Add support for creating self-decrypting binaries #2315
+99
−10
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
will-v-pi
force-pushed
the
self-decrypting-only
branch
from
e684dcc to
4c7b909
Compare
For now, this function embeds the decrypting bootloader, but probably better to integrate (or replace) existing pico_encrypt_binary function
Add newlines for readability, and explain why MbedTLS version is insecure
will-v-pi
force-pushed
the
self-decrypting-only
branch
from
4c7b909 to
fd83496
Compare
will-v-pi
added a commit
to raspberrypi/picotool
that referenced
this pull request
Apr 22, 2025
…e examples compilation passes
lurch
reviewed
Apr 24, 2025
lurch
reviewed
Apr 24, 2025
lurch
reviewed
Apr 24, 2025
will-v-pi
added a commit
to raspberrypi/picotool
that referenced
this pull request
Apr 28, 2025
…e examples compilation passes
lurch
reviewed
Apr 28, 2025
| @@ -380,19 +404,59 @@ function(pico_embed_pt_in_binary TARGET PTFILE) | |||
| ) | |||
| endfunction() | |||
|
|
|||
| # pico_encrypt_binary(TARGET AESFILE [SIGFILE]) | |||
| # pico_encrypt_binary(TARGET AESFILE IVFILE [SIGFILE <file>] [EMBED] [MBEDTLS] [OTP_KEY_PAGE <page>]) | |||
There was a problem hiding this comment.
Is it worth preemptively adding your \param\ stuff from #2422 here too, or is it too early for that?
There was a problem hiding this comment.
I'll wait till that's merged, then rebase this and fix the issues that presumably pop up
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds extra functionality to the
pico_encrypt_binaryfunction to allow creating self-decrypting binaries, including specifying the OTP page to use for the AES key.pico_encrypt_binary(hello_encrypted ${CMAKE_CURRENT_LIST_DIR}/privateaes.bin ${CMAKE_CURRENT_LIST_DIR}/ivsalt.bin EMBED OTP_KEY_PAGE 29)The main non-backwards-compatible change is the addition of a new IV salt bin file which is required and must be passed as the second argument. This will break any uses of
pico_encrypt_binary, and has been added for security purposes, as we now salt the public IV with a salt stored in OTP.The other non-backwards-compatible change it that if you previously called:
you now need to call
due to the new argument parsing. I think that this is fine, because the only time you'd pass a separated
SIGFILEtopico_encrypt_binaryis when you're using a different signing key for the binary vs the encrypted blob, which is not a common use case.This PR requires use of the picotool encrypted-shares branch (raspberrypi/picotool#207), so should be merged after that.