search

cryptoadvance / specter-diy

DIY airgapped hardware wallet that uses QR codes for communication with the host
MIT License
441 stars 73 forks source link

Move secret to internal flash #54

Closed stepansnigirev closed 3 years ago

stepansnigirev commented 4 years ago

With https://github.com/diybitcoinhardware/micropython/pull/1 we now can use flash storage independently of qspi. Makes sense to store device secret on flash and all other files on /qspi.

We can use last block of flash to store the secret and hmac with the PIN. Later we can also make a block before secrets unreadable such that glitch attacks doesn't read out the secret.

Every block is 512 bytes. We can get the last block like this:

import pyb
flash = pyb.Flash(start=0)
last_block = flash.ioctl(4,None)-1
block_size = flash.ioctl(5,None)
buf = bytearray(block_size) # buffer to store block content
flash.readblocks(last_block, buf) # read block content
flash.writeblocks(last_block, buf) # write block content

Might make sense to add a checksum to make sure we are reading the secret, not some random junk. We can store data in the block like this for example: <secret><sha256(secret)><hmac_sha512(secret,pin)>

Factory reset should erase content of the last block with random data.