-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathKconfig
195 lines (173 loc) · 6.16 KB
/
Kconfig
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
menu "Secure tokens configuration"
config APPLETS
bool
default y
select EXT_GP_PRO
select EXT_ANT_JAVACARD
config USE_DIFFERENT_PHYSICAL_TOKENS
bool "Use a dedicated (different) physical smartcard for each token type (AUTH/DFU/<SIG>)"
default y
---help---
This option allows to use or not a dedicated physical smartcard for each token type.
When the same physical smartcard is used, three different javacard applets are
used to differentiate the token type (also ensuring security isolation).
For enhanced security, it is strongly advised to use different physical smartcards
for each token role.
menu "AUTH token"
config AUTH_TOKEN_PET_PIN
int "Pet PIN"
default 1234
---help---
Set the PIN to identify the token using predefined sentence
like a pet name
NOTE: this PIN can be changed in production
config AUTH_TOKEN_PET_NAME
string "Pet name"
default "My dog name is Bob!"
---help---
Sentence to provide confidence to the user in identifying
the token before sending her unlocking PIN. This prevents
PIN stealing scenarios with trojan tokens.
NOTE: this sentence can be changed in production
config AUTH_TOKEN_USER_PIN
int "User PIN"
default 1234
---help---
Set the board unlocking PIN
NOTE: this PIN can be changed in production
config AUTH_TOKEN_SD_PWD
string "SDCard Password"
default "passwd"
---help---
Set the SDCard password used as a basis to generate the SDCard
locking secret. The secret is per-SDCard based even with the
same initial password string
config AUTH_TOKEN_MAX_PIN
int "Maximum failed PIN tries"
range 1 255
default 3
---help---
Set the maximum failed PIN tries before locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
config AUTH_TOKEN_MAX_SC
int "Maximum failed secure channel mounting tries"
range 1 32767
default 10
---help---
Set the maximum failed secure channel mounting tries before
locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
endmenu
menu "DFU token"
config DFU_TOKEN_PET_PIN
int "Pet PIN"
default 1234
---help---
Set the PIN to identify the token using predefined sentence
like a pet name
NOTE: this PIN can be changed in production
config DFU_TOKEN_PET_NAME
string "Pet name"
default "My cat name is Alice!"
---help---
Sentence to provide confidence to the user in identifying
the token before sending her unlocking PIN. This prevents
PIN stealing scenarios with trojan tokens.
NOTE: this sentence can be changed in production
config DFU_TOKEN_USER_PIN
int "User PIN"
default 1234
---help---
Set the board unlocking PIN
NOTE: this PIN can be changed in production
config DFU_TOKEN_MAX_PIN
int "Maximum failed PIN tries"
range 1 255
default 3
---help---
Set the maximum failed PIN tries before locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
config DFU_TOKEN_MAX_SC
int "Maximum failed secure channel mounting tries"
range 1 32767
default 10
---help---
Set the maximum failed secure channel mounting tries before
locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
endmenu
config USE_SIG_TOKEN_BOOL
bool "Use a dedicated SIG token for firmware signature and encryption"
default y
---help---
This option allows to use or not a dedicated firmware signature
token. When activated, a SIG token is created and the signature private
keys are sealed in it. When not activated, the privates keys are sealed
in a local keybag on the computed (using PBKDF2 and a derived used defined
password). It is advised for security reasons to use a dedicated SIG token.
config USE_SIG_TOKEN
string
default "USE_SIG_TOKEN" if USE_SIG_TOKEN_BOOL
default "NO_SIG_TOKEN" if !USE_SIG_TOKEN_BOOL
menu "SIG token"
depends on USE_SIG_TOKEN_BOOL
config SIG_TOKEN_PET_PIN
int "Pet PIN"
default 1234
---help---
Set the PIN to identify the token using predefined sentence
like a pet name
NOTE: this PIN can be changed in production
config SIG_TOKEN_PET_NAME
string "Pet name"
default "My fish name is Eve!"
---help---
Sentence to provide confidence to the user in identifying
the token before sending her unlocking PIN. This prevents
PIN stealing scenarios with trojan tokens.
NOTE: this sentence can be changed in production
config SIG_TOKEN_USER_PIN
int "User PIN"
default 1234
---help---
Set the board unlocking PIN
NOTE: this PIN can be changed in production
config SIG_TOKEN_MAX_PIN
int "Maximum failed PIN tries"
range 1 255
default 3
---help---
Set the maximum failed PIN tries before locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
config SIG_TOKEN_MAX_SC
int "Maximum failed secure channel mounting tries"
range 1 32767
default 10
---help---
Set the maximum failed secure channel mounting tries before
locking the token
WARNING: beware when setting this since the token will be
completely locked after reaching this value
WARNING: this *cannot* be changed in production
endmenu
config LOCAL_PASSWORD
string "Local encryption password"
default "mylocalpassword"
depends on !USE_SIG_TOKEN_BOOL
---help---
Set the local encryption password for signature material.
You have to choose a complex passphrase to avoid brute force
attacks! Since no secure hardware is involved (through the
smartcard/token), such attacks are of concern.
WARNING: this is less safe than using a dedicated SIG token!
endmenu