diff options
author | Rob Austein <sra@hactrn.net> | 2020-09-13 23:04:30 +0000 |
---|---|---|
committer | Rob Austein <sra@hactrn.net> | 2020-09-13 23:04:30 +0000 |
commit | b092ffbcbe2c9398494f7dc9db6f0796971633e0 (patch) | |
tree | 6fabf690f1ebf485a9fea9af5298e44ad2a59a3e /raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper | |
parent | 9d927e49d9c10fc16c6dfa4a2a96cdb6216e4e2b (diff) |
Import Cryptech wiki dump
Diffstat (limited to 'raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper')
-rw-r--r-- | raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper b/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper new file mode 100644 index 0000000..3763df2 --- /dev/null +++ b/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper @@ -0,0 +1,127 @@ +{{{ +#!htmlcomment + +This page is maintained automatically by a script. Don't modify this page by hand, +your changes will just be overwritten the next time the script runs. Talk to your +Friendly Neighborhood Repository Maintainer if you need to change something here. + +}}} + +{{{ +#!html +<h1>Cryptech tamper detection</h1> + +<p>This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha +board, rev02, implementing tamper detection and master key erasure.</p> + +<h2>Overview</h2> + +<pre><code> ************* + * P A N I C * + * button * + ************* + / + / + / +AVR ---- SPI mux ---- FPGA + | | + | ARM + MKM + +AVR -- Atmel MCU +FPGA -- FPGA +MKM -- Master Key Memory, 23K640 SRAM +SPI mux -- 2 x MC74AC244DW +ARM -- ARM CPU +</code></pre> + +<p>The MKM holds the master key for the device.</p> + +<p>The AVR, MKM and the mux are all battery powered.</p> + +<p>The AVR and the FPGA are both sharing access to the MKM through the +mux, with the AVR connected to the pins used for deciding who's in +control of the memory. If the AVR doesn't actively grab control of the +MKM, the FPGA is in control.</p> + +<p>When the panic button is pressed, the AVR takes control over the MKM +and writes zeros to it as quickly as possible. In idle mode, i.e. when +the panic button is not pressed, the AVR tries to consume as little +power as possible.</p> + +<h2>Building the software</h2> + +<p>To build a .hex file suitible for uploading to a board with a +ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a +Debian system, the following command can be used for installing both:</p> + +<pre><code>apt-get install gcc-avr binutils-avr avr-libc +</code></pre> + +<p>To build tamper.hex, type 'make' in this directory.</p> + +<p>To upload a .hex file to a board, the program avrdude can be used. On +a Debian system, the following command can be used for installing +avrdude:</p> + +<pre><code>apt-get install avrdude +</code></pre> + +<p>If configuration for ATtiny828 is missing, the file attiny828.conf in +this directory could be appended to avrdude.conf:</p> + +<pre><code>cat attiny828.conf >> /etc/avrdude.conf +</code></pre> + +<p>Often, a piece of hardware called "SPI programmer" is needed in order +to upload the .hex file to the target system. The one I've been using +has "sparkfun.com" printed on it. This small board has a mini-USB port +to connect to a host system and a header with SPI pins to connect to a +board with an AVR on it.</p> + +<p>To upload a .hex file to a board, use the upload.sh shell script in +this directory with the name of the file as the only argument:</p> + +<pre><code>./upload.sh tamper.hex +</code></pre> + +<p>Depending on permissions on your host system you might want to run the +upload script as root.</p> + +<h2>GPIO on Cryptech HSM rev.03</h2> + +<p>The GPIO ports are located on JP5 (AVR_GPIO). From left to right, as seen when the marking is above the connector, the ports are:</p> + +<ol> +<li>3V3</li> +<li>PORTC0</li> +<li>PORTC1</li> +<li>PORTC2</li> +<li>PORTC3</li> +<li>PORTC4</li> +<li>PORTC5</li> +<li>PORTC6</li> +<li>PORTC7 +<ol> +<li>GND</li> +</ol></li> +</ol> + +<h2>Dependencies</h2> + +<h3>Debian</h3> + +<ul> +<li>apt-get install gcc-avr binutils-avr avr-libc avrdude</li> +</ul> + +<h3>Fedora</h3> + +<ul> +<li>dnf install avrdude avr-gcc avr-libc</li> +</ul> +}}} + +[[RepositoryIndex(format=table,glob=user/jakob/tamper)]] + +|| Clone `https://git.cryptech.is/user/jakob/tamper.git` || |