Age | Commit message (Collapse) | Author |
|
|
|
It's been a while since we did a full reproducible build via the
releng tree. Some of the old modules are now obsolete, and a couple
of the new ones weren't present.
This is an initial test after updating the existing submodules and
adding the missing ones. I don't really expect it to work, it's a
first attempt.
At minimum, we should go through and clean out submodules we no longer
use, but that can wait until we figure out if we now have all the
right modules and branches recorded here and whether the resulting
configuration works properly.
|
|
|
|
This also catches some recent-ish changes to aes, chacha, and rosc_entropy.
|
|
|
|
Some recent changes to sw/libhal were not tested properly against
sw/pkcs11, which led to a couple of build issues and a segfault.
These have now been fixed.
The floggings will continue until morale improves.
|
|
|
|
|
|
Specific reason for this build was to test removal of a couple of
TerASIC-specific files.
Other accumulated changes include:
* A bunch of work on the AES core;
* A bunch of minor performance enhancements in the C code, mostly
related to RSA signature time (which is still a problem, but this
set of fixes removed a bunch of dumb stuff which was masking what we
now think is the root cause of the performance issue);
* A bunch of minor fixes and cleanups in the C code (eg, assertions
now log something to the console rather than just locking up).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The ks9 branch of sw/libhal breaks keystore backwards compatability
again. Unclear whether we should do something about that, but since
we do have a workaround in the form of cryptech_backup --soft-backup,
we should ship that *before* we break the keystore again, so that
careful users can back up before the problematic firmware upgrade.
|
|
|
|
|
|
|
|
|
|
|
|
Goodbye, CMSIS RTOS, with your interrupt-unsafe mutexes, your priority
inversions, and your thread structure that no debugger understands.
Don't let the door hit you on the way out.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Package up all the "new keystore" and "no SQL" changes as packages
cryptech-alpha-ksng, to make it easier for others to test them.
|
|
We want to be able to provide packaged builds of development branches.
The most straightforward way to do this is a 1:1 correspondence
between branches in the releng tree and variant package names.
We adopt a simple convention: the base package name corresponds to the
master branch, all other branches are named with the base package name
followed by the branch name. So the master branch is the
cryptech-alpha package, the ksng branch is the cryptech-alpha-ksng
branch, and so forth. This isn't a perfect solution, but it's
probably good enough.
In order to do this, we need to generate the debian/control file at
build-time, so that we can generate the list of conflicting packages.
This commit also pulls in a few changes that had collected on the
master branches of various repositories, chiefly because a few of them
were necessary to get it the build to run at all.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Undoubtedly doesn't work yet, and still needs doc, but perhaps now
ready for testing on build machine.
|