avatar

jbdatko

Member Since: October 6, 2013

Country: United States

Profile

Blog: www.datko.net

CryptoCape Hookup Guide

May 29, 2014

The CryptoCape is a collaboration with Hacker In Residence alumni Josh Datko. The CryptoCape is the BeagleBone's first dedicated security daughterboard.
  • Good catch and sorry about the confusion. It’s the AT97SC3204T. The ’T' indicates ‘TWI’, which is I2C. The AT97SC3205T is the “newest” Atmel TPM which is a bit nicer IMHO (no external oscillator and some other improvements) but it’s still not in distributor inventory.

    I think the problem was finding the summary datasheet, which doesn’t really you tell you much anyway.

  • What I mean by trusted is along the RFC 4949 definition:

    that the system meets its specifications (i.e., the system does what it claims to do and does not perform unwanted functions).

    Once you load firmware on the ATmega, with the jumpers off, it’s difficult to change that firmware from software. So, the BeagleBone can trust the execution on the ATmega. If the BeagleBone’s software is compromised, it’s difficult to comprimise the software on the ATmega. I had meant it to be like a DIY TPM.

    You have to implement your own i2c data format. The ATMega can act as a i2c master and/or slave. You can use the Arduino Wire libraries if you’d like. As a master, it can interface with any of the crypto chips on the board. In fact, if you provide a power supply to the board (and regulator), it is in essence, a Pro Mini.

    I’ve found it very handy to have a MCU that is both a master and slave. You can check out my DEFCON talk where I use the ATmega as a slave device to relay messages from the BeagleBone to a PC.

  • Hey Mark,

    Casey is spot-on, the BeagleBone reserves those four i2c addresses for cape EEPROMs and it prevents any other kernel module from instantiating at that location. I would always expect to see that result from i2c-detect with or without that proto-cape.

    BTW, there is a very good tutorial on BBB capes here and I wrote a tutorial on some BBB i2c specific issues.

  • Thanks for checking out the cape! First of all, you should make sure that you cleared your compliance vectors using this script. Otherwise, you’ll have test keys, which is not what you want.

    Here’s how I’d go about getting uboot with the TPM to work with uboot to implement secure boot:

    1. The only TPM aware uboot is libsboot. You need to use that.

    2. There is a bug with the above. We believe it is a uboot bug. The TPM on the CryptoCape is tied to what the AM335x calls i2c2. i2c2 does not work in uboot. You can either: fix the uboot bug or physically move the TPM to i2c1. To do this, you must remove the cape and fly-wire from the other i2c bus to the cape. However, when you do that, the EEPROM will no longer be read on application boot and the cape device tree overlay will not be loaded. If you physically move it, in application space you can instantiate the TPM driver manually or with a systemd/init script.

    3. For full effect, you need to rebuild your kernel with IMA.

    Good luck!

    Josh

  • Staring out the blinds reveals my location. I should get the webcam and rig it up to the BBB and then paint the windows black. That’ll teach ‘em ;)

    And yes, it’s very static-y in Fort Collins.

  • It was great. I think Amanda has me on the Lunch and Learn schedule for next Tuesday. Hope to see you there!

  • I started making a tutorial for BBB Cape EEPROMs here. If you can get the May 2014 Issue of Linux Journal, I wrote about the device tree in some more depth. I don’t think I can release the text to you myself, sorry.

    Also, the Beagle device tree system has changed a bit. They used to keep stuff in /lib/firmware, which is where I think you can still drop your compiled DTB. The majority of the AM335x device tree, included capes, appears to be folded into a master file, the location of which I am not sure.

    As recommended below, Derek Molloy has some excellent tutorials.

    You approach is sound though. Once you have the EEPROM matching with your DTBO, the BBB will boot and automatically pin mux your cape.

  • I know of international customers who received their boards. I don’t know exactly what the order process is though. Either you contact SparkFun first or you checkout and then they’ll contact you if they see an international shipping address.

    Because it’s export controlled, I think they just need to make sure that you won’t re-export it to North Korea, Iran, Syria, etc…

  • The Phant.io link seems broken, I think this is the correct link.

  • Josh here again. If you want to see a cool project on how to use the BeagleBone Black and CryptoCape as a NSA-like hardware implant, check out my DEF CON 22 presentation.