Skip to content

otp.json in encrypted example breaks clean build #613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kilograham opened this issue Feb 18, 2025 · 0 comments · Fixed by #619
Open

otp.json in encrypted example breaks clean build #613

kilograham opened this issue Feb 18, 2025 · 0 comments · Fixed by #619
Assignees
@will-v-pi
Milestone
2.1.2

Comments

@kilograham
Copy link
Contributor

The file is generated over itself, and clean removes it... the build fails without it there; it would be better to generate it to elsewhere (also, and I didn't look, this could indicate a stale input style problem)
@kilograham kilograham added this to the 2.1.2 milestone Feb 18, 2025
will-v-pi added a commit that referenced this issue Feb 24, 2025
@will-v-pi
Remove update-key.cmake
a037c89 
This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613
will-v-pi added a commit that referenced this issue Feb 24, 2025
@will-v-pi
Remove update-key.cmake
c930456 
This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613
@will-v-pi will-v-pi mentioned this issue Feb 24, 2025
Merged
@will-v-pi will-v-pi linked a pull request Feb 26, 2025 that will close this issue
Encrypted improvements #619
Merged
will-v-pi added a commit that referenced this issue Mar 26, 2025
@will-v-pi
Remove update-key.cmake
643579f 
This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613
will-v-pi added a commit that referenced this issue Mar 26, 2025
@will-v-pi
Remove update-key.cmake
d4ed998 
This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613
kilograham pushed a commit that referenced this issue May 29, 2025
@will-v-pi
Encrypted improvements (#619)
f7b6312 
* Use key share for AES file

Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key).
Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.

* Improve checking for malicious flash data

Add data_max_size to prevent overwriting the bootloader with data from flash

* Incorporate latest changes to aes.S

Also shrink the space allocated for the bootloader to 32K (plus 8K scratch)

* Encorporated latest encryption code with 4-way shares

Also switch to random default key

* Apply encrypted-example 6de8084b6eda

* Add hello_encrypted example

* Use new `enable_interrupts` function

* Remove update-key.cmake

This is not necessary anymore, now picotool writes the AES key to otp json files

Fixes #613

* Add hello_encrypted to readme

* Update enc_bootloader with latest aes.S (picotool 333d571c)

CK_JITTER is removed as the enc_bootloader runs from XOSC not ROSC

* Add IV salts

* Update with latest aes.S

* Update readmes

This includes the changes from #553

* Add secret file to print out

This is useful for testing decryption with large files

* Add notes about unique AES keys, and not losing keys/salts

* Update readmes

* Fix enc_bootloader example OTP output

* Remove OTP key locking functionality from encrypted examples

* Improve TBYB sequence

Add self check (1 == 1), which is only performed on first boot

* Review fixups

Comments and readme

* Add MbedTLS self-decrypting example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@will-v-pi will-v-pi

Labels
None yet
Projects
None yet
Milestone
2.1.2
Development

Successfully merging a pull request may close this issue.

Encrypted improvements raspberrypi/pico-examples
2 participants
@kilograham @will-v-pi