Encrypted improvements #619
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lurch
reviewed
Feb 26, 2025
lurch
reviewed
Feb 26, 2025
lurch
reviewed
Feb 26, 2025
will-v-pi
force-pushed
the
encrypted-improvements
branch
from
4b2f32f to
6ca5a1c
Compare
Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key). Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.
Add data_max_size to prevent overwriting the bootloader with data from flash
Also shrink the space allocated for the bootloader to 32K (plus 8K scratch)
Also switch to random default key
This is not necessary anymore, now picotool writes the AES key to otp json files Fixes #613
CK_JITTER is removed as the enc_bootloader runs from XOSC not ROSC
This includes the changes from #553
This is useful for testing decryption with large files
will-v-pi
force-pushed
the
encrypted-improvements
branch
from
6ca5a1c to
bde13d6
Compare
Add self check (1 == 1), which is only performed on first boot
lurch
reviewed
Apr 5, 2025
Comment on lines
+27
to
+28
| if (1 == 1) { | ||
| printf("passed\n"); |
There was a problem hiding this comment.
It’s a fake example of a self check - on an actual board, you might be checking you can still communicate with an I2C device, or connect to wifi, before buying the newly uploaded code.
will-v-pi
added a commit
to raspberrypi/picotool
that referenced
this pull request
Apr 22, 2025
…e examples compilation passes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a self-decrypting binary to demonstrate raspberrypi/pico-sdk#2315 and raspberrypi/picotool#207 - it requires both of those and raspberrypi/pico-sdk#2182 so should only be merged once those have been merged
Also fixes #613 in passing, as that is now handled by picotool.