kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into authenticator-selection

Browse Source
This commit is contained in:
kaczmarczyck
2020-06-18 14:50:34 +02:00
committed by GitHub
parent e12cf542e9 53ca4c17d2
commit 934ec203c1
12 changed files with 231 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/reproducible.yml vendored
View File

@@ -36,5 +36,9 @@ jobs:
name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar
- name: Comparing binary sizes
if: always()
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt
- name: Comparing cryptographic hashes
if: always()
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum

5
.gitignore vendored
View File

@@ -3,3 +3,8 @@ Cargo.lock
# Prevent people from commiting sensitive files.
crypto_data/
# Temporary files.
reproducible/binaries.sha256sum
reproducible/elf2tab.txt
reproducible/reproduced.tar

10
boards/nordic/nrf52840_mdk_dfu/src/main.rs
View File

@@ -48,6 +48,11 @@ static mut APP_MEMORY: [u8; 0x3C000] = [0; 0x3C000];
static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] =
[None, None, None, None, None, None, None, None];
static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation {
address: 0xC0000,
size: 0x40000,
}];
// Static reference to chip for panic dumps
static mut CHIP: Option<&'static nrf52840::chip::Chip> = None;
@@ -62,7 +67,10 @@ pub unsafe fn reset_handler() {
// Loads relocations and clears BSS
nrf52840::init();
let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES));
let board_kernel = static_init!(
kernel::Kernel,
kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS)
);
// GPIOs
let gpio = components::gpio::GpioComponent::new(board_kernel).finalize(
components::gpio_component_helper!(

13
deploy.py
View File

@@ -428,6 +428,10 @@ class OpenSKInstaller:
"--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE),
"--kernel-heap=1024", "--protected-region-size=64"
])
if self.args.elf2tab_output:
output = self.checked_command_output(elf2tab_args)
self.args.elf2tab_output.write(output)
else:
self.checked_command(elf2tab_args)
def install_tab_file(self, tab_filename):
@@ -861,6 +865,15 @@ if __name__ == "__main__":
"storage (i.e. unplugging the key will reset the key)."),
)
main_parser.add_argument(
"--elf2tab-output",
metavar="FILE",
type=argparse.FileType("a"),
dest="elf2tab_output",
default=None,
help=("When set, the output of elf2tab is appended to this file."),
)
apps_group = main_parser.add_mutually_exclusive_group(required=True)
apps_group.add_argument(
"--no-app",

28
patches/tock/01-persistent-storage.patch
View File

@@ -1,3 +1,31 @@
diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_dongle/src/main.rs
index 040f4d3a..f6e1069c 100644
--- a/boards/nordic/nrf52840_dongle/src/main.rs
+++ b/boards/nordic/nrf52840_dongle/src/main.rs
@@ -49,6 +49,11 @@ static mut APP_MEMORY: [u8; 0x3C000] = [0; 0x3C000];
static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] =
[None, None, None, None, None, None, None, None];
+static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation {
+ address: 0xC0000,
+ size: 0x40000,
+}];
+
// Static reference to chip for panic dumps
static mut CHIP: Option<&'static nrf52840::chip::Chip> = None;
@@ -63,7 +68,10 @@ pub unsafe fn reset_handler() {
// Loads relocations and clears BSS
nrf52840::init();
- let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES));
+ let board_kernel = static_init!(
+ kernel::Kernel,
+ kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS)
+ );
// GPIOs
let gpio = components::gpio::GpioComponent::new(board_kernel).finalize(
components::gpio_component_helper!(
diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs
index 44a6c1cc..2ebc2868 100644
--- a/boards/nordic/nrf52840dk/src/main.rs

2
patches/tock/02-usb.patch
View File

@@ -2,7 +2,7 @@ diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_
index 9a8dccfd..ad3e69b8 100644
--- a/boards/nordic/nrf52840_dongle/src/main.rs
+++ b/boards/nordic/nrf52840_dongle/src/main.rs
@@ -144,6 +144,7 @@ pub unsafe fn reset_handler() {
@@ -152,6 +152,7 @@ pub unsafe fn reset_handler() {
FAULT_RESPONSE,
nrf52840::uicr::Regulator0Output::V3_0,
false,

6
reproduce_board.sh
View File

@@ -16,10 +16,14 @@
set -ex
echo "Board: $BOARD"
echo "========================================" >> reproducible/elf2tab.txt
echo "Board: $BOARD" >> reproducible/elf2tab.txt
echo "----------------------------------------" >> reproducible/elf2tab.txt
./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none
./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin
./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none
./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt
./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex

1
reproduce_hashes.sh
View File

@@ -16,6 +16,7 @@
set -ex
rm -f reproducible/binaries.sha256sum
rm -f reproducible/elf2tab.txt
echo "Creating reproducible/reproduced.tar"
touch empty_file

12
reproducible/reference_binaries_macos-10.15.sha256sum
View File

@@ -1,9 +1,9 @@
1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
022268c93fa8bbd9e54e082982b87c10a0e7c0486704de8219d1bb374304636a target/nrf52840dk_merged.hex
88f00a5e1dae6ab3f7571c254ac75f5f3e29ebea7f3ca46c16cfdc3708e804fc third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
8d68ecc700527789b8edf318f0872ca8fc3b72fa73236f4e06bec89a3682fcf8 target/nrf52840_dongle_merged.hex
1bc69b48a2c48da55db8b322902e1fe3f2e095c0dd8517db28837d86e0addc85 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
af5465e4209914aaf74ee878d03e883a717827119e47b9295aa279ee21f0c5f4 target/nrf52840_dongle_dfu_merged.hex
f38ee31d3a09e7e11848e78b5318f95517b6dcd076afcb37e6e3d3e5e9995cc7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
23603386a615e4e8cb2173c5ce4762110e6cbb979efdbb6e8bef9bc1e3988de4 target/nrf52840_mdk_dfu_merged.hex
052eec0ae526038352b9f7573468d0cf7fb5ec331d4dc1a2df75fdbd514ea5ca third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
d2373ac9df2ba8feff88f19e67ec87a58e635b94f0a0f759b6fcf4c750b256c9 target/nrf52840_dongle_merged.hex
908d7f4f40936d968b91ab6e19b2406612fe8c2c273d9c0b71ef1f55116780e0 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
3c6f18ad1e1ceedeb622f39cd00ae3328ea5ad1557a9042c1b4bf831d5e1fb0d target/nrf52840_dongle_dfu_merged.hex
34ecbecaebf1188277f2310fe769c8c60310d8576493242712854deb4ba1036e third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
d1320adfcec35099ade04988111a947c05d14c43851fc5800d17d7a83bdba033 target/nrf52840_mdk_dfu_merged.hex
c2cbcc28b835934be4c3d3e3c5bdaba642a5811d760c1d2cb73d26b6474e4219 target/tab/ctap2.tab

12
reproducible/reference_binaries_ubuntu-18.04.sha256sum
View File

@@ -1,9 +1,9 @@
c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
d8b62ece387a77cc21f2c10a5f5d65d0d57bf4739b47fd86d2c9ecdd90fbfd7e target/nrf52840dk_merged.hex
0a9929ba8fa57e8a502a49fc7c53177397202e1b11f4c7c3cb6ed68b2b99dd46 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
380de1a910b4d9eeb0c814b11b074b2e66334968cc99a4bd34d52a1fce3c5a79 target/nrf52840_dongle_merged.hex
cca9086c9149c607589b23ffa599a5e4c26db7c20bd3700b79528bd3a5df991d third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
4edd988b3e37991f1e58fc520e41f7666f8ae3e8d3993e1bb2fb71657a71fa50 target/nrf52840_dongle_dfu_merged.hex
8857488ba6a69e366f0da229bbfc012a2ad291d3a88d9494247d600c10bb19b7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
a51aba1cd12e55aa33fd9017af406583ebf14e1c690295b15cf147713dfe2561 target/nrf52840_mdk_dfu_merged.hex
30f239390ae9bef0825731e4c82d40470fc5e9bded2bf0d942e92dbb5d4faba1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
c9349bd480b30e28214bb8d58d10938889050b92d34fbeb70e3110919b3a2601 target/nrf52840_dongle_merged.hex
e3acf15d5ae3a22aecff6cc58db5fc311f538f47328d348b7ad7db7f9ab5e72c third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
08f3ca1bb79e13e83149324244929b68f8d7583630d9a62a8ffdedb710c95d8b target/nrf52840_dongle_dfu_merged.hex
cae312a26a513ada6c198fdc59b2bba3860c51726b817a9fd17a4331ee12c882 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
849c67c811da8d359d4e55d81d2587b3efa2f6065d72e4db09c3e571af8fef94 target/nrf52840_mdk_dfu_merged.hex
40b413a8b645b4b47fae62a4311acb12cb0c57faff2757e45c18d9e5d441e52d target/tab/ctap2.tab

76
reproducible/reference_elf2tab_macos-10.15.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0

76
reproducible/reference_elf2tab_ubuntu-18.04.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0