diff options
| -rw-r--r-- | README.md | 20 | ||||
| -rw-r--r-- | firmware/.gitignore (renamed from .gitignore) | 0 | ||||
| -rw-r--r-- | firmware/.gitmodules (renamed from .gitmodules) | 0 | ||||
| -rw-r--r-- | firmware/Makefile (renamed from Makefile) | 0 | ||||
| -rw-r--r-- | firmware/README.md | 19 | ||||
| -rwxr-xr-x | firmware/build-package.py (renamed from build-package.py) | 0 | ||||
| m--------- | firmware/core/cipher/aes (renamed from core/cipher/aes) | 0 | ||||
| m--------- | firmware/core/cipher/chacha (renamed from core/cipher/chacha) | 0 | ||||
| m--------- | firmware/core/comm/fmc (renamed from core/comm/fmc) | 0 | ||||
| m--------- | firmware/core/comm/uart (renamed from core/comm/uart) | 0 | ||||
| m--------- | firmware/core/hash/sha1 (renamed from core/hash/sha1) | 0 | ||||
| m--------- | firmware/core/hash/sha256 (renamed from core/hash/sha256) | 0 | ||||
| m--------- | firmware/core/hash/sha512 (renamed from core/hash/sha512) | 0 | ||||
| m--------- | firmware/core/math/modexpa7 (renamed from core/math/modexpa7) | 0 | ||||
| m--------- | firmware/core/platform/alpha (renamed from core/platform/alpha) | 0 | ||||
| m--------- | firmware/core/rng/avalanche_entropy (renamed from core/rng/avalanche_entropy) | 0 | ||||
| m--------- | firmware/core/rng/rosc_entropy (renamed from core/rng/rosc_entropy) | 0 | ||||
| m--------- | firmware/core/rng/trng (renamed from core/rng/trng) | 0 | ||||
| m--------- | firmware/core/rng/vndecorrelator (renamed from core/rng/vndecorrelator) | 0 | ||||
| m--------- | firmware/core/util/mkmif (renamed from core/util/mkmif) | 0 | ||||
| m--------- | firmware/sw/libhal (renamed from sw/libhal) | 0 | ||||
| m--------- | firmware/sw/stm32 (renamed from sw/stm32) | 0 | ||||
| m--------- | firmware/sw/thirdparty/libtfm (renamed from sw/thirdparty/libtfm) | 0 | ||||
| m--------- | firmware/user/ft/libcli (renamed from user/ft/libcli) | 0 | ||||
| -rw-r--r-- | software/.gitmodules | 9 | ||||
| -rw-r--r-- | software/Makefile | 64 | ||||
| -rw-r--r-- | software/README.md | 31 | ||||
| -rw-r--r-- | software/reprepro-conf/distributions | 7 | ||||
| -rw-r--r-- | software/reprepro-conf/options | 4 | ||||
| -rw-r--r-- | software/source/Makefile | 19 | ||||
| -rw-r--r-- | software/source/debian/compat | 1 | ||||
| -rw-r--r-- | software/source/debian/control | 14 | ||||
| -rw-r--r-- | software/source/debian/copyright | 27 | ||||
| -rwxr-xr-x | software/source/debian/rules | 4 | ||||
| -rw-r--r-- | software/source/debian/source/format | 1 | ||||
| m--------- | software/source/sw/libhal | 0 | ||||
| m--------- | software/source/sw/pkcs11 | 0 | ||||
| m--------- | software/source/sw/thirdparty/libtfm | 0 |
38 files changed, 201 insertions, 19 deletions
@@ -1,19 +1 @@ -Preliminary release engineering super-repository for building firmware -for the Cryptech "Alpha" board. - -Primary tasks here are to build a bitstream for the FPGA and the -"bootstrap" and "hsm" images for the Alpha's CPU. - -Eventually there will be a lot of packaging and versioning glorp here, -but let's start with basic build and clean targets. - -Current repository structure is, um, complicated. On the RTL side, we -have a tree of simple subrepositories, each representing one RTL core. - -On the software side, we have a subrepository which has several -subrepositories of its own: current thinking is that this should -probably be replaced by separate repositories and Makefile VPATH -magic, but this is what we have today so it's what we build with -today. - -This README is probably obsolete by the time you're reading it. +Unified release engineering stuff for Cryptech Alpha. diff --git a/.gitignore b/firmware/.gitignore index f1a0492..f1a0492 100644 --- a/.gitignore +++ b/firmware/.gitignore diff --git a/.gitmodules b/firmware/.gitmodules index 77a2f38..77a2f38 100644 --- a/.gitmodules +++ b/firmware/.gitmodules diff --git a/Makefile b/firmware/Makefile index fc98e1d..fc98e1d 100644 --- a/Makefile +++ b/firmware/Makefile diff --git a/firmware/README.md b/firmware/README.md new file mode 100644 index 0000000..ebf4015 --- /dev/null +++ b/firmware/README.md @@ -0,0 +1,19 @@ +Preliminary release engineering super-repository for building firmware +for the Cryptech "Alpha" board. + +Primary tasks here are to build a bitstream for the FPGA and the +"bootstrap" and "hsm" images for the Alpha's CPU. + +Eventually there will be a lot of packaging and versioning glorp here, +but let's start with basic build and clean targets. + +Current repository structure is, um, complicated. On the RTL side, we +have a tree of simple subrepositories, each representing one RTL core. + +On the software side, we have a subrepository which has several +subrepositories of its own: current thinking is that this should +probably be replaced by separate repositories and Makefile VPATH +magic, but this is what we have today so it's what we build with +today. + +This README is probably obsolete by the time you're reading it. diff --git a/build-package.py b/firmware/build-package.py index 0df116b..0df116b 100755 --- a/build-package.py +++ b/firmware/build-package.py diff --git a/core/cipher/aes b/firmware/core/cipher/aes -Subproject 915759285c179cf99be3c17ad401c79e4b8be05 +Subproject 915759285c179cf99be3c17ad401c79e4b8be05 diff --git a/core/cipher/chacha b/firmware/core/cipher/chacha -Subproject 549b75a635817ce263c368c9b8b5b0b07f90ec2 +Subproject 549b75a635817ce263c368c9b8b5b0b07f90ec2 diff --git a/core/comm/fmc b/firmware/core/comm/fmc -Subproject 61c16de8beb8deaadd2ffedfabfb3ce96e8699f +Subproject 61c16de8beb8deaadd2ffedfabfb3ce96e8699f diff --git a/core/comm/uart b/firmware/core/comm/uart -Subproject 0d3acd1815da8fcbd2b30f4fe1ff514f87b2522 +Subproject 0d3acd1815da8fcbd2b30f4fe1ff514f87b2522 diff --git a/core/hash/sha1 b/firmware/core/hash/sha1 -Subproject ae915a1ed47a807ec880c2f18053e4f8eda6bd9 +Subproject ae915a1ed47a807ec880c2f18053e4f8eda6bd9 diff --git a/core/hash/sha256 b/firmware/core/hash/sha256 -Subproject c894f78a95a01351f277c3d36bcf6dced08798e +Subproject c894f78a95a01351f277c3d36bcf6dced08798e diff --git a/core/hash/sha512 b/firmware/core/hash/sha512 -Subproject 88e0d83768004b6bab2d83edf7eae2841678b51 +Subproject 88e0d83768004b6bab2d83edf7eae2841678b51 diff --git a/core/math/modexpa7 b/firmware/core/math/modexpa7 -Subproject 4612bc24a8b43c14580d6be06542b1fa9a6e615 +Subproject 4612bc24a8b43c14580d6be06542b1fa9a6e615 diff --git a/core/platform/alpha b/firmware/core/platform/alpha -Subproject fc8be8024560bb77221758b0351c3de7b4ea6e9 +Subproject fc8be8024560bb77221758b0351c3de7b4ea6e9 diff --git a/core/rng/avalanche_entropy b/firmware/core/rng/avalanche_entropy -Subproject 5742813ab43fec9fa90d970f086f1e266875b8f +Subproject 5742813ab43fec9fa90d970f086f1e266875b8f diff --git a/core/rng/rosc_entropy b/firmware/core/rng/rosc_entropy -Subproject 48e3c117ae6944775010031b1691446220944b6 +Subproject 48e3c117ae6944775010031b1691446220944b6 diff --git a/core/rng/trng b/firmware/core/rng/trng -Subproject 953909d18796c1caea35263eb902b1dd7021d92 +Subproject 953909d18796c1caea35263eb902b1dd7021d92 diff --git a/core/rng/vndecorrelator b/firmware/core/rng/vndecorrelator -Subproject 49e388c3dadcaabe1e4e66a37fcd52b2f125c1d +Subproject 49e388c3dadcaabe1e4e66a37fcd52b2f125c1d diff --git a/core/util/mkmif b/firmware/core/util/mkmif -Subproject fd1dd73410ba6ca3d082ff61e4b39d6e8c2de35 +Subproject fd1dd73410ba6ca3d082ff61e4b39d6e8c2de35 diff --git a/sw/libhal b/firmware/sw/libhal -Subproject 709a71c0030225ba08cddf5227a1c67c2dbb417 +Subproject 709a71c0030225ba08cddf5227a1c67c2dbb417 diff --git a/sw/stm32 b/firmware/sw/stm32 -Subproject 0d25f920c9024a3a6f994b8f17b9b28ffa6e093 +Subproject 0d25f920c9024a3a6f994b8f17b9b28ffa6e093 diff --git a/sw/thirdparty/libtfm b/firmware/sw/thirdparty/libtfm -Subproject 269fc4e58f616a2cf1c318f494ec18a52991da8 +Subproject 269fc4e58f616a2cf1c318f494ec18a52991da8 diff --git a/user/ft/libcli b/firmware/user/ft/libcli -Subproject 54c6b8649b1a13e69a908c96e8d4d19cf8d7284 +Subproject 54c6b8649b1a13e69a908c96e8d4d19cf8d7284 diff --git a/software/.gitmodules b/software/.gitmodules new file mode 100644 index 0000000..a464eb3 --- /dev/null +++ b/software/.gitmodules @@ -0,0 +1,9 @@ +[submodule "source/sw/libhal"] + path = source/sw/libhal + url = https://git.cryptech.is/sw/libhal.git +[submodule "source/sw/pkcs11"] + path = source/sw/pkcs11 + url = https://git.cryptech.is/sw/pkcs11.git +[submodule "source/sw/thirdparty/libtfm"] + path = source/sw/thirdparty/libtfm + url = https://git.cryptech.is/sw/thirdparty/libtfm.git diff --git a/software/Makefile b/software/Makefile new file mode 100644 index 0000000..787fea4 --- /dev/null +++ b/software/Makefile @@ -0,0 +1,64 @@ +# Top-level build of software packages to work with Cryptech Alpha board. + +export CRYPTECH_VERSION := 2.0 + +HEAD_TIME := $(shell git show -s --format=%ct HEAD) +HEAD_HASH := $(shell git rev-parse HEAD) + +PACKAGE_NAME := cryptech-alpha +PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} + +export GNUPGHOME := /home/aptbot/gnupg + +REPO_BASE := /home/aptbot/alpha +REPO_UMASK := 002 + +PBUILDER_BASE := ${HOME}/pbuilder +PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64 + +REPO_UPLOAD_USER := aptbot +REPO_UPLOAD_URI := rsync://apt.cryptech.is/alpha/ + +# Command to generate a new changelog containing one entry. +# Does nothing if the changelog already exists. + +DCH = test -f debian/changelog || \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \ + dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \ + '$(strip Version ${CRYPTECH_VERSION} of software for Cryptech Alpha development board.)' + +all: init source pbuilder homebrew + +enchilada: all upload + +init: + git submodule update --init --recursive + +clean: + git clean -dfx + git submodule foreach --recursive git clean -dfx + +sandblast: clean + git submodule deinit -f . + +source: + cd source; ${DCH} + cd source; debuild -S -uc -us + +pbuilder: + rm -f ${PBUILDER_BASE}/*result/* + umask ${REPO_UMASK}; \ + for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \ + while read dist code arch; do \ + reprepro -b ${REPO_BASE}/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \ + pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \ + reprepro -b ${REPO_BASE}/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \ + done + +RSYNC := rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes + +upload: + ${RSYNC} --ignore-existing ${REPO_BASE}/ ${REPO_UPLOAD_URI} + ${RSYNC} --delete --delete-delay ${REPO_BASE}/ ${REPO_UPLOAD_URI} + +.PHONY: all init clean source pbuilder homebrew upload enchilada sandblast diff --git a/software/README.md b/software/README.md new file mode 100644 index 0000000..15c1006 --- /dev/null +++ b/software/README.md @@ -0,0 +1,31 @@ +Preliminary release engineering super-repository for building software +to work with the Cryptech "Alpha" board. + +Primary task here is to build the PKCS #11 library and any needed +support tools for whichever platforms we support. This will involve +some packaging voodoo. + +Our first targets for this are Debian and Ubuntu, probably the Jessie +and Xenial releases, respectively. If we really need to support +multiple releases for each of these platforms, the packaging mechanics +become more complicated, so we may just stop here for these platforms +and assume we can fill any odd corners using the associated source +package. + +Our next target for this is likely to be Mac OS X. This should be +relatively straightforward so long as we only have to support Homebrew +and we don't have to produce Homebrew "bottles" (binary packages). If +we do need to bottle, we either need one or more Mac build machines or +we need some kind of cross-compilation scheme (eg, +https://github.com/tpoechtrager/osxcross). + +Supporting Homebrew at all requires a bit of extra voodoo on top of +supporting Debian packaging, but none of it looks particularly +difficult, and the Debian packaging will produce the source tarball we +need for the Homebrew formula, so integrating production of these two +kinds of packaging makes some sense. + +Windoze is not currently on the radar. In theory, MinGW would suffice +as a cross compiler if and when we have to do something about it. + +This README is probably obsolete by the time you're reading it. diff --git a/software/reprepro-conf/distributions b/software/reprepro-conf/distributions new file mode 100644 index 0000000..57c1afc --- /dev/null +++ b/software/reprepro-conf/distributions @@ -0,0 +1,7 @@ +Origin: cryptech.is +Label: cryptech.is APT repository +Codename: jessie +Architectures: i386 amd64 source +Components: main +Description: cryptech.is APT Repository +SignWith: yes diff --git a/software/reprepro-conf/options b/software/reprepro-conf/options new file mode 100644 index 0000000..f5ad660 --- /dev/null +++ b/software/reprepro-conf/options @@ -0,0 +1,4 @@ +verbose +ask-passphrase +basedir . +ignore wrongdistribution diff --git a/software/source/Makefile b/software/source/Makefile new file mode 100644 index 0000000..e2fdb1b --- /dev/null +++ b/software/source/Makefile @@ -0,0 +1,19 @@ +# Makefile to build Debian package for Cryptech Alpha board software + +all: + cd sw/thirdparty/libtfm; ${MAKE} + cd sw/libhal; ${MAKE} daemon + cd sw/pkcs11; ${MAKE} + +clean distclean: + cd sw/thirdparty/libtfm; ${MAKE} $@ + cd sw/libhal; ${MAKE} $@ + cd sw/pkcs11; ${MAKE} $@ + +install: all + install -m 644 -D sw/pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so + install -D sw/pkcs11/p11util ${DESTDIR}/usr/sbin/p11util + install -D sw/libhal/cryptech_rpcd ${DESTDIR}/usr/sbin/cryptech_rpcd + ln -s libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so.0 + +# Might also want to install the firmware tarball, scripts to use it, .... diff --git a/software/source/debian/compat b/software/source/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/software/source/debian/compat @@ -0,0 +1 @@ +9 diff --git a/software/source/debian/control b/software/source/debian/control new file mode 100644 index 0000000..8ae25b9 --- /dev/null +++ b/software/source/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-alpha +Maintainer: APT Builder Robot <aptbot@cryptech.is> +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9), libsqlite3-0, libsqlite3-dev, python (>= 2.7), python-yaml +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-alpha +Architecture: any +Depends: libc6 (>= 2.13), ${misc:Depends}, libsqlite3-0 +Description: Cryptech open-source crypto software + "cryptech-alpha" contains software for use with the Cryptech Project + "Alpha" development board. diff --git a/software/source/debian/copyright b/software/source/debian/copyright new file mode 100644 index 0000000..ec25460 --- /dev/null +++ b/software/source/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015-2016, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/software/source/debian/rules b/software/source/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/software/source/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/software/source/debian/source/format b/software/source/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/software/source/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/software/source/sw/libhal b/software/source/sw/libhal new file mode 160000 +Subproject 709a71c0030225ba08cddf5227a1c67c2dbb417 diff --git a/software/source/sw/pkcs11 b/software/source/sw/pkcs11 new file mode 160000 +Subproject 3118c1384c46140269033ea63faa6ebca9a3af5 diff --git a/software/source/sw/thirdparty/libtfm b/software/source/sw/thirdparty/libtfm new file mode 160000 +Subproject 269fc4e58f616a2cf1c318f494ec18a52991da8 |