make peer ERASE more robust

adds command 'a' to allow setting/asserting the peer SAM3S ERASE line on the next command. this prevents against accidental erase since only the command 'y' was required, without confirmation. this could happen not only through accidental user input, but noise on the serial line (noise would still cause other issues, but at least now it will not "brick" the device). now the sequence 'ay' is required, as any other command following 'a' would clear the permission again. note: since ERASE is only setting a GPIO within this command parsing function, not accidental function pointer problem calling 'board_exec_dbg_cmd' should cause accidental ERASE since it would need to be called two times with the exact sequence Change-Id: I06bfeaef09a397bd554bec84321e0dd64ccc3aac
2019-05-23 16:31:58 +02:00 · 2019-05-23 16:31:58 +02:00 · a634c0efee
parent bb9b0dc8e8
commit a634c0efee
1 changed files with 22 additions and 3 deletions
--- a/firmware/libboard/qmod/source/board_qmod.c
+++ b/firmware/libboard/qmod/source/board_qmod.c
@ -1,7 +1,7 @@
 /* sysmocom quad-modem sysmoQMOD application code
 *
 * (C) 2016-2017 by Harald Welte <hwelte@hmw-consulting.de>
- * (C) 2018, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
+ * (C) 2018-2019, sysmocom -s.f.m.c. GmbH, Author: Kevin Redon <kredon@sysmocom.de>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
@ -184,6 +184,11 @@ static void board_exec_dbg_cmd_st12only(int ch)
 /* returns '1' in case we should break any endless loop */
 void board_exec_dbg_cmd(int ch)
 {
+	/* this variable controls if it is allowed to assert/release the ERASE line.
+	   this is done to prevent accidental ERASE on noisy serial input since only one character can trigger the ERASE.
+	 */
+	static bool allow_erase = false;
+
 	switch (ch) {
 	case '?':
 		printf("\t?\thelp\n\r");
@ -205,6 +210,7 @@ void board_exec_dbg_cmd(int ch)
 		printf("\tX\tRelease peer SAM3 from reset\n\r");
 		printf("\tx\tAssert peer SAM3 reset\n\r");
 		printf("\tY\tRelease peer SAM3 ERASE signal\n\r");
+		printf("\ta\tAllow asserting peer SAM3 ERASE signal\n\r");
 		printf("\ty\tAssert peer SAM3 ERASE signal\n\r");
 		printf("\tU\tProceed to USB Initialization\n\r");
 		printf("\t1\tGenerate 1ms reset pulse on WWAN1\n\r");
@ -243,9 +249,17 @@ void board_exec_dbg_cmd(int ch)
 		printf("Clearing SIMTRACExx_ERASE (inactive)\n\r");
 		PIO_Clear(&pin_peer_erase);
 		break;
+	case 'a':
+		printf("Asserting SIMTRACExx_ERASE allowed on next command\n\r");
+		allow_erase = true;
+		break;
 	case 'y':
-		printf("Seetting SIMTRACExx_ERASE (active)\n\r");
-		PIO_Set(&pin_peer_erase);
+		if (allow_erase) {
+			printf("Setting SIMTRACExx_ERASE (active)\n\r");
+			PIO_Set(&pin_peer_erase);
+		} else {
+			printf("Please first allow setting SIMTRACExx_ERASE\n\r");
+		}
 		break;
 	case '1':
 		printf("Resetting Modem 1 (of this SAM3)\n\r");
@ -268,6 +282,11 @@ void board_exec_dbg_cmd(int ch)
 			board_exec_dbg_cmd_st12only(ch);
 		break;
 	}
+
+	// set protection back so it can only run for one command
+	if ('a' != ch) {
+		allow_erase = false;
+	}
 }

 void board_main_top(void)