aboutsummaryrefslogtreecommitdiff

Cryptech tamper detection

This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha board, rev02, implementing tamper detection and master key erasure.

Overview

   *************
   * P A N I C *
   *   button  *
   *************
    /
   /
  /
AVR ---- SPI mux ---- FPGA
            |          |
            |         ARM
           MKM

AVR -- Atmel MCU
FPGA -- FPGA
MKM -- Master Key Memory, 23K640 SRAM
SPI mux -- 2 x MC74AC244DW
ARM -- ARM CPU

The MKM holds the master key for the device.

The AVR, MKM and the mux are all battery powered.

The AVR and the FPGA are both sharing access to the MKM through the mux, with the AVR connected to the pins used for deciding who's in control of the memory. If the AVR doesn't actively grab control of the MKM, the FPGA is in control.

When the panic button is pressed, the AVR takes control over the MKM and writes zeros to it as quickly as possible. In idle mode, i.e. when the panic button is not pressed, the AVR tries to consume as little power as possible.

Building the software

To build a .hex file suitible for uploading to a board with a ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a Debian system, the following command can be used for installing both:

apt-get install gcc-avr binutils-avr avr-libc

To build tamper.hex, type 'make' in this directory.

To upload a .hex file to a board, the program avrdude can be used. On a Debian system, the following command can be used for installing avrdude:

apt-get install avrdude

If configuration for ATtiny828 is missing, the file attiny828.conf in this directory could be appended to avrdude.conf:

cat attiny828.conf >> /etc/avrdude.conf

Often, a piece of hardware called "SPI programmer" is needed in order to upload the .hex file to the target system. The one I've been using has "sparkfun.com" printed on it. This small board has a mini-USB port to connect to a host system and a header with SPI pins to connect to a board with an AVR on it.

To upload a .hex file to a board, use the upload.sh shell script in this directory with the name of the file as the only argument:

./upload.sh tamper.hex

Depending on permissions on your host system you might want to run the upload script as root.

GPIO on Cryptech HSM rev.03

The GPIO ports are located on JP5 (AVR_GPIO). From left to right, as seen when the marking is above the connector, the ports are:

  1. 3V3
  2. PORTC0
  3. PORTC1
  4. PORTC2
  5. PORTC3
  6. PORTC4
  7. PORTC5
  8. PORTC6
  9. PORTC7
  10. GND

Dependencies

Debian

  • apt-get install gcc-avr binutils-avr avr-libc avrdude

Fedora

  • dnf install avrdude avr-gcc avr-libc