config: Add bootloader protection

`bootprotect=1` enables protection of the `bootloader` folder inside HOS.

This disallows any reading/writing of the folder and its contents inside HOS, preventing any corruption of it.

This of course has the side-effect of homebrew that depend on it (e.g. hekate Toolbox) to not work fully.
This commit is contained in:
CTCaer 2020-10-20 10:16:12 +03:00
parent bf222290b8
commit 2f5b52223c
7 changed files with 30 additions and 42 deletions

View file

@ -55,6 +55,7 @@ You can find a template [Here](./res/hekate_ipl_template.ini)
| bootwait=3 | 0: Disable (It also disables bootlogo. Having **VOL-** pressed since injection goes to menu.), #: Time to wait for **VOL-** to enter menu. | | bootwait=3 | 0: Disable (It also disables bootlogo. Having **VOL-** pressed since injection goes to menu.), #: Time to wait for **VOL-** to enter menu. |
| autohosoff=1 | 0: Disable, 1: If woke up from HOS via an RTC alarm, shows logo, then powers off completely, 2: No logo, immediately powers off.| | autohosoff=1 | 0: Disable, 1: If woke up from HOS via an RTC alarm, shows logo, then powers off completely, 2: No logo, immediately powers off.|
| autonogc=1 | 0: Disable, 1: Automatically applies nogc patch if unburnt fuses found and a >= 4.0.0 HOS is booted. | | autonogc=1 | 0: Disable, 1: Automatically applies nogc patch if unburnt fuses found and a >= 4.0.0 HOS is booted. |
| bootprotect=0 | 0: Disable, 1: Protect bootloader folder from being corrupted by disallowing reading or editing in HOS. |
| updater2p=0 | 0: Disable, 1: Force updates (if needed) the reboot2payload binary to be hekate. | | updater2p=0 | 0: Disable, 1: Force updates (if needed) the reboot2payload binary to be hekate. |
| backlight=100 | Screen backlight level. 0-255. | | backlight=100 | Screen backlight level. 0-255. |

View file

@ -42,8 +42,7 @@ void set_default_configuration()
h_cfg.autohosoff = 0; h_cfg.autohosoff = 0;
h_cfg.autonogc = 1; h_cfg.autonogc = 1;
h_cfg.updater2p = 0; h_cfg.updater2p = 0;
h_cfg.brand = NULL; h_cfg.bootprotect = 0;
h_cfg.tagline = NULL;
h_cfg.errors = 0; h_cfg.errors = 0;
h_cfg.eks = NULL; h_cfg.eks = NULL;
h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN; h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN;
@ -107,16 +106,9 @@ int create_config_entry()
f_puts("\nupdater2p=", &fp); f_puts("\nupdater2p=", &fp);
itoa(h_cfg.updater2p, lbuf, 10); itoa(h_cfg.updater2p, lbuf, 10);
f_puts(lbuf, &fp); f_puts(lbuf, &fp);
if (h_cfg.brand) f_puts("\nbootprotect=", &fp);
{ itoa(h_cfg.bootprotect, lbuf, 10);
f_puts("\nbrand=", &fp); f_puts(lbuf, &fp);
f_puts(h_cfg.brand, &fp);
}
if (h_cfg.tagline)
{
f_puts("\ntagline=", &fp);
f_puts(h_cfg.tagline, &fp);
}
f_puts("\n", &fp); f_puts("\n", &fp);
if (mainIniFound) if (mainIniFound)

View file

@ -30,8 +30,7 @@ typedef struct _hekate_config
u32 autohosoff; u32 autohosoff;
u32 autonogc; u32 autonogc;
u32 updater2p; u32 updater2p;
char *brand; u32 bootprotect;
char *tagline;
// Global temporary config. // Global temporary config.
bool se_keygen_done; bool se_keygen_done;
bool sept_run; bool sept_run;

View file

@ -767,6 +767,18 @@ static ini_sec_t *get_ini_sec_from_id(ini_sec_t *ini_sec, char **bootlogoCustomE
return cfg_sec; return cfg_sec;
} }
static void _bootloader_corruption_protect()
{
FILINFO fno;
if (!f_stat("bootloader", &fno))
{
if (!h_cfg.bootprotect && (fno.fattrib & AM_ARC))
f_chmod("bootloader", 0, AM_ARC);
else if (h_cfg.bootprotect && !(fno.fattrib & AM_ARC))
f_chmod("bootloader", AM_ARC, AM_ARC);
}
}
static void _auto_launch_firmware() static void _auto_launch_firmware()
{ {
if(b_cfg.extra_cfg & (EXTRA_CFG_NYX_DUMP | EXTRA_CFG_NYX_BIS)) if(b_cfg.extra_cfg & (EXTRA_CFG_NYX_DUMP | EXTRA_CFG_NYX_BIS))
@ -845,16 +857,8 @@ static void _auto_launch_firmware()
h_cfg.autonogc = atoi(kv->val); h_cfg.autonogc = atoi(kv->val);
else if (!strcmp("updater2p", kv->key)) else if (!strcmp("updater2p", kv->key))
h_cfg.updater2p = atoi(kv->val); h_cfg.updater2p = atoi(kv->val);
else if (!strcmp("brand", kv->key)) else if (!strcmp("bootprotect", kv->key))
{ h_cfg.bootprotect = atoi(kv->val);
h_cfg.brand = malloc(strlen(kv->val) + 1);
strcpy(h_cfg.brand, kv->val);
}
else if (!strcmp("tagline", kv->key))
{
h_cfg.tagline = malloc(strlen(kv->val) + 1);
strcpy(h_cfg.tagline, kv->val);
}
} }
boot_entry_id++; boot_entry_id++;
@ -870,6 +874,9 @@ static void _auto_launch_firmware()
b_cfg.autoboot_list = h_cfg.autoboot_list; b_cfg.autoboot_list = h_cfg.autoboot_list;
} }
// Apply bootloader protection against corruption.
_bootloader_corruption_protect();
continue; continue;
} }

View file

@ -42,8 +42,7 @@ void set_default_configuration()
h_cfg.autohosoff = 0; h_cfg.autohosoff = 0;
h_cfg.autonogc = 1; h_cfg.autonogc = 1;
h_cfg.updater2p = 0; h_cfg.updater2p = 0;
h_cfg.brand = NULL; h_cfg.bootprotect = 0;
h_cfg.tagline = NULL;
h_cfg.errors = 0; h_cfg.errors = 0;
h_cfg.eks = NULL; h_cfg.eks = NULL;
h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN; h_cfg.sept_run = EMC(EMC_SCRATCH0) & EMC_SEPT_RUN;
@ -118,16 +117,9 @@ int create_config_entry()
f_puts("\nupdater2p=", &fp); f_puts("\nupdater2p=", &fp);
itoa(h_cfg.updater2p, lbuf, 10); itoa(h_cfg.updater2p, lbuf, 10);
f_puts(lbuf, &fp); f_puts(lbuf, &fp);
if (h_cfg.brand) f_puts("\nbootprotect=", &fp);
{ itoa(h_cfg.bootprotect, lbuf, 10);
f_puts("\nbrand=", &fp); f_puts(lbuf, &fp);
f_puts(h_cfg.brand, &fp);
}
if (h_cfg.tagline)
{
f_puts("\ntagline=", &fp);
f_puts(h_cfg.tagline, &fp);
}
f_puts("\n", &fp); f_puts("\n", &fp);
if (mainIniFound) if (mainIniFound)

View file

@ -30,8 +30,7 @@ typedef struct _hekate_config
u32 autohosoff; u32 autohosoff;
u32 autonogc; u32 autonogc;
u32 updater2p; u32 updater2p;
char *brand; u32 bootprotect;
char *tagline;
// Global temporary config. // Global temporary config.
bool se_keygen_done; bool se_keygen_done;
bool sept_run; bool sept_run;

View file

@ -241,10 +241,8 @@ void load_saved_configuration()
h_cfg.autonogc = atoi(kv->val); h_cfg.autonogc = atoi(kv->val);
else if (!strcmp("updater2p", kv->key)) else if (!strcmp("updater2p", kv->key))
h_cfg.updater2p = atoi(kv->val); h_cfg.updater2p = atoi(kv->val);
else if (!strcmp("brand", kv->key)) else if (!strcmp("bootprotect", kv->key))
h_cfg.brand = kv->val; h_cfg.bootprotect = atoi(kv->val);
else if (!strcmp("tagline", kv->key))
h_cfg.tagline = kv->val;
} }
break; break;