From 46aed89345583535bb76c32f20b7ffebc892a16c Mon Sep 17 00:00:00 2001
From: William Vinnicombe <william.vinnicombe@raspberrypi.com>
Date: Tue, 14 Jan 2025 15:33:37 +0000
Subject: [PATCH] Use key share for AES file

Update CMake tooling to use 128 byte key files (a 4-way share of the 32 byte key).
Also temporarily update the enc_bootloader to deshare this key - the actual fix will need to be in aes.S.
---
 bootloaders/encrypted/README.md        |   9 ++-
 bootloaders/encrypted/enc_bootloader.c |  14 +++-
 bootloaders/encrypted/otp.json         | 100 ++++++++++++++++++++++++-
 bootloaders/encrypted/privateaes.bin   | Bin 32 -> 128 bytes
 bootloaders/encrypted/update-key.cmake |   2 +-
 5 files changed, 119 insertions(+), 6 deletions(-)

diff --git a/bootloaders/encrypted/README.md b/bootloaders/encrypted/README.md
index f079d9469..cd909ddff 100644
--- a/bootloaders/encrypted/README.md
+++ b/bootloaders/encrypted/README.md
@@ -4,10 +4,15 @@ Replace private.pem and privateaes.bin with your own keys - your signing key mus
 openssl ecparam -name secp256k1 -genkey -out private.pem
 ```
 
-The AES key is just be a 32 byte binary file - you can create one with
+The AES key is stored as a 4-way share in a 128 byte binary file - you can create one with
 
 ```bash
-dd if=/dev/urandom of=privateaes.bin bs=1 count=32
+dd if=/dev/urandom of=privateaes.bin bs=1 count=128
+```
+
+or in Powershell 7
+```powershell
+[byte[]] $(Get-SecureRandom -Maximum 256 -Count 128) | Set-Content privateaes.bin -AsByteStream
 ```
 
 Then either drag & drop the UF2 files to the device in order (enc_bootloader first, then hello_serial_enc) waiting for a reboot in-between, or run
diff --git a/bootloaders/encrypted/enc_bootloader.c b/bootloaders/encrypted/enc_bootloader.c
index 1df509101..dc828d62b 100644
--- a/bootloaders/encrypted/enc_bootloader.c
+++ b/bootloaders/encrypted/enc_bootloader.c
@@ -180,7 +180,19 @@ int main() {
     init_lut_map();
     // Read key directly from OTP - guarded reads will throw a bus fault if there are any errors
     uint16_t* otp_data = (uint16_t*)OTP_DATA_GUARDED_BASE;
-    init_key(rkey_s, (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]));
+
+    // Temporary de-sharing - REMOVE THIS AND MODIFY ASM INSTEAD
+    uint8_t* shared_key_a = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]);
+    uint8_t* shared_key_b = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x790)]);
+    uint8_t* shared_key_c = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x7A0)]);
+    uint8_t* shared_key_d = (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x7B0)]);
+    uint8_t deshared_key[32];
+    for (int i=0; i < sizeof(deshared_key); i++) {
+        deshared_key[i] = shared_key_a[i] ^ shared_key_b[i] ^ shared_key_c[i] ^ shared_key_d[i];
+    }
+    init_key(rkey_s, deshared_key);
+
+    // init_key(rkey_s, (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS & 0x780)]));
     otp_hw->sw_lock[30] = 0xf;
     flush_reg();
     ctr_crypt_s(iv, (void*)SRAM_BASE, data_size/16);
diff --git a/bootloaders/encrypted/otp.json b/bootloaders/encrypted/otp.json
index f86a9e019..412c11078 100644
--- a/bootloaders/encrypted/otp.json
+++ b/bootloaders/encrypted/otp.json
@@ -35,7 +35,103 @@
       "0xc0",
       "0xd0",
       "0xe0",
-      "0xf0"
+      "0xf0",
+      "0x0f",
+      "0x0e",
+      "0x0d",
+      "0x0c",
+      "0x0b",
+      "0x0a",
+      "0x09",
+      "0x08",
+      "0x07",
+      "0x06",
+      "0x05",
+      "0x04",
+      "0x03",
+      "0x02",
+      "0x01",
+      "0x00",
+      "0xf0",
+      "0xe0",
+      "0xd0",
+      "0xc0",
+      "0xb0",
+      "0xa0",
+      "0x90",
+      "0x80",
+      "0x70",
+      "0x60",
+      "0x50",
+      "0x40",
+      "0x30",
+      "0x20",
+      "0x10",
+      "0x00",
+      "0x08",
+      "0x09",
+      "0x0a",
+      "0x0b",
+      "0x0c",
+      "0x0d",
+      "0x0e",
+      "0x0f",
+      "0x00",
+      "0x01",
+      "0x02",
+      "0x03",
+      "0x04",
+      "0x05",
+      "0x06",
+      "0x07",
+      "0x80",
+      "0x90",
+      "0xa0",
+      "0xb0",
+      "0xc0",
+      "0xd0",
+      "0xe0",
+      "0xf0",
+      "0x00",
+      "0x10",
+      "0x20",
+      "0x30",
+      "0x40",
+      "0x50",
+      "0x60",
+      "0x70",
+      "0x07",
+      "0x06",
+      "0x05",
+      "0x04",
+      "0x03",
+      "0x02",
+      "0x01",
+      "0x00",
+      "0x0f",
+      "0x0e",
+      "0x0d",
+      "0x0c",
+      "0x0b",
+      "0x0a",
+      "0x09",
+      "0x08",
+      "0x70",
+      "0x60",
+      "0x50",
+      "0x40",
+      "0x30",
+      "0x20",
+      "0x10",
+      "0x00",
+      "0xf0",
+      "0xe0",
+      "0xd0",
+      "0xc0",
+      "0xb0",
+      "0xa0",
+      "0x90",
+      "0x80"
     ]
   },
   "OTP_DATA_KEY1" : [ 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7 ],
@@ -43,4 +139,4 @@
   "OTP_DATA_KEY2" : [ 7, 7, 6, 6, 5, 5, 4, 4, 3, 3, 2, 2, 1, 1, 0, 0 ],
   "OTP_DATA_KEY2_VALID" : "0x010101",
   "PAGE30_LOCK0" : "0x4a4a4a"
-}
\ No newline at end of file
+}
diff --git a/bootloaders/encrypted/privateaes.bin b/bootloaders/encrypted/privateaes.bin
index 0122f8a2ce6c1a5666cec893fed33fe49d39227c..ef7a0dc1d6662d847d48d6fc1a4f6ee3ce8fcd7a 100644
GIT binary patch
literal 128
zcmZQzWMXDvWn<^y<l^Sx<>O}%P%v-^NGNESuwcW13lBc<^YQX<b8&L8v$3);GchuJ
lcyQssh6NKE3K9Yw3={+y;QFBE!1Te)f$4*p1JegH2LLD8AK?H1

delta 5
McmZo*RG6Ru00b!kQUCw|

diff --git a/bootloaders/encrypted/update-key.cmake b/bootloaders/encrypted/update-key.cmake
index a14c90c7c..9db92bc93 100644
--- a/bootloaders/encrypted/update-key.cmake
+++ b/bootloaders/encrypted/update-key.cmake
@@ -1,7 +1,7 @@
 if (CMAKE_VERSION VERSION_LESS 3.19)
     # Check if keyfile is not the default, and print warning
     file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX)
-    if (NOT ${key_file} STREQUAL "000102030405060708090a0b0c0d0e0f00102030405060708090a0b0c0d0e0f0")
+    if (NOT ${key_file} STREQUAL "000102030405060708090a0b0c0d0e0f00102030405060708090a0b0c0d0e0f00f0e0d0c0b0a09080706050403020100f0e0d0c0b0a09080706050403020100008090a0b0c0d0e0f00010203040506078090a0b0c0d0e0f0001020304050607007060504030201000f0e0d0c0b0a09087060504030201000f0e0d0c0b0a09080")
         message(WARNING
             "Encrypted bootloader AES key not updated in otp.json file, as CMake version is < 3.19"
             " - you will need to change the key in otp.json manually and re-run the build"