summaryrefslogtreecommitdiff
path: root/raw-wiki-dump/GitRepositories%2Fsw%2Fstm32
blob: 04bfcf09cb5f632eb7ad81d441cdbaf0db22e554 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
{{{
#!htmlcomment

This page is maintained automatically by a script.  Don't modify this page by hand,
your changes will just be overwritten the next time the script runs.  Talk to your
Friendly Neighborhood Repository Maintainer if you need to change something here.

}}}

{{{
#!html
<h1>STM32 firmware for Cryptech Alpha board</h1>

<p>The Alpha board is our first full prototype for an open-source hardware
security module (HSM). It is a custom board with an STM32 Cortex-M4
microcontroller and an Artix-7 FPGA, flash-based keystore, separate memory
for the Key Encryption Key, etc. See the <code>hardware</code> repository for
schematics and production files. See the wiki for design documents.</p>

<p>The code in this repository builds the firmware that provides the HSM
functionality on the Alpha board.</p>

<p>There is some residual code here to support the "dev-bridge" board, a
daughterboard for the Novena, which talks to the Novena's FPGA through the
high-speed expansion connector. Only a few of these boards were ever made,
and all development/testing ceased as soon as the Alpha became available,
so the dev-bridge should be considered deprecated, and support may be
removed in the future.</p>

<h1>Copyrights</h1>

<p>The license for all work done on this in the CrypTech project is a
3-clause BSD license.</p>

<p>Third-party components, as well as code generated using the
STMicroelectronics initialization code generator STM32CubeMX, or adapted
from STM example/support code, may have different licensing, detailed
below.</p>

<h1>Components</h1>

<h2>Libraries</h2>

<ul>
<li><p><code>mbed</code> - A stripped down copy of the ARM CMSIS library, copied from the
mbed github (see <code>libraries/mbed/README.txt</code> for details). The bulk of
this library is covered under 3-clause BSD licenses from either ARM or
STMicroelectronics, but one file is covered under an Apache license from
ARM.</p></li>
<li><p><code>libhal</code> - Build directory for our own Hardware Adaption Library
(hardware-independent Cryptech components). Source is expected to be in
<code>sw/libhal</code>.</p></li>
<li><p><code>libtfm</code> - Build directory for "Tom's Fast Math", which is used heavily
for bignum math in the RSA and ECDSA code. This code is covered under an
unrestricted public domain license, and source is expected to be in
<code>sw/thirdparty/libtfm</code>.</p></li>
<li><p><code>libcli</code> - Build directory for a third-party Command Line Interface
library. The source is not currently under <code>sw/thirdparty</code> because the
license is LGPLv2.1; we are negotiating to see if we can get a
BSD-compatible license for it.</p></li>
<li><p><code>libprof</code> - A port of the <code>gmon</code> profiling package, to be used in
development only, not in production code (obviously). The licensing is a
mix of BSD and "Cygwin license", which now seems to be LGPLv3.</p></li>
</ul>

<h2>Projects</h2>

<p>These directories build different firmware images for the Alpha board.</p>

<ul>
<li><p><code>hsm</code> - Firmware providing HSM functionality. Clients communicate via
RPC requests on the USER USB port, or interactively on the MGMT USB
port.</p></li>
<li><p><code>bootloader</code> - The first thing that runs on the device. It either starts
the primary firmware, or installs new firmware.</p></li>
<li><p><code>board-test</code> - Tests of hardware components.</p></li>
<li><p><code>cli-test</code> - Test of the CLI itself, plus some interactive tests of
hardware components. Duplicates way too much of the HSM CLI.</p></li>
<li><p><code>libhal-test</code> - A framework for running the libhal component
tests. Hasn't been run in a while, probably still works.</p></li>
</ul>

<h1>Building</h1>

<p>Our primary build environments are Debian and Ubuntu, but this should work
on any system with Gnu tools installed.</p>

<p>The following packages need to be installed:</p>

<pre><code>$ apt-get install gcc-arm-none-eabi gdb-arm-none-eabi openocd
</code></pre>

<p>The Makefile assumes that all Cryptech repositories have been fetched into
a canonical directory structure, e.g. <code>libhal</code> and <code>thirdparty</code> are
siblings to this directory, under <code>sw</code>.</p>

<p>To build the source code, issue <code>make</code> from the top level directory
(where this file is). The first time, this will build the complete STM
CMSIS library. A subsequent <code>make clean</code> will <em>not</em> clean away the CMSIS
library, but a <code>make distclean</code> will.</p>

<h1>Installing</h1>

<p>Do <code>bin/flash-target</code> from the top level directory (where this file is)
to flash a built image into the microcontroller. See the section ST-LINK
below for information about the actual hardware programming device needed.</p>

<p>Example loading the HSM firmware:</p>

<pre><code>$ make hsm
$ ./bin/flash-target projects/hsm/hsm
</code></pre>

<p>At this point, the STM32 will reset into the bootloader which flashes the
blue LED five times in one second, and then jumps to the primary firmware.</p>

<p>Once the bootloader is installed, regular firmware can be loaded without
an ST-LINK cable like this:</p>

<pre><code>$ cryptech_upload --firmware -i projects/hsm/hsm.bin
</code></pre>

<p>Then reboot the Alpha board.</p>

<h2>ST-LINK</h2>

<p>To program the MCU, an ST-LINK adapter is used. The cheapest way to get
one is to buy an evaluation board with an ST-LINK integrated, and pinouts
to program external chips. This should work with any evaluation board from
STM; we have tested with STM32F4DISCOVERY (with ST-LINK v2.0) and
NUCLEO-F411RE (with ST-LINK v2.1).</p>

<p>The ST-LINK programming pins is called J1 and is near the CrypTech logo
printed on the circuit board. The pin-outs is shown on the circuit board
(follow the thin white line from J1 to the white box with STM32_SWD
written in it). From left to right, the pins are</p>

<pre><code>3V3, CLK, GND, I/O, NRST and N/C
</code></pre>

<p>This matches the pin-out on the DISCO and NUCLEO boards we have tried.</p>

<p>First remove the pair of ST-LINK jumpers (CN4 on the DISCO, CN2 on the
NUCLEO). Then find the 6-pin SWD header on the left of the STM board (CN2
on the DISCO, CN4 on the NUCLEO), and connect them to the Alpha board:</p>

<pre><code>NUCLEO / DISCO           CRYPTECH ALPHA
--------------           --------------
* 1 VDD_TARGET      &lt;-&gt;  3V3
* 2 SWCLK / T_JTCK  &lt;-&gt;  CLK
* 3 GND             &lt;-&gt;  GND
* 4 SWDIO / T_JTMS  &lt;-&gt;  IO
* 5 NRST / T_NRST   &lt;-&gt;  NRST
* 6 N/C
</code></pre>

<p>The Alpha board should be powered on before attempting to flash it.</p>

<h2>Debugging the firmware</h2>

<p><a href="http://fun-tech.se/stm32/OpenOCD/gdb.php">This site</a> shows several ways
to use various debuggers to debug the firmware in an STM32.</p>

<p>There is a shell script called 'bin/debug' that starts an OpenOCD server
and GDB. Example:</p>

<pre><code>$ ./bin/debug projects/hsm/hsm
</code></pre>

<p>Once in GDB, issue <code>monitor reset halt</code> to reset the STM32 before debugging.</p>

<p>Remember that the first code to run will be the bootloader, but if you do
e.g. <code>break main</code> and <code>continue</code> you will end up in main() after the
bootloader has jumped there.</p>
}}}

[[RepositoryIndex(format=table,glob=sw/stm32)]]

|| Clone `https://git.cryptech.is/sw/stm32.git` ||