Skickat från min iPhone
> 16 sep. 2016 kl. 22:38 skrev Rob Austein <[email protected]>: > > Preliminary version of revised keystore API and flash management code > committed and pushed to branch ksng in sw/{libhal,stm32,pkcs11} > repositories. Still needs work before it'll be ready to consider for > merging into the master branch, but the basic mechanism seems to work. > Not yet heavily tested. > > NB: Keys and PINs saved to flash with the old keystore flash code will > not be preserved if you try this code (in theory they'll be the last > things overwritten, but the wear-leveling code will get around to > overwriting them eventually). Sorry, it's a development platform, > adding a big chunk of backwards-compatibility code (read: seldom-used > code path, larger attack surface) seemed like a bad idea. Can still > add backwards-compatibility if folks strongly disagree, of course. No argument from me > > Next steps: > > * Switching from erasing entire flash sectors to erasing individual > flash subsectors (in theory this is a trivial change, same C code > should work, just a different opcode); > > * Adding support for key objects larger than one flash subsector; > > * Adding general attribute storage to key objects so we can start > phasing out the current SQLite3 database used by the PKCS #11 code. So this means no more sqlite3-dependency anywhere in the code or just the p11 part (just curious)? > _______________________________________________ > Tech mailing list > [email protected] > https://lists.cryptech.is/listinfo/tech _______________________________________________ Tech mailing list [email protected] https://lists.cryptech.is/listinfo/tech
