Use key share for AES file

Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key). Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.
raspberrypi · Jan 14, 2025 · 46aed89 · 46aed89
1 parent b6ac07f
commit 46aed89
Show file tree

Hide file tree

Showing 5 changed files with 119 additions and 6 deletions.
diff --git a/bootloaders/encrypted/README.md b/bootloaders/encrypted/README.md
@@ -4,10 +4,15 @@ Replace private.pem and privateaes.bin with your own keys - your signing key mus
 openssl ecparam -name secp256k1 -genkey -out private.pem
 ```
 
-The AES key is just be a 32 byte binary file - you can create one with
+The AES key is stored as a 4-way share in a 128 byte binary file - you can create one with
 
 ```bash
-dd if=/dev/urandom of=privateaes.bin bs=1 count=32
+dd if=/dev/urandom of=privateaes.bin bs=1 count=128
+```
+
+or in Powershell 7
+```powershell
+[byte[]] $(Get-SecureRandom -Maximum 256 -Count 128) | Set-Content privateaes.bin -AsByteStream
 ```
 
 Then either drag & drop the UF2 files to the device in order (enc_bootloader first, then hello_serial_enc) waiting for a reboot in-between, or run

diff --git a/bootloaders/encrypted/enc_bootloader.c b/bootloaders/encrypted/enc_bootloader.c
@@ -180,7 +180,19 @@ int main() {
     init_lut_map();
     // Read key directly from OTP - guarded reads will throw a bus fault if there are any errors
     uint16_t* otp_data = (uint16_t*)OTP_DATA_GUARDED_BASE;
-    init_key(rkey_s, (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]));
+
+    // Temporary de-sharing - REMOVE THIS AND MODIFY ASM INSTEAD
+    uint8_t* shared_key_a = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]);
+    uint8_t* shared_key_b = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x790)]);
+    uint8_t* shared_key_c = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x7A0)]);
+    uint8_t* shared_key_d = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x7B0)]);
+    uint8_t deshared_key[32];
+    for (int i=0; i < sizeof(deshared_key); i++) {
+        deshared_key[i] = shared_key_a[i] ^ shared_key_b[i] ^ shared_key_c[i] ^ shared_key_d[i];
+    }
+    init_key(rkey_s, deshared_key);
+
+    // init_key(rkey_s, (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]));
     otp_hw->sw_lock[30] = 0xf;
     flush_reg();
     ctr_crypt_s(iv, (void*)SRAM_BASE, data_size/16);

diff --git a/bootloaders/encrypted/otp.json b/bootloaders/encrypted/otp.json
@@ -35,12 +35,108 @@
       "0xc0",
       "0xd0",
       "0xe0",
-      "0xf0"
+      "0xf0",
+      "0x0f",
+      "0x0e",
+      "0x0d",
+      "0x0c",
+      "0x0b",
+      "0x0a",
+      "0x09",
+      "0x08",
+      "0x07",
+      "0x06",
+      "0x05",
+      "0x04",
+      "0x03",
+      "0x02",
+      "0x01",
+      "0x00",
+      "0xf0",
+      "0xe0",
+      "0xd0",
+      "0xc0",
+      "0xb0",
+      "0xa0",
+      "0x90",
+      "0x80",
+      "0x70",
+      "0x60",
+      "0x50",
+      "0x40",
+      "0x30",
+      "0x20",
+      "0x10",
+      "0x00",
+      "0x08",
+      "0x09",
+      "0x0a",
+      "0x0b",
+      "0x0c",
+      "0x0d",
+      "0x0e",
+      "0x0f",
+      "0x00",
+      "0x01",
+      "0x02",
+      "0x03",
+      "0x04",
+      "0x05",
+      "0x06",
+      "0x07",
+      "0x80",
+      "0x90",
+      "0xa0",
+      "0xb0",
+      "0xc0",
+      "0xd0",
+      "0xe0",
+      "0xf0",
+      "0x00",
+      "0x10",
+      "0x20",
+      "0x30",
+      "0x40",
+      "0x50",
+      "0x60",
+      "0x70",
+      "0x07",
+      "0x06",
+      "0x05",
+      "0x04",
+      "0x03",
+      "0x02",
+      "0x01",
+      "0x00",
+      "0x0f",
+      "0x0e",
+      "0x0d",
+      "0x0c",
+      "0x0b",
+      "0x0a",
+      "0x09",
+      "0x08",
+      "0x70",
+      "0x60",
+      "0x50",
+      "0x40",
+      "0x30",
+      "0x20",
+      "0x10",
+      "0x00",
+      "0xf0",
+      "0xe0",
+      "0xd0",
+      "0xc0",
+      "0xb0",
+      "0xa0",
+      "0x90",
+      "0x80"
     ]
   },
   "OTP_DATA_KEY1" : [ 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7 ],
   "OTP_DATA_KEY1_VALID" : "0x010101",
   "OTP_DATA_KEY2" : [ 7, 7, 6, 6, 5, 5, 4, 4, 3, 3, 2, 2, 1, 1, 0, 0 ],
   "OTP_DATA_KEY2_VALID" : "0x010101",
   "PAGE30_LOCK0" : "0x4a4a4a"
-}
+}
diff --git a/bootloaders/encrypted/privateaes.bin b/bootloaders/encrypted/privateaes.bin
diff --git a/bootloaders/encrypted/update-key.cmake b/bootloaders/encrypted/update-key.cmake
@@ -1,7 +1,7 @@
 if (CMAKE_VERSION VERSION_LESS 3.19)
     # Check if keyfile is not the default, and print warning
     file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX)
-    if (NOT ${key_file} STREQUAL "000102030405060708090a0b0c0d0e0f00102030405060708090a0b0c0d0e0f0")
+    if (NOT ${key_file} STREQUAL "000102030405060708090a0b0c0d0e0f00102030405060708090a0b0c0d0e0f00f0e0d0c0b0a09080706050403020100f0e0d0c0b0a09080706050403020100008090a0b0c0d0e0f00010203040506078090a0b0c0d0e0f0001020304050607007060504030201000f0e0d0c0b0a09087060504030201000f0e0d0c0b0a09080")
         message(WARNING
             "Encrypted bootloader AES key not updated in otp.json file, as CMake version is < 3.19"
             " - you will need to change the key in otp.json manually and re-run the build"