Google Git
Sign in
opensecura / 3p / lowrisc / opentitan / 7db405b60271dfebdced5c99d302c8f84d424b8e^! / .
commit7db405b60271dfebdced5c99d302c8f84d424b8e[log] [tgz]
authorMiguel Osorio <miguelosorio@google.com>Tue Sep 24 08:53:27 2019 -0700
committerMiguel Osorio <miguelaosoriol@gmail.com>Thu Sep 26 12:45:31 2019 -0700
tree76897cc403fcb20cfd97d2262ab086f71d3f634e
parentd68c98db13a34d29e0b5d467de7e622fb8102e2b [diff]
[sw/boot_rom] Add SHA256 checks to each frame.

Check integrity of each received frame payload against the hash stored
in its header. Fail bootstrap if there is an invalid frame found. Retry
logic will be added in a separate commit.

diff --git a/sw/boot_rom/bootstrap.c b/sw/boot_rom/bootstrap.c
index abff09c..fa41e0f 100644
--- a/sw/boot_rom/bootstrap.c
+++ b/sw/boot_rom/bootstrap.c

@@ -6,6 +6,7 @@
 
 #include "common.h"
 #include "flash_ctrl.h"
+#include "hw_sha256.h"
 #include "gpio.h"
 #include "spi_device.h"
 #include "uart.h"  // TODO: Wrap uart in DEBUG macros.
@@ -37,6 +38,19 @@
   return 0;
 }
 
+/* Calculates SHA256 hash of received data and compares it against recieved
+ * hash. Returns 0 if both hashes are identical. */
+static int check_frame_hash(const frame_t *f) {
+  static uint32_t hash[8];
+  uint32_t result = 0;
+  hw_SHA256_hash((uint8_t *)&f->hdr.frame_num, RAW_BUFFER_SIZE - 32,
+                 (uint8_t *)hash);
+  for (int i = 0; i < 8; ++i) {
+    result |= hash[i] ^ f->hdr.hash[i];
+  }
+  return result;
+}
+
 /* Processes frames received via spid interface and writes them to flash. */
 static int bootstrap_flash(void) {
   static frame_t f;
@@ -51,13 +65,18 @@
       uart_send_uint(expected_frame_no, 32);
       uart_send_str("\r\n");
 
-      // TODO: Add hash check.
+      if (check_frame_hash(&f)) {
+        uart_send_str("Error: detected hash mismatch on frame: ");
+        uart_send_uint(f.hdr.frame_num, 32);
+        uart_send_str("\r\n");
+        return E_BS_BAD_HASH_FRAME;
+      }
+
       if (FRAME_NO(f.hdr.frame_num) == expected_frame_no) {
-        // TODO: Add ack computation.
+        hw_SHA256_hash(&f, sizeof(f), ack);
         spid_send(ack, sizeof(ack));
 
         if (expected_frame_no == 0) {
-          // TODO: Add signed header checks.
           flash_default_region_access(/*rd_en=*/1, /*prog_en=*/1,
                                       /*erase_en=*/1);
           int rv = erase_flash();
@@ -92,6 +111,9 @@
   flash_init_block();
 
   int rv = bootstrap_flash();
+  if (rv) {
+    rv |= erase_flash();
+  }
 
   // Always make sure to revert flash_ctrl access to default settings.
   // bootstrap_flash enables access to flash to perform update.

diff --git a/sw/boot_rom/bootstrap_msgs.h b/sw/boot_rom/bootstrap_msgs.h
index 81ed9b9..2ad9331 100644
--- a/sw/boot_rom/bootstrap_msgs.h
+++ b/sw/boot_rom/bootstrap_msgs.h

@@ -31,8 +31,7 @@
 } frame_t;
 
 /* Bootstrap error codes */
-
-/* Errors requiring reset */
+#define E_BS_BAD_HASH_FRAME 9
 #define E_BS_ERASE 10
 #define E_BS_NOTEMPTY 11
 #define E_BS_WRITE 12