Skip to content

Commit

Permalink
Add cmake script to update otp.json from privateaes.bin (#536)
Browse files Browse the repository at this point in the history
  • Loading branch information
@will-v-pi
will-v-pi authored Oct 1, 2024
1 parent 9021fdd commit da4e50d
Show file tree
Hide file tree
Showing 3 changed files with 79 additions and 78 deletions.
12 changes: 11 additions & 1 deletion bootloaders/encrypted/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,17 @@ add_executable(enc_bootloader
aes.S
)

# Add command to update otp.json if privateaes.bin changes
add_custom_command(OUTPUT ${CMAKE_CURRENT_LIST_DIR}/otp.json
COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_LIST_DIR}/update-key.cmake"
DEPENDS ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin)
# Copy that otp.json file to build directory
add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json"
DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json)
add_custom_target(otp_json DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/otp.json)
add_dependencies(enc_bootloader otp_json)

# pull in common dependencies
target_link_libraries(enc_bootloader pico_stdlib pico_rand)

Expand Down Expand Up @@ -39,7 +50,6 @@ endfunction()
add_linker_script(enc_bootloader "0x20070000" "64k")

# configure otp output
configure_file(${CMAKE_CURRENT_LIST_DIR}/otp.json ${CMAKE_CURRENT_BINARY_DIR}/otp.json COPYONLY)
pico_set_otp_key_output_file(enc_bootloader ${CMAKE_CURRENT_BINARY_DIR}/otp.json)

# sign, hash, and clear SRAM
Expand Down
122 changes: 45 additions & 77 deletions bootloaders/encrypted/otp.json
View file
Original file line number Diff line number Diff line change
@@ -1,78 +1,46 @@
{
"30:0": {
"ecc": true,
"value": [
"0x00",
"0x01",
"0x02",
"0x03",
"0x04",
"0x05",
"0x06",
"0x07",
"0x08",
"0x09",
"0x0a",
"0x0b",
"0x0c",
"0x0d",
"0x0e",
"0x0f",
"0x00",
"0x10",
"0x20",
"0x30",
"0x40",
"0x50",
"0x60",
"0x70",
"0x80",
"0x90",
"0xA0",
"0xB0",
"0xC0",
"0xD0",
"0xE0",
"0xF0"
]
},
"OTP_DATA_KEY1": [
0,
0,
1,
1,
2,
2,
3,
3,
4,
4,
5,
5,
6,
6,
7,
7
],
"OTP_DATA_KEY1_VALID": "0x010101",
"OTP_DATA_KEY2": [
7,
7,
6,
6,
5,
5,
4,
4,
3,
3,
2,
2,
1,
1,
0,
0
],
"OTP_DATA_KEY2_VALID": "0x010101",
"PAGE30_LOCK0": "0x4a4a4a"
}
"30:0" :
{
"ecc" : true,
"value" :
[
"0x00",
"0x01",
"0x02",
"0x03",
"0x04",
"0x05",
"0x06",
"0x07",
"0x08",
"0x09",
"0x0a",
"0x0b",
"0x0c",
"0x0d",
"0x0e",
"0x0f",
"0x00",
"0x10",
"0x20",
"0x30",
"0x40",
"0x50",
"0x60",
"0x70",
"0x80",
"0x90",
"0xa0",
"0xb0",
"0xc0",
"0xd0",
"0xe0",
"0xf0"
]
},
"OTP_DATA_KEY1" : [ 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7 ],
"OTP_DATA_KEY1_VALID" : "0x010101",
"OTP_DATA_KEY2" : [ 7, 7, 6, 6, 5, 5, 4, 4, 3, 3, 2, 2, 1, 1, 0, 0 ],
"OTP_DATA_KEY2_VALID" : "0x010101",
"PAGE30_LOCK0" : "0x4a4a4a"
}
23 changes: 23 additions & 0 deletions bootloaders/encrypted/update-key.cmake
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
if (CMAKE_VERSION VERSION_LESS 3.19)
# Check if keyfile is not the default, and print warning
file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX)
if (NOT ${key_file} STREQUAL "000102030405060708090a0b0c0d0e0f00102030405060708090a0b0c0d0e0f0")
message(WARNING
"Encrypted bootloader AES key not updated in otp.json file, as CMake version is < 3.19"
" - you will need to change the key in otp.json manually and re-run the build"
)
endif()
else()
# Read the JSON file.
file(READ ${CMAKE_CURRENT_LIST_DIR}/otp.json json_string)
# Read the key file
file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX)

# adds '0x' prefix, comma suffix, and quotes for every byte
string(REGEX REPLACE "([0-9a-f][0-9a-f])" "\"0x\\1\", " key_file ${key_file})
set(key_file_json "[${key_file}]")

string(JSON json_string SET ${json_string} "30:0" "value" ${key_file_json})

file(WRITE ${CMAKE_CURRENT_LIST_DIR}/otp.json ${json_string})
endif()

0 comments on commit da4e50d

Please sign in to comment.