Add support for creating self-decrypting binaries, and use 4-way AES key shares instead of just the AES key #207
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was referenced Feb 24, 2025
The privateaes.bin key file is now 4x256bit numbers (A,B,C,D), and the AES key X is A^B^C^D
This is not required, as you can still load data outside of the region between the metadata blocks which contain the binary - for example, loading code into scratch memory.
You can now use `picotool encrypt --embed ...` to create a self-decrypting binary, using enc_bootloader
Add pico_minimize_runtime and some other runtime skips Re-use scratch_y for the workarea, without overwriting the stack
Rejig everything to fit into scratch, so full 512k of SRAM is available for the user
Move vtor into main code body, leaving only binary info and embedded block at start Reduce initial stack size, then increase after AES code to overwrite the workspace Reduce vector table IRQs (requires pico-sdk pr 2200)
Uses a modified version of get_rand_32 temporarily, until the aes.S code is modified to use rom_get_boot_random From commit d4f4b2a7d9f00
Add temporary workaround to clone SDK branch with support for PICO_MINIMAL_VECTOR_TABLE define
…n stage metadata This means that the bootrom will treat the binary with embedded decryption stage the same as the non-encrypted binary, for rollback/versions/tbyb/etc
Allows specifying the OTP page the AES key is stored on
From commit 3d93bdd06c55
Now fits inside 2K, so moved to 0x20081800, giving more room for AES workspace
From commit 052dab85a9ac38
Use bi_ptr_string instead of 4 bi_ptr_int32s
Now goes through configurations until it finds one under 150MHz
From commit 59c6d71d7
From commit 6e6df5a5769
Default to the 110MHz ROSC config, but can be increased to the 180MHz config by setting --fast-rosc
will-v-pi
force-pushed
the
encrypted-shares
branch
from
f65f1be to
333d571
Compare
Now uses IV salt in OTP, and IV0_XOR is now enabled and fixed From commit 627274d21a2d6a30
will-v-pi
force-pushed
the
encrypted-shares
branch
from
8ad52d7 to
28c0335
Compare
This will now fail CI checks until raspberrypi/pico-sdk#2233 is merged
From commit d831bb59
This variant runs from xip_sram, and uses the MbedTLS AES code instead. This is much faster, but not secure against side channel attacks. Currently no way to enable it, but that can be added if it's going to be useful
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support for creating self-decrypting binaries, which can be created using
This introduces a breaking change to
picotool encryptto take a 4-way AES key share, rather than just taking an AES key, as this makes it simpler to mask the power signature when decrypting the binary. The only difference from a user perspective is that they now need to use a 1024 bit binary file instead of the 256 bit file used before. The AES key is derived from the 4-way share as follows:This also introduces a breaking change that
picotool encryptnow requires an IV salt binary to be passed to it as the 4th file, so the signing_key is now the 5th file and the OTP JSON is now the 6th file.This PR requires raspberrypi/pico-sdk#2233 so should be merged after that