[OpenBIOS] r813 - cpu/x86/pc/olpc

svn at openbios.org svn at openbios.org
Tue Feb 5 08:48:34 CET 2008 

Author: wmb
Date: 2008-02-05 08:48:34 +0100 (Tue, 05 Feb 2008)
New Revision: 813

Modified:
   cpu/x86/pc/olpc/fw.bth
   cpu/x86/pc/olpc/security.fth
Log:
OLPC security - block exceptions during secure startup.


Modified: cpu/x86/pc/olpc/fw.bth
===================================================================
--- cpu/x86/pc/olpc/fw.bth	2008-02-05 06:43:24 UTC (rev 812)
+++ cpu/x86/pc/olpc/fw.bth	2008-02-05 07:48:34 UTC (rev 813)
@@ -261,10 +261,10 @@
    false
 ;
 
-: protect-fw  ( -- )
-   " wp" find-tag  if  2drop ec-indexed-io-off  then
-;
+false value secure?
 
+: protect-fw  ( -- )  secure?  if  ec-indexed-io-off  then  ;
+
 \ stand-init-debug?  [if]
 warning @  warning off 
 : init
@@ -350,7 +350,6 @@
 ' gx-power-off to power-off
 [then]
 
-
 : dimmer  ( -- )  screen-ih  if  " dimmer" screen-ih $call-method  then  ;
 : brighter  ( -- )  screen-ih  if  " brighter" screen-ih $call-method  then  ;
 
@@ -558,6 +557,7 @@
 : startup  ( -- )
    standalone?  0=  if  exit  then
 
+   block-exceptions
    no-page
 
    ?factory-mode
@@ -585,6 +585,7 @@
    ?diags
    ?fs-update
    secure-startup
+   unblock-exceptions
    ['] (interrupt-auto-boot?) to interrupt-auto-boot?
    text-on
    banner

Modified: cpu/x86/pc/olpc/security.fth
===================================================================
--- cpu/x86/pc/olpc/security.fth	2008-02-05 06:43:24 UTC (rev 812)
+++ cpu/x86/pc/olpc/security.fth	2008-02-05 07:48:34 UTC (rev 813)
@@ -564,13 +564,29 @@
    r> to load-path
 ;
 
-false value secure?
 false value in-factory?
 
 stand-init: wp
    " wp" find-tag  if  2drop  true to secure?  then
 ;
 
+: message-and-off  ( -- )
+   aborted? @  if
+      aborted? off
+      ." Keyboard interrupt" cr
+   else
+      (.exception)
+   then
+   ." Powering off ..."
+   d# 5000 ms
+   power-off
+;
+
+: block-exceptions  ( -- )
+   secure?  if   ['] message-and-off  to .exception  then
+;
+: unblock-exceptions  ( -- )  ['] .entry  to .exception  ;
+
 \ check-devel-key tests the developer signature string "dev01$".
 
 \ -1 means the signature is for this machine and is invalid

More information about the OpenBIOS mailing list