# Cryptech tamper detection

This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha
board, rev02, implementing tamper detection and master key erasure.

## Overview

       *************
       * P A N I C *
       *   button  *
       *************
        /
       /
      /
    AVR ---- SPI mux ---- FPGA
                |          |
                |         ARM
               MKM

    AVR -- Atmel MCU
    FPGA -- FPGA
    MKM -- Master Key Memory, 23K640 SRAM
    SPI mux -- 2 x MC74AC244DW
    ARM -- ARM CPU

The MKM holds the master key for the device.

The AVR, MKM and the mux are all battery powered.

The AVR and the FPGA are both sharing access to the MKM through the
mux, with the AVR connected to the pins used for deciding who's in
control of the memory. If the AVR doesn't actively grab control of the
MKM, the FPGA is in control.

When the panic button is pressed, the AVR takes control over the MKM
and writes zeros to it as quickly as possible. In idle mode, i.e. when
the panic button is not pressed, the AVR tries to consume as little
power as possible.

## Building the software

To build a .hex file suitible for uploading to a board with a
ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a
Debian system, the following command can be used for installing both:

    apt-get install gcc-avr binutils-avr avr-libc

To build tamper.hex, type 'make' in this directory.


To upload a .hex file to a board, the program avrdude can be used. On
a Debian system, the following command can be used for installing
avrdude:

    apt-get install avrdude

If configuration for ATtiny828 is missing, the file attiny828.conf in
this directory could be appended to avrdude.conf:

    cat attiny828.conf >> /etc/avrdude.conf

Often, a piece of hardware called "SPI programmer" is needed in order
to upload the .hex file to the target system. The one I've been using
has "sparkfun.com" printed on it. This small board has a mini-USB port
to connect to a host system and a header with SPI pins to connect to a
board with an AVR on it.

To upload a .hex file to a board, use the upload.sh shell script in
this directory with the name of the file as the only argument:

    ./upload.sh tamper.hex

Depending on permissions on your host system you might want to run the
upload script as root.

## GPIO on Cryptech HSM rev.03

The GPIO ports are located on JP5 (AVR_GPIO). From left to right, as seen when the marking is above the connector, the ports are:

 1. 3V3
 2. PORTC0
 3. PORTC1
 4. PORTC2
 5. PORTC3
 6. PORTC4
 7. PORTC5
 8. PORTC6
 9. PORTC7
10. GND


## Dependencies

### Debian

- apt-get install gcc-avr binutils-avr avr-libc avrdude

### Fedora

- dnf install avrdude avr-gcc avr-libc