mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-04-26 18:09:16 -04:00
2c1c05f180
- Add per app flash storage
- Adds four data areas. An app can allocate an area. Once allocated
the area is tied to the CDI of the app and can only be
read/written/deallocated by the same app.
- Add two pre loaded app slots to flash
- Load an app from the first slot at boot. The app digest must match a
specific digest specified in firmware.
- Optionally load an app from the second slot
- Add a resetinfo area in FW_RAM which is used to signal an app's intent
of resetting the system and, optionally, pass data to firmware or the
next app in a bootchain.
Co-authored-by: Jonas Thörnblad <jonas@tillitis.se>
Co-authored-by: Mikael Ågren <mikael@tillitis.se>
Co-authored-by: Daniel Jobson <jobson@tillitis.se>
44 lines
999 B
C
44 lines
999 B
C
// Copyright (C) 2024 - Tillitis AB
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
#include <tkey/io.h>
|
|
#include <tkey/lib.h>
|
|
|
|
#include "mgmt_app.h"
|
|
|
|
// Lock down what app can start from flash slot 0.
|
|
//
|
|
// To update this, compute the BLAKE2s digest of the app.bin
|
|
static const uint8_t allowed_app_digest[32] = {
|
|
0x7e, 0x6e, 0x12, 0x72, 0x79, 0xcc, 0x3c, 0x6a, 0xf2, 0x67, 0x28,
|
|
0x7d, 0x72, 0xcf, 0x26, 0x85, 0x61, 0xb0, 0x62, 0x29, 0x2f, 0x56,
|
|
0x98, 0x7a, 0xf0, 0xb, 0x3e, 0xce, 0x39, 0xde, 0x5e, 0xe3,
|
|
};
|
|
|
|
static uint8_t current_app_digest[32];
|
|
|
|
int mgmt_app_init(uint8_t app_digest[32])
|
|
{
|
|
if (app_digest == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest,
|
|
32);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* Authenticate an management app */
|
|
bool mgmt_app_authenticate(void)
|
|
{
|
|
return memeq(current_app_digest, allowed_app_digest, 32) != 0;
|
|
}
|
|
|
|
uint8_t *mgmt_app_allowed_digest(void)
|
|
{
|
|
return (uint8_t *)allowed_app_digest;
|
|
}
|