From de1cc9f17db948d168d360a38d203e841f15d9b0 Mon Sep 17 00:00:00 2001 From: Niklas Dusenlund Date: Fri, 29 Nov 2024 11:17:36 +0100 Subject: [PATCH] Don't boot the firmware if the exception table isn't initialized If no firmware is flashed, then flash contains all 1's. The firmware's reset handler (stored in the exception table) would then be 0xffffffff. Jumping that address is very bad because that is the same as setting the cpu in LOCKUP state. * The common way to get to the LOCKUP state is with a double fault (fault in a fault handler), so this natuarally makes you go debug the wrong things. * The debugger cannot access the CPU when it is in LOCKUP state. --- src/bootloader/bootloader.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/bootloader/bootloader.c b/src/bootloader/bootloader.c index be5e234b3..85269a2af 100644 --- a/src/bootloader/bootloader.c +++ b/src/bootloader/bootloader.c @@ -900,7 +900,11 @@ static bool _devdevice_enter(secbool_u32 firmware_verified) UG_PutString(0, 0, " ", false); UG_PutString(0, SCREEN_HEIGHT / 2 - 11, "DEV DEVICE", false); UG_PutString(0, SCREEN_HEIGHT / 2 + 2, "NOT FOR VALUE", false); - UG_PutString(0, SCREEN_HEIGHT - 9, " ", false); + if (*(uint32_t*)FLASH_APP_START != 0xffffffff) { + UG_PutString(0, SCREEN_HEIGHT - 9, " ", false); + } else { + UG_PutString(0, SCREEN_HEIGHT - 9, " No firmware found", false); + } uint16_t ypos = SCREEN_HEIGHT / 2 - 4; uint16_t xpos = SCREEN_WIDTH - 10; if (firmware_verified != sectrue_u32) { @@ -921,7 +925,7 @@ static bool _devdevice_enter(secbool_u32 firmware_verified) if (qtouch_is_scroller_active(top_slider)) { return true; } - if (qtouch_is_scroller_active(bottom_slider)) { + if (qtouch_is_scroller_active(bottom_slider) && *(uint32_t*)FLASH_APP_START != 0xffffffff) { return false; } }