OpenCellular

scottk/OpenCellular

Fork 0

mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2026-01-01 12:52:26 +00:00

Commit Graph

Author	SHA1	Message	Date
Daisuke Nojiri	3ec36e0160	Protect inactive EC image from code execution This change configures MPU to prevent instruction fetch from the flash image that is not running at the time system_disable_jump is called. Violating the protection causes instruction access violation, then the EC reboots. RO image protection is tested as follows: ... [6.255696 MPU type: 00000800] [6.255874 RAM locked. Exclusion 20005680-200056a0] [6.256168 RO image locked] ... > sysjump 0 Jumping to 0x00000000 === PROCESS EXCEPTION: 03 ====== xPSR: 60000000 === r0 :00000000 r1 :2000541c r2 :00001388 r3 :20007fe8 r4 :200032f0 r5 :00000000 r6 :20002b70 r7 :20002df4 r8 :0002d308 r9 :20002df4 r10:00000000 r11:00000000 r12:00000002 sp :20002358 lr :0002a1a7 pc :00000000 Instruction access violation, Forced hard fault mmfs = 1, shcsr = 70000, hfsr = 40000000, dfsr = 0 =========== Process Stack Contents =========== 200023c0: 00000098 00000000 00000000 0002a785 200023d0: 00000002 20002dfd 00000007 20002b70 200023e0: 00000002 00025777 00000000 20002dfd 200023f0: 20002df4 20002dfc 00000000 00000000 Rebooting... Memory management fault status register has bit0 set, indicating there was an instruction fetch volation. FYI, RAM protection is still working: > sysjump 0x20000000 Jumping to 0x20000000 === PROCESS EXCEPTION: 03 ====== xPSR: 60000000 === r0 :00000000 r1 :2000541c r2 :00001388 r3 :20007fe8 r4 :200032f0 r5 :20000000 r6 :20002b70 r7 :20002df4 r8 :0002d308 r9 :20002df4 r10:00000000 r11:00000000 r12:00000002 sp :20002358 lr :0002a1a7 pc :20000000 Instruction access violation, Forced hard fault mmfs = 1, shcsr = 70000, hfsr = 40000000, dfsr = 0 =========== Process Stack Contents =========== 200023c0: 00000098 00000000 20000000 0002a785 200023d0: 00000002 20002e06 00000007 20002b70 200023e0: 00000002 00025777 00000000 20002e06 200023f0: 20002df4 20002dfc 00000000 00000000 Rebooting... TEST=Booted Peppy. Tested lid close & open. Ran Flashrom from userspace to update main firmware then software-synched an EC image. BUG=chrome-os-partner:16904 BRANCH=none Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org> Change-Id: Id4f84d24325566a9f648194166bde0d94d1124dc Reviewed-on: https://chromium-review.googlesource.com/169050 Reviewed-by: Bill Richardson <wfrichar@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Commit-Queue: Daisuke Nojiri <dnojiri@google.com> Tested-by: Daisuke Nojiri <dnojiri@google.com>	2013-12-17 01:32:24 +00:00
Daisuke Nojiri	748154d55f	Introducing MPU module for Cortex-M3 Preventing instruction fetch from RAM for Link except iram.text, which is used for hibernation. Stm32 on Snow does not support MPU. Tested on Link using commands 'crash nxtext/nxdata/nxstack', which run code from .iram.text, .data section, and the stack, respectively: ... RAM locked. Exclusion 20005980-200059a0 ... > crash nxtext Running from 20005984 > crash nxdata === PROCESS EXCEPTION: 04 ====== xPSR: 61000000 === r0 :00000000 r1 :0000dff2 r2 :00000005 r3 :0000086d r4 :00000000 r5 :00000032 r6 :2000544c r7 :00000000 r8 :00000000 r9 :20005456 r10:00000000 r11:00000000 r12:20005961 sp :20002748 lr :000008d7 pc :20005960 Instruction access violation mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0 =========== Process Stack Contents =========== 200027b0: 0000086d 00000002 0000d504 00009f27 200027c0: 2000544c 20005452 00000000 00000000 200027d0: 00000000 00000000 00000000 00000000 200027e0: 00000000 00000000 00000000 00000cbb Rebooting... > crash nxstack === PROCESS EXCEPTION: 04 ====== xPSR: 20000200 === r0 :00000070 r1 :00000047 r2 :00000000 r3 :200027a8 r4 :00000000 r5 :00000001 r6 :2000544c r7 :00000000 r8 :00000000 r9 :20005456 r10:00000000 r11:00000000 r12:00000002 sp :20002740 lr :00000913 pc :200027ac Instruction access violation mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0 =========== Process Stack Contents =========== 200027ac: 00000070 00000047 00000002 0000d57c 200027bc: 00009f9f 2000544c 20005452 00000000 200027cc: 00000000 00000000 00000000 00000000 200027dc: 00000000 00000000 00000000 00000000 Rebooting... BUG=chrome-os-partner:16904 BRANCH=master TEST=stated above Change-Id: I7c6593c527f29609442f33550f9d16755f32297c Signed-off-by: Daisuke Nojiri <dnojiri@google.com> Reviewed-on: https://chromium-review.googlesource.com/51337 Reviewed-by: Randall Spangler <rspangler@chromium.org>	2013-09-05 19:06:27 +00:00

Author

SHA1

Message

Date

Daisuke Nojiri

3ec36e0160

Protect inactive EC image from code execution

This change configures MPU to prevent instruction fetch from the flash image
that is not running at the time system_disable_jump is called. Violating
the protection causes instruction access violation, then the EC reboots.

RO image protection is tested as follows:
  ...
  [6.255696 MPU type: 00000800]
  [6.255874 RAM locked. Exclusion 20005680-200056a0]
  [6.256168 RO image locked]
  ...

  > sysjump 0
  Jumping to 0x00000000

  === PROCESS EXCEPTION: 03 ====== xPSR: 60000000 ===
  r0 :00000000 r1 :2000541c r2 :00001388 r3 :20007fe8
  r4 :200032f0 r5 :00000000 r6 :20002b70 r7 :20002df4
  r8 :0002d308 r9 :20002df4 r10:00000000 r11:00000000
  r12:00000002 sp :20002358 lr :0002a1a7 pc :00000000
  Instruction access violation, Forced hard fault
  mmfs = 1, shcsr = 70000, hfsr = 40000000, dfsr = 0

  =========== Process Stack Contents ===========
  200023c0: 00000098 00000000 00000000 0002a785
  200023d0: 00000002 20002dfd 00000007 20002b70
  200023e0: 00000002 00025777 00000000 20002dfd
  200023f0: 20002df4 20002dfc 00000000 00000000

  Rebooting...

Memory management fault status register has bit0 set, indicating there was an
instruction fetch volation. FYI, RAM protection is still working:

  > sysjump 0x20000000
  Jumping to 0x20000000

  === PROCESS EXCEPTION: 03 ====== xPSR: 60000000 ===
  r0 :00000000 r1 :2000541c r2 :00001388 r3 :20007fe8
  r4 :200032f0 r5 :20000000 r6 :20002b70 r7 :20002df4
  r8 :0002d308 r9 :20002df4 r10:00000000 r11:00000000
  r12:00000002 sp :20002358 lr :0002a1a7 pc :20000000
  Instruction access violation, Forced hard fault
  mmfs = 1, shcsr = 70000, hfsr = 40000000, dfsr = 0

  =========== Process Stack Contents ===========
  200023c0: 00000098 00000000 20000000 0002a785
  200023d0: 00000002 20002e06 00000007 20002b70
  200023e0: 00000002 00025777 00000000 20002e06
  200023f0: 20002df4 20002dfc 00000000 00000000

  Rebooting...

TEST=Booted Peppy. Tested lid close & open. Ran Flashrom from userspace to
update main firmware then software-synched an EC image.
BUG=chrome-os-partner:16904
BRANCH=none
Signed-off-by: Daisuke Nojiri <dnojiri@chromium.org>
Change-Id: Id4f84d24325566a9f648194166bde0d94d1124dc
Reviewed-on: https://chromium-review.googlesource.com/169050
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Daisuke Nojiri <dnojiri@google.com>
Tested-by: Daisuke Nojiri <dnojiri@google.com>

2013-12-17 01:32:24 +00:00

Daisuke Nojiri

748154d55f

Introducing MPU module for Cortex-M3

Preventing instruction fetch from RAM for Link except iram.text, which is used
for hibernation. Stm32 on Snow does not support MPU.

Tested on Link using commands 'crash nxtext/nxdata/nxstack', which run code from
.iram.text, .data section, and the stack, respectively:

...
RAM locked. Exclusion 20005980-200059a0
...

> crash nxtext
Running from 20005984

> crash nxdata

=== PROCESS EXCEPTION: 04 ====== xPSR: 61000000 ===
r0 :00000000 r1 :0000dff2 r2 :00000005 r3 :0000086d
r4 :00000000 r5 :00000032 r6 :2000544c r7 :00000000
r8 :00000000 r9 :20005456 r10:00000000 r11:00000000
r12:20005961 sp :20002748 lr :000008d7 pc :20005960
Instruction access violation
mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0

=========== Process Stack Contents ===========
200027b0: 0000086d 00000002 0000d504 00009f27
200027c0: 2000544c 20005452 00000000 00000000
200027d0: 00000000 00000000 00000000 00000000
200027e0: 00000000 00000000 00000000 00000cbb

Rebooting...

> crash nxstack

=== PROCESS EXCEPTION: 04 ====== xPSR: 20000200 ===
r0 :00000070 r1 :00000047 r2 :00000000 r3 :200027a8
r4 :00000000 r5 :00000001 r6 :2000544c r7 :00000000
r8 :00000000 r9 :20005456 r10:00000000 r11:00000000
r12:00000002 sp :20002740 lr :00000913 pc :200027ac
Instruction access violation
mmfs = 1, shcsr = 70001, hfsr = 0, dfsr = 0

=========== Process Stack Contents ===========
200027ac: 00000070 00000047 00000002 0000d57c
200027bc: 00009f9f 2000544c 20005452 00000000
200027cc: 00000000 00000000 00000000 00000000
200027dc: 00000000 00000000 00000000 00000000

Rebooting...

BUG=chrome-os-partner:16904
BRANCH=master
TEST=stated above

Change-Id: I7c6593c527f29609442f33550f9d16755f32297c
Signed-off-by: Daisuke Nojiri <dnojiri@google.com>
Reviewed-on: https://chromium-review.googlesource.com/51337
Reviewed-by: Randall Spangler <rspangler@chromium.org>

2013-09-05 19:06:27 +00:00

2 Commits