Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lpc55: Improve IFS and PRINCE setup #355

Merged
merged 4 commits into from
Oct 19, 2023
Merged

lpc55: Improve IFS and PRINCE setup #355

merged 4 commits into from
Oct 19, 2023

Conversation

robin-nitrokey
Copy link
Member

@robin-nitrokey robin-nitrokey commented Oct 18, 2023
edited
Loading

This PR contains several patches that improve the IFS and PRINCE setup:

  • Only enable PRINCE for the IFS subregion when accessing the IFS.
  • Change the firmware and IFS boundaries to reflect the actual values.
  • Add more sanity checks.

Limitation: Currently, our build script truncates the length of the IFS to multiples of 1024 when generating the linker script. I think this should not be an issue as the filesystem region defined in the linker script does not have any effects AFAIK, but we could fix this by writing the full values instead. Fixed by using the full values.

@robin-nitrokey
lpc55: Only enable PRINCE for the FS region
dc745a3 
Previously, we enabled the complete PRINCE region 2 if we wanted to
access the FS.  This means that we also tried to encrypt parts of the
firmware if was written after 0x80_000 (start of region 2) although the
firmware is not encrypted.

With this patch, we only enable the PRINCE subregions that actually
contain the filesystem.  This requires extracting the filesystem
definition from the lpc55-hal crate.
@robin-nitrokey
lpc55: Reduce firmware region
774e58e 
As we can only enable or disable the PRINCE hardware encryption in
subregions of 8 KiB starting from 0x80_0000 and the (encrypted)
filesystem starts at 0x93_0000, we can only use the flash up to 0x92_000
for firmware.  (Otherwise the firmware would become unreadable if we
decrypt the filesystem subregion.)
@robin-nitrokey
lpc55: Fix filesystem end
0041644 
For the lpc55 profile, the filesystem end config value was incorrect.
This did not have any effect, but for consistency, we correct it and
also change the InternalStore implementation to use this config value
for the FS setup.
@robin-nitrokey
Use exact values in linker scripts
b0477fc 
Instead of truncating the flash and filesystem sizes to multiples of
1024, we now use the exact values.  This is necessary as the FS size on
the lpc55 is 43.5 KiB.
@daringer
Copy link
Collaborator

lgtm,

especially having the read/write/erase primitives inside the runner introduces more consistency between lpc55 & nrf52 - otherwise introducing this into the lpc55_hal might be the wrong way anyways as this is pretty (hardware-)application specific code.

@robin-nitrokey robin-nitrokey merged commit cf8f0f1 into main Oct 19, 2023
@robin-nitrokey robin-nitrokey deleted the ifs-prince branch October 19, 2023 16:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daringer daringer daringer approved these changes

@szszszsz szszszsz Awaiting requested review from szszszsz

@sosthene-nitrokey sosthene-nitrokey Awaiting requested review from sosthene-nitrokey

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@robin-nitrokey @daringer