diff options
Diffstat (limited to 'firmware')
-rw-r--r-- | firmware/.gitignore | 2 | ||||
-rw-r--r-- | firmware/.gitmodules | 54 | ||||
-rw-r--r-- | firmware/Makefile | 35 | ||||
-rw-r--r-- | firmware/README.md | 19 | ||||
-rwxr-xr-x | firmware/build-package.py | 34 | ||||
m--------- | firmware/core/cipher/aes | 0 | ||||
m--------- | firmware/core/cipher/chacha | 0 | ||||
m--------- | firmware/core/comm/fmc | 0 | ||||
m--------- | firmware/core/comm/uart | 0 | ||||
m--------- | firmware/core/hash/sha1 | 0 | ||||
m--------- | firmware/core/hash/sha256 | 0 | ||||
m--------- | firmware/core/hash/sha512 | 0 | ||||
m--------- | firmware/core/math/modexpa7 | 0 | ||||
m--------- | firmware/core/platform/alpha | 0 | ||||
m--------- | firmware/core/rng/avalanche_entropy | 0 | ||||
m--------- | firmware/core/rng/rosc_entropy | 0 | ||||
m--------- | firmware/core/rng/trng | 0 | ||||
m--------- | firmware/core/rng/vndecorrelator | 0 | ||||
m--------- | firmware/core/util/mkmif | 0 | ||||
m--------- | firmware/sw/libhal | 0 | ||||
m--------- | firmware/sw/stm32 | 0 | ||||
m--------- | firmware/sw/thirdparty/libtfm | 0 | ||||
m--------- | firmware/user/ft/libcli | 0 |
23 files changed, 144 insertions, 0 deletions
diff --git a/firmware/.gitignore b/firmware/.gitignore new file mode 100644 index 0000000..f1a0492 --- /dev/null +++ b/firmware/.gitignore @@ -0,0 +1,2 @@ +package.tar.gz +screenlog.0 diff --git a/firmware/.gitmodules b/firmware/.gitmodules new file mode 100644 index 0000000..77a2f38 --- /dev/null +++ b/firmware/.gitmodules @@ -0,0 +1,54 @@ +[submodule "core/cipher/aes"] + path = core/cipher/aes + url = https://git.cryptech.is/core/cipher/aes.git +[submodule "core/cipher/chacha"] + path = core/cipher/chacha + url = https://git.cryptech.is/core/cipher/chacha.git +[submodule "core/comm/fmc"] + path = core/comm/fmc + url = https://git.cryptech.is/core/comm/fmc.git +[submodule "core/comm/uart"] + path = core/comm/uart + url = https://git.cryptech.is/core/comm/uart.git +[submodule "core/hash/sha1"] + path = core/hash/sha1 + url = https://git.cryptech.is/core/hash/sha1.git +[submodule "core/hash/sha256"] + path = core/hash/sha256 + url = https://git.cryptech.is/core/hash/sha256.git +[submodule "core/hash/sha512"] + path = core/hash/sha512 + url = https://git.cryptech.is/core/hash/sha512.git +[submodule "core/math/modexpa7"] + path = core/math/modexpa7 + url = https://git.cryptech.is/core/math/modexpa7.git +[submodule "core/platform/alpha"] + path = core/platform/alpha + url = https://git.cryptech.is/core/platform/alpha.git +[submodule "core/rng/avalanche_entropy"] + path = core/rng/avalanche_entropy + url = https://git.cryptech.is/core/rng/avalanche_entropy.git +[submodule "core/rng/rosc_entropy"] + path = core/rng/rosc_entropy + url = https://git.cryptech.is/core/rng/rosc_entropy.git +[submodule "core/rng/trng"] + path = core/rng/trng + url = https://git.cryptech.is/core/rng/trng.git +[submodule "core/rng/vndecorrelator"] + path = core/rng/vndecorrelator + url = https://git.cryptech.is/core/rng/vndecorrelator.git +[submodule "core/util/mkmif"] + path = core/util/mkmif + url = https://git.cryptech.is/core/util/mkmif.git +[submodule "sw/stm32"] + path = sw/stm32 + url = https://git.cryptech.is/sw/stm32.git +[submodule "sw/libhal"] + path = sw/libhal + url = https://git.cryptech.is/sw/libhal.git +[submodule "sw/thirdparty/libtfm"] + path = sw/thirdparty/libtfm + url = https://git.cryptech.is/sw/thirdparty/libtfm.git +[submodule "user/ft/libcli"] + path = user/ft/libcli + url = https://git.cryptech.is/user/ft/libcli.git diff --git a/firmware/Makefile b/firmware/Makefile new file mode 100644 index 0000000..fc98e1d --- /dev/null +++ b/firmware/Makefile @@ -0,0 +1,35 @@ +# Preliminary makefile for releng/alpha/firmware, just to test the +# basic build sequence before we start messing with packaging scripts, +# version numbers, and other forms of entertainment. Expect changes. + +export GNUPGHOME := /home/aptbot/gnupg + +TARBALL := package.tar.gz +BITSTREAM := core/platform/alpha/build/alpha_fmc.bit +BINARIES := sw/stm32/projects/bootloader/bootloader.bin sw/stm32/projects/hsm/hsm.bin +FIRMWARE := ${BITSTREAM} ${BINARIES} ${BINARIES:.bin=.elf} +RTLSOURCE := $(shell find core -name .git -prune -o -path core/platform/alpha/build -prune -o -type f -print) + +all: bitstream elves package + +bitstream: ${BITSTREAM} + +${BITSTREAM}: ${RTLSOURCE} + cd core/platform/alpha/build; ${MAKE} + +${BINARIES}: elves + +elves: + cd sw/stm32; ${MAKE} bootloader hsm + +package: ${TARBALL} + +${TARBALL}: ${FIRMWARE} + ./build-package.py $(basename $@) $^ + gzip -9f $(basename $@) + +clean: + git clean -dfx + git submodule foreach git clean -dfx + +.PHONY: all bitstream elves package clean diff --git a/firmware/README.md b/firmware/README.md new file mode 100644 index 0000000..ebf4015 --- /dev/null +++ b/firmware/README.md @@ -0,0 +1,19 @@ +Preliminary release engineering super-repository for building firmware +for the Cryptech "Alpha" board. + +Primary tasks here are to build a bitstream for the FPGA and the +"bootstrap" and "hsm" images for the Alpha's CPU. + +Eventually there will be a lot of packaging and versioning glorp here, +but let's start with basic build and clean targets. + +Current repository structure is, um, complicated. On the RTL side, we +have a tree of simple subrepositories, each representing one RTL core. + +On the software side, we have a subrepository which has several +subrepositories of its own: current thinking is that this should +probably be replaced by separate repositories and Makefile VPATH +magic, but this is what we have today so it's what we build with +today. + +This README is probably obsolete by the time you're reading it. diff --git a/firmware/build-package.py b/firmware/build-package.py new file mode 100755 index 0000000..0df116b --- /dev/null +++ b/firmware/build-package.py @@ -0,0 +1,34 @@ +#!/usr/bin/env python + +import subprocess +import tempfile +import argparse +import hashlib +import tarfile +import json +import os + +parser = argparse.ArgumentParser() +parser.add_argument("tarfile", type = argparse.FileType("wb"), help = "tarball to create") +parser.add_argument("firmware", nargs = "+", help = "firmware files to stuff into tarball") +args = parser.parse_args() + +tar = tarfile.TarFile(mode = "w", fileobj = args.tarfile) +head = subprocess.check_output(("git", "rev-parse", "HEAD")).strip() +time = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip() +commits = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()] +sha256 = {} + +for fn in args.firmware: + with open(fn, "rb") as f: + sha256[os.path.basename(fn)] = hashlib.sha256(f.read()).hexdigest() + tar.add(fn, os.path.basename(fn)) + +with tempfile.NamedTemporaryFile() as f: + gpg = subprocess.Popen(("gpg", "--clearsign", "--personal-digest-preferences", "SHA256", "--no-permission-warning"), + stdin = subprocess.PIPE, stdout = f) + json.dump(dict(head = head, time = time, commits = commits, sha256 = sha256), gpg.stdin, indent = 2) + gpg.stdin.close() + if gpg.wait(): + raise subprocess.CalledProcessError(gpg.returncode, "gpg") + tar.add(f.name, "MANIFEST") diff --git a/firmware/core/cipher/aes b/firmware/core/cipher/aes new file mode 160000 +Subproject 915759285c179cf99be3c17ad401c79e4b8be05 diff --git a/firmware/core/cipher/chacha b/firmware/core/cipher/chacha new file mode 160000 +Subproject 549b75a635817ce263c368c9b8b5b0b07f90ec2 diff --git a/firmware/core/comm/fmc b/firmware/core/comm/fmc new file mode 160000 +Subproject 61c16de8beb8deaadd2ffedfabfb3ce96e8699f diff --git a/firmware/core/comm/uart b/firmware/core/comm/uart new file mode 160000 +Subproject 0d3acd1815da8fcbd2b30f4fe1ff514f87b2522 diff --git a/firmware/core/hash/sha1 b/firmware/core/hash/sha1 new file mode 160000 +Subproject ae915a1ed47a807ec880c2f18053e4f8eda6bd9 diff --git a/firmware/core/hash/sha256 b/firmware/core/hash/sha256 new file mode 160000 +Subproject c894f78a95a01351f277c3d36bcf6dced08798e diff --git a/firmware/core/hash/sha512 b/firmware/core/hash/sha512 new file mode 160000 +Subproject 88e0d83768004b6bab2d83edf7eae2841678b51 diff --git a/firmware/core/math/modexpa7 b/firmware/core/math/modexpa7 new file mode 160000 +Subproject 4612bc24a8b43c14580d6be06542b1fa9a6e615 diff --git a/firmware/core/platform/alpha b/firmware/core/platform/alpha new file mode 160000 +Subproject fc8be8024560bb77221758b0351c3de7b4ea6e9 diff --git a/firmware/core/rng/avalanche_entropy b/firmware/core/rng/avalanche_entropy new file mode 160000 +Subproject 5742813ab43fec9fa90d970f086f1e266875b8f diff --git a/firmware/core/rng/rosc_entropy b/firmware/core/rng/rosc_entropy new file mode 160000 +Subproject 48e3c117ae6944775010031b1691446220944b6 diff --git a/firmware/core/rng/trng b/firmware/core/rng/trng new file mode 160000 +Subproject 953909d18796c1caea35263eb902b1dd7021d92 diff --git a/firmware/core/rng/vndecorrelator b/firmware/core/rng/vndecorrelator new file mode 160000 +Subproject 49e388c3dadcaabe1e4e66a37fcd52b2f125c1d diff --git a/firmware/core/util/mkmif b/firmware/core/util/mkmif new file mode 160000 +Subproject fd1dd73410ba6ca3d082ff61e4b39d6e8c2de35 diff --git a/firmware/sw/libhal b/firmware/sw/libhal new file mode 160000 +Subproject 709a71c0030225ba08cddf5227a1c67c2dbb417 diff --git a/firmware/sw/stm32 b/firmware/sw/stm32 new file mode 160000 +Subproject 0d25f920c9024a3a6f994b8f17b9b28ffa6e093 diff --git a/firmware/sw/thirdparty/libtfm b/firmware/sw/thirdparty/libtfm new file mode 160000 +Subproject 269fc4e58f616a2cf1c318f494ec18a52991da8 diff --git a/firmware/user/ft/libcli b/firmware/user/ft/libcli new file mode 160000 +Subproject 54c6b8649b1a13e69a908c96e8d4d19cf8d7284 |