webadmin/pico-keys-sdk
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-keys-sdk synced 2026-05-27 08:35:12 +02:00
Code Issues Packages Projects Releases Wiki Activity
681 Commits 1 Branch 11 Tags
707cdf7bf4f7381661c4e2eeb84b1f3f41eab195
Commit Graph

35 Commits

Author SHA1 Message Date
Pol Henarejos
707cdf7bf4 Fix windows build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-04-29 15:36:53 +02:00
Pol Henarejos
e24eb9b150 More renames. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-04-21 00:06:28 +02:00
Pol Henarejos
26de18608f A refactor. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-04-20 17:34:42 +02:00
Pol Henarejos
7db11c21f6 Rename random functions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-04-20 13:01:14 +02:00
Pol Henarejos
8e6c6c1fcc Apply strict build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-08 19:27:23 +01:00
Pol Henarejos
4cd437ed35 Fix strict non-prototype declaration warn. 
Fixes #22.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-03-07 17:12:40 +01:00
ryulamp
a83742cc3f Refactor secure boot check in otp_is_secure_boot_enabled 
Refactor otp_is_secure_boot_enabled to check secure boot status before defining BOOTKEY.
 2026-02-12 14:54:16 +08:00
ryulamp
766879991e Fix RP2350 secure boot key definition 2026-02-11 22:42:55 +08:00
Pol Henarejos
b8aa0221db [BETA] Add support to Secure Boot in ESP32. 
Needs deep testing.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2026-02-07 14:32:06 +01:00
Pol Henarejos
3bf035d68a Zeroize pkey 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-27 22:02:58 +01:00
Pol Henarejos
d86371bb2c Revert "Move Secure Boot to another branch." 
This reverts commit 8cb2484aa3.
 2025-12-11 15:42:21 +01:00
Pol Henarejos
8cb2484aa3 Move Secure Boot to another branch. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-12-09 21:37:36 +01:00
Pol Henarejos
b67e9ac143 Fix key generation for RP2040. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-28 00:12:18 +01:00
Pol Henarejos
d4971bba19 Fix get secure boot status. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-18 01:06:20 +01:00
Pol Henarejos
2001006a16 Fix otp build. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-17 12:23:16 +01:00
Pol Henarejos
7c5f729b69 Add is_secure_boot_enable and is_secure_lock_enabled to PHY. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-17 12:20:44 +01:00
Pol Henarejos
116aca7697 Fix #if/else logic. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-11-15 20:13:42 +01:00
Pol Henarejos
8f907b25ba Relicense project under the GNU Affero General Public License v3 (AGPLv3) 
and add the Enterprise / Commercial licensing option.

Main changes:
- Replace GPLv3 headers with AGPLv3 headers in source files.
- Update LICENSE file to the full AGPLv3 text.
- Add ENTERPRISE.md describing the dual-licensing model:
  * Community Edition: AGPLv3 (strong copyleft, including network use).
  * Enterprise / Commercial Edition: proprietary license for production /
    multi-user / OEM use without the obligation to disclose derivative code.
- Update README with a new "License and Commercial Use" section pointing to
  ENTERPRISE.md and clarifying how companies can obtain a commercial license.

Why this change:
- AGPLv3 ensures that modified versions offered as a service or deployed
  in production environments must provide corresponding source code.
- The Enterprise / Commercial edition provides organizations with an
  alternative proprietary license that allows internal, large-scale, or OEM
  use (bulk provisioning, policy enforcement, inventory / revocation,
  custom attestation, signed builds) without AGPL disclosure obligations.

This commit formally marks the first release that is dual-licensed:
AGPLv3 for the Community Edition and a proprietary commercial license
for Enterprise customers.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-26 20:06:16 +01:00
Pol Henarejos
233e6594c6 Add casts to fix warnings. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-12 18:52:07 +02:00
Pol Henarejos
b3b2b67034 Add const to OTP functions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:21:41 +02:00
Pol Henarejos
3eff2442c6 Fix is_empty_otp_buffer when a register is invalid. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:21:41 +02:00
Pol Henarejos
a7e1cf028b To prevent the PVC attack, MKEK and DEV keys are migrated to another OTP page. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:21:41 +02:00
Pol Henarejos
e14a12b002 Add OTP chaff to avoid passive voltage contrast (PVC) attacks. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:21:41 +02:00
Pol Henarejos
56c2ef0cc1 Fix alignment when programming OTP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-10-06 14:21:41 +02:00
Pol Henarejos
3d912878f1 Add OTP (dummy value) for emulation. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2025-01-08 13:25:43 +01:00
Pol Henarejos
9018ebb55d Fix secure otp build for non rp2350. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 19:45:50 +01:00
Pol Henarejos
4da9b89d90 Add function to enable secure boot and secure lock. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-08 19:24:05 +01:00
Pol Henarejos
cf36c2988c Add DEV key to OTP. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-07 00:15:58 +01:00
Pol Henarejos
3dbf969e12 WCID interface is always enabled. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-06 17:02:38 +01:00
Pol Henarejos
802df9e705 Add flags to enable secure boot and secure boot lock via firmware on boot. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-11-04 18:31:34 +01:00
Pol Henarejos
62c3d0c360 Add OTP read raw. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-28 00:15:13 +01:00
Pol Henarejos
6216cd24be Make public read/write RP2350 OTP functions. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:22:16 +02:00
Pol Henarejos
32eed01508 Use non-guarded OTP reads to avoid bus faults. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-10-13 20:21:43 +02:00
Pol Henarejos
739e9f1b98 Added ESP32 OTP support. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2024-09-16 00:51:43 +02:00
Pol Henarejos
108cfec47c Enable OTP to store a permanent secret key. 
It can be used by HSM or Fido to protect the keys and use it as MKEK.
 2024-09-11 23:16:23 +02:00