From 56cf1c696d9d71c32c2889d54d15aeff91f3b758 Mon Sep 17 00:00:00 2001 From: Frank Voorburg Date: Thu, 26 Jul 2018 13:03:40 +0000 Subject: [PATCH] Refs #579. Added configuration option for completely disabling memory read operations via XCP. git-svn-id: https://svn.code.sf.net/p/openblt/code/trunk@550 5dc33758-31d5-4daf-9ae8-b24bf3d40d73 --- Target/Source/plausibility.h | 8 ++++++++ Target/Source/xcp.c | 24 +++++++++++++++++------- Target/Source/xcp.h | 19 +++++++++++++++++++ 3 files changed, 44 insertions(+), 7 deletions(-) diff --git a/Target/Source/plausibility.h b/Target/Source/plausibility.h index 1a764351..6bb6bc70 100644 --- a/Target/Source/plausibility.h +++ b/Target/Source/plausibility.h @@ -452,6 +452,14 @@ #error "BOOT_XCP_SEED_KEY_ENABLE must be 0 or 1" #endif +#ifndef BOOT_XCP_UPLOAD_EN +#define BOOT_XCP_UPLOAD_EN (1) +#endif + +#if (BOOT_XCP_UPLOAD_EN < 0) || (BOOT_XCP_UPLOAD_EN > 1) +#error "BOOT_XCP_UPLOAD_EN must be 0 or 1" +#endif + #ifndef BOOT_XCP_PACKET_RECEIVED_HOOK #define BOOT_XCP_PACKET_RECEIVED_HOOK (0) #endif diff --git a/Target/Source/xcp.c b/Target/Source/xcp.c index 7c16c667..e4a688e5 100644 --- a/Target/Source/xcp.c +++ b/Target/Source/xcp.c @@ -124,7 +124,7 @@ extern blt_int8u XcpVerifyKeyHook(blt_int8u resource, blt_int8u *key, blt_int8u #if (BOOT_COM_ENABLE == 0) /* in case no internally supported communication interface is used, a custom * communication module can be added. In order to use the XCP protocol in the custom - * communication module, this hook function needs to be implemented. In the XCP protocol + * communication module, this hook function needs to be implemented. If the XCP protocol * is not needed, then simply remove the xcp.c source from the project. */ extern void XcpTransmitPacketHook(blt_int8u *data, blt_int16u len); @@ -694,13 +694,14 @@ static void XcpCmdUpload(blt_int8u *data) /* set the destination pointer */ destPtr = (blt_int8u *)((blt_addr)(blt_int32u)&xcpInfo.ctoData[1]); +#if (XCP_UPLOAD_EN == 1) /* according to the XCP specification memory read/upload functionality is always * available. This behavior is unwanted in the case of a bootloader that has the * seed/key security feature enabled. The default XCP behavior is deviated in this * situation. The deviation is such that all zero values are returned if the seed/key * security feature is enabled and the programming resource is not yet unlocked. */ -#if (XCP_SEED_KEY_PROTECTION_EN == 1) + #if (XCP_SEED_KEY_PROTECTION_EN == 1) /* check if PGM resource is unlocked */ if ((xcpInfo.protection & XCP_RES_PGM) == XCP_RES_PGM) { @@ -714,10 +715,14 @@ static void XcpCmdUpload(blt_int8u *data) /* copy the data from memory to the data packet */ CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len); } -#else + #else /* copy the data from memory to the data packet */ CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len); -#endif + #endif /* XCP_SEED_KEY_PROTECTION_EN == 1 */ +#else + /* uploads are disabled, so return zero values for memory read operations */ + CpuMemSet((blt_addr)destPtr, 0, len); +#endif /* XCP_UPLOAD_EN == 1 */ /* set packet id to command response packet */ xcpInfo.ctoData[0] = XCP_PID_RES; @@ -757,13 +762,14 @@ static void XcpCmdShortUpload(blt_int8u *data) /* set the destination pointer */ destPtr = (blt_int8u *)((blt_addr)(blt_int32u)&xcpInfo.ctoData[1]); +#if (XCP_UPLOAD_EN == 1) /* according to the XCP specification memory read/upload functionality is always * available. This behavior is unwanted in the case of a bootloader that has the * seed/key security feature enabled. The default XCP behavior is deviated in this * situation. The deviation is such that all zero values are returned if the seed/key * security feature is enabled and the programming resource is not yet unlocked. */ -#if (XCP_SEED_KEY_PROTECTION_EN == 1) + #if (XCP_SEED_KEY_PROTECTION_EN == 1) /* check if PGM resource is unlocked */ if ((xcpInfo.protection & XCP_RES_PGM) == XCP_RES_PGM) { @@ -777,10 +783,14 @@ static void XcpCmdShortUpload(blt_int8u *data) /* copy the data from memory to the data packet */ CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len); } -#else + #else /* copy the data from memory to the data packet */ CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len); -#endif + #endif /* XCP_SEED_KEY_PROTECTION_EN == 1 */ +#else + /* uploads are disabled, so return zero values for memory read operations */ + CpuMemSet((blt_addr)destPtr, 0, len); +#endif /* XCP_UPLOAD_EN == 1 */ /* set packet id to command response packet */ xcpInfo.ctoData[0] = XCP_PID_RES; diff --git a/Target/Source/xcp.h b/Target/Source/xcp.h index 3861758c..723cb7a0 100644 --- a/Target/Source/xcp.h +++ b/Target/Source/xcp.h @@ -99,6 +99,17 @@ #define XCP_SEED_KEY_PROTECTION_EN (0) #endif +/** \brief Enable (=1) or disable (=0) uploading. By default, XCP always allows memory + * read operations using the commands UPLOAD and SHORT_UPLOAD. This is not + * always desired for security reasons. If disabled, memory reads via XCP always + * return zero values. + */ +#if (BOOT_XCP_UPLOAD_EN > 0) +#define XCP_UPLOAD_EN (1) +#else +#define XCP_UPLOAD_EN (0) +#endif + /** \brief Enable (=1) or disable the hook function that gets called each time an XCP * packet was received from the host. * \details A master-slave bootloader can be realized by using this hook-function. The @@ -119,6 +130,7 @@ #endif + /**************************************************************************************** * Defines ****************************************************************************************/ @@ -319,6 +331,13 @@ void XcpPacketReceived(blt_int8u *data, blt_int8u len); #error "XCP.H, XCP_SEED_KEY_PROTECTION_EN must be 0 or 1." #endif +#ifndef XCP_UPLOAD_EN +#error "XCP.H, Configuration macro XCP_UPLOAD_EN is missing." +#endif + +#if (XCP_UPLOAD_EN < 0) || (XCP_UPLOAD_EN > 1) +#error "XCP.H, XCP_UPLOAD_EN must be 0 or 1." +#endif #ifndef XCP_PACKET_RECEIVED_HOOK_EN #error "XCP.H, Configuration macro XCP_PACKET_RECEIVED_HOOK_EN is missing."