From 3687851f75a11397f0478b684c9cd4c0c6854482 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 1 Aug 2024 14:37:57 -0700 Subject: [PATCH] Xilinx zynqmp documentation cleanups. Fixes for building with Eclipse wildcard .c include pains. --- IDE/XilinxSDK/.cproject | 296 +++++++++++++++++++++------------- IDE/XilinxSDK/README.md | 10 +- arch.mk | 7 +- config/examples/zynqmp.config | 1 + docs/Targets.md | 60 ++++++- hal/uart/uart_drv_lpc.c | 5 +- hal/uart/uart_drv_stm32f4.c | 3 + hal/uart/uart_drv_stm32h5.c | 4 +- hal/uart/uart_drv_stm32l0.c | 13 +- hal/uart/uart_drv_stm32l5.c | 11 +- hal/uart/uart_drv_stm32wb.c | 5 +- hal/zynq.c | 51 +++--- include/encrypt.h | 2 + include/user_settings.h | 4 +- include/wolfboot/wc_secure.h | 25 ++- include/wolfboot/wcs_pkcs11.h | 29 +++- src/fdt.c | 2 +- src/multiboot.c | 4 + src/pci.c | 9 +- src/pkcs11_callable.c | 54 ++++--- src/pkcs11_store.c | 14 +- src/uart_flash.c | 5 +- src/update_disk.c | 8 +- src/update_ram.c | 6 +- src/x86/ahci.c | 11 +- src/x86/ata.c | 8 - src/xmalloc.c | 2 + 27 files changed, 430 insertions(+), 219 deletions(-) diff --git a/IDE/XilinxSDK/.cproject b/IDE/XilinxSDK/.cproject index bfb2ec47..27798132 100644 --- a/IDE/XilinxSDK/.cproject +++ b/IDE/XilinxSDK/.cproject @@ -1,14 +1,18 @@ - - - - - - - - - + + + + + + + + + + + + + @@ -20,25 +24,26 @@ - - - - - - + + + - - + + + + + + + + + + + - - - - - - + + + + + + + + + + @@ -87,19 +125,17 @@ - - - - - - - - + + + + + + + @@ -123,18 +159,16 @@ - - - + + + - - - - - - + + + + + + + + + + @@ -184,19 +256,17 @@ - - - - - - - - + + + + + + + diff --git a/IDE/XilinxSDK/README.md b/IDE/XilinxSDK/README.md index 07349619..72d8b0ef 100644 --- a/IDE/XilinxSDK/README.md +++ b/IDE/XilinxSDK/README.md @@ -6,14 +6,20 @@ To use this example project: ## Xilinx SDK BSP -This project uses a BSP named `standalone_bsp_0`, which must be configured to use "hypervisor guest" in the BSP configuration settings. This will enable the EL-1 support required with Bl31 (ARM Trusted Firmware). The BSP generates a include/bspconfig.h, which should have these defines set: +This project uses a BSP named `standalone_bsp_0`, which must be configured to use "hypervisor guest" in the BSP configuration settings, which is edited by opening the `platform.spr` file under "standalone on psa_cortexa53_0" -> "Board Support Package" -> "Modify BSP Settings". + +This will enable the EL-1 support required with Bl31 (ARM Trusted Firmware). The BSP generates a `include/bspconfig.h`, which should have these defines set: ``` #define EL1_NONSECURE 1 #define HYP_GUEST 1 ``` -Note: This is a generated file from the BSP configurator tool, which is edited by opening the `system.mss` file. +You may need to adjust/add the following project settings under Properties -> C/C++ General: + +1) Platform bspInclude path: "Paths and Symbols" -> "Includes" -> "GNU C" -> "Add" -> Workspace Path for platform (example: `/zcu102/export/zcu102/sw/zcu102/standalone_domain/bspinclude/include`). + +2) Platform BSP Library path: See "Library Paths" -> "Add" (example: `/zcu102/psu_cortexa53_0/standalone_domain/bsp/psu_cortexa53_0/lib`).ß ## wolfBoot Configuration diff --git a/arch.mk b/arch.mk index 45838a9d..d06e6436 100644 --- a/arch.mk +++ b/arch.mk @@ -640,6 +640,7 @@ ifeq ($(TARGET),nxp_t1024) OBJS+=src/boot_ppc_mp.o # support for spin table OBJS+=src/fdt.o OBJS+=src/pci.o + CFLAGS+=-DWOLFBOOT_USE_PCI UPDATE_OBJS:=src/update_ram.o ifeq ($(SPMATH),1) MATH_OBJS += ./lib/wolfssl/wolfcrypt/src/sp_c32.o @@ -700,6 +701,7 @@ endif ifeq ($(TARGET),zynq) # Support detection and skip of U-Boot legecy header */ CFLAGS+=-DWOLFBOOT_UBOOT_LEGACY + CFLAGS+=-DWOLFBOOT_DUALBOOT endif ifeq ($(TARGET),ti_hercules) @@ -826,7 +828,6 @@ OUTPUT_FLAG?=-o ifeq ($(filter $(TARGET),x86_fsp_qemu kontron_vx3060_s2),$(TARGET)) FSP=1 - CFLAGS+=-DWOLFBOOT_FSP=1 CFLAGS+=-ffunction-sections -fdata-sections -ffreestanding -nostdlib -static # some std libc have headers that bring in extra symbols used in # FORTIFY_SOURCE realated checks. Use -U_FORTIFY_SOURCE to avoid that. @@ -845,6 +846,7 @@ endif # x86-64 FSP targets ifeq ("${FSP}", "1") + CFLAGS+=-DWOLFBOOT_FSP=1 USE_GCC_HEADLESS=0 LD_START_GROUP = LD_END_GROUP = @@ -871,6 +873,7 @@ ifeq ("${FSP}", "1") OBJS += src/x86/common.o OBJS += src/x86/hob.o OBJS += src/pci.o + CFLAGS+=-DWOLFBOOT_USE_PCI OBJS += hal/x86_uart.o OBJS += src/string.o OBJS += src/stage2_params.o @@ -911,6 +914,7 @@ ifeq ("${FSP}", "1") OBJS += src/x86/common.o OBJS += src/x86/hob.o OBJS += src/pci.o + CFLAGS+=-DWOLFBOOT_USE_PCI OBJS += src/x86/ahci.o OBJS += src/x86/ata.o OBJS += src/x86/gpt.o @@ -918,6 +922,7 @@ ifeq ("${FSP}", "1") OBJS += src/stage2_params.o OBJS += src/x86/exceptions.o UPDATE_OBJS := src/update_disk.o + CFLAGS+=-DWOLFBOOT_UPDATE_DISK ifeq ($(64BIT),1) LDFLAGS += -m elf_x86_64 --oformat elf64-x86-64 CFLAGS += -m64 diff --git a/config/examples/zynqmp.config b/config/examples/zynqmp.config index 25e64eca..5f43538e 100644 --- a/config/examples/zynqmp.config +++ b/config/examples/zynqmp.config @@ -19,6 +19,7 @@ WOLFTPM?=0 EXT_FLASH?=1 SPI_FLASH?=0 NO_XIP=1 +USE_GCC=1 # Flash Sector Size WOLFBOOT_SECTOR_SIZE=0x20000 diff --git a/docs/Targets.md b/docs/Targets.md index 522f1bc2..19b49407 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -1177,8 +1177,9 @@ qemu-system-aarch64 -M raspi3b -m 1024 -serial stdio -kernel wolfboot_linux_rasp Xilinx UltraScale+ ZCU102 (Aarch64) -Build configuration options (`.config`): +See example .config file at `config/examples/zynqmp.config`. +Example build options (.config): ``` TARGET=zynq ARCH=AARCH64 @@ -1186,22 +1187,65 @@ SIGN=RSA4096 HASH=SHA3 ``` -### QNX +### Building Zynq with Xilinx tools (Vitis IDE) + +See [IDE/XilinxSDK/README.md](/IDE/XilinxSDK/README.md) for using Xilinx IDE + +### Building Zynq with gcc-aarch64-linux-gnu + +Requires `gcc-aarch64-linux-gnu` package. +Use `make CROSS_COMPILE=aarch64-linux-gnu-` + +### Building Zynq with QNX ```sh -cd ~ -source qnx700/qnxsdp-env.sh -cd wolfBoot +source ~/qnx700/qnxsdp-env.sh cp ./config/examples/zynqmp.config .config make clean make CROSS_COMPILE=aarch64-unknown-nto-qnx7.0.0- ``` -#### Debugging +#### Testing Zynq with QEMU -`qemu-system-aarch64 -M raspi3 -kernel /path/to/wolfboot/factory.bin -serial stdio -gdb tcp::3333 -S` +``` +qemu-system-aarch64 -machine xlnx-zcu102 -cpu cortex-a53 -serial stdio -display none \ + -device loader,file=wolfboot.bin,cpu-num=0 -#### Signing +``` + +### Testing with qemu-system-aarch64 + +* Build wolfboot using the example configuration (RSA4096, SHA3) + +``` +cp config/examples/raspi3.config .config +make clean +make wolfboot.bin CROSS_COMPILE=aarch64-linux-gnu- +``` + +* Sign Linux kernel image +``` +make keytools +./tools/keytools/sign --rsa4096 --sha3 Image wolfboot_signing_private_key.der 1 +``` + +* Compose the image + +``` +tools/bin-assemble/bin-assemble wolfboot_linux_raspi.bin 0x0 wolfboot.bin \ + 0xc0000 Image_v1_signed.bin +dd if=bcm2710-rpi-3-b.dtb of=wolfboot_linux_raspi.bin bs=1 seek=128K conv=notrunc +``` + +* Test boot using qemu + +``` +qemu-system-aarch64 -M raspi3b -m 1024 -serial stdio -kernel wolfboot_linux_raspi.bin -cpu cortex-a53 +``` + + + +#### Signing Zynq `tools/keytools/sign --rsa4096 --sha3 /srv/linux-rpi4/vmlinux.bin wolfboot_signing_private_key.der 1` diff --git a/hal/uart/uart_drv_lpc.c b/hal/uart/uart_drv_lpc.c index ea9cf857..7f053189 100644 --- a/hal/uart/uart_drv_lpc.c +++ b/hal/uart/uart_drv_lpc.c @@ -23,6 +23,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_lpc) + #include "fsl_common.h" #include "fsl_iocon.h" #include "fsl_usart.h" @@ -89,7 +91,7 @@ int uart_tx(const uint8_t c) int uart_rx(uint8_t *c) { if ((USART_GetStatusFlags(USART0) & kUSART_RxFifoNotEmptyFlag) != 0) { - *c = USART_ReadByte(USART0); + *c = USART_ReadByte(USART0); return 1; } return 0; @@ -111,3 +113,4 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) return 0; } +#endif /* UART_FLASH && TARGET_lpc */ diff --git a/hal/uart/uart_drv_stm32f4.c b/hal/uart/uart_drv_stm32f4.c index 467aa738..cfcf55cc 100644 --- a/hal/uart/uart_drv_stm32f4.c +++ b/hal/uart/uart_drv_stm32f4.c @@ -25,6 +25,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_stm32f4) + #include /* Driver hardcoded to work on UART3 (PD8/PD9) */ @@ -146,3 +148,4 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) return 0; } +#endif /* UART_FLASH && TARGET_stm32f4 */ diff --git a/hal/uart/uart_drv_stm32h5.c b/hal/uart/uart_drv_stm32h5.c index e53bf0a2..44f19c7b 100644 --- a/hal/uart/uart_drv_stm32h5.c +++ b/hal/uart/uart_drv_stm32h5.c @@ -25,6 +25,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_stm32h5) + #include #include "hal/stm32h5.h" @@ -276,4 +278,4 @@ int uart_rx(uint8_t *c) #endif } - +#endif /* UART_FLASH && TARGET_stm32h5 */ diff --git a/hal/uart/uart_drv_stm32l0.c b/hal/uart/uart_drv_stm32l0.c index 563a42df..65b0dd04 100644 --- a/hal/uart/uart_drv_stm32l0.c +++ b/hal/uart/uart_drv_stm32l0.c @@ -4,7 +4,7 @@ * * Example implementation for stm32L0, using UART2 (PA2/PA3). * - * Pinout: RX=PA3, TX=PA2 + * Pinout: RX=PA3, TX=PA2 * * Copyright (C) 2021 wolfSSL Inc. * @@ -25,6 +25,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_stm32l0) + #include #define UART2 (0x40004400) @@ -86,7 +88,7 @@ static void uart2_pins_setup(void) GPIOA_MODE = reg | (2 << (UART2_RX_PIN * 2)); reg = GPIOA_MODE & ~ (0x03 << (UART2_TX_PIN * 2)); GPIOA_MODE = reg | (2 << (UART2_TX_PIN * 2)); - + /* Alternate function: use low pins (2 and 3) */ reg = GPIOA_AFL & ~(0xf << (UART2_TX_PIN * 4)); GPIOA_AFL = reg | (UART2_PIN_AF << (UART2_TX_PIN * 4)); @@ -134,10 +136,10 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) UART2_CR2 = reg & (2 << 12); else UART2_CR2 = reg; - + /* Clear flags for async mode */ - UART2_CR2 &= ~(UART_CR2_LINEN | UART_CR2_CLKEN); - UART2_CR3 &= ~(UART_CR3_SCEN | UART_CR3_HDSEL | UART_CR3_IREN); + UART2_CR2 &= ~(UART_CR2_LINEN | UART_CR2_CLKEN); + UART2_CR3 &= ~(UART_CR3_SCEN | UART_CR3_HDSEL | UART_CR3_IREN); /* Configure for RX+TX, turn on. */ UART2_CR1 |= UART_CR1_TX_ENABLE | UART_CR1_RX_ENABLE | UART_CR1_UART_ENABLE; @@ -167,3 +169,4 @@ int uart_rx(uint8_t *c, int len) return 0; } +#endif /* UART_FLASH && TARGET_stm32l0 */ diff --git a/hal/uart/uart_drv_stm32l5.c b/hal/uart/uart_drv_stm32l5.c index b57b5a42..a8b7df26 100644 --- a/hal/uart/uart_drv_stm32l5.c +++ b/hal/uart/uart_drv_stm32l5.c @@ -25,6 +25,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_stm32l5) + #include #include "hal/stm32l5.h" @@ -75,7 +77,7 @@ static void uart1_pins_setup(void) GPIOG_MODE = reg | (2 << (UART1_RX_PIN * 2)); reg = GPIOG_MODE & ~ (0x03 << (UART1_TX_PIN * 2)); GPIOG_MODE = reg | (2 << (UART1_TX_PIN * 2)); - + /* Alternate function: use low pins (2 and 3) */ reg = GPIOG_AFL & ~(0xf << (UART1_TX_PIN * 4)); GPIOG_AFL = reg | (UART1_PIN_AF << (UART1_TX_PIN * 4)); @@ -123,10 +125,10 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) UART1_CR2 = reg & (2 << 12); else UART1_CR2 = reg; - + /* Clear flags for async mode */ - UART1_CR2 &= ~(UART_CR2_LINEN | UART_CR2_CLKEN); - UART1_CR3 &= ~(UART_CR3_SCEN | UART_CR3_HDSEL | UART_CR3_IREN); + UART1_CR2 &= ~(UART_CR2_LINEN | UART_CR2_CLKEN); + UART1_CR3 &= ~(UART_CR3_SCEN | UART_CR3_HDSEL | UART_CR3_IREN); /* Configure for RX+TX, turn on. */ UART1_CR1 |= UART_CR1_TX_ENABLE | UART_CR1_RX_ENABLE | UART_CR1_UART_ENABLE; @@ -156,3 +158,4 @@ int uart_rx(uint8_t *c, int len) return 0; } +#endif /* UART_FLASH && TARGET_stm32l5 */ diff --git a/hal/uart/uart_drv_stm32wb.c b/hal/uart/uart_drv_stm32wb.c index 2d6e394d..cb287c58 100644 --- a/hal/uart/uart_drv_stm32wb.c +++ b/hal/uart/uart_drv_stm32wb.c @@ -25,6 +25,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#if defined(UART_FLASH) && defined(TARGET_stm32wb) + #include /* Driver hardcoded to work on UART1 (PB6/PB7) */ @@ -105,7 +107,7 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) uint32_t reg; /* Enable pins and configure for AF7 */ uart_pins_setup(); - + /* Turn on the device */ APB2_CLOCK_ER |= UART1_APB2_CLOCK_ER_VAL; UART1_CR1 &= ~(UART_CR1_UART_ENABLE); @@ -143,3 +145,4 @@ int uart_init(uint32_t bitrate, uint8_t data, char parity, uint8_t stop) return 0; } +#endif /* UART_FLASH && TARGET_stm32wb */ diff --git a/hal/zynq.c b/hal/zynq.c index 94df7aa9..da492fa2 100644 --- a/hal/zynq.c +++ b/hal/zynq.c @@ -835,7 +835,7 @@ static int qspi_write_disable(QspiDev_t* dev) memset(cmd, 0, sizeof(cmd)); cmd[0] = WRITE_DISABLE_CMD; - ret = qspi_transfer(&mDev, cmd, 1, NULL, 0, NULL, 0, 0, + ret = qspi_transfer(dev, cmd, 1, NULL, 0, NULL, 0, 0, GQSPI_GEN_FIFO_MODE_SPI); wolfBoot_printf("Write Disable: Ret %d\n", ret); return ret; @@ -848,7 +848,7 @@ static int qspi_flash_status(QspiDev_t* dev, uint8_t* status) memset(cmd, 0, sizeof(cmd)); cmd[0] = READ_FSR_CMD; - ret = qspi_transfer(&mDev, cmd, 1, NULL, 0, cmd, 2, 0, + ret = qspi_transfer(dev, cmd, 1, NULL, 0, cmd, 2, 0, GQSPI_GEN_FIFO_MODE_SPI); wolfBoot_printf("Flash Status: Ret %d Cmd %02x %02x\n", ret, cmd[0], cmd[1]); if (ret == GQSPI_CODE_SUCCESS && status) { @@ -867,7 +867,7 @@ static int qspi_status(QspiDev_t* dev, uint8_t* status) memset(cmd, 0, sizeof(cmd)); cmd[0] = READ_SR_CMD; - ret = qspi_transfer(&mDev, cmd, 1, NULL, 0, cmd, 2, 0, + ret = qspi_transfer(dev, cmd, 1, NULL, 0, cmd, 2, 0, GQSPI_GEN_FIFO_MODE_SPI); wolfBoot_printf("Status: Ret %d Cmd %02x %02x\n", ret, cmd[0], cmd[1]); if (ret == GQSPI_CODE_SUCCESS && status) { @@ -1282,36 +1282,39 @@ int RAMFUNCTION ext_flash_read(uintptr_t address, uint8_t *data, int len) } /* Issues a sector erase based on flash address */ -/* Assumes len is not > sector size */ int RAMFUNCTION ext_flash_erase(uintptr_t address, int len) { - int ret; + int ret = 0; uint8_t cmd[8]; /* size multiple of uint32_t */ uint32_t idx = 0; + uintptr_t qspiaddr; - if (mDev.stripe) { + while (len > 0) { /* For dual parallel the address divide by 2 */ - address /= 2; - } + qspiaddr = (mDev.stripe) ? address / 2 : address; - ret = qspi_write_enable(&mDev); - if (ret == GQSPI_CODE_SUCCESS) { - /* ------ Erase Flash ------ */ - memset(cmd, 0, sizeof(cmd)); - cmd[idx++] = SEC_ERASE_CMD; - #if GQPI_USE_4BYTE_ADDR == 1 - cmd[idx++] = ((address >> 24) & 0xFF); - #endif - cmd[idx++] = ((address >> 16) & 0xFF); - cmd[idx++] = ((address >> 8) & 0xFF); - cmd[idx++] = ((address >> 0) & 0xFF); - ret = qspi_transfer(&mDev, cmd, idx, NULL, 0, NULL, 0, 0, - GQSPI_GEN_FIFO_MODE_SPI); - wolfBoot_printf("Flash Erase: Ret %d\n", ret); + ret = qspi_write_enable(&mDev); if (ret == GQSPI_CODE_SUCCESS) { - ret = qspi_wait_ready(&mDev); /* Wait for not busy */ + /* ------ Erase Flash ------ */ + memset(cmd, 0, sizeof(cmd)); + cmd[idx++] = SEC_ERASE_CMD; + #if GQPI_USE_4BYTE_ADDR == 1 + cmd[idx++] = ((qspiaddr >> 24) & 0xFF); + #endif + cmd[idx++] = ((qspiaddr >> 16) & 0xFF); + cmd[idx++] = ((qspiaddr >> 8) & 0xFF); + cmd[idx++] = ((qspiaddr >> 0) & 0xFF); + ret = qspi_transfer(&mDev, cmd, idx, NULL, 0, NULL, 0, 0, + GQSPI_GEN_FIFO_MODE_SPI); + wolfBoot_printf("Flash Erase: Ret %d\n", ret); + if (ret == GQSPI_CODE_SUCCESS) { + ret = qspi_wait_ready(&mDev); /* Wait for not busy */ + } + qspi_write_disable(&mDev); } - qspi_write_disable(&mDev); + + address += WOLFBOOT_SECTOR_SIZE; + len -= WOLFBOOT_SECTOR_SIZE; } return ret; diff --git a/include/encrypt.h b/include/encrypt.h index 778f23a2..ce1cb184 100644 --- a/include/encrypt.h +++ b/include/encrypt.h @@ -23,7 +23,9 @@ #ifndef ENCRYPT_H_INCLUDED #define ENCRYPT_H_INCLUDED + #if defined(__WOLFBOOT) || defined(UNIT_TEST) + #include #include #include diff --git a/include/user_settings.h b/include/user_settings.h index 30a28e37..6c37612f 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -52,7 +52,7 @@ extern int tolower(int c); #ifdef USE_FAST_MATH /* wolfBoot only does public asymmetric operations, - * so timing resistenace and hardening is not required */ + * so timing resistance and hardening is not required */ # define WC_NO_HARDEN #endif @@ -285,6 +285,8 @@ extern int tolower(int c); # define HAVE_AESGCM # define HAVE_PKCS8 #endif +/* PKCS11 for wolfBoot is always static */ +#define HAVE_PKCS11_STATIC #ifndef HAVE_PWDBASED # define NO_PWDBASED diff --git a/include/wolfboot/wc_secure.h b/include/wolfboot/wc_secure.h index 9b0ccbd2..93099d3f 100644 --- a/include/wolfboot/wc_secure.h +++ b/include/wolfboot/wc_secure.h @@ -1,7 +1,30 @@ +/* wc_secure.h + * + * The wolfBoot library version + * + * Copyright (C) 2021 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + #ifndef WOLFBOOT_SECURE_CALLS_INCLUDED #define WOLFBOOT_SECURE_CALLS_INCLUDED -#include +#include /* Data types shared between wolfBoot and the non-secure application */ diff --git a/include/wolfboot/wcs_pkcs11.h b/include/wolfboot/wcs_pkcs11.h index 6fbeb354..507fbad2 100644 --- a/include/wolfboot/wcs_pkcs11.h +++ b/include/wolfboot/wcs_pkcs11.h @@ -1,8 +1,32 @@ -#include "wolfpkcs11/pkcs11.h" +/* wcs_pkcs11.h + * + * The wolfBoot library version + * + * Copyright (C) 2021 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ #ifndef WOLFBOOT_PKCS11_H #define WOLFBOOT_PKCS11_H +#ifdef SECURE_PKCS11 +#include "wolfpkcs11/pkcs11.h" + struct C_SetPIN_nsc_args { CK_SESSION_HANDLE hSession; CK_UTF8CHAR_PTR pOldPin; @@ -319,4 +343,5 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_GetFunctionStatus_nsc_call(CK_SESS CK_RV __attribute__((cmse_nonsecure_entry)) C_CancelFunction_nsc_call(CK_SESSION_HANDLE hSession); CK_RV __attribute__((cmse_nonsecure_entry)) C_WaitForSlotEvent_nsc_call(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved); -#endif +#endif /* SECURE_PKCS11 */ +#endif /* !WOLFBOOT_PKCS11_H */ diff --git a/src/fdt.c b/src/fdt.c index 792d1ce5..b7c50663 100644 --- a/src/fdt.c +++ b/src/fdt.c @@ -669,7 +669,7 @@ int fdt_add_subnode(void* fdt, int parentoff, const char *name) int fdt_del_node(void *fdt, int nodeoffset) { int err; - int offset, endoffset; + int endoffset; int depth = 0; err = fdt_check_header(fdt); diff --git a/src/multiboot.c b/src/multiboot.c index 6a1c1cd2..fee3d6a4 100644 --- a/src/multiboot.c +++ b/src/multiboot.c @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifdef WOLFBOOT_MULTIBOOT2 + #include #include #include @@ -360,3 +362,5 @@ void mb2_jump(uintptr_t entry, uint32_t mb2_boot_info) : "g"(mb2_boot_info), "g"(entry) : "eax", "ebx"); } + +#endif /* WOLFBOOT_MULTIBOOT2 */ diff --git a/src/pci.c b/src/pci.c index 5fc4d20b..cd900e4d 100644 --- a/src/pci.c +++ b/src/pci.c @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifdef WOLFBOOT_USE_PCI + #include #include @@ -726,10 +728,9 @@ static int pci_program_bridge(uint8_t bus, uint8_t dev, uint8_t fun, uint32_t pci_enum_bus(uint8_t bus, struct pci_enum_info *info) { - uint16_t vendor_id, device_id, header_type; - uint32_t vd_code, reg; + uint16_t header_type; + uint32_t vd_code; uint32_t dev, fun; - int ret; PCI_DEBUG_PRINTF("enumerating bus %d\r\n", bus); @@ -925,3 +926,5 @@ int pci_enum_do(void) return ret; } + +#endif /* WOLFBOOT_USE_PCI */ diff --git a/src/pkcs11_callable.c b/src/pkcs11_callable.c index a9d356b4..76aef386 100644 --- a/src/pkcs11_callable.c +++ b/src/pkcs11_callable.c @@ -18,12 +18,15 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include "wolfpkcs11/pkcs11.h" + + #include "wolfboot/wcs_pkcs11.h" +#ifdef SECURE_PKCS11 + CK_RV __attribute__((cmse_nonsecure_entry)) C_Initialize_nsc_call(CK_VOID_PTR pInitArgs) { - return C_Initialize(pInitArgs); + return C_Initialize(pInitArgs); } CK_RV __attribute__((cmse_nonsecure_entry)) C_Finalize_nsc_call(CK_VOID_PTR pReserved) @@ -78,14 +81,14 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_InitPIN_nsc_call(CK_SESSION_HANDLE CK_RV __attribute__((cmse_nonsecure_entry)) C_SetPIN_nsc_call(struct C_SetPIN_nsc_args *args) - + { return C_SetPIN(args->hSession, args->pOldPin, args->ulOldLen, args->pNewPin, args->ulNewLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_OpenSession_nsc_call(struct C_OpenSession_nsc_args *args) { - + return C_OpenSession(args->slotID, args->flags, args->pApplication, args->Notify, args->phSession); } @@ -112,7 +115,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_GetOperationState_nsc_call( } CK_RV __attribute__((cmse_nonsecure_entry)) C_SetOperationState_nsc_call(struct C_SetOperationState_nsc_args *args) { - + return C_SetOperationState(args->hSession, args->pOperationState, args->ulOperationStateLen, args->hEncryptionKey, args->hAuthenticationKey); } @@ -167,7 +170,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_FindObjects_nsc_call(CK_SESSION_HA CK_RV __attribute__((cmse_nonsecure_entry)) C_CopyObject_nsc_call(struct C_CopyObject_nsc_args *args) { - + return C_CopyObject(args->hSession, args->hObject, args->pTemplate, args->ulCount, args->phNewObject); } @@ -185,14 +188,14 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptInit_nsc_call(CK_SESSION_HA } CK_RV __attribute__((cmse_nonsecure_entry)) C_Encrypt_nsc_call(struct C_Encrypt_nsc_args *args) { - + return C_Encrypt(args->hSession, args->pData, args->ulDataLen, args->pEncryptedData, args->pulEncryptedDataLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_EncryptUpdate_nsc_call(struct C_EncryptUpdate_nsc_args *args) { - + return C_EncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen); } @@ -210,12 +213,12 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptInit_nsc_call(CK_SESSION_HA } CK_RV __attribute__((cmse_nonsecure_entry)) C_Decrypt_nsc_call(struct C_Decrypt_nsc_args *args) { - + return C_Decrypt(args->hSession, args->pEncryptedData, args->ulEncryptedDataLen, args->pData, args->pulDataLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptUpdate_nsc_call(struct C_DecryptUpdate_nsc_args *args) { - + return C_DecryptUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen); } @@ -234,7 +237,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestInit_nsc_call(CK_SESSION_HAN } CK_RV __attribute__((cmse_nonsecure_entry)) C_Digest_nsc_call(struct C_Digest_nsc_args *args) { - + return C_Digest(args->hSession, args->pData, args->ulDataLen, args->pDigest, args->pulDigestLen); } @@ -260,7 +263,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_SignInit_nsc_call(CK_SESSION_HANDL } CK_RV __attribute__((cmse_nonsecure_entry)) C_Sign_nsc_call(struct C_Sign_nsc_args *args) { - + return C_Sign(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->pulSignatureLen); } @@ -280,7 +283,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecoverInit_nsc_call(CK_SESSIO } CK_RV __attribute__((cmse_nonsecure_entry)) C_SignRecover_nsc_call(struct C_SignRecover_nsc_args *args) { - + return C_SignRecover(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->pulSignatureLen); } @@ -291,7 +294,7 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyInit_nsc_call(CK_SESSION_HAN } CK_RV __attribute__((cmse_nonsecure_entry)) C_Verify_nsc_call(struct C_Verify_nsc_args *args) { - + return C_Verify(args->hSession, args->pData, args->ulDataLen, args->pSignature, args->ulSignatureLen); } @@ -316,48 +319,48 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecoverInit_nsc_call(CK_SESS } CK_RV __attribute__((cmse_nonsecure_entry)) C_VerifyRecover_nsc_call(struct C_VerifyRecover_nsc_args *args) { - + return C_VerifyRecover(args->hSession, args->pSignature, args->ulSignatureLen, args->pData, args->pulDataLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_DigestEncryptUpdate_nsc_call(struct C_DigestEncryptUpdate_nsc_args *args) { - + return C_DigestEncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptDigestUpdate_nsc_call(struct C_DecryptDigestUpdate_nsc_args *args) { - + return C_DecryptDigestUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_SignEncryptUpdate_nsc_call(struct C_SignEncryptUpdate_nsc_args *args) { - + return C_SignEncryptUpdate(args->hSession, args->pPart, args->ulPartLen, args->pEncryptedPart, args->pulEncryptedPartLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_DecryptVerifyUpdate_nsc_call(struct C_DecryptVerifyUpdate_nsc_args *args) { - + return C_DecryptVerifyUpdate(args->hSession, args->pEncryptedPart, args->ulEncryptedPartLen, args->pPart, args->pulPartLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKey_nsc_call(struct C_GenerateKey_nsc_args *args) { - + return C_GenerateKey(args->hSession, args->pMechanism, args->pTemplate, args->ulCount, args->phKey); } CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKeyPair_nsc_call(struct C_GenerateKeyPair_nsc_args *args) { - + return C_GenerateKeyPair(args->hSession, args->pMechanism, args->pPublicKeyTemplate, args->ulPublicKeyAttributeCount, args->pPrivateKeyTemplate, args->ulPrivateKeyAttributeCount, args->phPublicKey, args->phPrivateKey); } @@ -365,21 +368,21 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_GenerateKeyPair_nsc_call(struct C_ CK_RV __attribute__((cmse_nonsecure_entry)) C_WrapKey_nsc_call(struct C_WrapKey_nsc_args *args) { - + return C_WrapKey(args->hSession, args->pMechanism, args->hWrappingKey, args->hKey, args->pWrappedKey, args->pulWrappedKeyLen); } CK_RV __attribute__((cmse_nonsecure_entry)) C_UnwrapKey_nsc_call(struct C_UnwrapKey_nsc_args *args) { - + return C_UnwrapKey(args->hSession, args->pMechanism, args->hUnwrappingKey, args->pWrappedKey, args->ulWrappedKeyLen, args->pTemplate, args->ulAttributeCount, args->phKey); } CK_RV __attribute__((cmse_nonsecure_entry)) C_DeriveKey_nsc_call(struct C_DeriveKey_nsc_args *args) { - + return C_DeriveKey(args->hSession, args->pMechanism, args->hBaseKey, args->pTemplate, args->ulAttributeCount, args->phKey); } @@ -409,5 +412,4 @@ CK_RV __attribute__((cmse_nonsecure_entry)) C_WaitForSlotEvent_nsc_call(CK_FLAGS return C_WaitForSlotEvent(flags, pSlot, pReserved); } - - +#endif /* SECURE_PKCS11 */ diff --git a/src/pkcs11_store.c b/src/pkcs11_store.c index 53d0aff0..2c25f262 100644 --- a/src/pkcs11_store.c +++ b/src/pkcs11_store.c @@ -23,10 +23,16 @@ #include #include + +#include "hal.h" + +#ifdef SECURE_PKCS11 + #include "wolfpkcs11/pkcs11.h" #include "wolfpkcs11/store.h" -#include "wolfssl/wolfcrypt/types.h" -#include "hal.h" + +#include +#include extern uint32_t *_flash_keyvault; /* From linker script: origin of vault flash */ extern uint32_t *_flash_keyvault_size; /* From linker script: size of vault */ @@ -181,7 +187,7 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len) return -1; obj->hdr.size += len; hal_flash_unlock(); - if (obj->hdr.off == 0) + if (obj->hdr.off == 0) hal_flash_erase((uint32_t)(vault_base + obj->vault_idx * KEYVAULT_OBJ_SIZE), KEYVAULT_OBJ_SIZE); @@ -201,3 +207,5 @@ int wolfPKCS11_Store_Write(void* store, unsigned char* buffer, int len) obj->hdr.off += len; return len; } + +#endif /* SECURE_PKCS11 */ diff --git a/src/uart_flash.c b/src/uart_flash.c index 295d93eb..d48ed40e 100644 --- a/src/uart_flash.c +++ b/src/uart_flash.c @@ -26,6 +26,9 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + +#ifdef UART_FLASH + #include "wolfboot/wolfboot.h" #include "hal.h" #include @@ -176,4 +179,4 @@ void uart_send_current_version(void) return; } - +#endif /* UART_FLASH */ diff --git a/src/update_disk.c b/src/update_disk.c index 7bf2b366..0d681624 100644 --- a/src/update_disk.c +++ b/src/update_disk.c @@ -34,8 +34,8 @@ * authenticity, and perform the boot process. */ -#ifndef UPDATE_DISK_H_ -#define UPDATE_DISK_H_ +#ifdef WOLFBOOT_UPDATE_DISK + #include "image.h" #include "loader.h" #include "hal.h" @@ -146,7 +146,7 @@ void RAMFUNCTION wolfBoot_start(void) cur_part = BOOT_PART_A; wolfBoot_printf("Attempting boot from partition %c\r\n", 'A' + selected); - + /* Fetch header again */ if (disk_read(BOOT_DISK, cur_part, 0, IMAGE_HEADER_SIZE, p_hdr) != IMAGE_HEADER_SIZE) { @@ -224,4 +224,4 @@ void RAMFUNCTION wolfBoot_start(void) hal_prepare_boot(); do_boot((uint32_t*)os_image.fw_base); } -#endif /* UPDATE_DISK_H_ */ +#endif /* WOLFBOOT_UPDATE_DISK */ diff --git a/src/update_ram.c b/src/update_ram.c index 237edc07..7d1276a7 100644 --- a/src/update_ram.c +++ b/src/update_ram.c @@ -113,7 +113,9 @@ void RAMFUNCTION wolfBoot_start(void) { int active = -1, ret = 0; struct wolfBoot_image os_image; +#ifdef WOLFBOOT_UBOOT_LEGACY uint8_t *image_ptr; +#endif uint32_t *load_address = NULL; uint32_t *source_address = NULL; #ifdef WOLFBOOT_FIXED_PARTITIONS @@ -127,7 +129,7 @@ void RAMFUNCTION wolfBoot_start(void) memset(&os_image, 0, sizeof(struct wolfBoot_image)); for (;;) { - #ifdef WOLFBOOT_FIXED_PARTITIONS + #if defined(WOLFBOOT_DUALBOOT) && defined(WOLFBOOT_FIXED_PARTITIONS) if (active < 0) active = wolfBoot_dualboot_candidate(); if (active == PART_BOOT) @@ -143,7 +145,7 @@ void RAMFUNCTION wolfBoot_start(void) break; } - #ifdef WOLFBOOT_FIXED_PARTITIONS + #if defined(WOLFBOOT_DUALBOOT) && defined(WOLFBOOT_FIXED_PARTITIONS) wolfBoot_printf("Trying %s partition at %p\n", active == PART_BOOT ? "Boot" : "Update", source_address); #else diff --git a/src/x86/ahci.c b/src/x86/ahci.c index 52830ff1..a2376c85 100644 --- a/src/x86/ahci.c +++ b/src/x86/ahci.c @@ -170,7 +170,6 @@ int init_sata_controller(uint32_t bus, uint32_t dev, uint32_t fun) */ uint32_t ahci_enable(uint32_t bus, uint32_t dev, uint32_t fun) { - uint16_t reg16; uint32_t reg; uint32_t bar; @@ -188,7 +187,7 @@ uint32_t ahci_enable(uint32_t bus, uint32_t dev, uint32_t fun) AHCI_DEBUG_PRINTF("Interrupt pin for AHCI controller: %02x\r\n", (reg >> 8) & 0xFF); pci_config_write32(bus, dev, fun, PCI_INTR_OFFSET, - (reg & 0xFFFFFF00 | 0x0a)); + ((reg & 0xFFFFFF00) | 0x0a)); AHCI_DEBUG_PRINTF("Setting interrupt line: 0x0A\r\n"); return bar; @@ -532,8 +531,7 @@ void sata_enable(uint32_t base) uint8_t sata_only; uint8_t cap_sud; uint32_t n_ports; - uint32_t i, j; - uint64_t data64; + uint32_t i; uint32_t data; uint32_t reg; int drv; @@ -586,8 +584,6 @@ void sata_enable(uint32_t base) uint32_t ssts = mmio_read32(AHCI_PxSSTS(base, i)); uint8_t det = ssts & 0x0F; uint8_t ipm; - volatile struct hba_cmd_header *hdr; - data = mmio_read32(AHCI_PxCMD(base, i)); /* Detect POD */ @@ -625,6 +621,8 @@ void sata_enable(uint32_t base) } else { wolfBoot_printf("AHCI port %d: Disk detected (det: %02x ipm: %02x)\r\n", i, det, ipm); + (void)ipm; + (void)det; /* Clear port SERR */ reg = mmio_read32(AHCI_PxSERR(base, i)); @@ -743,7 +741,6 @@ void sata_disable(uint32_t base) { uint32_t ports_impl; uint32_t i, reg; - volatile uint32_t count; int r; AHCI_DEBUG_PRINTF("SATA: disabling sata controller at 0x%x\r\n", base); diff --git a/src/x86/ata.c b/src/x86/ata.c index 443d7d36..4c3591e2 100644 --- a/src/x86/ata.c +++ b/src/x86/ata.c @@ -382,11 +382,6 @@ static void invert_buf(uint8_t *src, uint8_t *dst, unsigned len) dst[len - 1] = 0; } -static void noninvert_buf(uint8_t *src, uint8_t *dst, unsigned len) -{ - memcpy(dst, src, len); -} - #ifndef ATA_BUF_SIZE #define ATA_BUF_SIZE 8192 #endif @@ -696,7 +691,6 @@ static int ata_drive_read_sector(int drv, uint64_t start, uint32_t count, struct hba_cmd_header *cmd; struct hba_cmd_table *tbl; struct fis_reg_h2d *cmdfis; - int i; int slot = prepare_cmd_h2d_slot(drv, buf, count << ata->sector_size_shift, 0); if (slot < 0) return -1; @@ -727,8 +721,6 @@ static int ata_drive_write_sector(int drv, uint64_t start, uint32_t count, struct hba_cmd_header *cmd; struct hba_cmd_table *tbl; struct fis_reg_h2d *cmdfis; - uint8_t *buf_ptr; - int i; int slot = prepare_cmd_h2d_slot(drv, buf, count << ata->sector_size_shift, 1); if (slot < 0) return -1; diff --git a/src/xmalloc.c b/src/xmalloc.c index 47900951..d08aaa1d 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -292,7 +292,9 @@ static struct xmalloc_slot xmalloc_pool[] = { #elif defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_RSA4096) || \ defined(WOLFBOOT_SIGN_RSA3072) +#if defined(WOLFBOOT_HASH_SHA256) || defined(WOLFBOOT_HASH_SHA384) static uint32_t sha_block[HASH_BLOCK_SIZE]; +#endif #ifndef _LP64 #define ASNCHECK_BUF_SIZE (224)