WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #548 from danielinux/encrypt_cache_in_stack 

Move encrypt cache to stack
pull/568/head
David Garske 2025-03-27 11:07:13 -07:00 committed by GitHub
parent d13f3260ab 076cd1d6c4
commit 574f68b984
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 52 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/encrypted_partitions.md
View File

@ -179,6 +179,13 @@ as template. The file `hal/stm32l0_chacha_ram.ld` contains the changes described
all the needed symbols in RAM. all the needed symbols in RAM.
### Using a custom buffer as encrypt/decrypt cache
By default, encryption support requires a buffer of the same size as the external flash page size to be allocated in RAM.
You can provide a custom pre-allocated buffer by passing its address via the option `ENCRYPT_CACHE`, e.g.:
`ENCRYPT_CACHE=0x20010000`
### API usage in the application ### API usage in the application
When transferring the image, the application can still use the libwolfboot API functions to store the encrypted firmware. When called from the application, When transferring the image, the application can still use the libwolfboot API functions to store the encrypted firmware. When called from the application,

10
include/image.h
View File

@ -74,6 +74,7 @@ int wolfBot_get_dts_size(void *dts_addr);
# endif # endif
#endif #endif
/* Helpers for memory alignment */ /* Helpers for memory alignment */
#ifndef XALIGNED #ifndef XALIGNED
#if defined(__GNUC__) || defined(__llvm__) || \ #if defined(__GNUC__) || defined(__llvm__) || \
@ -90,6 +91,15 @@ int wolfBot_get_dts_size(void *dts_addr);
#endif #endif
#endif #endif
#ifndef XALIGNED_STACK
/* Don't enforce stack alignment on IAR */
#if defined (__IAR_SYSTEMS_ICC__)
#define XALIGNED_STACK(x)
#else
#define XALIGNED_STACK(x) XALIGNED(x)
#endif
#endif
#ifndef WOLFBOOT_FLAGS_INVERT #ifndef WOLFBOOT_FLAGS_INVERT
#define SECT_FLAG_NEW 0x0F #define SECT_FLAG_NEW 0x0F

8
options.mk
View File

@ -770,6 +770,14 @@ ifeq ($(RAM_CODE),1)
endif endif
endif endif
# Support external encryption cache
#
ifeq ($(ENCRYPT),1)
ifeq ($(ENCRYPT_CACHE),1)
CFLAGS+=-D"WOLFBOOT_ENCRYPT_CACHE=$(ENCRYPT_CACHE)"
endif
endif
# support for elf32 or elf64 loader # support for elf32 or elf64 loader
ifeq ($(ELF),1) ifeq ($(ELF),1)
CFLAGS+=-DWOLFBOOT_ELF CFLAGS+=-DWOLFBOOT_ELF

27
src/libwolfboot.c
View File

@ -177,7 +177,7 @@ static const uint32_t wolfboot_magic_trail = WOLFBOOT_MAGIC_TRAIL;
#include <stddef.h> #include <stddef.h>
#include <string.h> #include <string.h>
static uint8_t NVM_CACHE[NVM_CACHE_SIZE] __attribute__((aligned(16))); static uint8_t NVM_CACHE[NVM_CACHE_SIZE] XALIGNED(16);
static int nvm_cached_sector = 0; static int nvm_cached_sector = 0;
static uint8_t get_base_offset(uint8_t *base, uintptr_t off) static uint8_t get_base_offset(uint8_t *base, uintptr_t off)
{ {
@ -1334,16 +1334,21 @@ int wolfBoot_fallback_is_possible(void)
#ifdef EXT_ENCRYPTED #ifdef EXT_ENCRYPTED
#include "encrypt.h" #include "encrypt.h"
#if !defined(EXT_FLASH) && !defined(MMU) #if !defined(EXT_FLASH) && !defined(MMU)
#error option EXT_ENCRYPTED requires EXT_FLASH or MMU mode #error option EXT_ENCRYPTED requires EXT_FLASH or MMU mode
#endif #endif
#ifndef WOLFBOOT_ENCRYPT_CACHE
#ifdef NVM_FLASH_WRITEONCE
#ifdef NVM_FLASH_WRITEONCE #define ENCRYPT_CACHE NVM_CACHE
#define ENCRYPT_CACHE NVM_CACHE #else
#ifdef WOLFBOOT_SMALL_STACK
static uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED(32);
#endif
#endif
#else #else
static uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] __attribute__((aligned(32))); #define ENCRYPT_CACHE (WOLFBOOT_ENCRYPT_CACHE)
#endif #endif
#if defined(EXT_ENCRYPTED) && defined(MMU) #if defined(EXT_ENCRYPTED) && defined(MMU)
@ -1356,6 +1361,11 @@ static int RAMFUNCTION hal_set_key(const uint8_t *k, const uint8_t *nonce)
int ret = 0; int ret = 0;
int sel_sec = 0; int sel_sec = 0;
uint32_t trailer_relative_off = 4; uint32_t trailer_relative_off = 4;
#if !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) && !defined(WOLFBOOT_ENCRYPT_CACHE)
uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED_STACK(32);
#endif
#ifdef MMU #ifdef MMU
XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE); XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE);
XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE); XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE);
@ -1692,6 +1702,9 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data,
int sz = len, i, step; int sz = len, i, step;
uint8_t part; uint8_t part;
uint32_t iv_counter = 0; uint32_t iv_counter = 0;
#if defined(EXT_ENCRYPTED) && !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE)
uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED_STACK(32);
#endif
row_offset = address & (ENCRYPT_BLOCK_SIZE - 1); row_offset = address & (ENCRYPT_BLOCK_SIZE - 1);
if (row_offset != 0) { if (row_offset != 0) {

2
src/update_disk.c
View File

@ -79,7 +79,7 @@ extern uint8_t _end_wb[];
*/ */
void RAMFUNCTION wolfBoot_start(void) void RAMFUNCTION wolfBoot_start(void)
{ {
uint8_t p_hdr[IMAGE_HEADER_SIZE] __attribute__((aligned(16))); uint8_t p_hdr[IMAGE_HEADER_SIZE] XALIGNED_STACK(16);
struct stage2_parameter *stage2_params; struct stage2_parameter *stage2_params;
struct wolfBoot_image os_image; struct wolfBoot_image os_image;
int pA_ver = 0, pB_ver = 0; int pA_ver = 0, pB_ver = 0;

3
tools/config.mk
View File

@ -111,4 +111,5 @@ CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO
NO_ARM_ASM \ NO_ARM_ASM \
SIGN_SECONDARY \ SIGN_SECONDARY \
WOLFHSM_CLIENT \ WOLFHSM_CLIENT \
WOLFHSM_CLIENT_LOCAL_KEYS WOLFHSM_CLIENT_LOCAL_KEYS \
ENCRYPT_CACHE

4
tools/keytools/user_settings.h
View File

@ -29,7 +29,9 @@
#include <stdint.h> #include <stdint.h>
/* System */ /* System */
#define WOLFBOOT_KEYTOOLS #ifndef WOLFBOOT_KEYTOOLS
#define WOLFBOOT_KEYTOOLS
#endif
#define SINGLE_THREADED #define SINGLE_THREADED
#define WOLFCRYPT_ONLY #define WOLFCRYPT_ONLY

1
tools/unit-tests/unit-extflash.c
View File

@ -47,6 +47,7 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include "user_settings.h" #include "user_settings.h"
#include "image.h"
#include "libwolfboot.c" #include "libwolfboot.c"