From 2f5b52223cae3ea035bdc95c805eaea96439af58 Mon Sep 17 00:00:00 2001 From: CTCaer Date: Tue, 20 Oct 2020 10:16:12 +0300 Subject: [PATCH] config: Add bootloader protection `bootprotect=1` enables protection of the `bootloader` folder inside HOS. This disallows any reading/writing of the folder and its contents inside HOS, preventing any corruption of it. This of course has the side-effect of homebrew that depend on it (e.g. hekate Toolbox) to not work fully. --- README.md | 1 + bootloader/config.c | 16 ++++------------ bootloader/config.h | 3 +-- bootloader/main.c | 27 +++++++++++++++++---------- nyx/nyx_gui/config.c | 16 ++++------------ nyx/nyx_gui/config.h | 3 +-- nyx/nyx_gui/nyx.c | 6 ++---- 7 files changed, 30 insertions(+), 42 deletions(-) diff --git a/README.md b/README.md index 3282520..1677305 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,7 @@ You can find a template [Here](./res/hekate_ipl_template.ini) | bootwait=3 | 0: Disable (It also disables bootlogo. Having **VOL-** pressed since injection goes to menu.), #: Time to wait for **VOL-** to enter menu. | | autohosoff=1 | 0: Disable, 1: If woke up from HOS via an RTC alarm, shows logo, then powers off completely, 2: No logo, immediately powers off.| | autonogc=1 | 0: Disable, 1: Automatically applies nogc patch if unburnt fuses found and a >= 4.0.0 HOS is booted. | +| bootprotect=0 | 0: Disable, 1: Protect bootloader folder from being corrupted by disallowing reading or editing in HOS. | | updater2p=0 | 0: Disable, 1: Force updates (if needed) the reboot2payload binary to be hekate. | | backlight=100 | Screen backlight level. 0-255. | diff --git a/bootloader/config.c b/bootloader/config.c index 17e74c8..2de4491 100644 --- a/bootloader/config.c +++ b/bootloader/config.c @@ -42,8 +42,7 @@ void set_default_configuration() h_cfg.autohosoff = 0; h_cfg.autonogc = 1; h_cfg.updater2p = 0; - h_cfg.brand = NULL; - h_cfg.tagline = NULL; + h_cfg.bootprotect = 0; h_cfg.errors = 0; h_cfg.eks = NULL; h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN; @@ -107,16 +106,9 @@ int create_config_entry() f_puts("\nupdater2p=", &fp); itoa(h_cfg.updater2p, lbuf, 10); f_puts(lbuf, &fp); - if (h_cfg.brand) - { - f_puts("\nbrand=", &fp); - f_puts(h_cfg.brand, &fp); - } - if (h_cfg.tagline) - { - f_puts("\ntagline=", &fp); - f_puts(h_cfg.tagline, &fp); - } + f_puts("\nbootprotect=", &fp); + itoa(h_cfg.bootprotect, lbuf, 10); + f_puts(lbuf, &fp); f_puts("\n", &fp); if (mainIniFound) diff --git a/bootloader/config.h b/bootloader/config.h index 873cf70..5dd9ea1 100644 --- a/bootloader/config.h +++ b/bootloader/config.h @@ -30,8 +30,7 @@ typedef struct _hekate_config u32 autohosoff; u32 autonogc; u32 updater2p; - char *brand; - char *tagline; + u32 bootprotect; // Global temporary config. bool se_keygen_done; bool sept_run; diff --git a/bootloader/main.c b/bootloader/main.c index bf48ab4..ab36a3e 100644 --- a/bootloader/main.c +++ b/bootloader/main.c @@ -767,6 +767,18 @@ static ini_sec_t *get_ini_sec_from_id(ini_sec_t *ini_sec, char **bootlogoCustomE return cfg_sec; } +static void _bootloader_corruption_protect() +{ + FILINFO fno; + if (!f_stat("bootloader", &fno)) + { + if (!h_cfg.bootprotect && (fno.fattrib & AM_ARC)) + f_chmod("bootloader", 0, AM_ARC); + else if (h_cfg.bootprotect && !(fno.fattrib & AM_ARC)) + f_chmod("bootloader", AM_ARC, AM_ARC); + } +} + static void _auto_launch_firmware() { if(b_cfg.extra_cfg & (EXTRA_CFG_NYX_DUMP | EXTRA_CFG_NYX_BIS)) @@ -845,16 +857,8 @@ static void _auto_launch_firmware() h_cfg.autonogc = atoi(kv->val); else if (!strcmp("updater2p", kv->key)) h_cfg.updater2p = atoi(kv->val); - else if (!strcmp("brand", kv->key)) - { - h_cfg.brand = malloc(strlen(kv->val) + 1); - strcpy(h_cfg.brand, kv->val); - } - else if (!strcmp("tagline", kv->key)) - { - h_cfg.tagline = malloc(strlen(kv->val) + 1); - strcpy(h_cfg.tagline, kv->val); - } + else if (!strcmp("bootprotect", kv->key)) + h_cfg.bootprotect = atoi(kv->val); } boot_entry_id++; @@ -870,6 +874,9 @@ static void _auto_launch_firmware() b_cfg.autoboot_list = h_cfg.autoboot_list; } + // Apply bootloader protection against corruption. + _bootloader_corruption_protect(); + continue; } diff --git a/nyx/nyx_gui/config.c b/nyx/nyx_gui/config.c index 8c9469f..3dcb942 100644 --- a/nyx/nyx_gui/config.c +++ b/nyx/nyx_gui/config.c @@ -42,8 +42,7 @@ void set_default_configuration() h_cfg.autohosoff = 0; h_cfg.autonogc = 1; h_cfg.updater2p = 0; - h_cfg.brand = NULL; - h_cfg.tagline = NULL; + h_cfg.bootprotect = 0; h_cfg.errors = 0; h_cfg.eks = NULL; h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN; @@ -118,16 +117,9 @@ int create_config_entry() f_puts("\nupdater2p=", &fp); itoa(h_cfg.updater2p, lbuf, 10); f_puts(lbuf, &fp); - if (h_cfg.brand) - { - f_puts("\nbrand=", &fp); - f_puts(h_cfg.brand, &fp); - } - if (h_cfg.tagline) - { - f_puts("\ntagline=", &fp); - f_puts(h_cfg.tagline, &fp); - } + f_puts("\nbootprotect=", &fp); + itoa(h_cfg.bootprotect, lbuf, 10); + f_puts(lbuf, &fp); f_puts("\n", &fp); if (mainIniFound) diff --git a/nyx/nyx_gui/config.h b/nyx/nyx_gui/config.h index 8199122..c61a015 100644 --- a/nyx/nyx_gui/config.h +++ b/nyx/nyx_gui/config.h @@ -30,8 +30,7 @@ typedef struct _hekate_config u32 autohosoff; u32 autonogc; u32 updater2p; - char *brand; - char *tagline; + u32 bootprotect; // Global temporary config. bool se_keygen_done; bool sept_run; diff --git a/nyx/nyx_gui/nyx.c b/nyx/nyx_gui/nyx.c index afed088..6ea64b7 100644 --- a/nyx/nyx_gui/nyx.c +++ b/nyx/nyx_gui/nyx.c @@ -241,10 +241,8 @@ void load_saved_configuration() h_cfg.autonogc = atoi(kv->val); else if (!strcmp("updater2p", kv->key)) h_cfg.updater2p = atoi(kv->val); - else if (!strcmp("brand", kv->key)) - h_cfg.brand = kv->val; - else if (!strcmp("tagline", kv->key)) - h_cfg.tagline = kv->val; + else if (!strcmp("bootprotect", kv->key)) + h_cfg.bootprotect = atoi(kv->val); } break;