aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-06-21Typo in updated build scriptRob Austein
2020-06-21Preliminary support for Python 3Rob Austein
This is a first step towards moving all of the Cryptech code from Python 2 to Python 3. At this stage, the goal is to make the same source code work in both language dialects, and to build packages which install both versions of the library code. This is a necessary step along the way, but since Python 2 is already past EOL as of this writing and since some distributions have started dropping all support for Python 2, we will almost certainly want to drop all Python 2 support in the relatively near future, if only because it's not really to do all the packaging right for both versions at once without much more trouble than a dead language dialect is probably worth. All platforms we care about should support Python 3 already, any that don't probably have much worse problems. So the primary purpose of pushing this particular commit is to archive what will probably be the last version supporting Python 2, while giving folks a chance to test the incoming Python 3 support a bit. Once we've cut loose from Python 2 for good, there's some cleanup we can and should do (eg, all the gymnastics to work around Python 2's handling of bytes as a form of text rather than a sequence of small integers), but for the moment we want to keep that compatability, albeit briefly.
2020-06-21Allow build of firmware package without release engineering keyRob Austein
Prior to this change, it was not possible to build the release packaging without the release engineering PGP key, which is nicely paranoid but ignores the possibility that people other than the release engineer might want to reuse our packaging. Doh. So we still use the release engineering key to sign the manifest in the firmware tarball if the key is available, but if it's not we produce an unsigned manifest.
2020-05-12Bump version number to 4.0Rob Austein
Developer consensus is that between mulitple new cores and a number of performance improvements, this is worthy of a major version number bump.
2020-05-06New improved keywrap core with integrated mkmifPaul Selkirk
2020-04-18Update submodules and add missing ones, as neededRob Austein
It's been a while since we did a full reproducible build via the releng tree. Some of the old modules are now obsolete, and a couple of the new ones weren't present. This is an initial test after updating the existing submodules and adding the missing ones. I don't really expect it to work, it's a first attempt. At minimum, we should go through and clean out submodules we no longer use, but that can wait until we figure out if we now have all the right modules and branches recorded here and whether the resulting configuration works properly.
2020-01-01Accumulated minor changes on master branchesRob Austein
2019-09-03armhf only on Debian, not on UbuntuRob Austein
2019-09-02Add armhf and Debian Buster, drop Debian Stretch.Rob Austein
2019-04-09Update for merge of fmc_clk_60mhz to master and hardware byteswapping.Paul Selkirk
This also catches some recent-ish changes to aes, chacha, and rosc_entropy.
2019-01-22Catch up with submodulesRob Austein
2019-01-14.vh search path and aes_speed un-fork.Rob Austein
2019-01-08Add Pavel's utility library.Rob Austein
2019-01-08Catch up with submodulesRob Austein
2018-09-06Incorporate recent core timing work and CLI improvements.Rob Austein
This is the recent stuff that's not specific to the fmc_clk effort. In theory this should all just work (with the old asynchronous clocking), in practice, well, that's part of what we want to test.
2018-08-27Fix pkcs11 build issue and segfault.Rob Austein
Some recent changes to sw/libhal were not tested properly against sw/pkcs11, which led to a couple of build issues and a segfault. These have now been fixed. The floggings will continue until morale improves.
2018-08-11Un-break builds on MacOS.Rob Austein
2018-07-25hashsig.Rob Austein
2018-07-24Accumulated changes in several submodules.Rob Austein
Specific reason for this build was to test removal of a couple of TerASIC-specific files. Other accumulated changes include: * A bunch of work on the AES core; * A bunch of minor performance enhancements in the C code, mostly related to RSA signature time (which is still a problem, but this set of fixes removed a bunch of dumb stuff which was masking what we now think is the root cause of the performance issue); * A bunch of minor fixes and cleanups in the C code (eg, assertions now log something to the console rather than just locking up).
2018-07-14Fix generated Debian package names ("_" is illegal).Rob Austein
2018-06-17Packaging voodoo to support same code version on multiple releases.Rob Austein
reprepro strictly follows the Debian package rule that two package files which have the same name must have identical content. Which is fine, except when we want to support the same version of a package on multiple releases of the same Debian-flavored operating system. The usual hack for this is to add a release-specific tag to the end of the version string. The brute force way of doing this requires modifying the source package for each release, but there's an obscure hack which lets us augment the binary package versions directly.
2018-06-15Add host builds for Debian Stretch and Ubuntu Bionic.Rob Austein
NB: this change is not by itself enough to prep the build environment for new platforms, one must also (manually): a) Update the conf/distributions files in the reprepro repositories to include the new codenames; b) Install an updated version of the debootstrap package on the build machine so that it knows how to construct the base environment for the new codenames; and c) Create the initial pbuilder environments fot the new codenames using `pbuilder-dist create`. There may be other steps I've forgotten, it's been a while since we last added a new codename. Per recommendation in the Debian Wiki, the debootstrap package I expect to use for this was manually backported (so that our existing build machine can know how to build for codenames newer than what the build machine itself is running). In this case I'm using the stretch-backports version (to get Ubuntu Bionic).
2018-05-01Accumulated changes from last several months.Rob Austein
2017-12-15Makefile cleanup.Rob Austein
2017-12-15Try again with updated cores from Joachim.Rob Austein
2017-12-14Rewind most recent AES core changes.Rob Austein
Most recent AES core doesn't synthesize properly with core_selector, and we have other fixes to test. So back AES changes out of the releng build for now, re-add them when we sort this out.
2017-12-14Paul's fix to FPGA upload problem.Rob Austein
2017-12-14Don't "tidy" the pbuilder marker.Rob Austein
2017-12-14Don't whine about pbuilder update marker.Rob Austein
2017-12-14Joachim's AES core updates.Rob Austein
2017-12-13Merge systolic_crt branches.Rob Austein
2017-12-12Pull recent bugfixes and cleanups. No new major functionality.Rob Austein
2017-09-21Auto-update the pbuilder environments.Rob Austein
2017-09-21Fix syntax of generated Debian control file.Rob Austein
2017-09-20Drag in Paul's most recent stm32 updates.Rob Austein
2017-08-22Drag in Paul's UART reliability fixes.Rob Austein
2017-07-24Pull in RSA key generation changes.Rob Austein
2017-06-18Optimize libtfm build.Rob Austein
2017-06-14Pull in faster RSA keygen code.Rob Austein
2017-06-08Add PyCrypto dependency on Debian and Ubuntu too.Rob Austein
We don't really need PyCrypto for most things, and installing it on the fly is easy with apt-get, but it's not worth trying to explain why it's always included on OSX and has to be installed manually on Linux.
2017-06-08Add PyCrypto to package dependencies on OSX.Rob Austein
Python package dependencies in Homebrew packages are tricky enough that it's easiest just to install PyCrypto unconditionally on OSX.
2017-06-08Clean up MANIFEST commit data.Rob Austein
2017-06-08Simplified keystore (ks9).Rob Austein
2017-06-03Include cryptech_backup --soft-backup before we merge ks9 to master.Rob Austein
The ks9 branch of sw/libhal breaks keystore backwards compatability again. Unclear whether we should do something about that, but since we do have a workaround in the form of cryptech_backup --soft-backup, we should ship that *before* we break the keystore again, so that careful users can back up before the problematic firmware upgrade.
2017-05-20PKCS #11 access control conslidation and other cleanup.Rob Austein
2017-05-20Better Homebrew fix: Just symlink our bindings into our vendor tree.Rob Austein
Homebrew reserves the right to decide on the fly which copy of the Python 2.7 interpreter (Apple's or Homebrew's) we should be using. This is mostly reasonable, but makes it tricky when a Homebrew package includes both a Python "application" and Python "bindings", because the bindings may be installed where the script doesn't see them. So we symlink the bindings into the application's private library tree, just as if the bindings were a third-party library our application needed. Silly, but it works (this week).
2017-05-20Scripts need to use same version of Python as libraries.Rob Austein
2017-05-19PKCS #11 fixes du jour.Rob Austein
2017-05-18Re-enable use of FPGA modexp.Rob Austein
2017-05-15README.md explained package build steps in the wrong order.Rob Austein