rpifwcrypto: Initial revision #139
Conversation
|
@roliver-rpi Adding early draft PR here so that we can start integrating this in parallel with firmware dependencies. |
|
Firmware changes are now merged (but not released) |
rpifwcrypto/CMakeLists.txt
Outdated
| # Find GnuTLS package | ||
| find_package(GnuTLS REQUIRED) | ||
|
|
||
| add_compile_definitions(LIBRARY_BUILD=1) |
There was a problem hiding this comment.
This line is a hangover from the original - pinctrl or piolib, I imagine - and appears not to be used here.
There was a problem hiding this comment.
Are you referring to LIBRARY_BUILD=1 ? librpifwcrypto.so should eventually be part of the APT package
There was a problem hiding this comment.
Yes - LIBRARY_BUILD is a flag I created for pinctrl (and later piolib) to replace the linker magic for collecting constructors with an explicit function that calls them all; it has no effect otherwise.
There was a problem hiding this comment.
This line still seems to be present in the latest version. And this file is also missing a newline (aren't you a vim user)?
rpifwcrypto/CMakeLists.txt
Outdated
| install(TARGETS rpi-fw-crypto RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) | ||
| install(TARGETS rpifwcrypto | ||
| ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} | ||
| PUBLIC_HEADER DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) |
rpifwcrypto/rpifwcrypto.c
Outdated
| mbox_close(mb); | ||
|
|
||
| return (rc < 0) ? rc : RPI_FW_CRYPTO_SUCCESS; | ||
| } |
rpifwcrypto/rpifwcrypto.h
Outdated
| } | ||
| #endif | ||
|
|
||
| #endif /* RPI_FW_CRYPTO_H */ |
vcmailbox/vcmailbox.c
Outdated
| @@ -74,7 +74,6 @@ static void mbox_close(int file_desc) { | |||
| close(file_desc); | |||
| } | |||
|
|
|||
|
|
|||
There was a problem hiding this comment.
Is this intentional? If so, there's another double-blank on lines 57-58.
There was a problem hiding this comment.
Reverted the remnants of some leftover changes to vcmailbox.c
rpifwcrypto/rpifwcrypto.c
Outdated
| return rc; | ||
|
|
||
| if (msg.resp.length > sig_max_len) | ||
| { |
There was a problem hiding this comment.
This brace usage doesn't match the rest of this code, but there are other examples.
timg236
force-pushed
the
rpifwcrypto
branch
2 times, most recently
from
1223cb5 to
f77e855
Compare
| # Find GnuTLS package | ||
| find_package(GnuTLS REQUIRED) | ||
|
|
||
| option(BUILD_SHARED_LIBS "Build using shared libraries" ON) |
There was a problem hiding this comment.
If you're changing the default build for rpifwcrypto to shared libraries then you'll need to update the top-level README. And perhaps provide rpifwcrypto/README.md as well.
Client side library and application for the Raspberry Pi firmware cryptography service. The firmware mailbox based crypto service provides limited support for cryptographic operations using a ECDSA P-256 stored in OTP (using rpi-otp-private-key). The current operations are * Get number of OTP keys * Get status for key * Set status for a key (runtime lock) * ECDSA SHA256 signature * HMAC SHA256 (max message size 2KB) e.g. LUKS passphrase = HMAC(device-unique-ley, serial64 + EMMC CID) rpifwcrypto is a command line application designed to allow the crypto operations to be easily used in shell scripts. rpifwcrypto.h provides a library interface so that this can be embedded in other applications. Direct usage of mailbox API (vcmailbox) is not recommended because this is a new feature and the mailbox API is not frozen.
See: raspberrypi/utils#139 firmwware: bootcode: Add boot.img ramdisk support for Pi3 and earlier devices
See: raspberrypi/utils#139 firmwware: bootcode: Add boot.img ramdisk support for Pi3 and earlier devices
Client side library and application for the Raspberry Pi firmware cryptography service. The firmware mailbox based crypto service provides limited support for cryptographic operations using a ECDSA p256 private core stored in OTP (using rpi-otp-private-key).
The current operations are
rpifwcrypto is a command line application designed to allow the
crypto operations to be easily used in shell scripts.
rpifwcrypto.h provides a library interface so that this can be
embedded in other applications.
Direct usage of mailbox API (vcmailbox) is not recommended
because this is a new feature and the mailbox API is not frozen.