flesh out backup register interfaces

- adds API for retrieving & setting the ephemeral key. This is
a key that is erased by a power-on reset, but is preserved between
deep-sleep sleep/wake cycles. It is intended for securing a lock
PIN, and can be up to 192 bits long.

- adds API for checking the warm boot flags, which are also stored
in the backup registers.

Author: bunnie

libs/bao1x-api/src/lib.rs

@@ -18,7 +18,7 @@ pub mod signatures;
 pub use offsets::*;
 pub mod clocks;
 pub mod pubkeys;
-use arbitrary_int::u31;
+use arbitrary_int::u30;
 use bitbybit::bitfield;
 pub use clocks::*;
 pub mod bio;
@@ -65,8 +65,13 @@ pub const AUTO_AUDIT_LIMIT: u32 = 3;
 #[bitfield(u32)]
 #[derive(PartialEq, Eq, Debug)]
 pub struct BackupFlags {
-    #[bits(1..=31, rw)]
-    reserved: u31,
+    #[bits(2..=31, rw)]
+    reserved: u30,
+    /// When true, the system has previously booted. This is reserved for OS-level management. It is
+    /// not automatically managed by the bootloader. However, after an AORST_N, the flag should be `false`
+    /// by hardware design.
+    #[bit(1, rw)]
+    warm_boot: bool,
     /// When `false`, indicates that the time in the RTC register is not synchronized to the offset
     /// that is read from disk. Upon first encounter with an external time source, the offset should
     /// be captured and recorded to disk.

libs/bao1x-hal/src/buram.rs

@@ -1,7 +1,7 @@
 use core::ops::Range;
 
 const KEY_RANGE: Range<usize> = 2..8;
-const KEY_LEN: usize = range_len(KEY_RANGE) * size_of::<u32>();
+pub const KEY_LEN: usize = range_len(KEY_RANGE) * size_of::<u32>();
 const HASH_LOC: usize = 0;
 const FLAGS_LOC: usize = 1;
 

libs/keystore-api/src/gen2_api.rs

@@ -15,8 +15,15 @@ pub enum Opcode {
     AesOracle = 4,
     /// initiate key wrapper operation
     AesKwp = 5,
-    /// Ephemeral secret operations
-    EphemeralOp = 256,
+    /// Ephemeral secret operations. Split into MSB/LSB pairs, because we want to strictly use
+    /// scalar messages only for this. This helps to ensure to leakage of secrets to memory pages
+    /// (there is some risk of stack spillage, but this at least reduces the attack surface).
+    /// The ephemeral secret is 192 bits long - so the `Scalar` operation is split into 1x control
+    /// word, and 3x 32 bit words that transmit the secret.
+    Ephemeral = 256,
+    /// Flag operations
+    GetFlags = 512,
+    SetFlags = 513,
 
     // ----- below are non-cryptographic opcodes but used to manipulate sensitive state -----
     /// Set bootwait parameters
@@ -26,3 +33,11 @@ pub enum Opcode {
     /// Used to map unknown opcodes
     InvalidCall = 65535,
 }
+
+#[derive(num_derive::FromPrimitive, num_derive::ToPrimitive, Debug)]
+pub enum EphemeralOp {
+    GetLsb,
+    SetLsb,
+    GetMsb,
+    SetMsb,
+}

services/keystore/src/lib.rs

@@ -1,3 +1,4 @@
+use bao1x_api::BackupFlags;
 pub use cipher::{
     BlockBackend, BlockCipher, BlockClosure, BlockDecrypt, BlockEncrypt, BlockSizeUser, ParBlocksSizeUser,
     consts::U16, generic_array::GenericArray, inout::InOut,
@@ -208,6 +209,99 @@ impl Keystore {
             _ => unimplemented!(),
         }
     }
+
+    pub fn set_flags(&self, flags: BackupFlags) -> Result<(), xous::Error> {
+        xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(
+                Opcode::SetFlags.to_usize().unwrap(),
+                flags.raw_value() as usize,
+                0,
+                0,
+                0,
+            ),
+        )
+        .map(|_| ())
+    }
+
+    pub fn get_flags(&self) -> Result<BackupFlags, xous::Error> {
+        match xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(Opcode::GetFlags.to_usize().unwrap(), 0, 0, 0, 0),
+        )? {
+            xous::Result::Scalar5(_, flags, _, _, _) => Ok(BackupFlags::new_with_raw_value(flags as u32)),
+            _ => unimplemented!(),
+        }
+    }
+
+    pub fn set_ephemeral_key(&self, key: &[u8; bao1x_hal::buram::KEY_LEN]) -> Result<(), xous::Error> {
+        let offset = 0;
+        xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(
+                Opcode::Ephemeral.to_usize().unwrap(),
+                EphemeralOp::SetLsb.to_usize().unwrap(),
+                u32::from_le_bytes(key[offset..offset + 4].try_into().unwrap()) as usize,
+                u32::from_le_bytes(key[offset + 4..offset + 8].try_into().unwrap()) as usize,
+                u32::from_le_bytes(key[offset + 8..offset + 12].try_into().unwrap()) as usize,
+            ),
+        )
+        .map(|_| ())?;
+
+        let offset = bao1x_hal::buram::KEY_LEN / 2;
+        xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(
+                Opcode::Ephemeral.to_usize().unwrap(),
+                EphemeralOp::SetMsb.to_usize().unwrap(),
+                u32::from_le_bytes(key[offset..offset + 4].try_into().unwrap()) as usize,
+                u32::from_le_bytes(key[offset + 4..offset + 8].try_into().unwrap()) as usize,
+                u32::from_le_bytes(key[offset + 8..offset + 12].try_into().unwrap()) as usize,
+            ),
+        )
+        .map(|_| ())
+    }
+
+    pub fn get_ephemeral_key(&self) -> Result<[u8; bao1x_hal::buram::KEY_LEN], xous::Error> {
+        let mut key = [0u8; bao1x_hal::buram::KEY_LEN];
+        let offset = 0;
+        match xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(
+                Opcode::Ephemeral.to_usize().unwrap(),
+                EphemeralOp::GetLsb.to_usize().unwrap(),
+                0,
+                0,
+                0,
+            ),
+        )? {
+            xous::Result::Scalar5(_, _, arg2, arg3, arg4) => {
+                key[offset..offset + 4].copy_from_slice(&arg2.to_le_bytes());
+                key[offset + 4..offset + 8].copy_from_slice(&arg3.to_le_bytes());
+                key[offset + 8..offset + 12].copy_from_slice(&arg4.to_le_bytes());
+            }
+            _ => unimplemented!(),
+        }
+        let offset = bao1x_hal::buram::KEY_LEN / 2;
+        match xous::send_message(
+            self.conn,
+            xous::Message::new_blocking_scalar(
+                Opcode::Ephemeral.to_usize().unwrap(),
+                EphemeralOp::GetMsb.to_usize().unwrap(),
+                0,
+                0,
+                0,
+            ),
+        )? {
+            xous::Result::Scalar5(_, _, arg2, arg3, arg4) => {
+                key[offset..offset + 4].copy_from_slice(&arg2.to_le_bytes());
+                key[offset + 4..offset + 8].copy_from_slice(&arg3.to_le_bytes());
+                key[offset + 8..offset + 12].copy_from_slice(&arg4.to_le_bytes());
+            }
+            _ => unimplemented!(),
+        }
+        Ok(key)
+    }
 }
 
 use core::sync::atomic::{AtomicU32, Ordering};

services/keystore/src/platform/baosec/server.rs

@@ -1,3 +1,4 @@
+use bao1x_api::BackupFlags;
 use bao1x_hal::board::{BOOKEND_END, BOOKEND_START};
 use bao1x_hal::rram::Reram;
 use keystore_api::*;
@@ -52,9 +53,50 @@ pub fn keystore(sid: SID) -> ! {
                 store.aes_kwp(&mut kwp).expect("couldn't wrap key");
                 buffer.replace(kwp).unwrap();
             }
-            Opcode::EphemeralOp => {
-                // this will use the backup_mgr to store ephemeral secrets
-                todo!()
+            Opcode::Ephemeral => {
+                if let Some(scalar) = msg.body.scalar_message_mut() {
+                    let ephemeral_op: EphemeralOp =
+                        num_traits::FromPrimitive::from_usize(scalar.arg1).expect("invalid ephemeral op");
+                    let offset = match ephemeral_op {
+                        EphemeralOp::GetLsb | EphemeralOp::SetLsb => 0,
+                        EphemeralOp::GetMsb | EphemeralOp::SetMsb => bao1x_hal::buram::KEY_LEN / 2,
+                    };
+                    match ephemeral_op {
+                        EphemeralOp::SetLsb | EphemeralOp::SetMsb => {
+                            let mut key = backup_mgr.get_backup_key();
+                            key[offset..offset + 4].copy_from_slice(&scalar.arg2.to_le_bytes());
+                            key[offset + 4..offset + 8].copy_from_slice(&scalar.arg3.to_le_bytes());
+                            key[offset + 8..offset + 12].copy_from_slice(&scalar.arg4.to_le_bytes());
+                            // zeroize
+                            scalar.arg1 = 0;
+                            scalar.arg2 = 0;
+                            scalar.arg3 = 0;
+                            scalar.arg4 = 0;
+                            backup_mgr.set_backup_key(key);
+                        }
+                        EphemeralOp::GetLsb | EphemeralOp::GetMsb => {
+                            let key = backup_mgr.get_backup_key();
+                            scalar.arg2 =
+                                u32::from_le_bytes(key[offset..offset + 4].try_into().unwrap()) as usize;
+                            scalar.arg3 =
+                                u32::from_le_bytes(key[offset + 4..offset + 8].try_into().unwrap()) as usize;
+                            scalar.arg4 =
+                                u32::from_le_bytes(key[offset + 8..offset + 12].try_into().unwrap()) as usize;
+                        }
+                    }
+                }
+            }
+            Opcode::GetFlags => {
+                if let Some(scalar) = msg.body.scalar_message_mut() {
+                    let flags = backup_mgr.get_flags();
+                    scalar.arg1 = flags.raw_value() as usize;
+                }
+            }
+            Opcode::SetFlags => {
+                if let Some(scalar) = msg.body.scalar_message_mut() {
+                    let flag = BackupFlags::new_with_raw_value(scalar.arg1 as u32);
+                    backup_mgr.set_flags(flag);
+                }
             }
             Opcode::Bootwait => {
                 if let Some(scalar) = msg.body.scalar_message_mut() {