Add support for creating self-decrypting binaries, and use 4-way AES key shares instead of just the AES key

BUILD.bazel

@@ -17,6 +17,20 @@ picotool_binary_data_header(
     out = "xip_ram_perms_elf.h",
 )
 
+# TODO: Make it possible to build the prebuilt from source.
+picotool_binary_data_header(
+    name = "enc_bootloader_elf",
+    src = "//enc_bootloader:enc_bootloader_prebuilt",
+    out = "enc_bootloader_elf.h",
+)
+
+# TODO: Make it possible to build the prebuilt from source.
+picotool_binary_data_header(
+    name = "enc_bootloader_mbedtls_elf",
+    src = "//enc_bootloader:enc_bootloader_mbedtls_prebuilt",
+    out = "enc_bootloader_mbedtls_elf.h",
+)
+
 # TODO: Make it possible to build the prebuilt from source.
 picotool_binary_data_header(
     name = "flash_id_bin",
@@ -26,9 +40,9 @@ picotool_binary_data_header(
 
 cc_library(
     name = "xip_ram_perms",
-    srcs = ["xip_ram_perms.cpp"],
+    srcs = ["get_xip_ram_perms.cpp"],
     hdrs = [
-        "xip_ram_perms.h",
+        "get_xip_ram_perms.h",
         "xip_ram_perms_elf.h",
     ],
     deps = [
@@ -37,6 +51,20 @@ cc_library(
     ],
 )
 
+cc_library(
+    name = "enc_bootloader",
+    srcs = ["get_enc_bootloader.cpp"],
+    hdrs = [
+        "get_enc_bootloader.h",
+        "enc_bootloader_elf.h",
+        "enc_bootloader_mbedtls_elf.h",
+    ],
+    deps = [
+        "//bazel:data_locs",
+        "//lib/whereami",
+    ],
+)
+
 filegroup(
     name = "data_locs_header",
     srcs = ["data_locs.h"],
@@ -61,7 +89,8 @@ cc_binary(
         "otp.cpp",
         "otp.h",
         "rp2350.rom.h",
-        "xip_ram_perms.cpp",
+        "get_xip_ram_perms.cpp",
+        "get_enc_bootloader.cpp",
     ] + select({
         # MSVC can't handle long strings, so use this manually generated
         # header instead.
@@ -97,6 +126,7 @@ cc_binary(
     }),
     deps = [
         ":xip_ram_perms",
+        ":enc_bootloader",
         "//bazel:data_locs",
         "//bintool",
         "//elf",

CMakeLists.txt

@@ -42,7 +42,6 @@ endif()
 
 # todo better install paths for this
 set(DATA_LOCS "./" "${CMAKE_INSTALL_PREFIX}/${INSTALL_DATADIR}/")
-message(${DATA_LOCS})
 string(REGEX REPLACE ";" "\",\"" DATA_LOCS_VEC "${DATA_LOCS}")
 configure_file(data_locs.template.cpp ${CMAKE_CURRENT_BINARY_DIR}/data_locs.cpp)
 
@@ -57,11 +56,53 @@ endif()
 
 list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/cmake)
 
+# To configure mbedtls, without modifying mbedtls CMake files
+set(MBEDTLS_CONFIG_FILE "mbedtls_config.h")
+include_directories(${CMAKE_SOURCE_DIR}/lib/include)
+
+add_subdirectory(lib)
+
+if (NOT DEFINED USE_PRECOMPILED)
+    set(USE_PRECOMPILED true)
+endif()
+
+# compile enc_bootloader.elf
+ExternalProject_Add(enc_bootloader
+        PREFIX enc_bootloader
+        SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/enc_bootloader
+        BINARY_DIR ${CMAKE_BINARY_DIR}/enc_bootloader
+        CMAKE_ARGS 
+            "-DCMAKE_MAKE_PROGRAM:FILEPATH=${CMAKE_MAKE_PROGRAM}"
+            "-DPICO_SDK_PATH:FILEPATH=${PICO_SDK_PATH}"
+            "-DUSE_PRECOMPILED:BOOL=${USE_PRECOMPILED}"
+            "-DUSE_MBEDTLS=0"
+            "-DPICO_DEBUG_INFO_IN_RELEASE=OFF"
+        BUILD_ALWAYS 1 # todo remove this
+        INSTALL_COMMAND ""
+        )
+
+set(ENC_BOOTLOADER_ELF ${CMAKE_BINARY_DIR}/enc_bootloader/enc_bootloader.elf)
+
+if (TARGET mbedtls)
+    ExternalProject_Add(enc_bootloader_mbedtls
+            PREFIX enc_bootloader_mbedtls
+            SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/enc_bootloader
+            BINARY_DIR ${CMAKE_BINARY_DIR}/enc_bootloader_mbedtls
+            CMAKE_ARGS 
+                "-DCMAKE_MAKE_PROGRAM:FILEPATH=${CMAKE_MAKE_PROGRAM}"
+                "-DPICO_SDK_PATH:FILEPATH=${PICO_SDK_PATH}"
+                "-DUSE_PRECOMPILED:BOOL=${USE_PRECOMPILED}"
+                "-DUSE_MBEDTLS=1"
+                "-DPICO_DEBUG_INFO_IN_RELEASE=OFF"
+            BUILD_ALWAYS 1 # todo remove this
+            INSTALL_COMMAND ""
+            )
+
+    set(ENC_BOOTLOADER_MBEDTLS_ELF ${CMAKE_BINARY_DIR}/enc_bootloader_mbedtls/enc_bootloader.elf)
+endif()
+
 if (NOT PICOTOOL_NO_LIBUSB)
     # compile xip_ram_perms.elf
-    if (NOT DEFINED USE_PRECOMPILED)
-        set(USE_PRECOMPILED true)
-    endif()
     ExternalProject_Add(xip_ram_perms
             PREFIX xip_ram_perms
             SOURCE_DIR ${CMAKE_CURRENT_LIST_DIR}/xip_ram_perms
@@ -76,14 +117,6 @@ if (NOT PICOTOOL_NO_LIBUSB)
             )
 
     set(XIP_RAM_PERMS_ELF ${CMAKE_BINARY_DIR}/xip_ram_perms/xip_ram_perms.elf)
-    add_executable(xip_ram_perms_elf IMPORTED)
-    add_dependencies(xip_ram_perms_elf xip_ram_perms)
-    set_property(TARGET xip_ram_perms_elf PROPERTY IMPORTED_LOCATION ${XIP_RAM_PERMS_ELF})
-    # copy xip_ram_perms.elf into build directory
-    add_custom_command(TARGET xip_ram_perms
-        COMMAND ${CMAKE_COMMAND} -E copy ${XIP_RAM_PERMS_ELF} ${CMAKE_BINARY_DIR}/xip_ram_perms.elf
-        DEPENDS xip_ram_perms
-    )
 
     # compile flash_id
     ExternalProject_Add(flash_id
@@ -100,14 +133,6 @@ if (NOT PICOTOOL_NO_LIBUSB)
             )
 
     set(FLASH_ID_BIN ${CMAKE_BINARY_DIR}/picoboot_flash_id/flash_id.bin)
-    add_executable(flash_id_bin IMPORTED)
-    add_dependencies(flash_id_bin flash_id)
-    set_property(TARGET flash_id_bin PROPERTY IMPORTED_LOCATION ${FLASH_ID_BIN})
-    # copy flash_id.bin into build directory
-    add_custom_command(TARGET flash_id
-        COMMAND ${CMAKE_COMMAND} -E copy ${FLASH_ID_BIN} ${CMAKE_BINARY_DIR}/flash_id.bin
-        DEPENDS flash_id
-    )
 
     # We want to generate headers from WELCOME.HTM etc.
     ExternalProject_Add(otp_header_parser
@@ -169,7 +194,16 @@ if (NOT PICOTOOL_NO_LIBUSB)
     endif()
 endif()
 
-add_custom_target(binary_data DEPENDS
+if (TARGET mbedtls)
+    add_custom_target(embedded_data_no_libusb DEPENDS
+            ${CMAKE_CURRENT_BINARY_DIR}/enc_bootloader_elf.h
+            ${CMAKE_CURRENT_BINARY_DIR}/enc_bootloader_mbedtls_elf.h)
+else()
+    add_custom_target(embedded_data_no_libusb DEPENDS
+            ${CMAKE_CURRENT_BINARY_DIR}/enc_bootloader_elf.h)
+endif()
+
+add_custom_target(embedded_data DEPENDS
         ${CMAKE_CURRENT_BINARY_DIR}/rp2350.rom.h
         ${CMAKE_CURRENT_BINARY_DIR}/xip_ram_perms_elf.h
         ${CMAKE_CURRENT_BINARY_DIR}/flash_id_bin.h)
@@ -188,6 +222,22 @@ add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/xip_ram_perms_elf.h
         DEPENDS xip_ram_perms
         COMMENT "Configuring xip_ram_perms_elf.h"
         VERBATIM)
+add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/enc_bootloader_elf.h
+        COMMAND ${CMAKE_COMMAND}
+            -D BINARY_FILE=${ENC_BOOTLOADER_ELF}
+            -D OUTPUT_NAME=enc_bootloader_elf
+            -P ${CMAKE_CURRENT_LIST_DIR}/cmake/binh.cmake
+        DEPENDS enc_bootloader
+        COMMENT "Configuring enc_bootloader_elf.h"
+        VERBATIM)
+add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/enc_bootloader_mbedtls_elf.h
+        COMMAND ${CMAKE_COMMAND}
+            -D BINARY_FILE=${ENC_BOOTLOADER_MBEDTLS_ELF}
+            -D OUTPUT_NAME=enc_bootloader_mbedtls_elf
+            -P ${CMAKE_CURRENT_LIST_DIR}/cmake/binh.cmake
+        DEPENDS enc_bootloader_mbedtls
+        COMMENT "Configuring enc_bootloader_mbedtls_elf.h"
+        VERBATIM)
 add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/flash_id_bin.h
         COMMAND ${CMAKE_COMMAND}
             -D BINARY_FILE=${FLASH_ID_BIN}
@@ -203,13 +253,6 @@ add_subdirectory(picoboot_connection)
 add_subdirectory(elf)
 add_subdirectory(elf2uf2)
 
-# To configure mbedtls
-# todo make the configuration better
-set(MBEDTLS_CONFIG_FILE "mbedtls_config.h")
-add_compile_options(-I${CMAKE_SOURCE_DIR}/lib/include)
-
-add_subdirectory(lib)
-
 add_subdirectory(bintool)
 
 if (NOT PICOTOOL_NO_LIBUSB)
@@ -233,11 +276,13 @@ target_include_directories(regs_headers INTERFACE ${PICO_SDK_PATH}/src/rp2350/ha
 # Main picotool executable
 add_executable(picotool
     data_locs.cpp
+    get_enc_bootloader.cpp
     ${OTP_EXE}
     main.cpp)
+add_dependencies(picotool embedded_data_no_libusb)
 if (NOT PICOTOOL_NO_LIBUSB)
-    target_sources(picotool PRIVATE xip_ram_perms.cpp)
-    add_dependencies(picotool generate_otp_header xip_ram_perms_elf binary_data)
+    target_sources(picotool PRIVATE get_xip_ram_perms.cpp)
+    add_dependencies(picotool generate_otp_header embedded_data)
 endif()
 set(PROJECT_VERSION 2.1.2-develop)
 set(PICOTOOL_VERSION 2.1.2-develop)
@@ -328,6 +373,21 @@ install(FILES
     DESTINATION ${INSTALL_CONFIGDIR}
 )
 
+#Install enc_bootloader.elf
+install(FILES
+    ${ENC_BOOTLOADER_ELF}
+    DESTINATION ${INSTALL_DATADIR}
+)
+
+if (TARGET mbedtls)
+    #Install enc_bootloader_mbedtls.elf
+    install(FILES
+        ${ENC_BOOTLOADER_MBEDTLS_ELF}
+        DESTINATION ${INSTALL_DATADIR}
+        RENAME enc_bootloader_mbedtls.elf
+    )
+endif()
+
 if (NOT PICOTOOL_NO_LIBUSB)
     if (NOT PICOTOOL_CODE_OTP)
         #Install the otp json

README.md

@@ -668,7 +668,7 @@ OPTIONS:
 
 ## encrypt
 
-`encrypt` allows you to encrypt and sign a binary for use on the RP2350. By default, it will sign the encrypted binary, but that can be configured similarly to `picotool sign`.
+`encrypt` allows you to encrypt and sign a binary for use on the RP2350. By default, it will sign the encrypted binary, but that can be configured similarly to `picotool sign`. You can either provide your own bootloader to decrypt the binary (see pico-examples/bootloaders/encrypted), or embed a decrypting bootloader into the binary with the `--embed` argument, to create a self-decrypting binary.
 
 The encrypted binary will have the following structure:
 
@@ -678,22 +678,46 @@ The encrypted binary will have the following structure:
 - Padding to ensure the encrypted length is a multiple of 4 words
 - Signature metadata block
 
-The AES key must be provided as a .bin file of the 256 bit AES key to be used for encryption.
+The AES key can either be provided as a 1024-bit (128 byte) 4-way key share or as a 256-bit (32 byte) AES key. In the latter case, a key share will be generated for you.
+
+The 4-way key share should be generated by creating a random .bin file of length 128 bytes and the AES key will be derived from that. With the words stored in the file as A[0], B[0], C[0], D[0], A[1], B[1], etc., C[7], D[7], word i of the key X is X[i] = A[i] ^ B[i] ^ C[i] ^ D[i].
+
+Alternatively an AES key can be provided directly, as either a 32 byte .bin file or as a string of 64 hexadecimal characters (eg 0x0123456789abcdeffedcba98765432100123456789abcdeffedcba9876543210). Picotool will generate a random key share for that key, by generating 3 random shares (A, B & C) and calculating a 4th share (D) to match the provided key (X), with each word i of the 4th share calculated as D[i] = X[i] ^ A[i] ^ B[i] ^ C[i].
+
+The encryption/decryption code also salts the IV (initialisation vector) so it's not stored in plaintext in the binary. This requires a per-device IV salt in OTP, which should be a 128-bit (16 byte) random value - this can be provided as either a 16 byte .bin file, or a string of 32 hexadecimal characters, similar to the AES key. This per-device salt will be XORed with the IV stored in the binary, to give the IV used by the decryption code.
 
 ```text
 $ picotool help encrypt
 ENCRYPT:
     Encrypt the program.
 
 SYNOPSIS:
-    picotool encrypt [--quiet] [--verbose] [--hash] [--sign] <infile> [-t <type>] [-o <offset>] <outfile> [-t <type>] <aes_key> [-t <type>]
-                [<signing_key>] [-t <type>]
+    picotool encrypt [--quiet] [--verbose] [--embed] [--fast-rosc] [--use-mbedtls] [--otp-key-page <page>] [--hash] [--sign] <infile>
+                [-t <type>] [-o <offset>] <outfile> [-t <type>] <aes_key> <iv_otp> <signing_key> <otp>
 
 OPTIONS:
         --quiet
             Don't print any output
         --verbose
             Print verbose output
+        --embed
+            Embed bootloader in output file
+        --fast-rosc
+            Use ~180MHz ROSC configuration for embedded bootloader
+        --use-mbedtls
+            Use MbedTLS implementation of embedded bootloader
+        --otp-key-page
+            Specify the OTP page storing the AES key (IV salt is stored on the next page)
+        <page>
+            OTP page (default 30)
+        <aes_key>
+            AES Key Share or AES Key
+        <iv_otp>
+            IV OTP Salt
+        <signing_key>
+            Signing Key file
+        <otp>
+            File to save OTP to (will edit existing file if it exists)
     Signing Configuration
         --hash
             Hash the encrypted file
@@ -714,16 +738,6 @@ OPTIONS:
             The file name
         -t <type>
             Specify file type (uf2 | elf | bin) explicitly, ignoring file extension
-    AES Key
-        <aes_key>
-            The file name
-        -t <type>
-            Specify file type (bin) explicitly, ignoring file extension
-    Signing Key file
-        <signing_key>
-            The file name
-        -t <type>
-            Specify file type (pem) explicitly, ignoring file extension
 ```
 
 ## partition