Flash area API for Python, test speedup #3565
Conversation
There was a problem hiding this comment.
@andrewkozlik please review this change in particular.
one interesting point to note, with this API it would now be possible to request hashing of a specific firmware chunk, which would make the whole operation even faster, to the point of imperceptibility by the user.
(otoh if we did that, it might open the window for an attacker to essentially read out the firmware kilobyte by kilobyte, which might be a problem if some boundary check somewhere got messed up)
There was a problem hiding this comment.
if speed is a concern here, lets reconsider using sha256 on U5 models here too, so we can use hw accelerator.
There was a problem hiding this comment.
This file LGTM.
request hashing of a specific firmware chunk, which would make the whole operation even faster
Why would we want to hash only a specific chunk? We have to hash the entire firmware, so doing it by chunks seems inefficient.
read out the firmware
Reading out the firmware is not a concern, so since you mention boundary checks, I assume you are concerned about reading out the norcow storage. That might be a concern, however, since the code requires offset and length alignment to 1024 bytes, you can't even read out the firmware.
There was a problem hiding this comment.
Why would we want to hash only a specific chunk? We have to hash the entire firmware, so doing it by chunks seems inefficient.
We don't technically need to. A malicious firmware will not be able to respond to a random partial challenge either -- unless, that is, most of the image is the same and only a small piece is changed.
Of course, that is something that is much easier to achieve deliberately. So doing partial challenges would be much weaker. (which could be offset, in some scenarios, by the ability to do one every N seconds).
anyway, just thinking out loud here
| STATIC const mp_rom_map_elem_t mod_trezorio_flash_area_globals_table[] = { | ||
| {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_flash_area)}, | ||
| MP_ROM_FLASH_AREA(BOARDLOADER), | ||
| MP_ROM_FLASH_AREA(BOOTLOADER), | ||
| MP_ROM_FLASH_AREA(FIRMWARE), | ||
| MP_ROM_FLASH_AREA(STORAGE_A), | ||
| MP_ROM_FLASH_AREA(STORAGE_B), | ||
| MP_ROM_FLASH_AREA(TRANSLATIONS), | ||
| #if USE_OPTIGA && !defined(TREZOR_EMULATOR) | ||
| MP_ROM_FLASH_AREA(SECRET), | ||
| #endif |
There was a problem hiding this comment.
TODO: in production mode, we should also not create objects for storage / secret
There was a problem hiding this comment.
on U5 models, SECRET area is inaccessible to FW even in debug, so maybe that shouldn't be created there regardless on PRODUCTION
|
| STATIC const mp_rom_map_elem_t mod_trezorio_flash_area_globals_table[] = { | ||
| {MP_ROM_QSTR(MP_QSTR___name__), MP_ROM_QSTR(MP_QSTR_flash_area)}, | ||
| MP_ROM_FLASH_AREA(BOARDLOADER), | ||
| MP_ROM_FLASH_AREA(BOOTLOADER), | ||
| MP_ROM_FLASH_AREA(FIRMWARE), | ||
| MP_ROM_FLASH_AREA(STORAGE_A), | ||
| MP_ROM_FLASH_AREA(STORAGE_B), | ||
| MP_ROM_FLASH_AREA(TRANSLATIONS), | ||
| #if USE_OPTIGA && !defined(TREZOR_EMULATOR) | ||
| MP_ROM_FLASH_AREA(SECRET), | ||
| #endif |
There was a problem hiding this comment.
on U5 models, SECRET area is inaccessible to FW even in debug, so maybe that shouldn't be created there regardless on PRODUCTION
and add debuglink messages for reading/writing flash this also refactors get_firmware_hash to use the flash area API instead of the original hardcoded function
matejcik
force-pushed
the
matejcik/flash-area
branch
from
29f75dd
to
fa4321f
Compare
This PR implements API for direct access to flash areas from MicroPython. This is then exposed over debuglink to allow us to mess with installed firmware and test inconsistency handling.
The second part of the PR uses this capability to check that the tested Trezor is in desired state. Storage will only be wiped when necessary. This should significantly speed up hardware tests.
tagging:
@mmilata for overall review
@andrewkozlik for specific code comments
@TychoVrahe for review of the flash area interface, i.e., most of the code in
modtrezorio-flash.h