diff options
-rwxr-xr-x | bin/cryptech_runcmd | 136 | ||||
-rwxr-xr-x | bin/cryptech_upload | 294 | ||||
-rwxr-xr-x | bin/flash-target | 38 | ||||
-rwxr-xr-x | bin/reset | 31 | ||||
-rwxr-xr-x | run.sh | 39 |
5 files changed, 538 insertions, 0 deletions
diff --git a/bin/cryptech_runcmd b/bin/cryptech_runcmd new file mode 100755 index 0000000..6407043 --- /dev/null +++ b/bin/cryptech_runcmd @@ -0,0 +1,136 @@ +#!/usr/bin/python +# +# Copyright (c) 2016, NORDUnet A/S All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +""" +Utility to upload new a firmware image or FPGA bitstream +""" +import os +import sys +import time +import struct +import serial +import argparse +import getpass + +from binascii import crc32 + +FIRMWARE_CHUNK_SIZE = 4096 +FPGA_CHUNK_SIZE = 4096 + +default_pins = {'wheel': 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding', + 'ct': 'ct', + } + +def parse_args(): + """ + Parse the command line arguments + """ + parser = argparse.ArgumentParser(description = "File uploader", + add_help = True, + formatter_class = argparse.ArgumentDefaultsHelpFormatter, + ) + + parser.add_argument('-d', '--device', + dest='device', + default='/dev/ttyUSB0', + help='Name of management port USB serial device', + ) + + parser.add_argument("--username", + choices = ("so", "wheel", "ct"), + default = "so", + help = "Username to use when logging into the HSM", + ) + + parser.add_argument('commands', metavar='CMD', type=str, nargs='+', + help='commands to execute') + return parser.parse_args() + + +def _write(dst, data, debug=False): + dst.write(data) + if not debug: + return + if len(data) == 4: + print("Wrote 0x{!s}".format(data.encode('hex'))) + else: + print("Wrote {!r}".format(data)) + + +def _read(dst, verbose=True): + res = '' + x = dst.read(1) + while not x: + x = dst.read(1) + while x: + res += x + x = dst.read(1) + #print ("Read {!r}".format(res)) + if verbose: + sys.stdout.write(res) + return res + +def _execute(dst, cmd): + global default_pins + _write(dst, '\r') + prompt = _read(dst) + if prompt.endswith('Username: '): + _write(dst, args.username + "\r") + prompt = _read(dst) + if prompt.endswith('Password: '): + pin = default_pins.get(args.username) + if not pin: + pin = getpass.getpass("{} PIN: ".format(args.username)) + _write(dst, pin + '\r') + prompt = _read(dst) + if not prompt.endswith('> '): + #sys.stderr.write('Device does not seem to be ready for a file transfer (got {!r})\n'.format(prompt)) + return prompt + _write(dst, cmd + '\r') + response = _read(dst) + return response + + +def main(args): + global pin + dst = serial.Serial(args.device, 921600, timeout=2) + for this in args.commands: + _execute(dst, this) + dst.close() + return True + +if __name__ == '__main__': + try: + args = parse_args() + if main(args): + sys.exit(0) + sys.exit(1) + except KeyboardInterrupt: + pass + diff --git a/bin/cryptech_upload b/bin/cryptech_upload new file mode 100755 index 0000000..680a0ac --- /dev/null +++ b/bin/cryptech_upload @@ -0,0 +1,294 @@ +#!/usr/bin/env python +# +# Copyright (c) 2016, NORDUnet A/S All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# - Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# +# - Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# - Neither the name of the NORDUnet nor the names of its contributors may +# be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +""" +Utility to upload a new firmware image or FPGA bitstream. +""" + +import os +import sys +import time +import struct +import serial +import getpass +import os.path +import tarfile +import argparse +import platform + +from binascii import crc32 + +FIRMWARE_CHUNK_SIZE = 4096 +FPGA_CHUNK_SIZE = 4096 + + +def parse_args(): + """ + Parse the command line arguments + """ + + share_directory = "/usr/share" if platform.system() == "Linux" else "/usr/local/share" + + default_tarball = os.path.join(share_directory, "cryptech-alpha-firmware.tar.gz") + + if not os.path.exists(default_tarball): + default_tarball = None + + parser = argparse.ArgumentParser(description = __doc__, + formatter_class = argparse.ArgumentDefaultsHelpFormatter, + ) + + parser.add_argument("-d", "--device", + default = os.getenv("CRYPTECH_CTY_CLIENT_SERIAL_DEVICE", "/dev/ttyUSB0"), + help = "Name of management port USB serial device", + ) + + parser.add_argument("--firmware-tarball", + type = argparse.FileType("rb"), + default = default_tarball, + help = "Location of firmware tarball", + ) + + parser.add_argument("--username", + choices = ("so", "wheel"), + default = "so", + help = "Username to use when logging into the HSM", + ) + + actions = parser.add_mutually_exclusive_group(required = True) + actions.add_argument("--fpga", + action = "store_true", + help = "Upload FPGA bitstream", + ) + actions.add_argument("--firmware", "--hsm", + action = "store_true", + help = "Upload HSM firmware image", + ) + actions.add_argument("--bootloader", + action = "store_true", + help = "Upload bootloader image (dangerous!)", + ) + + parser.add_argument("--simon-says-whack-my-bootloader", + action = "store_true", + help = "Confirm that you really want to risk bricking the HSM", + ) + + parser.add_argument("-i", "--explicit-image", + type = argparse.FileType("rb"), + help = "Explicit source image file for upload, overrides firmware tarball") + + return parser.parse_args() + + +def _write(dst, data): + dst.write(data) + #if len(data) == 4: + # print("Wrote 0x{!s}".format(data.encode("hex"))) + #else: + # print("Wrote {!r}".format(data)) + + +def _read(dst): + res = "" + x = dst.read(1) + while not x: + x = dst.read(1) + while x: + res += x + x = dst.read(1) + #print ("Read {!r}".format(res)) + return res + +wheel_pin = 'YouReallyNeedToChangeThisPINRightNowWeAreNotKidding' + +def _execute(dst, cmd): + global wheel_pin + pin = None + if args.username == 'wheel': + pin = wheel_pin + _write(dst, "\r") + prompt = _read(dst) + if prompt.endswith("Username: "): + _write(dst, args.username + "\r") + prompt = _read(dst) + if prompt.endswith("Password: "): + if not pin: + pin = getpass.getpass("{} PIN: ".format(args.username)) + _write(dst, pin + "\r") + prompt = _read(dst) + if not prompt.endswith(("> ", "# ")): + print("Device does not seem to be ready for a file transfer (got {!r})".format(prompt)) + return prompt + _write(dst, cmd + "\r") + response = _read(dst) + return response + +def send_file(src, size, args, dst): + if args.fpga: + chunk_size = FPGA_CHUNK_SIZE + response = _execute(dst, "fpga bitstream upload") + elif args.firmware: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "firmware upload") + if "Rebooting" in response: + response = _execute(dst, "firmware upload") + elif args.bootloader: + chunk_size = FIRMWARE_CHUNK_SIZE + response = _execute(dst, "bootloader upload") + if "Access denied" in response: + print "Access denied" + return False + if not "OK" in response: + print("Device did not accept the upload command (got {!r})".format(response)) + return False + + crc = 0 + counter = 0 + # 1. Write size of file (4 bytes) + _write(dst, struct.pack("<I", size)) + response = _read(dst) + if not response.startswith("Send "): + print response + return False + + # 2. Write file contents while calculating CRC-32 + while True: + data = src.read(chunk_size) + if not data: + break + dst.write(data) + print("Wrote {!s} bytes (chunk {!s}/{!s})".format(len(data), counter, int(size / chunk_size))) + # read ACK (a counter of number of 4k chunks received) + while True: + ack_bytes = dst.read(4) + if len(ack_bytes) == 4: + break + print("ERROR: Did not receive an ACK, got {!r}".format(ack_bytes)) + dst.write("\r") # eventually get back to the CLI prompt + ack = struct.unpack("<I", ack_bytes)[0] + if ack != counter + 1: + print("ERROR: Did not receive the expected counter as ACK (got {!r}/{!r}, not {!r})".format(ack, ack_bytes, counter)) + flush = dst.read(100) + print("FLUSH data: {!r}".format(flush)) + return False + counter += 1 + + crc = crc32(data, crc) & 0xffffffff + + _read(dst) + + # 3. Write CRC-32 (4 bytes) + _write(dst, struct.pack("<I", crc)) + response = _read(dst) + print response + + src.close() + + if args.fpga: + # tell the fpga to read its new configuration + _execute(dst, "fpga reset") + + if args.fpga or args.bootloader: + # log out of the CLI + # firmware upgrade reboots, doesn't need an exit + _execute(dst, "exit") + + return True + + +dire_bootloader_warning = ''' + WARNING + +Updating the bootloader risks bricking your HSM! If something goes +badly wrong here, or you upload a bad bootloader image, you will not +be able to recover without an ST-LINK programmer. + +In most cases a normal "--firmware" upgrade should be all that is +necessary to bring your HSM up to date, there is seldom any real need +to update the bootloader. + +Do not proceed with this unless you REALLY know what you are doing. + +If you got here by accident, ^C now, without answering the PIN prompt. +''' + + +def main(): + global args + args = parse_args() + + if args.bootloader and not args.simon_says_whack_my_bootloader: + sys.exit("You didn't say \"Simon says\"") + + if args.bootloader: + print dire_bootloader_warning + + if args.explicit_image is None and args.firmware_tarball is None: + sys.exit("No source file specified for upload and firmware tarball not found") + + if args.explicit_image: + src = args.explicit_image # file-like object, thanks to argparse + size = os.fstat(src.fileno()).st_size + if size == 0: # Flashing from stdin won't work, sorry + sys.exit("Can't flash from a pipe or zero-length file") + print "Uploading from explicitly-specified file {}".format(args.explicit_image.name) + + else: + tar = tarfile.open(fileobj = args.firmware_tarball) + print "Firmware tarball {} content:".format(args.firmware_tarball.name) + tar.list(True) + if args.fpga: + name = "alpha_fmc.bit" + elif args.firmware: + name = "hsm.bin" + elif args.bootloader: + name = "bootloader.bin" + else: + # Somebody updated other part of this script without updating this part :( + sys.exit("Don't know which component to select from firmware tarball, sorry") + try: + size = tar.getmember(name).size + except KeyError: + sys.exit("Expected component {} missing from firmware tarball {}".format(name, args.firmware_tarball.name)) + src = tar.extractfile(name) + print "Uploading {} from {}".format(name, args.firmware_tarball.name) + + print "Initializing serial port and synchronizing with HSM, this may take a few seconds" + dst = serial.Serial(args.device, 921600, timeout = 2) + send_file(src, size, args, dst) + dst.close() + + +if __name__ == "__main__": + try: + main() + except KeyboardInterrupt: + pass diff --git a/bin/flash-target b/bin/flash-target new file mode 100755 index 0000000..cef709d --- /dev/null +++ b/bin/flash-target @@ -0,0 +1,38 @@ +#!/bin/sh + +PROJ="${1?'project'}" +OPENOCD=openocd + +# location of OpenOCD Board .cfg files (only used with 'make flash-target') +# +# This path is from Ubuntu 14.04. +# +OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board + +# Configuration (cfg) file containing programming directives for OpenOCD +# +# If you are using an STLINK v2.0 from an STM32 F4 DISCOVERY board, +# set this variable to "stm32f4discovery.cfg". +# +# If you are using an STLINK v2.1 from an STM32 F4 NUCLEO board, +# set this variable to "st_nucleo_f401re.cfg". +# +# If you are using something else, look for a matching configuration file in +# the OPENOCD_BOARD_DIR directory. +# +OPENOCD_PROC_FILE=stm32f4discovery.cfg +if [ "x`lsusb -d 0483:374b`" != "x" ]; then + for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do + if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then + OPENOCD_PROC_FILE="$fn" + fi + done +fi + +# This used to be "... verify reset exit", but that fails on Debian Jessie. +# The Net of a Million Lies claims that the "exit" is unnecessary, so the +# simplest solution is just to omit it. Should this turn out to be a mistake, +# well, we'll have to do something more clever to deal with these silly version +# skew problems between the several versions of openocd in current use. + +$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "program $PROJ.elf verify exit" # reset diff --git a/bin/reset b/bin/reset new file mode 100755 index 0000000..8190805 --- /dev/null +++ b/bin/reset @@ -0,0 +1,31 @@ +#!/bin/sh + +OPENOCD=openocd + +# location of OpenOCD Board .cfg files (only used with 'make flash-target') +# +# This path is from Ubuntu 14.04. +# +OPENOCD_BOARD_DIR=/usr/share/openocd/scripts/board + +# Configuration (cfg) file containing programming directives for OpenOCD +# +# If you are using an STLINK v2.0 from an STM32 F4 DISCOVERY board, +# set this variable to "stm32f4discovery.cfg". +# +# If you are using an STLINK v2.1 from an STM32 F4 NUCLEO board, +# set this variable to "st_nucleo_f401re.cfg". +# +# If you are using something else, look for a matching configuration file in +# the OPENOCD_BOARD_DIR directory. +# +OPENOCD_PROC_FILE=stm32f4discovery.cfg +if [ "x`lsusb -d 0483:374b`" != "x" ]; then + for fn in st_nucleo_f4.cfg st_nucleo_f401re.cfg; do + if [ -f "$OPENOCD_BOARD_DIR/$fn" ]; then + OPENOCD_PROC_FILE="$fn" + fi + done +fi + +$OPENOCD -f $OPENOCD_BOARD_DIR/$OPENOCD_PROC_FILE -c "init" -c "reset run" -c "exit" @@ -0,0 +1,39 @@ +#!/bin/bash + +set -e + +echo "##########################################" +echo "# Flashing bootloader" +echo "##########################################" +./bin/flash-target bootloader + +echo "##########################################" +echo "# Flashing temporary HSM firmware" +echo "##########################################" +./bin/flash-target hsm +./bin/reset +sleep 5 + +echo "##########################################" +echo "# Uploading bitstream" +echo "##########################################" + +./bin/cryptech_upload --fpga --username wheel + +echo "##########################################" +echo "# Programming AVR" +echo "##########################################" +avrdude -c usbtiny -p attiny828 -U flash:w:tamper.hex + +echo "##########################################" +echo "# Flashing official STM32 firmware" +echo "##########################################" +./bin/cryptech_upload --firmware --username wheel +./bin/reset +sleep 15 + +echo "##########################################" +echo "# Checking FPGA" +echo "##########################################" +./bin/cryptech_runcmd --username wheel "fpga show cores" + |