manticore icon indicating copy to clipboard operation
manticore copied to clipboard
verified publisher icon lowRISC

Implement FPM policy validation algorithm

Open mcy opened this issue 5 years ago • 0 comments

Pesudocode for the algorithm:

fn verify_policy(
  fpm: Fpm,
  flash: &impl Flash,
  hash_builder: &impl ha256::Builder
) -> Result<FirmwareVersion> {
  for fw in fpm.fw_versions {
    let version = flash.read(fw.version_addr, fw.version_len);
    if version != fw.version {
      continue
    }
    let mut sha = hash_builder.new();
    for (ptr, len) in fw.signed_regions {
      // Note: this is grossly exaggerated. There is an expectation that
      // data will be fed into the hashing engine in small packets (O(1K),
      // for example.
      sha.write(flash.read(ptr, len));
    }
    if fw.signed_region_hash != sha.finish() {
      return Err("hash mismatch");
    }

    let unused_regions = regions_except(flash, [fw.signed_regions,
                                                fw.write_regions]);
    for (ptr, len) in unused_regions {
      for byte in flash.read(ptr, len) {
        return Err("bad byte in blank region");
      }
    }
    return fw
  }
  return Err("failed to find an acceptable version")
}

mcy avatar Jun 12 '20 19:06 mcy