Cryptech tamper detection
This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha board, rev02, implementing tamper detection and master key erasure.
Overview
*************
* P A N I C *
* button *
*************
/
/
/
AVR ---- SPI mux ---- FPGA
| |
| ARM
MKM
AVR -- Atmel MCU
FPGA -- FPGA
MKM -- Master Key Memory, 23K640 SRAM
SPI mux -- 2 x MC74AC244DW
ARM -- ARM CPU
The MKM holds the master key for the device.
The AVR, MKM and the mux are all battery powered.
The AVR and the FPGA are both sharing access to the MKM through the mux, with the AVR connected to the pins used for deciding who's in control of the memory. If the AVR doesn't actively grab control of the MKM, the FPGA is in control.
When the panic button is pressed, the AVR takes control over the MKM and writes zeros to it as quickly as possible. In idle mode, i.e. when the panic button is not pressed, the AVR tries to consume as little power as possible.
Building the software
To build a .hex file suitible for uploading to a board with a ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a Debian system, the following command can be used for installing both:
apt-get install gcc-avr binutils-avr avr-libc
To build tamper.hex, type 'make' in this directory.
To upload a .hex file to a board, the program avrdude can be used. On a Debian system, the following command can be used for installing avrdude:
apt-get install avrdude
If configuration for ATtiny828 is missing, the file attiny828.conf in this directory could be appended to avrdude.conf:
cat attiny828.conf >> /etc/avrdude.conf
Often, a piece of hardware called "SPI programmer" is needed in order to upload the .hex file to the target system. The one I've been using has "sparkfun.com" printed on it. This small board has a mini-USB port to connect to a host system and a header with SPI pins to connect to a board with an AVR on it.
To upload a .hex file to a board, use the upload.sh shell script in this directory with the name of the file as the only argument:
./upload.sh tamper.hex
Depending on permissions on your host system you might want to run the upload script as root.