Skip to content

Commit

Permalink
Merge branch 'master' into cred-protect
Browse files Browse the repository at this point in the history
  • Loading branch information
@kaczmarczyck
kaczmarczyck authored Jun 4, 2020
2 parents a95ef72 + 442769b commit 0aa6e57
Show file tree
Hide file tree
Showing 17 changed files with 667 additions and 228 deletions.
40 changes: 40 additions & 0 deletions .github/workflows/reproducible.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
name: Check that binaries are reproducible
on:
push:
pull_request:
types: [opened, synchronize, reopened]

jobs:
check_hashes:
strategy:
matrix:
os: [ubuntu-18.04, macos-10.15]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
- uses: actions-rs/toolchain@v1
with:
target: thumbv7em-none-eabi
- uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install Python dependencies
run: python -m pip install --upgrade pip setuptools wheel
- name: Set up OpenSK
run: ./setup.sh

- name: Use sample cryptographic material
run: rm -R crypto_data/ && cp -r reproducible/sample_crypto_data crypto_data
- name: Computing cryptographic hashes
run: ./reproduce_hashes.sh

- name: Upload reproduced binaries
uses: actions/upload-artifact@v1
with:
name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar

- name: Comparing cryptographic hashes
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum
66 changes: 57 additions & 9 deletions deploy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
"app_ldscript",
# Flash address at which the app should be written
"app_address",
# Flash address of the storage
"storage_address",
# Size of the storage
"storage_size",
# Target name for flashing the board using pyOCD
"pyocd_target",
# The cfg file in OpenOCD board folder
Expand Down Expand Up @@ -89,6 +93,8 @@
padding_address=0x30000,
app_ldscript="nrf52840_layout.ld",
app_address=0x40000,
storage_address=0xC0000,
storage_size=0x40000,
pyocd_target="nrf52840",
openocd_board="nordic_nrf52840_dongle.cfg",
openocd_options=[],
Expand All @@ -106,6 +112,8 @@
padding_address=0x30000,
app_ldscript="nrf52840_layout.ld",
app_address=0x40000,
storage_address=0xC0000,
storage_size=0x40000,
pyocd_target="nrf52840",
openocd_board="nordic_nrf52840_dongle.cfg",
openocd_options=[],
Expand All @@ -123,6 +131,8 @@
padding_address=0x30000,
app_ldscript="nrf52840_layout.ld",
app_address=0x40000,
storage_address=0xC0000,
storage_size=0x40000,
pyocd_target="nrf52840",
openocd_board="nordic_nrf52840_dongle.cfg",
openocd_options=[],
Expand All @@ -140,6 +150,8 @@
padding_address=0x30000,
app_ldscript="nrf52840_layout.ld",
app_address=0x40000,
storage_address=0xC0000,
storage_size=0x40000,
pyocd_target="nrf52840",
openocd_board="nordic_nrf52840_dongle.cfg",
openocd_options=[],
Expand Down Expand Up @@ -392,19 +404,18 @@ def create_tab_file(self, binaries):
assert self.args.application
info("Generating Tock TAB file for application/example {}".format(
self.args.application))
package_parameter = "-n"
elf2tab_ver = self.checked_command_output(["elf2tab", "--version"]).split(
" ", maxsplit=1)[1]
# Starting from v0.5.0-dev the parameter changed.
# Current pyblished crate is 0.4.0 but we don't want developers
# running the HEAD from github to be stuck
if "0.5.0-dev" in elf2tab_ver:
package_parameter = "--package-name"
"\n", maxsplit=1)[0]
if elf2tab_ver != "elf2tab 0.5.0":
error(
("Detected unsupported elf2tab version {!a}. The following "
"commands may fail. Please use 0.5.0 instead.").format(elf2tab_ver))
os.makedirs(self.tab_folder, exist_ok=True)
tab_filename = os.path.join(self.tab_folder,
"{}.tab".format(self.args.application))
elf2tab_args = [
"elf2tab", package_parameter, self.args.application, "-o", tab_filename
"elf2tab", "--deterministic", "--package-name", self.args.application,
"-o", tab_filename
]
if self.args.verbose_build:
elf2tab_args.append("--verbose")
Expand Down Expand Up @@ -494,6 +505,30 @@ def clear_apps(self):
info(("A non-critical error occurred while erasing "
"apps: {}".format(str(e))))

def clear_storage(self):
if self.args.programmer == "none":
return 0
info("Erasing the persistent storage")
board_props = SUPPORTED_BOARDS[self.args.board]
# Use tockloader if possible
if self.args.programmer in ("jlink", "openocd"):
storage = bytes([0xFF] * board_props.storage_size)
tock = loader.TockLoader(self.tockloader_default_args)
tock.open()
try:
tock.flash_binary(storage, board_props.storage_address)
except TockLoaderException as e:
fatal("Couldn't erase the persistent storage: {}".format(str(e)))
return 0
if self.args.programmer == "pyocd":
self.checked_command([
"pyocd", "erase", "--target={}".format(board_props.pyocd_target),
"--sector", "{}+{}".format(board_props.storage_address,
board_props.storage_size)
])
return 0
fatal("Programmer {} is not supported.".format(self.args.programmer))

# pylint: disable=protected-access
def verify_flashed_app(self, expected_app):
if self.args.programmer not in ("jlink", "openocd"):
Expand Down Expand Up @@ -595,7 +630,8 @@ def run(self):
self.check_prerequisites()
self.update_rustc_if_needed()

if not self.args.tockos and not self.args.application:
if not (self.args.tockos or self.args.application or
self.args.clear_storage):
info("Nothing to do.")
return 0

Expand All @@ -611,6 +647,10 @@ def run(self):
else:
self.build_example()

# Erase persistent storage
if self.args.clear_storage:
self.clear_storage()

# Flashing
board_props = SUPPORTED_BOARDS[self.args.board]
if self.args.programmer in ("jlink", "openocd"):
Expand Down Expand Up @@ -718,6 +758,14 @@ def main(args):
help=("When installing an application, previously installed "
"applications won't be erased from the board."),
)
main_parser.add_argument(
"--clear-storage",
action="store_true",
default=False,
dest="clear_storage",
help=("Erases the persistent storage when installing an application. "
"All stored data will be permanently lost."),
)
main_parser.add_argument(
"--programmer",
metavar="METHOD",
Expand Down
12 changes: 0 additions & 12 deletions layout.ld
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,18 +71,6 @@ SECTIONS {
. = ALIGN(32);
} > FLASH =0xFF

/* App state section. Used for persistent app data.
* We put this first because this is what libtock-c does. They provide the
* following explanation: if the app code changes but the persistent data
* doesn't, the app_state can be preserved.
*/
.wfr.app_state :
{
. = ALIGN(4K);
KEEP (*(.app_state))
. = ALIGN(4K);
} > FLASH =0xFFFFFFFF

/* Text section, Code! */
.text :
{
Expand Down
2 changes: 1 addition & 1 deletion libraries/cbor/src/writer.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ impl<'a> Writer<'a> {
return false;
}
match value {
Value::KeyValue(KeyType::Unsigned(unsigned)) => self.start_item(0, unsigned as u64),
Value::KeyValue(KeyType::Unsigned(unsigned)) => self.start_item(0, unsigned),
Value::KeyValue(KeyType::Negative(negative)) => {
self.start_item(1, -(negative + 1) as u64)
}
Expand Down
6 changes: 4 additions & 2 deletions nrf52840_layout.ld
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,10 @@
*/

MEMORY {
/* The application region is 64 bytes (0x40) */
FLASH (rx) : ORIGIN = 0x00040040, LENGTH = 0x000BFFC0
/* The application region is 64 bytes (0x40) and we reserve 0x40000 at the end
* of the flash for the persistent storage.
*/
FLASH (rx) : ORIGIN = 0x00040040, LENGTH = 0x0007FFC0
SRAM (rwx) : ORIGIN = 0x20020000, LENGTH = 128K
}

Expand Down
Loading

0 comments on commit 0aa6e57

Please sign in to comment.