I hereby claim:
- I am ilebedev on github.
- I am ilebedev (https://keybase.io/ilebedev) on keybase.
- I have a public key whose fingerprint is FBB1 47B8 4A9D B133 B734 37AC 7486 5BBD ACFE 0D53
To claim this, I am signing this object:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Verifying that +ilebedev is my blockchain ID. https://onename.com/ilebedev |
ilebedev
/ keybase.md
Created
June 17, 2016 18:03
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| in a little more detail: The enclave loads something, and expects an honest reply. a | |
| Assume the enclave has guarantees of privacy and integrity, and is not denied service. | |
| Assume the OS is dishonest, but will respond to the Enclave's requests (but can lie). | |
| The *OS* stores an array of `N` data blocks `X = {x_i for i in Z_N} = x_0, x_1, ... x_{N-1}`. | |
| Over this array, the *OS* has computed a merkel tree `T` with N leaves, where the leaves are hashes of the elements of `X`. |
ilebedev
/ secure_boot_hash_and_verify.c
Created
September 16, 2018 02:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // root_of_trust.c | |
| #include "sha3/sha3.h" | |
| /* The location and size of the bootloader in DRAM | |
| are linked into the boot ROM image. */ | |
| extern const void * bootloader_ptr; | |
| extern const size_t bootloader_size; | |
| /* the expected SHA-3-512 hash is also a constant | |
| linked into the boot ROM image */ |
ilebedev
/ secure_boot_hash_and_verify.S
Created
September 16, 2018 02:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # root_of_trust.S | |
| .global reset_vector | |
| reset_vector: | |
| # ( all but hart 0 stall and wait for an interrupt. # Hart 0 proceeds, and will wake other harts if it boots. ) | |
| csrr a0, mhartid | |
| bne a0, zero, .other_hart | |
| # Prepare a C execution environment | |
| la sp, m_stack_ptr |
ilebedev
/ secure_boot_gatekeeping_2.c
Last active
September 16, 2018 02:30
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Add at line XXX:XXX | |
| /* TODO: replace this with a constant encoding | |
| the manufacturer's public key: */ | |
| uint_t pk_m[32] = {\xDE, \xAD, \xBE, \xEF, ...}; | |
| extern uint8_t boot_image_certificate[64]; | |
| // Add at line XXX:XXX | |
| if (!verify signature of hash with pk_m) { |
ilebedev
/ secure_boot_gatekeeping_3.c
Created
September 16, 2018 02:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Add at line XXX:XXX | |
| // TODO: populate these constants via a linker script | |
| extern uint8_t pk_m[32]; | |
| extern uint8_t pk_vendor[32]; | |
| extern uint8_t boot_image_certificate[64]; | |
| extern uint8_t boot_image_certificate[64]; | |
| // Add at line XXX:XXX | |
| if (!verify signature of hash with pk_m) { |
ilebedev
/ secure_boot_gatekeeping_1.c
Created
September 16, 2018 02:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Add at line XXX:XXX | |
| // TODO: populate this constant via a linker script | |
| extern uint8_t known_good_hash[64]; | |
| // Add at line XXX:XXX | |
| for (unsigned int i=0; i<8; i++) { | |
| if ((uint64_t)known_good_hash)[i] != (uint64_t)hash)[i]) { | |
| // Panic | |
| // TODO: print an error |
ilebedev
/ secure_boot_kdf.c
Created
September 17, 2018 07:43
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uint8_t secret_entropy[64]; | |
| uint8_t pk[32]; | |
| uint8_t sk[64]; | |
| #include <ed25519/ed25519.h> | |
| /* This seed is as valuable as the secret key, | |
| so make sure it comes from a trustworthy source | |
| and will remian private. */ | |
| // Read/generate the secret seed from which keys are created |
ilebedev
/ secure_boot_kdf.c
Last active
October 8, 2018 20:37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <ed25519/ed25519.h> | |
| uint8_t pk[32]; | |
| uint8_t sk[64]; | |
| /* This seed is as valuable as the secret key! */ | |
| uint8_t secret_entropy[64]; | |
| /* NOTE: we assume some application-dependent source of trusted entropy */ | |
| get_trusted_entropy(secret_entropy, 64); |
OlderNewer