Encrypted improvements (#619)

* Use key share for AES file

Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key).
Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.

* Improve checking for malicious flash data

Add data_max_size to prevent overwriting the bootloader with data from flash

* Incorporate latest changes to aes.S

Also shrink the space allocated for the bootloader to 32K (plus 8K scratch)

* Encorporated latest encryption code with 4-way shares

Also switch to random default key

* Apply encrypted-example 6de8084b6eda

* Add hello_encrypted example

* Use new `enable_interrupts` function

* Remove update-key.cmake

This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613

* Add hello_encrypted to readme

* Update enc_bootloader with latest aes.S (picotool 333d571c)

CK_JITTER is removed as the enc_bootloader runs from XOSC not ROSC

* Add IV salts

* Update with latest aes.S

* Update readmes

This includes the changes from #553

* Add secret file to print out

This is useful for testing decryption with large files

* Add notes about unique AES keys, and not losing keys/salts

* Update readmes

* Fix enc_bootloader example OTP output

* Remove OTP key locking functionality from encrypted examples

* Improve TBYB sequence

Add self check (1 == 1), which is only performed on first boot

* Review fixups

Comments and readme

* Add MbedTLS self-decrypting example

Author: will-v-pi

CMakeLists.txt

@@ -71,6 +71,7 @@ add_subdirectory(cmake)
 add_subdirectory(dcp)
 add_subdirectory(divider)
 add_subdirectory(dma)
+add_subdirectory(encrypted)
 add_subdirectory(flash)
 add_subdirectory(gpio)
 add_subdirectory(hstx)

README.md

@@ -86,6 +86,12 @@ App|Description
 [channel_irq](dma/channel_irq) | Use an IRQ handler to reconfigure a DMA channel, in order to continuously drive data through a PIO state machine.
 [sniff_crc](dma/sniff_crc) | Use the DMA engine's 'sniff' capability to calculate a CRC32 on a data buffer.
 
+### Encrypted (RP235x Only)
+
+App|Description
+---|---
+[hello_encrypted](encrypted/hello_encrypted) | Create a self-decrypting binary.
+
 ### HSTX (RP235x Only)
 
 App|Description

bootloaders/encrypted/CMakeLists.txt

@@ -4,17 +4,6 @@ add_executable(enc_bootloader
         aes.S
         )
 
-# Add command to update otp.json if privateaes.bin changes
-add_custom_command(OUTPUT ${CMAKE_CURRENT_LIST_DIR}/otp.json
-    COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_LIST_DIR}/update-key.cmake"
-    DEPENDS ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin)
-# Copy that otp.json file to build directory
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json
-    COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json"
-    DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json)
-add_custom_target(otp_json DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
-add_dependencies(enc_bootloader otp_json)
-
 # pull in common dependencies
 target_link_libraries(enc_bootloader pico_stdlib pico_rand)
 
@@ -46,11 +35,8 @@ function(add_linker_script target origin length)
     pico_set_linker_script(${target} ${CMAKE_CURRENT_BINARY_DIR}/${target}.ld)
 endfunction()
 
-# create linker script to run from 0x20070000
-add_linker_script(enc_bootloader "0x20070000" "64k")
-
-# configure otp output
-pico_set_otp_key_output_file(enc_bootloader ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
+# create linker script to run from 0x20078000
+add_linker_script(enc_bootloader "0x20078000" "32k")
 
 # sign, hash, and clear SRAM
 pico_sign_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/private.pem)
@@ -86,10 +72,13 @@ pico_set_binary_type(hello_serial_enc no_flash)
 # create linker script to ensure it doesn't overwrite the bootloader at 0x20070000
 add_linker_script(hello_serial_enc "0x20000000" "448k")
 
+# configure otp output
+pico_set_otp_key_output_file(hello_serial_enc ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
+
 # sign, hash, and encrypt
 pico_sign_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/private.pem)
 pico_hash_binary(hello_serial_enc)
-pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin)
+pico_encrypt_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin ${CMAKE_CURRENT_LIST_DIR}/ivsalt.bin)
 
 # package uf2 in flash
 pico_package_uf2_output(hello_serial_enc 0x10000000)

bootloaders/encrypted/README.md

@@ -1,15 +1,32 @@
-Replace private.pem and privateaes.bin with your own keys - your signing key must be for the _secp256k1_ curve, in PEM format. You can create a .PEM file with:
+For security you **must** replace private.pem and privateaes.bin with your own keys, and ivsalt.bin with your own per-device salt. Make sure you **don't lose your keys and salts**, else you may not be able to update the code on your device.
+
+Your signing key must be for the _secp256k1_ curve, in PEM format. You can create a .PEM file with:
 
 ```bash
 openssl ecparam -name secp256k1 -genkey -out private.pem
 ```
 
-The AES key is just be a 32 byte binary file - you can create one with
+The AES key is stored as a 4-way share in a 128 byte binary file - you can create one with
+
+```bash
+dd if=/dev/urandom of=privateaes.bin bs=1 count=128
+```
+
+or in Powershell 7
+```powershell
+[byte[]] $(Get-SecureRandom -Maximum 256 -Count 128) | Set-Content privateaes.bin -AsByteStream
+```
+
+The IV salt is just a 16 byte binary file - you can create it the same way, replacing `128` with `16` and `privateaes.bin` with `ivsalt.bin` in the commands above.
 
+You will need to program your OTP using the `otp.json` file generated by the build in your build folder
+NOTE: This will enable secure boot on your device, so only correctly signed binaries can then run, and will also lock down the OTP pages the AES key and IV salt are stored in.
 ```bash
-dd if=/dev/urandom of=privateaes.bin bs=1 count=32
+picotool otp load otp.json
 ```
 
+> For more information on security see chapter 10 of the [RP2350 datasheet](https://datasheets.raspberrypi.com/rp2350/rp2350-datasheet.pdf), and for information on how to sign other binaries to run on a secure chip see section 5.10
+
 Then either drag & drop the UF2 files to the device in order (enc_bootloader first, then hello_serial_enc) waiting for a reboot in-between, or run
 ```bash
 picotool load enc_bootloader.uf2