The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks by Jasper van Woudenberg & Colin O’Flynn

Author:Jasper van Woudenberg & Colin O’Flynn [van Woudenberg, Jasper & O’Flynn, Colin]
Language: eng
Format: epub
ISBN: 9781593278755
Published: 2021-10-06T00:00:00+00:00

Because any firmware we build this way will be unsigned, the Trezor will block our ability to reprogram the bootloader from the unsigned firmware. This means fully building the final firmware is pointless since that means we’d need to rewrite the bootloader. Listing 7-3 shows a section of the code that protects the bootloader.

jump:jump_to_firmware(const vector_table_t *ivt, int trust) { if (FW_SIGNED == trust) { // trusted signed firmware SCB_VTOR = (uint32_t)ivt; // * relocate vector table // Set stack pointer __asm__ volatile("msr msp, %0" ::"r"(ivt->initial_sp_value)); } else { // untrusted firmware timer_init(); mpu_config_firmware(); // * configure MPU for the firmware __asm__ volatile("msr msp, %0" ::"r"(_stack)); }

Listing 7-3: The bootloader disables an application’s ability to overwrite itself for untrusted firmware (taken from util.h)

If untrusted firmware is loaded, the memory protection unit is configured to disable access to the bootloader section of the flash memory. Had the code in Listing 7-3 not been there, we could have used a custom application code build to load the bootloader we want to evaluate.

The first few steps to building the bootloader are easy (see Listing 7-4) and roughly follow the documentation. You’ll need to do this on a Linux box or Linux virtual machine; our examples are on Ubuntu. We’ll build only the bootloader itself since that’s where the vulnerability lies. This build sequence avoids a few dependencies for building the full application (mainly protobuf) that can be a little more effort to install.

sudo apt install git make gcc-arm-none-eabi protobuf-compiler python3 python3-pip git clone --recursive https://github.com/trezor/trezor-mcu.git cd trezor-mcu git checkout v1.7.3 make vendor make -C vendor/nanopb/generator/proto make -C vendor/libopencm3 lib/stm32/f2 make MEMORY_PROTECT=0 && make -C bootloader align MEMORY_PROTECT=0

Listing 7-4: Setting up and building the bootloader for Trezor 1.7.3

You may need to make additional tweaks to make this work. Depending on the compiler, the bootloader may get too large, in which case export CFLAGS=-Os can help. If this works, you’ll produce a file named bootloader/bootloader.elf.

The line with MEMORY_PROTECT=0 is critical for debugging. If you misspell (or forget) this line, some memory protection logic is enabled. One thing that memory protection does is lock the JTAG such that future use is impossible. To save yourself from future mistakes, we recommend editing the memory.c file and immediately returning from the function memory_protect() at line 30. Should you program and run the bootloader without disabling memory protection, you will immediately lose the ability to reprogram or debug the chip (permanently). Editing that file will prevent you from becoming very unhappy when you need to replace the chip on your board.

The main Makefile file builds a small library, which includes the memory protection logic. To avoid accidentally forgetting to rebuild the library, we suggest running the two commands on one line as shown in Listing 7-3. This will also build the winusb.c file that has the code we want to validate.

What next? You can now load the built firmware code using a programmer. We used an ST-Link/V2. Before programming the code, once again confirm that you’ve disabled the memory protection code on this build.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.