shimun/solo
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

move attestion key to not be part of firmware

Browse Source
This commit is contained in:
Conor Patrick
2018-12-10 20:37:12 -05:00
parent 94140a0aa9
commit a96ff8eb63
3 changed files with 38 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
targets/stm32l442/merge_hex.py
View File

@@ -4,21 +4,38 @@
from intelhex import IntelHex
import sys
from binascii import unhexlify
if len(sys.argv) < 3:
print('usage: %s <file1.hex> <file2.hex> [...] <output.hex>')
print('usage: %s <file1.hex> <file2.hex> [...] [-s <secret_attestation_key>] <output.hex>')
sys.exit(1)
def flash_addr(num):
return 0x08000000 + num * 2048
args = sys.argv[:]
# generic / hacker attestation key
secret_attestation_key = "cd67aa310d091ed16e7e9892aa070e1994fcd714ae7c408fb946b72e5fe75d30"
# user supplied, optional
for i,x in enumerate(args):
if x == '-s':
secret_attestation_key = args[i+1]
break
if secret_attestation_key is not None:
args = args[:i] + args[i+2:]
# TODO put definitions somewhere else
PAGES = 128
APPLICATION_END_PAGE = PAGES - 19
AUTH_WORD_ADDR = (flash_addr(APPLICATION_END_PAGE)-8)
ATTEST_ADDR = (flash_addr(PAGES - 15))
first = IntelHex(sys.argv[1])
for i in range(2, len(sys.argv)-1):
first.merge(IntelHex( sys.argv[i] ), overlap = 'replace')
first = IntelHex(args[1])
for i in range(2, len(args)-1):
first.merge(IntelHex( args[i] ), overlap = 'replace')
first[AUTH_WORD_ADDR] = 0
first[AUTH_WORD_ADDR+1] = 0
@@ -30,4 +47,11 @@ first[AUTH_WORD_ADDR+5] = 0xff
first[AUTH_WORD_ADDR+6] = 0xff
first[AUTH_WORD_ADDR+7] = 0xff
first.tofile(sys.argv[len(sys.argv)-1], format='hex')
if secret_attestation_key is not None:
key = unhexlify(secret_attestation_key)
print('using key ',key)
for i,x in enumerate(key):
print(hex(ATTEST_ADDR + i))
first[ATTEST_ADDR + i] = x
first.tofile(args[len(args)-1], format='hex')