From: Keith Packard <keithp@keithp.com>
Date: Sat, 23 Mar 2013 09:18:55 +0000 (-0700)
Subject: altos: Validate boot chain start address
X-Git-Tag: 1.2.1~51
X-Git-Url: https://git.gag.com/?p=fw%2Faltos;a=commitdiff_plain;h=35ef1f17e3efaa6d586ab7bb301f8133d52023b6

altos: Validate boot chain start address

If the first block of boot memory has been smashed, and the start
address is bogus, don't bother trying to jump to the
application. This makes the system more resiliant to flash failures,
presuming the loader erases the first block, programs the other blocks
and then finally comes back to program the first block.

Signed-off-by: Keith Packard <keithp@keithp.com>
---

diff --git a/src/stm/ao_boot_chain.c b/src/stm/ao_boot_chain.c
index 9c63272b..668f6e6d 100644
--- a/src/stm/ao_boot_chain.c
+++ b/src/stm/ao_boot_chain.c
@@ -26,9 +26,11 @@ ao_boot_chain(uint32_t *base)
 
 	sp = base[0];
 	pc = base[1];
-	asm ("mov sp, %0" : : "r" (sp));
-	asm ("mov lr, %0" : : "r" (pc));
-	asm ("bx lr");
+	if (0x08000100 <= pc && pc <= 0x08200000) {
+		asm ("mov sp, %0" : : "r" (sp));
+		asm ("mov lr, %0" : : "r" (pc));
+		asm ("bx lr");
+	}
 }
 
 #define AO_BOOT_SIGNAL	0x5a5aa5a5