diff --git a/certificates/.gitignore b/certificates/.gitignore index 6132e76..51d1213 100644 --- a/certificates/.gitignore +++ b/certificates/.gitignore @@ -1,3 +1,3 @@ *prv* *.hex - +*.sig diff --git a/certificates/0.0.8v/certs.sector b/certificates/0.0.8v/certs.sector new file mode 100644 index 0000000..11db50f Binary files /dev/null and b/certificates/0.0.8v/certs.sector differ diff --git a/certificates/0.0.8v/otaboot.bin b/certificates/0.0.8v/otaboot.bin new file mode 100644 index 0000000..e074643 Binary files /dev/null and b/certificates/0.0.8v/otaboot.bin differ diff --git a/certificates/0.0.8v/otamain.bin b/certificates/0.0.8v/otamain.bin new file mode 100644 index 0000000..dc4d4b3 Binary files /dev/null and b/certificates/0.0.8v/otamain.bin differ diff --git a/certificates/certs.sector b/certificates/certs.sector index dbdfb2c..11db50f 100644 Binary files a/certificates/certs.sector and b/certificates/certs.sector differ diff --git a/src/main.c b/src/main.c index ad20c25..2a19e88 100644 --- a/src/main.c +++ b/src/main.c @@ -42,7 +42,6 @@ void ota_task(void *arg) { ota_version=ota_get_version(OTAREPO); ota_get_file(OTAREPO,ota_version,CERTFILE,active_cert_sector); ota_finalize_file(active_cert_sector); - ota_activate_sector(active_cert_sector); //can be phased out now that we have ota_finalize_file } printf("active_cert_sector: 0x%05x\n",active_cert_sector); file_size=ota_get_pubkey(active_cert_sector); @@ -71,7 +70,7 @@ void ota_task(void *arg) { ota_version=ota_get_version(OTAREPO); if (ota_get_hash(OTAREPO, ota_version, CERTFILE, &signature)) { //no certs.sector.sig exists yet on server if (have_private_key) { - ota_sign(active_cert_sector,SECTORSIZE-1, &signature, CERTFILE); //reports to console + ota_sign(active_cert_sector,SECTORSIZE, &signature, CERTFILE); //reports to console vTaskDelete(NULL); //upload the signature out of band to github and start again } else { continue; //loop and try again later @@ -82,7 +81,6 @@ void ota_task(void *arg) { if (ota_verify_hash(backup_cert_sector,&signature)) { //hash and file do not match break; //leads to boot=0 } - ota_finalize_file(backup_cert_sector); //can be contained in ota_swap_cert_sector if (ota_verify_signature(&signature)) { //maybe an update on the public key keyid=1; while (sprintf(keyname,KEYNAME,keyid) , ota_get_hash(OTAREPO, ota_version, keyname, &signature)) { diff --git a/src/ota.c b/src/ota.c index c93a942..d98f0ed 100644 --- a/src/ota.c +++ b/src/ota.c @@ -71,27 +71,20 @@ void ota_init() { byte fourbyte[4]; active_cert_sector=HIGHERCERTSECTOR; backup_cert_sector=LOWERCERTSECTOR; - if (!spiflash_read(active_cert_sector-1, (byte *)fourbyte, 4)) { //get last byte of backup + first 3 active + if (!spiflash_read(active_cert_sector, (byte *)fourbyte, 4)) { //get first 4 active printf("error reading flash\n"); } // if OTHER vvvvvv sector active - if (fourbyte[0]==0xf0 || fourbyte[1]!=0x30 || fourbyte[2]!=0x76 || fourbyte[3]!=0x30 ) { + if (fourbyte[0]!=0x30 || fourbyte[1]!=0x76 || fourbyte[2]!=0x30 ) { active_cert_sector=LOWERCERTSECTOR; backup_cert_sector=HIGHERCERTSECTOR; if (!spiflash_read(active_cert_sector, (byte *)fourbyte, 4)) { printf("error reading flash\n"); } - if ( fourbyte[0]!=0x30 || fourbyte[1]!=0x76 || fourbyte[2]!=0x30 ) { + if (fourbyte[0]!=0x30 || fourbyte[1]!=0x76 || fourbyte[2]!=0x30 ) { active_cert_sector=0; backup_cert_sector=0; } } - if (!spiflash_read(active_cert_sector-1+SECTORSIZE, (byte *)fourbyte, 1)) { //get last byte of active - printf("error reading flash\n"); - } - if (fourbyte[0]!=0xf0 ) { //must be activated - active_cert_sector=0; - backup_cert_sector=0; - } printf("active_sector: 0x%x\n",active_cert_sector); ota_set_verify(0); } @@ -647,7 +640,7 @@ int ota_get_file_ex(char * repo, char * version, char * file, int sector, byte void ota_finalize_file(int sector) { printf("--- ota_finalize_file\n"); - spiflash_write(sector, file_first_byte, 1); + if (!spiflash_write(sector, file_first_byte, 1)) printf("error writing flash\n"); } int ota_get_file(char * repo, char * version, char * file, int sector) { //number of bytes @@ -717,13 +710,18 @@ int ota_verify_signature(signature_t* signature) { return answer-1; } +void ota_kill_file(int sector) { + printf("--- ota_kill_file\n"); + + byte zero[]={0x00}; + if (!spiflash_write(sector, zero, 1)) printf("error writing flash\n"); +} + void ota_swap_cert_sector() { printf("--- ota_swap_cert_sector\n"); - byte abyte[1]; - - abyte[0]=0x00; if (!spiflash_write(active_cert_sector+SECTORSIZE-1, abyte, 1)) printf("error writing flash\n"); - abyte[0]=0xf0; if (!spiflash_write(backup_cert_sector+SECTORSIZE-1, abyte, 1)) printf("error writing flash\n"); + ota_kill_file(active_cert_sector); + ota_finalize_file(backup_cert_sector); if (active_cert_sector==HIGHERCERTSECTOR) { active_cert_sector=LOWERCERTSECTOR; backup_cert_sector=HIGHERCERTSECTOR; @@ -733,13 +731,6 @@ void ota_swap_cert_sector() { } } -void ota_activate_sector(int sector) { - printf("--- ota_activate_sector\n"); - byte abyte[1]; - - abyte[0]=0xf0; if (!spiflash_write(sector+SECTORSIZE-1, abyte, 1)) printf("error writing flash\n"); -} - void ota_write_status(char * version) { printf("--- ota_write_status\n"); diff --git a/src/ota.h b/src/ota.h index f2e307b..2b2876f 100644 --- a/src/ota.h +++ b/src/ota.h @@ -80,8 +80,6 @@ int ota_verify_signature(signature_t* signature); void ota_swap_cert_sector(); -void ota_activate_sector(int sector); - void ota_write_status(char * version); int ota_boot(void);