Skip to content

Encrypted improvements #619

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 20 commits into
base: develop
Choose a base branch
from
Open

Encrypted improvements #619

wants to merge 20 commits into from

Conversation

will-v-pi
Copy link
Contributor

@will-v-pi will-v-pi commented Feb 24, 2025
edited
Loading

This adds a self-decrypting binary to demonstrate raspberrypi/pico-sdk#2315 and raspberrypi/picotool#207 - it requires both of those and raspberrypi/pico-sdk#2182 so should only be merged once those have been merged

Also fixes #613 in passing, as that is now handled by picotool.

@will-v-pi will-v-pi added this to the 2.1.2 milestone Feb 24, 2025
@will-v-pi will-v-pi mentioned this pull request Feb 26, 2025
Closed
@will-v-pi will-v-pi linked an issue Feb 26, 2025 that may be closed by this pull request
otp.json in encrypted example breaks clean build #613
Open
@will-v-pi will-v-pi marked this pull request as ready for review February 26, 2025 17:07
@will-v-pi will-v-pi mentioned this pull request Mar 10, 2025
Open
@will-v-pi will-v-pi force-pushed the encrypted-improvements branch from 4b2f32f to 6ca5a1c Compare March 26, 2025 16:01
will-v-pi added 17 commits March 26, 2025 16:05
@will-v-pi
Use key share for AES file
6a6c18f 
Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key).
Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.
@will-v-pi
Improve checking for malicious flash data
e43e08b 
Add data_max_size to prevent overwriting the bootloader with data from flash
@will-v-pi
Incorporate latest changes to aes.S
55fee2f 
Also shrink the space allocated for the bootloader to 32K (plus 8K scratch)
@will-v-pi
Encorporated latest encryption code with 4-way shares
a7291e1 
Also switch to random default key
@will-v-pi
Apply encrypted-example 6de8084b6eda
b3a23e4
@will-v-pi
Add hello_encrypted example
2b64157
@will-v-pi
Use new enable_interrupts function
805e007
@will-v-pi
Remove update-key.cmake
d4ed998 
This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613
@will-v-pi
Add hello_encrypted to readme
e8266aa
@will-v-pi
Update enc_bootloader with latest aes.S (picotool 333d571c)
bba9a5e 
CK_JITTER is removed as the enc_bootloader runs from XOSC not ROSC
@will-v-pi
Add IV salts
bcce195
@will-v-pi
Update with latest aes.S
05557f5
@will-v-pi
Update readmes
ad9842a 
This includes the changes from #553
@will-v-pi
Add secret file to print out
d933765 
This is useful for testing decryption with large files
@will-v-pi
Add notes about unique AES keys, and not losing keys/salts
522208e
@will-v-pi
Update readmes
c3bc79a
@will-v-pi
Fix enc_bootloader example OTP output
bde13d6
@will-v-pi will-v-pi force-pushed the encrypted-improvements branch from 6ca5a1c to bde13d6 Compare March 26, 2025 16:05
@will-v-pi
Remove OTP key locking functionality from encrypted examples
d0379cb
@will-v-pi
Improve TBYB sequence
4235e8f 
Add self check (1 == 1), which is only performed on first boot
will-v-pi added a commit to raspberrypi/picotool that referenced this pull request Apr 22, 2025
@will-v-pi
Use raspberrypi/pico-sdk#2315 and raspberrypi/pico-examples#619 so th…
96da8ee 
…e examples compilation passes
lurch
lurch reviewed Apr 24, 2025
View reviewed changes
lurch
lurch reviewed Apr 24, 2025
View reviewed changes
bootloaders/encrypted/README.md
Comment on lines +9 to +13
The AES key is stored as a 4-way share in a 128 byte binary file - you can create one with

```bash
dd if=/dev/urandom of=privateaes.bin bs=1 count=128
```
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if it might be worth changing the privateaes.bin filename to make it clearer that it's a key-share and not just a raw AES key? 🤔

lurch
lurch reviewed Apr 24, 2025
View reviewed changes
bootloaders/encrypted/aes.S
@@ -1,45 +1,31 @@
/* MEMORY LAYOUT ASSUMPTIONS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this aes.S the same as the one in raspberrypi/picotool#207 ?
(And if so, do we have any mechanism for ensuring that they stay in sync?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes (although hasn't been updated with some of the latest changes)

No mechanism to keep them in sync, but the copy in picotool is the authoritative copy so changes should always be made there and copied across

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the picotool CI is now also building pico-examples, perhaps the picotool CI could also check that these files in the two repos match? (or perhaps it's very unlikely that this file will change in future, so perhaps that'd be overkill)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That sounds like a good idea, I will add that

@will-v-pi
Review fixups
25d5b43 
Comments and readme
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lurch lurch lurch left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.1.2
Development

Successfully merging this pull request may close these issues.

otp.json in encrypted example breaks clean build
2 participants
@will-v-pi @lurch