kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into aaguid

Browse Source
This commit is contained in:
Julien Cretin
2020-06-17 12:44:50 +02:00
parent 87394f5a1a 53ca4c17d2
commit e120ac0ddb
12 changed files with 235 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/reproducible.yml vendored
View File

@@ -36,5 +36,9 @@ jobs:
name: reproduced-${{ matrix.os }} name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar path: reproducible/reproduced.tar
- name: Comparing binary sizes
if: always()
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt
- name: Comparing cryptographic hashes - name: Comparing cryptographic hashes
if: always()
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum

5
.gitignore vendored
View File

@@ -3,3 +3,8 @@ Cargo.lock
# Prevent people from commiting sensitive files. # Prevent people from commiting sensitive files.
crypto_data/ crypto_data/
# Temporary files.
reproducible/binaries.sha256sum
reproducible/elf2tab.txt
reproducible/reproduced.tar

10
boards/nordic/nrf52840_mdk_dfu/src/main.rs
View File

@@ -48,6 +48,11 @@ static mut APP_MEMORY: [u8; 0x3C000] = [0; 0x3C000];
static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] = static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] =
[None, None, None, None, None, None, None, None]; [None, None, None, None, None, None, None, None];
static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation {
address: 0xC0000,
size: 0x40000,
}];
// Static reference to chip for panic dumps // Static reference to chip for panic dumps
static mut CHIP: Option<&'static nrf52840::chip::Chip> = None; static mut CHIP: Option<&'static nrf52840::chip::Chip> = None;
@@ -62,7 +67,10 @@ pub unsafe fn reset_handler() {
// Loads relocations and clears BSS // Loads relocations and clears BSS
nrf52840::init(); nrf52840::init();
let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES)); let board_kernel = static_init!(
kernel::Kernel,
kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS)
);
// GPIOs // GPIOs
let gpio = components::gpio::GpioComponent::new(board_kernel).finalize( let gpio = components::gpio::GpioComponent::new(board_kernel).finalize(
components::gpio_component_helper!( components::gpio_component_helper!(

15
deploy.py
View File

@@ -428,7 +428,11 @@ class OpenSKInstaller:
"--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE), "--stack={}".format(STACK_SIZE), "--app-heap={}".format(APP_HEAP_SIZE),
"--kernel-heap=1024", "--protected-region-size=64" "--kernel-heap=1024", "--protected-region-size=64"
]) ])
self.checked_command(elf2tab_args) if self.args.elf2tab_output:
output = self.checked_command_output(elf2tab_args)
self.args.elf2tab_output.write(output)
else:
self.checked_command(elf2tab_args)
def install_tab_file(self, tab_filename): def install_tab_file(self, tab_filename):
assert self.args.application assert self.args.application
@@ -861,6 +865,15 @@ if __name__ == "__main__":
"storage (i.e. unplugging the key will reset the key)."), "storage (i.e. unplugging the key will reset the key)."),
) )
main_parser.add_argument(
"--elf2tab-output",
metavar="FILE",
type=argparse.FileType("a"),
dest="elf2tab_output",
default=None,
help=("When set, the output of elf2tab is appended to this file."),
)
apps_group = main_parser.add_mutually_exclusive_group(required=True) apps_group = main_parser.add_mutually_exclusive_group(required=True)
apps_group.add_argument( apps_group.add_argument(
"--no-app", "--no-app",

28
patches/tock/01-persistent-storage.patch
View File

@@ -1,3 +1,31 @@
diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_dongle/src/main.rs
index 040f4d3a..f6e1069c 100644
--- a/boards/nordic/nrf52840_dongle/src/main.rs
+++ b/boards/nordic/nrf52840_dongle/src/main.rs
@@ -49,6 +49,11 @@ static mut APP_MEMORY: [u8; 0x3C000] = [0; 0x3C000];
static mut PROCESSES: [Option<&'static dyn kernel::procs::ProcessType>; NUM_PROCS] =
[None, None, None, None, None, None, None, None];
+static mut STORAGE_LOCATIONS: [kernel::StorageLocation; 1] = [kernel::StorageLocation {
+ address: 0xC0000,
+ size: 0x40000,
+}];
+
// Static reference to chip for panic dumps
static mut CHIP: Option<&'static nrf52840::chip::Chip> = None;
@@ -63,7 +68,10 @@ pub unsafe fn reset_handler() {
// Loads relocations and clears BSS
nrf52840::init();
- let board_kernel = static_init!(kernel::Kernel, kernel::Kernel::new(&PROCESSES));
+ let board_kernel = static_init!(
+ kernel::Kernel,
+ kernel::Kernel::new_with_storage(&PROCESSES, &STORAGE_LOCATIONS)
+ );
// GPIOs
let gpio = components::gpio::GpioComponent::new(board_kernel).finalize(
components::gpio_component_helper!(
diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs diff --git a/boards/nordic/nrf52840dk/src/main.rs b/boards/nordic/nrf52840dk/src/main.rs
index 44a6c1cc..2ebc2868 100644 index 44a6c1cc..2ebc2868 100644
--- a/boards/nordic/nrf52840dk/src/main.rs --- a/boards/nordic/nrf52840dk/src/main.rs

2
patches/tock/02-usb.patch
View File

@@ -2,7 +2,7 @@ diff --git a/boards/nordic/nrf52840_dongle/src/main.rs b/boards/nordic/nrf52840_
index 9a8dccfd..ad3e69b8 100644 index 9a8dccfd..ad3e69b8 100644
--- a/boards/nordic/nrf52840_dongle/src/main.rs --- a/boards/nordic/nrf52840_dongle/src/main.rs
+++ b/boards/nordic/nrf52840_dongle/src/main.rs +++ b/boards/nordic/nrf52840_dongle/src/main.rs
@@ -144,6 +144,7 @@ pub unsafe fn reset_handler() { @@ -152,6 +152,7 @@ pub unsafe fn reset_handler() {
FAULT_RESPONSE, FAULT_RESPONSE,
nrf52840::uicr::Regulator0Output::V3_0, nrf52840::uicr::Regulator0Output::V3_0,
false, false,

6
reproduce_board.sh
View File

@@ -16,10 +16,14 @@
set -ex set -ex
echo "Board: $BOARD" echo "Board: $BOARD"
echo "========================================" >> reproducible/elf2tab.txt
echo "Board: $BOARD" >> reproducible/elf2tab.txt
echo "----------------------------------------" >> reproducible/elf2tab.txt
./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none ./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none
./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum ./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin
./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none ./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt
./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum ./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum
tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex

1
reproduce_hashes.sh
View File

@@ -16,6 +16,7 @@
set -ex set -ex
rm -f reproducible/binaries.sha256sum rm -f reproducible/binaries.sha256sum
rm -f reproducible/elf2tab.txt
echo "Creating reproducible/reproduced.tar" echo "Creating reproducible/reproduced.tar"
touch empty_file touch empty_file

16
reproducible/reference_binaries_macos-10.15.sha256sum
View File

@@ -1,9 +1,9 @@
1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin 1003863864e06553e730eec6df4bf8d30c99f697ef9380efdc35eba679b4db78 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
6b0a7402c38a37fc729644a4a92bfba8bc4431ad21f3a16d1527f2258e2231d1 target/nrf52840dk_merged.hex 022268c93fa8bbd9e54e082982b87c10a0e7c0486704de8219d1bb374304636a target/nrf52840dk_merged.hex
88f00a5e1dae6ab3f7571c254ac75f5f3e29ebea7f3ca46c16cfdc3708e804fc third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin 052eec0ae526038352b9f7573468d0cf7fb5ec331d4dc1a2df75fdbd514ea5ca third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
454ac8d360dec8705e243840df3807526b2383810a77573e9d4409dba96f43df target/nrf52840_dongle_merged.hex d2373ac9df2ba8feff88f19e67ec87a58e635b94f0a0f759b6fcf4c750b256c9 target/nrf52840_dongle_merged.hex
1bc69b48a2c48da55db8b322902e1fe3f2e095c0dd8517db28837d86e0addc85 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin 908d7f4f40936d968b91ab6e19b2406612fe8c2c273d9c0b71ef1f55116780e0 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
9efeed7965ba491a468640bd47b53010403244562b9ade71e0090b211888274c target/nrf52840_dongle_dfu_merged.hex 3c6f18ad1e1ceedeb622f39cd00ae3328ea5ad1557a9042c1b4bf831d5e1fb0d target/nrf52840_dongle_dfu_merged.hex
f38ee31d3a09e7e11848e78b5318f95517b6dcd076afcb37e6e3d3e5e9995cc7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin 34ecbecaebf1188277f2310fe769c8c60310d8576493242712854deb4ba1036e third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
911aa4f4f748910394c9f16d2e36dd06e71e311b2f9fee3f40522a13a2e4b671 target/nrf52840_mdk_dfu_merged.hex d1320adfcec35099ade04988111a947c05d14c43851fc5800d17d7a83bdba033 target/nrf52840_mdk_dfu_merged.hex
529ac9aef3941b45e7e480810ae4e821da433985b149028aa6a33f33e0dc1685 target/tab/ctap2.tab c2cbcc28b835934be4c3d3e3c5bdaba642a5811d760c1d2cb73d26b6474e4219 target/tab/ctap2.tab

16
reproducible/reference_binaries_ubuntu-18.04.sha256sum
View File

@@ -1,9 +1,9 @@
c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin c182bb4902fff51b2f56810fc2a27df3646cd66ba21359162354d53445623ab8 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840dk.bin
bebc884aa49b79359b22916ca3d20eca3cddc3d4283ff6d0da1f0d46e1b6a1fb target/nrf52840dk_merged.hex d8b62ece387a77cc21f2c10a5f5d65d0d57bf4739b47fd86d2c9ecdd90fbfd7e target/nrf52840dk_merged.hex
0a9929ba8fa57e8a502a49fc7c53177397202e1b11f4c7c3cb6ed68b2b99dd46 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin 30f239390ae9bef0825731e4c82d40470fc5e9bded2bf0d942e92dbb5d4faba1 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle.bin
8dca8415a01411d5f5589ec9688c9c6d229ca5a50fc27457060d001d90087c4b target/nrf52840_dongle_merged.hex c9349bd480b30e28214bb8d58d10938889050b92d34fbeb70e3110919b3a2601 target/nrf52840_dongle_merged.hex
cca9086c9149c607589b23ffa599a5e4c26db7c20bd3700b79528bd3a5df991d third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin e3acf15d5ae3a22aecff6cc58db5fc311f538f47328d348b7ad7db7f9ab5e72c third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_dongle_dfu.bin
64b36280f65508f5a6ca9a1708cc5cbd71663eb8068221434edf1c0201b9a339 target/nrf52840_dongle_dfu_merged.hex 08f3ca1bb79e13e83149324244929b68f8d7583630d9a62a8ffdedb710c95d8b target/nrf52840_dongle_dfu_merged.hex
8857488ba6a69e366f0da229bbfc012a2ad291d3a88d9494247d600c10bb19b7 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin cae312a26a513ada6c198fdc59b2bba3860c51726b817a9fd17a4331ee12c882 third_party/tock/target/thumbv7em-none-eabi/release/nrf52840_mdk_dfu.bin
2673ba4581bd704ab55f148b361ac530d07329106c3dc2d5594be90106764095 target/nrf52840_mdk_dfu_merged.hex 849c67c811da8d359d4e55d81d2587b3efa2f6065d72e4db09c3e571af8fef94 target/nrf52840_mdk_dfu_merged.hex
ba0e11a0036f167a56864de43db3602a8a855b38be8a53afc3a97fcaa40f2201 target/tab/ctap2.tab 40b413a8b645b4b47fae62a4311acb12cb0c57faff2757e45c18d9e5d441e52d target/tab/ctap2.tab

76
reproducible/reference_elf2tab_macos-10.15.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175636 (0x2ae14) bytes.
Adding .stack section. Offset: 175764 (0x2ae94). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0

76
reproducible/reference_elf2tab_ubuntu-18.04.txt Normal file
View File

@@ -0,0 +1,76 @@
========================================
Board: nrf52840dk
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_dongle_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0
========================================
Board: nrf52840_mdk_dfu
----------------------------------------
Min RAM size from sections in ELF: 16 bytes
Number of writeable flash regions: 0
Adding .crt0_header section. Offset: 64 (0x40). Length: 64 (0x40) bytes.
Entry point is in .text section
Adding .text section. Offset: 128 (0x80). Length: 175252 (0x2ac94) bytes.
Adding .stack section. Offset: 175380 (0x2ad14). Length: 16384 (0x4000) bytes.
Searching for .rel.X sections to add.
TBF Header:
version: 2 0x2
header_size: 44 0x2C
total_size: 262144 0x40000
flags: 1 0x1
init_fn_offset: 85 0x55
protected_size: 20 0x14
minimum_ram_size: 107424 0x1A3A0