mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-07-04 02:46:49 -04:00
e935195846
Add a new syscall to enable an app to get the data left for it by the previous app in chain. - Change testloadapp to leave some data for the next app to read. - Call system call with: uint8_t next_app_data[RESET_DATA_SIZE]; syscall(TK1_SYSCALL_GET_APP_DATA, (uint32_t)next_app_data, 0, 0);
43 lines
995 B
C
43 lines
995 B
C
// Copyright (C) 2024 - Tillitis AB
|
|
// SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
#include <stdbool.h>
|
|
#include <stdint.h>
|
|
#include <tkey/io.h>
|
|
#include <tkey/lib.h>
|
|
|
|
#include "mgmt_app.h"
|
|
|
|
// Lock down what app can start from flash slot 0.
|
|
//
|
|
// To update this, compute the BLAKE2s digest of the app.bin
|
|
static const uint8_t allowed_app_digest[32] = {
|
|
0x85, 0x29, 0xe3, 0x25, 0xf5, 0x8d, 0x53, 0x5f, 0xe1, 0x2a, 0x77,
|
|
0x92, 0xe7, 0xdc, 0x4b, 0x4d, 0x1, 0x85, 0x17, 0xca, 0xfd, 0x54,
|
|
0x83, 0xb3, 0xbb, 0x28, 0x4f, 0xa1, 0x98, 0x5f, 0x9e, 0x56,
|
|
};
|
|
|
|
static uint8_t current_app_digest[32];
|
|
|
|
int mgmt_app_init(uint8_t app_digest[32])
|
|
{
|
|
if (app_digest == NULL) {
|
|
return -1;
|
|
}
|
|
|
|
memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest,
|
|
32);
|
|
|
|
return 0;
|
|
}
|
|
|
|
// Authenticate an management app
|
|
bool mgmt_app_authenticate(void)
|
|
{
|
|
return memeq(current_app_digest, allowed_app_digest, 32) != 0;
|
|
}
|
|
|
|
uint8_t *mgmt_app_allowed_digest(void)
|
|
{
|
|
return (uint8_t *)allowed_app_digest;
|
|
}
|