[chopstx] Add support for Blue Pill Plus board
Alexandre Esse
alexandre.esse.dev at gmail.com
Fri Mar 14 18:10:17 CET 2025
Thank you for the merge!
Also, thank you for these information Frédéric: Following your comments, we
can agree that my contribution should be updated to take into account the
different variants of the "BP+": C6T6, CBT6 ... ?
Is there somewhere in documentation we can keep track of the available and
tested features of each board/token ?
In order to generate the board ID, i run this command:
```
$ echo -n "Blue Pill Plus" | shasum -a 256 | sed -e 's/^.*\(........\)
-$/\1/'
```
Which gave me: 0x49403d56
I will try to get into key generation and neug next and keep you up to date
if I get anything relevant.
Regards,
Alexandre
On Fri, 14 Mar 2025 at 17:42, Frédéric SUEL <frederic.suel at free.fr> wrote:
> Hello,
>
> A lot of thanks for your work.
>
> See my observations *infra*. I hope it can help you.
>
> Best regards
> Le 13/03/2025 à 19:52, Alexandre Esse a écrit :
>
> Hello Frédéric,
>
> Great, I didn't see you already did some integration developments on this
> board, I just joined the mailing list and didn't look extensively into the
> history. For now I only pushed the chopstx part but indeed, gnuk itself
> should also be updated.
>
> I also have the STM32F103CBT6 version of the board. (marked as v1.1 on
> the PCB: not sure what it means: I opened an Issue on github and send an
> email to WeAct support to get some info:
> https://github.com/WeActStudio/BluePill-Plus/issues/19)
>
> You can find the difference between V1.0 et V1.1 here :
> https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK
> It's for CH32 processor but the design of the boards are all the same.
>
>
> I have been testing both on the 1.2.20 branch and 2.2. But I guess I will
> stay on v2.2 for the rest of my tests.
>
> Here are the remaining tweaks I did on v2.2 (
> de9652726b1ce52b21e939c6989dda0268b5c640) of gnuk to make it work:
>
> diff --git a/src/configure b/src/configure
> index 1188a72..4ff7d1a 100755
> --- a/src/configure
> +++ b/src/configure
> @@ -130,6 +130,7 @@ Configuration:
> ST_NUCLEO_F103
> NITROKEY_START
> BLUE_PILL
> + BLUE_PILL_PLUS
> STM8S_DISCOVERY
> CQ_STARM
> STM32_PRIMER2
> @@ -164,7 +165,7 @@ MEMORY_SIZE=20
>
> # Settings for TARGET
> case $target in
> -BLUE_PILL|STM8S_DISCOVERY)
> +BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY)
> # It's 64KB version of STM32F103, but actually has 128KB
> flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128"
> ;;
>
> There is STM32F103C6T6 (64K) and CBT6 (128K), so i think your add
> relative to : # setting to target, is not necessary for CBT6 processor
> which have 128K memory. That's why i suggested to have multiple definition
> board to take care of different processor (arm and riscv) and different
> amount of memory
>
> I haven't been testing "on-the-token" key generation. I only transferred
> to it from a host PC. I always had KDF-DO activated.
> The main issue I get is when I try to "reset" the token, it simply doesn't
> work but I haven't been investigating it.
> Also some PIN management's actions seem shaky (but there is a possibility
> that this is due to my lack of experience on gnuk tokens too).
> So for now, I tested the key with this kind of secret keys I get with
> 'gpg --list-secret-keys':
> sec> ed25519 2025-03-13 [SC]
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> Card serial no. = FFFF 00000000
> uid [ultimate] Tmp Tmp <tmp at tmp.tmp> <tmp at tmp.tmp>
> ssb> cv25519 2025-03-13 [E]
> ssb> ed25519 2025-03-13 [A]
> I managed to sign, decrypt data and authenticate through ssh sessions with
> it.
> PB2 as LED is working and PA0 as ACK button is also working fine, I
> haven't seen any issue for these use-case in a week.
>
> About ack button, it is on PA0 and PA0 is used for it's ADC function and
> entropy generation, so i think you have to modifiy /gnuk/chopstx/contrib/adc-stm32ff103.c
> in order to use an other pin for ADC than PA0
>
> Entropy generation graph is explain on Niibe site here :
> https://www.gniibe.org/memo/development/gnuk/rng/neug.html
>
> You can see that PA0 and PA1 are used for their ADC. It's also indicate
> for example in board-fst-01-00.h file
>
> * PA0 - input with pull-up. AN0
> * PA1 - input with pull-up. AN1
>
> For Blue-Pill-Plus, button is connect to 3.3V (
> https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf)
> so i think you configure PA0 as input pull-down. I think all this change
> can interfere with good entropy generation. I see different cases of board
> in /gnuk/chopstx/contrib/adc-stm32ff103.c which seem to use different ADC
> pins but i don't really understand how. It's for that, i didn't take care
> of ackbutton to day.
>
> ---------------------------------------------------------------
>
> In your board file, you indicate id board : 0x49403d56. In mine, i
> indicate 0x1ba01477. I get this id with stlink program as core id. Can your
> tell me how you get your board id ?
>
> Frédéric SUEL
>
>
> Regards,
> Alexandre
>
>
>
> On Fri, 7 Mar 2025 at 10:00, Frédéric SUEL <frederic.suel at free.fr> wrote:
>
>> Ref : Post on the gnuk list : Frédéric SUEL frederic.suel at free.fr Mon
>> Feb 17 11:13:25 CET 2025
>>
>> Hi,
>>
>> Thank you for your interest for this board.
>>
>> When i asked help about this board, i proposed a file
>> board-blue-pill-plus-cb.h because this board exist with 4 arm processor and
>> two riscv processors. I indicated cd because there is STM32F103C8T6 (64k)
>> and CBT6 (128k). To take care of 64K version, you have to add code in
>> /gnuk/src/.configure. (see my post)
>>
>> For my blue-pilll-board stm32F103CB, i have #define BOARD_ID
>> 0x1ba01477 (see my post). Perhaps your board is a STM32F103C6T6 board, i
>> don't know why IDs are different
>>
>> For instance, i doesn't take care of ackbutton because there is a
>> supplementary problem as PA0 is used for it's ADC and for entropy
>> generation. I think you have to modify
>> /gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how.
>>
>> ----
>>
>> So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified
>> /gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB and chopstx/mcu/sys-stm31f103.h
>> for my first tests and doesn't take care of ackbutton on PA0
>>
>> I get :
>>
>> -- works fine with curve25519 : generation on the board and import on the
>> board.
>>
>> -- impossibility to generate secp256k1 on the board even with KDF-DO
>> activate as Niibe suggested (msg : used conditions not satisfied)
>>
>> -- impossibility to generate X448 on the board even with Niibe patch (msg
>> : board error)
>>
>> -- impossibility to import X448 on the board. It seems to work but only
>> encrypt key is on the board and works. The other keys are marked as # . I
>> get with gpg --list-secret-keys
>>
>> sec# ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire : 2075-02-11]
>>
>> Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E CAEB3
>> 685B3 575E7
>>
>> uid [ ultime ] tmp
>>
>> ssb> cv448/0x406CC6562774BC84 2025-02-23 [E] [expire : 2075-02-11]
>>
>> ssb# ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire : 2075-02-11]
>>
>> ----
>>
>> Can you precise what's work with your board ?
>>
>> Best regards
>>
>>
>>
>> Le 06/03/2025 à 23:47, Alexandre Esse a écrit :
>>
>> Hello,
>>
>> Here is a short message to notify the mailing list that I proposed a
>> merge request on chopstx:
>> https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1
>>
>> This is the first step to add gnuk support for Blue Pill Plus boards
>> <https://github.com/WeActStudio/BluePill-Plus/>.
>>
>> Not sure if this is the way to contribute: looking forward to your
>> feedback.
>>
>> Regards,
>> Alexandre
>>
>> _______________________________________________
>> Gnuk-users mailing listGnuk-users at gnupg.orghttps://lists.gnupg.org/mailman/listinfo/gnuk-users
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20250314/5026ad8a/attachment.html>
More information about the Gnuk-users
mailing list