aboutsummaryrefslogtreecommitdiff
path: root/projects/hsm/cryptech_upload
AgeCommit message (Collapse)Author
2017-04-27Refactor cryptech_upload to work either directly or via cryptech_muxd.Rob Austein
2017-04-11Track API changes on sw/libhal pkcs8 branch.Rob Austein
2017-02-23Add --pin and --quiet options.Paul Selkirk
2017-02-23Speed up file upload enormously.Paul Selkirk
We need to start with a long serial timeout, in order to catch the reboot messages for a firmware upload (this has to be done through the bootloader). But once we start sending the file, cut the serial timeout to 1ms. (I've tested it down to 1us, but that may not work for everyone, and it doesn't improve performance in a statistically significant way.) This brings the time to upload a 4.5MB bitstream from 38:23 to 1:25.
2016-12-21Rewrite core upload loop to simplify and fix race conditions.Rob Austein
The main loop in cryptech_upload:send_file() was much more complicated than necessary, and also contained some hidden assumptions about serial I/O timing which happened to fail on the first two machines I tested. We already had a perfectly good buffered-input function, so rewrote to use that, and simplified control structure in the process. In theory, the new code should work in any environment where the old one did, but this has not yet been confirmed.
2016-12-20Flush output to serial device after writing.Rob Austein
2016-12-20Merge branch 'master' into ksngRob Austein
Bootloader DFU fixes.
2016-12-20The bootloader upgrade reboots now, so we don't need to log out of the CLI.Paul Selkirk
2016-11-25Add debugging code to cryptech_upload.Rob Austein
2016-07-12Make username a command-line option, default "so" as it used to be.Rob Austein
2016-07-12Allow wheel to upload firmware/bitstreamsPaul Selkirk
2016-07-08Add upload from firmware tarball, gussie up command parser, add dire warnings.Rob Austein
Command parser now enforces little things like mutually-exclusive required options so we warn users who attempt something silly. Preferred source for uploads is now the firmware tarball installed along with the client software; we still support uploading from an explictly-specified source file, but one must now say "-i file". Updating the bootloader is dangerous, we now say so and also require an additional option before we'll even attempt it. For the record, while testing this I did manage to brick my Alpha and had to use an ST-LINK to recover, exactly as predicted by the new dire warning.
2016-07-07Add cryptech_miniterm; tweak cryptech_probe to write environment variables ↵Rob Austein
like ssh-agent.
2016-07-06Small improvements to try to suck less.Paul Selkirk
2016-07-05Add horrible kludge of a script to probe USB ports and report whichRob Austein
ones look like console and RPC ports for the HSM.
2016-06-28Only SO and wheel are allowed to upload.Paul Selkirk
Also add bootloader upload.
2016-06-27Modify cli-test/filetransfer to prompt for PIN.Paul Selkirk
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 17:21:16 +0000
f6dba 
0f3cc3a

76f6dba



0f3cc3a

76f6dba


0f3cc3a

76f6dba










































3861954

76f6dba






8cef915


3861954







76f6dba

8cef915



76f6dba

3861954

76f6dba



3861954



3861954


2a07b3f

3861954

1

2
3

4

5

6

7

8

9
10
11
12

13

14
15
16

17

18
19

20

21
22
23
24
25
26
27
28

29

30
31

32

33

34

35

36
37
38
39
40
41
42
43

44

45

46

47

48

49

50
51
52
53
54
55
56

57

58
59
60

61

62
63

64

65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

107

108
109
110
111
112
113

114
115

116
117
118
119
120
121
122

123

124
125
126

127

128

129
130
131

132
133
134

135
136

137

138

            

            
                                                                        
 
 
              
 



                                                                      
 


                                                                     
 

                                                                    
 







                                                                    
 

                                                                    
 
 
                 
 







                                                                      
 
 
                            
 
                                                        
 






                                                                      
 


                                                                      
 

                                                                     
 









































                                                                      
                                                                  





                                                                     

                                                                        






                                                                      
 


                                                                 
                                                                      
                                                                        


                                                                    


                                                                                                                         

                                                           
                                                                
                                             

   

releng/alpha


Release engineering stuff for Cryptech Alpha board and support software.


Overview


The Makefiles and scripts in this repository attempt to automate the
process of building packaged versions of the firmware and software for
the Cryptech Alpha board.  At a high level, this consists of two main
phases:


    

  1. 

    Building a firmware package (Verilog and C code which runs on the
    Alpha board itself, regardless the host system to which the Alpha
    is connected); and
    

    2. 

  2. 

    Building software packages (code which runs on the host to which
    the Alpha is connected).
    

    3. 



Since the firmware is the same for any given version of the Cryptech
source code, and since the process of building the firmware binaries
is both time-consuming and involves tools like the XiLinx Verilog
synthesis toolkit and cross-compilers for multiple CPUs (the Alpha's
Cortex M4 ARM CPU and the Atmel AVR ATtiny828 MCU used to implement
the anti-tampering logic for the master key memory), we include a
signed tarball containing pre-built binaries for all the firmware as
part of the source tarball for the software packages.


You are of course free to build all of this for yourself, with or
without modification, the pre-built versions are just a convenience.


Source Tree


The source code itself, for both the firmware and the software, is in
the source/ directory, with names corresponding to the canonical names
of the relevant git repositories.  At the time this document was
written, a few of the repositories in question had not yet been
promoted to their expected permanent homes in the core/ or sw/ trees,
but we expect this to be temporary.  Regardless, directory names
within the source/ directory tree are intended to track the canonical
names of the git repositories, whatever they may be at any given time.


Firmware Build Process


The firmware build process consists of five main phases:


    

  1. 

    Building a "shadow" directory tree populated with symlinks back to
    the source tree.  This allows us to preserve binaries between
    compilation runs where appropriate, without cluttering up the
    source tree with various intermediate files which don't belong
    there.  In particular, this allows to skip the Verilog synthesis
    stage when nothing there has changed, which makes the overall
    build process run significantly faster.
    

    2. 

  2. 

    Synthesizing the Verilog source code into a bitstream.  This phase
    generates a single bitstream file, suitable for loading into the
    Alpha's FPGA chip.
    

    3. 

  3. 

    Cross-compiling C code for the Alpha's ARM processor.  This
    produces two images: the bootloader, and the HSM firmware itself.
    

    4. 

  4. 

    Cross compiling C code for the Alpha's AVR MCU.  This produces a
    single image, which runs the tamper-response controller.
    

    5. 

  5. 

    Packaging all of the firmware created in the above steps into a
    tarball, with some meta-data describing the package, including
    SHA-2 digests of all of the firmware image files and a signature
    over the entire meta-data block.
    

    6. 



The precise formats which show up in the firmware tarball are subject
to change.  At the moment, they consist of:


    

  • 

    A raw bitstream (".bit" file) for the Xilinx Artix-7 FPGA.
    

    • 

  • 

    ELF and raw binary image files for the Cortex M4 ARM CPU; we supply
   both .elf and .bin files because some tools want one format, some
   want the other.
    

    • 

  • 

    A ".hex" image for the AVR MCU.
    

    • 



The overall packaging for the firmware tarball is intentionally pretty
boring: tar, gzip, gpg, and JSON.  The intent is that users be able to
use our firmware tarball even if the scripts we provide are unsuitable
for some reason.


The final result of the firmware build process is the firmware
tarball, which is written into the source/ tree for inclusion by the
software packaging phase.


Software Build Process


The software build process also consists of several phases, but is a
bit more open-ended than the firmware build process.  Phases in the
current build process:


    

  1. 

    Building a source tarball and Debian source package (".dsc").
    The Debian and Ubuntu Linux distributions are our primary
    development platforms, so we need to produce packages for them in
    any case, and the process of producing a Debian-family source
    package produces a source tarball as one of its outputs, so we get
    that for free by doing this step first.
    

    2. 

  2. 

    Running pbuilder to generate clean binary packages for the
    "i386" and "amd64" architectures for Debian Jessie and Ubuntu
    Xenial.
    

    3. 

  3. 

    Loading all of the Debian and Ubuntu packages produced above into
    the staging instances of a set of APT repositories.
    

    4. 

  4. 

    Generation of a Homebrew formula and committing that formula to
    the staging instance of a Homebrew "tap" (git repository), using the
    tarball created during the Debian source package stage as the
    source package.  The Homebrew formula is source-only (no "bottled"
    binary packages): creating binary packages would not be
    particularly difficult (one osxcross instance per version of
    OSX we want to support would do it), but Apple's Xcode SDK license
    doesn't permit this unless we run our build farm on Apple
    hardware.
    

    5. 

  5. 

    Uploading changes from the staging repositories to our public
    repositories.
    

    6. 



In theory, it would also be possible to produce Windows binaries using
the MinGW cross-compilation environment, but Windows is sufficiently
different from all other platforms that even minimal Windows support
would almost certainly require extensive source code changes, so we
have not put any serious thought into build issues for Windows.
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-16 17:21:16 +0000