memory: Initialize noise private key and salt lazily #1646
Conversation
src/memory/memory.c
Outdated
| // Two most significant bits must be set to indicate "public static address". See ch. 1.3.2 | ||
| // in "Part B: Link Layer Specification" of bluetooth standard. | ||
| // ble_addr is stored in little endianness, so MSB is in the first byte. | ||
| // Two most significant bits must be set to indicate "public static address". See |
There was a problem hiding this comment.
Should the BLE reset stuff also moved to execute on boot then?
Thinking further: what if power is cut while in the middle of erasing the chunks above, e.g. chunk 1 is erased, but not chunk 2?
Maybe it's better to set a memory flag somewhere "reset=true", which is set to false again at the end of salt_root_empty(), and if it still set on boot, it meanss the reset was interrupted and should be repeated.
There was a problem hiding this comment.
Should the BLE reset stuff also moved to execute on boot then?
BLE being reset isn't critical, so there is no risk of bricking the unit if it stays the same.
To make it 100% survive a power outage we would need a counter that we increase between every atomic operation (erased sector, written page). So that the sequence can be resumed when power comes back.
We should probably use the smart eeprom for that to avoid excessive wear.
There was a problem hiding this comment.
To make it 100% survive a power outage we would need a counter that we increase between every atomic operation (erased sector, written page). So that the sequence can be resumed when power comes back.
Why not just repeat the whole memory_reset_hww() in that case? Does not seem worth the complexity to do it more granular.
There was a problem hiding this comment.
I guess we could set a flag reset_hww=true and then erase and recreate keys during boot. As long as the flag is set we just do the whole reset again.
edit: and of course reset_hww=false at the end of the procedure
There was a problem hiding this comment.
That is exactly what I meant 😄
NickeZ
force-pushed
the
fix/init-priv-keys-lazily
branch
6 times, most recently
from
c52aaca to
1dc5c6e
Compare
If the device is powered off after erasing but before initializing has finalized it is bricked since a noise key is required. Set a flag in chunk 7 that isn't being erased before reset and clear that flag when reset is done. During boot if that flag still is set, rerun the reset.
NickeZ
force-pushed
the
fix/init-priv-keys-lazily
branch
from
3932327 to
6a5a14e
Compare
2 participants
If the device is powered off after erasing but before initializing those two fields the device is bricked. Initialize them on boot instead.