From c61479bbd82bc33c159d09958d79d633755f8735 Mon Sep 17 00:00:00 2001 From: Allen Webb Date: Wed, 31 Jan 2018 11:21:20 -0800 Subject: Cr50: Added Pinweaver base implementation. This adds some of the ground work for hardware backed brute force resistance on Cr50. The feature is called Pinweaver. It will initially be used to enable PIN authentication on CrOS devices without reducing the security of the platform. A Merkle tree is used to validate encrypted metadata used to track login attempts. The metadata tracks counts of failed attempts, a timestamp of the last failed attempt, the secrets, and any associated parameters. Instead of storing the metadata on Cr50 an AES-CTR is used with an HMAC to encrypt the data so it can be stored off-chip and loaded when needed. The Merkle tree is used to track the current state of all the metadata to prevent replay attacks of previously exported copies. It is a tree of hashes whose root hash is stored on Cr50, and whose leaves are the HMACs of the encrypted metadata. BRANCH=none BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747 TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124 Signed-off-by: Allen Webb Reviewed-on: https://chromium-review.googlesource.com/895395 Reviewed-by: Vadim Bendebury --- test/build.mk | 2 ++ 1 file changed, 2 insertions(+) (limited to 'test/build.mk') diff --git a/test/build.mk b/test/build.mk index 2bcd163655..449c0773a1 100644 --- a/test/build.mk +++ b/test/build.mk @@ -59,6 +59,7 @@ test-list-host += mutex test-list-host += nvmem test-list-host += nvmem_vars test-list-host += pingpong +test-list-host += pinweaver test-list-host += power_button test-list-host += queue test-list-host += rma_auth @@ -111,6 +112,7 @@ mutex-y=mutex.o nvmem-y=nvmem.o nvmem_vars-y=nvmem_vars.o pingpong-y=pingpong.o +pinweaver-y=pinweaver.o power_button-y=power_button.o powerdemo-y=powerdemo.o queue-y=queue.o -- cgit v1.2.1