B0 self lock before jump #20110
B0 self lock before jump #20110
Conversation
michalek-no
requested review from
nvlsianpu,
fundakol,
nordicjm,
de-nordic and
gchwier
github-actions
bot
added
the
changelog-entry-required
CI InformationTo view the history of this post, clich the 'edited' button above Inputs:Sources:sdk-nrf: PR head: e342f8a184de2af57405a21dbc112297e0f0f29f more detailssdk-nrf:
Github labels
List of changed files detected by CI (2)Outputs:ToolchainVersion: 342151af73 Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped;
|
|
You can find the documentation preview for this PR at this link. Note: This comment is automatically posted by the Documentation Publish GitHub Action. |
michalek-no
force-pushed
the
mb-b0-self-lock
branch
2 times, most recently
from
b064fa9 to
056c521
Compare
michalek-no
force-pushed
the
mb-b0-self-lock
branch
2 times, most recently
from
2abe768 to
60d24dd
Compare
|
rebase |
michalek-no
force-pushed
the
mb-b0-self-lock
branch
4 times, most recently
from
cf1c54a to
e12aa78
Compare
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| : | ||
| : "r" (vector_table[1]), "i" (CONFIG_SRAM_BASE_ADDRESS), | ||
| "i" (CONFIG_SRAM_SIZE * 1024), "i" (0) | ||
| : "r0", "r1", "r2", "r3", "memory" | ||
| ); | ||
| #elif defined(CONFIG_SB_DISABLE_SELF_R_X) | ||
|
|
||
| relocate_bootconf_disable_r_x_and_jump()(vector_table[1]); |
There was a problem hiding this comment.
strange syntax. Is that r0 might contain value of reset_vector, if not (vector_table[1]) does the job of populating r0?
I would rather create two alternatives of relocate_bootconf_disable_r_x_and_jump() function.
There was a problem hiding this comment.
Yeah, that might be a problem since at the point of execution of the relocate_bootconf_disable_r_x_and_jump, the vector_table, which is not constant, has already been wiped.
I think the relocate_bootconf_disable_r_x_and_jump should combine both the cleanup and lock.
There was a problem hiding this comment.
it returns pointer to the function in ram that is being called in place with vector_table
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| ); | ||
| } | ||
|
|
||
| static ram_fn_ptr relocate_bootconf_disable_r_x_and_jump(void) |
There was a problem hiding this comment.
how this function preserves r0 value?
There was a problem hiding this comment.
this function returns pointer to the callable one
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| @@ -174,13 +223,18 @@ void bl_boot(const struct fw_info *fw_info) | |||
| " b clear\n" | |||
| "out:\n" | |||
| " dsb\n" | |||
| #ifndef CONFIG_SB_DISABLE_SELF_R_X | |||
There was a problem hiding this comment.
If you disable the jump to vector, r0 is not needed here so the line 211 can be commented out and in line 233 the r0 does not have to be on list. I suspect that impact on size is not that great, but code will get uglier.
michalek-no
force-pushed
the
mb-b0-self-lock
branch
2 times, most recently
from
dcbbcee to
b265d74
Compare
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| #define FUNCTION_BUFFER_LEN 128 | ||
| #define RRAMC_REGION_RWX_LSB 0 | ||
| #define RRAMC_REGION_RWX_WIDTH 3 | ||
| #define RRAMC_REGION_TO_LOCK_ADDR 0x5004b56c |
There was a problem hiding this comment.
should get this address from dts then offset using the nrfx hal offset define
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| #define RRAMC_REGION_TO_LOCK_ADDR_H (RRAMC_REGION_TO_LOCK_ADDR >> 16) | ||
| #define RRAMC_REGION_TO_LOCK_ADDR_L (RRAMC_REGION_TO_LOCK_ADDR & 0x0000fffful) |
There was a problem hiding this comment.
would assume these are in that file too
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| #define RRAMC_REGION_TO_LOCK_ADDR_H (RRAMC_REGION_TO_LOCK_ADDR >> 16) | ||
| #define RRAMC_REGION_TO_LOCK_ADDR_L (RRAMC_REGION_TO_LOCK_ADDR & 0x0000fffful) | ||
| typedef void (*ram_fn_ptr)(uint32_t); | ||
| uint8_t ram_exec_buf[FUNCTION_BUFFER_LEN]; |
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| " MOV r5, %0\n" | ||
| " MOV r1, %1\n" | ||
| " MOVT r1, %2\n" | ||
| " LDR r0, [r1]\n" | ||
| /* Size of the region should be set at this point | ||
| * by provisioning through BOOTCONF. If not set it according partition size. | ||
| */ | ||
| " RORS r4, r0, #16\n" | ||
| " CBNZ r4, clear_rwx\n" | ||
| " MOVT r0, %3\n" | ||
| "clear_rwx:\n" | ||
| " BFC r0, %4, %5\n" | ||
| " STR r0, [r1]\n" | ||
| " DSB\n" | ||
| " BX r5\n" |
There was a problem hiding this comment.
lowercase like below code does
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| : "r" (vector), "i" (RRAMC_REGION_TO_LOCK_ADDR_L), | ||
| "i" (RRAMC_REGION_TO_LOCK_ADDR_H), "i" (CONFIG_PM_PARTITION_SIZE_B0_IMAGE / 1024), | ||
| "i" (RRAMC_REGION_RWX_LSB), "i" (RRAMC_REGION_RWX_WIDTH) | ||
| : "r0", "r1", "r2", "r4", "r5", "memory" |
There was a problem hiding this comment.
r2 doesn't look to be used
subsys/bootloader/bl_boot/bl_boot.c
Outdated
| #endif /* CONFIG_SB_CLEANUP_RAM */ | ||
|
|
||
| #if defined(CONFIG_SB_DISABLE_SELF_R_X) | ||
| relocate_bootconf_disable_r_x_and_jump()(vector_table[1]); |
There was a problem hiding this comment.
don't think this will work, at this point the RAM is blank, and you are returning to C-land where it expects to have a fully working stack pointer including all data on stack. Would just make more sense to have one asm block with #ifdefs in it to select which parts are enabled or not, without calling C functions in-between
Disables read and execute on memory containing NSIB right before jumping to application. Signed-off-by: Mateusz Michalek <[email protected]>
michalek-no
force-pushed
the
mb-b0-self-lock
branch
from
b265d74 to
e342f8a
Compare
Disables read and execute on memory containing NSIB
right before jumping to application.