Skip to content

Separate update functionality from state handling and message parsing #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
agren wants to merge 15 commits into from
Closed

Separate update functionality from state handling and message parsing #8

agren wants to merge 15 commits into from

Conversation

@agren
Copy link
Member

@agren agren commented Nov 7, 2025
edited
Loading

Description

  • Separates update functionality from state handling and message parsing
  • Adds tests for testing app update functionality
  • Adds two testapps (testapp/app_a.bin and testapp/app_b.bin) which can be used to test update manually using verifier-client -cmd install -app .... The apps both set the LED color and prints a string to the CDC-port. The LED color and string differ between the two apps.

Type of change

Please tick any that are relevant to this PR and remove any that aren't.

  • Feature (non breaking change which adds functionality)

Submission checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my changes
  • I have tested and verified my changes on target
  • My changes are well written and CI is passing
  • I have squashed my work to relevant commits and rebased on main for linear history
  • I have added a "Co-authored-by: x" if several people contributed, either pair programming or by squashing commits from different authors.
  • I have updated the documentation where relevant (readme, dev.tillitis.se etc.)
  • QEMU is updated to reflect changes

agren added 13 commits November 7, 2025 12:06
@agren
Add two testapps
d6df3ad 
Both have the same basic functionality:

1. Set the LED
2. Wait for a byte on IO_CDC
3. Write the app name to IO_CDC
4. Wait for a byte on IO_CDC
5. Reset

The apps differ in:
- App name
- LED color
@agren
Add debug message so we can know the verifier started
74452b3
@agren
client: Add port flag to client app
22443f8
@agren
client: Close serial port when done
926b3e8
@agren
Group app-update context in a struct
ca92207
@agren
Move app update functionality to a separate module
412dcdb
@agren
Fix inconsistent header guard name
b455aad
@agren
test: Model sys_preload_store writes after how the flash memory works
2d07419 
TKey firmware do not erase any data from flash when sys_preload_store is
called. Instead the updater is first expected to delete any existing app
by calling sys_preload_delete.

When sys_preload_delete is called all bits in the flash app slot will be
set to 1. When writing, using sys_preload_store, bits can only be set to
0.
@agren
test: Fix formatting
96d23cc 
Ran make -C test fmt
@agren
test: Print error if fakesys_preload_range_contains_* checks fail
b3cef8b
@agren
test: Move all fakesys state to a common struct
a26b0ca
@agren
test: Test that update module calls sys_preload_* syscalls in correct…
fbcc5d3 
… order
@agren
test: Test that update module can be used to update an app
87da3f7 
Adds sys_preload_delete and sys_preload_store_fin to fakesys
@agren agren requested a review from mchack-work November 10, 2025 08:14
@mchack-work
Measure security policy and send to firmware
fa4964c 
Fill in seed_digest with a measurement of our security policy,
currently just the vendor public key, and tell firmware about this
measurement.

The seed_digest will be used by the firmware to mix in to the identity
of the app we verified.
@mchack-work
testapp: Print the CDI for test purposes
41ad4bd 
Print CDI so we can control it's the same. We want to know what both
app_a.bin and app_b.bin get the same CDI after having been verified by
verifier.
@agren
Copy link
Member Author

agren commented Dec 2, 2025

Closing since the majority of this branch is part of #9. The measure/CDI-commits will be moved/reworked into another PR.

@agren agren closed this Dec 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mchack-work mchack-work Awaiting requested review from mchack-work

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@agren @mchack-work