Preliminary version of revised keystore API and flash management code committed and pushed to branch ksng in sw/{libhal,stm32,pkcs11} repositories. Still needs work before it'll be ready to consider for merging into the master branch, but the basic mechanism seems to work. Not yet heavily tested.
NB: Keys and PINs saved to flash with the old keystore flash code will not be preserved if you try this code (in theory they'll be the last things overwritten, but the wear-leveling code will get around to overwriting them eventually). Sorry, it's a development platform, adding a big chunk of backwards-compatibility code (read: seldom-used code path, larger attack surface) seemed like a bad idea. Can still add backwards-compatibility if folks strongly disagree, of course. Next steps: * Switching from erasing entire flash sectors to erasing individual flash subsectors (in theory this is a trivial change, same C code should work, just a different opcode); * Adding support for key objects larger than one flash subsector; * Adding general attribute storage to key objects so we can start phasing out the current SQLite3 database used by the PKCS #11 code. _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech