dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity
1,055 Commits 2 Branches 32 Tags
74b635fa3cdd91a825ed57935bd49dd47bb3ae3e
Commit Graph

447 Commits

Author SHA1 Message Date
Pol Henarejos
3d960b931a Fix MKEK masking order. Fixes #69. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:26:47 +01:00
Pol Henarejos
ff7ef56cda Dev options file must be persistent, since it manipulates MKEK which is in turn persistent. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:25:19 +01:00
Pol Henarejos
320455815f Only allow initialize if secure lock is disabled or has mkek mask. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:24:35 +01:00
Pol Henarejos
859dec7e4a Accept mkek mask only if secure lock is enabled. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-08 01:23:51 +01:00
Pol Henarejos
f88aad1e2c Fixed buffer overflow when unlocking the device. 
Fixes #68.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-12-03 08:36:05 +01:00
Pol Henarejos
866aac8fe3 Add reboot extra command. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-27 21:48:04 +01:00
Pol Henarejos
1ea0a91ba8 Fix initialization when initializing a RP2350 board for first time. 
Fixes #60.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-12 19:25:22 +01:00
Pol Henarejos
b7c6ca58d0 Upgrade to v5.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-09 15:47:40 +01:00
Pol Henarejos
4ec1d4d891 Fix initialization and terminal certificate generation. 
Fixes #59.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 17:52:13 +01:00
Pol Henarejos
9b9ea7cae5 Add product and mcu to info in rescue mode. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-07 20:00:41 +01:00
Pol Henarejos
f5b89aed69 Use DEV key from OTP if available when initializing. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-07 00:16:22 +01:00
Pol Henarejos
3c6684cdab Rename CCID_ codes to PICOKEY_ 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-05 19:29:00 +01:00
Pol Henarejos
9fa3758dad Add support for OTP raw read/write. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:15:48 +01:00
Pol Henarejos
2856ec6917 Align data in case it's not. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 02:14:51 +02:00
Pol Henarejos
ccec83dfb1 Fix otp write length check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:41:12 +02:00
Pol Henarejos
9de1b4ca5d Fix OTP data check size. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:24:49 +02:00
Pol Henarejos
cbd9a5d296 Add sanitize check. 
Only pages 0 and 1 are allowed for reading.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-27 01:24:36 +02:00
Pol Henarejos
812a737ff5 Fix length. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:52:29 +02:00
Pol Henarejos
6163b870ed Fix haders. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:51:18 +02:00
Pol Henarejos
08d4dc58aa Add OTP extra command to read/write OTP without bootmode. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:25:59 +02:00
Pol Henarejos
0193e55f7b Use macros in extras. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:06:58 +02:00
Pol Henarejos
f7451f56ed Add support for led dimming and max. brightness. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-30 09:21:39 +02:00
Pol Henarejos
72eb5a2a69 Enable OTP to store a permanent secret key. 
It can be used by HSM or Fido to protect the keys and use it as MKEK.
 2024-09-11 23:16:23 +02:00
Pol Henarejos
8e8bd32b44 Upgrade to version 4.2 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-02 12:04:36 +02:00
Pol Henarejos
f458750c91 Removed unused extern declaration. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-02 09:53:20 +02:00
Pol Henarejos
af099cd416 Add support to RP2350. 
RP2350 does not support RTC, so we use AON timer instead.
 2024-08-28 16:42:46 +02:00
Pol Henarejos
39a5af8649 Free hd_context if error. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-25 20:00:16 +02:00
Pol Henarejos
28c63a500c Revert "Fix non-free'd context." 
This reverts commit 9335b088cf.
 2024-08-25 19:55:02 +02:00
Pol Henarejos
9335b088cf Fix non-free'd context. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-25 19:39:47 +02:00
Pol Henarejos
9cc934282c Fix memory boundaries check. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-25 19:39:30 +02:00
Pol Henarejos
2ad67e5e17 Fix new Pico Keys SDK selection callback. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-08-25 18:30:29 +02:00
Pol Henarejos
0c2e728c35 Add EF.DIR list aid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-28 22:59:52 +02:00
Pol Henarejos
5630043a4d Fix binary read permission. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-28 22:59:16 +02:00
Pol Henarejos
c1a47ed023 Fix EF.DIR selection. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-28 22:05:10 +02:00
Pol Henarejos
fd12758551 Upgrade to version 4.0 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-24 19:44:58 +02:00
Pol Henarejos
d708158fea Fix key unwrap with latest OpenSC. Fixes #41. 
SC-HSM driver in OpenSC has changed the procedure for unwraping. It stores the wrap into a temporary file (0x2F10) and then it calls unwrap cmd.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-23 01:17:01 +02:00
Pol Henarejos
dc979194fa Fix crash in mbedtls 3.6 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-23 01:00:14 +02:00
Pol Henarejos
9a7be98e6e Settings proper phy options 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-21 22:08:36 +02:00
Pol Henarejos
c4a08aff0f Upgrade to Mbedtls 3.6 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-21 21:29:32 +02:00
Pol Henarejos
223fc117dd Enable patch only for RPI 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-21 21:15:29 +02:00
Pol Henarejos
d1fb4d0c65 Merge branch 'master' into development 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-21 21:14:43 +02:00
Pol Henarejos
47acef71c8 Only when not emulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-21 21:11:18 +02:00
al heisner
99c777c780 Fix for multiples of 64 bytes on cmd_list_keys 2024-06-21 11:35:05 -05:00
Pol Henarejos
79f76a176d Fix time.h header. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-19 23:36:41 +02:00
Pol Henarejos
f20fdc9bda Add missing header. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-19 22:42:19 +02:00
Pol Henarejos
b4671c2ecb Merge branch 'esp32' into development 2024-06-19 22:03:47 +02:00
Pol Henarejos
54cdbfc22c Add PHY OPTS. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-19 22:01:15 +02:00
fastchain
87ffd21543 Update cmd_extras.c 
This security fix ensures that the extra settings, cannot be silently disabled, if button control enabled. So the button control setting cannot be silently (without button push) disabled, even if the user's PC is fully compromised.
 2024-06-13 16:09:54 +09:00
Pol Henarejos
7cb0bbf982 Merge branch 'development' into esp32 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-06-03 13:06:39 +02:00
Pol Henarejos
218660e694 Only allow change PHY without PIN. PIN is required for other extra options. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-04-22 23:47:08 +02:00