[OpenBIOS] r662 - cpu/x86/pc/olpc dev/olpc/kb3700
svn at openbios.org
svn at openbios.org
Tue Oct 2 08:40:25 CEST 2007
Author: wmb
Date: 2007-10-02 08:40:25 +0200 (Tue, 02 Oct 2007)
New Revision: 662
Modified:
cpu/x86/pc/olpc/boardrev.fth
cpu/x86/pc/olpc/devices.fth
cpu/x86/pc/olpc/fw.bth
cpu/x86/pc/olpc/security.fth
dev/olpc/kb3700/ecio.fth
Log:
q2c28 late additions - made fw autoupdate work, and various other usability improvements.
Modified: cpu/x86/pc/olpc/boardrev.fth
===================================================================
--- cpu/x86/pc/olpc/boardrev.fth 2007-10-02 04:56:15 UTC (rev 661)
+++ cpu/x86/pc/olpc/boardrev.fth 2007-10-02 06:40:25 UTC (rev 662)
@@ -24,7 +24,8 @@
h# a18
else
lx? if
- board-id@ case
+ ['] board-id@ catch if 0 then case
+ 0 of 0 endof \ EC broken
h# b2 of h# b30 endof \ preB3
( board-id ) dup h# 10 * 8 + swap \ E.g. b3 -> b38
endcase
Modified: cpu/x86/pc/olpc/devices.fth
===================================================================
--- cpu/x86/pc/olpc/devices.fth 2007-10-02 04:56:15 UTC (rev 661)
+++ cpu/x86/pc/olpc/devices.fth 2007-10-02 06:40:25 UTC (rev 662)
@@ -247,7 +247,8 @@
fload ${BP}/cpu/x86/pc/olpc/boardrev.fth \ Board revision decoding
stand-init: Date to EC
- time&date d# 2000 - ec-date! 3drop
+ time&date d# 2000 - ['] ec-date! catch if 3drop then
+ 3drop
;
stand-init: Wireless reset
Modified: cpu/x86/pc/olpc/fw.bth
===================================================================
--- cpu/x86/pc/olpc/fw.bth 2007-10-02 04:56:15 UTC (rev 661)
+++ cpu/x86/pc/olpc/fw.bth 2007-10-02 06:40:25 UTC (rev 662)
@@ -506,6 +506,12 @@
no-page
console-start
+
+ board-revision 0= if
+ ." EC problem - remove all power and restart" cr
+ begin again
+ then
+
read-game-keys
stdout off \
probe-pci
Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth 2007-10-02 04:56:15 UTC (rev 661)
+++ cpu/x86/pc/olpc/security.fth 2007-10-02 06:40:25 UTC (rev 662)
@@ -143,35 +143,40 @@
d# 32 buffer: hashname
-\ valid? checks the validity of data$ against the ASCII signature
+\ invalid? checks the validity of data$ against the ASCII signature
\ record sig01$, using the public key that pubkey$ points to.
-\ It also verifies that the hashname contained in sig01$ is not
-\ the same one that was last used (for verification of firmware
-\ images against two different hashes).
+\ It also verifies that the hashname contained in sig01$ is the
+\ expected one.
-: valid? ( data$ sig01$ -- okay? )
+: invalid? ( data$ sig01$ exp-hashname$ -- error? )
+ 2>r
parse-sig if
." Bad signature format in " bundle-name$ type cr
- false exit
- then ( data$ hashname$ sig$ )
+ 2r> 2drop true exit
+ then ( data$ hashname$ sig$ r: exp$ )
- 2swap d# 31 min ( data$ sig$ hashname$' )
-
\ Check for duplicate hashname attacks
- 2dup hashname count $= if ( data$ sig$ hashname$ )
- ." Duplicate hash name in " bundle-name$ type cr
- 4drop false exit
+ 2swap 2dup 2r> $= 0= if ( data$ sig$ hashname$ )
+ ." Wrong hash name in " bundle-name$ type cr
+ 4drop 2drop true exit
then ( data$ sig$ hashname$ )
- hashname place ( data$ sig$ )
-
- pubkey$ hashname count signature-bad? 0= ( okay? )
+ pubkey$ 2swap signature-bad? ( error? )
dup if
- " Signature valid" ?lease-debug-cr
+ " Signature invalid" ?lease-debug-cr
else
- " Signature invalid" ?lease-debug-cr
+ " Signature valid" ?lease-debug-cr
then
;
+: sha-valid? ( data$ sig01$ -- okay? ) " sha256" invalid? 0= ;
+: fw-valid? ( data$ 2*sig$ -- okay? )
+ 2swap 2>r ( 2*sig$ r: data$ )
+ newline left-parse-string ( rmd-sig$ sha-sig$ r: data$ )
+ 2r@ 2swap sha-valid? 0= if ( rmd-sig$ r: data$ )
+ 2r> 4drop false exit
+ then ( rmd-sig$ r: data$ )
+ 2r> 2swap " rmd160" invalid? 0=
+;
\ earliest is the earliest acceptable date value (in seconds).
\ It is the date that the first test version of this code was
@@ -341,7 +346,7 @@
: check-machine-signature ( sig$ expiration$ -- -1|1 )
0 hashname c!
machine-id-buf d# 51 + swap move ( sig$ )
- machine-id-buf d# 67 2swap valid? if 1 else -1 then
+ machine-id-buf d# 67 2swap sha-valid? if 1 else -1 then
;
: set-disposition ( adr -- ) c@ machine-id-buf d# 49 + c! ;
@@ -422,48 +427,6 @@
cn-buf place
;
-\ olpc-load-image is factor that is close the top level of the
-\ secure boot process. Given a directory prefix (e.g. "\boot")
-\ and a space-delimited list of device names, it searches
-\ each device in that list for an OS bundle in that directory.
-\ The name of the OS bundle file is either "actos.zip" or
-\ "runos.zip" according to whether or not a valid lease for
-\ this machine is present on the same device.
-
-: olpc-load-image ( list$ -- okay? )
- begin dup while ( list$ )
- bl left-parse-string ( list$ devname$ )
- dn-buf place ( list$' )
- ?leased ( list$ )
- " os" bundle-present? if ( list$ )
- " OS found - " ?lease-debug
- 0 hashname c!
- oskey$ to pubkey$
- img$ sig$ valid? if
- img$ tuck load-base swap move !load-size
- 2drop true exit
- then
- then ( list$ )
- repeat ( list$ )
- 2drop false
-;
-
-\ secure-load is the top level of the secure OS loading process.
-\ It searches for lease files and signed OS image bundles on several
-\ different devices. If an OS bundle is not found, it then searches
-\ the NAND FLASH for an alternate OS image.
-
-: secure-load ( -- okay? )
- load-crypto if false exit then
-
- get-my-sn if false exit then
- get-date if false exit then
-
- " \boot" pn-buf place boot-device-list olpc-load-image if true exit then
- " \boot-alt" pn-buf place " nand" olpc-load-image if true exit then
- false
-;
-
0 value alternate?
: set-alternate ( -- )
button-o game-key? if true to alternate? exit then
@@ -481,9 +444,8 @@
: ?unfreeze ( -- )
game-key@ button-check and if
- dcon-unfreeze
+ dcon-unfreeze text-on
unfreeze
- text-on
then
;
@@ -496,17 +458,13 @@
power-off
;
+: +icon-xy ( delta-x,y -- ) icon-xy d+ to icon-xy ;
+
: show-going ( -- )
h# c0 h# c0 h# c0 rgb>565 progress-xy d# 500 d# 100 " fill-rectangle" $call-screen
d# 585 d# 613 to icon-xy " bigdot" show-icon
dcon-unfreeze
;
-
-: show-check ( -- )
- icon-xy base-xy to icon-xy " check" show-icon to icon-xy
-;
-: +icon-xy ( delta-x,y -- ) icon-xy d+ to icon-xy ;
-
: show-dot ( -- )
alternate? if " yellowdot" else " lightdot" then show-icon
;
@@ -555,7 +513,7 @@
" RD found - " ?lease-debug
0 hashname c!
- img$ sig$ valid? if
+ img$ sig$ sha-valid? if
show-unlock
load-base to ramdisk-adr
img$ dup to /ramdisk ( adr len )
@@ -569,30 +527,12 @@
r> to load-path
;
-\ secure-boot performs the secure boot process
-
-: secure-boot ( -- )
- debug-security? if screen-ih stdout ! then
- ['] secure-load-ramdisk to load-ramdisk
- secure-load 0= if fail-load then
- loaded sync-cache " init-program" $find if execute else 2drop then
- go
-;
-
false value secure?
stand-init: wp
" wp" find-tag if 2drop true to secure? then
;
-\ do-secure-boot performs either the secure boot algorithm or the
-\ historical boot algorithm depending on the presence of a "wp"
-\ manufacturing data tag.
-
-: do-secure-boot ( -- ) secure? if secure-boot else boot then ;
-\ " do-secure-boot" ' boot-command set-config-string-default
-
-
\ check-devel-key tests the developer signature string "dev01$".
\ -1 means the signature is for this machine and is invalid
@@ -634,16 +574,6 @@
r> close-file drop false
;
-\ developer? searches a list of devices (given by "developer-device-list")
-\ for a valid developer key
-
-: checked-load-started ( -- )
- not-screen? if exit then
- show-check
-;
-\ ' checked-load-started to load-started
-\ noop to load-started
-
: ?toggle-secure ( -- ) button-x game-key? if secure? 0= to secure? then ;
6 buffer: fw#buf
@@ -680,11 +610,14 @@
" new - " ?lease-debug
0 hashname c!
fwkey$ to pubkey$
- img$ sig$ valid? if
+ img$ sig$ fw-valid? if
+ dcon-unfreeze text-on
+
img$ tuck flash-buf swap move ( len )
+
?image-valid ( )
true to file-loaded?
- " Updating firmware" ?lease-debug
+ " Updating firmware" ?lease-debug-cr
\ Latch alternate? flag for next startup
alternate? if [char] A h# 82 cmos! then
@@ -706,7 +639,7 @@
" OS found - " ?lease-debug
0 hashname c!
oskey$ to pubkey$
- img$ sig$ valid? if
+ img$ sig$ sha-valid? if
img$ tuck load-base swap move !load-size
show-unlock
true exit
@@ -739,6 +672,7 @@
d# 5 d# 77 +icon-xy show-dot
has-developer-key? if
+ dcon-unfreeze text-on
show-unlock
true exit
then
Modified: dev/olpc/kb3700/ecio.fth
===================================================================
--- dev/olpc/kb3700/ecio.fth 2007-10-02 04:56:15 UTC (rev 661)
+++ dev/olpc/kb3700/ecio.fth 2007-10-02 06:40:25 UTC (rev 662)
@@ -253,6 +253,7 @@
: io-spi-reprogrammed ( -- )
." Restarting..." d# 2000 ms cr
kbc-on
+ begin again
\ ." Keyboard back on" cr
;
@@ -266,6 +267,7 @@
7 to spi-us \ Measured time for "1 fea9 ec!" is 7.9 uS
ignore-power-button \ Guard against the user panicing
+ disable-interrupts \ Don't poll the EC
kbc-off
;
: use-local-ec ( -- ) ['] io-spi-start to spi-start ;
More information about the OpenBIOS
mailing list