diff --git a/hw/application_fpga/fw/tk1/main.c b/hw/application_fpga/fw/tk1/main.c index 2d04fae..e7d5a23 100644 --- a/hw/application_fpga/fw/tk1/main.c +++ b/hw/application_fpga/fw/tk1/main.c @@ -12,7 +12,6 @@ #include #include -#include "auth_app.h" #include "blake2s/blake2s.h" #include "partition_table.h" #include "preload_app.h" @@ -412,28 +411,6 @@ static int load_flash_app(struct partition_table *part_table, return 0; } -static enum state auth_flash_app(const struct context *ctx, struct partition_table *part_table) -{ - if (ctx->flash_slot >= N_PRELOADED_APP) { - return FW_STATE_FAIL; - } - - if (part_table->pre_app_data[ctx->flash_slot].status == PRE_LOADED_STATUS_PRESENT) { - debug_puts("Create auth\n"); - auth_app_create(&part_table->pre_app_data[ctx->flash_slot].auth); - part_table->pre_app_data[ctx->flash_slot].status = PRE_LOADED_STATUS_AUTH; - part_table_write(part_table); - } - - if (!auth_app_authenticate(&part_table->pre_app_data[ctx->flash_slot].auth)) { - debug_puts("!Authenticated\n"); - - return FW_STATE_FAIL; - } - - return FW_STATE_START; -} - #if !defined(SIMULATION) static uint32_t xorwow(uint32_t state, uint32_t acc) { @@ -617,10 +594,6 @@ int main(void) break; case FW_STATE_LOAD_FLASH: - // TODO Just lie and say that an app is present but not yet - // authenticated. - part_table.pre_app_data[ctx.flash_slot].status = PRE_LOADED_STATUS_PRESENT; - if (load_flash_app(&part_table, ctx.digest, ctx.flash_slot) < 0) { debug_puts("Couldn't load app from flash\n"); state = FW_STATE_FAIL; @@ -638,7 +611,7 @@ int main(void) // CDI = hash(uds, hash(app), uss) compute_cdi(ctx.digest, ctx.use_uss, ctx.uss); - state = auth_flash_app(&ctx, &part_table); + state = FW_STATE_START; break; case FW_STATE_START: diff --git a/hw/application_fpga/fw/tk1/partition_table.h b/hw/application_fpga/fw/tk1/partition_table.h index 731b626..433e3b8 100644 --- a/hw/application_fpga/fw/tk1/partition_table.h +++ b/hw/application_fpga/fw/tk1/partition_table.h @@ -60,18 +60,12 @@ /* - 16 byte authentication digest. */ /**/ /*- Pre-loaded device app 1 */ -/* - 1 byte status. */ /* - 4 bytes length. */ -/* - 16 bytes random nonce. */ -/* - 16 bytes authentication digest. */ /* - 32 bytes digest. */ /* - 64 bytes signature. */ /**/ /*- Pre-loaded device app 2 */ -/* - 1 byte status. */ /* - 4 bytes length. */ -/* - 16 bytes random nonce. */ -/* - 16 bytes authentication digest. */ /* - 32 bytes digest. */ /* - 64 bytes signature. */ /**/ @@ -93,9 +87,7 @@ struct management_app_metadata { } __attribute__((packed)); struct pre_loaded_app_metadata { - uint8_t status; uint32_t size; - struct auth_metadata auth; uint8_t digest[32]; uint8_t signature[64]; } __attribute__((packed)); diff --git a/hw/application_fpga/fw/tk1/preload_app.c b/hw/application_fpga/fw/tk1/preload_app.c index 0d00e2e..30681aa 100644 --- a/hw/application_fpga/fw/tk1/preload_app.c +++ b/hw/application_fpga/fw/tk1/preload_app.c @@ -18,20 +18,14 @@ static uint32_t slot_to_start_address(uint8_t slot) { } /* Returns non-zero if the app is valid */ -bool preload_check_valid_app(struct partition_table *part_table, +bool preload_slot_is_free(struct partition_table *part_table, uint8_t slot) { if (slot >= N_PRELOADED_APP) { return false; } - if (part_table->pre_app_data[slot].status == 0x00 && - part_table->pre_app_data[slot].size == 0) { - /*No valid app*/ - return false; - } - - return true; + return part_table->pre_app_data[slot].size == 0; } /* Loads a preloaded app from flash to app RAM */ @@ -42,7 +36,7 @@ int preload_load(struct partition_table *part_table, uint8_t from_slot) } /*Check for a valid app in flash */ - if (!preload_check_valid_app(part_table, from_slot)) { + if (preload_slot_is_free(part_table, from_slot)) { return -1; } uint8_t *loadaddr = (uint8_t *)TK1_RAM_BASE; @@ -67,7 +61,7 @@ int preload_store(struct partition_table *part_table, uint32_t offset, } /* Check for a valid app in flash, bale out if it already exists */ - if (preload_check_valid_app(part_table, to_slot)) { + if (!preload_slot_is_free(part_table, to_slot)) { return -1; } @@ -99,7 +93,7 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size, } /* Check for a valid app in flash, bale out if it already exists */ - if (preload_check_valid_app(part_table, to_slot)) { + if (!preload_slot_is_free(part_table, to_slot)) { return -1; } @@ -108,8 +102,6 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size, } part_table->pre_app_data[to_slot].size = app_size; - part_table->pre_app_data[to_slot].status = - PRE_LOADED_STATUS_PRESENT; /* Stored but not yet authenticated */ memcpy_s(part_table->pre_app_data[to_slot].digest, sizeof(part_table->pre_app_data[to_slot].digest), app_digest, 32); @@ -122,9 +114,6 @@ int preload_store_finalize(struct partition_table *part_table, size_t app_size, part_table_write(part_table); - /* Force a restart to authenticate the stored app */ - /* TODO: Should this be done by the management app or by firmware? */ - return 0; } @@ -140,18 +129,11 @@ int preload_delete(struct partition_table *part_table, uint8_t slot) } /*Check for a valid app in flash */ - if (!preload_check_valid_app(part_table, slot)) { + if (preload_slot_is_free(part_table, slot)) { return 0; // TODO: Nothing here, return zero like all is good? } part_table->pre_app_data[slot].size = 0; - part_table->pre_app_data[slot].status = 0; - - memset(part_table->pre_app_data[slot].auth.nonce, 0x00, - sizeof(part_table->pre_app_data[slot].auth.nonce)); - - memset(part_table->pre_app_data[slot].auth.authentication_digest, 0x00, - sizeof(part_table->pre_app_data[slot].auth.authentication_digest)); memset(part_table->pre_app_data[slot].digest, 0, sizeof(part_table->pre_app_data[slot].digest)); diff --git a/hw/application_fpga/tools/partition_table/partition_table.go b/hw/application_fpga/tools/partition_table/partition_table.go index 8975718..ea0b712 100644 --- a/hw/application_fpga/tools/partition_table/partition_table.go +++ b/hw/application_fpga/tools/partition_table/partition_table.go @@ -21,12 +21,7 @@ type PartTable struct { } } PreLoadedAppData [2]struct { - Status uint8 - Size uint32 - Auth struct { - Nonce [16]uint8 - AuthDigest [16]uint8 - } + Size uint32 Digest [32]uint8 Signature [64]uint8 } @@ -44,7 +39,7 @@ type PartTable struct { type Flash struct { Bitstream [0x20000]uint8 PartitionTable PartTable - PartitionTablePadding [64*1024 - 464]uint8 + PartitionTablePadding [64*1024 - 398]uint8 PreLoadedApp0 [0x20000]uint8 PreLoadedApp1 [0x20000]uint8 AppStorage [4][0x20000]uint8 @@ -105,10 +100,7 @@ func printPartTableCondensed(tbl PartTable) { for i, appData := range tbl.PreLoadedAppData { fmt.Printf("Preloaded App %d\n", i) - fmt.Printf(" Status : %d\n", appData.Status) fmt.Printf(" Size : %d\n", appData.Size) - fmt.Printf(" Auth.Nonce : %x\n", appData.Auth.Nonce) - fmt.Printf(" Auth.AuthDigest : %x\n", appData.Auth.AuthDigest) fmt.Printf(" Digest : %x\n", appData.Digest[:16]) fmt.Printf(" %x\n", appData.Digest[16:]) fmt.Printf(" Signature : %x\n", appData.Signature[:16])