diff --git a/Makefile b/Makefile index 891fe0a4..10b5ceef 100644 --- a/Makefile +++ b/Makefile @@ -16,15 +16,18 @@ LDFLAGS:= LD_START_GROUP:=-Wl,--start-group LD_END_GROUP:=-Wl,--end-group +V?=0 + OBJS:= \ ./hal/$(TARGET).o \ -./src/loader.o \ ./src/string.o \ ./src/image.o \ ./src/libwolfboot.o WOLFCRYPT_OBJS:= PUBLIC_KEY_OBJS:= -UPDATE_OBJS:= +ifneq ("$(NO_LOADER)","1") + OBJS+=./src/loader.o +endif ## Architecture/CPU configuration include arch.mk @@ -39,12 +42,10 @@ CFLAGS+= \ -D"PLATFORM_$(TARGET)" # Setup default optimizations (for GCC) -ifneq ($(TARGET),x86_64_efi) - ifeq ($(USE_GCC),1) - CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles - CFLAGS+=-ffunction-sections -fdata-sections - LDFLAGS+=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles - endif +ifeq ($(USE_GCC_HEADLESS),1) + CFLAGS+=-Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles + CFLAGS+=-ffunction-sections -fdata-sections + LDFLAGS+=-T $(LSCRIPT) -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles endif MAIN_TARGET=factory.bin @@ -63,12 +64,18 @@ ifeq ($(TARGET),x86_64_efi) MAIN_TARGET:=wolfboot.efi endif -ASFLAGS:=$(CFLAGS) +ifeq ($(TARGET),library) + CFLAGS+=-g + MAIN_TARGET:=test-lib +endif BOOTLOADER_PARTITION_SIZE?=$$(( $(WOLFBOOT_PARTITION_BOOT_ADDRESS) - $(ARCH_FLASH_OFFSET))) all: $(MAIN_TARGET) +test-lib: $(OBJS) + $(Q)$(CC) $(CFLAGS) -o $@ $^ + wolfboot.efi: wolfboot.elf @echo "\t[BIN] $@" $(Q)$(OBJCOPY) -j .text -j .sdata -j .data \ @@ -106,20 +113,17 @@ include tools/test-enc.mk include tools/test-delta.mk include tools/test-renode.mk -ed25519.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ed25519_pub_key.c -ed448.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ed448_pub_key.c -ecc256.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc256_pub_key.c -ecc384.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc384_pub_key.c -ecc521.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/ecc521_pub_key.c -rsa2048.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa2048_pub_key.c -rsa4096.der: - $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/rsa4096_pub_key.c +PYTHON?=python3 +keytools_check: + $(Q)(test -x "$(KEYGEN_TOOL)") || \ + ($(PYTHON) -c "import wolfcrypt" > /dev/null 2>&1) || \ + (echo "ERROR: Key tool unavailable '$(KEYGEN_TOOL)'.\n"\ + "Run 'make keytools' or install wolfcrypt 'pip3 install wolfcrypt'" && false) + + +%.der: + $(Q)$(MAKE) keytools_check + $(Q)$(KEYGEN_TOOL) $(KEYGEN_OPTIONS) src/$(@:.der=)_pub_key.c keytools: @make -C tools/keytools clean @@ -222,4 +226,4 @@ check_config: FORCE: -.PHONY: FORCE clean +.PHONY: FORCE clean keytool_check diff --git a/arch.mk b/arch.mk index a5babb8e..d3266d4b 100644 --- a/arch.mk +++ b/arch.mk @@ -1,6 +1,4 @@ ## CPU Architecture selection via $ARCH -UPDATE_OBJS:=./src/update_flash.o - # check for FASTMATH or SP_MATH ifeq ($(SPMATH),1) @@ -341,8 +339,8 @@ endif CFLAGS+=-DARCH_FLASH_OFFSET=$(ARCH_FLASH_OFFSET) - USE_GCC?=1 +USE_GCC_HEADLESS?=1 ifeq ($(USE_GCC),1) ## Toolchain setup CC=$(CROSS_COMPILE)gcc @@ -355,12 +353,14 @@ endif ifeq ($(TARGET),x86_64_efi) + USE_GCC_HEADLESS=0 GNU_EFI_LIB_PATH?=/usr/lib GNU_EFI_CRT0=$(GNU_EFI_LIB_PATH)/crt0-efi-x86_64.o GNU_EFI_LSCRIPT=$(GNU_EFI_LIB_PATH)/elf_x86_64_efi.lds CFLAGS += -fpic -ffreestanding -fno-stack-protector -fno-stack-check \ -fshort-wchar -mno-red-zone -maccumulate-outgoing-args - CFLAGS += -I/usr/include/efi -I/usr/include/efi/x86_64 -DPLATFORM_X86_64_EFI + CFLAGS += -I/usr/include/efi -I/usr/include/efi/x86_64 \ + -DPLATFORM_X86_64_EFI -DWOLFBOOT_DUALBOOT LDFLAGS = -shared -Bsymbolic -L/usr/lib -T$(GNU_EFI_LSCRIPT) LD_START_GROUP = $(GNU_EFI_CRT0) LD_END_GROUP = -lgnuefi -lefi @@ -372,13 +372,19 @@ BOOT_IMG?=test-app/image.bin ## Update mechanism ifeq ($(ARCH),AARCH64) - CFLAGS+=-DMMU + CFLAGS+=-DMMU -DWOLFBOOT_DUALBOOT UPDATE_OBJS:=src/update_ram.o endif ifeq ($(DUALBANK_SWAP),1) + CFLAGS+=-DWOLFBOOT_DUALBOOT UPDATE_OBJS:=src/update_flash_hwswap.o endif +ifeq ("$(UPDATE_OBJS)","") + UPDATE_OBJS:=./src/update_flash.o +endif + + ## Debug ifeq ($(DEBUG),1) WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/logging.o diff --git a/config/examples/library.config b/config/examples/library.config new file mode 100644 index 00000000..aea1921c --- /dev/null +++ b/config/examples/library.config @@ -0,0 +1,12 @@ +ARCH= +NO_LOADER=1 +USE_GCC_HEADLESS=0 +# ends up double including this to work around defaulting to update_flash +UPDATE_OBJS:=hal/library.o +TARGET=library +WOLFBOOT_SMALL_STACK=1 +SIGN?=ED25519 +HASH?=SHA256 +IMAGE_HEADER_SIZE?=0x100 +DEBUG=0 +SPMATH=0 diff --git a/config/examples/x86_64_efi.config b/config/examples/x86_64_efi.config index 6308f201..fde04385 100644 --- a/config/examples/x86_64_efi.config +++ b/config/examples/x86_64_efi.config @@ -7,3 +7,4 @@ DEBUG=1 SPMATH=0 # required for keytools WOLFBOOT_SECTOR_SIZE?=0x1000 +WOLFBOOT_NO_PARTITIONS=1 \ No newline at end of file diff --git a/docs/Signing.md b/docs/Signing.md index bfb446da..d5dadb83 100644 --- a/docs/Signing.md +++ b/docs/Signing.md @@ -98,6 +98,7 @@ openssl rsautl -sign -keyform der -inkey rsa2048.der -in test-app/image_v1_diges # OR python3 ./tools/keytools/sign.py --rsa2048 --sha256 --manual-sign test-app/image.bin rsa4096_pub.der 1 test-app/image_v1.sig -# Combine into factory image -cat wolfboot-align.bin test-app/image_v1_signed.bin > factory.bin +# Combine into factory image (0xc0000 is the WOLFBOOT_PARTITION_BOOT_ADDRESS) +tools/bin-assemble/bin-assemble factory.bin 0x0 wolfboot.bin \ + 0xc0000 test-app/image_v1_signed.bin ``` diff --git a/docs/Targets.md b/docs/Targets.md index d6cd7f77..1c811473 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -815,7 +815,7 @@ cd $wolfboot_dir ``` cp config/examples/raspi3.config .config -make wolfboot-align.bin +make wolfboot.bin ``` * Sign Image @@ -826,7 +826,8 @@ tools/keytools/sign.py --rsa4096 --sha3 Image rsa4096.der 1 * Compose the image ``` -cat wolfboot-align.bin Image_v1_signed.bin >wolfboot_linux_raspi.bin +tools/bin-assemble/bin-assemble wolfboot_linux_raspi.bin 0x0 wolfboot.bin \ + 0xc0000 Image_v1_signed.bin dd if=bcm2710-rpi-3-b.dtb of=wolfboot_linux_raspi.bin bs=1 seek=128K conv=notrunc ``` diff --git a/docs/lib.md b/docs/lib.md new file mode 100644 index 00000000..bd3515f4 --- /dev/null +++ b/docs/lib.md @@ -0,0 +1,31 @@ +``` +ln -s config/examples/library.config .config +``` + + +``` +cat > include/target.h << EOF +#ifndef H_TARGETS_TARGET_ +#define H_TARGETS_TARGET_ + +#define WOLFBOOT_NO_PARTITIONS + +#define WOLFBOOT_SECTOR_SIZE 0x20000 +#define WOLFBOOT_PARTITION_SIZE 0x20000 + +#endif /* !H_TARGETS_TARGET_ */ + +EOF +``` + +``` +touch empty +make keytools +./tools/keytools/keygen --ed25519 src/ed25519_pub_key.c +./tools/keytools/sign --ed25519 --sha256 empty ed25519.der 1 +``` + +``` +make test-lib +./test-lib empty_v1_signed.bin +``` diff --git a/hal/library.c b/hal/library.c new file mode 100644 index 00000000..0970a508 --- /dev/null +++ b/hal/library.c @@ -0,0 +1,167 @@ +/* library.c + * + * Copyright (C) 2022 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include +#include + +#if 1 /* for desktop testing */ + #define HAVE_UNISTD_H + #define PRINTF_ENABLED +#else /* restricted build */ + #define NO_FILESYSTEM +#endif + +#ifdef HAVE_UNISTD_H + #include + #define exit _exit +#else + #define exit(x) while(1) ; +#endif + +#include "image.h" +#include "printf.h" + +void hal_init(void) { + return; +} +int hal_flash_write(uint32_t address, const uint8_t *data, int len) { + return 0; +} +int hal_flash_erase(uint32_t address, int len) { + return 0; +} +void hal_flash_unlock(void) { + return; +} +void hal_flash_lock(void) { + return; +} +void hal_prepare_boot(void) { + return; +} + +int do_boot(uint32_t* v) { + wolfBoot_printf("booting %p" +#ifdef HAVE_UNISTD_H + "(actually exiting)" +#else + "(actually spin loop)" +#endif + "\n", v); + exit(0); +} + +uintptr_t gImage; +uint8_t test_img[] = { + 0x57, 0x4F, 0x4C, 0x46, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x04, 0x00, 0x01, + 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0x02, 0x00, 0x08, 0x00, 0x1E, 0xBC, + 0x0E, 0x62, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x01, 0x01, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x03, 0x00, 0x20, 0x00, 0x08, 0xF9, 0x46, 0x2E, + 0x0F, 0x70, 0x33, 0x38, 0xAC, 0x19, 0xFF, 0x82, 0xC8, 0xAC, 0xD6, 0x9A, 0xF9, + 0xB2, 0x1F, 0xED, 0x60, 0x3F, 0x68, 0x7B, 0x85, 0xDB, 0x46, 0x8B, 0x3A, 0x7E, + 0x65, 0xE0, 0x10, 0x00, 0x20, 0x00, 0x02, 0x45, 0x14, 0xB0, 0x5A, 0x37, 0x95, + 0x3E, 0x17, 0x49, 0xAD, 0x75, 0xE7, 0x71, 0xD5, 0x65, 0xBB, 0x78, 0x7F, 0xFA, + 0xF6, 0x31, 0x4F, 0x63, 0xF9, 0x20, 0x3D, 0xA1, 0x56, 0xB2, 0x71, 0x7C, 0x20, + 0x00, 0x40, 0x00, 0xC6, 0x7A, 0xEB, 0x04, 0xB1, 0xB8, 0x82, 0xE7, 0x97, 0xD8, + 0x00, 0x80, 0x1D, 0x93, 0xA9, 0x80, 0x37, 0xE0, 0x63, 0x7F, 0x78, 0x15, 0xD8, + 0xD1, 0x22, 0xD6, 0x75, 0x0B, 0x04, 0xE9, 0x71, 0x12, 0xB7, 0x09, 0x32, 0xBC, + 0xB7, 0xFC, 0xA1, 0x9D, 0x32, 0xC0, 0x7D, 0xDB, 0x63, 0xE2, 0x12, 0xF2, 0xE2, + 0x41, 0xF4, 0x15, 0x7A, 0x38, 0xB5, 0xCD, 0xAA, 0x01, 0xB3, 0x5E, 0xF2, 0xCC, + 0xD9, 0x02, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, +}; + + +int wolfBoot_start(void) +{ + struct wolfBoot_image os_image; + int ret = 0; + + os_image.hdr = (uint8_t*)gImage; + + if ((ret = wolfBoot_open_image_address(&os_image, (uint8_t*)gImage)) < 0 ) { + goto exit; + } + + if ((ret = wolfBoot_verify_integrity(&os_image)) < 0) { + goto exit; + } + + if ((ret = wolfBoot_verify_authenticity(&os_image)) < 0) { + goto exit; + } + + wolfBoot_printf("Firmware Valid\n"); + + do_boot((uint32_t*)os_image.fw_base); + + exit: + if (ret < 0) { + wolfBoot_printf("Failure %d: Hdr %d, Hash %d, Sig %d\n", ret, + os_image.hdr_ok, os_image.sha_ok, os_image.signature_ok); + } + + return 0; +} + + +int main(int argc, const char* argv[]) +{ + int ret = 0; + +#ifdef NO_FILESYSTEM + gImage = (uintptr_t)test_img; +#else + if (argc > 1) { + size_t sz = 0; + FILE* img = fopen(argv[1], "rb"); + fseek(img, 0, SEEK_END); + sz = ftell(img); + fseek(img, 0, SEEK_SET); + + gImage = (uintptr_t)malloc(sz); + if (((void*)gImage) == NULL) { + wolfBoot_printf("failed to malloc %zu bytes for image\n", sz); + ret = -1; + } + + size_t bread = fread((void*)gImage, 1, sz, img); + if (bread != sz) { + ret = -2; + wolfBoot_printf("read %zu of %zu bytes from %s\n", bread, sz, argv[1]); + } + fclose(img); + } +#endif + + ret = wolfBoot_start(); + +#ifndef NO_FILESYSTEM + free((void*)gImage); +#endif + return ret; +} diff --git a/hal/x86_64_efi.c b/hal/x86_64_efi.c index 06b38dfb..68bdfbac 100644 --- a/hal/x86_64_efi.c +++ b/hal/x86_64_efi.c @@ -70,17 +70,28 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len) return 0; } +void* hal_get_primary_address(void) +{ + return (void*)kernel_addr; +} +void* hal_get_update_address(void) +{ + return (void*)update_addr; +} + + static void panic() { while(1) {} } -void RAMFUNCTION x86_64_efi_do_boot(uint8_t *kernel) +void RAMFUNCTION x86_64_efi_do_boot(uint32_t *kernel_addr) { MEMMAP_DEVICE_PATH mem_path_device[2]; EFI_HANDLE kernelImageHandle; EFI_STATUS status; uint32_t *size; + uint8_t* kernel = (uint8_t*)kernel_addr; size = (uint32_t *)(kernel + 4); kernel += IMAGE_HEADER_SIZE; diff --git a/include/hal.h b/include/hal.h index 8e33adfb..1e4d902b 100644 --- a/include/hal.h +++ b/include/hal.h @@ -24,7 +24,6 @@ #ifndef H_HAL_ #define H_HAL_ -#include #include "target.h" @@ -48,6 +47,11 @@ void hal_prepare_boot(void); void hal_flash_dualbank_swap(void); #endif +#ifdef WOLFBOOT_DUALBOOT + void* hal_get_primary_address(void); + void* hal_get_update_address(void); +#endif + #ifndef SPI_FLASH /* user supplied external flash interfaces */ int ext_flash_write(uintptr_t address, const uint8_t *data, int len); diff --git a/include/image.h b/include/image.h index bea52e9b..38375466 100644 --- a/include/image.h +++ b/include/image.h @@ -497,6 +497,7 @@ static void wolfBoot_image_confirm_signature_ok(struct wolfBoot_image *img) /* Defined in image.c */ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part); +int wolfBoot_open_image_address(struct wolfBoot_image* img, uint8_t* image); int wolfBoot_verify_integrity(struct wolfBoot_image *img); int wolfBoot_verify_authenticity(struct wolfBoot_image *img); int wolfBoot_get_partition_state(uint8_t part, uint8_t *st); diff --git a/include/printf.h b/include/printf.h index 6293e878..a7c231ec 100644 --- a/include/printf.h +++ b/include/printf.h @@ -38,6 +38,8 @@ # include "xil_printf.h" # define wolfBoot_printf(_f_, ...) xil_printf(_f_, ##__VA_ARGS__) # elif defined(WOLFBOOT_DEBUG_EFI) +# include "efi/efi.h" +# include "efi/efilib.h" /* NOTE: %s arguments will not work as EFI uses widechar string */ # define wolfBoot_printf(_f_, ...) Print(L##_f_, ##__VA_ARGS__) # else diff --git a/include/target.h.in b/include/target.h.in index bfdabd6b..30b447c1 100644 --- a/include/target.h.in +++ b/include/target.h.in @@ -27,7 +27,11 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ -#ifndef PLATFORM_X86_64_EFI +#ifndef WOLFBOOT_NO_PARTITIONS +# define WOLFBOOT_FIXED_PARTITIONS +#endif + +#ifdef WOLFBOOT_FIXED_PARTITIONS #define WOLFBOOT_SECTOR_SIZE ##WOLFBOOT_SECTOR_SIZE## #define WOLFBOOT_PARTITION_BOOT_ADDRESS ##WOLFBOOT_PARTITION_BOOT_ADDRESS## #define WOLFBOOT_PARTITION_SIZE ##WOLFBOOT_PARTITION_SIZE## @@ -39,15 +43,6 @@ #define WOLFBOOT_DTS_UPDATE_ADDRESS ##WOLFBOOT_DTS_UPDATE_ADDRESS## #define WOLFBOOT_LOAD_ADDRESS ##WOLFBOOT_LOAD_ADDRESS## #define WOLFBOOT_LOAD_DTS_ADDRESS ##WOLFBOOT_LOAD_DTS_ADDRESS## -#else - #include "efi/efi.h" - extern EFI_PHYSICAL_ADDRESS kernel_addr; - extern EFI_PHYSICAL_ADDRESS update_addr; - #define WOLFBOOT_PARTITION_BOOT_ADDRESS (kernel_addr) - #define WOLFBOOT_PARTITION_UPDATE_ADDRESS (update_addr) - #define WOLFBOOT_PARTITION_SWAP_ADDRESS 0 - #define WOLFBOOT_SECTOR_SIZE 0x1000 - #define WOLFBOOT_PARTITION_SIZE (2 * 1024 * 1024 * 1024ULL) #endif #endif /* !H_TARGETS_TARGET_ */ diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 497177c8..5247d0ec 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -102,6 +102,7 @@ #endif /* defined WOLFBOOT_SIGN_ECC256 || WOLFBOOT_SIGN_ED25519 */ #endif /* defined WOLFBOOT */ +#ifdef WOLFBOOT_FIXED_PARTITIONS #define PART_BOOT 0 #define PART_UPDATE 1 #define PART_SWAP 2 @@ -110,6 +111,7 @@ #define PART_DTS (0x10) #define PART_DTS_BOOT (PART_DTS | PART_BOOT) #define PART_DTS_UPDATE (PART_DTS | PART_UPDATE) +#endif /* WOLFBOOT_FIXED_PARTITIONS */ #ifndef WOLFBOOT_FLAGS_INVERT #define IMG_STATE_NEW 0xFF @@ -123,20 +125,27 @@ #define IMG_STATE_SUCCESS 0xFF #endif - -void wolfBoot_erase_partition(uint8_t part); void wolfBoot_update_trigger(void); void wolfBoot_success(void); uint32_t wolfBoot_image_size(uint8_t *image); +uint32_t wolfBoot_get_blob_version(uint8_t *blob); +uint32_t wolfBoot_get_blob_type(uint8_t *blob); +uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob); + +#ifdef WOLFBOOT_FIXED_PARTITIONS +void wolfBoot_erase_partition(uint8_t part); uint32_t wolfBoot_get_image_version(uint8_t part); uint16_t wolfBoot_get_image_type(uint8_t part); +uint32_t wolfBoot_get_diffbase_version(uint8_t part); #define wolfBoot_current_firmware_version() wolfBoot_get_image_version(PART_BOOT) #define wolfBoot_update_firmware_version() wolfBoot_get_image_version(PART_UPDATE) -uint32_t wolfBoot_get_diffbase_version(uint8_t part); +#endif int wolfBoot_fallback_is_possible(void); int wolfBoot_dualboot_candidate(void); +int wolfBoot_dualboot_candidate_addr(void**); + /* Hashing function configuration */ #if defined(WOLFBOOT_HASH_SHA256) # define WOLFBOOT_SHA_BLOCK_SIZE (256) diff --git a/options.mk b/options.mk index 6babdf90..4f5a59a4 100644 --- a/options.mk +++ b/options.mk @@ -375,6 +375,10 @@ ifeq ($(HASH),SHA384) endif endif +ifeq ($(WOLFBOOT_NO_PARTITIONS),1) + CFLAGS+=-D"WOLFBOOT_NO_PARTITIONS" +endif + ifeq ($(HASH),SHA3) WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o CFLAGS+=-D"WOLFBOOT_HASH_SHA3_384" diff --git a/src/delta.c b/src/delta.c index 3acb3e12..7c9baad4 100644 --- a/src/delta.c +++ b/src/delta.c @@ -18,6 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +#ifdef DELTA_UPDATES #include #include #include @@ -336,4 +337,4 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) return (p_off); } - +#endif /* DELTA_UPDATES */ diff --git a/src/image.c b/src/image.c index ba3dcb2f..9130f216 100644 --- a/src/image.c +++ b/src/image.c @@ -732,9 +732,32 @@ uint32_t wolfBoot_image_size(uint8_t *image) return im2n(*size); } -int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part) +int wolfBoot_open_image_address(struct wolfBoot_image* img, uint8_t* image) { uint32_t *magic; + + img->hdr = image; + + magic = (uint32_t *)(image); + if (*magic != WOLFBOOT_MAGIC) + return -1; + img->fw_size = wolfBoot_image_size(image); +#ifdef WOLFBOOT_FIXED_PARTITIONS + if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) { + img->fw_size = 0; + return -1; + } + img->trailer = img->hdr + WOLFBOOT_PARTITION_SIZE; +#endif + img->hdr_ok = 1; + img->fw_base = img->hdr + IMAGE_HEADER_SIZE; + + return 0; +} + +#ifdef WOLFBOOT_FIXED_PARTITIONS +int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part) +{ uint32_t *size; uint8_t *image; if (!img) @@ -789,19 +812,9 @@ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part) else image = (uint8_t *)img->hdr; - magic = (uint32_t *)(image); - if (*magic != WOLFBOOT_MAGIC) - return -1; - img->fw_size = wolfBoot_image_size(image); - if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) { - img->fw_size = 0; - return -1; - } - img->hdr_ok = 1; - img->fw_base = img->hdr + IMAGE_HEADER_SIZE; - img->trailer = img->hdr + WOLFBOOT_PARTITION_SIZE; - return 0; + return wolfBoot_open_image_address(img, image); } +#endif /* WOLFBOOT_FIXED_PARTITIONS */ int wolfBoot_verify_integrity(struct wolfBoot_image *img) { @@ -811,7 +824,7 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img) if (stored_sha_len != WOLFBOOT_SHA_DIGEST_SIZE) return -1; if (image_hash(img, digest) != 0) - return -1; + return -1; #if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_MEASURED_BOOT) /* * TPM measurement must be performed regardless of the diff --git a/src/libwolfboot.c b/src/libwolfboot.c index adf7c35b..2969699a 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -20,14 +20,15 @@ */ #include -#include + #include "hal.h" #include "wolfboot/wolfboot.h" #include "image.h" #ifdef UNIT_TEST -# define unit_dbg printf +# include "printf.h" +# define unit_dbg wolfBoot_printf #else # define unit_dbg(...) do{}while(0) #endif @@ -199,6 +200,19 @@ static void RAMFUNCTION set_partition_magic(uint8_t part) } } } +#elif !defined(WOLFBOOT_FIXED_PARTITIONS) +static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at) +{ + return 0; +} +static void RAMFUNCTION set_trailer_at(uint8_t part, uint32_t at, uint8_t val) +{ + return; +} +static void RAMFUNCTION set_partition_magic(uint8_t part) +{ + return; +} #else static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at) @@ -207,8 +221,9 @@ static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at) return (void *)(PART_BOOT_ENDFLAGS - (sizeof(uint32_t) + at)); else if (part == PART_UPDATE) { return (void *)(PART_UPDATE_ENDFLAGS - (sizeof(uint32_t) + at)); - } else - return NULL; + } + + return NULL; } static void RAMFUNCTION set_trailer_at(uint8_t part, uint32_t at, uint8_t val) @@ -234,6 +249,7 @@ static void RAMFUNCTION set_partition_magic(uint8_t part) +#ifdef WOLFBOOT_FIXED_PARTITIONS static uint32_t* RAMFUNCTION get_partition_magic(uint8_t part) { return (uint32_t *)get_trailer_at(part, 0); @@ -322,33 +338,32 @@ int wolfBoot_get_update_sector_flag(uint16_t sector, uint8_t *flag) return 0; } + void RAMFUNCTION wolfBoot_erase_partition(uint8_t part) { + uint32_t address = 0; + int size = 0; + if (part == PART_BOOT) { - if (PARTN_IS_EXT(PART_BOOT)) { - ext_flash_unlock(); - ext_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE); - ext_flash_lock(); - } else { - hal_flash_erase(WOLFBOOT_PARTITION_BOOT_ADDRESS, WOLFBOOT_PARTITION_SIZE); - } + address = WOLFBOOT_PARTITION_BOOT_ADDRESS; + size = WOLFBOOT_PARTITION_SIZE; } if (part == PART_UPDATE) { - if (PARTN_IS_EXT(PART_UPDATE)) { - ext_flash_unlock(); - ext_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE); - ext_flash_lock(); - } else { - hal_flash_erase(WOLFBOOT_PARTITION_UPDATE_ADDRESS, WOLFBOOT_PARTITION_SIZE); - } + address = WOLFBOOT_PARTITION_UPDATE_ADDRESS; + size = WOLFBOOT_PARTITION_SIZE; } if (part == PART_SWAP) { - if (PARTN_IS_EXT(PART_SWAP)) { + address = WOLFBOOT_PARTITION_SWAP_ADDRESS; + size = WOLFBOOT_SECTOR_SIZE; + } + + if (size > 0) { + if (PARTN_IS_EXT(part)) { ext_flash_unlock(); - ext_flash_erase(WOLFBOOT_PARTITION_SWAP_ADDRESS, WOLFBOOT_SECTOR_SIZE); + ext_flash_erase(address, size); ext_flash_lock(); } else { - hal_flash_erase(WOLFBOOT_PARTITION_SWAP_ADDRESS, WOLFBOOT_SECTOR_SIZE); + hal_flash_erase(address, size); } } } @@ -396,6 +411,7 @@ void RAMFUNCTION wolfBoot_success(void) wolfBoot_erase_encrypt_key(); #endif } +#endif /* WOLFBOOT_FIXED_PARTITIONS */ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr) { @@ -425,6 +441,7 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr) len = p[2] | (p[3] << 8); if ((4 + len) > (uint16_t)(IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET)) { unit_dbg("This field is too large (bigger than the space available in the current header)\n"); + unit_dbg("%d %d %d\n", len, IMAGE_HEADER_SIZE, IMAGE_HEADER_OFFSET); break; } if (p + 4 + len > max_p) { @@ -522,6 +539,7 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob) { uint32_t *version_field = NULL; uint32_t *magic = NULL; + magic = (uint32_t *)blob; if (*magic != WOLFBOOT_MAGIC) return 0; @@ -532,37 +550,22 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob) return 0; } - -uint32_t wolfBoot_get_image_version(uint8_t part) +uint32_t wolfBoot_get_blob_type(uint8_t *blob) { - uint8_t *image = (uint8_t *)0x00000000; - if(part == PART_UPDATE) { - if (PARTN_IS_EXT(PART_UPDATE)) - { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS; - } - } else if (part == PART_BOOT) { - if (PARTN_IS_EXT(PART_BOOT)) { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS; - } - } - /* Don't check image against NULL to allow using address 0x00000000 */ - return wolfBoot_get_blob_version(image); + uint32_t *type_field = NULL; + uint32_t *magic = NULL; + magic = (uint32_t *)blob; + if (*magic != WOLFBOOT_MAGIC) + return 0; + if (wolfBoot_find_header(blob + IMAGE_HEADER_OFFSET, HDR_IMG_TYPE, (void *)&type_field) == 0) + return 0; + if (type_field) + return im2ns(*type_field); + + return 0; } -static uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob) +uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob) { uint32_t *delta_base = NULL; uint32_t *magic = NULL; @@ -576,87 +579,57 @@ static uint32_t wolfBoot_get_blob_diffbase_version(uint8_t *blob) return 0; } + +#ifdef WOLFBOOT_FIXED_PARTITIONS +static uint8_t* wolfBoot_get_image_from_part(uint8_t part) { + uint8_t *image = (uint8_t *)0x00000000; + + if(part == PART_UPDATE) { + image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS; + + } else if (part == PART_BOOT) { + image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS; + } + #ifdef EXT_FLASH + if (PARTN_IS_EXT(part)) + { + ext_flash_check_read((uintptr_t)image, hdr_cpy, IMAGE_HEADER_SIZE); + hdr_cpy_done = 1; + image = hdr_cpy; + } + #endif + + return image; +} + + +uint32_t wolfBoot_get_image_version(uint8_t part) +{ + /* Don't check image against NULL to allow using address 0x00000000 */ + return wolfBoot_get_blob_version(wolfBoot_get_image_from_part(part)); +} + uint32_t wolfBoot_get_diffbase_version(uint8_t part) { - uint8_t *image = (uint8_t *)0x00000000; - if(part == PART_UPDATE) { - if (PARTN_IS_EXT(PART_UPDATE)) - { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS; - } - } else if (part == PART_BOOT) { - if (PARTN_IS_EXT(PART_BOOT)) { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS; - } - } /* Don't check image against NULL to allow using address 0x00000000 */ - return wolfBoot_get_blob_diffbase_version(image); + return wolfBoot_get_blob_diffbase_version(wolfBoot_get_image_from_part(part)); } uint16_t wolfBoot_get_image_type(uint8_t part) { - uint16_t *type_field = NULL; - uint8_t *image = NULL; - uint32_t *magic = NULL; - if(part == PART_UPDATE) { - if (PARTN_IS_EXT(PART_UPDATE)) - { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_UPDATE_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS; - } - } else if (part == PART_BOOT) { - if (PARTN_IS_EXT(PART_BOOT)) { - #ifdef EXT_FLASH - ext_flash_check_read((uintptr_t)WOLFBOOT_PARTITION_BOOT_ADDRESS, hdr_cpy, IMAGE_HEADER_SIZE); - hdr_cpy_done = 1; - image = hdr_cpy; - #endif - } else { - image = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS; - } - } + uint8_t *image = wolfBoot_get_image_from_part(part); if (image) { - magic = (uint32_t *)image; - if (*magic != WOLFBOOT_MAGIC) - return 0; - if (wolfBoot_find_header(image + IMAGE_HEADER_OFFSET, HDR_IMG_TYPE, (void *)&type_field) == 0) - return 0; - if (type_field) - return im2ns(*type_field); + return wolfBoot_get_blob_type(image); } return 0; } +#endif /* WOLFBOOT_FIXED_PARTITIONS */ -#if defined(ARCH_AARCH64) || defined(DUALBANK_SWAP) || defined(PLATFORM_X86_64_EFI) +#if defined(WOLFBOOT_DUALBOOT) -int wolfBoot_fallback_is_possible(void) -{ - uint32_t boot_v, update_v; - boot_v = wolfBoot_current_firmware_version(); - update_v = wolfBoot_update_firmware_version(); - if ((boot_v == 0) || (update_v == 0)) - return 0; - return 1; -} +#if defined(WOLFBOOT_FIXED_PARTITIONS) int wolfBoot_dualboot_candidate(void) { @@ -691,14 +664,57 @@ int wolfBoot_dualboot_candidate(void) return candidate; } #else -int wolfBoot_dualboot_candidate(void) { return 0; } + +static int wolfBoot_current_firmware_version() +{ + return wolfBoot_get_blob_version(hal_get_primary_address()); +} +static int wolfBoot_update_firmware_version() { + return wolfBoot_get_blob_version(hal_get_update_address()); +} + +int wolfBoot_dualboot_candidate_addr(void** addr) +{ + int fallback_possible = 0; + uint32_t boot_v, update_v; + uint8_t p_state; + int retval = 0; + + /* Find the candidate */ + boot_v = wolfBoot_current_firmware_version(); + update_v = wolfBoot_update_firmware_version(); + /* -1 means no images available */ + if ((boot_v == 0) && (update_v == 0)) + return -1; + + *addr = hal_get_primary_address(); + + if (boot_v == 0) { /* No primary image */ + retval = 1; + *addr = hal_get_update_address(); + } + else if ((boot_v > 0) && (update_v > 0)) { + fallback_possible = 1; + if (update_v > boot_v) { + retval = 1; + *addr = hal_get_update_address(); + } + } + + return retval; +} +#endif /* WOLFBOOT_FIXED_PARTITIONS */ + int wolfBoot_fallback_is_possible(void) { - if (wolfBoot_update_firmware_version() > 0) - return 1; - return 0; + uint32_t boot_v, update_v; + boot_v = wolfBoot_current_firmware_version(); + update_v = wolfBoot_update_firmware_version(); + if ((boot_v == 0) || (update_v == 0)) + return 0; + return 1; } -#endif /* ARCH_AARCH64 || DUALBANK_SWAP */ +#endif /* WOLFBOOT_DUALBOOT */ #ifdef EXT_ENCRYPTED #include "encrypt.h" @@ -981,4 +997,3 @@ int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len) #endif #endif /* EXT_ENCRYPTED */ - diff --git a/src/update_ram.c b/src/update_ram.c index 1d971fcd..d7f1999c 100644 --- a/src/update_ram.c +++ b/src/update_ram.c @@ -39,14 +39,20 @@ extern void hal_flash_dualbank_swap(void); +static inline void boot_panic(void) +{ + while(1) + ; +} + void RAMFUNCTION wolfBoot_start(void) { int active, ret = 0; struct wolfBoot_image os_image; -#ifdef PLATFORM_X86_64_EFI - uint32_t* load_address = (uint32_t*)kernel_addr; -#else +#ifdef WOLFBOOT_FIXED_PARTITIONS uint32_t* load_address = (uint32_t*)WOLFBOOT_LOAD_ADDRESS; +#else + uint32_t* load_address = hal_get_primary_address(); #endif uint8_t* image_ptr; @@ -55,18 +61,19 @@ void RAMFUNCTION wolfBoot_start(void) uint32_t* dts_address = NULL; #endif +#ifdef WOLFBOOT_FIXED_PARTITIONS active = wolfBoot_dualboot_candidate(); +#else + active = wolfBoot_dualboot_candidate_addr((void**)&load_address); +#endif wolfBoot_printf("Active Part %d\n", active); if (active < 0) /* panic if no images available */ wolfBoot_panic(); -#ifdef PLATFORM_X86_64_EFI - if (active == 1) - load_address = (uint32_t *)update_addr; -#endif - + wolfBoot_printf("Active Part %x\n", load_address); + #ifdef WOLFBOOT_FIXED_PARTITIONS /* Check current status for failure (image still in TESTING), and fall-back * if an alternative is available */ @@ -76,13 +83,15 @@ void RAMFUNCTION wolfBoot_start(void) { active ^= 1; /* switch to other partition if available */ } + #endif + wolfBoot_printf("Active Part %d %x\n", active, load_address); for (;;) { - if (((ret = wolfBoot_open_image(&os_image, active)) < 0) || + if (((ret = wolfBoot_open_image_address(&os_image, (uint8_t*)load_address)) < 0) || ((ret = wolfBoot_verify_integrity(&os_image) < 0)) || ((ret = wolfBoot_verify_authenticity(&os_image)) < 0)) { - wolfBoot_printf("Failure %d: Part %d, Hdr %d, Hash %d, Sig %d\n", ret, + wolfBoot_printf("Failure %d: Part %d, Hdr %d, Hash %d, Sig %d\n", ret, active, os_image.hdr_ok, os_image.sha_ok, os_image.signature_ok); /* panic if authentication fails and no backup */ @@ -105,6 +114,7 @@ void RAMFUNCTION wolfBoot_start(void) /* First time we boot this update, set to TESTING to await * confirmation from the system */ +#ifdef WOLFBOOT_FIXED_PARTITIONS if ((wolfBoot_get_partition_state(active, &p_state) == 0) && (p_state == IMG_STATE_UPDATING)) { @@ -112,6 +122,7 @@ void RAMFUNCTION wolfBoot_start(void) wolfBoot_set_partition_state(active, IMG_STATE_TESTING); hal_flash_lock(); } +#endif /* Check for U-Boot Legacy format image header */ image_ptr = wolfBoot_peek_image(&os_image, 0, NULL); @@ -130,7 +141,7 @@ void RAMFUNCTION wolfBoot_start(void) if (PART_IS_EXT(&os_image)) { wolfBoot_printf("Loading %d to RAM at %08lx\n", os_image.fw_size, load_address); - ext_flash_read((uintptr_t)os_image.fw_base, + ext_flash_read((uintptr_t)os_image.fw_base, (uint8_t*)load_address, os_image.fw_size); } @@ -146,7 +157,7 @@ void RAMFUNCTION wolfBoot_start(void) if (PART_IS_EXT(&os_image)) { wolfBoot_printf("Loading DTS %d to RAM at %08lx\n", os_image.fw_size, dts_address); - ext_flash_read((uintptr_t)os_image.fw_base, + ext_flash_read((uintptr_t)os_image.fw_base, (uint8_t*)dts_address, os_image.fw_size); } @@ -154,7 +165,7 @@ void RAMFUNCTION wolfBoot_start(void) } #endif - + wolfBoot_printf("Booting at %08lx\n", load_address); hal_prepare_boot(); diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 60cbf476..51e3b4d2 100755 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -180,8 +180,9 @@ static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag, /* Globals */ - +#ifdef DELTA_UPDATES static const char wolfboot_delta_file[] = "/tmp/wolfboot-delta.bin"; +#endif static union { #ifdef HAVE_ED25519 @@ -931,6 +932,7 @@ static int make_header(uint8_t *pubkey, uint32_t pubkey_sz, return make_header_ex(0, pubkey, pubkey_sz, image_file, outfile, 0, 0, 0, 0); } +#ifdef DELTA_UPDATES static int make_header_delta(uint8_t *pubkey, uint32_t pubkey_sz, const char *image_file, const char *outfile, uint32_t delta_base_version, uint16_t patch_len, @@ -1154,6 +1156,7 @@ cleanup: return ret; } +#endif /* DELTA_UPDATES */ static const char Hashes_str[] = "[--sha256 | --sha384 | --sha3]"; static const char Enc_str[] = "[--chacha | --aes128 | --aes256]"; @@ -1181,7 +1184,10 @@ int main(int argc, char** argv) /* Check arguments and print usage */ if (argc < 4 || argc > 10) { printf("Usage: %s %s %s [--wolfboot-update] [--encrypt enc_key.bin] %s" - " [--delta image_vX_signed.bin] image key.der fw_version\n", + #ifdef DELTA_UPDATES + " [--delta image_vX_signed.bin] " + #endif + "image key.der fw_version\n", argv[0], Hashes_str, Sign_algo_str, Enc_str); printf(" - or - \n"); printf(" %s %s [--wolfboot-update] image pub_key.der fw_version\n", @@ -1270,10 +1276,12 @@ int main(int argc, char** argv) else if (strcmp(argv[i], "--chacha") == 0) { CMD.encrypt = ENC_CHACHA; } +#ifdef DELTA_UPDATES else if (strcmp(argv[i], "--delta") == 0) { CMD.delta = 1; CMD.delta_base_file = argv[++i]; } +#endif else { i--; break; @@ -1315,6 +1323,7 @@ int main(int argc, char** argv) if (CMD.sign != NO_SIGN) { printf("Public key: %s\n", CMD.key_file); } +#ifdef DELTA_UPDATES if (CMD.delta) { printf("Delta Base file: %s\n", CMD.delta_base_file); snprintf(CMD.output_diff_file, sizeof(CMD.output_image_file), @@ -1322,6 +1331,7 @@ int main(int argc, char** argv) (char*)buf, CMD.fw_version); } +#endif printf("Output %6s: %s\n", CMD.sha_only ? "digest" : "image", CMD.output_image_file); if (CMD.encrypt) { @@ -1382,9 +1392,12 @@ int main(int argc, char** argv) } /* CMD.sign != NO_SIGN */ make_header(pubkey, pubkey_sz, CMD.image_file, CMD.output_image_file); +#ifdef DELTA_UPDATES if (CMD.delta) { ret = base_diff(CMD.delta_base_file, pubkey, pubkey_sz); } +#endif + if (kbuf) free(kbuf); if (CMD.sign == SIGN_ED25519) { diff --git a/tools/test.mk b/tools/test.mk index 7d2380c2..1fb68361 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -17,6 +17,8 @@ else endif endif + + ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign)","") SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign else