aboutsummaryrefslogtreecommitdiff
path: root/ks_flash.c
AgeCommit message (Collapse)Author
2016-06-23Implement master key for wrapping keys in the keystore.Fredrik Thulin
The KEK (Key Encryption Key) is first fetched from the FPGA that gets it from the volatile Master Key Memory (that in theory has tamper*kek_len = len protection with wiping), and secondly from flash. The flash option is meant for development/evaluation use using an Alpha board where the Master Key Memory is not battery backed. For any serious use of an Alpha, an option is to enter the master key into the volatile MKM on each power-on as a way to unlock the keystore.
2016-06-09some cleanup, and fix delete operationFredrik Thulin
2016-06-09Sort out the redeclaration of HAL_OK with Rob's help.Fredrik Thulin
Thanks Rob!
2016-06-09bugfixes and cleanups, seems to sort-of work nowFredrik Thulin
2016-06-08Implement flash keystore storage. Most of it is still untested.Fredrik Thulin
2016-05-15Tweak keystore API to allow update-in-place, so hal_ks_rename() will work.Rob Austein
2016-03-03Initial implementations of ks_get_kek(). Untested, and none of theseRob Austein
are secure (the one in ks_flash.c is a stub, and the others are for cases where we have no secure hardware in which to store the KEK). These are primarily for testing, since in the long run the entire software implementation of AES-keywrap will be replaced by Verilog which never lets software see the unwrapped key. Or so says current theory. For the moment, we just need something that will let us test the rest of the RPC and keystore mechanisms.
2015-12-23RPC interface to TRNG and (incomplete) PIN code.Rob Austein
2015-12-20RPC server stuff mostly written. Compiles, not yet tested. RPCRob Austein
public key extraction functions on hold pending ASN.1 cleanup.