From 9dd8b7cf976f310ed1db1699bf5c2a1645cf861c Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 15 May 2024 09:48:23 +0200 Subject: [PATCH] Renamed FLASH_OTP_ROT to FLASH_OTP_KEYSTORE --- Makefile | 8 ++++---- hal/stm32h5.c | 4 ++-- hal/stm32h7.c | 4 ++-- hal/stm32h7.h | 28 +++++++++++++--------------- include/hal.h | 2 +- include/otp_keystore.h | 4 ++-- options.mk | 4 ++-- src/flash_otp_keystore.c | 4 ++-- tools/config.mk | 4 ++-- tools/keytools/otp/Makefile | 2 +- 10 files changed, 31 insertions(+), 33 deletions(-) diff --git a/Makefile b/Makefile index 7c0d5f93..a36936d9 100644 --- a/Makefile +++ b/Makefile @@ -35,7 +35,7 @@ ifeq ($(SIGN),NONE) PRIVATE_KEY= else PRIVATE_KEY=wolfboot_signing_private_key.der - ifeq ($(FLASH_OTP_ROT),1) + ifeq ($(FLASH_OTP_KEYSTORE),1) OBJS+=./src/flash_otp_keystore.o else OBJS+=./src/keystore.o @@ -127,7 +127,7 @@ ifeq ($(TARGET),nxp_t1024) MAIN_TARGET:=factory_wstage1.bin endif -ifeq ($(FLASH_OTP_ROT),1) +ifeq ($(FLASH_OTP_KEYSTORE),1) MAIN_TARGET:=include/target.h tools/keytools/otp/otp-keystore-primer factory.bin endif @@ -188,7 +188,7 @@ $(PRIVATE_KEY): $(Q)$(MAKE) keytools_check $(Q)(test $(SIGN) = NONE) || ("$(KEYGEN_TOOL)" $(KEYGEN_OPTIONS) -g $(PRIVATE_KEY)) || true $(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" > src/keystore.c) || true - $(Q)(test $(FLASH_OTP_ROT) = 0) || (make -C tools/keytools/otp) || true + $(Q)(test $(FLASH_OTP_KEYSTORE) = 0) || (make -C tools/keytools/otp) || true keytools: include/target.h @echo "Building key tools" @@ -244,7 +244,7 @@ wolfboot_stage1.bin: wolfboot.elf stage1/loader_stage1.bin $(Q) cp stage1/loader_stage1.bin wolfboot_stage1.bin wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(LIBS) $(BINASSEMBLE) FORCE - $(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_ROT) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \ + $(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \ (echo "Key mismatch: please run 'make distclean' to remove all keys if you want to change algorithm" && false) @echo "\t[LD] $@" @echo $(OBJS) diff --git a/hal/stm32h5.c b/hal/stm32h5.c index e3a030cb..22841ec4 100644 --- a/hal/stm32h5.c +++ b/hal/stm32h5.c @@ -432,7 +432,7 @@ void hal_prepare_boot(void) #endif } -#ifdef FLASH_OTP_ROT +#ifdef FLASH_OTP_KEYSTORE /* Public API */ @@ -500,4 +500,4 @@ int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length) return 0; } -#endif /* FLASH_OTP_ROT */ +#endif /* FLASH_OTP_KEYSTORE */ diff --git a/hal/stm32h7.c b/hal/stm32h7.c index f5e7475c..6d8fef9e 100644 --- a/hal/stm32h7.c +++ b/hal/stm32h7.c @@ -513,7 +513,7 @@ void hal_prepare_boot(void) clock_pll_off(); } -#ifdef FLASH_OTP_ROT +#ifdef FLASH_OTP_KEYSTORE static void flash_otp_wait(void) { /* Wait for the FLASH operation to complete by polling on QW flag to be reset. */ @@ -610,5 +610,5 @@ int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length) return 0; } -#endif /* FLASH_OTP_ROT */ +#endif /* FLASH_OTP_KEYSTORE */ diff --git a/hal/stm32h7.h b/hal/stm32h7.h index 894e276f..7cfb50de 100644 --- a/hal/stm32h7.h +++ b/hal/stm32h7.h @@ -279,22 +279,20 @@ #define FLASH_OPT_KEY1 (0x08192A3BU) #define FLASH_OPT_KEY2 (0x4C5D6E7FU) -#ifdef FLASH_OTP_ROT - #ifndef FLASH_OTP_BASE - #define FLASH_OTP_BASE 0x08FFF000 - #endif - #ifndef FLASH_OTP_END - #define FLASH_OTP_END 0x08FFF3FF - #endif - #ifndef OTP_SIZE - #define OTP_SIZE 1024 - #endif - #ifndef OTP_BLOCKS - #define OTP_BLOCKS 16 - #endif - - #define OTP_BLOCK_SIZE (OTP_SIZE / OTP_BLOCKS) /* 64 bytes */ +#ifndef FLASH_OTP_BASE +#define FLASH_OTP_BASE 0x08FFF000 #endif +#ifndef FLASH_OTP_END +#define FLASH_OTP_END 0x08FFF3FF +#endif +#ifndef OTP_SIZE +#define OTP_SIZE 1024 +#endif +#ifndef OTP_BLOCKS +#define OTP_BLOCKS 16 +#endif + +#define OTP_BLOCK_SIZE (OTP_SIZE / OTP_BLOCKS) /* 64 bytes */ /* STM32H7: Due to ECC functionality, it is not possible to write partition/sector * flags and signature more than once. This flags_cache is used to intercept write operations and diff --git a/include/hal.h b/include/hal.h index 73d2db1d..d42409af 100644 --- a/include/hal.h +++ b/include/hal.h @@ -130,7 +130,7 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len); #endif -#ifdef FLASH_OTP_ROT +#ifdef FLASH_OTP_KEYSTORE int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length); int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length); diff --git a/include/otp_keystore.h b/include/otp_keystore.h index 6a549970..f03be467 100644 --- a/include/otp_keystore.h +++ b/include/otp_keystore.h @@ -26,7 +26,7 @@ #ifndef OTP_KEYSTORE_H #define OTP_KEYSTORE_H -#if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN) +#if defined(FLASH_OTP_KEYSTORE) && !defined(WOLFBOOT_NO_SIGN) /* Specific includes for supported targets * (needed for OTP_SIZE) */ @@ -67,6 +67,6 @@ static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT"; #endif /* KEYSTORE_ANY */ -#endif /* FLASH_OTP_ROT */ +#endif /* FLASH_OTP_KEYSTORE */ #endif /* OTP_KEYSTORE_H */ diff --git a/options.mk b/options.mk index 2d2e9af6..422d9339 100644 --- a/options.mk +++ b/options.mk @@ -1,8 +1,8 @@ WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/asn.o # Support for Built-in ROT into OTP flash memory -ifeq ($(FLASH_OTP_ROT),1) - CFLAGS+=-D"FLASH_OTP_ROT" +ifeq ($(FLASH_OTP_KEYSTORE),1) + CFLAGS+=-D"FLASH_OTP_KEYSTORE" endif # Support for TPM signature verification diff --git a/src/flash_otp_keystore.c b/src/flash_otp_keystore.c index d7db6811..671d61a2 100644 --- a/src/flash_otp_keystore.c +++ b/src/flash_otp_keystore.c @@ -29,7 +29,7 @@ #include "hal.h" #include "otp_keystore.h" -#if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN) +#if defined(FLASH_OTP_KEYSTORE) && !defined(WOLFBOOT_NO_SIGN) int keystore_num_pubkeys(void) { @@ -100,4 +100,4 @@ uint32_t keystore_get_key_type(int id) } -#endif /* FLASH_OTP_ROT && !WOLFBOOT_NO_SIGN */ +#endif /* FLASH_OTP_KEYSTORE && !WOLFBOOT_NO_SIGN */ diff --git a/tools/config.mk b/tools/config.mk index 731eea25..4b1e8e88 100644 --- a/tools/config.mk +++ b/tools/config.mk @@ -78,7 +78,7 @@ ifeq ($(ARCH),) FORCE_32BIT=0 DISK_LOCK?=0 DISK_LOCK_PASSWORD?= - FLASH_OTP_ROT?=0 + FLASH_OTP_KEYSTORE?=0 endif CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO_DRIVERS \ @@ -100,4 +100,4 @@ CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO XMSS_PARAMS \ ELF \ NXP_CUSTOM_DCD NXP_CUSTOM_DCD_OBJS \ - FLASH_OTP_ROT + FLASH_OTP_KEYSTORE diff --git a/tools/keytools/otp/Makefile b/tools/keytools/otp/Makefile index 0d91e57b..807d4e57 100644 --- a/tools/keytools/otp/Makefile +++ b/tools/keytools/otp/Makefile @@ -9,7 +9,7 @@ CROSS_COMPILE?=arm-none-eabi- CFLAGS+=-O0 -ggdb CFLAGS+=-I. -I../../../ -I../../../include CFLAGS+=-I./wcs -CFLAGS+=-DFLASH_OTP_ROT -D__FLASH_OTP_PRIMER +CFLAGS+=-DFLASH_OTP_KEYSTORE -D__FLASH_OTP_PRIMER OBJS+=startup.o otp-keystore-primer.o ../../../src/keystore.o LSCRIPT=target.ld LDFLAGS+=$(CFLAGS) -T$(LSCRIPT) -lc -Wl,-Map=otp-keystore-primer.map