Author: wmb Date: 2008-02-05 08:48:34 +0100 (Tue, 05 Feb 2008) New Revision: 813
Modified: cpu/x86/pc/olpc/fw.bth cpu/x86/pc/olpc/security.fth Log: OLPC security - block exceptions during secure startup.
Modified: cpu/x86/pc/olpc/fw.bth =================================================================== --- cpu/x86/pc/olpc/fw.bth 2008-02-05 06:43:24 UTC (rev 812) +++ cpu/x86/pc/olpc/fw.bth 2008-02-05 07:48:34 UTC (rev 813) @@ -261,10 +261,10 @@ false ;
-: protect-fw ( -- ) - " wp" find-tag if 2drop ec-indexed-io-off then -; +false value secure?
+: protect-fw ( -- ) secure? if ec-indexed-io-off then ; + \ stand-init-debug? [if] warning @ warning off : init @@ -350,7 +350,6 @@ ' gx-power-off to power-off [then]
- : dimmer ( -- ) screen-ih if " dimmer" screen-ih $call-method then ; : brighter ( -- ) screen-ih if " brighter" screen-ih $call-method then ;
@@ -558,6 +557,7 @@ : startup ( -- ) standalone? 0= if exit then
+ block-exceptions no-page
?factory-mode @@ -585,6 +585,7 @@ ?diags ?fs-update secure-startup + unblock-exceptions ['] (interrupt-auto-boot?) to interrupt-auto-boot? text-on banner
Modified: cpu/x86/pc/olpc/security.fth =================================================================== --- cpu/x86/pc/olpc/security.fth 2008-02-05 06:43:24 UTC (rev 812) +++ cpu/x86/pc/olpc/security.fth 2008-02-05 07:48:34 UTC (rev 813) @@ -564,13 +564,29 @@ r> to load-path ;
-false value secure? false value in-factory?
stand-init: wp " wp" find-tag if 2drop true to secure? then ;
+: message-and-off ( -- ) + aborted? @ if + aborted? off + ." Keyboard interrupt" cr + else + (.exception) + then + ." Powering off ..." + d# 5000 ms + power-off +; + +: block-exceptions ( -- ) + secure? if ['] message-and-off to .exception then +; +: unblock-exceptions ( -- ) ['] .entry to .exception ; + \ check-devel-key tests the developer signature string "dev01$".
\ -1 means the signature is for this machine and is invalid