WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfBoot improvements (from elms): 

* Add `WOLFBOOT_DUALBOOT` for dynamic fallback
* Refactor header field parsing
* Cleanup compiler warnings and logic extra check
* Option to leave out partition based functions
* Add `WOLFBOOT_FIXED_PARTITIONS` enable using partition enum and related functions
* Wrap all delta update references
* Update raspberry documentation
* EFI refactoring
* Add `keytools_check` target
* Add "library" target
pull/203/head
David Garske 2022-05-18 17:10:43 -07:00 committed by Daniele Lacamera
parent 99e897da53
commit 6068a8047c
21 changed files with 503 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Makefile
View File

@ -16,15 +16,18 @@ LDFLAGS:=
LD_START_GROUP:=-Wl,--start-group
LD_END_GROUP:=-Wl,--end-group
V?=0
OBJS:= \
./hal/$(TARGET).o \
./src/loader.o \
./src/string.o \
./src/image.o \
./src/libwolfboot.o
WOLFCRYPT_OBJS:=
PUBLIC_KEY_OBJS:=
UPDATE_OBJS:=
ifneq ("$(NO_LOADER)","1")
OBJS+=./src/loader.o
endif
## Architecture/CPU configuration
include arch.mk
@ -39,12 +42,10 @@ CFLAGS+= \
-D"PLATFORM_$(TARGET)"
# Setup default optimizations (for GCC)
ifneq ($(TARGET),x86_64_efi)
ifeq ($(USE_GCC),1)
CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles
CFLAGS+=-ffunction-sections -fdata-sections
LDFLAGS+=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles
endif
ifeq ($(USE_GCC_HEADLESS),1)
CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles
CFLAGS+=-ffunction-sections -fdata-sections
LDFLAGS+=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles
endif
MAIN_TARGET=factory.bin
@ -63,12 +64,18 @@ ifeq ($(TARGET),x86_64_efi)
MAIN_TARGET:=wolfboot.efi
endif
ASFLAGS:=$(CFLAGS)
ifeq ($(TARGET),library)
CFLAGS+=-g
MAIN_TARGET:=test-lib
endif
BOOTLOADER_PARTITION_SIZE?=$$(( $(WOLFBOOT_PARTITION_BOOT_ADDRESS) - $(ARCH_FLASH_OFFSET)))
all: $(MAIN_TARGET)
test-lib: $(OBJS)
$(Q)$(CC) $(CFLAGS) -o $@ $^
wolfboot.efi: wolfboot.elf
@echo "\t[BIN] $@"
$(Q)$(OBJCOPY) -j .text -j .sdata -j .data \
@ -106,20 +113,17 @@ include tools/test-enc.mk
include tools/test-delta.mk
include tools/test-renode.mk
ed25519.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ed25519_pub_key.c
ed448.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ed448_pub_key.c
ecc256.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc256_pub_key.c
ecc384.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc384_pub_key.c
ecc521.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc521_pub_key.c
rsa2048.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa2048_pub_key.c
rsa4096.der:
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa4096_pub_key.c
PYTHON?=python3
keytools_check:
$(Q)(test -x "$(KEYGEN_TOOL)") || \
($(PYTHON) -c "import wolfcrypt" > /dev/null 2>&1) || \
(echo "ERROR: Key tool unavailable '$(KEYGEN_TOOL)'.\n"\
"Run 'make keytools' or install wolfcrypt 'pip3 install wolfcrypt'" && false)
%.der:
$(Q)$(MAKE) keytools_check
$(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/$(@:.der=)_pub_key.c
keytools:
@make -C tools/keytools clean
@ -222,4 +226,4 @@ check_config:
FORCE:
.PHONY: FORCE clean
.PHONY: FORCE clean keytool_check

16
arch.mk
View File

@ -1,6 +1,4 @@
## CPU Architecture selection via $ARCH
UPDATE_OBJS:=./src/update_flash.o
# check for FASTMATH or SP_MATH
ifeq ($(SPMATH),1)
@ -341,8 +339,8 @@ endif
CFLAGS+=-DARCH_FLASH_OFFSET=$(ARCH_FLASH_OFFSET)
USE_GCC?=1
USE_GCC_HEADLESS?=1
ifeq ($(USE_GCC),1)
## Toolchain setup
CC=$(CROSS_COMPILE)gcc
@ -355,12 +353,14 @@ endif
ifeq ($(TARGET),x86_64_efi)
USE_GCC_HEADLESS=0
GNU_EFI_LIB_PATH?=/usr/lib
GNU_EFI_CRT0=$(GNU_EFI_LIB_PATH)/crt0-efi-x86_64.o
GNU_EFI_LSCRIPT=$(GNU_EFI_LIB_PATH)/elf_x86_64_efi.lds
CFLAGS += -fpic -ffreestanding -fno-stack-protector -fno-stack-check \
-fshort-wchar -mno-red-zone -maccumulate-outgoing-args
CFLAGS += -I/usr/include/efi -I/usr/include/efi/x86_64 -DPLATFORM_X86_64_EFI
CFLAGS += -I/usr/include/efi -I/usr/include/efi/x86_64 \
-DPLATFORM_X86_64_EFI -DWOLFBOOT_DUALBOOT
LDFLAGS = -shared -Bsymbolic -L/usr/lib -T$(GNU_EFI_LSCRIPT)
LD_START_GROUP = $(GNU_EFI_CRT0)
LD_END_GROUP = -lgnuefi -lefi
@ -372,13 +372,19 @@ BOOT_IMG?=test-app/image.bin
## Update mechanism
ifeq ($(ARCH),AARCH64)
CFLAGS+=-DMMU
CFLAGS+=-DMMU -DWOLFBOOT_DUALBOOT
UPDATE_OBJS:=src/update_ram.o
endif
ifeq ($(DUALBANK_SWAP),1)
CFLAGS+=-DWOLFBOOT_DUALBOOT
UPDATE_OBJS:=src/update_flash_hwswap.o
endif
ifeq ("$(UPDATE_OBJS)","")
UPDATE_OBJS:=./src/update_flash.o
endif
## Debug
ifeq ($(DEBUG),1)
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/logging.o

12
config/examples/library.config 100644
View File

@ -0,0 +1,12 @@
ARCH=
NO_LOADER=1
USE_GCC_HEADLESS=0
# ends up double including this to work around defaulting to update_flash
UPDATE_OBJS:=hal/library.o
TARGET=library
WOLFBOOT_SMALL_STACK=1
SIGN?=ED25519
HASH?=SHA256
IMAGE_HEADER_SIZE?=0x100
DEBUG=0
SPMATH=0

1
config/examples/x86_64_efi.config
View File

@ -7,3 +7,4 @@ DEBUG=1
SPMATH=0
# required for keytools
WOLFBOOT_SECTOR_SIZE?=0x1000
WOLFBOOT_NO_PARTITIONS=1

5
docs/Signing.md
View File

@ -98,6 +98,7 @@ openssl rsautl -sign -keyform der -inkey rsa2048.der -in test-app/image_v1_diges
# OR
python3 ./tools/keytools/sign.py --rsa2048 --sha256 --manual-sign test-app/image.bin rsa4096_pub.der 1 test-app/image_v1.sig
# Combine into factory image
cat wolfboot-align.bin test-app/image_v1_signed.bin > factory.bin
# Combine into factory image (0xc0000 is the WOLFBOOT_PARTITION_BOOT_ADDRESS)
tools/bin-assemble/bin-assemble factory.bin 0x0 wolfboot.bin \
0xc0000 test-app/image_v1_signed.bin
```

5
docs/Targets.md
View File

@ -815,7 +815,7 @@ cd $wolfboot_dir
```
cp config/examples/raspi3.config .config
make wolfboot-align.bin
make wolfboot.bin
```
* Sign Image
@ -826,7 +826,8 @@ tools/keytools/sign.py --rsa4096 --sha3 Image rsa4096.der 1
* Compose the image
```
cat wolfboot-align.bin Image_v1_signed.bin >wolfboot_linux_raspi.bin
tools/bin-assemble/bin-assemble wolfboot_linux_raspi.bin 0x0 wolfboot.bin \
0xc0000 Image_v1_signed.bin
dd if=bcm2710-rpi-3-b.dtb of=wolfboot_linux_raspi.bin bs=1 seek=128K conv=notrunc
```

31
docs/lib.md 100644
View File

@ -0,0 +1,31 @@
```
ln -s config/examples/library.config .config
```
```
cat > include/target.h << EOF
#ifndef H_TARGETS_TARGET_
#define H_TARGETS_TARGET_
#define WOLFBOOT_NO_PARTITIONS
#define WOLFBOOT_SECTOR_SIZE 0x20000
#define WOLFBOOT_PARTITION_SIZE 0x20000
#endif /* !H_TARGETS_TARGET_ */
EOF
```
```
touch empty
make keytools
./tools/keytools/keygen --ed25519 src/ed25519_pub_key.c
./tools/keytools/sign --ed25519 --sha256 empty ed25519.der 1
```
```
make test-lib
./test-lib empty_v1_signed.bin
```

167
hal/library.c 100644
View File

@ -0,0 +1,167 @@
/* library.c
*
* Copyright (C) 2022 wolfSSL Inc.
*
* This file is part of wolfBoot.
*
* wolfBoot is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfBoot is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>
#if 1 /* for desktop testing */
#define HAVE_UNISTD_H
#define PRINTF_ENABLED
#else /* restricted build */
#define NO_FILESYSTEM
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#define exit _exit
#else
#define exit(x) while(1) ;
#endif
#include "image.h"
#include "printf.h"
void hal_init(void) {
return;
}
int hal_flash_write(uint32_t address, const uint8_t *data, int len) {
return 0;
}
int hal_flash_erase(uint32_t address, int len) {
return 0;
}
void hal_flash_unlock(void) {
return;
}
void hal_flash_lock(void) {
return;
}
void hal_prepare_boot(void) {
return;
}
int do_boot(uint32_t* v) {
wolfBoot_printf("booting %p"
#ifdef HAVE_UNISTD_H
"(actually exiting)"
#else
"(actually spin loop)"
#endif
"\n", v);
exit(0);
}
uintptr_t gImage;
uint8_t test_img[] = {
0x57, 0x4F, 0x4C, 0x46, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x01,
0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x02, 0x00, 0x08, 0x00, 0x1E, 0xBC,
0x0E, 0x62, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x01, 0x01, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x03, 0x00, 0x20, 0x00, 0x08, 0xF9, 0x46, 0x2E,
0x0F, 0x70, 0x33, 0x38, 0xAC, 0x19, 0xFF, 0x82, 0xC8, 0xAC, 0xD6, 0x9A, 0xF9,
0xB2, 0x1F, 0xED, 0x60, 0x3F, 0x68, 0x7B, 0x85, 0xDB, 0x46, 0x8B, 0x3A, 0x7E,
0x65, 0xE0, 0x10, 0x00, 0x20, 0x00, 0x02, 0x45, 0x14, 0xB0, 0x5A, 0x37, 0x95,
0x3E, 0x17, 0x49, 0xAD, 0x75, 0xE7, 0x71, 0xD5, 0x65, 0xBB, 0x78, 0x7F, 0xFA,
0xF6, 0x31, 0x4F, 0x63, 0xF9, 0x20, 0x3D, 0xA1, 0x56, 0xB2, 0x71, 0x7C, 0x20,
0x00, 0x40, 0x00, 0xC6, 0x7A, 0xEB, 0x04, 0xB1, 0xB8, 0x82, 0xE7, 0x97, 0xD8,
0x00, 0x80, 0x1D, 0x93, 0xA9, 0x80, 0x37, 0xE0, 0x63, 0x7F, 0x78, 0x15, 0xD8,
0xD1, 0x22, 0xD6, 0x75, 0x0B, 0x04, 0xE9, 0x71, 0x12, 0xB7, 0x09, 0x32, 0xBC,
0xB7, 0xFC, 0xA1, 0x9D, 0x32, 0xC0, 0x7D, 0xDB, 0x63, 0xE2, 0x12, 0xF2, 0xE2,
0x41, 0xF4, 0x15, 0x7A, 0x38, 0xB5, 0xCD, 0xAA, 0x01, 0xB3, 0x5E, 0xF2, 0xCC,
0xD9, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};
int wolfBoot_start(void)
{
struct wolfBoot_image os_image;
int ret = 0;
os_image.hdr = (uint8_t*)gImage;
if ((ret = wolfBoot_open_image_address(&os_image, (uint8_t*)gImage)) < 0 ) {
goto exit;
}
if ((ret = wolfBoot_verify_integrity(&os_image)) < 0) {
goto exit;
}
if ((ret = wolfBoot_verify_authenticity(&os_image)) < 0) {
goto exit;
}
wolfBoot_printf("Firmware Valid\n");
do_boot((uint32_t*)os_image.fw_base);
exit:
if (ret < 0) {
wolfBoot_printf("Failure %d: Hdr %d, Hash %d, Sig %d\n", ret,
os_image.hdr_ok, os_image.sha_ok, os_image.signature_ok);
}
return 0;
}
int main(int argc, const char* argv[])
{
int ret = 0;
#ifdef NO_FILESYSTEM
gImage = (uintptr_t)test_img;
#else
if (argc > 1) {
size_t sz = 0;
FILE* img = fopen(argv[1], "rb");
fseek(img, 0, SEEK_END);
sz = ftell(img);
fseek(img, 0, SEEK_SET);
gImage = (uintptr_t)malloc(sz);
if (((void*)gImage) == NULL) {
wolfBoot_printf("failed to malloc %zu bytes for image\n", sz);
ret = -1;
}
size_t bread = fread((void*)gImage, 1, sz, img);
if (bread != sz) {
ret = -2;
wolfBoot_printf("read %zu of %zu bytes from %s\n", bread, sz, argv[1]);
}
fclose(img);
}
#endif
ret = wolfBoot_start();
#ifndef NO_FILESYSTEM
free((void*)gImage);
#endif
return ret;
}

13
hal/x86_64_efi.c
View File

@ -70,17 +70,28 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
return 0;
}
void* hal_get_primary_address(void)
{
return (void*)kernel_addr;
}
void* hal_get_update_address(void)
{
return (void*)update_addr;
}
static void panic()
{
while(1) {}
}
void RAMFUNCTION x86_64_efi_do_boot(uint8_t *kernel)
void RAMFUNCTION x86_64_efi_do_boot(uint32_t *kernel_addr)
{
MEMMAP_DEVICE_PATH mem_path_device[2];
EFI_HANDLE kernelImageHandle;
EFI_STATUS status;
uint32_t *size;
uint8_t* kernel = (uint8_t*)kernel_addr;
size = (uint32_t *)(kernel + 4);
kernel += IMAGE_HEADER_SIZE;

6
include/hal.h
View File

@ -24,7 +24,6 @@
#ifndef H_HAL_
#define H_HAL_
#include <inttypes.h>
#include "target.h"
@ -48,6 +47,11 @@ void hal_prepare_boot(void);
void hal_flash_dualbank_swap(void);
#endif
#ifdef WOLFBOOT_DUALBOOT
void* hal_get_primary_address(void);
void* hal_get_update_address(void);
#endif
#ifndef SPI_FLASH
/* user supplied external flash interfaces */
int ext_flash_write(uintptr_t address, const uint8_t *data, int len);

1
include/image.h
View File

@ -497,6 +497,7 @@ static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img)
/* Defined in image.c */
int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part);
int wolfBoot_open_image_address(struct wolfBoot_image* img, uint8_t* image);
int wolfBoot_verify_integrity(struct wolfBoot_image *img);
int wolfBoot_verify_authenticity(struct wolfBoot_image *img);
int wolfBoot_get_partition_state(uint8_t part, uint8_t *st);

2
include/printf.h
View File

@ -38,6 +38,8 @@
# include "xil_printf.h"
# define wolfBoot_printf(_f_, ...) xil_printf(_f_, ##__VA_ARGS__)
# elif defined(WOLFBOOT_DEBUG_EFI)
# include "efi/efi.h"
# include "efi/efilib.h"
/* NOTE: %s arguments will not work as EFI uses widechar string */
# define wolfBoot_printf(_f_, ...) Print(L##_f_, ##__VA_ARGS__)
# else

15
include/target.h.in
View File

@ -27,7 +27,11 @@
#ifndef H_TARGETS_TARGET_
#define H_TARGETS_TARGET_
#ifndef PLATFORM_X86_64_EFI
#ifndef WOLFBOOT_NO_PARTITIONS
# define WOLFBOOT_FIXED_PARTITIONS
#endif
#ifdef WOLFBOOT_FIXED_PARTITIONS
#define WOLFBOOT_SECTOR_SIZE ##WOLFBOOT_SECTOR_SIZE##
#define WOLFBOOT_PARTITION_BOOT_ADDRESS ##WOLFBOOT_PARTITION_BOOT_ADDRESS##
#define WOLFBOOT_PARTITION_SIZE ##WOLFBOOT_PARTITION_SIZE##
@ -39,15 +43,6 @@
#define WOLFBOOT_DTS_UPDATE_ADDRESS ##WOLFBOOT_DTS_UPDATE_ADDRESS##
#define WOLFBOOT_LOAD_ADDRESS ##WOLFBOOT_LOAD_ADDRESS##
#define WOLFBOOT_LOAD_DTS_ADDRESS ##WOLFBOOT_LOAD_DTS_ADDRESS##
#else
#include "efi/efi.h"
extern EFI_PHYSICAL_ADDRESS kernel_addr;
extern EFI_PHYSICAL_ADDRESS update_addr;
#define WOLFBOOT_PARTITION_BOOT_ADDRESS (kernel_addr)
#define WOLFBOOT_PARTITION_UPDATE_ADDRESS (update_addr)
#define WOLFBOOT_PARTITION_SWAP_ADDRESS 0
#define WOLFBOOT_SECTOR_SIZE 0x1000
#define WOLFBOOT_PARTITION_SIZE (2 * 1024 * 1024 * 1024ULL)
#endif
#endif /* !H_TARGETS_TARGET_ */

15
include/wolfboot/wolfboot.h
View File

@ -102,6 +102,7 @@
#endif /* defined WOLFBOOT_SIGN_ECC256 || WOLFBOOT_SIGN_ED25519 */
#endif /* defined WOLFBOOT */
#ifdef WOLFBOOT_FIXED_PARTITIONS
#define PART_BOOT 0
#define PART_UPDATE 1
#define PART_SWAP 2
@ -110,6 +111,7 @@
#define PART_DTS (0x10)
#define PART_DTS_BOOT (PART_DTS | PART_BOOT)
#define PART_DTS_UPDATE (PART_DTS | PART_UPDATE)
#endif /* WOLFBOOT_FIXED_PARTITIONS */
#ifndef WOLFBOOT_FLAGS_INVERT
#define IMG_STATE_NEW 0xFF
@ -123,20 +125,27 @@
#define IMG_STATE_SUCCESS 0xFF
#endif
void wolfBoot_erase_partition(uint8_t part);
void wolfBoot_update_trigger(void);
void wolfBoot_success(void);
uint32_t wolfBoot_image_size(uint8_t *image);
uint32_t wolfBoot_get_blob_version(uint8_t *blob);
uint32_t wolfBoot_get_blob_type(uint8_t *blob);
uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob);
#ifdef WOLFBOOT_FIXED_PARTITIONS
void wolfBoot_erase_partition(uint8_t part);
uint32_t wolfBoot_get_image_version(uint8_t part);
uint16_t wolfBoot_get_image_type(uint8_t part);
uint32_t wolfBoot_get_diffbase_version(uint8_t part);
#define wolfBoot_current_firmware_version() wolfBoot_get_image_version(PART_BOOT)
#define wolfBoot_update_firmware_version() wolfBoot_get_image_version(PART_UPDATE)
uint32_t wolfBoot_get_diffbase_version(uint8_t part);
#endif
int wolfBoot_fallback_is_possible(void);
int wolfBoot_dualboot_candidate(void);
int wolfBoot_dualboot_candidate_addr(void**);
/* Hashing function configuration */
#if defined(WOLFBOOT_HASH_SHA256)
# define WOLFBOOT_SHA_BLOCK_SIZE (256)

4
options.mk
View File

@ -375,6 +375,10 @@ ifeq ($(HASH),SHA384)
endif
endif
ifeq ($(WOLFBOOT_NO_PARTITIONS),1)
CFLAGS+=-D"WOLFBOOT_NO_PARTITIONS"
endif
ifeq ($(HASH),SHA3)
WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o
CFLAGS+=-D"WOLFBOOT_HASH_SHA3_384"

3
src/delta.c
View File

@ -18,6 +18,7 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifdef DELTA_UPDATES
#include <stdint.h>
#include <string.h>
#include <delta.h>
@ -336,4 +337,4 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
return (p_off);
}
#endif /* DELTA_UPDATES */

41
src/image.c
View File

@ -732,9 +732,32 @@ uint32_t wolfBoot_image_size(uint8_t *image)
return im2n(*size);
}
int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
int wolfBoot_open_image_address(struct wolfBoot_image* img, uint8_t* image)
{
uint32_t *magic;
img->hdr = image;
magic = (uint32_t *)(image);
if (*magic != WOLFBOOT_MAGIC)
return -1;
img->fw_size = wolfBoot_image_size(image);
#ifdef WOLFBOOT_FIXED_PARTITIONS
if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) {
img->fw_size = 0;
return -1;
}
img->trailer = img->hdr + WOLFBOOT_PARTITION_SIZE;
#endif
img->hdr_ok = 1;
img->fw_base = img->hdr + IMAGE_HEADER_SIZE;
return 0;
}
#ifdef WOLFBOOT_FIXED_PARTITIONS
int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
{
uint32_t *size;
uint8_t *image;
if (!img)
@ -789,19 +812,9 @@ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
else
image = (uint8_t *)img->hdr;
magic = (uint32_t *)(image);
if (*magic != WOLFBOOT_MAGIC)
return -1;
img->fw_size = wolfBoot_image_size(image);
if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) {
img->fw_size = 0;
return -1;
}
img->hdr_ok = 1;
img->fw_base = img->hdr + IMAGE_HEADER_SIZE;
img->trailer = img->hdr + WOLFBOOT_PARTITION_SIZE;
return 0;
return wolfBoot_open_image_address(img, image);
}
#endif /* WOLFBOOT_FIXED_PARTITIONS */
int wolfBoot_verify_integrity(struct wolfBoot_image *img)
{
@ -811,7 +824,7 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img)
if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE)
return -1;
if (image_hash(img, digest) != 0)
return -1;
return -1;
#if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT)
/*
* TPM measurement must be performed regardless of the

257
src/libwolfboot.c
View File

@ -20,14 +20,15 @@
*/
#include <stdint.h>
#include <inttypes.h>
#include "hal.h"
#include "wolfboot/wolfboot.h"
#include "image.h"
#ifdef UNIT_TEST
# define unit_dbg printf
# include "printf.h"
# define unit_dbg wolfBoot_printf
#else
# define unit_dbg(...) do{}while(0)
#endif
@ -199,6 +200,19 @@ static void RAMFUNCTION set_partition_magic(uint8_t part)
}
}
}
#elif !defined(WOLFBOOT_FIXED_PARTITIONS)
static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at)
{
return 0;
}
static void RAMFUNCTION set_trailer_at(uint8_t part, uint32_t at, uint8_t val)
{
return;
}
static void RAMFUNCTION set_partition_magic(uint8_t part)
{
return;
}
#else
static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at)
@ -207,8 +221,9 @@ static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at)
return (void *)(PART_BOOT_ENDFLAGS - (sizeof(uint32_t) + at));
else if (part == PART_UPDATE) {
return (void *)(PART_UPDATE_ENDFLAGS - (sizeof(uint32_t) + at));
} else
return NULL;
}
return NULL;
}
static void RAMFUNCTION set_trailer_at(uint8_t part, uint32_t at, uint8_t val)
@ -234,6 +249,7 @@ static void RAMFUNCTION set_partition_magic(uint8_t part)
#ifdef WOLFBOOT_FIXED_PARTITIONS
static uint32_t* RAMFUNCTION get_partition_magic(uint8_t part)
{
return (uint32_t *)get_trailer_at(part, 0);
@ -322,33 +338,32 @@ int wolfBoot_get_update_sector_flag(uint16_t sector, uint8_t *flag)
return 0;
}
void RAMFUNCTION wolfBoot_erase_partition(uint8_t part)
{
uint32_t address = 0;
int size = 0;
if (part == PART_BOOT) {
if (PARTN_IS_EXT(PART_BOOT)) {
ext_flash_unlock();
ext_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE);
ext_flash_lock();
} else {
hal_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE);
}
address = WOLFBOOT_PARTITION_BOOT_ADDRESS;
size = WOLFBOOT_PARTITION_SIZE;
}
if (part == PART_UPDATE) {
if (PARTN_IS_EXT(PART_UPDATE)) {
ext_flash_unlock();
ext_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE);
ext_flash_lock();
} else {
hal_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE);
}
address = WOLFBOOT_PARTITION_UPDATE_ADDRESS;
size = WOLFBOOT_PARTITION_SIZE;
}
if (part == PART_SWAP) {
if (PARTN_IS_EXT(PART_SWAP)) {
address = WOLFBOOT_PARTITION_SWAP_ADDRESS;
size = WOLFBOOT_SECTOR_SIZE;
}
if (size > 0) {
if (PARTN_IS_EXT(part)) {
ext_flash_unlock();
ext_flash_erase(WOLFBOOT_PARTITION_SWAP_ADDRESS, WOLFBOOT_SECTOR_SIZE);
ext_flash_erase(address, size);
ext_flash_lock();
} else {
hal_flash_erase(WOLFBOOT_PARTITION_SWAP_ADDRESS, WOLFBOOT_SECTOR_SIZE);
hal_flash_erase(address, size);
}
}
}
@ -396,6 +411,7 @@ void RAMFUNCTION wolfBoot_success(void)
wolfBoot_erase_encrypt_key();
#endif
}
#endif /* WOLFBOOT_FIXED_PARTITIONS */
uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
{
@ -425,6 +441,7 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
len = p[2] | (p[3] << 8);
if ((4 + len) > (uint16_t)(IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET)) {
unit_dbg("This field is too large (bigger than the space available in the current header)\n");
unit_dbg("%d %d %d\n", len, IMAGE_HEADER_SIZE, IMAGE_HEADER_OFFSET);
break;
}
if (p + 4 + len > max_p) {
@ -522,6 +539,7 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob)
{
uint32_t *version_field = NULL;
uint32_t *magic = NULL;
magic = (uint32_t *)blob;
if (*magic != WOLFBOOT_MAGIC)
return 0;
@ -532,37 +550,22 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob)
return 0;
}
uint32_t wolfBoot_get_image_version(uint8_t part)
uint32_t wolfBoot_get_blob_type(uint8_t *blob)
{
uint8_t *image = (uint8_t *)0x00000000;
if(part == PART_UPDATE) {
if (PARTN_IS_EXT(PART_UPDATE))
{
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS;
}
} else if (part == PART_BOOT) {
if (PARTN_IS_EXT(PART_BOOT)) {
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS;
}
}
/* Don't check image against NULL to allow using address 0x00000000 */
return wolfBoot_get_blob_version(image);
uint32_t *type_field = NULL;
uint32_t *magic = NULL;
magic = (uint32_t *)blob;
if (*magic != WOLFBOOT_MAGIC)
return 0;
if (wolfBoot_find_header(blob + IMAGE_HEADER_OFFSET, HDR_IMG_TYPE, (void *)&type_field) == 0)
return 0;
if (type_field)
return im2ns(*type_field);
return 0;
}
static uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob)
uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob)
{
uint32_t *delta_base = NULL;
uint32_t *magic = NULL;
@ -576,87 +579,57 @@ static uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob)
return 0;
}
#ifdef WOLFBOOT_FIXED_PARTITIONS
static uint8_t* wolfBoot_get_image_from_part(uint8_t part) {
uint8_t *image = (uint8_t *)0x00000000;
if(part == PART_UPDATE) {
image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS;
} else if (part == PART_BOOT) {
image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS;
}
#ifdef EXT_FLASH
if (PARTN_IS_EXT(part))
{
ext_flash_check_read((uintptr_t)image, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
}
#endif
return image;
}
uint32_t wolfBoot_get_image_version(uint8_t part)
{
/* Don't check image against NULL to allow using address 0x00000000 */
return wolfBoot_get_blob_version(wolfBoot_get_image_from_part(part));
}
uint32_t wolfBoot_get_diffbase_version(uint8_t part)
{
uint8_t *image = (uint8_t *)0x00000000;
if(part == PART_UPDATE) {
if (PARTN_IS_EXT(PART_UPDATE))
{
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS;
}
} else if (part == PART_BOOT) {
if (PARTN_IS_EXT(PART_BOOT)) {
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS;
}
}
/* Don't check image against NULL to allow using address 0x00000000 */
return wolfBoot_get_blob_diffbase_version(image);
return wolfBoot_get_blob_diffbase_version(wolfBoot_get_image_from_part(part));
}
uint16_t wolfBoot_get_image_type(uint8_t part)
{
uint16_t *type_field = NULL;
uint8_t *image = NULL;
uint32_t *magic = NULL;
if(part == PART_UPDATE) {
if (PARTN_IS_EXT(PART_UPDATE))
{
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS;
}
} else if (part == PART_BOOT) {
if (PARTN_IS_EXT(PART_BOOT)) {
#ifdef EXT_FLASH
ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE);
hdr_cpy_done = 1;
image = hdr_cpy;
#endif
} else {
image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS;
}
}
uint8_t *image = wolfBoot_get_image_from_part(part);
if (image) {
magic = (uint32_t *)image;
if (*magic != WOLFBOOT_MAGIC)
return 0;
if (wolfBoot_find_header(image + IMAGE_HEADER_OFFSET, HDR_IMG_TYPE, (void *)&type_field) == 0)
return 0;
if (type_field)
return im2ns(*type_field);
return wolfBoot_get_blob_type(image);
}
return 0;
}
#endif /* WOLFBOOT_FIXED_PARTITIONS */
#if defined(ARCH_AARCH64) || defined(DUALBANK_SWAP) || defined(PLATFORM_X86_64_EFI)
#if defined(WOLFBOOT_DUALBOOT)
int wolfBoot_fallback_is_possible(void)
{
uint32_t boot_v, update_v;
boot_v = wolfBoot_current_firmware_version();
update_v = wolfBoot_update_firmware_version();
if ((boot_v == 0) || (update_v == 0))
return 0;
return 1;
}
#if defined(WOLFBOOT_FIXED_PARTITIONS)
int wolfBoot_dualboot_candidate(void)
{
@ -691,14 +664,57 @@ int wolfBoot_dualboot_candidate(void)
return candidate;
}
#else
int wolfBoot_dualboot_candidate(void) { return 0; }
static int wolfBoot_current_firmware_version()
{
return wolfBoot_get_blob_version(hal_get_primary_address());
}
static int wolfBoot_update_firmware_version() {
return wolfBoot_get_blob_version(hal_get_update_address());
}
int wolfBoot_dualboot_candidate_addr(void** addr)
{
int fallback_possible = 0;
uint32_t boot_v, update_v;
uint8_t p_state;
int retval = 0;
/* Find the candidate */
boot_v = wolfBoot_current_firmware_version();
update_v = wolfBoot_update_firmware_version();
/* -1 means no images available */
if ((boot_v == 0) && (update_v == 0))
return -1;
*addr = hal_get_primary_address();
if (boot_v == 0) { /* No primary image */
retval = 1;
*addr = hal_get_update_address();
}
else if ((boot_v > 0) && (update_v > 0)) {
fallback_possible = 1;
if (update_v > boot_v) {
retval = 1;
*addr = hal_get_update_address();
}
}
return retval;
}
#endif /* WOLFBOOT_FIXED_PARTITIONS */
int wolfBoot_fallback_is_possible(void)
{
if (wolfBoot_update_firmware_version() > 0)
return 1;
return 0;
uint32_t boot_v, update_v;
boot_v = wolfBoot_current_firmware_version();
update_v = wolfBoot_update_firmware_version();
if ((boot_v == 0) || (update_v == 0))
return 0;
return 1;
}
#endif /* ARCH_AARCH64 || DUALBANK_SWAP */
#endif /* WOLFBOOT_DUALBOOT */
#ifdef EXT_ENCRYPTED
#include "encrypt.h"
@ -981,4 +997,3 @@ int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len)
#endif
#endif /* EXT_ENCRYPTED */

37
src/update_ram.c
View File

@ -39,14 +39,20 @@
extern void hal_flash_dualbank_swap(void);
static inline void boot_panic(void)
{
while(1)
;
}
void RAMFUNCTION wolfBoot_start(void)
{
int active, ret = 0;
struct wolfBoot_image os_image;
#ifdef PLATFORM_X86_64_EFI
uint32_t* load_address = (uint32_t*)kernel_addr;
#else
#ifdef WOLFBOOT_FIXED_PARTITIONS
uint32_t* load_address = (uint32_t*)WOLFBOOT_LOAD_ADDRESS;
#else
uint32_t* load_address = hal_get_primary_address();
#endif
uint8_t* image_ptr;
@ -55,18 +61,19 @@ void RAMFUNCTION wolfBoot_start(void)
uint32_t* dts_address = NULL;
#endif
#ifdef WOLFBOOT_FIXED_PARTITIONS
active = wolfBoot_dualboot_candidate();
#else
active = wolfBoot_dualboot_candidate_addr((void**)&load_address);
#endif
wolfBoot_printf("Active Part %d\n", active);
if (active < 0) /* panic if no images available */
wolfBoot_panic();
#ifdef PLATFORM_X86_64_EFI
if (active == 1)
load_address = (uint32_t *)update_addr;
#endif
wolfBoot_printf("Active Part %x\n", load_address);
#ifdef WOLFBOOT_FIXED_PARTITIONS
/* Check current status for failure (image still in TESTING), and fall-back
* if an alternative is available
*/
@ -76,13 +83,15 @@ void RAMFUNCTION wolfBoot_start(void)
{
active ^= 1; /* switch to other partition if available */
}
#endif
wolfBoot_printf("Active Part %d %x\n", active, load_address);
for (;;) {
if (((ret = wolfBoot_open_image(&os_image, active)) < 0) ||
if (((ret = wolfBoot_open_image_address(&os_image, (uint8_t*)load_address)) < 0) ||
((ret = wolfBoot_verify_integrity(&os_image) < 0)) ||
((ret = wolfBoot_verify_authenticity(&os_image)) < 0)) {
wolfBoot_printf("Failure %d: Part %d, Hdr %d, Hash %d, Sig %d\n", ret,
wolfBoot_printf("Failure %d: Part %d, Hdr %d, Hash %d, Sig %d\n", ret,
active, os_image.hdr_ok, os_image.sha_ok, os_image.signature_ok);
/* panic if authentication fails and no backup */
@ -105,6 +114,7 @@ void RAMFUNCTION wolfBoot_start(void)
/* First time we boot this update, set to TESTING to await
* confirmation from the system
*/
#ifdef WOLFBOOT_FIXED_PARTITIONS
if ((wolfBoot_get_partition_state(active, &p_state) == 0) &&
(p_state == IMG_STATE_UPDATING))
{
@ -112,6 +122,7 @@ void RAMFUNCTION wolfBoot_start(void)
wolfBoot_set_partition_state(active, IMG_STATE_TESTING);
hal_flash_lock();
}
#endif
/* Check for U-Boot Legacy format image header */
image_ptr = wolfBoot_peek_image(&os_image, 0, NULL);
@ -130,7 +141,7 @@ void RAMFUNCTION wolfBoot_start(void)
if (PART_IS_EXT(&os_image)) {
wolfBoot_printf("Loading %d to RAM at %08lx\n", os_image.fw_size, load_address);
ext_flash_read((uintptr_t)os_image.fw_base,
ext_flash_read((uintptr_t)os_image.fw_base,
(uint8_t*)load_address,
os_image.fw_size);
}
@ -146,7 +157,7 @@ void RAMFUNCTION wolfBoot_start(void)
if (PART_IS_EXT(&os_image)) {
wolfBoot_printf("Loading DTS %d to RAM at %08lx\n", os_image.fw_size, dts_address);
ext_flash_read((uintptr_t)os_image.fw_base,
ext_flash_read((uintptr_t)os_image.fw_base,
(uint8_t*)dts_address,
os_image.fw_size);
}
@ -154,7 +165,7 @@ void RAMFUNCTION wolfBoot_start(void)
}
#endif
wolfBoot_printf("Booting at %08lx\n", load_address);
hal_prepare_boot();

17
tools/keytools/sign.c
View File

@ -180,8 +180,9 @@ static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag,
/* Globals */
#ifdef DELTA_UPDATES
static const char wolfboot_delta_file[] = "/tmp/wolfboot-delta.bin";
#endif
static union {
#ifdef HAVE_ED25519
@ -931,6 +932,7 @@ static int make_header(uint8_t *pubkey, uint32_t pubkey_sz,
return make_header_ex(0, pubkey, pubkey_sz, image_file, outfile, 0, 0, 0, 0);
}
#ifdef DELTA_UPDATES
static int make_header_delta(uint8_t *pubkey, uint32_t pubkey_sz,
const char *image_file, const char *outfile,
uint32_t delta_base_version, uint16_t patch_len,
@ -1154,6 +1156,7 @@ cleanup:
return ret;
}
#endif /* DELTA_UPDATES */
static const char Hashes_str[] = "[--sha256 | --sha384 | --sha3]";
static const char Enc_str[] = "[--chacha | --aes128 | --aes256]";
@ -1181,7 +1184,10 @@ int main(int argc, char** argv)
/* Check arguments and print usage */
if (argc < 4 || argc > 10) {
printf("Usage: %s %s %s [--wolfboot-update] [--encrypt enc_key.bin] %s"
" [--delta image_vX_signed.bin] image key.der fw_version\n",
#ifdef DELTA_UPDATES
" [--delta image_vX_signed.bin] "
#endif
"image key.der fw_version\n",
argv[0], Hashes_str, Sign_algo_str, Enc_str);
printf(" - or - \n");
printf(" %s %s [--wolfboot-update] image pub_key.der fw_version\n",
@ -1270,10 +1276,12 @@ int main(int argc, char** argv)
else if (strcmp(argv[i], "--chacha") == 0) {
CMD.encrypt = ENC_CHACHA;
}
#ifdef DELTA_UPDATES
else if (strcmp(argv[i], "--delta") == 0) {
CMD.delta = 1;
CMD.delta_base_file = argv[++i];
}
#endif
else {
i--;
break;
@ -1315,6 +1323,7 @@ int main(int argc, char** argv)
if (CMD.sign != NO_SIGN) {
printf("Public key: %s\n", CMD.key_file);
}
#ifdef DELTA_UPDATES
if (CMD.delta) {
printf("Delta Base file: %s\n", CMD.delta_base_file);
snprintf(CMD.output_diff_file, sizeof(CMD.output_image_file),
@ -1322,6 +1331,7 @@ int main(int argc, char** argv)
(char*)buf, CMD.fw_version);
}
#endif
printf("Output %6s: %s\n", CMD.sha_only ? "digest" : "image",
CMD.output_image_file);
if (CMD.encrypt) {
@ -1382,9 +1392,12 @@ int main(int argc, char** argv)
} /* CMD.sign != NO_SIGN */
make_header(pubkey, pubkey_sz, CMD.image_file, CMD.output_image_file);
#ifdef DELTA_UPDATES
if (CMD.delta) {
ret = base_diff(CMD.delta_base_file, pubkey, pubkey_sz);
}
#endif
if (kbuf)
free(kbuf);
if (CMD.sign == SIGN_ED25519) {

2
tools/test.mk
View File

@ -17,6 +17,8 @@ else
endif
endif
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign)","")
SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign
else