diff --git a/Cargo.lock b/Cargo.lock index eecefc76..d0bb4646 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -157,7 +157,7 @@ version = "1.7.1" dependencies = [ "admin-app", "apdu-dispatch", - "bitflags 2.4.2", + "bitflags 2.5.0", "cbor-smol", "ctaphid-dispatch", "delog", @@ -292,7 +292,7 @@ version = "0.69.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a00dc851838a2120612785d195287475a3ac45514741da670b735818822129a0" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "cexpr", "clang-sys", "itertools", @@ -320,9 +320,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.4.2" +version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed570934406eb16438a4e976b1b4500774099c13b8cb96eec99f620f05090ddf" +checksum = "cf4b9d6a944f767f8e5e0db018570623c85f3d925ac718db4e06d0187adb21c1" [[package]] name = "block-buffer" @@ -2557,7 +2557,7 @@ version = "0.38.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" dependencies = [ - "bitflags 2.4.2", + "bitflags 2.5.0", "errno", "libc", "linux-raw-sys", @@ -2602,12 +2602,12 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" [[package]] name = "se05x" -version = "0.1.3" +version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19078295c6d78d07b8e80287421781639e5f7009019ae69dc883936ac89d17c6" +checksum = "e10275292b1bec845ff4a1c60910e74f2f1dfbd2575c220c57a9d7ee89db1072" dependencies = [ "aes", - "bitflags 2.4.2", + "bitflags 2.5.0", "cmac", "crc16", "delog", @@ -2642,7 +2642,7 @@ version = "0.13.0" source = "git+https://github.com/Nitrokey/trussed-secrets-app?tag=v0.13.0#d819e0121f8231f4f9b3f915c32c083bc5f0ad1f" dependencies = [ "apdu-dispatch", - "bitflags 2.4.2", + "bitflags 2.5.0", "block-padding", "cbor-smol", "ctaphid-dispatch", @@ -3173,10 +3173,10 @@ dependencies = [ [[package]] name = "trussed" version = "0.1.0" -source = "git+https://github.com/Nitrokey/trussed.git?tag=v0.1.0-nitrokey.19#2e7dd7c30bde38ff11f653b9f41a1780e7948bf7" +source = "git+https://github.com/nitrokey/trussed.git?tag=v0.1.0-nitrokey.20#40e312859ad1f6d4db8d4416d1f46558daf34819" dependencies = [ "aes", - "bitflags 2.4.2", + "bitflags 2.5.0", "cbc", "cbor-smol", "cfg-if", @@ -3269,9 +3269,10 @@ dependencies = [ [[package]] name = "trussed-se050-backend" version = "0.3.0" -source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?rev=23d3511276176da396b6c3e788cd1c2f4dd37c9d#23d3511276176da396b6c3e788cd1c2f4dd37c9d" +source = "git+https://github.com/Nitrokey/trussed-se050-backend.git?tag=v0.3.2#a8cf2ad8c1bf33649912a4d19a5488ec2651552e" dependencies = [ "admin-app", + "bitflags 2.5.0", "cbor-smol", "crypto-bigint", "delog", diff --git a/Cargo.toml b/Cargo.toml index d619cc7b..0957ba8c 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ cbor-smol = { git = "https://github.com/Nitrokey/cbor-smol.git", tag = "v0.4.0-n fido-authenticator = { git = "https://github.com/Nitrokey/fido-authenticator.git", tag = "v0.1.1-nitrokey.15" } lpc55-hal = { git = "https://github.com/Nitrokey/lpc55-hal", tag = "v0.3.0-nitrokey.2" } serde-indexed = { git = "https://github.com/nitrokey/serde-indexed.git", tag = "v0.1.0-nitrokey.2" } -trussed = { git = "https://github.com/Nitrokey/trussed.git", tag = "v0.1.0-nitrokey.19" } +trussed = { git = "https://github.com/nitrokey/trussed.git", tag = "v0.1.0-nitrokey.20" } # unreleased upstream changes apdu-dispatch = { git = "https://github.com/Nitrokey/apdu-dispatch.git", tag = "v0.1.2-nitrokey.3" } @@ -48,7 +48,7 @@ trussed-hkdf = { git = "https://github.com/trussed-dev/trussed-staging.git", tag trussed-rsa-alloc = { git = "https://github.com/trussed-dev/trussed-rsa-backend.git", rev = "9732a9a3e98af72112286afdc9b7174c66c2869a" } trussed-usbip = { git = "https://github.com/Nitrokey/pc-usbip-runner.git", tag = "v0.0.1-nitrokey.4" } trussed-se050-manage = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "se050-manage-v0.1.0" } -trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", rev = "23d3511276176da396b6c3e788cd1c2f4dd37c9d" } +trussed-se050-backend = { git = "https://github.com/Nitrokey/trussed-se050-backend.git", tag = "v0.3.2" } [profile.release] codegen-units = 1 diff --git a/components/apps/src/dispatch.rs b/components/apps/src/dispatch.rs index a54229de..bc50e226 100644 --- a/components/apps/src/dispatch.rs +++ b/components/apps/src/dispatch.rs @@ -61,7 +61,7 @@ pub struct Dispatch { hmacsha256p256: HmacSha256P256Backend, staging: StagingBackend, #[cfg(feature = "se050")] - se050: Option>, + pub(crate) se050: Option>, #[cfg(not(feature = "se050"))] __: PhantomData<(T, D)>, } diff --git a/components/apps/src/lib.rs b/components/apps/src/lib.rs index b8643219..a99f86c7 100644 --- a/components/apps/src/lib.rs +++ b/components/apps/src/lib.rs @@ -67,6 +67,9 @@ pub struct Config { opcard: OpcardConfig, #[serde(default, rename = "v", skip_serializing_if = "is_default")] fs_version: u32, + #[cfg(feature = "se050")] + #[serde(default, rename = "se", skip_serializing_if = "is_default")] + se050_backend_configured_version: u32, } impl admin_app::Config for Config { @@ -333,10 +336,12 @@ pub struct Apps { } impl Apps { - pub fn new( + pub fn new( runner: &R, + trussed_service: &mut Service>, mut make_client: impl FnMut( - &str, + &mut Service>, + &'static str, &'static [BackendId], Option<&'static InterruptFlag>, ) -> Client, @@ -352,7 +357,11 @@ impl Apps { .. } = data; - let (admin, init_status) = Self::admin_app(runner, &mut make_client, admin); + let (admin, init_status) = + Self::admin_app(runner, trussed_service, &mut make_client, admin); + + let mut make_client = + |ids, backends, interrupt| make_client(trussed_service, ids, backends, interrupt); let migrated_successfully = !init_status.contains(InitStatus::MIGRATION_ERROR); #[cfg(feature = "opcard")] let config_has_error = init_status.contains(InitStatus::CONFIG_ERROR); @@ -403,16 +412,22 @@ impl Apps { } } - fn admin_app( + fn admin_app( runner: &R, + trussed_service: &mut Service>, make_client: impl FnOnce( - &str, + &mut Service>, + &'static str, &'static [BackendId], Option<&'static InterruptFlag>, ) -> Client, mut data: AdminData, ) -> (AdminApp, InitStatus) { - let trussed = AdminApp::::client(runner, make_client, &()); + let trussed = AdminApp::::client( + runner, + |id, backends, interrupt| make_client(trussed_service, id, backends, interrupt), + &(), + ); // TODO: use CLIENT_ID directly let mut filestore = ClientFilestore::new(ADMIN_APP_CLIENT_ID.into(), data.store); let version = data.version.encode(); @@ -459,10 +474,10 @@ impl Apps { ) .unwrap_or_default(); let mut fs = ClientFilestore::new(path!("opcard").into(), data.store); - let opcard_used = !fs + let opcard_used = fs .read_dir_first(path!(""), Location::External, &NotBefore::None) .unwrap_or_default() - .is_none(); + .is_some(); if !opcard_trussed_auth_used && !opcard_used { // No need to factory reset because the app is not yet created yet @@ -478,6 +493,34 @@ impl Apps { } } + #[cfg(feature = "se050")] + 'se050_configuration: { + if app.config().se050_backend_configured_version + != trussed_se050_backend::SE050_CONFIGURE_VERSION + { + let Some(se050) = trussed_service.dispatch_mut().se050.as_mut() else { + break 'se050_configuration; + }; + + let Ok(_) = se050.configure().map_err(|_err| { + error_now!("Failed to configure SE050: {_err:?}"); + data.init_status.insert(InitStatus::SE050_ERROR); + *app.status_mut() = data.status(); + }) else { + break 'se050_configuration; + }; + + app.config_mut().se050_backend_configured_version = + trussed_se050_backend::SE050_CONFIGURE_VERSION; + app.save_config_filestore(&mut filestore) + .map_err(|_err| { + error_now!("Failed to save config after migration: {_err:?}"); + data.init_status.insert(InitStatus::CONFIG_ERROR); + *app.status_mut() = data.status(); + }) + .ok(); + } + } let migration_version = used_migrators .iter() .map(|m| m.version) @@ -496,7 +539,7 @@ impl Apps { pub fn with_service( runner: &R, - trussed: &mut Service>, + trussed_service: &mut Service>, data: Data, ) -> Self where @@ -504,11 +547,12 @@ impl Apps { { Self::new( runner, - |id, backends, interrupt| { + trussed_service, + |trussed_service, id, backends, interrupt| { ClientBuilder::new(id) .backends(backends) .interrupt(interrupt) - .prepare(trussed) + .prepare(trussed_service) .unwrap() .build(R::Syscall::default()) }, @@ -600,16 +644,17 @@ where type Data = (R, Data); fn new( - trussed: &mut Service, Dispatch>, + trussed_service: &mut Service, Dispatch>, syscall: trussed_usbip::Syscall, (runner, data): (R, Data), ) -> Self { Self::new( &runner, - move |id, backends, _| { + trussed_service, + move |trussed_service, id, backends, _| { ClientBuilder::new(id) .backends(backends) - .prepare(trussed) + .prepare(trussed_service) .unwrap() .build(syscall.clone()) }, @@ -644,7 +689,7 @@ trait App: Sized { fn new( runner: &R, make_client: impl FnOnce( - &str, + &'static str, &'static [BackendId], Option<&'static InterruptFlag>, ) -> Client, @@ -658,7 +703,7 @@ trait App: Sized { fn client( runner: &R, make_client: impl FnOnce( - &str, + &'static str, &'static [BackendId], Option<&'static InterruptFlag>, ) -> Client, @@ -709,7 +754,7 @@ bitflags! { const INTERNAL_FLASH_ERROR = 0b00000010; const EXTERNAL_FLASH_ERROR = 0b00000100; const MIGRATION_ERROR = 0b00001000; - const SE050_RAND_ERROR = 0b00010000; + const SE050_ERROR = 0b00010000; const CONFIG_ERROR = 0b00100000; } } diff --git a/components/boards/src/init.rs b/components/boards/src/init.rs index 839f2f55..8d43d49d 100644 --- a/components/boards/src/init.rs +++ b/components/boards/src/init.rs @@ -224,7 +224,7 @@ fn init_se050< })() .unwrap_or_else(|_err| { debug_now!("Got error when getting SE050 initial entropy: {_err:?}"); - *init_status |= InitStatus::SE050_RAND_ERROR; + *init_status |= InitStatus::SE050_ERROR; seed }); (se050, seed) diff --git a/components/boards/src/soc/lpc55.rs b/components/boards/src/soc/lpc55.rs index ede7e6ef..77fb12d4 100644 --- a/components/boards/src/soc/lpc55.rs +++ b/components/boards/src/soc/lpc55.rs @@ -29,6 +29,12 @@ impl Lpc55 { } } +impl Default for Lpc55 { + fn default() -> Self { + Self::new() + } +} + impl Soc for Lpc55 { type UsbBus = lpc55_hal::drivers::UsbBus; type Clock = RtcClock;