From 1b1fe0d53c04d6e7d7ff81387399813fb8147161 Mon Sep 17 00:00:00 2001
From: Tilman Sauerbeck <tilman@code-monkey.de>
Date: Sun, 7 Jul 2019 22:05:03 +0200
Subject: [PATCH] bootloader: Refuse to erase the second flash sector.

The second flash sector (address 0x400) stores the flash configuration
field -- resetting the MCU with 0xff stored in there bricks the device.
---
 src/bootloader/bootloader.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/bootloader/bootloader.rs b/src/bootloader/bootloader.rs
index 311b1a6..d4a686b 100644
--- a/src/bootloader/bootloader.rs
+++ b/src/bootloader/bootloader.rs
@@ -46,6 +46,7 @@ enum Error {
     UnknownCommand = 1,
     InvalidArgument,
     ChecksumMismatch,
+    PermissionDenied,
 }
 
 extern {
@@ -191,6 +192,11 @@ impl Bootloader {
 
         if sector > 0xff {
             Err(Error::InvalidArgument)
+        } else if sector == 0x01 {
+            // The second sector contains the flash configuration field,
+            // and keeping it in the erased state has the potential
+            // to brick the device.
+            Err(Error::PermissionDenied)
         } else {
             flash::erase(sector);
 
-- 
2.30.2