x1000: Add a basic sanity check for bootloader backups

The bootloader backup is intentionally simple, but it's a little
*too* simple. Add a sanity check to make sure what we're backing
up or restoring contains the first 8 bytes of the SPL header.
This isn't going to catch all possible problems, but it'll stop
obviously non-functional backups from being restored.

Change-Id: I6e80351aeb96c467f0514bd0ecd77d94ff72a8f8
This commit is contained in:
Aidan MacDonald 2022-10-28 20:27:59 +01:00
parent 202eb8c06a
commit 9e258652c4
2 changed files with 17 additions and 0 deletions

View file

@ -62,6 +62,9 @@ static const struct update_part updates[] = {
static const int num_updates = sizeof(updates) / sizeof(struct update_part); static const int num_updates = sizeof(updates) / sizeof(struct update_part);
static const uint8_t flash_sig_magic[8] =
{0x06, 0x05, 0x04, 0x03, 0x02, 0x55, 0xaa, 0x55};
/* calculate the offset and length of the update image; this is constant /* calculate the offset and length of the update image; this is constant
* for a given target, based on the update parts and the NAND chip geometry. * for a given target, based on the update parts and the NAND chip geometry.
*/ */
@ -249,6 +252,12 @@ int backup_bootloader(const char* filename)
goto error; goto error;
} }
/* bail if we're backing up something that looks like garbage */
if (memcmp(u.img_buf, flash_sig_magic, 8)) {
rc = IERR_CORRUPTED_BACKUP;
goto error;
}
/* write to file */ /* write to file */
fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY); fd = open(filename, O_CREAT|O_TRUNC|O_WRONLY);
if(fd < 0) { if(fd < 0) {
@ -293,6 +302,12 @@ int restore_bootloader(const char* filename)
goto error; goto error;
} }
/* safety check to reduce risk of flashing complete garbage */
if (memcmp(u.img_buf, flash_sig_magic, 8)) {
rc = IERR_CORRUPTED_BACKUP;
goto error;
}
/* write image */ /* write image */
rc = nand_write_bytes(u.ndrv, u.img_off, u.img_len, u.img_buf); rc = nand_write_bytes(u.ndrv, u.img_off, u.img_len, u.img_buf);
if(rc != NAND_SUCCESS) { if(rc != NAND_SUCCESS) {
@ -320,6 +335,7 @@ const char* installer_strerror(int rc)
case IERR_NAND_OPEN: return "NAND open error"; case IERR_NAND_OPEN: return "NAND open error";
case IERR_NAND_READ: return "NAND read error"; case IERR_NAND_READ: return "NAND read error";
case IERR_NAND_WRITE: return "NAND write error"; case IERR_NAND_WRITE: return "NAND write error";
case IERR_CORRUPTED_BACKUP: return "Backup is corrupt";
default: return "Unknown error!?"; default: return "Unknown error!?";
} }
} }

View file

@ -45,6 +45,7 @@ enum {
IERR_NAND_OPEN, IERR_NAND_OPEN,
IERR_NAND_READ, IERR_NAND_READ,
IERR_NAND_WRITE, IERR_NAND_WRITE,
IERR_CORRUPTED_BACKUP,
}; };
extern int install_bootloader(const char* filename); extern int install_bootloader(const char* filename);