Merge pull request #55 from Nitrokey/embedded-pr

*The One* - nRF52 / embedded runner
Nitrokey · Jul 27, 2022 · 5c1f730 · 5c1f730
2 parents 63ac04a + f7f36cf
commit 5c1f730
Show file tree

Hide file tree

Showing 80 changed files with 21,218 additions and 17 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -36,7 +36,7 @@ build-license-txt:
     paths:
       - artifacts
 
-build-nk3xn:
+build-lpc55-nk3xn:
   image: registry.git.nitrokey.com/nitrokey/nitrokey-3-firmware/nitrokey3:latest
   rules:
     - if: '$CI_PIPELINE_SOURCE == "push"'
@@ -60,7 +60,7 @@ build-nk3xn:
     paths:
       - artifacts
 
-build-nk3am:
+build-lpc55-nk3am:
   image: registry.git.nitrokey.com/nitrokey/nitrokey-3-firmware/nitrokey3:latest
   rules:
     - if: '$CI_PIPELINE_SOURCE == "push"'
@@ -80,3 +80,33 @@ build-nk3am:
   artifacts:
     paths:
       - artifacts
+
+build-nrf52-nk3mini:
+  image: registry.git.nitrokey.com/nitrokey/nitrokey-3-firmware/nitrokey3:latest
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "push"'
+    - if: '$CI_PIPELINE_SOURCE == "schedule"'
+    - if: '$CI_PIPELINE_SOURCE == "web"'
+  tags:
+    - docker
+  stage: build
+  script:
+    - apt-get install -y python3 python3-toml
+    - rustup target add thumbv7em-none-eabihf
+    - mkdir -p artifacts
+    - make -C runners/embedded build-nk3am.bl FEATURES=provisioner
+    - cp runners/embedded/artifacts/*.bin artifacts/provisioner-nk3am-nrf52.bin
+    - cp runners/embedded/artifacts/*.ihex artifacts/provisioner-nk3am-nrf52.ihex
+    - make -C runners/embedded clean-nk3am.bl FEATURES=provisioner
+    - make -C runners/embedded build-nk3am.bl FEATURES=develop
+    - cp runners/embedded/artifacts/*.bin artifacts/develop-nk3am-nrf52.bin
+    - cp runners/embedded/artifacts/*.ihex artifacts/develop-nk3am-nrf52.ihex
+    - make -C runners/embedded clean-nk3am.bl FEATURES=develop
+    - make -C runners/embedded build-nk3am.bl FEATURES=release
+    - cp runners/embedded/artifacts/*.bin artifacts/firmware-nk3am-nrf52.bin
+    - cp runners/embedded/artifacts/*.ihex artifacts/firmware-nk3am-nrf52.ihex
+  after_script:
+    - wget $icon_server/checkmark/$CI_COMMIT_REF_NAME/$CI_COMMIT_SHA/$CI_JOB_NAME/$CI_JOB_STATUS/${CI_JOB_URL#*/*/*/}
+  artifacts:
+    paths:
+      - artifacts
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,21 @@
 # Unreleased
 
+- include the embedded runner, currently only confirmed working for nRF52
+- Change the LED color to red on panics ([#52][])
+- Skip the additional user presence check for the first Get Assertion or Authenticate request within two seconds after boot ([#61][])
+
+[#52]: https://github.com/Nitrokey/nitrokey-3-firmware/issues/52
+[#61]: https://github.com/Nitrokey/nitrokey-3-firmware/issues/61
+
+# v1.1.0-rc.1 (2022-07-27)
+
+This is the first official nRF52 release(candidate) for the Nitrokey 3A Mini.
+
+### Features
+
+- `embedded` runner to allow building for different SoCs from within a common code-base
+- This pre-release only includes binaries for the nRF52 
+- All features from the v1.0.4 release are included 
 - Change the LED color to red on panics ([#52][])
 - Skip the additional user presence check for the first Get Assertion or Authenticate request within two seconds after boot ([#61][])
 

diff --git a/components/provisioner-app/Cargo.toml b/components/provisioner-app/Cargo.toml
@@ -11,7 +11,6 @@ apdu-dispatch = "0.1"
 delog = "0.1"
 heapless = "0.7"
 heapless-bytes = "0.3"
-lpc55-hal = { version = "0.3", features = ["littlefs", "rtic-peripherals"] }
 littlefs2 = "0.3.1"
 salty = { version = "0.2", features = ["cose"] }
 trussed = "0.1"
@@ -29,3 +28,4 @@ log-warn = []
 log-error = []
 
 test-attestation = []
+
diff --git a/components/provisioner-app/src/lib.rs b/components/provisioner-app/src/lib.rs
@@ -26,13 +26,12 @@ use trussed::{
     Client as TrussedClient,
     key::{Kind as KeyKind, Key, Flags},
 };
+
 use heapless::Vec;
 use apdu_dispatch::iso7816::{Status, Instruction};
 use apdu_dispatch::app::Result as ResponseResult;
 use apdu_dispatch::{Command, response, command::SIZE as CommandSize, response::SIZE as ResponseSize};
 
-use lpc55_hal as hal;
-
 //
 const SOLO_PROVISIONER_AID: [u8; 9] = [ 0xA0, 0x00, 0x00, 0x08, 0x47, 0x01, 0x00, 0x00, 0x01];
 
@@ -102,6 +101,7 @@ enum TestAttestationP1 {
     T1Key = 6,
 }
 
+type UUID = [u8; 16];
 
 const FILENAME_T1_PUBLIC: &'static [u8] = b"/attn/pub/00";
 
@@ -120,6 +120,7 @@ enum SelectedBuffer {
     File,
 }
 
+
 pub struct Provisioner<S, FS, T>
 where S: Store,
       FS: 'static + LfsStorage,
@@ -135,6 +136,8 @@ where S: Store,
     stolen_filesystem: &'static mut FS,
     #[allow(dead_code)]
     is_passive: bool,
+    uuid: UUID,
+    rebooter: fn() -> !,
 }
 
 impl<S, FS, T> Provisioner<S, FS, T>
@@ -147,6 +150,8 @@ where S: Store,
         store: S,
         stolen_filesystem: &'static mut FS,
         is_passive: bool,
+        uuid: UUID,
+        rebooter: fn() -> !,
     ) -> Provisioner<S, FS, T> {
 
 
@@ -159,6 +164,8 @@ where S: Store,
             store,
             stolen_filesystem,
             is_passive,
+            uuid,
+            rebooter
         }
     }
 
@@ -516,17 +523,11 @@ where S: Store,
 
                         GetUuid => {
                             // Get UUID
-                            reply.extend_from_slice(&hal::uuid()).unwrap();
+                            reply.extend_from_slice(&self.uuid).expect("failed copying UUID");
                             Ok(())
                         },
                         BootToBootrom => {
-                            // Boot to bootrom via flash 0 page erase
-                            use hal::traits::flash::WriteErase;
-                            let flash = unsafe { hal::peripherals::flash::Flash::steal() }.enabled(
-                                &mut unsafe { hal::peripherals::syscon::Syscon::steal()}
-                            );
-                            hal::drivers::flash::FlashGordon::new(flash).erase_page(0).ok();
-                            hal::raw::SCB::sys_reset()
+                            (self.rebooter)();
                         },
 
                     }
@@ -577,7 +578,7 @@ where S: Store,
         self.buffer_file_contents.clear();
         self.buffer_filename.clear();
         // For manufacture speed, return uuid on select
-        reply.extend_from_slice(&hal::uuid()).unwrap();
+        reply.extend_from_slice(&self.uuid).unwrap();
         Ok(())
     }
 

diff --git a/runners/embedded/.cargo/config b/runners/embedded/.cargo/config
@@ -0,0 +1,13 @@
+[target.thumbv7em-none-eabihf]
+rustflags = [
+	"-C", "linker=flip-link",
+	"-C", "link-arg=-error-limit=0",
+	"-C", "inline-threshold=0",
+]
+
+[target.thumbv8m.main-none-eabi]
+rustflags = [
+	"-C", "linker=flip-link",
+	"-C", "link-arg=-error-limit=0",
+	"-C", "inline-threshold=0",
+]
diff --git a/runners/embedded/.gitignore b/runners/embedded/.gitignore
@@ -0,0 +1,8 @@
+/deny.log
+/build*.err.log
+/lpc-runner*
+/nrf-runner*
+/symbols*.txt
+custom_memory.x
+!/Cargo.lock
+/fidokeys_lfs*.ihex