move attestion key to not be part of firmware

targets/stm32l442/src/crypto.c

@@ -20,6 +20,7 @@
 #include "device.h"
 #include APP_CONFIG
 #include "log.h"
+#include "memory_layout.h"
 
 
 typedef enum
@@ -164,7 +165,9 @@ void crypto_ecc256_init()
 
 void crypto_ecc256_load_attestation_key()
 {
-    _signing_key = attestation_key;
+    static uint8_t _key [32];
+    memmove(_key, (uint8_t*)ATTESTATION_KEY_ADDR, 32);
+    _signing_key = _key;
     _key_len = 32;
 }
 

targets/stm32l442/src/memory_layout.h

@@ -17,7 +17,7 @@
 // Storage of FIDO2 resident keys
 #define RK_NUM_PAGES    10
 #define RK_START_PAGE   (PAGES - 14)
-#define RK_END_PAGE     (PAGES - 14 + RK_NUM_PAGES)
+#define RK_END_PAGE     (PAGES - 14 + RK_NUM_PAGES)     // not included
 
 // Start of application code
 #ifndef APPLICATION_START_PAGE
@@ -25,6 +25,10 @@
 #endif
 #define APPLICATION_START_ADDR	(0x08000000 + ((APPLICATION_START_PAGE)*PAGE_SIZE))
 
+// where attestation key is located
+#define ATTESTATION_KEY_PAGE    (PAGES - 15)
+#define ATTESTATION_KEY_ADDR    (0x08000000 + ATTESTATION_KEY_PAGE*PAGE_SIZE)
+
 // End of application code.  Leave some extra room for future data storage.
 // NOT included in application
 #define APPLICATION_END_PAGE	((PAGES - 19))