Refs #510. Prevented remote memory read operations, when the seed/key security is enabled and the programming resource is not yet unlocked.
git-svn-id: https://svn.code.sf.net/p/openblt/code/trunk@531 5dc33758-31d5-4daf-9ae8-b24bf3d40d73
This commit is contained in:
parent
f228b2d32b
commit
7a4d7e8b84
|
@ -678,6 +678,9 @@ static void XcpCmdSetMta(blt_int8u *data)
|
||||||
****************************************************************************************/
|
****************************************************************************************/
|
||||||
static void XcpCmdUpload(blt_int8u *data)
|
static void XcpCmdUpload(blt_int8u *data)
|
||||||
{
|
{
|
||||||
|
blt_int16u len;
|
||||||
|
blt_int8u *destPtr;
|
||||||
|
|
||||||
/* validate length of upload request */
|
/* validate length of upload request */
|
||||||
if (data[1] > (XCP_CTO_PACKET_LEN-1))
|
if (data[1] > (XCP_CTO_PACKET_LEN-1))
|
||||||
{
|
{
|
||||||
|
@ -686,8 +689,44 @@ static void XcpCmdUpload(blt_int8u *data)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* read out the length of the requested upload operation */
|
||||||
|
len = data[1];
|
||||||
|
/* set the destination pointer */
|
||||||
|
destPtr = (blt_int8u *)((blt_addr)(blt_int32u)&xcpInfo.ctoData[1]);
|
||||||
|
|
||||||
|
/* according to the XCP specification memory read/upload functionality is always
|
||||||
|
* available. This behavior is unwanted in the case of a bootloader that has the
|
||||||
|
* seed/key security feature enabled. The default XCP behavior is deviated in this
|
||||||
|
* situation. The deviation is such that all zero values are returned if the seed/key
|
||||||
|
* security feature is enabled and the programming resource is not yet unlocked.
|
||||||
|
*/
|
||||||
|
#if (XCP_SEED_KEY_PROTECTION_EN == 1)
|
||||||
|
/* check if PGM resource is unlocked */
|
||||||
|
if ((xcpInfo.protection & XCP_RES_PGM) == XCP_RES_PGM)
|
||||||
|
{
|
||||||
|
/* resource is locked so memory read access is denied. zero values are returned
|
||||||
|
* instead.
|
||||||
|
*/
|
||||||
|
while (len > 0)
|
||||||
|
{
|
||||||
|
/* write a zero value */
|
||||||
|
*destPtr = 0;
|
||||||
|
/* update write pointer and loop counter */
|
||||||
|
destPtr++;
|
||||||
|
len--;
|
||||||
|
/* keep the watchdog happy */
|
||||||
|
CopService();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* copy the data from memory to the data packet */
|
||||||
|
CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len);
|
||||||
|
}
|
||||||
|
#else
|
||||||
/* copy the data from memory to the data packet */
|
/* copy the data from memory to the data packet */
|
||||||
CpuMemCopy(((blt_addr)(blt_int32u)&xcpInfo.ctoData[1]),(blt_addr)xcpInfo.mta, data[1]);
|
CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* set packet id to command response packet */
|
/* set packet id to command response packet */
|
||||||
xcpInfo.ctoData[0] = XCP_PID_RES;
|
xcpInfo.ctoData[0] = XCP_PID_RES;
|
||||||
|
@ -709,6 +748,9 @@ static void XcpCmdUpload(blt_int8u *data)
|
||||||
****************************************************************************************/
|
****************************************************************************************/
|
||||||
static void XcpCmdShortUpload(blt_int8u *data)
|
static void XcpCmdShortUpload(blt_int8u *data)
|
||||||
{
|
{
|
||||||
|
blt_int16u len;
|
||||||
|
blt_int8u *destPtr;
|
||||||
|
|
||||||
/* validate length of upload request */
|
/* validate length of upload request */
|
||||||
if (data[1] > (XCP_CTO_PACKET_LEN-1))
|
if (data[1] > (XCP_CTO_PACKET_LEN-1))
|
||||||
{
|
{
|
||||||
|
@ -719,9 +761,45 @@ static void XcpCmdShortUpload(blt_int8u *data)
|
||||||
|
|
||||||
/* update mta. current implementation ignores address extension */
|
/* update mta. current implementation ignores address extension */
|
||||||
xcpInfo.mta = *(blt_int32u *)&data[4];
|
xcpInfo.mta = *(blt_int32u *)&data[4];
|
||||||
|
/* read out the length of the requested upload operation */
|
||||||
|
len = data[1];
|
||||||
|
/* set the destination pointer */
|
||||||
|
destPtr = (blt_int8u *)((blt_addr)(blt_int32u)&xcpInfo.ctoData[1]);
|
||||||
|
|
||||||
|
/* according to the XCP specification memory read/upload functionality is always
|
||||||
|
* available. This behavior is unwanted in the case of a bootloader that has the
|
||||||
|
* seed/key security feature enabled. The default XCP behavior is deviated in this
|
||||||
|
* situation. The deviation is such that all zero values are returned if the seed/key
|
||||||
|
* security feature is enabled and the programming resource is not yet unlocked.
|
||||||
|
*/
|
||||||
|
#if (XCP_SEED_KEY_PROTECTION_EN == 1)
|
||||||
|
/* check if PGM resource is unlocked */
|
||||||
|
if ((xcpInfo.protection & XCP_RES_PGM) == XCP_RES_PGM)
|
||||||
|
{
|
||||||
|
/* resource is locked so memory read access is denied. zero values are returned
|
||||||
|
* instead.
|
||||||
|
*/
|
||||||
|
while (len > 0)
|
||||||
|
{
|
||||||
|
/* write a zero value */
|
||||||
|
*destPtr = 0;
|
||||||
|
/* update write pointer and loop counter */
|
||||||
|
destPtr++;
|
||||||
|
len--;
|
||||||
|
/* keep the watchdog happy */
|
||||||
|
CopService();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* copy the data from memory to the data packet */
|
||||||
|
CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len);
|
||||||
|
}
|
||||||
|
#else
|
||||||
/* copy the data from memory to the data packet */
|
/* copy the data from memory to the data packet */
|
||||||
CpuMemCopy((blt_addr)((blt_int32u)&xcpInfo.ctoData[1]),(blt_addr)xcpInfo.mta, data[1]);
|
CpuMemCopy((blt_addr)destPtr,(blt_addr)xcpInfo.mta, len);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* set packet id to command response packet */
|
/* set packet id to command response packet */
|
||||||
xcpInfo.ctoData[0] = XCP_PID_RES;
|
xcpInfo.ctoData[0] = XCP_PID_RES;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue