mirror of
git://projects.qi-hardware.com/antorcha.git
synced 2024-11-25 19:51:52 +02:00
fw/Makefile: generate random unlock secret (from /dev/urandom)
This commit is contained in:
parent
332f8aceb6
commit
683056bca7
34
fw/Makefile
34
fw/Makefile
@ -56,7 +56,7 @@ endif
|
|||||||
|
|
||||||
# ----- Rules -----------------------------------------------------------------
|
# ----- Rules -----------------------------------------------------------------
|
||||||
|
|
||||||
.PHONY: all clean upload prog update version.c
|
.PHONY: all clean nosecrets upload prog version.c
|
||||||
.PHONY: prog-app prog-read on off reset
|
.PHONY: prog-app prog-read on off reset
|
||||||
|
|
||||||
all: $(NAME).bin boot.bin
|
all: $(NAME).bin boot.bin
|
||||||
@ -86,6 +86,9 @@ clean:
|
|||||||
rm -f $(BOOT_OBJS) $(BOOT_OBJS:.o=.d)
|
rm -f $(BOOT_OBJS) $(BOOT_OBJS:.o=.d)
|
||||||
rm -f version.c version.d version.o
|
rm -f version.c version.d version.o
|
||||||
|
|
||||||
|
nosecrets:
|
||||||
|
rm -f unlock-secret.inc image-secret.inc
|
||||||
|
|
||||||
# ----- Build version ---------------------------------------------------------
|
# ----- Build version ---------------------------------------------------------
|
||||||
|
|
||||||
version.c:
|
version.c:
|
||||||
@ -102,6 +105,35 @@ version.c:
|
|||||||
@echo "const uint16_t build_number = `cat .version`;" \
|
@echo "const uint16_t build_number = `cat .version`;" \
|
||||||
>>version.c
|
>>version.c
|
||||||
|
|
||||||
|
# ----- Secrets ---------------------------------------------------------------
|
||||||
|
|
||||||
|
#
|
||||||
|
# Linux has two sources of randomness:
|
||||||
|
#
|
||||||
|
# /dev/random delivers bits of high randomness but may take a while to
|
||||||
|
# collect them
|
||||||
|
# /dev/urandom delivers bits of high randomness if available and "stretches"
|
||||||
|
# the pool with pseudo-randomness to deliver the rest of the bits
|
||||||
|
# that are requested
|
||||||
|
#
|
||||||
|
# Use /dev/random if you're paranoid. /dev/urandom is more than adequate for
|
||||||
|
# the level of security we try to achieve here.
|
||||||
|
#
|
||||||
|
|
||||||
|
RANDOM = /dev/urandom
|
||||||
|
|
||||||
|
SECRET = { dd if=$(RANDOM) iflag=fullblock bs=$(1) count=1 status=noxfer | \
|
||||||
|
hexdump -e '"\t" "/* %3_ad */" 8/1 " 0x%02x," "\n"'; \
|
||||||
|
[ "$${PIPESTATUS[*]}" = "0 0" ]; }
|
||||||
|
|
||||||
|
unlock-secret.inc:
|
||||||
|
$(BUILD) $(call SECRET,64) >$@ || { rm -f $@; exit 1; }
|
||||||
|
|
||||||
|
image-secret.inc:
|
||||||
|
$(BUILD) $(call SECRET,128) >$@ || { rm -f $@; exit 1; }
|
||||||
|
|
||||||
|
fw.o: unlock-secret.inc
|
||||||
|
|
||||||
# ----- Dependencies ----------------------------------------------------------
|
# ----- Dependencies ----------------------------------------------------------
|
||||||
|
|
||||||
MKDEP = \
|
MKDEP = \
|
||||||
|
@ -1 +0,0 @@
|
|||||||
1, 2, 3
|
|
Loading…
Reference in New Issue
Block a user