mirrors/pico-keys-sdk
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add OTP chaff to avoid passive voltage contrast (PVC) attacks.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2025-10-06 09:41:14 +02:00
parent d39732c613
commit e14a12b002
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
1 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/fs/otp.c
View file

@ -180,6 +180,21 @@ int otp_enable_secure_boot(uint8_t bootkey, bool secure_lock) {
return PICOKEY_OK;
}
#ifdef PICO_RP2350
void otp_chaff(uint16_t row, uint16_t len) {
uint8_t *raw = otp_buffer_raw(row);
uint8_t *chaff = (uint8_t *)calloc(len * 2, sizeof(uint8_t));
if (chaff) {
memcpy(chaff, raw, len * 2);
for (int i = 0; i < len * 2; i++) {
chaff[i] ^= 0xFF;
}
otp_write_data_raw(row + 32, chaff, len * 2);
free(chaff);
}
}
#endif
void init_otp_files() {
#if defined(PICO_RP2350) || defined(ESP_PLATFORM)
@ -192,6 +207,9 @@ void init_otp_files() {
if (ret != 0) {
printf("Error writing OTP key 1 [%d]\n", ret);
}
#ifdef PICO_RP2350
otp_chaff(OTP_KEY_1, 32);
#endif
write_otp[0] = OTP_KEY_1;
}
OTP_READ(OTP_KEY_1, otp_key_1);
@ -211,6 +229,9 @@ void init_otp_files() {
if (ret != 0) {
printf("Error writing OTP key 2 [%d]\n", ret);
}
#ifdef PICO_RP2350
otp_chaff(OTP_KEY_2, 32);
#endif
write_otp[1] = OTP_KEY_2;
}
OTP_READ(OTP_KEY_2, otp_key_2);