From 11ce50f6c133947273c06a87fdd31f5e8cd308b3 Mon Sep 17 00:00:00 2001
From: Daniele Lacamera <dan@danielinux.net>
Date: Mon, 17 Jun 2024 17:39:39 +0200
Subject: [PATCH] Removed debug print, added PKCS11_SMALL, fixes

---
 hal/stm32_tz.c          |  3 ++-
 hal/stm32h5.c           | 17 ++++-------------
 include/user_settings.h |  4 +++-
 3 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/hal/stm32_tz.c b/hal/stm32_tz.c
index e3489c7d..d4103b87 100644
--- a/hal/stm32_tz.c
+++ b/hal/stm32_tz.c
@@ -128,7 +128,6 @@ void hal_tz_claim_nonsecure_area(uint32_t address, int len)
         address += FLASH_PAGE_SIZE;
         page_n++;
     }
-
     address = start_address;
     while (address < end) {
         /* Erase claimed non-secure page, in secure mode */
@@ -141,10 +140,12 @@ void hal_tz_claim_nonsecure_area(uint32_t address, int len)
 #endif
 
         DMB();
+        ISB();
         FLASH_CR |= FLASH_CR_STRT;
         ISB();
         hal_flash_wait_complete(bank);
         address += FLASH_PAGE_SIZE;
+        page_n++;
     }
 #ifndef PLATFORM_stm32h5
     FLASH_CR &= ~FLASH_CR_PER ;
diff --git a/hal/stm32h5.c b/hal/stm32h5.c
index 672ef541..14e0f5d6 100644
--- a/hal/stm32h5.c
+++ b/hal/stm32h5.c
@@ -93,13 +93,9 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
     int i = 0;
     uint32_t *src, *dst;
     uint32_t dword[2];
-    volatile uint32_t *sr, *cr;
     uint32_t off = 0;
     uint32_t una_len = 0;
 
-    cr = &FLASH_CR;
-    sr = &FLASH_SR;
-
     hal_flash_clear_errors(0);
     src = (uint32_t *)data;
     dst = (uint32_t *)address;
@@ -118,15 +114,15 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
             dword[1] = src[(i >> 2) + 1];
         else
             dword[1] = 0xFFFFFFFF;
-        *cr |= FLASH_CR_PG;
+        FLASH_CR |= FLASH_CR_PG;
         dst[i >> 2] = dword[0];
         ISB();
         dst[(i >> 2) + 1] = dword[1];
         ISB();
         hal_flash_wait_complete(0);
-        if ((*sr & FLASH_SR_EOP) != 0)
-            *sr |= FLASH_SR_EOP;
-        *cr &= ~FLASH_CR_PG;
+        if ((FLASH_SR & FLASH_SR_EOP) != 0)
+            FLASH_SR |= FLASH_SR_EOP;
+        FLASH_CR &= ~FLASH_CR_PG;
         i+=8;
     }
 #if (TZ_SECURE())
@@ -215,11 +211,6 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
         /* Check for swapped banks to invert bnksel */
         if ((FLASH_OPTSR_CUR & FLASH_OPTSR_SWAP_BANK) >> 31)
             bnksel = !bnksel;
-
-#if !TZ_SECURE() && !defined(__FLASH_OTP_PRIMER) && defined(DEBUG)
-        printf("Erasing bank %d, page %d\r\n", bnksel, (p - base) >> 13);
-#endif
-
         reg |= ((((p - base)  >> 13) << FLASH_CR_PNB_SHIFT) | FLASH_CR_SER | (bnksel << 31));
         FLASH_CR = reg;
         ISB();
diff --git a/include/user_settings.h b/include/user_settings.h
index 7db53975..4636307c 100644
--- a/include/user_settings.h
+++ b/include/user_settings.h
@@ -114,7 +114,9 @@ extern int tolower(int c);
 #       endif
 #   else
 #       define HAVE_ECC_SIGN
+#ifndef PKCS11_SMALL
 #       define HAVE_ECC_CDH
+#endif
 #       define WOLFSSL_SP
 #       define WOLFSSL_SP_MATH
 #       define WOLFSSL_SP_SMALL
@@ -173,7 +175,7 @@ extern int tolower(int c);
 #if defined(WOLFBOOT_SIGN_RSA2048) || \
     defined(WOLFBOOT_SIGN_RSA3072) || \
     defined(WOLFBOOT_SIGN_RSA4096) || \
-    defined(WOLFCRYPT_SECURE_MODE)
+    (defined(WOLFCRYPT_SECURE_MODE) && (!defined(PKCS11_SMALL)))
 
 #   define WC_RSA_BLINDING
 #   define WC_RSA_DIRECT