Author: wmb Date: 2007-10-02 08:40:25 +0200 (Tue, 02 Oct 2007) New Revision: 662
Modified: cpu/x86/pc/olpc/boardrev.fth cpu/x86/pc/olpc/devices.fth cpu/x86/pc/olpc/fw.bth cpu/x86/pc/olpc/security.fth dev/olpc/kb3700/ecio.fth Log: q2c28 late additions - made fw autoupdate work, and various other usability improvements.
Modified: cpu/x86/pc/olpc/boardrev.fth =================================================================== --- cpu/x86/pc/olpc/boardrev.fth 2007-10-02 04:56:15 UTC (rev 661) +++ cpu/x86/pc/olpc/boardrev.fth 2007-10-02 06:40:25 UTC (rev 662) @@ -24,7 +24,8 @@ h# a18 else lx? if - board-id@ case + ['] board-id@ catch if 0 then case + 0 of 0 endof \ EC broken h# b2 of h# b30 endof \ preB3 ( board-id ) dup h# 10 * 8 + swap \ E.g. b3 -> b38 endcase
Modified: cpu/x86/pc/olpc/devices.fth =================================================================== --- cpu/x86/pc/olpc/devices.fth 2007-10-02 04:56:15 UTC (rev 661) +++ cpu/x86/pc/olpc/devices.fth 2007-10-02 06:40:25 UTC (rev 662) @@ -247,7 +247,8 @@ fload ${BP}/cpu/x86/pc/olpc/boardrev.fth \ Board revision decoding
stand-init: Date to EC - time&date d# 2000 - ec-date! 3drop + time&date d# 2000 - ['] ec-date! catch if 3drop then + 3drop ;
stand-init: Wireless reset
Modified: cpu/x86/pc/olpc/fw.bth =================================================================== --- cpu/x86/pc/olpc/fw.bth 2007-10-02 04:56:15 UTC (rev 661) +++ cpu/x86/pc/olpc/fw.bth 2007-10-02 06:40:25 UTC (rev 662) @@ -506,6 +506,12 @@ no-page
console-start + + board-revision 0= if + ." EC problem - remove all power and restart" cr + begin again + then + read-game-keys stdout off \ probe-pci
Modified: cpu/x86/pc/olpc/security.fth =================================================================== --- cpu/x86/pc/olpc/security.fth 2007-10-02 04:56:15 UTC (rev 661) +++ cpu/x86/pc/olpc/security.fth 2007-10-02 06:40:25 UTC (rev 662) @@ -143,35 +143,40 @@
d# 32 buffer: hashname
-\ valid? checks the validity of data$ against the ASCII signature +\ invalid? checks the validity of data$ against the ASCII signature \ record sig01$, using the public key that pubkey$ points to. -\ It also verifies that the hashname contained in sig01$ is not -\ the same one that was last used (for verification of firmware -\ images against two different hashes). +\ It also verifies that the hashname contained in sig01$ is the +\ expected one.
-: valid? ( data$ sig01$ -- okay? ) +: invalid? ( data$ sig01$ exp-hashname$ -- error? ) + 2>r parse-sig if ." Bad signature format in " bundle-name$ type cr - false exit - then ( data$ hashname$ sig$ ) + 2r> 2drop true exit + then ( data$ hashname$ sig$ r: exp$ )
- 2swap d# 31 min ( data$ sig$ hashname$' ) - \ Check for duplicate hashname attacks - 2dup hashname count $= if ( data$ sig$ hashname$ ) - ." Duplicate hash name in " bundle-name$ type cr - 4drop false exit + 2swap 2dup 2r> $= 0= if ( data$ sig$ hashname$ ) + ." Wrong hash name in " bundle-name$ type cr + 4drop 2drop true exit then ( data$ sig$ hashname$ )
- hashname place ( data$ sig$ ) - - pubkey$ hashname count signature-bad? 0= ( okay? ) + pubkey$ 2swap signature-bad? ( error? ) dup if - " Signature valid" ?lease-debug-cr + " Signature invalid" ?lease-debug-cr else - " Signature invalid" ?lease-debug-cr + " Signature valid" ?lease-debug-cr then ; +: sha-valid? ( data$ sig01$ -- okay? ) " sha256" invalid? 0= ; +: fw-valid? ( data$ 2*sig$ -- okay? ) + 2swap 2>r ( 2*sig$ r: data$ ) + newline left-parse-string ( rmd-sig$ sha-sig$ r: data$ ) + 2r@ 2swap sha-valid? 0= if ( rmd-sig$ r: data$ ) + 2r> 4drop false exit + then ( rmd-sig$ r: data$ ) + 2r> 2swap " rmd160" invalid? 0= +;
\ earliest is the earliest acceptable date value (in seconds). \ It is the date that the first test version of this code was @@ -341,7 +346,7 @@ : check-machine-signature ( sig$ expiration$ -- -1|1 ) 0 hashname c! machine-id-buf d# 51 + swap move ( sig$ ) - machine-id-buf d# 67 2swap valid? if 1 else -1 then + machine-id-buf d# 67 2swap sha-valid? if 1 else -1 then ;
: set-disposition ( adr -- ) c@ machine-id-buf d# 49 + c! ; @@ -422,48 +427,6 @@ cn-buf place ;
-\ olpc-load-image is factor that is close the top level of the -\ secure boot process. Given a directory prefix (e.g. "\boot") -\ and a space-delimited list of device names, it searches -\ each device in that list for an OS bundle in that directory. -\ The name of the OS bundle file is either "actos.zip" or -\ "runos.zip" according to whether or not a valid lease for -\ this machine is present on the same device. - -: olpc-load-image ( list$ -- okay? ) - begin dup while ( list$ ) - bl left-parse-string ( list$ devname$ ) - dn-buf place ( list$' ) - ?leased ( list$ ) - " os" bundle-present? if ( list$ ) - " OS found - " ?lease-debug - 0 hashname c! - oskey$ to pubkey$ - img$ sig$ valid? if - img$ tuck load-base swap move !load-size - 2drop true exit - then - then ( list$ ) - repeat ( list$ ) - 2drop false -; - -\ secure-load is the top level of the secure OS loading process. -\ It searches for lease files and signed OS image bundles on several -\ different devices. If an OS bundle is not found, it then searches -\ the NAND FLASH for an alternate OS image. - -: secure-load ( -- okay? ) - load-crypto if false exit then - - get-my-sn if false exit then - get-date if false exit then - - " \boot" pn-buf place boot-device-list olpc-load-image if true exit then - " \boot-alt" pn-buf place " nand" olpc-load-image if true exit then - false -; - 0 value alternate? : set-alternate ( -- ) button-o game-key? if true to alternate? exit then @@ -481,9 +444,8 @@
: ?unfreeze ( -- ) game-key@ button-check and if - dcon-unfreeze + dcon-unfreeze text-on unfreeze - text-on then ;
@@ -496,17 +458,13 @@ power-off ;
+: +icon-xy ( delta-x,y -- ) icon-xy d+ to icon-xy ; + : show-going ( -- ) h# c0 h# c0 h# c0 rgb>565 progress-xy d# 500 d# 100 " fill-rectangle" $call-screen d# 585 d# 613 to icon-xy " bigdot" show-icon dcon-unfreeze ; - -: show-check ( -- ) - icon-xy base-xy to icon-xy " check" show-icon to icon-xy -; -: +icon-xy ( delta-x,y -- ) icon-xy d+ to icon-xy ; - : show-dot ( -- ) alternate? if " yellowdot" else " lightdot" then show-icon ; @@ -555,7 +513,7 @@
" RD found - " ?lease-debug 0 hashname c! - img$ sig$ valid? if + img$ sig$ sha-valid? if show-unlock load-base to ramdisk-adr img$ dup to /ramdisk ( adr len ) @@ -569,30 +527,12 @@ r> to load-path ;
-\ secure-boot performs the secure boot process - -: secure-boot ( -- ) - debug-security? if screen-ih stdout ! then - ['] secure-load-ramdisk to load-ramdisk - secure-load 0= if fail-load then - loaded sync-cache " init-program" $find if execute else 2drop then - go -; - false value secure?
stand-init: wp " wp" find-tag if 2drop true to secure? then ;
-\ do-secure-boot performs either the secure boot algorithm or the -\ historical boot algorithm depending on the presence of a "wp" -\ manufacturing data tag. - -: do-secure-boot ( -- ) secure? if secure-boot else boot then ; -\ " do-secure-boot" ' boot-command set-config-string-default - - \ check-devel-key tests the developer signature string "dev01$".
\ -1 means the signature is for this machine and is invalid @@ -634,16 +574,6 @@ r> close-file drop false ;
-\ developer? searches a list of devices (given by "developer-device-list") -\ for a valid developer key - -: checked-load-started ( -- ) - not-screen? if exit then - show-check -; -\ ' checked-load-started to load-started -\ noop to load-started - : ?toggle-secure ( -- ) button-x game-key? if secure? 0= to secure? then ;
6 buffer: fw#buf @@ -680,11 +610,14 @@ " new - " ?lease-debug 0 hashname c! fwkey$ to pubkey$ - img$ sig$ valid? if + img$ sig$ fw-valid? if + dcon-unfreeze text-on + img$ tuck flash-buf swap move ( len ) + ?image-valid ( ) true to file-loaded? - " Updating firmware" ?lease-debug + " Updating firmware" ?lease-debug-cr
\ Latch alternate? flag for next startup alternate? if [char] A h# 82 cmos! then @@ -706,7 +639,7 @@ " OS found - " ?lease-debug 0 hashname c! oskey$ to pubkey$ - img$ sig$ valid? if + img$ sig$ sha-valid? if img$ tuck load-base swap move !load-size show-unlock true exit @@ -739,6 +672,7 @@
d# 5 d# 77 +icon-xy show-dot has-developer-key? if + dcon-unfreeze text-on show-unlock true exit then
Modified: dev/olpc/kb3700/ecio.fth =================================================================== --- dev/olpc/kb3700/ecio.fth 2007-10-02 04:56:15 UTC (rev 661) +++ dev/olpc/kb3700/ecio.fth 2007-10-02 06:40:25 UTC (rev 662) @@ -253,6 +253,7 @@ : io-spi-reprogrammed ( -- ) ." Restarting..." d# 2000 ms cr kbc-on + begin again \ ." Keyboard back on" cr ;
@@ -266,6 +267,7 @@ 7 to spi-us \ Measured time for "1 fea9 ec!" is 7.9 uS
ignore-power-button \ Guard against the user panicing + disable-interrupts \ Don't poll the EC kbc-off ; : use-local-ec ( -- ) ['] io-spi-start to spi-start ;