rebuild/maintain sigheader.{h,py} in one place

external/ckcc-protocol

@@ -1 +1 @@
-Subproject commit 52b5950105af3c40dc2e6ab7c0b3a161667db787
+Subproject commit 7887bd21b5a328dc7e97fccc2c8685f53803df70

external/micropython

@@ -1 +1 @@
-Subproject commit d680d41bb547f6d81e09fa8ce6ddcea14ea97ee0
+Subproject commit 97d35f058f504a354fc6df79a8b3db5c91862501

stm32/bootloader/sigheader.h

@@ -1,92 +0,0 @@
-// (c) Copyright 2018 by Coinkite Inc. This file is covered by license found in COPYING-CC.
-//
-#pragma once
-#include <stdint.h>
-
-// Our simple firmware header.
-//
-// Although called a header, this data is placed into the middle of the binary.
-// It is located at start of firmware + 16k - sizeof(heaer). This is a gap unused in normal
-// micropython layout. Exactly the last 64 bytes (signature) should be left out of
-// the checksum. We do checksum areas beyond the end of the last byte of firmware (up to length)
-// and expect those regions to be unprogrammed flash (ones).
-//
-// - timestamp must increase with each upgrade (downgrade protection)
-// - version_string is for humans only
-// - pubkey_num indicates which pubkey was used for signature
-// - firmware_length, must be:
-//      - bigger than minimum length, less than max
-//      - 512-byte aligned
-//  - bootloader assumes the flash filesystem (FAT FS) follows the firmware.
-//  - this C header file is somewhat parsed and used by python signature-adding code
-//  - timestamp is YYMMDDHHMMSS0000 in BCD
-//
-
-typedef struct {
-    uint32_t    magic_value;            // fixed magic value
-    uint8_t     timestamp[8];           // for downgrade protection, this must increase
-    uint8_t     version_string[8];      // zero-terminated string: "1.0.0ab7" for humans
-    uint32_t    pubkey_num;             // which pubkey was used to sign binary
-    uint32_t    firmware_length;        // must be 512-aligned, and marks start of flash filesystem
-    uint32_t    install_flags;          // flags about this release
-    uint32_t    hw_compat;              // which hardware can run this release
-    uint8_t     best_ts[8];             // for downgrade protection, recommended min timestamp
-    uint32_t    future[5];              // reserved words
-    uint8_t     signature[64];          // signature over secp256k1
-} coldcardFirmwareHeader_t;
-
-#define FW_HEADER_SIZE       128
-#define FW_HEADER_OFFSET     (0x4000-FW_HEADER_SIZE)
-
-#define FW_HEADER_MAGIC             0xCC001234
-
-// Firmware Image Size
-
-// arbitrary min size
-#define FW_MIN_LENGTH        (256*1024)
-
-// (mk1-3) absolute max size: 1MB flash - 32k for bootloader = 1,015,808
-// - but practical limit for our-protocol USB upgrades: 786432 (or else settings damaged)
-#define FW_MAX_LENGTH        (0x100000 - 0x8000)
-
-// .. for Mk4: 2Mbytes, less bootrom of 128k.
-#define FW_MAX_LENGTH_MK4        (0x200000 - 0x20000)
-
-// Arguments to be used w/ python's struct module.
-#define FWH_PY_FORMAT      "<I8s8sIIII8s20s64s"
-#define FWH_PY_VALUES      "magic_value timestamp version_string pubkey_num firmware_length install_flags hw_compat best_ts future signature"
-#define FWH_NUM_FUTURE      7
-
-// offset of pubkey number
-#define FWH_PK_NUM_OFFSET   20
-
-// Bits in install_flags
-#define FWHIF_HIGH_WATER        0x01
-#define FWHIF_BEST_TS           0x02
-
-// Bits in hw_compat
-#define MK_1_OK                 0x01
-#define MK_2_OK                 0x02
-#define MK_3_OK                 0x04
-#define MK_4_OK                 0x08
-// RFU:
-#define MK_5_OK                 0x10
-#define MK_6_OK                 0x20
-
-// (Mk1-3) There is a copy of the header at this location in RAM, copied by bootloader
-// **after** it has been verified. If you write to this memory area, you will be reset!
-// .. in mk4, no header copy anymore
-#define RAM_HEADER_BASE          0x10007c20
-
-// Original copy of header, as recorded in flash/firmware file.
-#define FLASH_HEADER_BASE        0x0800bf80
-#define FLASH_HEADER_BASE_MK4    0x08023f80
-
-// (Mk1-3) One 32-bit word of flags from bootloader about how we got here (in protected RAM)
-#define RAM_BOOT_FLAGS           (RAM_HEADER_BASE + FW_HEADER_SIZE)
-
-// Bitmask for RAM_BOOT_FLAGS
-// - we just did a firmware upgrade on this bootup
-#define RBF_FRESH_VERSION      0x01
-// - factory mode: flash not yet locked-down
-#define RBF_FACTORY_MODE       0x02

stm32/bootloader/sigheader.h

@@ -0,0 +1 @@
+../sigheader.h

stm32/bootloader/sigheader.py

@@ -1,78 +0,0 @@
-# Autogen'ed file, don't edit. See bootloader/sigheader.h for original
-
-# (c) Copyright 2018 by Coinkite Inc. This file is covered by license found in COPYING-CC.
-
-# Our simple firmware header.
-# Although called a header, this data is placed into the middle of the binary.
-# It is located at start of firmware + 16k - sizeof(heaer). This is a gap unused in normal
-# micropython layout. Exactly the last 64 bytes (signature) should be left out of
-# the checksum. We do checksum areas beyond the end of the last byte of firmware (up to length)
-# and expect those regions to be unprogrammed flash (ones).
-# - timestamp must increase with each upgrade (downgrade protection)
-# - version_string is for humans only
-# - pubkey_num indicates which pubkey was used for signature
-# - firmware_length, must be:
-# - bigger than minimum length, less than max
-# - 512-byte aligned
-# - bootloader assumes the flash filesystem (FAT FS) follows the firmware.
-# - this C header file is somewhat parsed and used by python signature-adding code
-# - timestamp is YYMMDDHHMMSS0000 in BCD
-
-
-FW_HEADER_SIZE = 128
-FW_HEADER_OFFSET = (0x4000-FW_HEADER_SIZE)
-
-FW_HEADER_MAGIC = 0xCC001234
-
-# Firmware Image Size
-
-# arbitrary min size
-FW_MIN_LENGTH = (256*1024)
-
-# (mk1-3) absolute max size: 1MB flash - 32k for bootloader = 1,015,808
-# - but practical limit for our-protocol USB upgrades: 786432 (or else settings damaged)
-FW_MAX_LENGTH = (0x100000 - 0x8000)
-
-# .. for Mk4: 2Mbytes, less bootrom of 128k.
-FW_MAX_LENGTH_MK4 = (0x200000 - 0x20000)
-
-# Arguments to be used w/ python's struct module.
-FWH_PY_FORMAT = "<I8s8sIIII8s20s64s"
-FWH_PY_VALUES = "magic_value timestamp version_string pubkey_num firmware_length install_flags hw_compat best_ts future signature"
-FWH_NUM_FUTURE = 7
-
-# offset of pubkey number
-FWH_PK_NUM_OFFSET = 20
-
-# Bits in install_flags
-FWHIF_HIGH_WATER = 0x01
-FWHIF_BEST_TS = 0x02
-
-# Bits in hw_compat
-MK_1_OK = 0x01
-MK_2_OK = 0x02
-MK_3_OK = 0x04
-MK_4_OK = 0x08
-# RFU:
-MK_5_OK = 0x10
-MK_6_OK = 0x20
-
-# (Mk1-3) There is a copy of the header at this location in RAM, copied by bootloader
-# **after** it has been verified. If you write to this memory area, you will be reset!
-# .. in mk4, no header copy anymore
-RAM_HEADER_BASE = 0x10007c20
-
-# Original copy of header, as recorded in flash/firmware file.
-FLASH_HEADER_BASE = 0x0800bf80
-FLASH_HEADER_BASE_MK4 = 0x08023f80
-
-# (Mk1-3) One 32-bit word of flags from bootloader about how we got here (in protected RAM)
-RAM_BOOT_FLAGS = (RAM_HEADER_BASE + FW_HEADER_SIZE)
-
-# Bitmask for RAM_BOOT_FLAGS
-# - we just did a firmware upgrade on this bootup
-RBF_FRESH_VERSION = 0x01
-# - factory mode: flash not yet locked-down
-RBF_FACTORY_MODE = 0x02
-
-# EOF

stm32/bootloader/sigheader.py

@@ -0,0 +1 @@
+../sigheader.py

stm32/make-sigheader.py

@@ -1,4 +1,7 @@
 #!/usr/bin/env python3
+#
+# (c) Copyright 2018 by Coinkite Inc. This file is covered by license found in COPYING-CC.
+#
 
 # parse out some values from C header... and include them into globals
 def doit(c_fname, py_file):
@@ -12,7 +15,7 @@ def doit(c_fname, py_file):
             lines.append(None)
 
     with open(py_file, 'wt') as o:
-        print("# Autogen'ed file, don't edit. See bootloader/sigheader.h for original\n",file=o)
+        print("# Autogen'ed file, don't edit. See stm32/sigheader.h for original\n",file=o)
 
         for ln in lines:
             if ln is None:
@@ -30,3 +33,4 @@ def doit(c_fname, py_file):
 if __name__ == '__main__':
     doit('sigheader.h', 'sigheader.py')
 
+# EOF

stm32/mk4-bootloader/Makefile

@@ -113,10 +113,6 @@ $(TARGETS): $(TARGET_ELF) Makefile
 
 version.o: version.h
 
-# makes the .py from a shared header file
-sigheader.py: mk-sigheader.py sigheader.h
-	python3 mk-sigheader.py
-
 # link step
 $(TARGET_ELF): $(OBJS) $(LINKER_SCRIPT) Makefile
 	$(CC) $(CFLAGS) -o $(TARGET_ELF) $(LDFLAGS) $(OBJS)

stm32/mk4-bootloader/sigheader.h

@@ -1 +1 @@
-../bootloader/sigheader.h
+../sigheader.h

stm32/mk4-bootloader/sigheader.py

@@ -1 +1 @@
-../bootloader/sigheader.py
+../sigheader.py

stm32/shared.mk

@@ -26,7 +26,7 @@ PROD_KEYNUM = -k 1
 BUILD_DIR = l-port/build-$(BOARD)
 MAKE_ARGS = BOARD=$(BOARD) -j 4 EXCLUDE_NGU_TESTS=1 DEBUG_BUILD=$(DEBUG_BUILD)
 
-all: $(BOARD)/file_time.c
+all: $(BOARD)/file_time.c sigheader.py
 	cd $(PORT_TOP) && $(MAKE) $(MAKE_ARGS)
 
 clean:
@@ -81,6 +81,11 @@ $(BOARD)/file_time.c: make_filetime.py version.mk
 	./make_filetime.py $(BOARD)/file_time.c $(VERSION_STRING)
 	cp $(BOARD)/file_time.c .
 
+# Makes the .py from a shared header file
+# - used by q1/mk4/earlier bootroms, and also signit
+sigheader.py: make-sigheader.py sigheader.h
+	python3 make-sigheader.py
+
 # Make a factory release: using key #1
 # - when executed in a repro w/o the required key, it defaults to key zero
 # - and that's what happens inside the Docker build

stm32/sigheader.h

@@ -0,0 +1,92 @@
+// (c) Copyright 2018 by Coinkite Inc. This file is covered by license found in COPYING-CC.
+//
+#pragma once
+#include <stdint.h>
+
+// Our simple firmware header.
+//
+// Although called a header, this data is placed into the middle of the binary.
+// It is located at start of firmware + 16k - sizeof(heaer). This is a gap unused in normal
+// micropython layout. Exactly the last 64 bytes (signature) should be left out of
+// the checksum. We do checksum areas beyond the end of the last byte of firmware (up to length)
+// and expect those regions to be unprogrammed flash (ones).
+//
+// - timestamp must increase with each upgrade (downgrade protection)
+// - version_string is for humans only
+// - pubkey_num indicates which pubkey was used for signature
+// - firmware_length, must be:
+//      - bigger than minimum length, less than max
+//      - 512-byte aligned
+//  - bootloader assumes the flash filesystem (FAT FS) follows the firmware.
+//  - this C header file is somewhat parsed and used by python signature-adding code
+//  - timestamp is YYMMDDHHMMSS0000 in BCD
+//
+
+typedef struct {
+    uint32_t    magic_value;            // fixed magic value
+    uint8_t     timestamp[8];           // for downgrade protection, this must increase
+    uint8_t     version_string[8];      // zero-terminated string: "1.0.0ab7" for humans
+    uint32_t    pubkey_num;             // which pubkey was used to sign binary
+    uint32_t    firmware_length;        // must be 512-aligned, and marks start of flash filesystem
+    uint32_t    install_flags;          // flags about this release
+    uint32_t    hw_compat;              // which hardware can run this release
+    uint8_t     best_ts[8];             // for downgrade protection, recommended min timestamp
+    uint32_t    future[5];              // reserved words
+    uint8_t     signature[64];          // signature over secp256k1
+} coldcardFirmwareHeader_t;
+
+#define FW_HEADER_SIZE       128
+#define FW_HEADER_OFFSET     (0x4000-FW_HEADER_SIZE)
+
+#define FW_HEADER_MAGIC             0xCC001234
+
+// Firmware Image Size
+
+// arbitrary min size
+#define FW_MIN_LENGTH        (256*1024)
+
+// (mk1-3) absolute max size: 1MB flash - 32k for bootloader = 1,015,808
+// - but practical limit for our-protocol USB upgrades: 786432 (or else settings damaged)
+#define FW_MAX_LENGTH        (0x100000 - 0x8000)
+
+// .. for Mk4: 2Mbytes, less bootrom of 128k.
+#define FW_MAX_LENGTH_MK4        (0x200000 - 0x20000)
+
+// Arguments to be used w/ python's struct module.
+#define FWH_PY_FORMAT      "<I8s8sIIII8s20s64s"
+#define FWH_PY_VALUES      "magic_value timestamp version_string pubkey_num firmware_length install_flags hw_compat best_ts future signature"
+#define FWH_NUM_FUTURE      7
+
+// offset of pubkey number
+#define FWH_PK_NUM_OFFSET   20
+
+// Bits in install_flags
+#define FWHIF_HIGH_WATER        0x01
+#define FWHIF_BEST_TS           0x02
+
+// Bits in hw_compat
+#define MK_1_OK                 0x01
+#define MK_2_OK                 0x02
+#define MK_3_OK                 0x04
+#define MK_4_OK                 0x08
+#define MK_Q1_OK                0x10
+// RFU:
+#define MK_6_OK                 0x20
+
+// (Mk1-3) There is a copy of the header at this location in RAM, copied by bootloader
+// **after** it has been verified. If you write to this memory area, you will be reset!
+// .. in mk4, no header copy anymore
+#define RAM_HEADER_BASE          0x10007c20
+
+// Original copy of header, as recorded in flash/firmware file.
+#define FLASH_HEADER_BASE        0x0800bf80
+#define FLASH_HEADER_BASE_MK4    0x08023f80
+
+// (Mk1-3) One 32-bit word of flags from bootloader about how we got here (in protected RAM)
+#define RAM_BOOT_FLAGS           (RAM_HEADER_BASE + FW_HEADER_SIZE)
+
+// Bitmask for RAM_BOOT_FLAGS
+// - we just did a firmware upgrade on this bootup
+#define RBF_FRESH_VERSION      0x01
+// - factory mode: flash not yet locked-down
+#define RBF_FACTORY_MODE       0x02

stm32/sigheader.py

@@ -0,0 +1,78 @@
+# Autogen'ed file, don't edit. See stm32/sigheader.h for original
+
+# (c) Copyright 2018 by Coinkite Inc. This file is covered by license found in COPYING-CC.
+
+# Our simple firmware header.
+# Although called a header, this data is placed into the middle of the binary.
+# It is located at start of firmware + 16k - sizeof(heaer). This is a gap unused in normal
+# micropython layout. Exactly the last 64 bytes (signature) should be left out of
+# the checksum. We do checksum areas beyond the end of the last byte of firmware (up to length)
+# and expect those regions to be unprogrammed flash (ones).
+# - timestamp must increase with each upgrade (downgrade protection)
+# - version_string is for humans only
+# - pubkey_num indicates which pubkey was used for signature
+# - firmware_length, must be:
+# - bigger than minimum length, less than max
+# - 512-byte aligned
+# - bootloader assumes the flash filesystem (FAT FS) follows the firmware.
+# - this C header file is somewhat parsed and used by python signature-adding code
+# - timestamp is YYMMDDHHMMSS0000 in BCD
+
+
+FW_HEADER_SIZE = 128
+FW_HEADER_OFFSET = (0x4000-FW_HEADER_SIZE)
+
+FW_HEADER_MAGIC = 0xCC001234
+
+# Firmware Image Size
+
+# arbitrary min size
+FW_MIN_LENGTH = (256*1024)
+
+# (mk1-3) absolute max size: 1MB flash - 32k for bootloader = 1,015,808
+# - but practical limit for our-protocol USB upgrades: 786432 (or else settings damaged)
+FW_MAX_LENGTH = (0x100000 - 0x8000)
+
+# .. for Mk4: 2Mbytes, less bootrom of 128k.
+FW_MAX_LENGTH_MK4 = (0x200000 - 0x20000)
+
+# Arguments to be used w/ python's struct module.
+FWH_PY_FORMAT = "<I8s8sIIII8s20s64s"
+FWH_PY_VALUES = "magic_value timestamp version_string pubkey_num firmware_length install_flags hw_compat best_ts future signature"
+FWH_NUM_FUTURE = 7
+
+# offset of pubkey number
+FWH_PK_NUM_OFFSET = 20
+
+# Bits in install_flags
+FWHIF_HIGH_WATER = 0x01
+FWHIF_BEST_TS = 0x02
+
+# Bits in hw_compat
+MK_1_OK = 0x01
+MK_2_OK = 0x02
+MK_3_OK = 0x04
+MK_4_OK = 0x08
+MK_Q1_OK = 0x10
+# RFU:
+MK_6_OK = 0x20
+
+# (Mk1-3) There is a copy of the header at this location in RAM, copied by bootloader
+# **after** it has been verified. If you write to this memory area, you will be reset!
+# .. in mk4, no header copy anymore
+RAM_HEADER_BASE = 0x10007c20
+
+# Original copy of header, as recorded in flash/firmware file.
+FLASH_HEADER_BASE = 0x0800bf80
+FLASH_HEADER_BASE_MK4 = 0x08023f80
+
+# (Mk1-3) One 32-bit word of flags from bootloader about how we got here (in protected RAM)
+RAM_BOOT_FLAGS = (RAM_HEADER_BASE + FW_HEADER_SIZE)
+
+# Bitmask for RAM_BOOT_FLAGS
+# - we just did a firmware upgrade on this bootup
+RBF_FRESH_VERSION = 0x01
+# - factory mode: flash not yet locked-down
+RBF_FACTORY_MODE = 0x02
+
+# EOF