securechip: add initial Optiga implementation #1341
Conversation
benma
force-pushed
the
optiga
branch
4 times, most recently
from
5fb80cd to
8fcc0b9
Compare
benma
force-pushed
the
optiga
branch
6 times, most recently
from
18c858a to
100a9da
Compare
benma
force-pushed
the
optiga
branch
2 times, most recently
from
b2058f6 to
793f88e
Compare
|
You have two spelling mistakes in the commit message: "An KDF" and "reundnant". |
benma
force-pushed
the
optiga
branch
2 times, most recently
from
ee352dc to
0017ef2
Compare
Thx, fixed. |
| // Factory setup will be performed in the normal firmware, which makes it easier to tinker with the | ||
| // chip setup and config. | ||
| // Must be 0 for the production firmware releases. | ||
| #define FACTORY_DURING_PROD 0 |
There was a problem hiding this comment.
Should this be a cmake option, i.e. cd build; cmake .. -DFACTORY_DURING_PROD=1? So that you don't have to change a file and risk committing it?
There was a problem hiding this comment.
Doesn't that just shift the risk of committing it in the Makefile? The cmake option seems involved, as then I'd need to turn it into a compile definition too.
What about just removing the variable once the config is final?
There was a problem hiding this comment.
I wouldn't have a shortcut in the Makefile. You would have to manually type the cmake command to set up such a project. Or you could have a new shortcut like make firmware-with-factory-setup.
You can just remove it. I can flash the factor-setup instead.
There was a problem hiding this comment.
Okay - I'll keep a local patch to use it for my own development then, unless you think it's okay to keep this until the config is final and remove it then.
src/optiga/optiga.c
Outdated
| // not present. | ||
| static bool _read_lcso(const uint8_t* metadata, size_t metadata_len, uint8_t* lcso_out) | ||
| { | ||
| uint8_t tag_data[100] = {0}; |
There was a problem hiding this comment.
Why is this buffer 100 bytes long when LCSO is 1 byte?
There was a problem hiding this comment.
My initial reaction was because we can't guarantee the chip or the library will not return more, so it would be UB. Then I realized the same is true for 100, so I now actually pass the input data length and do a size check before writing to the buffer. See the diff.
| bool optiga_gen_attestation_key(uint8_t* pubkey_out) | ||
| { | ||
| ABORT_IF_NULL(_crypt); | ||
| optiga_key_id_t slot = OPTIGA_KEY_ID_E0F1; |
There was a problem hiding this comment.
should this define be OID_ATTESTATION?
There was a problem hiding this comment.
I thought it would be proper to use the enum optiga_key_id_t as defined:
Then it's clear we are not passing in something invalid.
| uint8_t sig_der[70] = {0}; | ||
| uint16_t sig_der_size = sizeof(sig_der); | ||
| optiga_lib_status_t res = _optiga_crypt_ecdsa_sign_sync( | ||
| _crypt, challenge, 32, OPTIGA_KEY_ID_E0F1, sig_der, &sig_der_size); |
There was a problem hiding this comment.
same here, should this be OID_ATTESTATION?
benma
force-pushed
the
optiga
branch
3 times, most recently
from
e5bfb97 to
0d8a0e3
Compare
This commit implements the securechip.h interface for the Optiga Trust M V3, with an interface and configuration roughly corresponding to how we use the ATECC608 secure chip: - A KDF key that is internally generated and cannot be read and written from the host MCU - A KDF key that is generated on the host - A monotonic counter attached to the first KDF key which limits the maxmium number of uses of the key over the lifetime of the device - Attestation key that is internally generated and used to sign attestation challenges The factory setup configures the metadata of each object we use, setting the state to Operational. After this, metadata cannot be changed, and the access conditions apply as specified. Shielded communication encrypts the communication with the chip and is active and enforced through the metadata access configs. It roughly corresponds to IO protection in the ATECC608. In the ATECC608, we additionally authorize each command with the authorization_key, another pre-shared secret. The Optiga offers the same functionality, but we don't use it to authorize all commands, as it is redundant to using the shielded communication in terms of enabling the host MCU to execute commands. Co-Authored-By: Niklas <[email protected]>
To disable interrupts when processing Optiga commands.
This commit implements the securechip.h interface for the Optiga Trust M V3, with an interface and configuration roughly corresponding to how we use the ATECC608 secure chip:
The factory setup configures the metadata of each object we use, setting the state to Operational. After this, metadata cannot be changed, and the access conditions apply as specified.
Shielded communication encrypts the communication with the chip and is active and enforced through the metadata access configs. It roughly corresponds to IO protection in the ATECC608.
In the ATECC608, we additionally authorize each command with the authorization_key, another pre-shared secret. The Optiga offers the same functionality, but we don't use it to authorize all commands, as it is redundant to using the shielded communication in terms of enabling the host MCU to execute commands.