Author: wmb Date: Tue Jul 20 01:32:54 2010 New Revision: 1888 URL: http://tracker.coreboot.org/trac/openfirmware/changeset/1888
Log: OLPC XO-1.5 - Implemented secure NANDblaster mode .
Modified: cpu/x86/pc/olpc/nandcastui.fth cpu/x86/pc/olpc/nb15tx.fth cpu/x86/pc/olpc/via/blockfifo.fth cpu/x86/pc/olpc/via/fsupdate.fth cpu/x86/pc/olpc/via/mcnand-version.fth cpu/x86/pc/olpc/via/nbrx.fth cpu/x86/pc/olpc/wifichannel.fth
Modified: cpu/x86/pc/olpc/nandcastui.fth ============================================================================== --- cpu/x86/pc/olpc/nandcastui.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/nandcastui.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -20,17 +20,6 @@ ifd @ fclose ( adr len actual ) over <> abort" Can't read file" cr ( adr len ) ; -: load-read ( filename$ -- ) - open-dev dup 0= abort" Can't open file" >r ( r: ih ) - load-base " load" r@ $call-method !load-size - r> close-dev -; - -: secure$ ( -- adr len ) - secure? security-off? 0= and if " secure" else null$ then -; - -d# 20 value redundancy
: #nb-clone ( channel# -- ) depth 1 < abort" Usage: channel# #nb-clone"
Modified: cpu/x86/pc/olpc/nb15tx.fth ============================================================================== --- cpu/x86/pc/olpc/nb15tx.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/nb15tx.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -28,24 +28,36 @@ 2drop then ; -: $nb15-tx ( redundancy$ filename$ channel$ -- ) + +: $nb-tx ( filename$ channel# -- ) + >r 2>r redundancy 2r> r> ?load-thin-wlan-fw false to already-go?
- " boot rom:nb_tx thinmac:OLPC-NANDblaster,%s %s %s 131072" sprintf eval + " boot rom:nb_tx thinmac:OLPC-NANDblaster,%d %s %d 131072" sprintf eval ; -: nb15-tx: ( "filename" [ "redundancy" ] -- ) - safe-parse-word ( filename$ ) - parse-word ( filename$ redundancy$ ) - dup 0= if 2drop " 20" then ( filename$ redundancy$' ) - 2swap ( redundancy$ filename$ ) - nb-auto-channel ( redundancy$ filename$ channel# ) + +: nb-tx: ( "filename" -- ) + redundancy ( redundancy ) + safe-parse-word ( redundancy filename$ ) + nb-auto-channel ( redundancy filename$ channel# )
?load-thin-wlan-fw false to already-go?
- " boot rom:nb_tx thinmac:OLPC-NANDblaster,%d %s %s 131072" sprintf eval + " boot rom:nb_tx thinmac:OLPC-NANDblaster,%d %s %d 131072" sprintf eval ; +: #nb-secure ( zip-filename$ image-filename$ channel# -- ) + depth 5 < abort" #nb-secure-update - too few arguments" + >r 2>r ( placement-filename$ r: channel# image-filename$ ) + load-read sig$ ?save-string swap ( siglen sigadr r: channel# image-filename$ ) + img$ ?save-string swap ( siglen sigadr speclen specadr r: channel# image-filename$ ) + redundancy 2r> r> ( siglen sigadr speclen specadr redundancy image-filename$ channel# ) + " rom:nb_tx thinmac:OLPC-NANDblaster,%d %s %d 131072 %d %d %d %d" sprintf boot-load go +; +: #nb-secure-def ( channel# -- ) >r " u:\fs.zip" " u:\fs.zd" r> #nb-secure ; + +: nb-secure ( -- ) nb-auto-channel #nb-secure-def ;
[ifdef] use-nb15-precomputed \ NANDblaster sender using thin firmware on XO-1.5, with precomputed
Modified: cpu/x86/pc/olpc/via/blockfifo.fth ============================================================================== --- cpu/x86/pc/olpc/via/blockfifo.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/via/blockfifo.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -11,6 +11,7 @@ 0 instance value write-index 0 instance value max-depth false instance value synchronous? +0 value debug?
: #queued ( -- n ) write-index read-index - @@ -106,7 +107,9 @@
: drain-queue ( -- ) synchronous? 0= if - ." Max queue depth was " max-depth .d ." , current is " #queued .d cr + debug? if + ." Max queue depth was " max-depth .d ." , current is " #queued .d cr + then true to synchronous? then begin empty? 0= while poll repeat
Modified: cpu/x86/pc/olpc/via/fsupdate.fth ============================================================================== --- cpu/x86/pc/olpc/via/fsupdate.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/via/fsupdate.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -92,12 +92,18 @@ ;
: data: ( "filename" -- ) - safe-parse-word fn-buf place - " ${DN}${PN}${CN}${FN}" expand$ image-name-buf place - image-name$ r/o open-file if + safe-parse-word ( filename$ ) + nb-zd-#sectors if ( filename$ ) + 2drop " /nb-updater" ( filename$' ) + else ( filename$ ) + fn-buf place ( ) + " ${DN}${PN}${CN}${FN}" expand$ image-name-buf place + image-name$ ( filename$' ) + then ( filename$ ) + r/o open-file if ( fd ) drop ." Can't open " image-name$ type cr true " " ?nand-abort - then to filefd + then to filefd ( ) linefeed filefd force-line-delimiter true to secure-fsupdate? ;
Modified: cpu/x86/pc/olpc/via/mcnand-version.fth ============================================================================== --- cpu/x86/pc/olpc/via/mcnand-version.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/via/mcnand-version.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -3,6 +3,6 @@ \ With a specific ID, mcastnand.bth will download a tarball without .git stuff. \ With "test", mcastnand.bth will clone the git head if build/multicast-nand/ \ is not already present, then you can modify the git subtree as needed. -macro: MCNAND_VERSION af0cadd1cbfb17ddfa7dcf299c4c3662ad7120a4 +macro: MCNAND_VERSION 506d22f97f71632efa353dc347646d24570024b1 \ macro: MCNAND_VERSION test \ macro: MCNAND_VERSION HEAD
Modified: cpu/x86/pc/olpc/via/nbrx.fth ============================================================================== --- cpu/x86/pc/olpc/via/nbrx.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/via/nbrx.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -10,7 +10,8 @@ : nandblaster ( -- ) false to already-go? -1 to nb-zd-#sectors - " boot rom:nb15_rx ssid:OLPC-NANDblaster" sprintf eval + secure$ + " boot rom:nb15_rx ssid:OLPC-NANDblaster %s" sprintf eval ; alias nb nandblaster
Modified: cpu/x86/pc/olpc/wifichannel.fth ============================================================================== --- cpu/x86/pc/olpc/wifichannel.fth Mon Jul 19 23:55:55 2010 (r1887) +++ cpu/x86/pc/olpc/wifichannel.fth Tue Jul 20 01:32:54 2010 (r1888) @@ -320,6 +320,19 @@ : nb-update ( -- ) nb-auto-channel #nb-update-def ; [then]
+: load-read ( filename$ -- ) + open-dev dup 0= abort" Can't open file" >r ( r: ih ) + load-base " load" r@ $call-method !load-size + r> close-dev +; + +: secure$ ( -- adr len ) + secure? security-off? 0= and if " secure" else null$ then +; + +d# 20 value redundancy + + \ LICENSE_BEGIN \ Copyright (c) 2008 FirmWorks \