From 995c061da6b511bc499363d6379c10f51fc4cadf Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Thu, 14 Nov 2024 11:39:34 +0000 Subject: [PATCH 01/10] Add partition table JSON schema --- default-pt.json => json/default-pt.json | 1 + json/pt-schema.json | 175 ++++++++++++++++++ .../sample-permissions.json | 0 sample-wl.json => json/sample-wl.json | 0 4 files changed, 176 insertions(+) rename default-pt.json => json/default-pt.json (95%) create mode 100644 json/pt-schema.json rename sample-permissions.json => json/sample-permissions.json (100%) rename sample-wl.json => json/sample-wl.json (100%) diff --git a/default-pt.json b/json/default-pt.json similarity index 95% rename from default-pt.json rename to json/default-pt.json index b057d7a..4c4e8a0 100644 --- a/default-pt.json +++ b/json/default-pt.json @@ -1,4 +1,5 @@ { + "$schema": "./pt-schema.json", "version": [1, 0], "unpartitioned": { "families": ["absolute"], diff --git a/json/pt-schema.json b/json/pt-schema.json new file mode 100644 index 0000000..547f0dc --- /dev/null +++ b/json/pt-schema.json @@ -0,0 +1,175 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "Partition Table", + "description": "Layout of the partition table", + "type": "object", + "properties": { + "$schema": {}, + "version": { + "description": "Partition Table Version", + "type": "array", + "prefixItems": [ + { + "description": "Major Version", + "type": "integer", + "minimum": 0 + }, + { + "description": "Minor Version", + "type": "integer", + "minimum": 0 + } + ] + }, + "unpartitioned": { + "description": "Unpartitioned space UF2 families and permissions", + "type": "object", + "properties": { + "families": { + "description": "UF2 families accepted", + "type": "array", + "items": { + "enum": [ + "data", + "absolute", + "rp2040", + "rp2350-arm-s", + "rp2350-arm-ns", + "rp2350-riscv" + ] + } + }, + "permissions": { + "description": "Permissions", + "type": "object", + "properties": { + "secure": { + "description": "Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "nonsecure": { + "description": "Non-Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "bootloader": { + "description": "Bootloader Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + } + } + } + }, + "required": ["permissions", "families"], + "additionalProperties": false + }, + "partitions": { + "description": "Partitions", + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "description": "Partition Name", + "type": "string" + }, + "id": { + "description": "Partition ID", + "type": ["integer", "string"], + "minimum": 0, + "exclusiveMaximum": 18446744073709551616, + "pattern": "^0x[0-9a-fA-F]{1,16}$", + "examples": [ + "0xDED3FFFF01234567", + 29, + "0xdeadbeef" + ] + }, + "start": { + "description": "Partition Start", + "type": ["integer", "string"], + "minimum": 0, + "pattern": "^\\d+(k|K)$" + }, + "size": { + "description": "Partition Size", + "type": ["integer", "string"], + "minimum": 0, + "pattern": "^\\d+(k|K)$" + }, + "families": { + "description": "UF2 families accepted", + "type": "array", + "items": { + "type": "string", + "pattern": "^data|absolute|rp2040|rp2350-arm-s|rp2350-arm-ns|rp2350-riscv|0x[0-9a-fA-F]{1,8}$", + "examples": [ + "data", + "absolute", + "rp2040", + "rp2350-arm-s", + "rp2350-arm-ns", + "rp2350-riscv" + ] + } + }, + "permissions": { + "description": "Permissions", + "type": "object", + "properties": { + "secure": { + "description": "Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "nonsecure": { + "description": "Non-Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "bootloader": { + "description": "Bootloader Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + } + } + }, + "link": { + "type": "array", + "prefixItems": [ + { + "description": "Link Type", + "enum": ["a", "owner" , "none"] + }, + { + "description": "Link Value", + "type": "integer" + } + ] + }, + "no_reboot_on_uf2_download": { + "description": "Don't reboot after UF2 is downloaded", + "type": "boolean" + }, + "ab_non_bootable_owner_affinity": { + "description": "Pick the non-bootable owner instead", + "type": "boolean" + }, + "ignored_during_riscv_boot": { + "description": "Ignore this partition during Risc-V boot", + "type": "boolean" + }, + "ignored_during_arm_boot": { + "description": "Ignore this partition during Arm boot", + "type": "boolean" + } + }, + "required": ["size", "permissions", "families"], + "additionalProperties": false + } + } + }, + "required": ["unpartitioned", "partitions"], + "additionalProperties": false +} diff --git a/sample-permissions.json b/json/sample-permissions.json similarity index 100% rename from sample-permissions.json rename to json/sample-permissions.json diff --git a/sample-wl.json b/json/sample-wl.json similarity index 100% rename from sample-wl.json rename to json/sample-wl.json From a858c18a3cfff19b144283ddad2d06d44871b4d7 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Thu, 14 Nov 2024 12:29:25 +0000 Subject: [PATCH 02/10] Add permissions and whitelabel JSON schemas --- json/default-pt.json | 68 ++++++++++---------- json/permissions-schema.json | 52 +++++++++++++++ json/sample-permissions.json | 1 + json/sample-wl.json | 1 + json/whitelabel-schema.json | 119 +++++++++++++++++++++++++++++++++++ 5 files changed, 207 insertions(+), 34 deletions(-) create mode 100644 json/permissions-schema.json create mode 100644 json/whitelabel-schema.json diff --git a/json/default-pt.json b/json/default-pt.json index 4c4e8a0..f3951c1 100644 --- a/json/default-pt.json +++ b/json/default-pt.json @@ -1,37 +1,37 @@ { - "$schema": "./pt-schema.json", - "version": [1, 0], - "unpartitioned": { - "families": ["absolute"], - "permissions": { - "secure": "rw", - "nonsecure": "rw", - "bootloader": "rw" - } - }, - "partitions": [ - { - "name": "A", - "id": 0, - "size": "2044K", - "families": ["rp2350-arm-s", "rp2350-riscv"], - "permissions": { - "secure": "rw", - "nonsecure": "rw", - "bootloader": "rw" - } + "$schema": "./pt-schema.json", + "version": [1, 0], + "unpartitioned": { + "families": ["absolute"], + "permissions": { + "secure": "rw", + "nonsecure": "rw", + "bootloader": "rw" + } }, - { - "name": "B", - "id": 1, - "size": "2044K", - "families": ["rp2350-arm-s", "rp2350-riscv"], - "permissions": { - "secure": "rw", - "nonsecure": "rw", - "bootloader": "rw" - }, - "link": ["a", 0] - } - ] + "partitions": [ + { + "name": "A", + "id": 0, + "size": "2044K", + "families": ["rp2350-arm-s", "rp2350-riscv"], + "permissions": { + "secure": "rw", + "nonsecure": "rw", + "bootloader": "rw" + } + }, + { + "name": "B", + "id": 1, + "size": "2044K", + "families": ["rp2350-arm-s", "rp2350-riscv"], + "permissions": { + "secure": "rw", + "nonsecure": "rw", + "bootloader": "rw" + }, + "link": ["a", 0] + } + ] } \ No newline at end of file diff --git a/json/permissions-schema.json b/json/permissions-schema.json new file mode 100644 index 0000000..7956c62 --- /dev/null +++ b/json/permissions-schema.json @@ -0,0 +1,52 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "OTP Permissions", + "description": "Setup of OTP page permissions", + "type": "object", + "properties": {"$schema": {}}, + "patternProperties": { + "^[0-6][0-9]$": { + "description": "OTP Page Permissions", + "type": "object", + "properties": { + "no_key_state": { + "description": "State when at least one key is registered for this page and no matching key has been entered: 0 -> read_only, 1 -> inaccessible", + "type": "integer", + "minimum": 0, + "maximum": 1 + }, + "key_r": { + "description": "Index 1-6 of a hardware key which must be entered to grant read access, or 0 if no such key is required", + "type": "integer", + "minimum": 0, + "maximum": 6 + }, + "key_w": { + "description": "Index 1-6 of a hardware key which must be entered to grant write access, or 0 if no such key is required", + "type": "integer", + "minimum": 0, + "maximum": 6 + }, + "lock_bl": { + "description": "Dummy lock bits reserved for bootloaders (including the RP2350 USB bootloader) to store their own OTP access permissions: 0 -> read_write, 1 -> read_only, 2 -> Do not use (behaves the same as incaccessible), 3 -> inaccessible", + "type": "integer", + "minimum": 0, + "maximum": 3 + }, + "lock_ns": { + "description": "Lock state for Non-secure accesses to this page: 0 -> read_write, 1 -> read_only, 2 -> Do not use (behaves the same as incaccessible), 3 -> inaccessible", + "type": "integer", + "minimum": 0, + "maximum": 3 + }, + "lock_s": { + "description": "Lock state for Secure accesses to this page: 0 -> read_write, 1 -> read_only, 2 -> Do not use (behaves the same as incaccessible), 3 -> inaccessible", + "type": "integer", + "minimum": 0, + "maximum": 3 + } + } + } + }, + "additionalProperties": false +} diff --git a/json/sample-permissions.json b/json/sample-permissions.json index fb125d1..f00385b 100644 --- a/json/sample-permissions.json +++ b/json/sample-permissions.json @@ -1,4 +1,5 @@ { + "$schema": "./permissions-schema.json", "10": { "no_key_state": 0, "key_r": 0, diff --git a/json/sample-wl.json b/json/sample-wl.json index 4a74dfd..fbaa1cf 100644 --- a/json/sample-wl.json +++ b/json/sample-wl.json @@ -1,4 +1,5 @@ { + "$schema": "./whitelabel-schema.json", "device": { "vid": "0x2e8b", "pid": "0x000e", diff --git a/json/whitelabel-schema.json b/json/whitelabel-schema.json new file mode 100644 index 0000000..e8c35db --- /dev/null +++ b/json/whitelabel-schema.json @@ -0,0 +1,119 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "White Labelling", + "description": "White Labelling Configuration, see section 5.7 in the RP2350 datasheet for more details", + "type": "object", + "properties": { + "$schema": {}, + "device": { + "description": "Device Properties", + "type": "object", + "properties": { + "vid": { + "description": "Vendor ID", + "type": "string", + "pattern": "^0x[0-9a-fA-F]{4}$" + }, + "pid": { + "description": "Product ID", + "type": "string", + "pattern": "^0x[0-9a-fA-F]{4}$" + }, + "bcd": { + "description": "Device Revision", + "type": "number", + "minimum": 0, + "maximum": 99 + }, + "lang_id": { + "description": "Language ID", + "type": "string", + "pattern": "^0x[0-9a-fA-F]{4}$" + }, + "manufacturer": { + "description": "Manufacturer Name (can contain unicode)", + "type": "string", + "maxLength": 30 + }, + "product": { + "description": "Product Name (can contain unicode)", + "type": "string", + "maxLength": 30 + }, + "serial_number": { + "description": "Serial Number (can contain unicode)", + "type": "string", + "maxLength": 30 + }, + "max_power": { + "description": "Max power consumption. in 2mA units", + "type": ["integer", "string"], + "maximum": 255, + "pattern": "^0x[0-9a-fA-F]{0,2}$" + }, + "attributes": { + "description": "Device attributes: bit 7 must be 1, bit 6 is self-powered, bit 5 is remote wakeup, bits 0-4 must be 0", + "type": ["integer", "string"], + "maximum": 255, + "pattern": "^0x[0-9a-fA-F]{0,2}$" + } + }, + "additionalProperties": false + }, + "scsi": { + "description": "SCSI Inquiry Values", + "type": "object", + "properties": { + "vendor": { + "description": "SCSI Vendor", + "type": "string", + "maxLength": 8 + }, + "product": { + "description": "SCSI Product", + "type": "string", + "maxLength": 16 + }, + "version": { + "description": "SCSI Version", + "type": "string", + "maxLength": 4 + } + }, + "additionalProperties": false + }, + "volume": { + "description": "MSD Volume Configuration", + "type": "object", + "properties": { + "label": { + "description": "Volume Label", + "type": "string", + "maxLength": 11 + }, + "redirect_url": { + "description": "INDEX.HTM Redirect URL", + "type": "string", + "maxLength": 127 + }, + "redirect_name": { + "description": "INDEX.HTM Redirect Name", + "type": "string", + "maxLength": 127 + }, + "model": { + "description": "INFO_UF2.TXT Model Name", + "type": "string", + "maxLength": 127 + }, + "board_id": { + "description": "INFO_UF2.TXT Board ID", + "type": "string", + "maxLength": 127 + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false +} \ No newline at end of file From ffd46a236b3543ab94057b9fedae3d4afcd86658 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Thu, 14 Nov 2024 14:48:05 +0000 Subject: [PATCH 03/10] Add schema for otp contents json --- json/otp-contents-schema.json | 77 +++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 json/otp-contents-schema.json diff --git a/json/otp-contents-schema.json b/json/otp-contents-schema.json new file mode 100644 index 0000000..45df9c2 --- /dev/null +++ b/json/otp-contents-schema.json @@ -0,0 +1,77 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "OTP Contents", + "description": "Defined contents of the OTP", + "type": "array", + "items": { + "description": "OTP Row", + "type": "object", + "properties": { + "crit": { + "description": "Critical Row (use three-of-eight vote encoding)", + "type": "boolean" + }, + "description": { + "description": "Row Description", + "type": "string" + }, + "ecc": { + "description": "ECC Row", + "type": "boolean" + }, + "fields": { + "description": "Fields within row", + "type": "array", + "items": { + "type": "object", + "properties": { + "description": { + "description": "Field Description", + "type": "string" + }, + "mask": { + "description": "Field Bit Mask", + "type": "integer" + }, + "name": { + "description": "Field Name", + "type": "string" + } + }, + "required": ["description", "mask", "name"], + "additionalProperties": false + } + }, + "mask": { + "description": "Row Bit Mask", + "type": "integer" + }, + "name": { + "description": "Row Name", + "type": "string" + }, + "redundancy": { + "description": "Number of redundant rows", + "type": "integer" + }, + "row": { + "description": "OTP Row", + "type": "integer" + }, + "seq_index": { + "description": "Sequence Index", + "type": "integer" + }, + "seq_length": { + "description": "Sequence Length", + "type": "integer" + }, + "seq_prefix": { + "description": "Sequence Prefix", + "type": "string" + } + }, + "required": ["crit", "description"], + "additionalProperties": false + } +} From 1f0df4b00863218ea91e4f52ed5ec2b265300f94 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Thu, 14 Nov 2024 14:51:41 +0000 Subject: [PATCH 04/10] Move into json/schemas folder, and use github urls in $schema --- json/default-pt.json | 4 ++-- json/sample-permissions.json | 2 +- json/sample-wl.json | 4 ++-- json/{ => schemas}/otp-contents-schema.json | 0 json/{pt-schema.json => schemas/partition-table-schema.json} | 0 json/{ => schemas}/permissions-schema.json | 0 json/{ => schemas}/whitelabel-schema.json | 2 +- 7 files changed, 6 insertions(+), 6 deletions(-) rename json/{ => schemas}/otp-contents-schema.json (100%) rename json/{pt-schema.json => schemas/partition-table-schema.json} (100%) rename json/{ => schemas}/permissions-schema.json (100%) rename json/{ => schemas}/whitelabel-schema.json (99%) diff --git a/json/default-pt.json b/json/default-pt.json index f3951c1..0aa14df 100644 --- a/json/default-pt.json +++ b/json/default-pt.json @@ -1,5 +1,5 @@ { - "$schema": "./pt-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/partition-table-schema.json", "version": [1, 0], "unpartitioned": { "families": ["absolute"], @@ -34,4 +34,4 @@ "link": ["a", 0] } ] -} \ No newline at end of file +} diff --git a/json/sample-permissions.json b/json/sample-permissions.json index f00385b..a0076d9 100644 --- a/json/sample-permissions.json +++ b/json/sample-permissions.json @@ -1,5 +1,5 @@ { - "$schema": "./permissions-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/permissions-schema.json", "10": { "no_key_state": 0, "key_r": 0, diff --git a/json/sample-wl.json b/json/sample-wl.json index fbaa1cf..e0a8e9b 100644 --- a/json/sample-wl.json +++ b/json/sample-wl.json @@ -1,5 +1,5 @@ { - "$schema": "./whitelabel-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/whitelabel-schema.json", "device": { "vid": "0x2e8b", "pid": "0x000e", @@ -23,4 +23,4 @@ "model": "My Test Pi", "board_id": "TPI-RP2350" } -} \ No newline at end of file +} diff --git a/json/otp-contents-schema.json b/json/schemas/otp-contents-schema.json similarity index 100% rename from json/otp-contents-schema.json rename to json/schemas/otp-contents-schema.json diff --git a/json/pt-schema.json b/json/schemas/partition-table-schema.json similarity index 100% rename from json/pt-schema.json rename to json/schemas/partition-table-schema.json diff --git a/json/permissions-schema.json b/json/schemas/permissions-schema.json similarity index 100% rename from json/permissions-schema.json rename to json/schemas/permissions-schema.json diff --git a/json/whitelabel-schema.json b/json/schemas/whitelabel-schema.json similarity index 99% rename from json/whitelabel-schema.json rename to json/schemas/whitelabel-schema.json index e8c35db..e9d8b36 100644 --- a/json/whitelabel-schema.json +++ b/json/schemas/whitelabel-schema.json @@ -116,4 +116,4 @@ } }, "additionalProperties": false -} \ No newline at end of file +} From 512df57313a619ea487b1180d40bfc0476040124 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Thu, 14 Nov 2024 15:23:50 +0000 Subject: [PATCH 05/10] Add JSON schemas to the readme --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bf10a3e..96941f1 100644 --- a/README.md +++ b/README.md @@ -763,7 +763,7 @@ Family ID 'rp2350-arm-s' can be downloaded in partition 0: ### create This command allows you to create partition tables, and additionally embed them into the block loop if ELF files (for example, for bootloaders). -By default, all partition tables are hashed, and you can also sign them. +By default, all partition tables are hashed, and you can also sign them. The schema for this JSON file is [here](json/schemas/partition-table-schema.json). ```text $ picotool help partition create @@ -907,7 +907,7 @@ The `otp` commands are for interacting with the RP2350 OTP Memory. They are not Note that the OTP Memory is One-Time-Programmable, which means that once a bit has been changed from 0 to 1, it cannot be changed back. Therefore, caution should be used when using these commands, as they risk bricking your RP2350 device. For example, if you set SECURE_BOOT_ENABLE but don't set a boot key, and disable the PICOBOOT interface, then your device will be unusable. -For the `list`, `set`, `get` and `load` commands, you can define your own OTP layout in a JSON file and pass that in with the `-i` argument. These rows will be added to the default rows when parsing. +For the `list`, `set`, `get` and `load` commands, you can define your own OTP layout in a JSON file and pass that in with the `-i` argument. These rows will be added to the default rows when parsing. The schema for this JSON file is [here](json/schemas/otp-contents-schema.json) ```text $ picotool help otp @@ -952,7 +952,7 @@ $ picotool reboot ### white-label This command allows for OTP white-labelling, which sets the USB configuration used by the device in BOOTSEL mode. -This can be configured from a JSON file, an example of which is in [sample-wl.json](sample-wl.json). +This can be configured from a JSON file, an example of which is in [sample-wl.json](sample-wl.json). The schema for this JSON file is [here](json/schemas/whitelabel-schema.json) ```text $ picotool help otp white-label @@ -1032,7 +1032,7 @@ Device Descriptor: This command will run a binary on your device in order to set the OTP permissions, as these are not directly accessible from `picotool` on due to the default permissions settings required to fix errata XXX on RP2350. Because it runs a binary, the binary needs to be sign it if secure boot is enabled. The binary will print what it is doing over uart, which can be configured using the UART Configuration arguments. You can define your OTP permissions in a json file, an example of which -is in [sample-permissions.json](sample-permissions.json). +is in [sample-permissions.json](sample-permissions.json). The schema for this JSON file is [here](json/schemas/permissions-schema.json) ```text $ picotool help otp permissions From 9e7b543959998542635c3869a2db44ee062db00d Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 15 Nov 2024 10:30:37 +0000 Subject: [PATCH 06/10] Add OTP settings JSON schema --- README.md | 2 +- json/schemas/otp-schema.json | 50 ++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 1 deletion(-) create mode 100644 json/schemas/otp-schema.json diff --git a/README.md b/README.md index 96941f1..0e40e9d 100644 --- a/README.md +++ b/README.md @@ -940,7 +940,7 @@ These commands will set/get specific rows of OTP. By default, they will write/re ### load -This command allows loading of a range of OTP rows onto the device. The source can be a binary file, or a JSON file such as the one output by `picotool sign`. +This command allows loading of a range of OTP rows onto the device. The source can be a binary file, or a JSON file such as the one output by `picotool sign`. The schema for this JSON file is [here](json/schemas/otp-schema.json) For example, if you wish to sign a binary and then test secure boot with it, you can run the following set of commands: ```text $ picotool sign hello_world.elf hello_world.signed.elf private.pem otp.json diff --git a/json/schemas/otp-schema.json b/json/schemas/otp-schema.json new file mode 100644 index 0000000..d59bc3a --- /dev/null +++ b/json/schemas/otp-schema.json @@ -0,0 +1,50 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "title": "OTP Settings", + "description": "OTP Settings", + "type": "object", + "properties": {"$schema": {}}, + "patternProperties": { + "^\\d{1,2}:\\d{1,2}$": { + "description": "Generic OTP Row", + "type": "object", + "properties": { + "ecc": { + "description": "Protect with ECC", + "type": "boolean" + }, + "value": { + "description": "Value to write", + "type": ["array", "string", "integer"], + "pattern": "^0x[0-9a-fA-F]{1,6}$", + "items": { + "description": "Data Byte", + "type": ["string", "integer"], + "pattern": "^0x[0-9a-fA-F]{1,2}$" + } + } + }, + "additionalProperties": false, + "required": ["ecc", "value"] + }, + "^[\\d\\w_]+$": { + "description": "Defined OTP Row", + "type": ["object", "array", "string", "integer"], + "pattern": "^0x[0-9a-fA-F]{1,6}$", + "items": { + "description": "Data Byte", + "type": ["string", "integer"], + "pattern": "^0x[0-9a-fA-F]{1,2}$" + }, + "patternProperties": { + "^[\\d\\w_]+$": { + "description": "OTP Field", + "type": ["string", "integer"], + "pattern": "^0x[0-9a-fA-F]{1,6}$" + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false +} From b8946b74d68e2a3a4ff92b657ce4174bf0f502bc Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 15 Nov 2024 15:32:54 +0000 Subject: [PATCH 07/10] Review feedback Fix sample-...json file references in readme Use `$defs` for pt permissions Fix typos --- README.md | 8 +-- json/schemas/otp-contents-schema.json | 2 +- json/schemas/partition-table-schema.json | 69 +++++++++--------------- json/schemas/whitelabel-schema.json | 2 +- 4 files changed, 32 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 0e40e9d..902dfbc 100644 --- a/README.md +++ b/README.md @@ -952,7 +952,7 @@ $ picotool reboot ### white-label This command allows for OTP white-labelling, which sets the USB configuration used by the device in BOOTSEL mode. -This can be configured from a JSON file, an example of which is in [sample-wl.json](sample-wl.json). The schema for this JSON file is [here](json/schemas/whitelabel-schema.json) +This can be configured from a JSON file, an example of which is in [sample-wl.json](json/sample-wl.json). The schema for this JSON file is [here](json/schemas/whitelabel-schema.json) ```text $ picotool help otp white-label @@ -990,7 +990,7 @@ OPTIONS: ``` ```text -$ picotool otp white-label -s 0x100 ../sample-wl.json +$ picotool otp white-label -s 0x100 sample-wl.json Setting attributes 20e0 0x2e8b, 0x000e, 0x0215, 0x0c09, 0x1090, 0x200c, 0x2615, 0x20e0, 0x310b, 0x3706, 0x3a04, 0x3c04, 0x3e21, 0x4f15, 0x5a0a, 0x5f0a, 0x007a, 0x00df, 0x6c34, 0xd83c, 0xdf4c, 0x0020, 0x0054, 0x0065, 0x0073, 0x0074, 0x0027, 0x0073, 0x0020, 0x0050, 0x0069, 0x0073, 0x6554, 0x7473, 0x5220, 0x3250, 0x3533, 0x3f30, 0x6f6e, 0x6e74, 0x6365, 0x7365, 0x6173, 0x6972, 0x796c, 0x6e61, 0x6d75, 0x6562, 0x0072, 0x6554, 0x7473, 0x6950, 0x4220, 0x6f6f, 0x0074, 0x6554, @@ -1032,7 +1032,7 @@ Device Descriptor: This command will run a binary on your device in order to set the OTP permissions, as these are not directly accessible from `picotool` on due to the default permissions settings required to fix errata XXX on RP2350. Because it runs a binary, the binary needs to be sign it if secure boot is enabled. The binary will print what it is doing over uart, which can be configured using the UART Configuration arguments. You can define your OTP permissions in a json file, an example of which -is in [sample-permissions.json](sample-permissions.json). The schema for this JSON file is [here](json/schemas/permissions-schema.json) +is in [sample-permissions.json](json/sample-permissions.json). The schema for this JSON file is [here](json/schemas/permissions-schema.json) ```text $ picotool help otp permissions @@ -1081,7 +1081,7 @@ OPTIONS: ``` ```text -$ picotool otp permissions --sign private.pem --tx 46 ../sample-permissions.json +$ picotool otp permissions --sign private.pem --tx 46 sample-permissions.json Picking file ./xip_ram_perms.elf page10 page10 = 0 diff --git a/json/schemas/otp-contents-schema.json b/json/schemas/otp-contents-schema.json index 45df9c2..aa4f7ac 100644 --- a/json/schemas/otp-contents-schema.json +++ b/json/schemas/otp-contents-schema.json @@ -1,7 +1,7 @@ { "$schema": "https://json-schema.org/draft/2020-12/schema", "title": "OTP Contents", - "description": "Defined contents of the OTP", + "description": "Defined contents of the RP-series device OTP", "type": "array", "items": { "description": "OTP Row", diff --git a/json/schemas/partition-table-schema.json b/json/schemas/partition-table-schema.json index 547f0dc..92eadcd 100644 --- a/json/schemas/partition-table-schema.json +++ b/json/schemas/partition-table-schema.json @@ -39,27 +39,7 @@ ] } }, - "permissions": { - "description": "Permissions", - "type": "object", - "properties": { - "secure": { - "description": "Secure Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - }, - "nonsecure": { - "description": "Non-Secure Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - }, - "bootloader": { - "description": "Bootloader Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - } - } - } + "permissions": {"$ref": "#/$defs/permissions"} }, "required": ["permissions", "families"], "additionalProperties": false @@ -114,27 +94,7 @@ ] } }, - "permissions": { - "description": "Permissions", - "type": "object", - "properties": { - "secure": { - "description": "Secure Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - }, - "nonsecure": { - "description": "Non-Secure Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - }, - "bootloader": { - "description": "Bootloader Permissions", - "type": "string", - "pattern": "^(r|w){0,2}$" - } - } - }, + "permissions": {"$ref": "#/$defs/permissions"}, "link": { "type": "array", "prefixItems": [ @@ -171,5 +131,28 @@ } }, "required": ["unpartitioned", "partitions"], - "additionalProperties": false + "additionalProperties": false, + "$defs": { + "permissions": { + "description": "Permissions", + "type": "object", + "properties": { + "secure": { + "description": "Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "nonsecure": { + "description": "Non-Secure Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + }, + "bootloader": { + "description": "Bootloader Permissions", + "type": "string", + "pattern": "^(r|w){0,2}$" + } + } + } + } } diff --git a/json/schemas/whitelabel-schema.json b/json/schemas/whitelabel-schema.json index e9d8b36..a9444b1 100644 --- a/json/schemas/whitelabel-schema.json +++ b/json/schemas/whitelabel-schema.json @@ -46,7 +46,7 @@ "maxLength": 30 }, "max_power": { - "description": "Max power consumption. in 2mA units", + "description": "Max power consumption, in 2mA units", "type": ["integer", "string"], "maximum": 255, "pattern": "^0x[0-9a-fA-F]{0,2}$" From 1cfba885ae4ab9beab637d00202a284810f74386 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 15 Nov 2024 16:28:12 +0000 Subject: [PATCH 08/10] Improve max_power and attributes validation Both must be specified in the JSON file, as they get written together --- json/schemas/whitelabel-schema.json | 11 ++++++++--- main.cpp | 7 ++++--- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/json/schemas/whitelabel-schema.json b/json/schemas/whitelabel-schema.json index a9444b1..2dbefe3 100644 --- a/json/schemas/whitelabel-schema.json +++ b/json/schemas/whitelabel-schema.json @@ -49,15 +49,20 @@ "description": "Max power consumption, in 2mA units", "type": ["integer", "string"], "maximum": 255, - "pattern": "^0x[0-9a-fA-F]{0,2}$" + "pattern": "^0x[0-9a-fA-F]{1,2}$" }, "attributes": { "description": "Device attributes: bit 7 must be 1, bit 6 is self-powered, bit 5 is remote wakeup, bits 0-4 must be 0", "type": ["integer", "string"], - "maximum": 255, - "pattern": "^0x[0-9a-fA-F]{0,2}$" + "minimum": 128, + "maximum": 224, + "pattern": "^0x[0-9a-fA-F]{2}$" } }, + "dependentRequired": { + "max_power": ["attributes"], + "attributes": ["max_power"] + }, "additionalProperties": false }, "scsi": { diff --git a/main.cpp b/main.cpp index 0bc722d..d1e43c2 100644 --- a/main.cpp +++ b/main.cpp @@ -7278,19 +7278,20 @@ bool otp_white_label_command::execute(device_map &devices) { // Check for separate max_power and attributes uint16_t val = 0; int hex_val = 0; - if (wl_json["device"].contains("max_power")) { + if (wl_json["device"].contains("max_power") && wl_json["device"].contains("attributes")) { if (!get_json_int(wl_json["device"]["max_power"], hex_val)) { fail(ERROR_FORMAT, "MaxPower must be an integer"); } val |= (hex_val << 8); - } - if (wl_json["device"].contains("attributes")) { + if (!get_json_int(wl_json["device"]["attributes"], hex_val)) { fail(ERROR_FORMAT, "Device Attributes must be an integer"); } else if (hex_val & 0b11111 || ~hex_val & 0x80) { fail(ERROR_FORMAT, "Device Attributes must have bit 7 set (0x80), and bits 4-0 clear"); } val |= hex_val; + } else if (wl_json["device"].contains("max_power") || wl_json["device"].contains("attributes")) { + fail(ERROR_INCOMPATIBLE, "Must specify both max_power and attributes in the JSON file"); } if (val) { fos << "Setting attributes " << hex_string(val, 4) << "\n"; From 380aac64ed8c1093c399d6b7e26ac45b6db3a157 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Fri, 15 Nov 2024 16:34:15 +0000 Subject: [PATCH 09/10] Further improve attributes regex Only 4 values are actually allowed --- json/schemas/whitelabel-schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/json/schemas/whitelabel-schema.json b/json/schemas/whitelabel-schema.json index 2dbefe3..d96011a 100644 --- a/json/schemas/whitelabel-schema.json +++ b/json/schemas/whitelabel-schema.json @@ -56,7 +56,7 @@ "type": ["integer", "string"], "minimum": 128, "maximum": 224, - "pattern": "^0x[0-9a-fA-F]{2}$" + "pattern": "^0x[8aceACE]{1}0$" } }, "dependentRequired": { From 52f98b74c3f94252f21ccc86a19a161906a2deb0 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Wed, 20 Nov 2024 14:22:08 +0000 Subject: [PATCH 10/10] Update $schema URLs to point at develop --- json/default-pt.json | 2 +- json/sample-permissions.json | 2 +- json/sample-wl.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/json/default-pt.json b/json/default-pt.json index 0aa14df..83be3dc 100644 --- a/json/default-pt.json +++ b/json/default-pt.json @@ -1,5 +1,5 @@ { - "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/partition-table-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/develop/json/schemas/partition-table-schema.json", "version": [1, 0], "unpartitioned": { "families": ["absolute"], diff --git a/json/sample-permissions.json b/json/sample-permissions.json index a0076d9..0d01ff1 100644 --- a/json/sample-permissions.json +++ b/json/sample-permissions.json @@ -1,5 +1,5 @@ { - "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/permissions-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/develop/json/schemas/permissions-schema.json", "10": { "no_key_state": 0, "key_r": 0, diff --git a/json/sample-wl.json b/json/sample-wl.json index e0a8e9b..d48274a 100644 --- a/json/sample-wl.json +++ b/json/sample-wl.json @@ -1,5 +1,5 @@ { - "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/jsonschema/json/schemas/whitelabel-schema.json", + "$schema": "https://raw.githubusercontent.com/raspberrypi/picotool/develop/json/schemas/whitelabel-schema.json", "device": { "vid": "0x2e8b", "pid": "0x000e",