aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-11-15Reinitialize keystore data structures after wiping keystore flash.Rob Austein
2016-11-14Track removal of hal_rpc_pkey_list().Rob Austein
2016-11-14hal_rpc_pkey_find() -> hal_rpc_pkey_open().Rob Austein
2016-11-02Wait for WIP to clear before returning from erase operations too.Rob Austein
Wrong-block-type race condition errors went away after adding the WIP check after flash write operations, then came back once (isolated incident) while running a series of tests which had written enough flash blocks that ks_flash may have finally had to erase something rather than just zeroing. Code inspection confirmed that the erase code was not waiting for WIP to clear before exiting. Difficult to prove that this was the cause of an unreproducible failure, but seems like a likely candidate given previous behavior and change should be harmless, so adding it. Timeout for this flag check is 2000 ms, which is what other erase-related WIP flag checks were already using.
2016-11-01Tweak CLI keystore commands for latest libhal RPC keystore API.Rob Austein
Using {-1} as a client handle in the CLI is a kludge, but the new stricter libhal keystore code really wants us to be consistent about this, so as long as any part of the CLI is using client {-1}, it all needs to do so. This still isn't really right, the CLI probably needs a different set of access rules than those which apply to the RPC calls, but I'm deferring that until we know what the "final" (for this branch) version of the RPC API looks like, and have done whatever refactoring might be required in the libhal keystore drivers.
2016-11-01Don't return from flash write calls until WIP flag clears.Rob Austein
Absence of this check created a nasty race condition in sw/libhal/ks_flash.c, which didn't show up until we had test code which attempted to delete a long series of keys in quick succession. I'm not aware of any sane reason why we would ever want to skip this check, so it's unconditional and applies to all of the SPI flash code, not just the keystore flash code.
2016-10-09Track changes to libhal pkey API.Rob Austein
2016-10-07Track changes to libhal RPC pkey API.Rob Austein
2016-10-07strcasecmp() is not a standard function.Rob Austein
2016-09-27"keystore erase" now clears entire keystore flash.Rob Austein
Now that we're using more than just the first few sectors of the keystore flash, we need a command to clear the whole thing. This is not quite right yet, because it doesn't yet notify libhal's ks_flash driver that the entire content of the flash has been yanked out from under it. In theory, we should be able to erase the entire flash in a single operation using the bulk erase command command (0xC7), but I couldn't get that to do anything (no error reported, no visible effect), so, for now, we erase by sectors.
2016-09-26Fix function pointer type, typo in variable name.Rob Austein
2016-09-23Use subsectors instead of sectors in keystore.Rob Austein
2016-09-16Change default gcc optimization level to -Og.Rob Austein
2016-09-16Revised ks_flash. Compiles, not yet tested.Rob Austein
2016-09-13Track libhal cleanup (function names, const-ification).Rob Austein
2016-09-09Fix frelling sw/stm32/Makefile to rebuild libraries properly.Rob Austein
2016-09-09Track removal of `type` argument from hal_rpc_pkey_find().Rob Austein
2016-09-02Whack with club until working with new keystore API.Rob Austein
Basic stuff like "keystore show keys", "keystore delete key", and the PIN commands all work with the new keystore code. Some of the management commands are still broken. Some of the old management commands were using libhal-internal APIs for which no real equivalent exists anymore. Some of the old management commands were doing things that, um, never could have worked as written.
2016-09-01"make clean" needs to use "rm -f" to avoid gratuitous failures.Rob Austein
2016-08-23Merge branch 'master' of git.cryptech.is:sw/stm32Paul Selkirk
2016-08-23Show running threads.Paul Selkirk
2016-08-23Reset table of cores after resetting FPGA from CLI.Paul Selkirk
2016-08-23Multi-client testing revealed race conditions in uart receive codePaul Selkirk
(dropped characters, improper handoff of message buffers). Fixed by a) changing the uart receiver from interrupt to DMA mode, and b) replacing the dispatch mutex and rpc semaphore with a mail queue (memory pool + message queue).
2016-08-15Incorporate FPGA comms test from projects/board-test/fmc-test.cFredrik Thulin
2016-08-15cli_receive_data: re-enable UART DMA before returningFredrik Thulin
Bugfix after new port of libcli where this enabling doesn't happen after every command anymore.
2016-08-11Multiple threads and multiple cores, to deal with multiple clients.Paul Selkirk
2016-08-11re-implement 'show fpga cores'Fredrik Thulin
2016-07-21Use a fresh port of libcli, which retains more of the original API.Paul Selkirk
2016-07-16Don't run empty "export" command.Rob Austein
2016-07-13'masterkey set' without args sets master key to a random valuePaul Selkirk
2016-07-13probe_cores() finally does the right thing, so we don't have to call it early.Paul Selkirk
2016-07-12Make username a command-line option, default "so" as it used to be.Rob Austein
2016-07-12Allow wheel to upload firmware/bitstreamsPaul Selkirk
2016-07-12Re-disable 'keystore set key'; hexdump binary key names; remove unused ↵Paul Selkirk
'show' commands.
2016-07-12merge from projects/hsmFredrik Thulin
2016-07-12Merge branch 'master' of git.cryptech.is.:sw/stm32Fredrik Thulin
2016-07-12restore original SCLK_DIVFredrik Thulin
2016-07-12re-enable masterkeyFredrik Thulin
2016-07-12Restore 'keystore set|rename|delete' commands; access key by index as well ↵Paul Selkirk
as name.
2016-07-09Clean up the CLI.Fredrik Thulin
A lot of the commands were just useful when testing/implementing features for the Alpha. Remove them now that they have been merged to projects/cli-test.
2016-07-09Integrate test code for MKMIF.Fredrik Thulin
There seems to be a timing issue (?) with the MKMIF. If SCLK_DIV is set to a higher value (was: 0x20) then the CLI command "test mkmif" will fail with only occasional success runs. With divisor 0x01, it works most of the time but not allways.
2016-07-09Merge more code from projects/hsm.Fredrik Thulin
2016-07-09Merge branch 'master' of git.cryptech.is.:sw/stm32Fredrik Thulin
2016-07-08Add upload from firmware tarball, gussie up command parser, add dire warnings.Rob Austein
Command parser now enforces little things like mutually-exclusive required options so we warn users who attempt something silly. Preferred source for uploads is now the firmware tarball installed along with the client software; we still support uploading from an explictly-specified source file, but one must now say "-i file". Updating the bootloader is dangerous, we now say so and also require an additional option before we'll even attempt it. For the record, while testing this I did manage to brick my Alpha and had to use an ST-LINK to recover, exactly as predicted by the new dire warning.
2016-07-08merge test code from projects/hsm/Fredrik Thulin
2016-07-07Merge branch 'master' of https://git.cryptech.is/sw/stm32.git.Rob Austein
2016-07-07Add cryptech_miniterm; tweak cryptech_probe to write environment variables ↵Rob Austein
like ssh-agent.
2016-07-07Drop bad request packets.Paul Selkirk
Also, if the UART receive callback fails to re-enable receive (because dispatch_thread is in the middle of transmitting a response), signal dispatch_thread to re-enable receive after it's done.
2016-07-07Default to one RPC worker thread.Paul Selkirk
2016-07-07Rewrite and add cleanup sequences to avoid confusing the RPC server.Rob Austein