Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Overview
This pull request is a rough proof of concept for doing a software-based RSA2048, SHA256, PKCS1 v1.5 signature validation for apps.
Issues:
It uses the RustCrypto RSA library which needs an allocator. I'm using the https://docs.rs/emballoc/latest/emballoc/ because it seems to work.
It adds a RSA signature HIL. I'm not sure what that should look like.
The kernel binary is a lot bigger and I had to move the app address on hail to 0x40000.
I got a ton of errors like:
so I removed our custom build of
core
.I chose RSA2048 and SHA256 only because the ARM® TrustZone® Cryptocell 310 security subsystem on the nRF52840 supports those values.
This also builds on my attempt to differentiate processes based on credential checks with the sha256 credential.
Testing Strategy
Tockloader can add a credential to an app:
Then on hail this PR checks that the signature is correct.
I used Python to to get n and e for the verifier:
TODO or Help Wanted
A lot.
Documentation Updated
/docs
, or no updates are required.Formatting
make prepush
.