Tidy up encrypted examples (#652)

* Add notes about MbedTLS and hardened stages to readme

* Modify enc_bootloader example to use latest mbedtls code from picotool

Also, fix stdio_uart and stdio_usb output when running clk_sys from rosc, and fix having stdio_usb in both the bootloader and the binary

* Mention mbedtls insecurity in enc_bootloader readme

Author: will-v-pi

README.md

@@ -90,7 +90,8 @@ App|Description
 
 App|Description
 ---|---
-[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary.
+[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary, using the hardened decryption stage. This should be secure against side channel attacks.
+[hello_encrypted_mbedtls](encrypted/hello_encrypted) | Create a self-decrypting binary, using the MbedTLS decryption stage. This is not secure against side channel attacks, so is fast but provides limited protection.
 
 ### HSTX (RP235x Only)
 

bootloaders/encrypted/CMakeLists.txt

@@ -1,15 +1,19 @@
 # Encrypted Bootloader
 add_executable(enc_bootloader
         enc_bootloader.c
-        aes.S
+        mbedtls_aes.c
         )
 
 # pull in common dependencies
-target_link_libraries(enc_bootloader pico_stdlib pico_rand)
+target_link_libraries(enc_bootloader pico_stdlib pico_rand pico_mbedtls)
 
 # use stack guards, as AES variables are written near the stack
 target_compile_definitions(enc_bootloader PRIVATE PICO_USE_STACK_GUARDS=1)
 
+target_link_options(enc_bootloader PUBLIC -Wl,--print-memory-usage)
+
+target_include_directories(enc_bootloader PRIVATE ${CMAKE_CURRENT_LIST_DIR})
+
 # set as no_flash binary
 pico_set_binary_type(enc_bootloader no_flash)
 
@@ -35,8 +39,8 @@ function(add_linker_script target origin length)
     pico_set_linker_script(${target} ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld)
 endfunction()
 
-# create linker script to run from 0x20078000
-add_linker_script(enc_bootloader "0x20078000" "32k")
+# create linker script to run from 0x20070000
+add_linker_script(enc_bootloader "0x20070000" "64k")
 
 # sign, hash, and clear SRAM
 pico_sign_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/private.pem)
@@ -50,6 +54,9 @@ pico_embed_pt_in_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/enc-pt.json)
 pico_set_uf2_family(enc_bootloader "absolute")
 pico_package_uf2_output(enc_bootloader 0x10000000)
 
+# optionally enable USB output in addition to UART
+# pico_enable_stdio_usb(enc_bootloader 1)
+
 # create map/bin/hex/uf2 file etc.
 pico_add_extra_outputs(enc_bootloader)
 
@@ -83,6 +90,9 @@ pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin ${
 # package uf2 in flash
 pico_package_uf2_output(hello_serial_enc 0x10000000)
 
+# optionally enable USB output in addition to UART
+# pico_enable_stdio_usb(hello_serial_enc 1)
+
 # create map/bin/hex/uf2 file etc.
 pico_add_extra_outputs(hello_serial_enc)
 

bootloaders/encrypted/README.md

@@ -1,5 +1,7 @@
 For security you **must** replace private.pem and privateaes.bin with your own keys, and ivsalt.bin with your own per-device salt. Make sure you **don't lose your keys and salts**, else you may not be able to update the code on your device.
 
+This bootloader uses MbedTLS for decryption, so it is not secure against side channel attacks and therefore only offers limited protection against physical attackers.
+
 Your signing key must be for the _secp256k1_ curve, in PEM format. You can create a .PEM file with:
 
 ```bash