ( adr x y w h -- ) + rectangle-setup ( adr wbytes fbadr h ) + >r rot r> ( wbytes fbadr adr h ) + 0 ?do ( wbytes fbadr adr ) + 2 pick 0 ?do ( wbytes fbadr adr ) + dup w@ >r wa1+ r> ( wbytes fbadr adr' color ) + dup h# ffff = if ( wbytes fbadr adr color ) + drop ( wbytes fbadr adr ) + else ( wbytes fbadr adr color ) + 2 pick i + w! ( wbytes fbadr adr ) + then ( wbytes fbadr adr ) + /w +loop ( wbytes fbadr adr ) + swap /scanline + swap ( wbytes fbadr' adr ) + loop ( wbytes fbadr' adr' ) + 3drop +; + : read-rectangle ( adr x y w h -- ) rectangle-setup 0 ?do ( adr wbytes fbadr ) 3dup -rot move ( adr wbytes fbadr )

Modified: ofw/termemu/fb16.fth =================================================================== --- ofw/termemu/fb16.fth 2007-09-29 19:16:30 UTC (rev 646) +++ ofw/termemu/fb16.fth 2007-09-29 19:25:03 UTC (rev 647) @@ -93,7 +93,8 @@ aa 00 00 rgb>565 , \ Dark red aa 00 aa rgb>565 , \ Dark magenta aa 55 aa rgb>565 , \ Brown - aa aa aa rgb>565 , \ Light gray +\ aa aa aa rgb>565 , \ Light gray + c0 c0 c0 rgb>565 , \ Light gray (OLPC background) 55 55 55 rgb>565 , \ Dark gray 55 55 ff rgb>565 , \ Light blue 55 ff 55 rgb>565 , \ Light green @@ -117,7 +118,7 @@ text-foreground16 screen-background16 fb16-invert ; : fb16-erase-screen ( -- ) - frame-buffer-adr bytes/line16 screen-height * screen-background16 fb-fill + frame-buffer-adr bytes/line16 screen-height * screen-background16 wfill ; : fb16-blink-screen ( -- ) \ Better done by poking the DAC fb16-invert-screen fb16-invert-screen @@ -156,7 +157,7 @@ headerless

: move-line16 ( src-line-adr dst-line-adr -- ) emu-bytes/line fb-move ; -: erase-line16 ( line-adr -- ) emu-bytes/line screen-background16 fb-fill ; +: erase-line16 ( line-adr -- ) emu-bytes/line screen-background16 wfill ; : erase-lines16 ( last-line first-line -- ) ?do i erase-line16 bytes/line16 +loop ; @@ -208,7 +209,7 @@ : erase-chars16 ( #chars start-col# -- ) swap char-width 2* * swap ( #bytes start-col# ) column-adr16 char-height 0 do ( #bytes adr ) - 2dup swap text-background16 fb-fill ( #bytes adr ) + 2dup swap text-background16 wfill ( #bytes adr ) bytes/line16 + ( #bytes adr' ) loop 2drop ( ) ;