Modify bootloader to work with FIB workaround

will-v-pi · will-v-pi · commit 6743582635d3 · 2025-04-22T18:09:40.000+01:00
Modify aes.S init_key_4way to skip the 64 byte gap in the middle of the otp key share

Uses 5 words of space
diff --git a/enc_bootloader/aes.S b/enc_bootloader/aes.S
@@ -1441,7 +1441,7 @@ storeroundkey:
 .balign 4
 .thumb_func
 init_key_4way:
-@ On entry, r0 points to 4-way shared raw key data (128 bytes)
+@ On entry, r0 points to 4-way shared raw key data (64 bytes, 64 byte gap for FIB workaround, then other 64 bytes)
 @ The format is a0 b0 c0 d0 a1 b1 c1 d1 ... a7 b7 c7 d7
 @ That is, each word, K, of the original 256-bit key is expanded into four words whose exclusive OR is K.
 @
@@ -1464,12 +1464,18 @@ init_key_4way:
  bl randomisechaff
  ldr r6,=rkey4way
  movs r7,#8
+ b 1f
+2:
+ adds r5,#64                @ Skip 64 byte gap for FIB workaround
+ subs r7,r7,#1
 1:
  ldmia r5!,{r1-r4}
  bl gen_rand_sha; eors r1,r1,r0; eors r4,r4,r0
  bl gen_rand_sha; eors r2,r2,r0; eors r4,r4,r0
  bl gen_rand_sha; eors r3,r3,r0; eors r4,r4,r0
  stmia r6!,{r1-r4}
+ cmp r7,#5
+ beq 2b
  subs r7,r7,#1
  bne 1b
 
diff --git a/enc_bootloader/enc_bootloader.c b/enc_bootloader/enc_bootloader.c
@@ -153,6 +153,7 @@ bi_decl(bi_ptr_int32(0, 0, otp_key_page, 30));
 // That is a suitable point to lock the OTP area where key information is stored.
 void lock_key() {
     otp_hw->sw_lock[otp_key_page] = 0xf;
+    otp_hw->sw_lock[otp_key_page + 1] = 0xf;
 }
 
 
@@ -165,14 +166,14 @@ int main() {
     uint16_t* otp_data = (uint16_t*)OTP_DATA_GUARDED_BASE;
     decrypt(
         (uint8_t*)&(otp_data[otp_key_page * 0x40]),
-        (uint8_t*)&(otp_data[(otp_key_page + 1) * 0x40]),
+        (uint8_t*)&(otp_data[(otp_key_page + 2) * 0x40]),
         (uint8_t*)iv,
         (void*)data_start_addr,
         data_size/16
     );
 
     // Lock the IV salt
-    otp_hw->sw_lock[otp_key_page + 1] = 0xf;
+    otp_hw->sw_lock[otp_key_page + 2] = 0xf;
 
     // Increase stack limit by 0x100
     pico_default_asm_volatile(
diff --git a/main.cpp b/main.cpp
@@ -5321,6 +5321,7 @@ bool encrypt_command::execute(device_map &devices) {
         }
         auto json_out = get_file_idx(ios::out, 5);
 
+    #define FIB_WORKAROUND 1
     #if FIB_WORKAROUND
         // Make inverse pages to work around OTP FIB attack
         vector<uint8_t> page0_data;

Original file line number	Diff line number	Diff line change
`@@ -5321,6 +5321,7 @@ bool encrypt_command::execute(device_map &devices) {`
`5321`	`5321`	`}`
`5322`	`5322`	`auto json_out = get_file_idx(ios::out, 5);`
`5323`	`5323`
	`5324`	`+ #define FIB_WORKAROUND 1`
`5324`	`5325`	`#if FIB_WORKAROUND`
`5325`	`5326`	`// Make inverse pages to work around OTP FIB attack`
`5326`	`5327`	`vector<uint8_t> page0_data;`