#!htmlcomment
This page is maintained automatically by a script. Don't modify this page by hand,
your changes will just be overwritten the next time the script runs. Talk to your
Friendly Neighborhood Repository Maintainer if you need to change something here.
#!html
<h1>Cryptech tamper detection</h1>
<p>This is software for the Atmel AVR ATtiny828 MCU on the Cryptech alpha
board, rev02, implementing tamper detection and master key erasure.</p>
<h2>Overview</h2>
<pre><code> *************
* P A N I C *
* button *
*************
/
/
/
AVR ---- SPI mux ---- FPGA
| |
| ARM
MKM
AVR -- Atmel MCU
FPGA -- FPGA
MKM -- Master Key Memory, 23K640 SRAM
SPI mux -- 2 x MC74AC244DW
ARM -- ARM CPU
</code></pre>
<p>The MKM holds the master key for the device.</p>
<p>The AVR, MKM and the mux are all battery powered.</p>
<p>The AVR and the FPGA are both sharing access to the MKM through the
mux, with the AVR connected to the pins used for deciding who's in
control of the memory. If the AVR doesn't actively grab control of the
MKM, the FPGA is in control.</p>
<p>When the panic button is pressed, the AVR takes control over the MKM
and writes zeros to it as quickly as possible. In idle mode, i.e. when
the panic button is not pressed, the AVR tries to consume as little
power as possible.</p>
<h2>Building the software</h2>
<p>To build a .hex file suitible for uploading to a board with a
ATTiny828, a C compiler for AVR is needed, as wells a objcopy. On a
Debian system, the following command can be used for installing both:</p>
<pre><code>apt-get install gcc-avr binutils-avr avr-libc
</code></pre>
<p>To build tamper.hex, type 'make' in this directory.</p>
<p>To upload a .hex file to a board, the program avrdude can be used. On
a Debian system, the following command can be used for installing
avrdude:</p>
<pre><code>apt-get install avrdude
</code></pre>
<p>If configuration for ATtiny828 is missing, the file attiny828.conf in
this directory could be appended to avrdude.conf:</p>
<pre><code>cat attiny828.conf >> /etc/avrdude.conf
</code></pre>
<p>Often, a piece of hardware called "SPI programmer" is needed in order
to upload the .hex file to the target system. The one I've been using
has "sparkfun.com" printed on it. This small board has a mini-USB port
to connect to a host system and a header with SPI pins to connect to a
board with an AVR on it.</p>
<p>To upload a .hex file to a board, use the upload.sh shell script in
this directory with the name of the file as the only argument:</p>
<pre><code>./upload.sh tamper.hex
</code></pre>
<p>Depending on permissions on your host system you might want to run the
upload script as root.</p>
<h2>GPIO on Cryptech HSM rev.03</h2>
<p>The GPIO ports are located on JP5 (AVR_GPIO). From left to right, as seen when the marking is above the connector, the ports are:</p>
<ol>
<li>3V3</li>
<li>PORTC0</li>
<li>PORTC1</li>
<li>PORTC2</li>
<li>PORTC3</li>
<li>PORTC4</li>
<li>PORTC5</li>
<li>PORTC6</li>
<li>PORTC7
<ol>
<li>GND</li>
</ol></li>
</ol>
<h2>Dependencies</h2>
<h3>Debian</h3>
<ul>
<li>apt-get install gcc-avr binutils-avr avr-libc avrdude</li>
</ul>
<h3>Fedora</h3>
<ul>
<li>dnf install avrdude avr-gcc avr-libc</li>
</ul>
[[RepositoryIndex(format=table,glob=user/jakob/tamper)]]
Clone https://git.cryptech.is/user/jakob/tamper.git |
|
