TPM used from test app and made the example comptabile with latest wolfTPM
* Add the correct TPM pinout and re-use the STM32F4 SPI driver from wolfboot * Add read out of TPM PCR and print in hex Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>pull/4/head
Dimitar Tomov
parent
0575434425
commit
3187576b18
|
|
@ -14,14 +14,18 @@ LC_ALL=
|
|||
APPSRC:=./src
|
||||
WOLFBOOT:=../wolfBoot
|
||||
WOLFSSL_ROOT:=../wolfBoot/lib/wolfssl
|
||||
WOLFSSL_BUILD:=./build/lib
|
||||
WOLFTPM_ROOT:=../wolfBoot/lib/wolfTPM
|
||||
ECCKEY:=$(WOLFBOOT)/ecc256.der
|
||||
DEBUG?=1
|
||||
|
||||
include $(WOLFBOOT)/tools/config.mk
|
||||
|
||||
CFLAGS:=-g -ggdb -Wall -Wstack-usage=1024 -ffreestanding -Wno-unused -DPLATFORM_$(TARGET) -I$(WOLFBOOT)/include -I$(WOLFSSL_ROOT)/wolfssl -nostartfiles
|
||||
CFLAGS:=-g -ggdb -Wall -Wstack-usage=1024 -ffreestanding -Wno-unused -DPLATFORM_$(TARGET) \
|
||||
-I$(WOLFBOOT)/include -I$(WOLFBOOT) -I$(WOLFSSL_ROOT) -I$(WOLFTPM_ROOT) \
|
||||
-DWOLFBOOT_MEASURED_PCR_A -nostartfiles
|
||||
CFLAGS+=-DWOLFBOOT_HASH_SHA256
|
||||
CFLAGS+=-DWOLFSSL_USER_SETTINGS
|
||||
CFLAGS+=-DWOLFTPM_USER_SETTINGS
|
||||
|
||||
APP_OBJS:= \
|
||||
$(APPSRC)/app_$(TARGET).o \
|
||||
|
|
@ -30,8 +34,23 @@ APP_OBJS:= \
|
|||
$(APPSRC)/timer.o \
|
||||
$(WOLFBOOT)/hal/$(TARGET).o \
|
||||
$(WOLFBOOT)/src/libwolfboot.o \
|
||||
$(WOLFBOOT)/hal/spi/spi_drv_stm32.o \
|
||||
$(APPSRC)/startup_arm.o
|
||||
|
||||
# Add objects for wolfCrypt support required by wolfTPM
|
||||
APP_OBJS+= \
|
||||
$(WOLFSSL_ROOT)/wolfcrypt/src/hmac.o \
|
||||
$(WOLFSSL_ROOT)/wolfcrypt/src/aes.o \
|
||||
$(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.o
|
||||
|
||||
# Add objects for wolfTPM support
|
||||
APP_OBJS+= \
|
||||
$(WOLFTPM_ROOT)/src/tpm2.o \
|
||||
$(WOLFTPM_ROOT)/src/tpm2_packet.o \
|
||||
$(WOLFTPM_ROOT)/src/tpm2_tis.o \
|
||||
$(WOLFTPM_ROOT)/src/tpm2_wrap.o \
|
||||
$(WOLFTPM_ROOT)/src/tpm2_param_enc.o
|
||||
|
||||
# Inherit cross-compiler and similar settings from wolfBoot
|
||||
include ../wolfBoot/arch.mk
|
||||
|
||||
|
|
@ -43,13 +62,15 @@ endif
|
|||
|
||||
vpath %.c $(dir $(WOLFSSL_ROOT)/src)
|
||||
vpath %.c $(dir $(WOLFSSL_ROOT)/wolfcrypt/src)
|
||||
vpath %.c $(dir $(WOLFBOOT))/lib/wolfTPM/wolftpm)
|
||||
|
||||
ENTRY_POINT=`cat .entry-point-address`
|
||||
LSCRIPT:=$(APPSRC)/target-app.ld
|
||||
LSCRIPT_TEMPLATE:=$(APPSRC)/$(ARCH).ld
|
||||
LDFLAGS:=$(CFLAGS) -T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=image.map
|
||||
|
||||
wolfboot-example: image.bin wolfboot_align.bin
|
||||
|
||||
wolfboot-example: wolfboot_align.bin image.bin
|
||||
python3 $(WOLFBOOT)/tools/keytools/sign.py --ecc256 image.bin $(ECCKEY) 1
|
||||
cat wolfboot-align.bin image_v1_signed.bin >factory.bin
|
||||
|
||||
|
|
@ -60,7 +81,7 @@ wolfboot_align.bin: wolfboot_target
|
|||
cp $(WOLFBOOT)/wolfboot-align.bin .
|
||||
cp $(WOLFBOOT)/wolfboot.elf .
|
||||
|
||||
image.bin: image.elf wolfboot_target
|
||||
image.bin: wolfboot_target image.elf
|
||||
$(OBJCOPY) -O binary image.elf $@
|
||||
$(SIZE) image.elf
|
||||
|
||||
|
|
|
|||
|
|
@ -30,8 +30,12 @@
|
|||
#include "hal.h"
|
||||
#include "wolfboot/wolfboot.h"
|
||||
#include "spi_flash.h"
|
||||
#include "spi_drv.h"
|
||||
#include "spi_tpm.h"
|
||||
|
||||
#ifdef PLATFORM_stm32f4
|
||||
#include "wolftpm/tpm2.h"
|
||||
#include "wolftpm/tpm2_wrap.h"
|
||||
static WOLFTPM2_DEV wolftpm_dev;
|
||||
|
||||
#define UART1 (0x40011000)
|
||||
|
||||
|
|
@ -59,7 +63,6 @@
|
|||
|
||||
#define AHB1_CLOCK_ER (*(volatile uint32_t *)(0x40023830))
|
||||
#define GPIOB_AHB1_CLOCK_ER (1 << 1)
|
||||
#define GPIOB_BASE 0x40020400
|
||||
|
||||
#define GPIOB_MODE (*(volatile uint32_t *)(GPIOB_BASE + 0x00))
|
||||
#define GPIOB_AFL (*(volatile uint32_t *)(GPIOB_BASE + 0x20))
|
||||
|
|
@ -76,8 +79,10 @@ static const char START='*';
|
|||
static const char UPDATE='U';
|
||||
static const char ACK='#';
|
||||
static uint8_t msg[MSGSIZE];
|
||||
|
||||
|
||||
static const char startString[]="App started";
|
||||
static const char TPMfailString[]="tpm_init failed";
|
||||
static const char TPMpcrString[]="Measured Boot PCR is = ";
|
||||
static const char HEX [16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'};
|
||||
|
||||
void uart_write(const char c)
|
||||
{
|
||||
|
|
@ -88,6 +93,12 @@ void uart_write(const char c)
|
|||
UART1_DR = c;
|
||||
}
|
||||
|
||||
void uart_write_hex(const char c)
|
||||
{
|
||||
uart_write(HEX[(c >> 4) & 0x0F]);
|
||||
uart_write(HEX[c & 0x0F]);
|
||||
}
|
||||
|
||||
static void uart_pins_setup(void)
|
||||
{
|
||||
uint32_t reg;
|
||||
|
|
@ -183,7 +194,77 @@ static int check(uint8_t *pkt, int size)
|
|||
return -1;
|
||||
}
|
||||
|
||||
static int app_tpm2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
|
||||
word16 xferSz, void* userCtx)
|
||||
{
|
||||
(void)userCtx;
|
||||
(void)ctx;
|
||||
word16 i;
|
||||
|
||||
spi_cs_on(SPI_CS_TPM);
|
||||
|
||||
memset(rxBuf, 0, xferSz);
|
||||
for (i = 0; i < xferSz; i++)
|
||||
{
|
||||
spi_write(txBuf[i]);
|
||||
rxBuf[i] = spi_read();
|
||||
}
|
||||
spi_cs_off(SPI_CS_TPM);
|
||||
|
||||
/*
|
||||
printf("\r\nSPI TX: ");
|
||||
printbin(txBuf, xferSz);
|
||||
printf("SPI RX: ");
|
||||
printbin(rxBuf, xferSz);
|
||||
printf("\r\n");
|
||||
*/
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int app_tpm2_init(void)
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_CAPS caps;
|
||||
|
||||
spi_init(0,0);
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&wolftpm_dev, app_tpm2_IoCb, NULL);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Get device capabilities + options */
|
||||
rc = wolfTPM2_GetCapabilities(&wolftpm_dev, &caps);
|
||||
if (rc != 0) {
|
||||
return rc;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Reads out the TPM measurement created by wolfBoot */
|
||||
static int read_measured_boot(uint8_t* digest)
|
||||
{
|
||||
int rc;
|
||||
PCR_Read_In pcrReadCmd;
|
||||
PCR_Read_Out pcrReadResp;
|
||||
|
||||
XMEMSET(&pcrReadCmd, 0, sizeof(pcrReadCmd));
|
||||
TPM2_SetupPCRSel(&pcrReadCmd.pcrSelectionIn, TPM_ALG_SHA256, WOLFBOOT_MEASURED_PCR_A);
|
||||
rc = TPM2_PCR_Read(&pcrReadCmd, &pcrReadResp);
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
XMEMCPY(digest, pcrReadResp.pcrValues.digests[0].buffer,
|
||||
pcrReadResp.pcrValues.digests[0].size);
|
||||
rc = 0;
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
volatile uint32_t time_elapsed = 0;
|
||||
volatile uint32_t testme = 1;
|
||||
void main(void) {
|
||||
uint32_t tlen = 0;
|
||||
volatile uint32_t recv_seq;
|
||||
|
|
@ -192,6 +273,7 @@ void main(void) {
|
|||
uint32_t next_seq = 0;
|
||||
uint32_t version = 0;
|
||||
uint8_t *v_array = (uint8_t *)&version;
|
||||
uint8_t boot_measurement[WOLFBOOT_SHA_DIGEST_SIZE];
|
||||
int i;
|
||||
memset(page, 0xFF, PAGESIZE);
|
||||
boot_led_on();
|
||||
|
|
@ -223,10 +305,35 @@ void main(void) {
|
|||
#ifdef EXT_ENCRYPTED
|
||||
wolfBoot_set_encrypt_key("0123456789abcdef0123456789abcdef", 32);
|
||||
#endif
|
||||
|
||||
for(i=0; i < sizeof(startString); i++) {
|
||||
uart_write(startString[i++]);
|
||||
}
|
||||
|
||||
uart_write(START);
|
||||
for (i = 3; i >= 0; i--) {
|
||||
uart_write(v_array[i]);
|
||||
}
|
||||
|
||||
if(app_tpm2_init() != 0) {
|
||||
for(i=0; i < sizeof(TPMfailString); i++) {
|
||||
uart_write(TPMfailString[i]);
|
||||
}
|
||||
}
|
||||
|
||||
if(read_measured_boot(boot_measurement) == 0) {
|
||||
for(i = 0; i < sizeof(TPMpcrString); i++) {
|
||||
uart_write(TPMpcrString[i]);
|
||||
}
|
||||
/* Print the digest of the measurement */
|
||||
for(i=0; i < sizeof(boot_measurement); i++) {
|
||||
uart_write_hex(boot_measurement[i]);
|
||||
}
|
||||
/* For better view on the UART terminal */
|
||||
uart_write('\n');
|
||||
uart_write('\r');
|
||||
}
|
||||
|
||||
while (1) {
|
||||
r_total = 0;
|
||||
do {
|
||||
|
|
@ -294,5 +401,4 @@ void main(void) {
|
|||
while(1)
|
||||
;
|
||||
}
|
||||
#endif /** PLATFORM_stm32f4 **/
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,36 @@
|
|||
/* tpm_spi.h
|
||||
*
|
||||
* wolfBoot is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfBoot is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
||||
*/
|
||||
|
||||
/** SPI settings for TPM2.0 module **/
|
||||
|
||||
#undef SPI_GPIO
|
||||
#define SPI_GPIO GPIOB_BASE
|
||||
|
||||
#undef SPI_CS_GPIO
|
||||
#define SPI_CS_GPIO GPIOE_BASE
|
||||
|
||||
#undef SPI_CS_TPM
|
||||
#define SPI_CS_TPM 0 /* TPM CS connected to GPIOE0 */
|
||||
|
||||
#undef SPI1_CLOCK_PIN
|
||||
#define SPI1_CLOCK_PIN 3 /* SPI_SCK: PB3 */
|
||||
|
||||
#undef SPI1_MISO_PIN
|
||||
#define SPI1_MISO_PIN 4 /* SPI_MISO PB4 */
|
||||
|
||||
#undef SPI1_MOSI_PIN
|
||||
#define SPI1_MOSI_PIN 5 /* SPI_MOSI PB5 */
|
||||
Loading…
Reference in New Issue