From 35ef1f17e3efaa6d586ab7bb301f8133d52023b6 Mon Sep 17 00:00:00 2001
From: Keith Packard <keithp@keithp.com>
Date: Sat, 23 Mar 2013 02:18:55 -0700
Subject: [PATCH] altos: Validate boot chain start address

If the first block of boot memory has been smashed, and the start
address is bogus, don't bother trying to jump to the
application. This makes the system more resiliant to flash failures,
presuming the loader erases the first block, programs the other blocks
and then finally comes back to program the first block.

Signed-off-by: Keith Packard <keithp@keithp.com>
---
 src/stm/ao_boot_chain.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/stm/ao_boot_chain.c b/src/stm/ao_boot_chain.c
index 9c63272b..668f6e6d 100644
--- a/src/stm/ao_boot_chain.c
+++ b/src/stm/ao_boot_chain.c
@@ -26,9 +26,11 @@ ao_boot_chain(uint32_t *base)
 
 	sp = base[0];
 	pc = base[1];
-	asm ("mov sp, %0" : : "r" (sp));
-	asm ("mov lr, %0" : : "r" (pc));
-	asm ("bx lr");
+	if (0x08000100 <= pc && pc <= 0x08200000) {
+		asm ("mov sp, %0" : : "r" (sp));
+		asm ("mov lr, %0" : : "r" (pc));
+		asm ("bx lr");
+	}
 }
 
 #define AO_BOOT_SIGNAL	0x5a5aa5a5
-- 
2.30.2