Implement flash write lockout by spamming the unlock register, then

checking that the correct unlock sequence fails.
9 years ago · cb6a861341
parent 1262c5337a
commit cb6a861341
6 changed files with 91 additions and 4 deletions
--- a/Downstream/Inc/interrupts.h
+++ b/Downstream/Inc/interrupts.h
@ -58,6 +58,10 @@ void SysTick_Handler(void);
 void DMA2_Stream2_IRQHandler(void);
 void DMA2_Stream3_IRQHandler(void);
 void OTG_FS_IRQHandler(void);
+void BusFault_Handler(void);
+
+void EnableOneBusFault(void);
+

 #ifdef __cplusplus
 }
--- a/Downstream/Src/interrupts.c
+++ b/Downstream/Src/interrupts.c
@ -46,6 +46,9 @@ extern HCD_HandleTypeDef hhcd_USB_OTG_FS;
 extern DMA_HandleTypeDef hdma_spi1_rx;
 extern DMA_HandleTypeDef hdma_spi1_tx;

+uint8_t BusFaultAllowed = 0;
+
+
 /******************************************************************************/
 /*            Cortex-M4 Processor Interruption and Exception Handlers         */ 
 /******************************************************************************/
@ -90,4 +93,23 @@ void OTG_FS_IRQHandler(void)
 }


+//This weird stuff is required when disabling flash writes.
+//The deliberate flash lockout will cause a bus fault that we need to process.
+void EnableOneBusFault(void)
+{
+    SCB->SHCSR = SCB_SHCSR_BUSFAULTENA_Msk;
+    BusFaultAllowed = 1;
+}
+
+void BusFault_Handler(void)
+{
+    if (BusFaultAllowed)
+    {
+        BusFaultAllowed = 0;
+        return;
+    }
+    while(1);
+}
+
+
 /************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/
--- a/Downstream/Src/main.c
+++ b/Downstream/Src/main.c
@ -40,21 +40,22 @@
 #include "downstream_statemachine.h"
 #include "downstream_spi.h"
 #include "led.h"
+#include "interrupts.h"


 /* Private function prototypes -----------------------------------------------*/
 void SystemClock_Config(void);
 static void GPIO_Init(void);
+void DisableFlashWrites(void);
 void CheckFirmwareMatchesHardware(void);


-
 int main(void)
 {
    //First things first!
+    DisableFlashWrites();
    CheckFirmwareMatchesHardware();

-
    /* Configure the system clock */
    SystemClock_Config();

@ -76,6 +77,23 @@ int main(void)
 }


+void DisableFlashWrites(void)
+{
+    //Disable flash writes until the next reset
+    //This will cause a bus fault interrupt, so allow one now.
+    EnableOneBusFault();
+    FLASH->KEYR = 999;
+
+    //Confirm that flash cannot be unlocked
+    //This unlock attempt will also cause a bus fault.
+    EnableOneBusFault();
+    if ((FLASH->CR & FLASH_CR_LOCK) == 0) while(1);
+    FLASH->KEYR = FLASH_KEY1;
+    FLASH->KEYR = FLASH_KEY2;
+    if ((FLASH->CR & FLASH_CR_LOCK) == 0) while(1);
+}
+
+
 void CheckFirmwareMatchesHardware(void)
 {
    //Check we are running on the expected hardware:
--- a/Upstream/Inc/interrupts.h
+++ b/Upstream/Inc/interrupts.h
@ -64,6 +64,9 @@ void SysTick_Handler(void);
 void DMA2_Stream2_IRQHandler(void);
 void DMA2_Stream3_IRQHandler(void);
 void EXTI3_IRQHandler(void);
+void BusFault_Handler(void);
+
+void EnableOneBusFault(void);


 #ifdef __cplusplus
--- a/Upstream/Src/interrupts.c
+++ b/Upstream/Src/interrupts.c
@ -51,6 +51,8 @@ extern PCD_HandleTypeDef    hpcd_USB_OTG_FS;
 extern DMA_HandleTypeDef    spiTxDmaHandle;
 extern DMA_HandleTypeDef    spiRxDmaHandle;

+uint8_t BusFaultAllowed = 0;
+

 /******************************************************************************/
 /*            Cortex-M4 Processor Interruption and Exception Handlers         */ 
@ -95,5 +97,24 @@ void EXTI3_IRQHandler(void)
 /////////////////////////


+//This weird stuff is required when disabling flash writes.
+//The deliberate flash lockout will cause a bus fault that we need to process.
+void EnableOneBusFault(void)
+{
+    SCB->SHCSR = SCB_SHCSR_BUSFAULTENA_Msk;
+    BusFaultAllowed = 1;
+}
+
+void BusFault_Handler(void)
+{
+    if (BusFaultAllowed)
+    {
+        BusFaultAllowed = 0;
+        return;
+    }
+    while(1);
+}
+
+

 /************************ (C) COPYRIGHT STMicroelectronics *****END OF FILE****/
--- a/Upstream/Src/main.c
+++ b/Upstream/Src/main.c
@ -41,6 +41,7 @@
 #include "led.h"
 #include "upstream_statemachine.h"
 #include "upstream_spi.h"
+#include "interrupts.h"


 /* Private variables ---------------------------------------------------------*/
@ -49,7 +50,8 @@

 /* Private function prototypes -----------------------------------------------*/
 void SystemClock_Config(void);
-static void GPIO_Init(void);
+void GPIO_Init(void);
+void DisableFlashWrites(void);
 void CheckFirmwareMatchesHardware(void);


@ -57,9 +59,9 @@ void CheckFirmwareMatchesHardware(void);
 int main(void)
 {
    //First things first!
+    DisableFlashWrites();
    CheckFirmwareMatchesHardware();

-
    /* Configure the system clock */
    SystemClock_Config();

@ -81,6 +83,23 @@ int main(void)
 }


+void DisableFlashWrites(void)
+{
+    //Disable flash writes until the next reset
+    //This will cause a bus fault interrupt, so allow one now.
+    EnableOneBusFault();
+    FLASH->KEYR = 999;
+
+    //Confirm that flash cannot be unlocked
+    //This unlock attempt will also cause a bus fault.
+    EnableOneBusFault();
+    if ((FLASH->CR & FLASH_CR_LOCK) == 0) while(1);
+    FLASH->KEYR = FLASH_KEY1;
+    FLASH->KEYR = FLASH_KEY2;
+    if ((FLASH->CR & FLASH_CR_LOCK) == 0) while(1);
+}
+
+
 void CheckFirmwareMatchesHardware(void)
 {
    //Check we are running on the expected hardware: