Skip to content

Encrypted improvements #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 21 commits into from
May 29, 2025
Merged

Encrypted improvements #619

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
6a6c18f
Use key share for AES file
will-v-pi Jan 14, 2025
e43e08b
Improve checking for malicious flash data
will-v-pi Jan 14, 2025
55fee2f
Incorporate latest changes to aes.S
will-v-pi Jan 15, 2025
a7291e1
Encorporated latest encryption code with 4-way shares
will-v-pi Jan 20, 2025
b3a23e4
Apply encrypted-example 6de8084b6eda
will-v-pi Jan 20, 2025
2b64157
Add hello_encrypted example
will-v-pi Jan 29, 2025
805e007
Use new `enable_interrupts` function
will-v-pi Feb 24, 2025
d4ed998
Remove update-key.cmake
will-v-pi Feb 24, 2025
e8266aa
Add hello_encrypted to readme
will-v-pi Feb 24, 2025
bba9a5e
Update enc_bootloader with latest aes.S (picotool 333d571c)
will-v-pi Feb 24, 2025
bcce195
Add IV salts
will-v-pi Feb 26, 2025
05557f5
Update with latest aes.S
will-v-pi Feb 26, 2025
ad9842a
Update readmes
will-v-pi Feb 26, 2025
d933765
Add secret file to print out
will-v-pi Feb 26, 2025
522208e
Add notes about unique AES keys, and not losing keys/salts
will-v-pi Feb 26, 2025
c3bc79a
Update readmes
will-v-pi Feb 26, 2025
bde13d6
Fix enc_bootloader example OTP output
will-v-pi Mar 20, 2025
d0379cb
Remove OTP key locking functionality from encrypted examples
will-v-pi Mar 31, 2025
4235e8f
Improve TBYB sequence
will-v-pi Apr 3, 2025
25d5b43
Review fixups
will-v-pi Apr 24, 2025
06295b4
Add MbedTLS self-decrypting example
will-v-pi May 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ add_subdirectory(cmake)
add_subdirectory(dcp)
add_subdirectory(divider)
add_subdirectory(dma)
add_subdirectory(encrypted)
add_subdirectory(flash)
add_subdirectory(gpio)
add_subdirectory(hstx)
Expand Down
6 changes: 6 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,12 @@ App|Description
[channel_irq](dma/channel_irq) | Use an IRQ handler to reconfigure a DMA channel, in order to continuously drive data through a PIO state machine.
[sniff_crc](dma/sniff_crc) | Use the DMA engine's 'sniff' capability to calculate a CRC32 on a data buffer.

### Encrypted

App|Description
---|---
[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary.

### HSTX (RP235x Only)

App|Description
Expand Down
23 changes: 6 additions & 17 deletions bootloaders/encrypted/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,6 @@ add_executable(enc_bootloader
aes.S
)

# Add command to update otp.json if privateaes.bin changes
add_custom_command(OUTPUT ${CMAKE_CURRENT_LIST_DIR}/otp.json
COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_LIST_DIR}/update-key.cmake"
DEPENDS ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin)
# Copy that otp.json file to build directory
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json"
DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json)
add_custom_target(otp_json DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
add_dependencies(enc_bootloader otp_json)

# pull in common dependencies
target_link_libraries(enc_bootloader pico_stdlib pico_rand)

Expand Down Expand Up @@ -46,11 +35,8 @@ function(add_linker_script target origin length)
pico_set_linker_script(${target} ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld)
endfunction()

# create linker script to run from 0x20070000
add_linker_script(enc_bootloader "0x20070000" "64k")

# configure otp output
pico_set_otp_key_output_file(enc_bootloader ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
# create linker script to run from 0x20078000
add_linker_script(enc_bootloader "0x20078000" "32k")

# sign, hash, and clear SRAM
pico_sign_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/private.pem)
Expand Down Expand Up @@ -86,10 +72,13 @@ pico_set_binary_type(hello_serial_enc no_flash)
# create linker script to ensure it doesn't overwrite the bootloader at 0x20070000
add_linker_script(hello_serial_enc "0x20000000" "448k")

# configure otp output
pico_set_otp_key_output_file(hello_serial_enc ${CMAKE_CURRENT_BINARY_DIR}/otp.json)

# sign, hash, and encrypt
pico_sign_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/private.pem)
pico_hash_binary(hello_serial_enc)
pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin)
pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin ${CMAKE_CURRENT_LIST_DIR}/ivsalt.bin)

# package uf2 in flash
pico_package_uf2_output(hello_serial_enc 0x10000000)
Expand Down
23 changes: 20 additions & 3 deletions bootloaders/encrypted/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,32 @@
Replace private.pem and privateaes.bin with your own keys - your signing key must be for the _secp256k1_ curve, in PEM format. You can create a .PEM file with:
For security you **must** replace private.pem and privateaes.bin with your own keys, and ivsalt.bin with your own per-device salt. Make sure you **don't lose your keys and salts**, else you may not be able to update the code on your device.

Your signing key must be for the _secp256k1_ curve, in PEM format. You can create a .PEM file with:

```bash
openssl ecparam -name secp256k1 -genkey -out private.pem
```

The AES key is just be a 32 byte binary file - you can create one with
The AES key is stored as a 4-way share in a 128 byte binary file - you can create one with

```bash
dd if=/dev/urandom of=privateaes.bin bs=1 count=128
```
Comment on lines +9 to +13
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it might be worth changing the privateaes.bin filename to make it clearer that it's a key-share and not just a raw AES key? 🤔


or in Powershell 7
```powershell
[byte[]] $(Get-SecureRandom -Maximum 256 -Count 128) | Set-Content privateaes.bin -AsByteStream
```

The IV salt is just a 16 byte binary file - you can create it the same way, replacing `128` with `16` and `privateaes.bin` with `ivsalt.bin` in the commands above.

You will need to program your OTP using the `otp.json` file generated by the build in your build folder
NOTE: This will enable secure boot on your device, so only correctly signed binaries can then run, and will also lock down the OTP pages the AES key and IV salt are stored in.
```bash
dd if=/dev/urandom of=privateaes.bin bs=1 count=32
picotool otp load otp.json
```

> For more information on security see chapter 10 of the [RP2350 datasheet](https://datasheets.raspberrypi.com/rp2350/rp2350-datasheet.pdf), and for information on how to sign other binaries to run on a secure chip see section 5.10
Then either drag & drop the UF2 files to the device in order (enc_bootloader first, then hello_serial_enc) waiting for a reboot in-between, or run
```bash
picotool load enc_bootloader.uf2
Expand Down
Loading