WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Removed all compile-time dependency from keytools

pull/521/head
Daniele Lacamera 2024-11-26 12:56:25 +01:00
parent 97fb3b68af
commit 75efbd9cfb
37 changed files with 154 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -85,6 +85,9 @@ ifeq ($(TARGET),ti_hercules)
LSCRIPT_FLAGS+=--run_linker $(LSCRIPT) LSCRIPT_FLAGS+=--run_linker $(LSCRIPT)
endif endif
# Environment variables for sign tool
SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE)
MAIN_TARGET=factory.bin MAIN_TARGET=factory.bin
TARGET_H_TEMPLATE:=include/target.h.in TARGET_H_TEMPLATE:=include/target.h.in
@ -218,7 +221,7 @@ $(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) keystore.der
-g $(SECONDARY_PRIVATE_KEY)) || true -g $(SECONDARY_PRIVATE_KEY)) || true
$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true $(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
keytools: include/target.h keytools:
@echo "Building key tools" @echo "Building key tools"
@$(MAKE) -C tools/keytools -s clean @$(MAKE) -C tools/keytools -s clean
@$(MAKE) -C tools/keytools -j @$(MAKE) -C tools/keytools -j
@ -238,10 +241,10 @@ test-app/image_v1_signed.bin: $(BOOT_IMG)
@echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)" @echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)"
@echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)" @echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)"
$(Q)(test $(SIGN) = NONE) || IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) \ $(Q)(test $(SIGN) = NONE) || $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) \
$(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \ $(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \
$(SECONDARY_PRIVATE_KEY) 1 || true $(SECONDARY_PRIVATE_KEY) 1 || true
$(Q)(test $(SIGN) = NONE) && IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true $(Q)(test $(SIGN) = NONE) && $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true
test-app/image.elf: wolfboot.elf test-app/image.elf: wolfboot.elf
$(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" image.elf $(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" image.elf

1
include/delta.h
View File

@ -72,6 +72,7 @@ int wb_patch_init(WB_PATCH_CTX *bm, uint8_t *src, uint32_t ssz, uint8_t *patch,
int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len); int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len);
int wolfBoot_get_delta_info(uint8_t part, int inverse, uint32_t **img_offset, int wolfBoot_get_delta_info(uint8_t part, int inverse, uint32_t **img_offset,
uint32_t **img_size, uint8_t **base_hash, uint16_t *base_hash_size); uint32_t **img_size, uint8_t **base_hash, uint16_t *base_hash_size);
int wb_diff_get_sector_size(void);
#endif #endif

2
include/wolfboot/wolfboot.h
View File

@ -30,7 +30,9 @@ extern "C" {
#endif #endif
#include <stdint.h> #include <stdint.h>
#ifdef __WOLFBOOT
#include "target.h" #include "target.h"
#endif
#include "wolfboot/version.h" #include "wolfboot/version.h"
#ifdef WOLFCRYPT_SECURE_MODE #ifdef WOLFCRYPT_SECURE_MODE

49
src/delta.c
View File

@ -22,11 +22,11 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <delta.h> #include <delta.h>
#include <target.h> /* WOLFBOOT_SECTOR_SIZE */
#define ESC 0x7f #define ESC 0x7f
#if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \
defined(__GNUC__) defined(__GNUC__)
#define BLOCK_HDR_PACKED __attribute__ ((packed)) #define BLOCK_HDR_PACKED __attribute__ ((packed))
@ -46,7 +46,7 @@ struct BLOCK_HDR_PACKED block_hdr {
#include "encrypt.h" #include "encrypt.h"
#define ext_flash_check_write ext_flash_encrypt_write #define ext_flash_check_write ext_flash_encrypt_write
#define ext_flash_check_read ext_flash_decrypt_read #define ext_flash_check_read ext_flash_decrypt_read
#else #elif defined(__WOLFBOOT)
#include "hal.h" #include "hal.h"
#define ext_flash_check_write ext_flash_write #define ext_flash_check_write ext_flash_write
#define ext_flash_check_read ext_flash_read #define ext_flash_check_read ext_flash_read
@ -169,6 +169,36 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len)
return dst_off; return dst_off;
} }
#ifndef __WOLFBOOT
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
static uint32_t wolfboot_sector_size = 0;
int wb_diff_get_sector_size(void)
{
uint32_t sec_sz = 0;
char *env_sector_size = NULL;
env_sector_size = getenv("WOLFBOOT_SECTOR_SIZE");
if (!env_sector_size) {
fprintf(stderr, "Please set the WOLFBOOT_SECTOR_SIZE environment variable in\n"
"order to sign a delta update.\n");
exit(6);
} else {
sec_sz = atoi(env_sector_size);
if (sec_sz == 0) {
errno = 0;
sec_sz = strtol(env_sector_size, NULL, 16);
if (errno != 0) {
fprintf(stderr, "Invalid WOLFBOOT_SECTOR_SIZE value\n");
exit(6);
}
}
}
return sec_sz;
}
int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_b, uint32_t len_b) int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_b, uint32_t len_b)
{ {
@ -179,6 +209,8 @@ int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_
ctx->src_b = src_b; ctx->src_b = src_b;
ctx->size_a = len_a; ctx->size_a = len_a;
ctx->size_b = len_b; ctx->size_b = len_b;
wolfboot_sector_size = wb_diff_get_sector_size();
printf("WOLFBOOT_SECTOR_SIZE: %u\n", wolfboot_sector_size);
return 0; return 0;
} }
@ -196,7 +228,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
return -1; return -1;
while ((ctx->off_b + BLOCK_HDR_SIZE < ctx->size_b) && (len > p_off + BLOCK_HDR_SIZE)) { while ((ctx->off_b + BLOCK_HDR_SIZE < ctx->size_b) && (len > p_off + BLOCK_HDR_SIZE)) {
uintptr_t page_start = ctx->off_b / WOLFBOOT_SECTOR_SIZE; uintptr_t page_start = ctx->off_b / wolfboot_sector_size;
uintptr_t pa_start; uintptr_t pa_start;
found = 0; found = 0;
if (p_off + BLOCK_HDR_SIZE > len) if (p_off + BLOCK_HDR_SIZE > len)
@ -210,14 +242,14 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
* base for the sectors that have already been updated. * base for the sectors that have already been updated.
*/ */
pa_start = WOLFBOOT_SECTOR_SIZE * page_start; pa_start = wolfboot_sector_size * page_start;
pa = ctx->src_a + pa_start; pa = ctx->src_a + pa_start;
while (((uintptr_t)(pa - ctx->src_a) < (uintptr_t)ctx->size_a) && (p_off < len)) { while (((uintptr_t)(pa - ctx->src_a) < (uintptr_t)ctx->size_a) && (p_off < len)) {
if ((uintptr_t)(ctx->size_a - (pa - ctx->src_a)) < BLOCK_HDR_SIZE) if ((uintptr_t)(ctx->size_a - (pa - ctx->src_a)) < BLOCK_HDR_SIZE)
break; break;
if ((ctx->size_b - ctx->off_b) < BLOCK_HDR_SIZE) if ((ctx->size_b - ctx->off_b) < BLOCK_HDR_SIZE)
break; break;
if ((WOLFBOOT_SECTOR_SIZE - (ctx->off_b % WOLFBOOT_SECTOR_SIZE)) < BLOCK_HDR_SIZE) if ((wolfboot_sector_size - (ctx->off_b % wolfboot_sector_size)) < BLOCK_HDR_SIZE)
break; break;
if ((memcmp(pa, (ctx->src_b + ctx->off_b), BLOCK_HDR_SIZE) == 0)) { if ((memcmp(pa, (ctx->src_b + ctx->off_b), BLOCK_HDR_SIZE) == 0)) {
uintptr_t b_start; uintptr_t b_start;
@ -238,7 +270,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
/* Stop matching if the source image size limit is hit. */ /* Stop matching if the source image size limit is hit. */
break; break;
} }
if ((b_start / WOLFBOOT_SECTOR_SIZE) < ((ctx->off_b + 1) / WOLFBOOT_SECTOR_SIZE)) { if ((b_start / wolfboot_sector_size) < ((ctx->off_b + 1) / wolfboot_sector_size)) {
/* Stop matching when the sector bound is hit. */ /* Stop matching when the sector bound is hit. */
break; break;
} }
@ -262,7 +294,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
} }
if (!found) { if (!found) {
/* Try matching an earlier section in the resulting image */ /* Try matching an earlier section in the resulting image */
uintptr_t pb_end = page_start * WOLFBOOT_SECTOR_SIZE; uintptr_t pb_end = page_start * wolfboot_sector_size;
pb = ctx->src_b; pb = ctx->src_b;
while (((uintptr_t)(pb - ctx->src_b) < pb_end) && (p_off < len)) { while (((uintptr_t)(pb - ctx->src_b) < pb_end) && (p_off < len)) {
/* Check image boundary */ /* Check image boundary */
@ -274,7 +306,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
/* Don't try matching backwards if the distance between the two /* Don't try matching backwards if the distance between the two
* blocks is smaller than one sector. * blocks is smaller than one sector.
*/ */
if (WOLFBOOT_SECTOR_SIZE > (page_start * WOLFBOOT_SECTOR_SIZE) if (wolfboot_sector_size > (page_start * wolfboot_sector_size)
- (pb - ctx->src_b)) - (pb - ctx->src_b))
break; break;
@ -338,5 +370,6 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
} }
return (int)p_off; return (int)p_off;
} }
#endif /* __WOLFBOOT */
#endif /* DELTA_UPDATES */ #endif /* DELTA_UPDATES */

1
test-app/app_hifive1.c
View File

@ -24,6 +24,7 @@
#include <string.h> #include <string.h>
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
/* Change to '1' to enable uart update */ /* Change to '1' to enable uart update */
#define UART_UPDATE 0 #define UART_UPDATE 0

1
test-app/app_imx_rt.c
View File

@ -24,6 +24,7 @@
#include "fsl_debug_console.h" #include "fsl_debug_console.h"
#include "fsl_gpio.h" #include "fsl_gpio.h"
#include "fsl_iomuxc.h" #include "fsl_iomuxc.h"
#include "target.h"
static int g_pinSet = false; static int g_pinSet = false;
extern void imx_rt_init_boot_clock(void); extern void imx_rt_init_boot_clock(void);

1
test-app/app_kinetis.c
View File

@ -27,6 +27,7 @@
#include "fsl_gpio.h" #include "fsl_gpio.h"
#include "fsl_clock.h" #include "fsl_clock.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
/* FRDM-K64 board */ /* FRDM-K64 board */
#if defined(CPU_MK64FN1M0VLL12) #if defined(CPU_MK64FN1M0VLL12)

1
test-app/app_mcxa.c
View File

@ -31,6 +31,7 @@
#include "fsl_clock.h" #include "fsl_clock.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
extern void hal_init(void); extern void hal_init(void);

1
test-app/app_nrf52.c
View File

@ -25,6 +25,7 @@
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "hal/nrf52.h" #include "hal/nrf52.h"
#include "printf.h" #include "printf.h"
#include "target.h"
static const char extradata[1024 * 16] = "hi!"; static const char extradata[1024 * 16] = "hi!";

1
test-app/app_nrf5340.c
View File

@ -25,6 +25,7 @@
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "hal/nrf5340.h" #include "hal/nrf5340.h"
#include "printf.h" #include "printf.h"
#include "target.h"
void gpiotoggle(uint32_t port, uint32_t pin) void gpiotoggle(uint32_t port, uint32_t pin)
{ {

1
test-app/app_nrf5340_net.c
View File

@ -25,6 +25,7 @@
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "hal/nrf5340.h" #include "hal/nrf5340.h"
#include "printf.h" #include "printf.h"
#include "target.h"
void gpiotoggle(uint32_t port, uint32_t pin) void gpiotoggle(uint32_t port, uint32_t pin)
{ {

1
test-app/app_renesas_rx.c
View File

@ -28,6 +28,7 @@
#include "hal.h" #include "hal.h"
#include "printf.h" #include "printf.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
/* route stdout to UART */ /* route stdout to UART */
int write(int fileno, char *buf, int count) int write(int fileno, char *buf, int count)

1
test-app/app_sim.c
View File

@ -26,6 +26,7 @@
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#include "target.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"

1
test-app/app_stm32f4.c
View File

@ -30,6 +30,7 @@
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "spi_flash.h" #include "spi_flash.h"
#include "target.h"
#ifdef TARGET_stm32f4 #ifdef TARGET_stm32f4

1
test-app/app_stm32f7.c
View File

@ -27,6 +27,7 @@
#include "system.h" #include "system.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "hal.h" #include "hal.h"
#include "target.h"
/* UART module */ /* UART module */

3
test-app/app_stm32h5.c
View File

@ -32,6 +32,7 @@
#include "uart_drv.h" #include "uart_drv.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "keystore.h" #include "keystore.h"
#include "target.h"
#ifdef SECURE_PKCS11 #ifdef SECURE_PKCS11
#include "wcs/user_settings.h" #include "wcs/user_settings.h"
@ -867,4 +868,4 @@ void * _sbrk(unsigned int incr)
} }
return old_heap; return old_heap;
} }
#endif #endif

1
test-app/app_stm32h7.c
View File

@ -38,6 +38,7 @@
#include "system.h" #include "system.h"
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
#define SET_BIT(REG, BIT) ((REG) |= (BIT)) #define SET_BIT(REG, BIT) ((REG) |= (BIT))
#define CLEAR_BIT(REG, BIT) ((REG) &= ~(BIT)) #define CLEAR_BIT(REG, BIT) ((REG) &= ~(BIT))

1
test-app/app_stm32l0.c
View File

@ -29,6 +29,7 @@
#ifdef SPI_FLASH #ifdef SPI_FLASH
#include "spi_flash.h" #include "spi_flash.h"
#endif #endif
#include "target.h"
#ifdef TARGET_stm32l0 #ifdef TARGET_stm32l0

1
test-app/app_stm32l4.c
View File

@ -25,6 +25,7 @@
#include "led.h" #include "led.h"
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
#ifdef TARGET_stm32l4 #ifdef TARGET_stm32l4

1
test-app/app_stm32l5.c
View File

@ -30,6 +30,7 @@
#include "uart_drv.h" #include "uart_drv.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "wolfboot/wc_secure.h" #include "wolfboot/wc_secure.h"
#include "target.h"
#ifdef SECURE_PKCS11 #ifdef SECURE_PKCS11
#include "wcs/user_settings.h" #include "wcs/user_settings.h"

1
test-app/app_stm32u5.c
View File

@ -28,6 +28,7 @@
#include "system.h" #include "system.h"
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "target.h"
#define LED_BOOT_PIN (7) /* PH7 - Discovery - Green Led */ #define LED_BOOT_PIN (7) /* PH7 - Discovery - Green Led */
#define LED_USR_PIN (6) /* PH6 - Discovery - Red Led */ #define LED_USR_PIN (6) /* PH6 - Discovery - Red Led */

1
test-app/app_stm32wb.c
View File

@ -28,6 +28,7 @@
#include "hal.h" #include "hal.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "uart_drv.h" #include "uart_drv.h"
#include "target.h"
#ifdef TARGET_stm32wb #ifdef TARGET_stm32wb

6
tools/efi/compile_efi_linux.sh
View File

@ -4,6 +4,7 @@ WORK_DIR=/tmp/wolfBoot_efi
BR_VER=2022.08.3 BR_VER=2022.08.3
BR_DIR=buildroot-$BR_VER BR_DIR=buildroot-$BR_VER
IMAGE_DIR=$WORK_DIR/output IMAGE_DIR=$WORK_DIR/output
. .config
if (test ! -d $WORK_DIR);then if (test ! -d $WORK_DIR);then
mkdir -p $WORK_DIR mkdir -p $WORK_DIR
@ -17,10 +18,7 @@ fi
BR2_EXTERNAL=$(pwd)/tools/efi/br_ext_dir make -C $WORK_DIR/$BR_DIR tiny_defconfig O=$IMAGE_DIR BR2_EXTERNAL=$(pwd)/tools/efi/br_ext_dir make -C $WORK_DIR/$BR_DIR tiny_defconfig O=$IMAGE_DIR
make -C $WORK_DIR/$BR_DIR O=$IMAGE_DIR make -C $WORK_DIR/$BR_DIR O=$IMAGE_DIR
SIGN_TOOL="python3 ./tools/keytools/sign.py" SIGN_TOOL="./tools/keytools/sign"
if [ -f "./tools/keytools/sign" ]; then
SIGN_TOOL="./tools/keytools/sign"
fi
$SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 1 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 1
$SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 2 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 2

16
tools/keytools/Makefile
View File

@ -177,25 +177,11 @@ endif
.PHONY: clean all .PHONY: clean all
all: $(WOLFBOOTDIR)/include/target.h sign keygen all: sign keygen
debug: CFLAGS+=$(DEBUG_FLAGS) debug: CFLAGS+=$(DEBUG_FLAGS)
debug: all debug: all
# Target.h is required for key tools
$(WOLFBOOTDIR)/include/target.h: $(WOLFBOOTDIR)/include/target.h.in
@cat $(WOLFBOOTDIR)/include/target.h.in | \
sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \
sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \
sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_PARTITION_SWAP_ADDRESS@/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_DTS_BOOT_ADDRESS@/$(WOLFBOOT_DTS_BOOT_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_DTS_UPDATE_ADDRESS@/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_LOAD_ADDRESS@/$(WOLFBOOT_LOAD_ADDRESS)/g" | \
sed -e "s/@WOLFBOOT_LOAD_DTS_ADDRESS@/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" \
> $@
# build objects # build objects
$(OBJDIR)/%.o: %.c $(OBJDIR)/%.o: %.c
$(Q)$(CC) $(CFLAGS) -c -o $@ $< $(Q)$(CC) $(CFLAGS) -c -o $@ $<

23
tools/keytools/sign.c
View File

@ -42,13 +42,10 @@
#include <fcntl.h> #include <fcntl.h>
#include <stddef.h> #include <stddef.h>
#include <inttypes.h> #include <inttypes.h>
/* target.h is a generated file based on .config (see target.h.in)
* Provides: WOLFBOOT_SECTOR_SIZE */
#include <target.h>
#include <delta.h> #include <delta.h>
#include "wolfboot/version.h" #include "wolfboot/version.h"
#include "wolfboot/wolfboot.h" //#include "wolfboot/wolfboot.h"
#ifdef DEBUG_SIGNTOOL #ifdef DEBUG_SIGNTOOL
#define DEBUG_PRINT(...) fprintf(stderr, __VA_ARGS__) #define DEBUG_PRINT(...) fprintf(stderr, __VA_ARGS__)
@ -1798,10 +1795,9 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in
struct stat st; struct stat st;
void *base = NULL; void *base = NULL;
void *buffer = NULL; void *buffer = NULL;
static uint8_t dest[WOLFBOOT_SECTOR_SIZE]; uint8_t *dest = NULL;
uint8_t ff = 0xff; uint8_t ff = 0xff;
int r; int r;
uint32_t blksz = WOLFBOOT_SECTOR_SIZE;
uint32_t patch_sz, patch_inv_sz; uint32_t patch_sz, patch_inv_sz;
uint32_t patch_inv_off; uint32_t patch_inv_off;
uint32_t delta_base_version = 0; uint32_t delta_base_version = 0;
@ -1811,6 +1807,17 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in
int io_sz; int io_sz;
uint8_t *base_hash = NULL; uint8_t *base_hash = NULL;
uint32_t base_hash_sz = 0; uint32_t base_hash_sz = 0;
uint32_t wolfboot_sector_size = 0;
uint32_t blksz;
wolfboot_sector_size = wb_diff_get_sector_size();
printf("delta update: WOLFBOOT_SECTOR_SIZE: %u\n", wolfboot_sector_size);
blksz = wolfboot_sector_size;
dest = malloc(wolfboot_sector_size);
if (!dest) {
printf("Error allocating memory to prepare patch sectors\n");
goto cleanup;
}
/* Get source file size */ /* Get source file size */
if (stat(f_base, &st) < 0) { if (stat(f_base, &st) < 0) {
@ -2039,6 +2046,10 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in
delta_base_version, patch_sz, patch_inv_off, patch_inv_sz, base_hash, base_hash_sz); delta_base_version, patch_sz, patch_inv_off, patch_inv_sz, base_hash, base_hash_sz);
cleanup: cleanup:
if (dest) {
free(dest);
dest = NULL;
}
/* Unlink output file */ /* Unlink output file */
unlink(wolfboot_delta_file); unlink(wolfboot_delta_file);
#if HAVE_MMAP #if HAVE_MMAP

13
tools/scripts/nrf5340/build_flash.sh
View File

@ -15,6 +15,9 @@
# Build dela update version 3 and flash to external (also reprograms internal flash) # Build dela update version 3 and flash to external (also reprograms internal flash)
# ./tools/scripts/nrf5340/build_flash.sh --delta # ./tools/scripts/nrf5340/build_flash.sh --delta
#import config for IMAGE_HEADER_SIZE and WOLFBOOT_SECTOR_SIZE
. config/examples/nrf5340.config
# Defaults # Defaults
MAKE_ARGS=" DEBUG_SYMBOLS=1" MAKE_ARGS=" DEBUG_SYMBOLS=1"
DO_CLEAN=0 DO_CLEAN=0
@ -28,6 +31,8 @@ DO_PROGRAM_EXT=0
DO_DELTA=0 DO_DELTA=0
UPDATE_VERSION=1 UPDATE_VERSION=1
SIGN_ENV=IMAGE_HEADER_SIZE=$IMAGE_HEADER_SIZE WOLFBOOT_SECTOR_SIZE=$WOLFBOOT_SECTOR_SIZE
SIGN_TOOL=tools/keytools/sign
SIGN_ARGS="--ecc384 --sha384" SIGN_ARGS="--ecc384 --sha384"
#SIGN_ARGS="--ecc256 --sha256" #SIGN_ARGS="--ecc256 --sha256"
@ -161,8 +166,8 @@ fi
if [[ $DO_UPDATE == 1 ]]; then if [[ $DO_UPDATE == 1 ]]; then
# Sign flash update for testing (for network partition using --id 2) # Sign flash update for testing (for network partition using --id 2)
tools/keytools/sign $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
tools/keytools/sign $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION $SIGN_ENV $SIGN_TOOL $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
# Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING):
echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin
@ -177,8 +182,8 @@ fi
if [[ $DO_DELTA == 1 ]]; then if [[ $DO_DELTA == 1 ]]; then
# Sign flash update for testing (for network partition using --id 2) delta between v1 and v3 # Sign flash update for testing (for network partition using --id 2) delta between v1 and v3
tools/keytools/sign $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
tools/keytools/sign $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
# Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING):
echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin

22
tools/scripts/prepare_encrypted_delta_update.sh
View File

@ -1,22 +0,0 @@
#!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py"
if [ -f "./tools/keytools/sign" ]; then
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT")
SIZE=131023
VERSION=7
APP=test-app/image_v"$VERSION"_signed_diff_encrypted.bin
# Create test key
echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der
$SIGN_TOOL --ecc256 \
--encrypt enc_key.der \
--delta test-app/image_v1_signed.bin \
test-app/image.bin wolfboot_signing_private_key.der $VERSION
dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin
dd if=$APP of=update.bin bs=1 conv=notrunc
printf "pBOOT" >> update.bin

26
tools/scripts/prepare_encrypted_update.sh
View File

@ -1,26 +0,0 @@
#!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py"
if [ -f "./tools/keytools/sign" ]; then
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT")
SIZE=131023
#SIZE=65487
VERSION=8
APP=test-app/image_v"$VERSION"_signed_and_encrypted.bin
# Create test key
echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der
$SIGN_TOOL --ecc256 --encrypt enc_key.der test-app/image.bin wolfboot_signing_private_key.der $VERSION
dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin
dd if=$APP of=update.bin bs=1 conv=notrunc
printf "pBOOT" >> update.bin
#Make a 1MB rom image for SPI
rm -f update.rom
dd if=/dev/zero bs=1M count=1 2>/dev/null | tr "\000" "\377" > update.rom
dd if=update.bin of=update.rom bs=1 conv=notrunc

6
tools/scripts/prepare_update.sh
View File

@ -1,9 +1,7 @@
#!/bin/bash #!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py" . .config
if [ -f "./tools/keytools/sign" ]; then SIGN_TOOL="./tools/keytools/sign"
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 5 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
SIZE=131067 SIZE=131067

6
tools/scripts/prepare_update_l5.sh
View File

@ -1,9 +1,7 @@
#!/bin/bash #!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py" . ./.config
if [ -f "./tools/keytools/sign" ]; then SIGN_TOOL="./tools/keytools/sign"
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 5 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
SIZE=129019 SIZE=129019

8
tools/scripts/prepare_update_l5_dualbank.sh
View File

@ -1,9 +1,9 @@
#!/bin/bash #!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py" . .config
if [ -f "./tools/keytools/sign" ]; then echo IMAGE_HEADER_SIZE= $IMAGE_HEADER_SIZE
SIGN_TOOL="./tools/keytools/sign" echo WOLFBOOT_SECTOR_SIZE= $WOLFBOOT_SECTOR_SIZE
fi SIGN_TOOL="./tools/keytools/sign"
# SIZE is WOLFBOOT_PARTITION_SIZE - 5 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
SIZE=229371 SIZE=229371

7
tools/scripts/prepare_update_u5.sh
View File

@ -1,9 +1,6 @@
#!/bin/bash #!/bin/bash
. .config
SIGN_TOOL="python3 ./tools/keytools/sign.py" SIGN_TOOL="./tools/keytools/sign"
if [ -f "./tools/keytools/sign" ]; then
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 5 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
SIZE=131067 SIZE=131067

6
tools/scripts/prepare_update_u5_dualbank.sh
View File

@ -1,9 +1,7 @@
#!/bin/bash #!/bin/bash
SIGN_TOOL="python3 ./tools/keytools/sign.py" . .config
if [ -f "./tools/keytools/sign" ]; then SIGN_TOOL="./tools/keytools/sign"
SIGN_TOOL="./tools/keytools/sign"
fi
# SIZE is WOLFBOOT_PARTITION_SIZE - 5 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
SIZE=229371 SIZE=229371

8
tools/test-delta.mk
View File

@ -26,9 +26,9 @@ test-delta-update: distclean factory.bin test-app/image.bin tools/uart-flash-ser
@st-flash erase || st-flash erase @st-flash erase || st-flash erase
@rm -f zero.bin @rm -f zero.bin
@diff .config config/examples/stm32wb-delta.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-delta.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta.config to .config to run this test\n\n" && exit 1)
$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
$(PRIVATE_KEY) 7 $(PRIVATE_KEY) 7
$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
$(PRIVATE_KEY) 2 $(PRIVATE_KEY) 2
@st-flash write factory.bin 0x08000000 @st-flash write factory.bin 0x08000000
@echo Expecting version '1' @echo Expecting version '1'
@ -79,7 +79,7 @@ test-delta-update-ext: distclean factory.bin test-app/image.bin tools/uart-flash
@st-flash erase || st-flash erase @st-flash erase || st-flash erase
@rm -f zero.bin @rm -f zero.bin
@diff .config config/examples/stm32wb-delta-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-ext.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-delta-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-ext.config to .config to run this test\n\n" && exit 1)
$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
$(PRIVATE_KEY) 7 $(PRIVATE_KEY) 7
@(tools/uart-flash-server/ufserver test-app/image_v7_signed_diff.bin $(USBTTY))& @(tools/uart-flash-server/ufserver test-app/image_v7_signed_diff.bin $(USBTTY))&
@st-flash reset @st-flash reset
@ -121,7 +121,7 @@ test-delta-enc-update-ext: distclean factory.bin test-app/image.bin tools/uart-f
@st-flash erase || st-flash erase @st-flash erase || st-flash erase
@rm -f zero.bin @rm -f zero.bin
@diff .config config/examples/stm32wb-delta-enc-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-enc-ext.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-delta-enc-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-enc-ext.config to .config to run this test\n\n" && exit 1)
$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \ $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \
$(ENCRYPT_STRING) --encrypt /tmp/enc_key.der \ $(ENCRYPT_STRING) --encrypt /tmp/enc_key.der \
test-app/image.bin \ test-app/image.bin \
$(PRIVATE_KEY) 7 $(PRIVATE_KEY) 7

12
tools/test-enc.mk
View File

@ -24,8 +24,8 @@ tools/uart-flash-server/ufserver: FORCE
test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver
@diff .config config/examples/stm32wb-uart-flash-encryption.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-uart-flash-encryption.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption.config to .config to run this test\n\n" && exit 1)
@printf "0123456789abcdef0123456789abcdef0123456789ab" > /tmp/enc_key.der @printf "0123456789abcdef0123456789abcdef0123456789ab" > /tmp/enc_key.der
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))&
@st-flash erase @st-flash erase
@st-flash write factory.bin 0x08000000 @st-flash write factory.bin 0x08000000
@ -47,8 +47,8 @@ test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver
test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver
@diff .config config/examples/stm32wb-uart-flash-encryption-aes128.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes128.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-uart-flash-encryption-aes128.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes128.config to .config to run this test\n\n" && exit 1)
@printf "0123456789abcdef0123456789abcdef" > /tmp/enc_key.der @printf "0123456789abcdef0123456789abcdef" > /tmp/enc_key.der
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))&
@st-flash erase @st-flash erase
@st-flash write factory.bin 0x08000000 @st-flash write factory.bin 0x08000000
@ -70,8 +70,8 @@ test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/u
test-enc-aes256-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver test-enc-aes256-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver
@diff .config config/examples/stm32wb-uart-flash-encryption-aes256.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes256.config to .config to run this test\n\n" && exit 1) @diff .config config/examples/stm32wb-uart-flash-encryption-aes256.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes256.config to .config to run this test\n\n" && exit 1)
@printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION)
@(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))&
@st-flash erase @st-flash erase
@st-flash write factory.bin 0x08000000 @st-flash write factory.bin 0x08000000

41
tools/test-renode.mk
View File

@ -24,26 +24,19 @@ LMS_OPTS=LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 \
XMSS_OPTS=WOLFBOOT_XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \ XMSS_OPTS=WOLFBOOT_XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \
IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000
# python version only supported using ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","")
# KEYGEN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/keygen.py" KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe
ifeq ("$(KEYGEN_TOOL)","") else
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","") KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen
KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe
else
KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen
endif
endif endif
# python version only supported using ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","")
# SIGN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/sign.py" SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe
ifeq ("$(SIGN_TOOL)","") else
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign
SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe
else
SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign
endif
endif endif
SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE)
ifeq ($(TARGET),stm32f7) ifeq ($(TARGET),stm32f7)
RENODE_CONFIG=tools/renode/stm32f746_wolfboot.resc RENODE_CONFIG=tools/renode/stm32f746_wolfboot.resc
@ -140,7 +133,7 @@ renode-off: FORCE
$(RENODE_UPDATE_FILE): test-app/image.bin FORCE $(RENODE_UPDATE_FILE): test-app/image.bin FORCE
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \
$(TEST_UPDATE_VERSION) $(TEST_UPDATE_VERSION)
${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \
> $@ > $@
@ -150,7 +143,7 @@ $(RENODE_UPDATE_FILE): test-app/image.bin FORCE
renode-factory: factory.bin test-app/image.bin $(RENODE_UPDATE_FILE) $(EXPVER) FORCE renode-factory: factory.bin test-app/image.bin $(RENODE_UPDATE_FILE) $(EXPVER) FORCE
${Q}rm -f $(RENODE_UART) ${Q}rm -f $(RENODE_UART)
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1
${Q}cp test-app/image_v1_signed.bin $(TMP)/renode-test-v1.bin ${Q}cp test-app/image_v1_signed.bin $(TMP)/renode-test-v1.bin
${Q}cp wolfboot.elf $(TMP)/renode-wolfboot.elf ${Q}cp wolfboot.elf $(TMP)/renode-wolfboot.elf
${Q}make renode-on ${Q}make renode-on
@ -175,8 +168,8 @@ renode-update: factory.bin test-app/image.bin $(EXPVER) FORCE
${Q}rm -f $(RENODE_UART) ${Q}rm -f $(RENODE_UART)
${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \
> $(RENODE_UPDATE_FILE) > $(RENODE_UPDATE_FILE)
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \
$(TEST_UPDATE_VERSION) $(TEST_UPDATE_VERSION)
${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \
of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc
@ -201,8 +194,8 @@ renode-no-downgrade: factory.bin test-app/image.bin $(EXPVER) FORCE
${Q}rm -f $(RENODE_UART) ${Q}rm -f $(RENODE_UART)
${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \
> $(RENODE_UPDATE_FILE) > $(RENODE_UPDATE_FILE)
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7 ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5 ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5
${Q}dd if=test-app/image_v5_signed.bin \ ${Q}dd if=test-app/image_v5_signed.bin \
of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc
${Q}printf "pBOOT" >> $(RENODE_UPDATE_FILE) ${Q}printf "pBOOT" >> $(RENODE_UPDATE_FILE)
@ -225,8 +218,8 @@ renode-corrupted: factory.bin test-app/image.bin $(EXPVER) FORCE
${Q}rm -f $(RENODE_UART) ${Q}rm -f $(RENODE_UART)
${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \
> $(RENODE_UPDATE_FILE) > $(RENODE_UPDATE_FILE)
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1
${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \
$(TEST_UPDATE_VERSION) $(TEST_UPDATE_VERSION)
${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \
of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc

34
tools/test.mk
View File

@ -16,9 +16,9 @@ else
endif endif
ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","")
SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign.exe SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe
else else
SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign
endif endif
# Make sign algorithm argument # Make sign algorithm argument
@ -138,7 +138,7 @@ test-spi-off: FORCE
test-update: test-app/image.bin FORCE test-update: test-app/image.bin FORCE
@dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-update.bin @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-update.bin
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc
@printf "pBOOT" >> test-update.bin @printf "pBOOT" >> test-update.bin
@make test-reset @make test-reset
@ -150,10 +150,10 @@ test-update: test-app/image.bin FORCE
test-sim-external-flash-with-update: wolfboot.bin test-app/image.elf FORCE test-sim-external-flash-with-update: wolfboot.bin test-app/image.elf FORCE
$(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)cp test-app/image.elf test-app/image.bak.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1
$(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)cp test-app/image.bak.elf test-app/image.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
# Assembling internal flash image # Assembling internal flash image
# #
$(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd
@ -168,13 +168,13 @@ test-sim-external-flash-with-enc-delta-update-extradata:DELTA_UPDATE_OPTIONS=--d
test-sim-external-flash-with-enc-delta-update-extradata:SIGN_ENC_ARGS=--encrypt /tmp/enc_key.der --aes128 test-sim-external-flash-with-enc-delta-update-extradata:SIGN_ENC_ARGS=--encrypt /tmp/enc_key.der --aes128
test-sim-external-flash-with-enc-delta-update-extradata: wolfboot.bin test-app/image.elf FORCE test-sim-external-flash-with-enc-delta-update-extradata: wolfboot.bin test-app/image.elf FORCE
@printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1
$(Q)cp test-app/image_v1_signed.bin test-app/image_v1_signed.bak $(Q)cp test-app/image_v1_signed.bin test-app/image_v1_signed.bak
$(Q)rm -f test-app/image.elf test-app/app_sim.o $(Q)rm -f test-app/image.elf test-app/app_sim.o
$(Q)make -C test-app delta-extra-data DELTA_DATA_SIZE=$(DELTA_DATA_SIZE) $(Q)make -C test-app delta-extra-data DELTA_DATA_SIZE=$(DELTA_DATA_SIZE)
$(Q)cp test-app/image_v1_signed.bak test-app/image_v1_signed.bin $(Q)cp test-app/image_v1_signed.bak test-app/image_v1_signed.bin
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
$(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \
test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
$(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd
$(Q)dd if=test-app/image_v1_signed.bin bs=256 of=v1_part.dd conv=notrunc $(Q)dd if=test-app/image_v1_signed.bin bs=256 of=v1_part.dd conv=notrunc
@ -192,11 +192,11 @@ test-sim-external-flash-with-enc-update: wolfboot.bin test-app/image.elf FORCE
$(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)cp test-app/image.elf test-app/image.bak.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc
@printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1
$(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)cp test-app/image.bak.elf test-app/image.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
$(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \
test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
# Assembling internal flash image # Assembling internal flash image
# #
@ -217,12 +217,12 @@ test-sim-external-flash-with-enc-delta-update:
test-sim-internal-flash-with-update: wolfboot.bin test-app/image.elf FORCE test-sim-internal-flash-with-update: wolfboot.bin test-app/image.elf FORCE
$(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)cp test-app/image.elf test-app/image.bak.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1
$(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)cp test-app/image.bak.elf test-app/image.elf
$(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc
$(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
$(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_SECTOR_SIZE))) count=1 2>/dev/null $(INVERSION) > erased_sec.dd $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_SECTOR_SIZE))) count=1 2>/dev/null $(INVERSION) > erased_sec.dd
$(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \ $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \
test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
$(Q)$(BINASSEMBLE) internal_flash.dd \ $(Q)$(BINASSEMBLE) internal_flash.dd \
0 wolfboot.bin \ 0 wolfboot.bin \
@ -268,12 +268,12 @@ test-sim-rollback-flash: wolfboot.elf test-sim-internal-flash-with-update FORCE
test-self-update: FORCE test-self-update: FORCE
@mv $(PRIVATE_KEY) private_key.old @mv $(PRIVATE_KEY) private_key.old
@make clean factory.bin RAM_CODE=1 WOLFBOOT_VERSION=1 SIGN=$(SIGN) @make clean factory.bin RAM_CODE=1 WOLFBOOT_VERSION=1 SIGN=$(SIGN)
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \ @st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \
(make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000)
@dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-self-update.bin @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-self-update.bin
@$(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION)
@dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc @dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc
@printf "pBOOT" >> test-self-update.bin @printf "pBOOT" >> test-self-update.bin
@st-flash --reset write test-self-update.bin 0x08040000 || \ @st-flash --reset write test-self-update.bin 0x08040000 || \
@ -281,7 +281,7 @@ test-self-update: FORCE
(make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000) (make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000)
test-update-ext: test-app/image.bin FORCE test-update-ext: test-app/image.bin FORCE
@$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION)
@(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom) @(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom)
@dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc
@printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc @printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc