Allow temporarily disabling device protection

bootloader/src/nRF52840/nrf_it.c

@@ -24,6 +24,7 @@
 #include "hw_config.h"
 #include "button_hal.h"
 #include "hal_platform_nrf52840_config.h"
+#include "security_mode.h"
 
 extern void Timing_Decrement(void);
 
@@ -120,6 +121,7 @@ void UsageFault_Handler(void)
 void SysTick_Handler(void)
 {
     System1MsTick();
+    security_mode_notify_system_tick();
     Timing_Decrement();
 
 #if HAL_PLATFORM_BUTTON_DEBOUNCE_IN_SYSTICK

bootloader/src/nRF52840/usbd_dfu.cpp

@@ -19,6 +19,8 @@
 #include <cstring>
 #include "hal_irq_flag.h"
 #include "security_mode.h"
+#include "core_hal.h"
+#include "syshealth_hal.h"
 
 using namespace particle::usbd;
 using namespace particle::usbd::dfu;
@@ -215,8 +217,9 @@ int DfuClassDriver::handleDfuUpload(SetupRequest* req) {
         transferBuf_[0] = detail::DFUSE_COMMAND_GET_COMMAND;
         transferBuf_[1] = detail::DFUSE_COMMAND_SET_ADDRESS_POINTER;
         transferBuf_[2] = detail::DFUSE_COMMAND_ERASE;
+        transferBuf_[3] = detail::DFUSE_COMMAND_ENTER_SAFE_MODE;
         setState(detail::dfuIDLE);
-        dev_->setupReply(req, transferBuf_, 3);
+        dev_->setupReply(req, transferBuf_, 4);
       } else if (req_.wValue > 1) {
         /* Normal request */
         setState(detail::dfuUPLOAD_IDLE);
@@ -488,6 +491,12 @@ int DfuClassDriver::inDone(uint8_t ep, unsigned status) {
             }
             break;
           }
+          case detail::DFUSE_COMMAND_ENTER_SAFE_MODE: {
+            HAL_Core_Write_Backup_Register(BKP_DR_01, ENTER_SAFE_MODE_APP_REQUEST);
+            setState(detail::dfuMANIFEST_SYNC);
+            setStatus(detail::OK);
+            break;
+          }
           case detail::DFUSE_COMMAND_READ_UNPROTECT: {
             /* Unsupported */
             setError(detail::errUNKNOWN);

bootloader/src/nRF52840/usbd_dfu.h

@@ -166,7 +166,8 @@ enum DfuseCommand {
   DFUSE_COMMAND_GET_COMMAND         = 0x00,
   DFUSE_COMMAND_SET_ADDRESS_POINTER = 0x21,
   DFUSE_COMMAND_ERASE               = 0x41,
-  DFUSE_COMMAND_READ_UNPROTECT      = 0x92
+  DFUSE_COMMAND_READ_UNPROTECT      = 0x92,
+  DFUSE_COMMAND_ENTER_SAFE_MODE     = 0xfa /* Particle's extension */
 };
 
 #pragma pack(push, 1)

bootloader/src/rtl872x/rtl_it.c

@@ -23,6 +23,7 @@
 #include "button_hal.h"
 #include "hal_platform_config.h"
 #include "interrupts_irq.h"
+#include "security_mode.h"
 
 extern void Timing_Decrement(void);
 
@@ -170,6 +171,7 @@ void SecureFault_Handler(void) {
 void SysTick_Handler(void)
 {
     System1MsTick();
+    security_mode_notify_system_tick();
     Timing_Decrement();
 
 #if HAL_PLATFORM_BUTTON_DEBOUNCE_IN_SYSTICK

bootloader/src/rtl872x/usbd_dfu.cpp

@@ -20,6 +20,8 @@
 #include "hal_irq_flag.h"
 #include <algorithm>
 #include "security_mode.h"
+#include "core_hal.h"
+#include "syshealth_hal.h"
 
 using namespace particle::usbd;
 using namespace particle::usbd::dfu;
@@ -216,8 +218,9 @@ int DfuClassDriver::handleDfuUpload(SetupRequest* req) {
         transferBuf_[0] = detail::DFUSE_COMMAND_GET_COMMAND;
         transferBuf_[1] = detail::DFUSE_COMMAND_SET_ADDRESS_POINTER;
         transferBuf_[2] = detail::DFUSE_COMMAND_ERASE;
+        transferBuf_[3] = detail::DFUSE_COMMAND_ENTER_SAFE_MODE;
         setState(detail::dfuIDLE);
-        dev_->setupReply(req, transferBuf_, 3);
+        dev_->setupReply(req, transferBuf_, 4);
       } else if (req_.wValue > 1) {
         /* Normal request */
         setState(detail::dfuUPLOAD_IDLE);
@@ -473,6 +476,12 @@ int DfuClassDriver::dataIn(unsigned ep, particle::usbd::EndpointEvent ev, size_t
             }
             break;
           }
+          case detail::DFUSE_COMMAND_ENTER_SAFE_MODE: {
+            HAL_Core_Write_Backup_Register(BKP_DR_01, ENTER_SAFE_MODE_APP_REQUEST);
+            setState(detail::dfuMANIFEST_SYNC);
+            setStatus(detail::OK);
+            break;
+          }
           case detail::DFUSE_COMMAND_READ_UNPROTECT: {
             /* Unsupported */
             setError(detail::errUNKNOWN);

bootloader/src/rtl872x/usbd_dfu.h

@@ -162,7 +162,8 @@ enum DfuseCommand {
   DFUSE_COMMAND_GET_COMMAND         = 0x00,
   DFUSE_COMMAND_SET_ADDRESS_POINTER = 0x21,
   DFUSE_COMMAND_ERASE               = 0x41,
-  DFUSE_COMMAND_READ_UNPROTECT      = 0x92
+  DFUSE_COMMAND_READ_UNPROTECT      = 0x92,
+  DFUSE_COMMAND_ENTER_SAFE_MODE     = 0xfa /* Particle's extension */
 };
 
 #pragma pack(push, 1)

build/arm-tools.mk

@@ -102,8 +102,19 @@ CPPFLAGS += $(LTO_FLAGS) -fno-use-cxa-atexit
 CONLYFLAGS += $(LTO_FLAGS)
 LDFLAGS += -fno-use-cxa-atexit
 
+USE_LTO=0
+
+ifneq ($(FORCE_LTO),)
+USE_LTO=1
+endif
+
 ifeq ($(COMPILE_LTO),y)
+USE_LTO=1
+endif
+
+ifeq ($(USE_LTO),1)
 LDFLAGS += -flto -Os -fuse-linker-plugin
+CFLAGS += -fuse-linker-plugin
 else
 # Be explicit and disable LTO
 LDFLAGS += -fno-lto
@@ -112,6 +123,11 @@ endif
 # We are using newlib-nano for all the platforms
 CFLAGS += --specs=nano.specs
 
+ifneq ($(LTO_EXTRA_OPTIMIZATIONS),)
+CFLAGS += -fipa-pta -fdevirtualize-at-ltrans -fdevirtualize-speculatively -flto-partition=balanced -fmerge-all-constants
+LDFLAGS += -fipa-pta -fdevirtualize-at-ltrans -fdevirtualize-speculatively -flto-partition=balanced -fmerge-all-constants
+endif
+
 # Check if the compiler version is the minimum required
 version_to_number=$(shell v=$1; v=($${v//./ }); echo $$((v[0] * 10000 + v[1] * 100 + v[2])))
 get_major_version=$(shell v=$1; v=($${v//./ }); echo $${v[0]})

hal/inc/bootloader.h

@@ -36,8 +36,6 @@ int bootloader_update(const void* bootloader_image, unsigned length);
 // Make sure we have only one function to retrieve the bootloader version going forward.
 uint16_t bootloader_get_version(void);
 
-int bootloader_init_security_mode(void* reserved);
-
 #ifdef __cplusplus
 }
 #endif

hal/inc/hal_dynalib_usb.h

@@ -43,11 +43,11 @@ DYNALIB_FN(0, hal_usb, HAL_USB_USART_Init, void(HAL_USB_USART_Serial, const HAL_
 DYNALIB_FN(1, hal_usb, HAL_USB_USART_Begin, void(HAL_USB_USART_Serial, uint32_t, void *))
 DYNALIB_FN(2, hal_usb, HAL_USB_USART_End, void(HAL_USB_USART_Serial))
 DYNALIB_FN(3, hal_usb, HAL_USB_USART_Baud_Rate, unsigned int(HAL_USB_USART_Serial))
-DYNALIB_FN(4, hal_usb, HAL_USB_USART_Available_Data, int32_t(HAL_USB_USART_Serial))
-DYNALIB_FN(5, hal_usb, HAL_USB_USART_Available_Data_For_Write, int32_t(HAL_USB_USART_Serial))
-DYNALIB_FN(6, hal_usb, HAL_USB_USART_Receive_Data, int32_t(HAL_USB_USART_Serial, uint8_t))
-DYNALIB_FN(7, hal_usb, HAL_USB_USART_Send_Data, int32_t(HAL_USB_USART_Serial, uint8_t))
-DYNALIB_FN(8, hal_usb, HAL_USB_USART_Flush_Data, void(HAL_USB_USART_Serial))
+DYNALIB_FN_WRAP(4, hal_usb, HAL_USB_USART_Available_Data, protected, int32_t(HAL_USB_USART_Serial))
+DYNALIB_FN_WRAP(5, hal_usb, HAL_USB_USART_Available_Data_For_Write, protected, int32_t(HAL_USB_USART_Serial))
+DYNALIB_FN_WRAP(6, hal_usb, HAL_USB_USART_Receive_Data, protected, int32_t(HAL_USB_USART_Serial, uint8_t))
+DYNALIB_FN_WRAP(7, hal_usb, HAL_USB_USART_Send_Data, protected, int32_t(HAL_USB_USART_Serial, uint8_t))
+DYNALIB_FN_WRAP(8, hal_usb, HAL_USB_USART_Flush_Data, protected, void(HAL_USB_USART_Serial))
 DYNALIB_FN(9, hal_usb, HAL_USB_USART_Is_Enabled, bool(HAL_USB_USART_Serial))
 DYNALIB_FN(10, hal_usb, HAL_USB_USART_Is_Connected, bool(HAL_USB_USART_Serial))
 DYNALIB_FN(11, hal_usb, HAL_USB_USART_LineCoding_BitRate_Handler, int32_t(void (*handler)(uint32_t bitRate), void* reserved))

hal/inc/usb_hal.h

@@ -43,6 +43,8 @@
 #include "hw_config.h"
 #endif
 
+#include "security_mode.h"
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -204,11 +206,11 @@ void HAL_USB_USART_Init(HAL_USB_USART_Serial serial, const HAL_USB_USART_Config*
 void HAL_USB_USART_Begin(HAL_USB_USART_Serial serial, uint32_t baud, void *reserved);
 void HAL_USB_USART_End(HAL_USB_USART_Serial serial);
 unsigned int HAL_USB_USART_Baud_Rate(HAL_USB_USART_Serial serial);
-int32_t HAL_USB_USART_Available_Data(HAL_USB_USART_Serial serial);
-int32_t HAL_USB_USART_Available_Data_For_Write(HAL_USB_USART_Serial serial);
-int32_t HAL_USB_USART_Receive_Data(HAL_USB_USART_Serial serial, uint8_t peek);
-int32_t HAL_USB_USART_Send_Data(HAL_USB_USART_Serial serial, uint8_t data);
-void HAL_USB_USART_Flush_Data(HAL_USB_USART_Serial serial);
+SECURITY_MODE_PROTECTED_FN(int32_t, HAL_USB_USART_Available_Data, (HAL_USB_USART_Serial serial));
+SECURITY_MODE_PROTECTED_FN(int32_t, HAL_USB_USART_Available_Data_For_Write, (HAL_USB_USART_Serial serial));
+SECURITY_MODE_PROTECTED_FN(int32_t, HAL_USB_USART_Receive_Data, (HAL_USB_USART_Serial serial, uint8_t peek));
+SECURITY_MODE_PROTECTED_FN(int32_t, HAL_USB_USART_Send_Data, (HAL_USB_USART_Serial serial, uint8_t data));
+SECURITY_MODE_PROTECTED_FN(void, HAL_USB_USART_Flush_Data, (HAL_USB_USART_Serial serial));
 bool HAL_USB_USART_Is_Enabled(HAL_USB_USART_Serial serial);
 bool HAL_USB_USART_Is_Connected(HAL_USB_USART_Serial serial);
 int32_t HAL_USB_USART_LineCoding_BitRate_Handler(void (*handler)(uint32_t bitRate), void* reserved);

hal/src/nRF52840/ble_hal.cpp

@@ -869,7 +869,7 @@ int BleObject::BleGap::setDeviceAddress(const hal_ble_addr_t* address) const {
 
 int BleObject::BleGap::getDeviceAddress(hal_ble_addr_t* address) const {
     CHECK_TRUE(address, SYSTEM_ERROR_INVALID_ARGUMENT);
-    ble_gap_addr_t localAddr;
+    ble_gap_addr_t localAddr = {};
     int ret = sd_ble_gap_addr_get(&localAddr);
     CHECK_NRF_RETURN(ret, nrf_system_error(ret));
     *address = toHalAddress(localAddr);

hal/src/nRF52840/bootloader.cpp

@@ -87,16 +87,3 @@ uint16_t bootloader_get_version(void)
     }
     return info.module_version;
 }
-
-int bootloader_init_security_mode(void* reserved) {
-    CHECK_TRUE(FLASH_VerifyCRC32(FLASH_INTERNAL, BOOTLOADER_ADDR, FLASH_ModuleLength(FLASH_INTERNAL, BOOTLOADER_ADDR)), SYSTEM_ERROR_BAD_DATA);
-    module_info_security_mode_ext_t ext = {};
-    ext.ext.length = sizeof(ext);
-    CHECK(security_mode_find_extension(HAL_STORAGE_ID_INTERNAL_FLASH, BOOTLOADER_ADDR, &ext));
-
-    if (ext.security_mode == MODULE_INFO_SECURITY_MODE_PROTECTED) {
-        security_mode_set(ext.security_mode, nullptr);
-    }
-
-    return 0;
-}

hal/src/nRF52840/lwip/lwipopts.h

@@ -451,14 +451,14 @@ void sys_unlock_tcpip_core(void);
  * this option does not affect outgoing packet sizes, which can be controlled
  * via IP_FRAG.
  */
-#define IP_REASSEMBLY                   (PLATFORM_ID != PLATFORM_TRACKER)
+#define IP_REASSEMBLY                   (0)
 
 /**
  * IP_FRAG==1: Fragment outgoing IP packets if their size exceeds MTU. Note
  * that this option does not affect incoming packet sizes, which can be
  * controlled via IP_REASSEMBLY.
  */
-#define IP_FRAG                         (PLATFORM_ID != PLATFORM_TRACKER)
+#define IP_FRAG                         (0)
 
 /**
  * IP_OPTIONS_ALLOWED: Defines the behavior for IP options.

hal/src/nRF52840/usb_hal.cpp

@@ -92,10 +92,20 @@ int32_t HAL_USB_USART_Available_Data(HAL_USB_USART_Serial serial) {
     return usb_uart_available_rx_data();
 }
 
+int32_t HAL_USB_USART_Available_Data_protected(HAL_USB_USART_Serial serial) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Available_Data(serial);
+}
+
 int32_t HAL_USB_USART_Available_Data_For_Write(HAL_USB_USART_Serial serial) {
     return usb_uart_available_tx_data();
 }
 
+int32_t HAL_USB_USART_Available_Data_For_Write_protected(HAL_USB_USART_Serial serial) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Available_Data_For_Write(serial);
+}
+
 int32_t HAL_USB_USART_Receive_Data(HAL_USB_USART_Serial serial, uint8_t peek) {
     if (usb_uart_available_rx_data() == 0) {
         return -1;
@@ -108,14 +118,31 @@ int32_t HAL_USB_USART_Receive_Data(HAL_USB_USART_Serial serial, uint8_t peek) {
     }
 }
 
+int32_t HAL_USB_USART_Receive_Data_protected(HAL_USB_USART_Serial serial, uint8_t peek) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Receive_Data(serial, peek);
+}
+
 int32_t HAL_USB_USART_Send_Data(HAL_USB_USART_Serial serial, uint8_t data) {
     return usb_uart_send(&data, 1);
 }
 
+int32_t HAL_USB_USART_Send_Data_protected(HAL_USB_USART_Serial serial, uint8_t data) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Send_Data(serial, data);
+}
+
 void HAL_USB_USART_Flush_Data(HAL_USB_USART_Serial serial) {
     usb_uart_flush_tx_data();
 }
 
+void HAL_USB_USART_Flush_Data_protected(HAL_USB_USART_Serial serial) {
+    if (security_mode_get(NULL) == MODULE_INFO_SECURITY_MODE_PROTECTED) {
+        return;
+    }
+    HAL_USB_USART_Flush_Data(serial);
+}
+
 bool HAL_USB_USART_Is_Enabled(HAL_USB_USART_Serial serial) {
     return usb_hal_is_enabled();
 }

hal/src/rtl872x/bootloader.cpp

@@ -88,16 +88,3 @@ uint16_t bootloader_get_version(void)
     // hard code to unblock porting work for now
     return 1001;
 }
-
-int bootloader_init_security_mode(void* reserved) {
-    CHECK_TRUE(FLASH_VerifyCRC32(FLASH_INTERNAL, BOOTLOADER_ADDR, FLASH_ModuleLength(FLASH_INTERNAL, BOOTLOADER_ADDR)), SYSTEM_ERROR_BAD_DATA);
-    module_info_security_mode_ext_t ext = {};
-    ext.ext.length = sizeof(ext);
-    CHECK(security_mode_find_extension(HAL_STORAGE_ID_INTERNAL_FLASH, BOOTLOADER_ADDR, &ext));
-
-    if (ext.security_mode == MODULE_INFO_SECURITY_MODE_PROTECTED) {
-        security_mode_set(ext.security_mode, nullptr);
-    }
-
-    return 0;
-}

hal/src/rtl872x/usb_hal.cpp

@@ -170,6 +170,11 @@ int32_t HAL_USB_USART_Available_Data(HAL_USB_USART_Serial serial) {
     return getCdcClassDriver().available();
 }
 
+int32_t HAL_USB_USART_Available_Data_protected(HAL_USB_USART_Serial serial) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Available_Data(serial);
+}
+
 int32_t HAL_USB_USART_Available_Data_For_Write(HAL_USB_USART_Serial serial) {
     if (serial != HAL_USB_USART_SERIAL) {
         return SYSTEM_ERROR_INVALID_ARGUMENT;
@@ -180,6 +185,11 @@ int32_t HAL_USB_USART_Available_Data_For_Write(HAL_USB_USART_Serial serial) {
     return getCdcClassDriver().availableForWrite();
 }
 
+int32_t HAL_USB_USART_Available_Data_For_Write_protected(HAL_USB_USART_Serial serial) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Available_Data_For_Write(serial);
+}
+
 int32_t HAL_USB_USART_Receive_Data(HAL_USB_USART_Serial serial, uint8_t peek) {
     if (serial != HAL_USB_USART_SERIAL) {
         return SYSTEM_ERROR_INVALID_ARGUMENT;
@@ -197,6 +207,11 @@ int32_t HAL_USB_USART_Receive_Data(HAL_USB_USART_Serial serial, uint8_t peek) {
     return r;
 }
 
+int32_t HAL_USB_USART_Receive_Data_protected(HAL_USB_USART_Serial serial, uint8_t peek) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Receive_Data(serial, peek);
+}
+
 int32_t HAL_USB_USART_Send_Data(HAL_USB_USART_Serial serial, uint8_t data) {
     if (serial != HAL_USB_USART_SERIAL) {
         return SYSTEM_ERROR_INVALID_ARGUMENT;
@@ -220,13 +235,25 @@ int32_t HAL_USB_USART_Send_Data(HAL_USB_USART_Serial serial, uint8_t data) {
     return -1;
 }
 
+int32_t HAL_USB_USART_Send_Data_protected(HAL_USB_USART_Serial serial, uint8_t data) {
+    CHECK_SECURITY_MODE_PROTECTED();
+    return HAL_USB_USART_Send_Data(serial, data);
+}
+
 void HAL_USB_USART_Flush_Data(HAL_USB_USART_Serial serial) {
     if (serial != HAL_USB_USART_SERIAL) {
         return;
     }
     return getCdcClassDriver().flush();
 }
 
+void HAL_USB_USART_Flush_Data_protected(HAL_USB_USART_Serial serial) {
+    if (security_mode_get(NULL) == MODULE_INFO_SECURITY_MODE_PROTECTED) {
+        return;
+    }
+    return HAL_USB_USART_Flush_Data(serial);
+}
+
 bool HAL_USB_USART_Is_Enabled(HAL_USB_USART_Serial serial) {
     if (serial != HAL_USB_USART_SERIAL) {
         return false;

modules/argon/system-part1/makefile

@@ -9,6 +9,8 @@ NCP_FIRMWARE_MODULE_VERSION=4
 DEPENDENCIES = newlib_nano modules/argon/user-part modules/argon/system-part1 dynalib services hal platform system wiring communication rt-dynalib crypto proto_defs
 LIB_DEPENDENCIES = services system wiring communication hal platform crypto proto_defs
 
+export FORCE_LTO=1
+
 # newlib_nano is special in that it's linked automatically by the system, so no need to add it to the library path here
 MAKE_DEPENDENCIES = newlib_nano $(LIB_DEPENDENCIES)
 include ../modular.mk
@@ -29,7 +31,7 @@ include $(PROJECT_ROOT)/build/arm-tlm.mk
 
 # NOTE: When compiling with LTO vTaskSwitchContext is getting linked out, despite the fact that it's
 # marked as used.
-LDFLAGS += -flto -Os -fuse-linker-plugin -Wl,--undefined=vTaskSwitchContext
+LDFLAGS += -Wl,--undefined=vTaskSwitchContext
 
 $(call check_modular)