Don't boot the firmware if the exception table isn't initialized

If no firmware is flashed, then flash contains all 1's. The firmware's reset handler (stored in the exception table) would then be 0xffffffff. Jumping that address is very bad because that is the same as setting the cpu in LOCKUP state. * The common way to get to the LOCKUP state is with a double fault (fault in a fault handler), so this natuarally makes you go debug the wrong things. * The debugger cannot access the CPU when it is in LOCKUP state.
BitBoxSwiss · Dec 2, 2024 · de1cc9f · de1cc9f
1 parent 1511148
commit de1cc9f
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/bootloader/bootloader.c b/src/bootloader/bootloader.c
@@ -900,7 +900,11 @@ static bool _devdevice_enter(secbool_u32 firmware_verified)
     UG_PutString(0, 0, "    <Enter bootloader>", false);
     UG_PutString(0, SCREEN_HEIGHT / 2 - 11, "DEV DEVICE", false);
     UG_PutString(0, SCREEN_HEIGHT / 2 + 2, "NOT FOR VALUE", false);
-    UG_PutString(0, SCREEN_HEIGHT - 9, "        <Continue>", false);
+    if (*(uint32_t*)FLASH_APP_START != 0xffffffff) {
+        UG_PutString(0, SCREEN_HEIGHT - 9, "        <Continue>", false);
+    } else {
+        UG_PutString(0, SCREEN_HEIGHT - 9, "    No firmware found", false);
+    }
     uint16_t ypos = SCREEN_HEIGHT / 2 - 4;
     uint16_t xpos = SCREEN_WIDTH - 10;
     if (firmware_verified != sectrue_u32) {
@@ -921,7 +925,7 @@ static bool _devdevice_enter(secbool_u32 firmware_verified)
         if (qtouch_is_scroller_active(top_slider)) {
             return true;
         }
-        if (qtouch_is_scroller_active(bottom_slider)) {
+        if (qtouch_is_scroller_active(bottom_slider) && *(uint32_t*)FLASH_APP_START != 0xffffffff) {
             return false;
         }
     }