Use new wordcpy_s() and memcpy_s() functions from lib.c.
Add a local memcpy() which compiling with -Os seems to demand. Why?
Signed-off-by: Daniel Lublin <daniel@lublin.se>
We define macros for them that expand to nothing or to a constant to
avoid any extra function calls to dummy functions when running on real
hardware with no console.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduce memcpy_s() and wordcpy_s() that takes the destination buffer
size as an argument. Use assert() which aborts our program to an
eternal loop if we hit problems.
Sprinkle asserts elsewhere as well.
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Introduces offsets for setting addresses to check for execution and
offset for controlling the execution monitor.
- TK1_MMIO_TK1_CPU_MON_CTRL
- TK1_MMIO_TK1_CPU_MON_FIRST
- TK1_MMIO_TK1_CPU_MON_LAST
In firmware we store the address to firmware blake2s() function at
TK1_MMIO_TK1_BLAKE2S so app can use this firmware function sort of
like a system call but without context switch.
We introduce an explicit state machine (see README).
With the new states we:
- combine setting size and USS to a single command.
- start the device app immediatiely when having receceived the last
data chunk and returning the digest.
- Loop forever and wait for the stick to be removed if we end up in
unknown state.
Signed-off-by: Michael Cardell Widerkrantz <mc@tillitis.se>
Since SRAM has some data remanence even without power it seems good
hygien to clear all RAM when starting the device so as not to leak
potential sensitive data between device apps.
Instead of allocating the blake2s_ctx in the blake2s() function we
pass it as a pointer as an argument to be able to better control where
the variable is in memory.
In particular, order of LOAD_USS and LOAD_APP_SIZE is not required, but
the need to send both is documented. This is followed up with adjustment
in the host programs' Go code, to try to reinforce this. LoadApp() will
take the secretPhrase parameter (to be hashed as USS), and loadUSS()
will be unexported.
Correct CMD/RSP lengths in pseudo-code.
