diff options
author | Nick Sanders <nsanders@chromium.org> | 2017-06-27 17:58:45 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-06 00:21:29 -0700 |
commit | 02045eb040227250689caec9b9401c2cd3861363 (patch) | |
tree | f09e73f9794a6e581c3ae3ff2e5c344dd2dd0b63 /chip | |
parent | 366c36c8f1655c57f4c05d000cb4c000020d10db (diff) | |
download | chrome-ec-02045eb040227250689caec9b9401c2cd3861363.tar.gz |
mn50: add data signing capability
Add a PERSO_AUTH appid to sign data passed through the
AUTH mn50.
Add a signer command to start and generate signatures.
Clean UART init to avoid spurious nonprinting characters
that will contaminate the siugnature.
BUG=b:36910757
BRANCH=None
TEST=generates signature for uart and spi
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Change-Id: I5fc3c4ee34898421060b57b774a09734f6a1bae5
Reviewed-on: https://chromium-review.googlesource.com/670984
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Diffstat (limited to 'chip')
-rw-r--r-- | chip/g/dcrypto/app_key.c | 10 | ||||
-rw-r--r-- | chip/g/dcrypto/dcrypto.h | 1 | ||||
-rw-r--r-- | chip/g/usart.c | 48 | ||||
-rw-r--r-- | chip/g/usb_spi.c | 13 | ||||
-rw-r--r-- | chip/g/usb_spi.h | 2 |
5 files changed, 71 insertions, 3 deletions
diff --git a/chip/g/dcrypto/app_key.c b/chip/g/dcrypto/app_key.c index e2b709f3c0..173bc9d214 100644 --- a/chip/g/dcrypto/app_key.c +++ b/chip/g/dcrypto/app_key.c @@ -49,6 +49,16 @@ const struct { 0xcd375bcd, 0x8065e8cc, 0xc892ed69, 0x72436c7d } }, +#ifdef CONFIG_STREAM_SIGNATURE + { + /* This key signs data from H1's configured by mn50/scribe. */ + "PERSO_AUTH", + { + 0x2019da34, 0xf1a01a13, 0x0fb9f73f, 0xf2e85f76, + 0x5ecb7690, 0x09f732c9, 0xe540bf14, 0xcc46799a + } + }, +#endif }; int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx) diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index 5c643382c6..e964288f84 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -271,6 +271,7 @@ enum dcrypto_appid { U2F_ATTEST = 2, U2F_ORIGIN = 3, U2F_WRAP = 4, + PERSO_AUTH = 5, /* This enum value should not exceed 7. */ }; diff --git a/chip/g/usart.c b/chip/g/usart.c index 3e5493c579..598b4d4ed9 100644 --- a/chip/g/usart.c +++ b/chip/g/usart.c @@ -8,25 +8,63 @@ #include "uartn.h" #include "usart.h" #include "usb-stream.h" +#ifdef CONFIG_STREAM_SIGNATURE +#include "signing.h" +#endif #define USE_UART_INTERRUPTS (!(defined(CONFIG_CUSTOMIZED_RO) && \ defined(SECTION_IS_RO))) #define QUEUE_SIZE 64 + #ifdef CONFIG_STREAM_USART1 struct usb_stream_config const ap_usb; struct usart_config const ap_uart; -static struct queue const ap_uart_to_usb = +#ifdef CONFIG_STREAM_SIGNATURE +/* + * This code adds the ability to capture UART data received, and + * sign it with H1's key. This allows the log output to be verified + * as actual UART output from this board. + * + * This functionality is enabled by redirecting the UART receive queue + * to feed into the signing module rather than the usb tx. After being + * added to the running hash, the data is then pushed by the signer + * into the usb tx queue. + */ +struct signer_config const sig; +static struct queue const ap_uart_output = + QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_uart.producer, sig.consumer); +static struct queue const sig_to_usb = + QUEUE_DIRECT(QUEUE_SIZE, uint8_t, sig.producer, ap_usb.consumer); + +SIGNER_CONFIG(sig, stream_uart, sig_to_usb, ap_uart_output); + +#else /* Not CONFIG_STREAM_SIGNATURE */ +static struct queue const ap_uart_output = QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_uart.producer, ap_usb.consumer); +#endif + static struct queue const ap_usb_to_uart = QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_usb.producer, ap_uart.consumer); +/* + * AP UART data is sent to the ap_uart_output queue, and received from + * the ap_usb_to_uart queue. The ap_uart_output queue is received by the + * USB bridge, or if a signer is enabled, received by the signer, which then + * passes the data to the USB bridge after processing it. + */ USART_CONFIG(ap_uart, UART_AP, - ap_uart_to_usb, + ap_uart_output, ap_usb_to_uart); +/* + * The UART USB bridge receives character data from the UART's queue, + * unless signing is enabled, in which case it receives data from the + * signer's queue, after the signer has received it from the UART and + * processed it. + */ USB_STREAM_CONFIG(ap_usb, USB_IFACE_AP, USB_STR_AP_NAME, @@ -34,8 +72,12 @@ USB_STREAM_CONFIG(ap_usb, USB_MAX_PACKET_SIZE, USB_MAX_PACKET_SIZE, ap_usb_to_uart, - ap_uart_to_usb) +#ifdef CONFIG_STREAM_SIGNATURE + sig_to_usb) +#else + ap_uart_output) #endif +#endif /* CONFIG_STREAM_USART1 */ #ifdef CONFIG_STREAM_USART2 struct usb_stream_config const ec_usb; diff --git a/chip/g/usb_spi.c b/chip/g/usb_spi.c index 34e23bc4c5..a5f6ddd175 100644 --- a/chip/g/usb_spi.c +++ b/chip/g/usb_spi.c @@ -14,6 +14,10 @@ #include "usb_spi.h" #include "util.h" +#ifdef CONFIG_STREAM_SIGNATURE +#include "signing.h" +#endif + #define CPUTS(outstr) cputs(CC_USB, outstr) #define CPRINTS(format, args...) cprints(CC_USB, format, ## args) @@ -40,6 +44,15 @@ static uint16_t usb_spi_read_packet(struct usb_spi_config const *config) static void usb_spi_write_packet(struct usb_spi_config const *config, uint8_t count) { +#ifdef CONFIG_STREAM_SIGNATURE + /* + * This hook allows mn50 to sign SPI data read from newly + * manufactured H1 devieces. The data is added to a running + * hash until a completion message is received. + */ + sig_append(stream_spi, config->buffer, count); +#endif + QUEUE_ADD_UNITS(config->tx_queue, config->buffer, count); } diff --git a/chip/g/usb_spi.h b/chip/g/usb_spi.h index b852310f1e..72364ab469 100644 --- a/chip/g/usb_spi.h +++ b/chip/g/usb_spi.h @@ -70,6 +70,8 @@ enum usb_spi_request { USB_SPI_REQ_RESET = 0x0005, USB_SPI_REQ_BOOT_CFG = 0x0006, USB_SPI_REQ_SOCKET = 0x0007, + USB_SPI_REQ_SIGNING_START = 0x0008, + USB_SPI_REQ_SIGNING_SIGN = 0x0009, }; /* USB SPI device bitmasks */ |