Version 5.4.0 release (#286)

- Bump version to 5.4.0
- Updated version references in firmware, middleware, unit tests, CI workflows and documentation
- Updated CHANGELOG

.github/workflows/coverage.yml

@@ -37,7 +37,7 @@ jobs:
         run: |
           aws s3 sync \
             middleware/coverage/ \
-            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.3.x/middleware_coverage_report \
+            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.4.x/middleware_coverage_report \
             --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
             --no-progress --follow-symlinks --delete --only-show-errors
 
@@ -52,7 +52,7 @@ jobs:
         run: |
           aws s3 sync \
             firmware/coverage/output/ \
-            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.3.x/firmware_coverage_report \
+            s3://${{ secrets.CODECOVERAGE_S3_BUCKET }}/powhsm_5.4.x/firmware_coverage_report \
             --sse aws:kms --sse-kms-key-id ${{ secrets.CODECOVERAGE_KMS_KEY_ID }} \
             --no-progress --follow-symlinks --delete --only-show-errors
 

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## [5.4.0] - 27/01/2025
+
+### Features/enhancements
+
+- Enhanced Ledger attestation scheme with additional information
+- SGX powHSM implementation
+- SGX middleware manager
+- SGX middleware admin tooling
+- SGX distribution scripts and installation as a service
+- SGX reproducible builds
+- SGX attestation gathering, saving and verification
+- SGX simulation build
+- SGX tests
+- SGX documentation
+- Enhanced distribution documentation
+
+### Fixes
+
+- Added max APDU buffer size checks
+- Common modules linking approach change to aid in ease of code auditing
+- Bumped actions/checkout from 3 to 4
+- Bumped github/codeql-action from 3.28.1 to 3.28.5
+
 ## [5.2.2] - 20/01/2025
 
 ### Features/enhancements

README.md

@@ -3,8 +3,8 @@
 ![Tests](https://github.com/rsksmart/rsk-powhsm/actions/workflows/run-tests.yml/badge.svg)
 ![Python linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-python.yml/badge.svg)
 ![C linter](https://github.com/rsksmart/rsk-powhsm/actions/workflows/lint-c.yml/badge.svg)
-[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/middleware_coverage_report/index.html)
-[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.3.x/firmware_coverage_report/index.html)
+[![Middleware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.4.x/middleware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.4.x/middleware_coverage_report/index.html)
+[![Firmware coverage](https://img.shields.io/endpoint?url=https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.4.x/firmware_coverage_report/badge.json)](https://d16sboe9lzo4ru.cloudfront.net/powhsm_5.4.x/firmware_coverage_report/index.html)
 
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
 

docs/attestation.md

@@ -57,7 +57,7 @@ Before diving into the UI attestation, it is important to recall a few relevant
 
 To generate the attestation, the UI uses the configured attestation scheme to sign a message generated by the concatenation of:
 
-- A predefined header (`HSM:UI:5.3`).
+- A predefined header (`HSM:UI:5.4`).
 - A 32 byte user-defined value. By default, the attestation generation client supplies the latest RSK block hash as this value, so it can then be used as a minimum timestamp reference for the attestation generation.
 - The compressed public key corresponding to the private key obtained by deriving the generated seed with the BIP32 path `m/44'/0'/0'/0/0` (normally used as the BTC key by the Signer application).
 - The hash of the currently authorized Signer version.

docs/heartbeat.md

@@ -41,7 +41,7 @@ certification -- to verify.
 To generate the heartbeat, the Signer uses the configured endorsement scheme to sign a
 message generated by the concatenation of:
 
-- A predefined header (`HSM:SIGNER:HB:5.3:`).
+- A predefined header (`HSM:SIGNER:HB:5.4:`).
 - A 32 byte value corresponding to the currently known best block hash.
 - A value corresponding to the first 8 bytes of the last successful authorized signed
   operation's transaction hash.
@@ -57,7 +57,7 @@ transactions.
 To generate the heartbeat, the UI uses the configured endorsement scheme to sign a message
 generated by the concatenation of:
 
-- A predefined header (`HSM:UI:HB:5.3:`).
+- A predefined header (`HSM:UI:HB:5.4:`).
 - A 32 byte user-defined value. This value can vary and could be, for example, used as a
   timestamp reference for the end user.
 - A 32 byte value corresponding to the currently authorized Signer hash.

firmware/src/ledger/ui/src/attestation.h

@@ -48,7 +48,7 @@ typedef enum {
 } err_code_att_t;
 
 // Attestation message prefix
-#define ATT_MSG_PREFIX "HSM:UI:5.3"
+#define ATT_MSG_PREFIX "HSM:UI:5.4"
 #define ATT_MSG_PREFIX_LENGTH (sizeof(ATT_MSG_PREFIX) - sizeof(""))
 
 // User defined value size

firmware/src/ledger/ui/src/defs.h

@@ -30,7 +30,7 @@
 
 // Version and patchlevel
 #define VERSION_MAJOR 0x05
-#define VERSION_MINOR 0x03
-#define VERSION_PATCH 0x02
+#define VERSION_MINOR 0x04
+#define VERSION_PATCH 0x00
 
 #endif // __DEFS_H

firmware/src/ledger/ui/src/ui_heartbeat.h

@@ -46,7 +46,7 @@ typedef enum {
 } err_code_ui_heartbeat_t;
 
 // Heartbeat message prefix
-#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.3:"
+#define UI_HEARTBEAT_MSG_PREFIX "HSM:UI:HB:5.4:"
 #define UI_HEARTBEAT_MSG_PREFIX_LENGTH \
     (sizeof(UI_HEARTBEAT_MSG_PREFIX) - sizeof(""))
 

firmware/src/ledger/ui/test/attestation/test_attestation.c

@@ -160,7 +160,7 @@ void test_get_attestation_ud_value() {
     assert(3 == get_attestation(rx, &G_att_ctx));
     // PREFIX + UD_VALUE + Compressed pubkey + Signer hash + Iteration
     ASSERT_MEMCMP(
-        "HSM:UI:5.3"
+        "HSM:UI:5.4"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x02\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -208,7 +208,7 @@ void test_get_attestation_get_msg() {
     *N_onboarded_ui = 1;
     memcpy(
         G_att_ctx.msg,
-        "HSM:UI:5.3"
+        "HSM:UI:5.4"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -225,7 +225,7 @@ void test_get_attestation_get_msg() {
     assert((APDU_TOTAL_DATA_SIZE_OUT + 3) == get_attestation(rx, &G_att_ctx));
     ASSERT_APDU(
         "\x80\x50\x02\x01"
-        "HSM:UI:5.3"
+        "HSM:UI:5.4"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"
@@ -249,7 +249,7 @@ void test_get_attestation_get_msg_wrong_state() {
     *N_onboarded_ui = 1;
     memcpy(
         &G_att_ctx.msg,
-        "HSM:UI:5.3"
+        "HSM:UI:5.4"
         "\x46\x8d\xa8\x7f\x6a\x85\xe6\x40\x93\x27\xe1\x17\xe8\xc7\xd2\x11\x0c"
         "\x73\x60\x22\x26\xbb\xb5\xed\xf2\x7d\x98\xc8\xa3\x1b\xcc\xf0"
         "\x03\xe6\xd7\x1d\x5c\x2b\x06\x36\x03\x53\xfb\xd8\x22\x7a\xb3\xab\xfc"

firmware/src/ledger/ui/test/onboard/test_onboard.c

@@ -313,11 +313,11 @@ void test_is_onboarded() {
 
     G_device_onboarded = true;
     assert(5 == is_onboarded());
-    ASSERT_APDU("\x80\x01\x05\x03\x02");
+    ASSERT_APDU("\x80\x01\x05\x04\x00");
 
     G_device_onboarded = false;
     assert(5 == is_onboarded());
-    ASSERT_APDU("\x80\x00\x05\x03\x02");
+    ASSERT_APDU("\x80\x00\x05\x04\x00");
 }
 
 int main() {

firmware/src/ledger/ui/test/ui_heartbeat/test_ui_heartbeat.c

@@ -233,7 +233,7 @@ void test_op_ud_value() {
 
     assert_ok("\x80\x60\x01");
 
-    const char expected_msg[] = "HSM:UI:HB:5.3:" // Prefix
+    const char expected_msg[] = "HSM:UI:HB:5.4:" // Prefix
                                 "\x11"           // UD
                                 "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // .
                                 "\x22\x22\x22\x22\x22\x22\x22\x22\x22\x22" // .

firmware/src/powhsm/src/defs.h

@@ -29,7 +29,7 @@
 
 // Version and patchlevel
 #define VERSION_MAJOR 0x05
-#define VERSION_MINOR 0x03
-#define VERSION_PATCH 0x02
+#define VERSION_MINOR 0x04
+#define VERSION_PATCH 0x00
 
 #endif // __DEFS_H

firmware/src/powhsm/src/heartbeat.h

@@ -45,7 +45,7 @@ typedef enum {
 } err_code_heartbeat_t;
 
 // Heartbeat message prefix
-#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.3:"
+#define HEARTBEAT_MSG_PREFIX "HSM:SIGNER:HB:5.4:"
 #define HEARTBEAT_MSG_PREFIX_LENGTH (sizeof(HEARTBEAT_MSG_PREFIX) - sizeof(""))
 
 // User-defined value size

firmware/test/cases/heartbeat.py

@@ -27,7 +27,7 @@
 
 
 class Heartbeat(TestCase):
-    EXPECTED_HEADER = "HSM:SIGNER:HB:5.3:"
+    EXPECTED_HEADER = "HSM:SIGNER:HB:5.4:"
     EHL = len(EXPECTED_HEADER)
 
     @classmethod

middleware/ledger/protocol.py

@@ -38,8 +38,8 @@
 
 class HSM2ProtocolLedger(HSM2Protocol):
     # Current manager supported versions for HSM UI and HSM SIGNER (<=)
-    UI_VERSION = HSM2FirmwareVersion(5, 3, 2)
-    APP_VERSION = HSM2FirmwareVersion(5, 3, 2)
+    UI_VERSION = HSM2FirmwareVersion(5, 4, 0)
+    APP_VERSION = HSM2FirmwareVersion(5, 4, 0)
 
     # Amount of time to wait to make sure the app is opened
     OPEN_APP_WAIT = 1  # second

middleware/tests/admin/test_verify_ledger_attestation.py

@@ -36,7 +36,7 @@
 EXPECTED_UI_DERIVATION_PATH = "m/44'/0'/0'/0/0"
 LEGACY_SIGNER_HEADER = b"HSM:SIGNER:5.3"
 POWHSM_HEADER = b"POWHSM:5.4::"
-UI_HEADER = b"HSM:UI:5.3"
+UI_HEADER = b"HSM:UI:5.4"
 
 
 @patch("sys.stdout.write")
@@ -125,7 +125,7 @@ def test_verify_attestation_legacy(self,
                 f"Authorized signer hash: {'cc'*32}",
                 "Authorized signer iteration: 291",
                 f"Installed UI hash: {'ee'*32}",
-                "Installed UI version: 5.3",
+                "Installed UI version: 5.4",
             ],
             fill="-",
         )
@@ -169,7 +169,7 @@ def test_verify_attestation(self,
                 f"Authorized signer hash: {'cc'*32}",
                 "Authorized signer iteration: 291",
                 f"Installed UI hash: {'ee'*32}",
-                "Installed UI version: 5.3",
+                "Installed UI version: 5.4",
             ],
             fill="-",
         )

middleware/tests/ledger/test_protocol.py

@@ -49,7 +49,7 @@ def setUp(self):
         self.dongle.disconnect = Mock()
         self.dongle.is_onboarded = Mock(return_value=True)
         self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER)
-        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 3, 2))
+        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 4, 0))
         self.dongle.get_signer_parameters = Mock(return_value=Mock(
             min_required_difficulty=123))
         self.protocol = HSM2ProtocolLedger(self.pin, self.dongle)

middleware/tests/ledger/test_protocol_v1.py

@@ -47,7 +47,7 @@ def setUp(self):
         self.dongle.disconnect = Mock()
         self.dongle.is_onboarded = Mock(return_value=True)
         self.dongle.get_current_mode = Mock(return_value=HSM2Dongle.MODE.SIGNER)
-        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 3, 2))
+        self.dongle.get_version = Mock(return_value=HSM2FirmwareVersion(5, 4, 0))
         self.dongle.get_signer_parameters = Mock(return_value=Mock(
             min_required_difficulty=123))
         self.protocol = HSM1ProtocolLedger(self.pin, self.dongle)