Renamed FLASH_OTP_ROT to FLASH_OTP_KEYSTORE

Makefile

@@ -35,7 +35,7 @@ ifeq ($(SIGN),NONE)
   PRIVATE_KEY=
 else
   PRIVATE_KEY=wolfboot_signing_private_key.der
-  ifeq ($(FLASH_OTP_ROT),1)
+  ifeq ($(FLASH_OTP_KEYSTORE),1)
         OBJS+=./src/flash_otp_keystore.o
   else
         OBJS+=./src/keystore.o
@@ -127,7 +127,7 @@ ifeq ($(TARGET),nxp_t1024)
 	MAIN_TARGET:=factory_wstage1.bin
 endif
 
-ifeq ($(FLASH_OTP_ROT),1)
+ifeq ($(FLASH_OTP_KEYSTORE),1)
 	MAIN_TARGET:=include/target.h tools/keytools/otp/otp-keystore-primer factory.bin
 endif
 
@@ -188,7 +188,7 @@ $(PRIVATE_KEY):
 	$(Q)$(MAKE) keytools_check
 	$(Q)(test $(SIGN) = NONE) || ("$(KEYGEN_TOOL)" $(KEYGEN_OPTIONS) -g $(PRIVATE_KEY)) || true
 	$(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" >  src/keystore.c) || true
-	$(Q)(test $(FLASH_OTP_ROT) = 0) || (make -C tools/keytools/otp) || true
+	$(Q)(test $(FLASH_OTP_KEYSTORE) = 0) || (make -C tools/keytools/otp) || true
 
 keytools: include/target.h
 	@echo "Building key tools"
@@ -244,7 +244,7 @@ wolfboot_stage1.bin: wolfboot.elf stage1/loader_stage1.bin
 	$(Q) cp stage1/loader_stage1.bin wolfboot_stage1.bin
 
 wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(LIBS) $(BINASSEMBLE) FORCE
-	$(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_ROT) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \
+	$(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \
 		(echo "Key mismatch: please run 'make distclean' to remove all keys if you want to change algorithm" && false)
 	@echo "\t[LD] $@"
 	@echo $(OBJS)

hal/stm32h5.c

@@ -432,7 +432,7 @@ void hal_prepare_boot(void)
 #endif
 }
 
-#ifdef FLASH_OTP_ROT
+#ifdef FLASH_OTP_KEYSTORE
 
 /* Public API */
 
@@ -500,4 +500,4 @@ int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length)
     return 0;
 }
 
-#endif /* FLASH_OTP_ROT */
+#endif /* FLASH_OTP_KEYSTORE */

hal/stm32h7.c

@@ -513,7 +513,7 @@ void hal_prepare_boot(void)
     clock_pll_off();
 }
 
-#ifdef FLASH_OTP_ROT
+#ifdef FLASH_OTP_KEYSTORE
 static void flash_otp_wait(void)
 {
     /* Wait for the FLASH operation to complete by polling on QW flag to be reset. */
@@ -610,5 +610,5 @@ int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length)
     return 0;
 }
 
-#endif /* FLASH_OTP_ROT */
+#endif /* FLASH_OTP_KEYSTORE */
 

hal/stm32h7.h

@@ -279,22 +279,20 @@
 #define FLASH_OPT_KEY1                      (0x08192A3BU)
 #define FLASH_OPT_KEY2                      (0x4C5D6E7FU)
 
-#ifdef FLASH_OTP_ROT
-    #ifndef FLASH_OTP_BASE
-    #define FLASH_OTP_BASE 0x08FFF000
-    #endif
-    #ifndef FLASH_OTP_END
-    #define FLASH_OTP_END  0x08FFF3FF
-    #endif
-    #ifndef OTP_SIZE
-    #define OTP_SIZE       1024
-    #endif
-    #ifndef OTP_BLOCKS
-    #define OTP_BLOCKS     16
-    #endif
-
-    #define OTP_BLOCK_SIZE (OTP_SIZE / OTP_BLOCKS) /* 64 bytes */
+#ifndef FLASH_OTP_BASE
+#define FLASH_OTP_BASE 0x08FFF000
 #endif
+#ifndef FLASH_OTP_END
+#define FLASH_OTP_END  0x08FFF3FF
+#endif
+#ifndef OTP_SIZE
+#define OTP_SIZE       1024
+#endif
+#ifndef OTP_BLOCKS
+#define OTP_BLOCKS     16
+#endif
+
+#define OTP_BLOCK_SIZE (OTP_SIZE / OTP_BLOCKS) /* 64 bytes */
 
 /* STM32H7: Due to ECC functionality, it is not possible to write partition/sector
  * flags and signature more than once. This flags_cache is used to intercept write operations and

include/hal.h

@@ -130,7 +130,7 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len);
 
 #endif
 
-#ifdef FLASH_OTP_ROT
+#ifdef FLASH_OTP_KEYSTORE
 
 int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length);
 int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length);

include/otp_keystore.h

@@ -26,7 +26,7 @@
 #ifndef OTP_KEYSTORE_H
 #define OTP_KEYSTORE_H
 
-#if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN)
+#if defined(FLASH_OTP_KEYSTORE) && !defined(WOLFBOOT_NO_SIGN)
 /* Specific includes for supported targets
  * (needed for OTP_SIZE)
  */
@@ -67,6 +67,6 @@ static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT";
 
 #endif /* KEYSTORE_ANY */
 
-#endif /* FLASH_OTP_ROT */ 
+#endif /* FLASH_OTP_KEYSTORE */ 
 
 #endif /* OTP_KEYSTORE_H */

options.mk

@@ -1,8 +1,8 @@
 WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/asn.o
 
 # Support for Built-in ROT into OTP flash memory
-ifeq ($(FLASH_OTP_ROT),1)
-    CFLAGS+=-D"FLASH_OTP_ROT"
+ifeq ($(FLASH_OTP_KEYSTORE),1)
+    CFLAGS+=-D"FLASH_OTP_KEYSTORE"
 endif
 
 # Support for TPM signature verification

src/flash_otp_keystore.c

@@ -29,7 +29,7 @@
 #include "hal.h"
 #include "otp_keystore.h"
 
-#if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN)
+#if defined(FLASH_OTP_KEYSTORE) && !defined(WOLFBOOT_NO_SIGN)
 
 int keystore_num_pubkeys(void)
 {
@@ -100,4 +100,4 @@ uint32_t keystore_get_key_type(int id)
 }
 
 
-#endif /* FLASH_OTP_ROT && !WOLFBOOT_NO_SIGN */
+#endif /* FLASH_OTP_KEYSTORE && !WOLFBOOT_NO_SIGN */

tools/config.mk

@@ -78,7 +78,7 @@ ifeq ($(ARCH),)
   FORCE_32BIT=0
   DISK_LOCK?=0
   DISK_LOCK_PASSWORD?=
-  FLASH_OTP_ROT?=0
+  FLASH_OTP_KEYSTORE?=0
 endif
 
 CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO_DRIVERS \
@@ -100,4 +100,4 @@ CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO
 	XMSS_PARAMS \
 	ELF \
 	NXP_CUSTOM_DCD NXP_CUSTOM_DCD_OBJS \
-	FLASH_OTP_ROT
+	FLASH_OTP_KEYSTORE

tools/keytools/otp/Makefile

@@ -9,7 +9,7 @@ CROSS_COMPILE?=arm-none-eabi-
 CFLAGS+=-O0 -ggdb
 CFLAGS+=-I. -I../../../ -I../../../include
 CFLAGS+=-I./wcs
-CFLAGS+=-DFLASH_OTP_ROT -D__FLASH_OTP_PRIMER
+CFLAGS+=-DFLASH_OTP_KEYSTORE -D__FLASH_OTP_PRIMER
 OBJS+=startup.o otp-keystore-primer.o ../../../src/keystore.o
 LSCRIPT=target.ld
 LDFLAGS+=$(CFLAGS) -T$(LSCRIPT) -lc -Wl,-Map=otp-keystore-primer.map