call bootloader update from coreapp

core/SConscript.firmware

@@ -468,6 +468,7 @@ ALLPATHS = [
         'embed/models',
         'embed/gfx/inc',
         'embed/sys/bsp/inc',
+        'embed/util/bl_check/inc',
         'embed/util/image/inc',
         'embed/util/rsod/inc',
         'embed/util/scm_revision/inc',
@@ -907,6 +908,16 @@ if 'nrf' in FEATURES_AVAILABLE:
             f'embed/models/{TREZOR_MODEL}/trezor-ble.bin',
             )
 
+tools.embed_compressed_binary(
+        obj_program,
+        env,
+        'bootloader',
+        'embed/projects/bootloaders/bootloader.o',
+        f'embed/models/{TREZOR_MODEL}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin',
+        'firmware',
+        'bootloader',
+        )
+
 env.Depends(obj_program, qstr_generated)
 
 linkerscript_gen = env.Command(

core/SConscript.kernel

@@ -408,16 +408,6 @@ obj_program.extend(
         ' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
         ' $SOURCE $TARGET', ))
 
-tools.embed_compressed_binary(
-        obj_program,
-        env,
-        'bootloader',
-        'embed/projects/bootloaders/bootloader.o',
-        f'embed/models/{TREZOR_MODEL}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin',
-        'kernel',
-        'bootloader',
-        )
-
 if "secmon_layout" in FEATURES_AVAILABLE:
     tools.embed_raw_binary(
             obj_program,

core/SConscript.prodtest

@@ -67,6 +67,7 @@ SOURCE_MOD_CRYPTO += [
     'vendor/trezor-crypto/bignum.c',
     'vendor/trezor-crypto/blake256.c',
     'vendor/trezor-crypto/blake2b.c',
+    'vendor/trezor-crypto/blake2s.c',
     'vendor/trezor-crypto/buffer.c',
     'vendor/trezor-crypto/chacha_drbg.c',
     'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c',
@@ -124,6 +125,7 @@ SOURCE_MOD += [
     'embed/gfx/gfx_draw.c',
     'embed/gfx/terminal.c',
     'embed/io/display/display_utils.c',
+    'embed/util/bl_check/bl_check.c',
     'embed/util/image/image.c',
     'embed/util/rsod/rsod.c',
     'embed/util/scm_revision/scm_revision.c',
@@ -206,6 +208,7 @@ ALLPATHS = [
         'embed/models',
         'embed/gfx/inc',
         'embed/sys/bsp/inc',
+        'embed/util/bl_check/inc',
         'embed/util/image/inc',
         'embed/util/rsod/inc',
         'embed/util/scm_revision/inc',

core/SConscript.prodtest_emu

@@ -58,6 +58,7 @@ SOURCE_MOD_CRYPTO += [
     'vendor/trezor-crypto/bignum.c',
     'vendor/trezor-crypto/blake256.c',
     'vendor/trezor-crypto/blake2b.c',
+    'vendor/trezor-crypto/blake2s.c',
     'vendor/trezor-crypto/buffer.c',
     'vendor/trezor-crypto/chacha_drbg.c',
     'vendor/trezor-crypto/chacha20poly1305/chacha_merged.c',
@@ -115,6 +116,7 @@ SOURCE_MOD += [
     'embed/gfx/gfx_draw.c',
     'embed/gfx/terminal.c',
     'embed/io/display/display_utils.c',
+    'embed/util/bl_check/bl_check.c',
     'embed/util/image/image.c',
     'embed/util/rsod/rsod.c',
     'embed/util/scm_revision/scm_revision.c',
@@ -194,6 +196,7 @@ ALLPATHS = ['embed/rust',
            'embed/models',
            'embed/projects/unix',
            'embed/gfx/inc',
+           'embed/util/bl_check/inc',
            'embed/util/image/inc',
            'embed/util/rsod/inc',
            'embed/util/scm_revision/inc',

core/SConscript.secmon

@@ -361,10 +361,6 @@ cmake_gen = env.Command(
     action='$MAKECMAKELISTS --sources $ALLSOURCES --dirs $CPPPATH --defs $ALLDEFS',
 )
 
-BOOTLOADER_SUFFIX = TREZOR_MODEL
-if BOOTLOADER_QA:
-    BOOTLOADER_SUFFIX += '_qa'
-
 # select vendor header
 if BOOTLOADER_QA or BOOTLOADER_DEVEL:
     vendor = "dev_DO_NOT_SIGN_signed_dev"
@@ -389,16 +385,6 @@ obj_program.extend(
         ' --rename-section .data=.vendorheader,alloc,load,readonly,contents'
         ' $SOURCE $TARGET', ))
 
-tools.embed_compressed_binary(
-        obj_program,
-        env,
-        'bootloader',
-        'embed/projects/bootloaders/bootloader.o',
-        f'embed/models/{TREZOR_MODEL}/bootloaders/bootloader_{BOOTLOADER_SUFFIX}.bin',
-        'secmon',
-        'bootloader',
-        )
-
 linkerscript_gen = env.Command(
     target='memory.ld',
     source=[f'embed/models/{TREZOR_MODEL}/memory_secmon.ld', env.get('ENV')['LINKER_SCRIPT'].format(target='secmon')],

core/embed/io/nrf/stm32u5/nrf_update.c

@@ -27,7 +27,7 @@
 
 #include "../nrf_internal.h"
 #include "rust_smp.h"
-#include "sec/hash_processor.h"
+#include "sha2.h"
 #include "sys/systick.h"
 
 #define IMAGE_HASH_LEN 32
@@ -134,7 +134,10 @@ bool nrf_update(const uint8_t *image_ptr, size_t image_len) {
 
   uint8_t sha256[SHA256_DIGEST_LENGTH] = {0};
 
-  hash_processor_sha256_calc(image_ptr, image_len, sha256);
+  SHA256_CTX ctx;
+  sha256_Init(&ctx);
+  sha256_Update(&ctx, image_ptr, image_len);
+  sha256_Final(&ctx, sha256);
 
   smp_upload_app_image(image_ptr, image_len, sha256, SHA256_DIGEST_LENGTH);
 

core/embed/projects/boardloader/main.c

@@ -59,18 +59,6 @@
 #include "sd_update.h"
 #endif
 
-const uint8_t BOARDLOADER_KEY_M = 2;
-const uint8_t BOARDLOADER_KEY_N = 3;
-static const uint8_t * const BOARDLOADER_KEYS[] = {
-#if !PRODUCTION
-    (const uint8_t *)"\xdb\x99\x5f\xe2\x51\x69\xd1\x41\xca\xb9\xbb\xba\x92\xba\xa0\x1f\x9f\x2e\x1e\xce\x7d\xf4\xcb\x2a\xc0\x51\x90\xf3\x7f\xcc\x1f\x9d",
-    (const uint8_t *)"\x21\x52\xf8\xd1\x9b\x79\x1d\x24\x45\x32\x42\xe1\x5f\x2e\xab\x6c\xb7\xcf\xfa\x7b\x6a\x5e\xd3\x00\x97\x96\x0e\x06\x98\x81\xdb\x12",
-    (const uint8_t *)"\x22\xfc\x29\x77\x92\xf0\xb6\xff\xc0\xbf\xcf\xdb\x7e\xdb\x0c\x0a\xa1\x4e\x02\x5a\x36\x5e\xc0\xe3\x42\xe8\x6e\x38\x29\xcb\x74\xb6",
-#else
-    MODEL_BOARDLOADER_KEYS
-#endif
-};
-
 static void drivers_init(void) {
 #ifdef USE_PMIC
   pmic_init();
@@ -136,8 +124,7 @@ int main(void) {
   drivers_init();
 
 #ifdef USE_SD_CARD
-  sd_update_check_and_update(BOARDLOADER_KEYS, BOARDLOADER_KEY_M,
-                             BOARDLOADER_KEY_N);
+  sd_update_check_and_update();
 #endif
 
   const image_header *hdr = read_image_header(
@@ -147,9 +134,7 @@ int main(void) {
   ensure(hdr == (const image_header *)BOOTLOADER_START ? sectrue : secfalse,
          "invalid bootloader header");
 
-  ensure(check_image_header_sig(hdr, BOARDLOADER_KEY_M, BOARDLOADER_KEY_N,
-                                BOARDLOADER_KEYS),
-         "invalid bootloader signature");
+  ensure(check_bootloader_header_sig(hdr), "invalid bootloader signature");
 
   ensure(check_image_contents(hdr, IMAGE_HEADER_SIZE, &BOOTLOADER_AREA),
          "invalid bootloader hash");

core/embed/projects/boardloader/sd_update.c

@@ -25,8 +25,7 @@
 __attribute__((section(".buf")))
 uint32_t sdcard_buf[BOOTLOADER_MAXSIZE / sizeof(uint32_t)];
 
-static uint32_t check_sdcard(const uint8_t *const *keys, uint8_t key_m,
-                             uint8_t key_n) {
+static uint32_t check_sdcard(void) {
   if (sectrue != sdcard_power_on()) {
     return 0;
   }
@@ -57,7 +56,7 @@ static uint32_t check_sdcard(const uint8_t *const *keys, uint8_t key_m,
       return 0;
     }
 
-    if (sectrue != check_image_header_sig(hdr, key_m, key_n, keys)) {
+    if (sectrue != check_bootloader_header_sig(hdr)) {
       return 0;
     }
 
@@ -91,8 +90,7 @@ static uint32_t check_sdcard(const uint8_t *const *keys, uint8_t key_m,
 
 static void progress_callback(int pos, int len) { term_printf("."); }
 
-static secbool copy_sdcard(const uint8_t *const *keys, uint8_t key_m,
-                           uint8_t key_n) {
+static secbool copy_sdcard(void) {
   display_set_backlight(255);
 
   term_printf("Trezor Boardloader\n");
@@ -107,7 +105,7 @@ static secbool copy_sdcard(const uint8_t *const *keys, uint8_t key_m,
   for (int i = 10; i >= 0; i--) {
     term_printf("%d ", i);
     hal_delay(1000);
-    codelen = check_sdcard(keys, key_m, key_n);
+    codelen = check_sdcard();
     if (0 == codelen) {
       term_printf("\n\nno SD card, aborting\n");
       return secfalse;
@@ -140,8 +138,7 @@ static secbool copy_sdcard(const uint8_t *const *keys, uint8_t key_m,
   return sectrue;
 }
 
-void sd_update_check_and_update(const uint8_t *const *keys, uint8_t key_m,
-                                uint8_t key_n) {
+void sd_update_check_and_update(void) {
   sdcard_init();
 
   // If the bootloader is being updated from SD card, we need to preserve the
@@ -152,18 +149,17 @@ void sd_update_check_and_update(const uint8_t *const *keys, uint8_t key_m,
       (const uint8_t *)BOOTLOADER_START, BOOTLOADER_IMAGE_MAGIC,
       flash_area_get_size(&BOOTLOADER_AREA));
 
-  if ((old_hdr != NULL) &&
-      (sectrue == check_image_header_sig(old_hdr, key_m, key_n, keys)) &&
+  if ((old_hdr != NULL) && (sectrue == check_bootloader_header_sig(old_hdr)) &&
       (sectrue ==
        check_image_contents(old_hdr, IMAGE_HEADER_SIZE, &BOOTLOADER_AREA))) {
     write_bootloader_min_version(old_hdr->monotonic);
   }
 
-  if (check_sdcard(keys, key_m, key_n) != 0) {
+  if (check_sdcard() != 0) {
 #ifdef FIXED_HW_DEINIT
     display_init(DISPLAY_RESET_CONTENT);
 #endif
-    copy_sdcard(keys, key_m, key_n);
+    copy_sdcard();
 #ifdef FIXED_HW_DEINIT
     display_deinit(DISPLAY_RETAIN_CONTENT);
 #endif

core/embed/projects/boardloader/sd_update.h

@@ -23,5 +23,4 @@
 
 // Check the SD card for a valid bootloader image, and if found, update the
 // bootloader. Halts the execution after updating (successful or not).
-void sd_update_check_and_update(const uint8_t* const* keys, uint8_t key_m,
-                                uint8_t key_n);
+void sd_update_check_and_update(void);

core/embed/projects/firmware/main.c

@@ -37,13 +37,35 @@
 #include <sys/linker_utils.h>
 #include <sys/systask.h>
 #include <sys/system.h>
+#include <util/bl_check.h>
 #include <util/rsod.h>
 #include "rust_ui_common.h"
 
+#include <blake2s.h>
+
+#include "sys/bootutils.h"
+
 #ifdef USE_SECP256K1_ZKP
 #include "zkp_context.h"
 #endif
 
+#define CONCAT_NAME_HELPER(prefix, name, suffix) prefix##name##suffix
+#define CONCAT_NAME(name, var) CONCAT_NAME_HELPER(BOOTLOADER_, name, var)
+
+#if BOOTLOADER_QA
+// QA bootloaders
+#define BOOTLOADER_00 CONCAT_NAME(MODEL_INTERNAL_NAME_TOKEN, _QA_00)
+#define BOOTLOADER_FF CONCAT_NAME(MODEL_INTERNAL_NAME_TOKEN, _QA_FF)
+#else
+// normal bootloaders
+#define BOOTLOADER_00 CONCAT_NAME(MODEL_INTERNAL_NAME_TOKEN, _00)
+#define BOOTLOADER_FF CONCAT_NAME(MODEL_INTERNAL_NAME_TOKEN, _FF)
+#endif
+
+// symbols from bootloader.bin => bootloader.o
+extern const void _deflated_bootloader_start;
+extern const void _deflated_bootloader_size;
+
 #ifdef USE_NRF
 #include <io/nrf.h>
 
@@ -62,11 +84,50 @@ int main_func(uint32_t cmd, void *arg) {
 
   bool fading = DISPLAY_JUMP_BEHAVIOR == DISPLAY_RESET_CONTENT;
 
+  bool update_required = false;
+
+#if PRODUCTION || BOOTLOADER_QA
+
+  // replace bootloader with the latest one
+  const uint8_t *data = (const uint8_t *)&_deflated_bootloader_start;
+  const size_t len = (size_t)&_deflated_bootloader_size;
+
+  uint8_t hash_00[] = BOOTLOADER_00;
+  uint8_t hash_FF[] = BOOTLOADER_FF;
+
+  // Check if the boardloader is valid and replace it if not
+  bool bl_update_required =
+      bl_check_check(hash_00, hash_FF, BLAKE2S_DIGEST_LENGTH);
+  update_required |= bl_update_required;
+
+#endif
+
 #ifdef USE_NRF
-  if (nrf_update_required(&nrf_app_start, (size_t)&nrf_app_size)) {
+  bool nrf_update_required_ =
+      nrf_update_required(&nrf_app_start, (size_t)&nrf_app_size);
+  update_required |= nrf_update_required_;
+#endif
+
+  if (update_required) {
     screen_update();
-    nrf_update(&nrf_app_start, (size_t)&nrf_app_size);
     fading = true;
+
+#if PRODUCTION || BOOTLOADER_QA
+    if (bl_update_required) {
+      bl_check_replace(data, len);
+    }
+#endif
+
+#ifdef USE_NRF
+    if (nrf_update_required_) {
+      nrf_update(&nrf_app_start, (size_t)&nrf_app_size);
+    }
+#endif
+  }
+
+#if PRODUCTION || BOOTLOADER_QA
+  if (bl_update_required) {
+    reboot_device();
   }
 #endif
 

core/embed/projects/kernel/main.c

@@ -124,6 +124,9 @@ void drivers_init() {
 #ifdef USE_BACKUP_RAM
   backup_ram_init();
 #endif
+#ifdef USE_HASH_PROCESSOR
+  hash_processor_init();
+#endif
 #endif  // SECURE_MODE
 
 #ifdef USE_RTC
@@ -146,20 +149,13 @@ void drivers_init() {
   enable_systemview();
 #endif
 
-#ifdef USE_HASH_PROCESSOR
-  hash_processor_init();
-#endif
-
   display_init(DISPLAY_JUMP_BEHAVIOR);
 
 #ifdef SECURE_MODE
 #ifdef USE_OEM_KEYS_CHECK
   check_oem_keys();
 #endif
 
-#if PRODUCTION || BOOTLOADER_QA
-  check_and_replace_bootloader();
-#endif
 #endif
 
 #ifdef USE_BUTTON

core/embed/projects/prodtest/.changelog.d/5227.added

@@ -0,0 +1 @@
+Added command for updating bootloader.