diff --git a/src/libwolfboot.c b/src/libwolfboot.c index c3f32da6..9f652202 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -36,8 +36,10 @@ #define XMEMCPY memcpy #define XMEMCMP memcmp #endif + #define ENCRYPT_TMP_SECRET_OFFSET (WOLFBOOT_PARTITION_SIZE - (TRAILER_SKIP + ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE)) #else #define XMEMCPY memcpy + #define ENCRYPT_TMP_SECRET_OFFSET (WOLFBOOT_PARTITION_SIZE - (TRAILER_SKIP)) #endif #ifndef NULL @@ -56,8 +58,8 @@ static const uint32_t wolfboot_magic_trail = WOLFBOOT_MAGIC_TRAIL; #ifndef TRAILER_SKIP # define TRAILER_SKIP 0 #endif -#define PART_BOOT_ENDFLAGS ((WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE) - TRAILER_SKIP) -#define PART_UPDATE_ENDFLAGS ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE) - TRAILER_SKIP) +#define PART_BOOT_ENDFLAGS (WOLFBOOT_PARTITION_BOOT_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET) +#define PART_UPDATE_ENDFLAGS (WOLFBOOT_PARTITION_UPDATE_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET) #ifdef NVM_FLASH_WRITEONCE #include @@ -507,7 +509,6 @@ int wolfBoot_fallback_is_possible(void) #error option EXT_ENCRYPTED requires EXT_FLASH #endif -#define ENCRYPT_TMP_SECRET_OFFSET (WOLFBOOT_PARTITION_SIZE - (TRAILER_SKIP + (sizeof(uint32_t) + 1 + ((1 + WOLFBOOT_PARTITION_SIZE) / (WOLFBOOT_SECTOR_SIZE * 8)) + ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE))) #ifdef NVM_FLASH_WRITEONCE @@ -618,8 +619,8 @@ int ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, int len) switch(part) { case PART_UPDATE: iv_counter = (address - WOLFBOOT_PARTITION_UPDATE_ADDRESS) / ENCRYPT_BLOCK_SIZE; - /* Do not encrypt last sector */ - if (iv_counter == (WOLFBOOT_PARTITION_SIZE - 1) / ENCRYPT_BLOCK_SIZE) { + /* Do not encrypt last sectors */ + if (iv_counter >= (ENCRYPT_TMP_SECRET_OFFSET - ENCRYPT_BLOCK_SIZE) / ENCRYPT_BLOCK_SIZE) { return ext_flash_write(address, data, len); } break; @@ -680,7 +681,7 @@ int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len) case PART_UPDATE: iv_counter = (address - WOLFBOOT_PARTITION_UPDATE_ADDRESS) / ENCRYPT_BLOCK_SIZE; /* Do not decrypt last sector */ - if (iv_counter == (WOLFBOOT_PARTITION_SIZE - 1) / ENCRYPT_BLOCK_SIZE) { + if (iv_counter >= (ENCRYPT_TMP_SECRET_OFFSET - ENCRYPT_BLOCK_SIZE) / ENCRYPT_BLOCK_SIZE) { return ext_flash_read(address, data, len); } break; diff --git a/tools/scripts/prepare_encrypted_update.sh b/tools/scripts/prepare_encrypted_update.sh index 733e19f2..b6be3711 100755 --- a/tools/scripts/prepare_encrypted_update.sh +++ b/tools/scripts/prepare_encrypted_update.sh @@ -1,6 +1,6 @@ #!/bin/bash -# SIZE is WOLFBOOT_PARTITION_SIZE - 5 -SIZE=131067 +# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT") +SIZE=131023 VERSION=8 APP=test-app/image_v"$VERSION"_signed_and_encrypted.bin diff --git a/tools/uart-flash-server/ufserver.c b/tools/uart-flash-server/ufserver.c index 94dd9c0f..1a8dd453 100644 --- a/tools/uart-flash-server/ufserver.c +++ b/tools/uart-flash-server/ufserver.c @@ -65,6 +65,7 @@ const char msgEraseSwap[] = "Erase swap blocks "; extern uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr); const char blinker[]="-\\|/"; +static int valid_update = 1; void printmsg(const char *msg) { @@ -178,6 +179,7 @@ uint8_t *mmap_firmware(const char *fname) uint8_t *base_fw; struct stat st; int fd; + uint32_t signature_word; if (stat(fname, &st) != 0) { perror ("stat"); return (void *)-1; @@ -188,19 +190,32 @@ uint8_t *mmap_firmware(const char *fname) perror("open"); return (void *)-1; } - if (st.st_size <= FIRMWARE_PARTITION_SIZE) { + if (read(fd, &signature_word, sizeof(uint32_t)) != (sizeof(uint32_t))) { + perror("read"); + return (void *)-1; + } + if ((st.st_size <= FIRMWARE_PARTITION_SIZE)) { uint8_t pad = 0xFF; int i; - const char update_flags[] = "pBOOT"; int fsize = st.st_size; - lseek(fd, FIRMWARE_PARTITION_SIZE + SWAP_SIZE, SEEK_SET); lseek(fd, fsize, SEEK_SET); - for (i = 0; i < (FIRMWARE_PARTITION_SIZE - (fsize + 5)); i++) + for (i = 0; i < (FIRMWARE_PARTITION_SIZE - (fsize)); i++) write(fd, &pad, 1); - write(fd, update_flags, 5); + lseek(fd, FIRMWARE_PARTITION_SIZE, SEEK_SET); for (i = 0; i < SWAP_SIZE; i++) write(fd, &pad, 1); } + if (strncmp((char *)&signature_word, "WOLF", 4) != 0) { + fprintf(stderr, "Warning: the binary file provided does not appear to contain a valid firmware partition file. (If the update is encrypted, this is OK)\n"); + valid_update = 0; + } else { + int i; + const char update_flags[] = "pBOOT"; + lseek(fd, FIRMWARE_PARTITION_SIZE - 5, SEEK_SET); + write(fd, update_flags, 5); + for (i = 0; i < SWAP_SIZE; i++) + write(fd, update_flags, 5); + } base_fw = mmap(NULL, FIRMWARE_PARTITION_SIZE + SWAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (base_fw == (void *)(-1)) { perror("mmap"); @@ -415,9 +430,7 @@ int main(int argc, char *argv[]) fprintf(stderr, "Error opening binary file '%s'.\n", argv[1]); exit(2); } - if (strncmp((char *)base_fw, "WOLF", 4) != 0) { - fprintf(stderr, "Warning: the binary file provided does not appear to contain a valid firmware partition file.\n"); - } else { + if (valid_update) { printf("%s has a wolfboot manifest header\n", basename(argv[1])); base_fw_ver = fw_version(base_fw); printf("%s contains version %u\n", basename(argv[1]), base_fw_ver);