01:58 <firefrommoonligh> <mattnite[m]> "Hey everyone! James Munns told..." <- Hell yea! Would love to try Zig on microcontrollers. When I last checked it was immature, but rapidly improving

07:11 <korken89[m]> James Munns: I've been test more with your RPC library and I have hit one snag you probably have thought about. :)... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/yBOCwCdLbiZlzLJdXiwFCyYm>)

07:12 <korken89[m]> One could bake the retry logic into all messages, but that feels nasty.

07:12 <korken89[m]> * feels nasty/leaky.

07:13 <korken89[m]> At the same time the sequence number needs to count up due to concurrent calls to the same RPC endpoint of a device.

07:17 <korken89[m]> Or one partitions sequence numbers into  sequence number bits | retry count bits to allocate a part of the sequence number for retries.

07:53 <korken89[m]> James Munns: This is what I'm thinking more or less https://github.com/jamesmunns/postcard-rpc/commit/e13776921feec697c38f6ddb8cf07f4171834344

07:55 <korken89[m]> s/e13776921feec697c38f6ddb8cf07f4171834344/90997f7815ff4fadc972ec42572723ee0e5e924b/

07:57 <korken89[m]> There I made it a PR to more easily track comments :)

07:57 <korken89[m]> https://github.com/jamesmunns/postcard-rpc/pull/7

10:07 <AdamHott[m]> Does anybody know if there's an easy way to get a hardware Rng for TLS? I tried this:... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/byqYGQurlBdjmoWCJThxFGfY>)

10:09 <AdamHott[m]> Here's my code just in case anybody wants to take a look:

10:09 <AdamHott[m]> https://github.com/CodingInGreen/esp32c3-robot-wifi-mqtt-tls/blob/master/bin/robotwifi.rs

10:09 <AdamHott[m]> Any help is greatly appreciated!

10:21 <JamesMunns[m]> Adam Hott it looks like the esp-hal offers an `rng` module: https://github.com/esp-rs/esp-hal/blob/main/esp-hal/src/rng.rs

10:23 <JamesMunns[m]> It looks like that implements the RngCore trait, tho not CryptoRng. Not sure if that was intentional or an oversight

10:24 <JamesMunns[m]> Either way, you could use the hardware RNG to see a [ChaCha20Rng](https://docs.rs/rand_chacha/latest/rand_chacha/struct.ChaCha20Rng.html), which does impl the CryptoRng trait

10:26 <JamesMunns[m]> So you could do something like (not exact code, just off the top of my head):... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/pdZZnaDuIwXGLBalkHyjhlfz>)

10:26 <JamesMunns[m]> (often, hardware or "true" RNGs can be a little slow, it's not uncommon to use them to seed faster, but still cryptographically secure software pseudo random number generators)

10:29 <AdamHott[m]> Thanks James, I'll try this!

10:30 <JamesMunns[m]> s/see/seed/

14:34 <FreeKill[m]> Hey all - this is not Rust specific but I'm bashing my head against secure area protection on the STM32H755. Does anyone have experience with it whose brain I could pick?

15:37 <mameluc[m]> <FreeKill[m]> "Hey all - this is not Rust..." <- for stm32wl I found a disable_security.bat that took inspiration from to unlock my chip, idk if at all applicable to your situation

15:59 <FreeKill[m]> Afraid not :( My current board is fully bricked 😆

16:28 <FreeKill[m]> I'm using the secure mem region which locks you completely out of debug after you enable it, so if you don't nail the recovery code first time... 🧱

16:29 <dirbaio[m]> of

16:29 <dirbaio[m]> * oof

16:29 <FreeKill[m]> Mix that in with a little bit of the ol' ST-tier documentation

16:29 <FreeKill[m]> and it's really fun

16:29 <dirbaio[m]> there's no "remove protections and erase everything no matter what"?

16:29 <FreeKill[m]> There is

16:29 <FreeKill[m]> But not externally

16:30 <FreeKill[m]> it has to be done by the M7

16:30 <FreeKill[m]> So again you have to get that code exactly right the first time you flash it

16:30 <FreeKill[m]> And I suppose I didn't (although I also have no idea where it's wrong)

17:30 <mameluc[m]> <FreeKill[m]> "So again you have to get that..." <- no magic boot0 pin to hold down or something?

17:38 <firefrommoonligh> Tangent: What is the intent behind MCU security features? Is it for physical compromise of safety-critical etc equipment (sabotage) or is it if you are connecting MCUs to the Internet or other large network? Something else? Thx

17:39 <FreeKill[m]> <mameluc[m]> "no magic boot0 pin to hold..." <- The secure area takes priority over the bootloader

17:40 <FreeKill[m]> firefrommoonligh: It can be both. If you ship an unsecured MCU, then someone can just read out your code. If that code is proprietary or contains proprietary info, you're boned

17:41 <JamesMunns[m]> The H5s also have tamper resistance too, for things like credit card machines that hold signing keys that you want to evaporate when tampered with

17:42 <JamesMunns[m]> (and probably other ones)... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/zoHXfoGehKTOyIxxOPOllKpL>)

17:42 <JamesMunns[m]> basically anything can be circumvented, but you want to make the effort as high as possible to motivate people to crack a different device instead.

17:43 <FreeKill[m]> The specific use of this security feature is that once you have left the secure region, it is completely invisible to all other code. So even if we accidentally ship an application binary which has a security fault, that application binary still can't exfiltrate keys from the secure region.

17:43 <JamesMunns[m]> if every device has unique keys, and you have to acid etch the device or use a scanning electron microscope per device, that's a pretty good deterrent for a couple of years.

17:44 <FreeKill[m]> Whereas with most secure stuff (MPU, RDP, PCROP for example) you are not safe if the application binary contains an RCE bug for example

17:46 <FreeKill[m]> Unfortunately its lovely security properties also make it extremely irrititating to develop

17:46 <JamesMunns[m]> It's like low power modes

17:46 <JamesMunns[m]> they are supposed to work good

17:47 <JamesMunns[m]> but trying to debug low power modes is maddening

17:47 <FreeKill[m]> yes :P

17:47 <JamesMunns[m]> the worst is messing up code so it goes to deep sleep right after it boots, before the debugger can connect

17:49 <FreeKill[m]> at least you can always connect-under-reset

17:49 <FreeKill[m]> But yeah I have also had to recently wrangle STM32 low power modes, also very annoying. Especially when you're chasing microamps around trying to work out what's leeching power

18:22 <mameluc[m]> <FreeKill[m]> "But yeah I have also had to..." <- I gave up on debugging and just use defmt-serial with some defmt:info statements to see what is happening

18:22 <mameluc[m]> ofc swd debugging works well to see that everything is right before going to low power mode

18:24 <mameluc[m]> <mameluc[m]> "does anybody embed the git tag..." <- `pub const GIT_SHA: [u8; 4] = hex_literal::decode(&[env!("VERGEN_GIT_SHA").as_bytes()]);`... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/aEJHIAvdmSpcfksDvGdLtZbv>)

18:25 <mameluc[m]> ended up using vergen

18:34 <mameluc[m]> to be clear, I parse the hash at compile time to 4 bytes instead of 8 to save on bandwidth for lorawan. git chose 7 as short hash length for my current code base. I went with 8 to get the hex parser happy

19:07 <AdamHott[m]> <JamesMunns[m]> "if every device has unique keys,..." <- what's this eFuse I heard about, it burns the memory? how do you evaporate signing keys?

19:07 <JamesMunns[m]> fuse memory is usually referred to as "write once memory"

19:08 <JamesMunns[m]> the idea is that you write a private key into a chunk of memory that can't be rewritten again, and in many cases, not even actually ever read

19:08 <AdamHott[m]> does that memory have to be on a special component?

19:08 <JamesMunns[m]> instead you use it with a cryptographic peripheral which does things with it, so it's not possible for the firmware to accidentally leak the private key, even if there is a software bug or vuln

19:09 <AdamHott[m]> ah that makes sense, like an RSA key?

19:09 <JamesMunns[m]> yeah, it's usually internal, it USED to be like a specific kind of silicon design, tho IIRC a lot of times nowadays it's just flash memory with hw limits

19:09 <JamesMunns[m]> AdamHott[m]: yeah, like the private key

19:10 <AdamHott[m]> ah cool, thanks so much for the explanation!

19:11 <JamesMunns[m]> > how do you evaporate signing keys... (full message at <https://catircservices.org/_matrix/media/v3/download/catircservices.org/AZSvhlpLkKlIgqTRTfPQGSUc>)

19:12 <JamesMunns[m]> these usually have some kind of sensor or even a mesh on the PCB design, to detect if someone is trying to glitch/read/disassemble the credit card machine

19:19 <AdamHott[m]> ah okay, that mesh sounds interesting, is there name for that mesh?

19:19 <AdamHott[m]> Can you get that a PCB manufacturers?

19:19 <AdamHott[m]> boards made of that?

19:19 <AdamHott[m]> s/a/at/

19:20 <Ralph[m]> <JamesMunns[m]> "these usually have some kind..." <- i wonder why people go through all that trouble... here they just dynamite the ATMs, there's enough cash in them 😅 (though i still don't know how they manage to get the money without it being coloured - usually there's colour exploding in the ATM safe if it's being opened forcefully to mark the money)

19:23 <AdamHott[m]> haha true

19:23 <AdamHott[m]> color exploding pods in an ATM safe are a fun topic too

19:24 <AdamHott[m]> kinetic art is also fun

19:34 <JamesMunns[m]> https://hackaday.com/2019/07/08/teardown-verifone-mx-925ctls-payment-terminal/

19:35 <JamesMunns[m]> It's usually something you do in the outer layer of your pcba

19:40 <AdamHott[m]> Thanks James! I gotta run good night all!

22:30 <ChristianHeussy[> Does anyone have a preferred no_std rpc framework? I'm familiar with capnp but the rpc side of things looks a bit unloved and currently requires std.