From a037c89ebd1b91cc8e118b32bb313e7d89f03311 Mon Sep 17 00:00:00 2001 From: William Vinnicombe Date: Mon, 24 Feb 2025 15:30:29 +0000 Subject: [PATCH] Remove update-key.cmake This is not necessary anymore, now picotool writes the AES key to otp json files Fixes #613 --- bootloaders/encrypted/CMakeLists.txt | 6 +- bootloaders/encrypted/otp.json | 139 +------------------- bootloaders/encrypted/update-key.cmake | 23 ---- encrypted/hello_encrypted/CMakeLists.txt | 6 +- encrypted/hello_encrypted/otp.json | 140 +-------------------- encrypted/hello_encrypted/update-key.cmake | 23 ---- 6 files changed, 5 insertions(+), 332 deletions(-) delete mode 100644 bootloaders/encrypted/update-key.cmake delete mode 100644 encrypted/hello_encrypted/update-key.cmake diff --git a/bootloaders/encrypted/CMakeLists.txt b/bootloaders/encrypted/CMakeLists.txt index 65cf86f78..44180c4f6 100644 --- a/bootloaders/encrypted/CMakeLists.txt +++ b/bootloaders/encrypted/CMakeLists.txt @@ -4,11 +4,7 @@ add_executable(enc_bootloader aes.S ) -# Add command to update otp.json if privateaes.bin changes -add_custom_command(OUTPUT ${CMAKE_CURRENT_LIST_DIR}/otp.json - COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_LIST_DIR}/update-key.cmake" - DEPENDS ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin) -# Copy that otp.json file to build directory +# Copy otp.json file to build directory add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json" DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json) diff --git a/bootloaders/encrypted/otp.json b/bootloaders/encrypted/otp.json index e6393cfb0..4c671139a 100644 --- a/bootloaders/encrypted/otp.json +++ b/bootloaders/encrypted/otp.json @@ -1,142 +1,5 @@ { - "30:0" : - { - "ecc" : true, - "value" : - [ - "0x31", - "0xb6", - "0xd8", - "0x18", - "0x23", - "0x2e", - "0x7b", - "0x7c", - "0xa3", - "0xb1", - "0xb7", - "0x90", - "0x7b", - "0x2f", - "0x41", - "0xd2", - "0x51", - "0xb5", - "0x03", - "0x62", - "0xd6", - "0x21", - "0x0c", - "0xb5", - "0x8d", - "0x17", - "0xe6", - "0xd5", - "0x6b", - "0x0d", - "0x87", - "0x8d", - "0x2b", - "0x74", - "0xa4", - "0xba", - "0xb9", - "0x14", - "0x75", - "0x88", - "0x9b", - "0x05", - "0x2d", - "0x32", - "0x51", - "0xc1", - "0x35", - "0x09", - "0x78", - "0xbb", - "0x6d", - "0xc2", - "0xbb", - "0xa6", - "0x5e", - "0x95", - "0xa2", - "0x29", - "0x32", - "0x34", - "0x5b", - "0x2c", - "0xd3", - "0xf8", - "0x5d", - "0xe2", - "0x5f", - "0x23", - "0xeb", - "0x27", - "0xa4", - "0xcd", - "0xb0", - "0x8e", - "0xf4", - "0x6e", - "0x94", - "0x86", - "0x19", - "0x93", - "0x3a", - "0xd8", - "0x97", - "0x65", - "0x29", - "0x25", - "0x57", - "0x65", - "0x49", - "0x03", - "0xfe", - "0xc6", - "0xe9", - "0x8b", - "0xa3", - "0x7e", - "0x2b", - "0x53", - "0x80", - "0x68", - "0xdd", - "0x05", - "0x10", - "0x17", - "0xca", - "0xc3", - "0xa8", - "0x04", - "0x8d", - "0x12", - "0xaf", - "0xd9", - "0x49", - "0xa9", - "0x6d", - "0x90", - "0x7c", - "0xb3", - "0x63", - "0x4f", - "0x36", - "0xc5", - "0x00", - "0xb5", - "0x71", - "0x74", - "0xe6", - "0x9a" - ] - }, "OTP_DATA_KEY1" : [ 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7 ], "OTP_DATA_KEY1_VALID" : "0x010101", - "OTP_DATA_KEY2" : [ 7, 7, 6, 6, 5, 5, 4, 4, 3, 3, 2, 2, 1, 1, 0, 0 ], - "OTP_DATA_KEY2_VALID" : "0x010101", - "PAGE30_LOCK0" : "0x4a4a4a" + "PAGE30_LOCK0" : "0x494949" } diff --git a/bootloaders/encrypted/update-key.cmake b/bootloaders/encrypted/update-key.cmake deleted file mode 100644 index 2beb8e983..000000000 --- a/bootloaders/encrypted/update-key.cmake +++ /dev/null @@ -1,23 +0,0 @@ -if (CMAKE_VERSION VERSION_LESS 3.19) - # Check if keyfile is not the default, and print warning - file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX) - if (NOT ${key_file} STREQUAL "31b6d818232e7b7ca3b1b7907b2f41d251b50362d6210cb58d17e6d56b0d878d2b74a4bab91475889b052d3251c1350978bb6dc2bba65e95a22932345b2cd3f85de25f23eb27a4cdb08ef46e948619933ad89765292557654903fec6e98ba37e2b538068dd051017cac3a8048d12afd949a96d907cb3634f36c500b57174e69a") - message(WARNING - "Encrypted bootloader AES key not updated in otp.json file, as CMake version is < 3.19" - " - you will need to change the key in otp.json manually and re-run the build" - ) - endif() -else() - # Read the JSON file. - file(READ ${CMAKE_CURRENT_LIST_DIR}/otp.json json_string) - # Read the key file - file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX) - - # adds '0x' prefix, comma suffix, and quotes for every byte - string(REGEX REPLACE "([0-9a-f][0-9a-f])" "\"0x\\1\", " key_file ${key_file}) - set(key_file_json "[${key_file}]") - - string(JSON json_string SET ${json_string} "30:0" "value" ${key_file_json}) - - file(WRITE ${CMAKE_CURRENT_LIST_DIR}/otp.json ${json_string}) -endif() diff --git a/encrypted/hello_encrypted/CMakeLists.txt b/encrypted/hello_encrypted/CMakeLists.txt index 78225be50..7f72ece66 100644 --- a/encrypted/hello_encrypted/CMakeLists.txt +++ b/encrypted/hello_encrypted/CMakeLists.txt @@ -19,11 +19,7 @@ pico_set_binary_version(hello_encrypted MAJOR 7 MINOR 3) # set tbyb (optional) # target_compile_definitions(hello_encrypted PRIVATE PICO_CRT0_IMAGE_TYPE_TBYB=1) -# Add command to update otp.json if privateaes.bin changes -add_custom_command(OUTPUT ${CMAKE_CURRENT_LIST_DIR}/otp.json - COMMAND ${CMAKE_COMMAND} -P "${CMAKE_CURRENT_LIST_DIR}/update-key.cmake" - DEPENDS ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin) -# Copy that otp.json file to build directory +# Copy otp.json file to build directory add_custom_command(OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/otp.json COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_CURRENT_LIST_DIR}/otp.json" "${CMAKE_CURRENT_BINARY_DIR}/otp.json" DEPENDS ${CMAKE_CURRENT_LIST_DIR}/otp.json) diff --git a/encrypted/hello_encrypted/otp.json b/encrypted/hello_encrypted/otp.json index 466b7d85d..2a4bbe2c4 100644 --- a/encrypted/hello_encrypted/otp.json +++ b/encrypted/hello_encrypted/otp.json @@ -1,141 +1,5 @@ { - "29:0" : - { - "ecc" : true, - "value" : - [ - "0x31", - "0xb6", - "0xd8", - "0x18", - "0x23", - "0x2e", - "0x7b", - "0x7c", - "0xa3", - "0xb1", - "0xb7", - "0x90", - "0x7b", - "0x2f", - "0x41", - "0xd2", - "0x51", - "0xb5", - "0x03", - "0x62", - "0xd6", - "0x21", - "0x0c", - "0xb5", - "0x8d", - "0x17", - "0xe6", - "0xd5", - "0x6b", - "0x0d", - "0x87", - "0x8d", - "0x2b", - "0x74", - "0xa4", - "0xba", - "0xb9", - "0x14", - "0x75", - "0x88", - "0x9b", - "0x05", - "0x2d", - "0x32", - "0x51", - "0xc1", - "0x35", - "0x09", - "0x78", - "0xbb", - "0x6d", - "0xc2", - "0xbb", - "0xa6", - "0x5e", - "0x95", - "0xa2", - "0x29", - "0x32", - "0x34", - "0x5b", - "0x2c", - "0xd3", - "0xf8", - "0x5d", - "0xe2", - "0x5f", - "0x23", - "0xeb", - "0x27", - "0xa4", - "0xcd", - "0xb0", - "0x8e", - "0xf4", - "0x6e", - "0x94", - "0x86", - "0x19", - "0x93", - "0x3a", - "0xd8", - "0x97", - "0x65", - "0x29", - "0x25", - "0x57", - "0x65", - "0x49", - "0x03", - "0xfe", - "0xc6", - "0xe9", - "0x8b", - "0xa3", - "0x7e", - "0x2b", - "0x53", - "0x80", - "0x68", - "0xdd", - "0x05", - "0x10", - "0x17", - "0xca", - "0xc3", - "0xa8", - "0x04", - "0x8d", - "0x12", - "0xaf", - "0xd9", - "0x49", - "0xa9", - "0x6d", - "0x90", - "0x7c", - "0xb3", - "0x63", - "0x4f", - "0x36", - "0xc5", - "0x00", - "0xb5", - "0x71", - "0x74", - "0xe6", - "0x9a" - ] - }, "OTP_DATA_KEY1" : [ 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7 ], "OTP_DATA_KEY1_VALID" : "0x010101", - "PAGE29_LOCK0" : "0x494949", - "PAGE29_LOCK1" : "0x3d3d3d" -} \ No newline at end of file + "PAGE29_LOCK0" : "0x494949" +} diff --git a/encrypted/hello_encrypted/update-key.cmake b/encrypted/hello_encrypted/update-key.cmake deleted file mode 100644 index 40b6750fe..000000000 --- a/encrypted/hello_encrypted/update-key.cmake +++ /dev/null @@ -1,23 +0,0 @@ -if (CMAKE_VERSION VERSION_LESS 3.19) - # Check if keyfile is not the default, and print warning - file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX) - if (NOT ${key_file} STREQUAL "31b6d818232e7b7ca3b1b7907b2f41d251b50362d6210cb58d17e6d56b0d878d2b74a4bab91475889b052d3251c1350978bb6dc2bba65e95a22932345b2cd3f85de25f23eb27a4cdb08ef46e948619933ad89765292557654903fec6e98ba37e2b538068dd051017cac3a8048d12afd949a96d907cb3634f36c500b57174e69a") - message(WARNING - "AES key not updated in otp.json file, as CMake version is < 3.19" - " - you will need to change the key in otp.json manually and re-run the build" - ) - endif() -else() - # Read the JSON file. - file(READ ${CMAKE_CURRENT_LIST_DIR}/otp.json json_string) - # Read the key file - file(READ ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin key_file HEX) - - # adds '0x' prefix, comma suffix, and quotes for every byte - string(REGEX REPLACE "([0-9a-f][0-9a-f])" "\"0x\\1\", " key_file ${key_file}) - set(key_file_json "[${key_file}]") - - string(JSON json_string SET ${json_string} "29:0" "value" ${key_file_json}) - - file(WRITE ${CMAKE_CURRENT_LIST_DIR}/otp.json ${json_string}) -endif()