fw: Remove pre loaded app auth and status from partition table

2025-06-20 04:04:17 -04:00 · 2025-03-25 15:00:40 +01:00 · 2025-03-25 15:00:40 +01:00 · 715d792d86
commit 715d792d86
parent f590f423a3
4 changed files with 9 additions and 70 deletions
--- a/hw/application_fpga/fw/tk1/main.c
+++ b/hw/application_fpga/fw/tk1/main.c
@ -12,7 +12,6 @@
 #include <tkey/tk1_mem.h>
 #include <tkey/led.h>
 #include "auth_app.h"
 #include "blake2s/blake2s.h"
 #include "partition_table.h"
 #include "preload_app.h"
@ -412,28 +411,6 @@ static int load_flash_app(struct partition_table *part_table,
 	return 0;
 }
 static enum state auth_flash_app(const struct context *ctx, struct partition_table *part_table)
 {
 	if (ctx->flash_slot >= N_PRELOADED_APP) {
 		return FW_STATE_FAIL;
 	}
 	if (part_table->pre_app_data[ctx->flash_slot].status == PRE_LOADED_STATUS_PRESENT) {
 		debug_puts("Create auth\n");
 		auth_app_create(&part_table->pre_app_data[ctx->flash_slot].auth);
 		part_table->pre_app_data[ctx->flash_slot].status = PRE_LOADED_STATUS_AUTH;
 		part_table_write(part_table);
 	}
 	if (!auth_app_authenticate(&part_table->pre_app_data[ctx->flash_slot].auth)) {
 		debug_puts("!Authenticated\n");
 		return FW_STATE_FAIL;
 	}
 	return FW_STATE_START;
 }
 #if !defined(SIMULATION)
 static uint32_t xorwow(uint32_t state, uint32_t acc)
 {
@ -617,10 +594,6 @@ int main(void)
 			break;
 		case FW_STATE_LOAD_FLASH:
 			// TODO Just lie and say that an app is present but not yet
 			// authenticated.
 			part_table.pre_app_data[ctx.flash_slot].status = PRE_LOADED_STATUS_PRESENT;
 			if (load_flash_app(&part_table, ctx.digest, ctx.flash_slot) < 0) {
 				debug_puts("Couldn't load app from flash\n");
 				state = FW_STATE_FAIL;
@ -638,7 +611,7 @@ int main(void)
 			// CDI = hash(uds, hash(app), uss)
 			compute_cdi(ctx.digest, ctx.use_uss, ctx.uss);
-			state = auth_flash_app(&ctx, &part_table);
+			state = FW_STATE_START;
 			break;
 		case FW_STATE_START:
--- a/hw/application_fpga/fw/tk1/partition_table.h
+++ b/hw/application_fpga/fw/tk1/partition_table.h
@ -60,18 +60,12 @@
 /*  - 16 byte authentication digest.	*/
 /**/
 /*- Pre-loaded device app 1		*/
 /*  - 1 byte status.			*/
 /*  - 4 bytes length.			*/
 /*  - 16 bytes random nonce.		*/
 /*  - 16 bytes authentication digest.	*/
 /*  - 32 bytes digest.			*/
 /*  - 64 bytes signature.		*/
 /**/
 /*- Pre-loaded device app 2		*/
 /*  - 1 byte status.			*/
 /*  - 4 bytes length.			*/
 /*  - 16 bytes random nonce.		*/
 /*  - 16 bytes authentication digest.	*/
 /*  - 32 bytes digest.			*/
 /*  - 64 bytes signature.		*/
 /**/
@ -93,9 +87,7 @@ struct management_app_metadata {
 } __attribute__((packed));
 struct pre_loaded_app_metadata {
 	uint8_t status;
 	uint32_t size;
 	struct auth_metadata auth;
 	uint8_t digest[32];
 	uint8_t signature[64];
 } __attribute__((packed));
--- a/hw/application_fpga/fw/tk1/preload_app.c
+++ b/hw/application_fpga/fw/tk1/preload_app.c
@ -18,20 +18,14 @@ static uint32_t slot_to_start_address(uint8_t slot) {
 }
 /* Returns non-zero if the app is valid */
-bool preload_check_valid_app(struct partition_table *part_table,
+bool preload_slot_is_free(struct partition_table *part_table,
 			     uint8_t slot)
 {
 	if (slot >= N_PRELOADED_APP) {
 		return false;
 	}
-	if (part_table->pre_app_data[slot].status == 0x00 &&
+	return part_table->pre_app_data[slot].size == 0;
 	    part_table->pre_app_data[slot].size == 0) {
 		/*No valid app*/
 		return false;
 	}
 	return true;
 }
 /* Loads a preloaded app from flash to app RAM */
@ -42,7 +36,7 @@ int preload_load(struct partition_table *part_table, uint8_t from_slot)
 	}
 	/*Check for a valid app in flash	*/
-	if (!preload_check_valid_app(part_table, from_slot)) {
+	if (preload_slot_is_free(part_table, from_slot)) {
 		return -1;
 	}
 	uint8_t *loadaddr = (uint8_t *)TK1_RAM_BASE;
@ -67,7 +61,7 @@ int preload_store(struct partition_table *part_table, uint32_t offset,
 	}
 	/* Check for a valid app in flash, bale out if it already exists */
-	if (preload_check_valid_app(part_table, to_slot)) {
+	if (!preload_slot_is_free(part_table, to_slot)) {
 		return -1;
 	}
@ -99,7 +93,7 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size,
 	}
 	/* Check for a valid app in flash, bale out if it already exists */
-	if (preload_check_valid_app(part_table, to_slot)) {
+	if (!preload_slot_is_free(part_table, to_slot)) {
 		return -1;
 	}
@ -108,8 +102,6 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size,
 	}
 	part_table->pre_app_data[to_slot].size = app_size;
 	part_table->pre_app_data[to_slot].status =
 	    PRE_LOADED_STATUS_PRESENT; /* Stored but not yet authenticated */
 	memcpy_s(part_table->pre_app_data[to_slot].digest,
 		sizeof(part_table->pre_app_data[to_slot].digest),
 		app_digest, 32);
@ -122,9 +114,6 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size,
 	part_table_write(part_table);
 	/* Force a restart to authenticate the stored app */
 	/* TODO: Should this be done by the management app or by firmware? */
 	return 0;
 }
@ -140,18 +129,11 @@ int preload_delete(struct partition_table *part_table, uint8_t slot)
 	}
 	/*Check for a valid app in flash	*/
-	if (!preload_check_valid_app(part_table, slot)) {
+	if (preload_slot_is_free(part_table, slot)) {
 		return 0;
 		// TODO: Nothing here, return zero like all is good?
 	}
 	part_table->pre_app_data[slot].size = 0;
 	part_table->pre_app_data[slot].status = 0;
 	memset(part_table->pre_app_data[slot].auth.nonce, 0x00,
 	       sizeof(part_table->pre_app_data[slot].auth.nonce));
 	memset(part_table->pre_app_data[slot].auth.authentication_digest, 0x00,
 	       sizeof(part_table->pre_app_data[slot].auth.authentication_digest));
 	memset(part_table->pre_app_data[slot].digest, 0,
 	       sizeof(part_table->pre_app_data[slot].digest));
--- a/hw/application_fpga/tools/partition_table/partition_table.go
+++ b/hw/application_fpga/tools/partition_table/partition_table.go
@ -21,12 +21,7 @@ type PartTable struct {
 		}
 	}
 	PreLoadedAppData [2]struct {
 		Status uint8
 		Size      uint32
 		Auth   struct {
 			Nonce      [16]uint8
 			AuthDigest [16]uint8
 		}
 		Digest    [32]uint8
 		Signature [64]uint8
 	}
@ -44,7 +39,7 @@ type PartTable struct {
 type Flash struct {
 	Bitstream             [0x20000]uint8
 	PartitionTable        PartTable
-	PartitionTablePadding [64*1024 - 464]uint8
+	PartitionTablePadding [64*1024 - 398]uint8
 	PreLoadedApp0         [0x20000]uint8
 	PreLoadedApp1         [0x20000]uint8
 	AppStorage            [4][0x20000]uint8
@ -105,10 +100,7 @@ func printPartTableCondensed(tbl PartTable) {
 	for i, appData := range tbl.PreLoadedAppData {
 		fmt.Printf("Preloaded App %d\n", i)
 		fmt.Printf("  Status           : %d\n", appData.Status)
 		fmt.Printf("  Size             : %d\n", appData.Size)
 		fmt.Printf("  Auth.Nonce       : %x\n", appData.Auth.Nonce)
 		fmt.Printf("  Auth.AuthDigest  : %x\n", appData.Auth.AuthDigest)
 		fmt.Printf("  Digest           : %x\n", appData.Digest[:16])
 		fmt.Printf("                     %x\n", appData.Digest[16:])
 		fmt.Printf("  Signature        : %x\n", appData.Signature[:16])