Allow temporarily disabling device protection

hal/src/nRF52840/bootloader.cpp

@@ -89,6 +89,12 @@ uint16_t bootloader_get_version(void)
 }
 
 int bootloader_init_security_mode(void* reserved) {
+    // Skip setting the security mode if device protection is temporarily disabled
+    uint32_t disabled = HAL_Core_Read_Backup_Register(BKP_DR_08);
+    if (disabled) {
+        return 0;
+    }
+
     CHECK_TRUE(FLASH_VerifyCRC32(FLASH_INTERNAL, BOOTLOADER_ADDR, FLASH_ModuleLength(FLASH_INTERNAL, BOOTLOADER_ADDR)), SYSTEM_ERROR_BAD_DATA);
     module_info_security_mode_ext_t ext = {};
     ext.ext.length = sizeof(ext);

hal/src/rtl872x/bootloader.cpp

@@ -90,6 +90,12 @@ uint16_t bootloader_get_version(void)
 }
 
 int bootloader_init_security_mode(void* reserved) {
+    // Skip setting the security mode if device protection is temporarily disabled
+    uint32_t disabled = HAL_Core_Read_Backup_Register(BKP_DR_08);
+    if (disabled) {
+        return 0;
+    }
+
     CHECK_TRUE(FLASH_VerifyCRC32(FLASH_INTERNAL, BOOTLOADER_ADDR, FLASH_ModuleLength(FLASH_INTERNAL, BOOTLOADER_ADDR)), SYSTEM_ERROR_BAD_DATA);
     module_info_security_mode_ext_t ext = {};
     ext.ext.length = sizeof(ext);

proto_defs/src/control/config.pb.c

@@ -132,6 +132,12 @@ PB_BIND(particle_ctrl_GetProtectedStateRequest, particle_ctrl_GetProtectedStateR
 PB_BIND(particle_ctrl_GetProtectedStateReply, particle_ctrl_GetProtectedStateReply, AUTO)
 
 
+PB_BIND(particle_ctrl_SetProtectedStateRequest, particle_ctrl_SetProtectedStateRequest, AUTO)
+
+
+PB_BIND(particle_ctrl_SetProtectedStateReply, particle_ctrl_SetProtectedStateReply, AUTO)
+
+
 PB_BIND(particle_ctrl_SystemResetRequest, particle_ctrl_SystemResetRequest, AUTO)
 
 
@@ -168,3 +174,4 @@ PB_BIND(particle_ctrl_StopNyanSignalReply, particle_ctrl_StopNyanSignalReply, AU
 
 
 
+

proto_defs/src/control/config.pb.h

@@ -47,6 +47,13 @@ typedef enum _particle_ctrl_Feature {
     particle_ctrl_Feature_ETHERNET_DETECTION = 1 /* Ethernet FeatherWing detection on boot */
 } particle_ctrl_Feature;
 
+/* Note: Use the same values as defined by the security_key_type enum */
+typedef enum _particle_ctrl_SetProtectedStateRequest_Action { 
+    particle_ctrl_SetProtectedStateRequest_Action_RESET = 0, /* Invalid key */
+    particle_ctrl_SetProtectedStateRequest_Action_DISABLE_REQUEST = 1, /* TCP device private key */
+    particle_ctrl_SetProtectedStateRequest_Action_DISABLE_CONFIRM = 2 /* TCP device public key */
+} particle_ctrl_SetProtectedStateRequest_Action;
+
 /* Struct definitions */
 /* Get the device ID */
 typedef struct _particle_ctrl_GetDeviceIdRequest { 
@@ -208,6 +215,7 @@ typedef struct _particle_ctrl_GetNcpFirmwareVersionReply {
 
 typedef struct _particle_ctrl_GetProtectedStateReply { 
     bool state; 
+    bool overridden; 
 } particle_ctrl_GetProtectedStateReply;
 
 typedef struct _particle_ctrl_GetSecurityKeyRequest { 
@@ -261,6 +269,21 @@ typedef struct _particle_ctrl_SetFeatureRequest {
     bool enabled; 
 } particle_ctrl_SetFeatureRequest;
 
+typedef PB_BYTES_ARRAY_T(32) particle_ctrl_SetProtectedStateReply_client_nonce_t;
+typedef struct _particle_ctrl_SetProtectedStateReply { 
+    bool has_client_nonce;
+    particle_ctrl_SetProtectedStateReply_client_nonce_t client_nonce; 
+    pb_callback_t client_signature; 
+} particle_ctrl_SetProtectedStateReply;
+
+typedef PB_BYTES_ARRAY_T(32) particle_ctrl_SetProtectedStateRequest_server_nonce_t;
+typedef struct _particle_ctrl_SetProtectedStateRequest { 
+    particle_ctrl_SetProtectedStateRequest_Action action; 
+    bool has_server_nonce;
+    particle_ctrl_SetProtectedStateRequest_server_nonce_t server_nonce; 
+    pb_callback_t server_signature; 
+} particle_ctrl_SetProtectedStateRequest;
+
 typedef struct _particle_ctrl_SetSecurityKeyRequest { 
     particle_ctrl_SecurityKeyType type; /* Key type */
     pb_callback_t data; /* Key data in DER format */
@@ -309,6 +332,10 @@ typedef struct _particle_ctrl_SetStartupModeRequest {
 #define _particle_ctrl_Feature_MAX particle_ctrl_Feature_ETHERNET_DETECTION
 #define _particle_ctrl_Feature_ARRAYSIZE ((particle_ctrl_Feature)(particle_ctrl_Feature_ETHERNET_DETECTION+1))
 
+#define _particle_ctrl_SetProtectedStateRequest_Action_MIN particle_ctrl_SetProtectedStateRequest_Action_RESET
+#define _particle_ctrl_SetProtectedStateRequest_Action_MAX particle_ctrl_SetProtectedStateRequest_Action_DISABLE_CONFIRM
+#define _particle_ctrl_SetProtectedStateRequest_Action_ARRAYSIZE ((particle_ctrl_SetProtectedStateRequest_Action)(particle_ctrl_SetProtectedStateRequest_Action_DISABLE_CONFIRM+1))
+
 
 #ifdef __cplusplus
 extern "C" {
@@ -356,7 +383,9 @@ extern "C" {
 #define particle_ctrl_SetStartupModeRequest_init_default {_particle_ctrl_DeviceMode_MIN}
 #define particle_ctrl_SetStartupModeReply_init_default {0}
 #define particle_ctrl_GetProtectedStateRequest_init_default {0}
-#define particle_ctrl_GetProtectedStateReply_init_default {0}
+#define particle_ctrl_GetProtectedStateReply_init_default {0, 0}
+#define particle_ctrl_SetProtectedStateRequest_init_default {_particle_ctrl_SetProtectedStateRequest_Action_MIN, false, {0, {0}}, {{NULL}, NULL}}
+#define particle_ctrl_SetProtectedStateReply_init_default {false, {0, {0}}, {{NULL}, NULL}}
 #define particle_ctrl_SystemResetRequest_init_default {0}
 #define particle_ctrl_SystemResetReply_init_default {0}
 #define particle_ctrl_SetFeatureRequest_init_default {_particle_ctrl_Feature_MIN, 0}
@@ -408,7 +437,9 @@ extern "C" {
 #define particle_ctrl_SetStartupModeRequest_init_zero {_particle_ctrl_DeviceMode_MIN}
 #define particle_ctrl_SetStartupModeReply_init_zero {0}
 #define particle_ctrl_GetProtectedStateRequest_init_zero {0}
-#define particle_ctrl_GetProtectedStateReply_init_zero {0}
+#define particle_ctrl_GetProtectedStateReply_init_zero {0, 0}
+#define particle_ctrl_SetProtectedStateRequest_init_zero {_particle_ctrl_SetProtectedStateRequest_Action_MIN, false, {0, {0}}, {{NULL}, NULL}}
+#define particle_ctrl_SetProtectedStateReply_init_zero {false, {0, {0}}, {{NULL}, NULL}}
 #define particle_ctrl_SystemResetRequest_init_zero {0}
 #define particle_ctrl_SystemResetReply_init_zero {0}
 #define particle_ctrl_SetFeatureRequest_init_zero {_particle_ctrl_Feature_MIN, 0}
@@ -430,6 +461,7 @@ extern "C" {
 #define particle_ctrl_GetNcpFirmwareVersionReply_version_tag 1
 #define particle_ctrl_GetNcpFirmwareVersionReply_module_version_tag 2
 #define particle_ctrl_GetProtectedStateReply_state_tag 1
+#define particle_ctrl_GetProtectedStateReply_overridden_tag 2
 #define particle_ctrl_GetSecurityKeyRequest_type_tag 1
 #define particle_ctrl_GetSerialNumberReply_serial_tag 1
 #define particle_ctrl_GetServerAddressReply_address_tag 1
@@ -443,6 +475,11 @@ extern "C" {
 #define particle_ctrl_SetDeviceSetupDoneRequest_done_tag 1
 #define particle_ctrl_SetFeatureRequest_feature_tag 1
 #define particle_ctrl_SetFeatureRequest_enabled_tag 2
+#define particle_ctrl_SetProtectedStateReply_client_nonce_tag 1
+#define particle_ctrl_SetProtectedStateReply_client_signature_tag 2
+#define particle_ctrl_SetProtectedStateRequest_action_tag 1
+#define particle_ctrl_SetProtectedStateRequest_server_nonce_tag 2
+#define particle_ctrl_SetProtectedStateRequest_server_signature_tag 3
 #define particle_ctrl_SetSecurityKeyRequest_type_tag 1
 #define particle_ctrl_SetSecurityKeyRequest_data_tag 2
 #define particle_ctrl_SetServerAddressRequest_protocol_tag 1
@@ -666,10 +703,24 @@ X(a, STATIC,   SINGULAR, UENUM,    mode,              1)
 #define particle_ctrl_GetProtectedStateRequest_DEFAULT NULL
 
 #define particle_ctrl_GetProtectedStateReply_FIELDLIST(X, a) \
-X(a, STATIC,   SINGULAR, BOOL,     state,             1)
+X(a, STATIC,   SINGULAR, BOOL,     state,             1) \
+X(a, STATIC,   SINGULAR, BOOL,     overridden,        2)
 #define particle_ctrl_GetProtectedStateReply_CALLBACK NULL
 #define particle_ctrl_GetProtectedStateReply_DEFAULT NULL
 
+#define particle_ctrl_SetProtectedStateRequest_FIELDLIST(X, a) \
+X(a, STATIC,   SINGULAR, UENUM,    action,            1) \
+X(a, STATIC,   OPTIONAL, BYTES,    server_nonce,      2) \
+X(a, CALLBACK, OPTIONAL, BYTES,    server_signature,   3)
+#define particle_ctrl_SetProtectedStateRequest_CALLBACK pb_default_field_callback
+#define particle_ctrl_SetProtectedStateRequest_DEFAULT NULL
+
+#define particle_ctrl_SetProtectedStateReply_FIELDLIST(X, a) \
+X(a, STATIC,   OPTIONAL, BYTES,    client_nonce,      1) \
+X(a, CALLBACK, OPTIONAL, BYTES,    client_signature,   2)
+#define particle_ctrl_SetProtectedStateReply_CALLBACK pb_default_field_callback
+#define particle_ctrl_SetProtectedStateReply_DEFAULT NULL
+
 #define particle_ctrl_SystemResetRequest_FIELDLIST(X, a) \
 
 #define particle_ctrl_SystemResetRequest_CALLBACK NULL
@@ -763,6 +814,8 @@ extern const pb_msgdesc_t particle_ctrl_SetStartupModeRequest_msg;
 extern const pb_msgdesc_t particle_ctrl_SetStartupModeReply_msg;
 extern const pb_msgdesc_t particle_ctrl_GetProtectedStateRequest_msg;
 extern const pb_msgdesc_t particle_ctrl_GetProtectedStateReply_msg;
+extern const pb_msgdesc_t particle_ctrl_SetProtectedStateRequest_msg;
+extern const pb_msgdesc_t particle_ctrl_SetProtectedStateReply_msg;
 extern const pb_msgdesc_t particle_ctrl_SystemResetRequest_msg;
 extern const pb_msgdesc_t particle_ctrl_SystemResetReply_msg;
 extern const pb_msgdesc_t particle_ctrl_SetFeatureRequest_msg;
@@ -817,6 +870,8 @@ extern const pb_msgdesc_t particle_ctrl_StopNyanSignalReply_msg;
 #define particle_ctrl_SetStartupModeReply_fields &particle_ctrl_SetStartupModeReply_msg
 #define particle_ctrl_GetProtectedStateRequest_fields &particle_ctrl_GetProtectedStateRequest_msg
 #define particle_ctrl_GetProtectedStateReply_fields &particle_ctrl_GetProtectedStateReply_msg
+#define particle_ctrl_SetProtectedStateRequest_fields &particle_ctrl_SetProtectedStateRequest_msg
+#define particle_ctrl_SetProtectedStateReply_fields &particle_ctrl_SetProtectedStateReply_msg
 #define particle_ctrl_SystemResetRequest_fields &particle_ctrl_SystemResetRequest_msg
 #define particle_ctrl_SystemResetReply_fields &particle_ctrl_SystemResetReply_msg
 #define particle_ctrl_SetFeatureRequest_fields &particle_ctrl_SetFeatureRequest_msg
@@ -834,14 +889,16 @@ extern const pb_msgdesc_t particle_ctrl_StopNyanSignalReply_msg;
 /* particle_ctrl_SetSecurityKeyRequest_size depends on runtime parameters */
 /* particle_ctrl_GetSecurityKeyReply_size depends on runtime parameters */
 /* particle_ctrl_GetServerAddressReply_size depends on runtime parameters */
+/* particle_ctrl_SetProtectedStateRequest_size depends on runtime parameters */
+/* particle_ctrl_SetProtectedStateReply_size depends on runtime parameters */
 #define particle_ctrl_GetDeviceIdReply_size      26
 #define particle_ctrl_GetDeviceIdRequest_size    0
 #define particle_ctrl_GetDeviceModeReply_size    2
 #define particle_ctrl_GetDeviceModeRequest_size  0
 #define particle_ctrl_GetFeatureReply_size       2
 #define particle_ctrl_GetFeatureRequest_size     2
 #define particle_ctrl_GetNcpFirmwareVersionRequest_size 0
-#define particle_ctrl_GetProtectedStateReply_size 2
+#define particle_ctrl_GetProtectedStateReply_size 4
 #define particle_ctrl_GetProtectedStateRequest_size 0
 #define particle_ctrl_GetSecurityKeyRequest_size 2
 #define particle_ctrl_GetSerialNumberReply_size  18

services/src/security_mode.cpp

@@ -100,6 +100,7 @@ int security_mode_check_request(security_mode_transport transport, uint16_t id)
 
     if (transport == SECURITY_MODE_TRANSPORT_USB || transport == SECURITY_MODE_TRANSPORT_BLE) {
         switch (id) {
+            case CTRL_REQUEST_SET_PROTECTED_STATE:
             case CTRL_REQUEST_GET_PROTECTED_STATE:
             case CTRL_REQUEST_DEVICE_ID:
             case CTRL_REQUEST_APP_CUSTOM: {

system/inc/system_control.h

@@ -61,6 +61,7 @@ typedef enum ctrl_request_type {
     CTRL_REQUEST_IS_DEVICE_SETUP_DONE = 74,
     CTRL_REQUEST_SET_STARTUP_MODE = 75,
     CTRL_REQUEST_GET_PROTECTED_STATE = 76,
+    CTRL_REQUEST_SET_PROTECTED_STATE = 77,
     CTRL_REQUEST_LOG_CONFIG = 80,
     CTRL_REQUEST_GET_MODULE_INFO = 90,
     CTRL_REQUEST_GET_ASSET_INFO = 91,