aepko/Ardupilot2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HAL_ChibiOS: protect against flashing bootloader without public keys

Browse Source
This commit is contained in:
Andrew Tridgell 2022-09-03 08:45:32 +10:00
parent a6c5e38c5a
commit b74c9b5862
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libraries/AP_HAL_ChibiOS/Util.cpp
View File

@ -45,6 +45,10 @@
extern AP_IOMCU iomcu; extern AP_IOMCU iomcu;
#endif #endif
#if AP_SIGNED_FIRMWARE && !defined(HAL_BOOTLOADER_BUILD)
#include <AP_CheckFirmware/AP_CheckFirmware.h>
#endif
extern const AP_HAL::HAL& hal; extern const AP_HAL::HAL& hal;
using namespace ChibiOS; using namespace ChibiOS;
@ -268,6 +272,18 @@ Util::FlashBootloader Util::flash_bootloader()
Debug("failed to find %s\n", fw_name); Debug("failed to find %s\n", fw_name);
return FlashBootloader::NOT_AVAILABLE; return FlashBootloader::NOT_AVAILABLE;
} }
#if AP_SIGNED_FIRMWARE
if (!AP_CheckFirmware::check_signed_bootloader(fw, fw_size)) {
// don't allow flashing of an unsigned bootloader in a secure
// setup. This prevents the easy mistake of leaving an
// unsigned bootloader in ROMFS, which would give a trivail
// way to bypass signing
AP_ROMFS::free(fw);
return FlashBootloader::NOT_SIGNED;
}
#endif
// make sure size is multiple of 32 // make sure size is multiple of 32
fw_size = (fw_size + 31U) & ~31U; fw_size = (fw_size + 31U) & ~31U;