bootloader-fw-link: Use RAM to communicate

Instead of writing to non-volatile storage between mcu resets, write to
a well-known location.

RAM is random after hardware reset, but does not get cleared on MCU
reset.

Author: NickeZ

bootloader.ld

@@ -116,6 +116,7 @@ SECTIONS
     {
         . = ALIGN(4);
         _srtt = .;
+        *(.auto_enter);
         *(.segger_rtt);
         *(.segger_rtt_buf);
         _ertt = .;

firmware.ld

@@ -115,6 +115,7 @@ SECTIONS
     {
         . = ALIGN(4);
         _srtt = .;
+        *(.auto_enter);
         *(.segger_rtt);
         *(.segger_rtt_buf);
         _ertt = .;

src/bootloader/bootloader.c

@@ -39,6 +39,9 @@
 
 #include <assert.h>
 
+// Section is fixed in ram, so can be used to communicate between fw/bl
+volatile secbool_u32 auto_enter __attribute__((section(".auto_enter")));
+
 #define BOOT_OP_LEN 2u // 1 byte op code and 1 byte parameter
 #define BOOTLOADER_CMD (HID_VENDOR_FIRST + 0x03) // Hardware wallet command
 
@@ -758,12 +761,7 @@ static size_t _api_versions(uint8_t* output)
 
 static void _api_reboot(void)
 {
-    chunk_shared_t shared_data;
-    memory_read_shared_bootdata(&shared_data);
-    if (shared_data.fields.auto_enter == sectrue_u8) {
-        shared_data.fields.auto_enter = secfalse_u8;
-        _write_chunk(FLASH_SHARED_DATA_START, shared_data.bytes);
-    }
+    auto_enter = secfalse_u32;
     _reset_mcu();
 }
 
@@ -977,7 +975,7 @@ void bootloader_jump(void)
 
     UG_FontSelect(&font_font_a_9X9);
 
-    if (shared_data.fields.auto_enter != sectrue_u8) {
+    if (auto_enter != sectrue_u32) {
 #ifdef BOOTLOADER_DEVDEVICE
         if (!_devdevice_enter(_firmware_verified_jump(&bootdata, secfalse_u32))) {
             _binary_exec();

src/factorysetup.c

@@ -20,6 +20,7 @@
 #include "platform_init.h"
 #include "screen.h"
 #include "securechip/securechip.h"
+#include "system.h"
 #include "usb/usb.h"
 #include "usb/usb_packet.h"
 #include "usb/usb_processing.h"
@@ -312,19 +313,8 @@ int main(void)
     screen_splash();
     common_main();
 
-    {
-        // Set to re-enter bootloader again, otherwise we are stuck with this
-        // firmware forever.
-        auto_enter_t auto_enter = {
-            .value = sectrue_u8,
-        };
-        upside_down_t upside_down = {
-            .value = false,
-        };
-        if (!memory_bootloader_set_flags(auto_enter, upside_down)) {
-            // Not much we can do here.
-        }
-    }
+    // After reset we prefer to stay in bootloader
+    auto_enter = sectrue_u32;
 
     SEGGER_RTT_Init();
 

src/system.c

@@ -15,22 +15,16 @@
 #include "system.h"
 #include <memory/memory.h>
 #include <screen.h>
+#include <stdint.h>
 #ifndef TESTING
 #include <driver_init.h>
 #endif
 
+volatile secbool_u32 auto_enter __attribute__((section(".auto_enter")));
+
 void reboot(void)
 {
-    auto_enter_t auto_enter = {
-        .value = sectrue_u8,
-    };
-    upside_down_t upside_down = {
-        .value = screen_is_upside_down(),
-    };
-    if (!memory_bootloader_set_flags(auto_enter, upside_down)) {
-        // If this failed, we might not be able to reboot into the bootloader.
-        // We will try anyway, no point in aborting here.
-    }
+    auto_enter = sectrue_u32;
 #ifndef TESTING
     _reset_mcu();
 #endif

src/system.h

@@ -15,8 +15,14 @@
 #ifndef _SYSTEM_H_
 #define _SYSTEM_H_
 
+#include "util.h"
+
+// Set this to `sectrue_u32` to stay in bootloader, or anything else to jump to firmware
+
+extern volatile secbool_u32 auto_enter;
+
 /**
- * Reboots the device.
+ * Reboots the device into bootloader
  */
 void reboot(void);