Compile-time constant unique value #7
Conversation
| config TWPM_CONST_UNIQUE | ||
| bool "Set constant unique value" | ||
| help | ||
| DANGER! This is intended mostly for testing or for platform bringup. |
There was a problem hiding this comment.
Do we have issue on our problems with providing a reliable unique value?
Maybe linking this issue here would also help to understand why we are doing this.
There was a problem hiding this comment.
It's described in Dasharo/twpm-docs#25. I updated commit message to point to my comment.
Allow to set constant unique value through Kconfig, the value will be contained in binary and will be the same for all devices. This is intented as testing or for platform bringup, where unique data cannot be obtained through HWINFO or other interfaces. Enable this by default on OrangeCrab as we don't support generating per-platform unique-ID yet. See Dasharo/twpm-docs#25 (comment) for details.
Not failing would result in having zero seed potentially causing many weird problems.
| LOG_WRN("TwPM was built with CONFIG_TWPM_CONST_UNIQUE, the implementation is not secure!"); | ||
|
|
||
| #define TO_STRING(x) #x | ||
| const char *const string = TO_STRING(CONFIG_TWPM_CONST_UNIQUE_VALUE); |
There was a problem hiding this comment.
This doesn't do what I'd expect it to do. It creates an array of bytes with values [0-9a-f], so 16/256 possible values. Entropy is very low, OTOH it is hardcoded anyway so it probably doesn't matter. In any case, I think this should be mentioned in the description of TWPM_CONST_UNIQUE_VALUE in Kconfig, and maybe a different default (with characters different than hexadecimal) should be used as an example.
No description provided.