From b092ffbcbe2c9398494f7dc9db6f0796971633e0 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 13 Sep 2020 23:04:30 +0000 Subject: Import Cryptech wiki dump --- .../GitRepositories%2Fuser%2Fjakob%2Ftamper | 127 +++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper (limited to 'raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper') diff --git a/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper b/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper new file mode 100644 index 0000000..3763df2 --- /dev/null +++ b/raw-wiki-dump/GitRepositories%2Fuser%2Fjakob%2Ftamper @@ -0,0 +1,127 @@ +{{{ +#!htmlcomment + +This page is maintained automatically by a script. Don't modify this page by hand, +your changes will just be overwritten the next time the script runs. Talk to your +Friendly Neighborhood Repository Maintainer if you need to change something here. + +}}} + +{{{ +#!html +

Cryptech tamper detection

+ +

This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha +board, rev02, implementing tamper detection and master key erasure.

+ +

Overview

+ +
   *************
+   * P A N I C *
+   *   button  *
+   *************
+    /
+   /
+  /
+AVR ---- SPI mux ---- FPGA
+            |          |
+            |         ARM
+           MKM
+
+AVR -- Atmel MCU
+FPGA -- FPGA
+MKM -- Master Key Memory, 23K640 SRAM
+SPI mux -- 2 x MC74AC244DW
+ARM -- ARM CPU
+
+ +

The MKM holds the master key for the device.

+ +

The AVR, MKM and the mux are all battery powered.

+ +

The AVR and the FPGA are both sharing access to the MKM through the +mux, with the AVR connected to the pins used for deciding who's in +control of the memory. If the AVR doesn't actively grab control of the +MKM, the FPGA is in control.

+ +

When the panic button is pressed, the AVR takes control over the MKM +and writes zeros to it as quickly as possible. In idle mode, i.e. when +the panic button is not pressed, the AVR tries to consume as little +power as possible.

+ +

Building the software

+ +

To build a .hex file suitible for uploading to a board with a +ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a +Debian system, the following command can be used for installing both:

+ +
apt-get install gcc-avr binutils-avr avr-libc
+
+ +

To build tamper.hex, type 'make' in this directory.

+ +

To upload a .hex file to a board, the program avrdude can be used. On +a Debian system, the following command can be used for installing +avrdude:

+ +
apt-get install avrdude
+
+ +

If configuration for ATtiny828 is missing, the file attiny828.conf in +this directory could be appended to avrdude.conf:

+ +
cat attiny828.conf >> /etc/avrdude.conf
+
+ +

Often, a piece of hardware called "SPI programmer" is needed in order +to upload the .hex file to the target system. The one I've been using +has "sparkfun.com" printed on it. This small board has a mini-USB port +to connect to a host system and a header with SPI pins to connect to a +board with an AVR on it.

+ +

To upload a .hex file to a board, use the upload.sh shell script in +this directory with the name of the file as the only argument:

+ +
./upload.sh tamper.hex
+
+ +

Depending on permissions on your host system you might want to run the +upload script as root.

+ +

GPIO on Cryptech HSM rev.03

+ +

The GPIO ports are located on JP5 (AVR_GPIO). From left to right, as seen when the marking is above the connector, the ports are:

+ +
    +
  1. 3V3
  2. +
  3. PORTC0
  4. +
  5. PORTC1
  6. +
  7. PORTC2
  8. +
  9. PORTC3
  10. +
  11. PORTC4
  12. +
  13. PORTC5
  14. +
  15. PORTC6
  16. +
  17. PORTC7 +
      +
    1. GND
    2. +
  18. +
+ +

Dependencies

+ +

Debian

+ + + +

Fedora

+ + +}}} + +[[RepositoryIndex(format=table,glob=user/jakob/tamper)]] + +|| Clone `https://git.cryptech.is/user/jakob/tamper.git` || -- cgit v1.2.3