Bootloader: always treat initial state as tainted. Firmware: mark boot state as tainted on boot. (#558)

bootloader/targets/f5/target.c

@@ -13,9 +13,9 @@
 #include <api-hal.h>
 
 // Boot request enum
-#define BOOT_REQUEST_NONE 0x00000000
+#define BOOT_REQUEST_TAINTED 0x00000000
+#define BOOT_REQUEST_CLEAN 0xDADEDADE
 #define BOOT_REQUEST_DFU 0xDF00B000
-#define BOOT_REQUEST_TAINTED 0xDF00F000
 // Boot to DFU pin
 #define BOOT_DFU_PORT GPIOB
 #define BOOT_DFU_PIN LL_GPIO_PIN_11
@@ -136,13 +136,13 @@ void target_init() {
 }
 
 int target_is_dfu_requested() {
-    if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_DFU) {
-        return 1;
-    } else if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_TAINTED) {
-        // We came here directly from STM bootloader and chip is unusable
-        // One more reset required to fix it
-        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_NONE);
+    if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_TAINTED) {
+        // Default system state is tainted
+        // We must ensure that MCU is cleanly booted
+        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_CLEAN);
         NVIC_SystemReset();
+    } else if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_DFU) {
+        return 1;
     }
     LL_mDelay(100);
     if(!LL_GPIO_IsInputPinSet(BOOT_DFU_PORT, BOOT_DFU_PIN)) {

bootloader/targets/f6/target.c

@@ -13,9 +13,9 @@
 #include <api-hal.h>
 
 // Boot request enum
-#define BOOT_REQUEST_NONE 0x00000000
+#define BOOT_REQUEST_TAINTED 0x00000000
+#define BOOT_REQUEST_CLEAN 0xDADEDADE
 #define BOOT_REQUEST_DFU 0xDF00B000
-#define BOOT_REQUEST_TAINTED 0xDF00F000
 // Boot to DFU pin
 #define BOOT_DFU_PORT GPIOB
 #define BOOT_DFU_PIN LL_GPIO_PIN_11
@@ -136,13 +136,13 @@ void target_init() {
 }
 
 int target_is_dfu_requested() {
-    if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_DFU) {
-        return 1;
-    } else if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_TAINTED) {
-        // We came here directly from STM bootloader and chip is unusable
-        // One more reset required to fix it
-        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_NONE);
+    if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_TAINTED) {
+        // Default system state is tainted
+        // We must ensure that MCU is cleanly booted
+        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_CLEAN);
         NVIC_SystemReset();
+    } else if(LL_RTC_BAK_GetRegister(RTC, LL_RTC_BKP_DR0) == BOOT_REQUEST_DFU) {
+        return 1;
     }
     LL_mDelay(100);
     if(!LL_GPIO_IsInputPinSet(BOOT_DFU_PORT, BOOT_DFU_PIN)) {

firmware/targets/api-hal-include/api-hal-boot.h

@@ -17,6 +17,9 @@ typedef enum {
     ApiHalBootFlagFactoryReset=1,
 } ApiHalBootFlag;
 
+/** Initialize boot subsystem */
+void api_hal_boot_init();
+
 /** Set boot mode */
 void api_hal_boot_set_mode(ApiHalBootMode mode);
 

firmware/targets/f5/api-hal/api-hal-boot.c

@@ -1,12 +1,18 @@
 #include <api-hal-boot.h>
 #include <stm32wbxx_ll_rtc.h>
 
-#define BOOT_REQUEST_NONE 0x00000000
+// Boot request enum
+#define BOOT_REQUEST_TAINTED 0x00000000
+#define BOOT_REQUEST_CLEAN 0xDADEDADE
 #define BOOT_REQUEST_DFU 0xDF00B000
 
+void api_hal_boot_init() {
+    LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_TAINTED);
+}
+
 void api_hal_boot_set_mode(ApiHalBootMode mode) {
     if (mode == ApiHalBootModeNormal) {
-        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_NONE);
+        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_CLEAN);
     } else if (mode == ApiHalBootModeDFU) {
         LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_DFU);
     }

firmware/targets/f5/api-hal/api-hal.c

@@ -1,6 +1,8 @@
 #include <api-hal.h>
 
 void api_hal_init() {
+    api_hal_boot_init();
+    FURI_LOG_I("FURI_HAL", "BOOT OK");
     api_hal_version_init();
     FURI_LOG_I("FURI_HAL", "VERSION OK");
     api_hal_delay_init();

firmware/targets/f6/api-hal/api-hal-boot.c

@@ -1,12 +1,18 @@
 #include <api-hal-boot.h>
 #include <stm32wbxx_ll_rtc.h>
 
-#define BOOT_REQUEST_NONE 0x00000000
+// Boot request enum
+#define BOOT_REQUEST_TAINTED 0x00000000
+#define BOOT_REQUEST_CLEAN 0xDADEDADE
 #define BOOT_REQUEST_DFU 0xDF00B000
 
+void api_hal_boot_init() {
+    LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_TAINTED);
+}
+
 void api_hal_boot_set_mode(ApiHalBootMode mode) {
     if (mode == ApiHalBootModeNormal) {
-        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_NONE);
+        LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_CLEAN);
     } else if (mode == ApiHalBootModeDFU) {
         LL_RTC_BAK_SetRegister(RTC, LL_RTC_BKP_DR0, BOOT_REQUEST_DFU);
     }

firmware/targets/f6/api-hal/api-hal.c

@@ -1,6 +1,8 @@
 #include <api-hal.h>
 
 void api_hal_init() {
+    api_hal_boot_init();
+    FURI_LOG_I("FURI_HAL", "BOOT OK");
     api_hal_version_init();
     FURI_LOG_I("FURI_HAL", "VERSION OK");
     api_hal_delay_init();