Fix enc_bootloader example OTP output

Author: will-v-pi

bootloaders/encrypted/CMakeLists.txt

@@ -4,13 +4,6 @@ add_executable(enc_bootloader
         aes.S
         )
 
-# Copy otp.json file to build directory
-add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json
-    COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json"
-    DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json)
-add_custom_target(otp_json DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
-add_dependencies(enc_bootloader otp_json)
-
 # pull in common dependencies
 target_link_libraries(enc_bootloader pico_stdlib pico_rand)
 
@@ -45,9 +38,6 @@ endfunction()
 # create linker script to run from 0x20078000
 add_linker_script(enc_bootloader "0x20078000" "32k")
 
-# configure otp output
-pico_set_otp_key_output_file(enc_bootloader ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
-
 # sign, hash, and clear SRAM
 pico_sign_binary(enc_bootloader ${CMAKE_CURRENT_LIST_DIR}/private.pem)
 pico_hash_binary(enc_bootloader)
@@ -82,6 +72,16 @@ pico_set_binary_type(hello_serial_enc no_flash)
 # create linker script to ensure it doesn't overwrite the bootloader at 0x20070000
 add_linker_script(hello_serial_enc "0x20000000" "448k")
 
+# Copy otp.json file to build directory
+add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json
+    COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json"
+    DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json)
+add_custom_target(otp_json DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
+add_dependencies(hello_serial_enc otp_json)
+
+# configure otp output
+pico_set_otp_key_output_file(hello_serial_enc ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
+
 # sign, hash, and encrypt
 pico_sign_binary(hello_serial_enc ${CMAKE_CURRENT_LIST_DIR}/private.pem)
 pico_hash_binary(hello_serial_enc)

bootloaders/encrypted/aes.S

@@ -278,31 +278,39 @@ init_rstate:
  str r1,[r4,#TRNG_TRNG_CONFIG_OFFSET       -TRNG_RNG_IMR_OFFSET]     @ turn off rand source and wipe SHA bits left in TRNG config; r1=0
  str r1,[r4,#TRNG_RND_SOURCE_ENABLE_OFFSET -TRNG_RNG_IMR_OFFSET]
  adds r5,r5,#SHA256_SUM0_OFFSET
- ldmia r5!,{r0-r3}
- ldr r5,=rstate_sha
- stmia r5,{r0-r3}
+@ r5=SHA256 SUM0 register (r5+4=SUM1, r4+8=SUM2, etc)
+ ldmia r5,{r0-r3}  @ load first 4 words of the 8 word SHA256 output
+ ldr r6,=rstate_sha
+@ r5=SHA256 SUM0 register (r5+4=SUM1, r4+8=SUM2, etc), r6=rstate_sha
+ stmia r6,{r0-r3}
  CHK_COUNT 26,6
-
-@ r5=rstate_sha
  movs r0,#0
- strb r0,[r5]      @ make sure rstate_sha[0] has byte 0 set to 0, representing "out of data"
-@ try to find a non-zero initialiser to create a non-degenerate LFSR
- ldr r1,[r5,#4]
- cbnz r1,1f        @ is word 1 non-zero? then use it
- ldr r1,[r5,#8]
- cbnz r1,1f        @ otherwise, is word 2 non-zero? use it
- ldr r1,[r5,#12]
- cbnz r1,1f        @ otherwise, is word 3 non-zero? use it
- mov r1,r5         @ give up and use the address of rstate_sha (which is non-zero); this can't really happen (2^{-96} probability)
+ strb r0,[r6]      @ make sure rstate_sha[0] has byte 0 set to 0, representing "out of data"
+
+@ try to find a non-zero initialiser to create a non-degenerate LFSR random state
+ ldr r1,[r5,#16]   @ SHA SUM4
+ cbnz r1,1f        @ is word 4 non-zero? then use it
+ ldr r1,[r5,#20]   @ SHA SUM5
+ cbnz r1,1f        @ otherwise, is word 5 non-zero? use it
+ mov r1,r6         @ give up and use the address of rstate_sha (which is non-zero); this can't really happen (2^{-64} probability)
+1:
+ str r1,[r6,#rstate_lfsr-rstate_sha]
+ 
+@ try to find a non-zero initialiser to create a non-degenerate ROSC random state
+ ldr r1,[r5,#24]   @ SHA SUM6
+ cbnz r1,1f        @ is word 6 non-zero? then use it
+ ldr r1,[r5,#28]   @ SHA SUM7
+ cbnz r1,1f        @ otherwise, is word 7 non-zero? use it
+ mov r1,r6         @ give up and use the address of rstate_sha (which is non-zero); this can't really happen (2^{-64} probability)
 1:
- str r1,[r5,#rstate_lfsr-rstate_sha]
  ldr r2,=ROSC_RANDOM_OFFSET+ROSC_BASE
- str r1,[r2,#0]
+ str r1,[r2,#0]    @ Initialise ROSC LFSR
  CHK_COUNT 27,6
+ 
 .if GEN_RAND_SHA
 .if SH_JITTER
  movs r2,#0
- str r2,[r5,#jstate-rstate_sha]
+ str r2,[r6,#jstate-rstate_sha]
 .endif
 .endif
 
@@ -1655,14 +1663,23 @@ ctr_crypt_s:
  pop {r1}
  ldmia r1,{r8-r11}        @ r8-r11 = IVshareB
  clear03 32
- bl gen_rand_sha_nonpres; eors r4,r4,r0;  mov r8, r8, ror#16;  eor r8, r8, r0,ror#16
- bl gen_rand_sha_nonpres; eors r5,r5,r0;  mov r9, r9, ror#16;  eor r9, r9, r0,ror#16
- bl gen_rand_sha_nonpres; eors r6,r6,r0;  mov r10,r10,ror#16;  eor r10,r10,r0,ror#16
- bl gen_rand_sha_nonpres; eors r7,r7,r0;  mov r11,r11,ror#16;  eor r11,r11,r0,ror#16
+ bl gen_rand_sha_nonpres; eors r4,r4,r0; movs r1,#0; mov r8, r8, ror#16; eor r8, r8, r0,ror#16   @ Barriers between shares to prevent implicit r4^r8 etc
+ bl gen_rand_sha_nonpres; eors r5,r5,r0; movs r1,#0; mov r9, r9, ror#16; eor r9, r9, r0,ror#16
+ bl gen_rand_sha_nonpres; eors r6,r6,r0; movs r1,#0; mov r10,r10,ror#16; eor r10,r10,r0,ror#16
+ bl gen_rand_sha_nonpres; eors r7,r7,r0; movs r1,#0; mov r11,r11,ror#16; eor r11,r11,r0,ror#16
  ldr r0,=IV0
  stmia r0,{r4-r7}
  adds r0,r0,#20
  stmia r0,{r8-r11}
+@ "Decommission" IV0 so that it doesn't get stacked
+ bl gen_rand_sha_nonpres; movs r4,r0
+ bl gen_rand_sha_nonpres; movs r5,r0
+ bl gen_rand_sha_nonpres; movs r6,r0
+ bl gen_rand_sha_nonpres; movs r7,r0
+ bl gen_rand_sha_nonpres; mov  r8,r0
+ bl gen_rand_sha_nonpres; mov  r9,r0
+ bl gen_rand_sha_nonpres; mov r10,r0
+ bl gen_rand_sha_nonpres; mov r11,r0
  pop {r1,r2}
 @ r1=cipher/plaintext buffer, r2=number of blocks
 

bootloaders/encrypted/enc_bootloader.c

@@ -152,8 +152,8 @@ int main() {
     uint16_t* otp_data = (uint16_t*)OTP_DATA_GUARDED_BASE;
 
     decrypt(
-        (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS &  (OTP_KEY_PAGE * 0x40))]),
-        (uint8_t*)&(otp_data[(OTP_CMD_ROW_BITS &  ((OTP_KEY_PAGE + 1) * 0x40))]),
+        (uint8_t*)&(otp_data[OTP_KEY_PAGE * 0x40]),
+        (uint8_t*)&(otp_data[(OTP_KEY_PAGE + 1) * 0x40]),
         iv, (void*)SRAM_BASE, data_size/16
     );