WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Demo app: added test, benchmark, other gadgets

pull/455/head
Daniele Lacamera 2024-06-11 09:53:48 +02:00 committed by David Garske
parent 34d5ec15ea
commit aff2072694
6 changed files with 444 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hal/uart/uart_drv_stm32h5.c
View File

@ -151,7 +151,7 @@ static int uart1_tx(const uint8_t c)
return 1; return 1;
} }
static int uart1_rx(uint8_t *c, int len) static int uart1_rx(uint8_t *c)
{ {
volatile uint32_t reg; volatile uint32_t reg;
int i = 0; int i = 0;
@ -219,7 +219,7 @@ static int uart3_tx(const uint8_t c)
return 1; return 1;
} }
static int uart3_rx(uint8_t *c, int len) static int uart3_rx(uint8_t *c)
{ {
volatile uint32_t reg; volatile uint32_t reg;
int i = 0; int i = 0;
@ -249,12 +249,12 @@ int uart_tx(const uint8_t c)
#endif #endif
} }
int uart_rx(uint8_t *c, int len) int uart_rx(uint8_t *c)
{ {
#if USE_UART1 #if USE_UART1
return uart1_rx(c, len); return uart1_rx(c);
#else #else
return uart3_rx(c, len); return uart3_rx(c);
#endif #endif
} }

2
src/boot_arm.c
View File

@ -364,6 +364,8 @@ void RAMFUNCTION do_boot(const uint32_t *app_offset)
/* Jump to non secure app_entry */ /* Jump to non secure app_entry */
asm volatile("mov r7, %0" ::"r"(app_entry)); asm volatile("mov r7, %0" ::"r"(app_entry));
asm volatile("bic.w r7, r7, #1"); asm volatile("bic.w r7, r7, #1");
/* Re-enable interrupts to allow non-secure OS handlers */
asm volatile("cpsie i");
asm volatile("blxns r7" ); asm volatile("blxns r7" );
# else # else
asm volatile("msr msp, %0" ::"r"(app_end_stack)); asm volatile("msr msp, %0" ::"r"(app_end_stack));

5
test-app/Makefile
View File

@ -157,14 +157,19 @@ ifeq ($(TARGET),stm32h5)
ifeq ($(TZEN),1) ifeq ($(TZEN),1)
LSCRIPT_TEMPLATE=ARM-stm32h5-ns.ld LSCRIPT_TEMPLATE=ARM-stm32h5-ns.ld
APP_OBJS+=wcs/wolfcrypt_secure.o APP_OBJS+=wcs/wolfcrypt_secure.o
APP_OBJS+=../lib/wolfssl/wolfcrypt/src/logging.o
else else
LSCRIPT_TEMPLATE=ARM-stm32h5.ld LSCRIPT_TEMPLATE=ARM-stm32h5.ld
endif endif
CFLAGS+=-DAPP_HAS_SYSTICK
CFLAGS+=-mcpu=cortex-m33 -ffunction-sections -fdata-sections -fno-common CFLAGS+=-mcpu=cortex-m33 -ffunction-sections -fdata-sections -fno-common
LDFLAGS+=-mcpu=cortex-m33 LDFLAGS+=-mcpu=cortex-m33
LDFLAGS+=-Wl,-gc-sections -Wl,-Map=image.map LDFLAGS+=-Wl,-gc-sections -Wl,-Map=image.map
CFLAGS+=-I.. CFLAGS+=-I..
APP_OBJS+=../hal/uart/uart_drv_$(UART_TARGET).o APP_OBJS+=../hal/uart/uart_drv_$(UART_TARGET).o
APP_OBJS+=../src/flash_otp_keystore.o
APP_OBJS+=../lib/wolfssl/wolfcrypt/benchmark/benchmark.o
APP_OBJS+=../lib/wolfssl/wolfcrypt/test/test.o
endif endif
ifeq ($(TARGET),stm32u5) ifeq ($(TARGET),stm32u5)

501
test-app/app_stm32h5.c
View File

@ -25,10 +25,14 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include <sys/stat.h>
#include "system.h" #include "system.h"
#include "hal.h" #include "hal.h"
#include "uart_drv.h" #include "uart_drv.h"
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "wolfcrypt/benchmark/benchmark.h"
#include "wolfcrypt/test/test.h"
#include "keystore.h"
#ifdef SECURE_PKCS11 #ifdef SECURE_PKCS11
#include "wcs/user_settings.h" #include "wcs/user_settings.h"
@ -39,6 +43,8 @@ extern const char pkcs11_library_name[];
extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList; extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList;
#endif #endif
volatile unsigned int jiffies = 0;
#define LED_BOOT_PIN (4) /* PG4 - Nucleo - Red Led */ #define LED_BOOT_PIN (4) /* PG4 - Nucleo - Red Led */
#define LED_USR_PIN (0) /* PB0 - Nucleo - Green Led */ #define LED_USR_PIN (0) /* PB0 - Nucleo - Green Led */
#define LED_EXTRA_PIN (4) /* PF4 - Nucleo - Orange Led */ #define LED_EXTRA_PIN (4) /* PF4 - Nucleo - Orange Led */
@ -49,7 +55,6 @@ extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList;
#define GPIOB_BASE 0x42020400 #define GPIOB_BASE 0x42020400
#define GPIOF_BASE 0x42021400 #define GPIOF_BASE 0x42021400
#define GPIOG_MODER (*(volatile uint32_t *)(GPIOG_BASE + 0x00)) #define GPIOG_MODER (*(volatile uint32_t *)(GPIOG_BASE + 0x00))
#define GPIOG_PUPDR (*(volatile uint32_t *)(GPIOG_BASE + 0x0C)) #define GPIOG_PUPDR (*(volatile uint32_t *)(GPIOG_BASE + 0x0C))
#define GPIOG_BSRR (*(volatile uint32_t *)(GPIOG_BASE + 0x18)) #define GPIOG_BSRR (*(volatile uint32_t *)(GPIOG_BASE + 0x18))
@ -68,6 +73,35 @@ extern const CK_FUNCTION_LIST wolfpkcs11nsFunctionList;
#define GPIOB_AHB2ENR1_CLOCK_ER (1 << 1) #define GPIOB_AHB2ENR1_CLOCK_ER (1 << 1)
#define GPIOD_AHB2ENR1_CLOCK_ER (1 << 3) #define GPIOD_AHB2ENR1_CLOCK_ER (1 << 3)
/* SysTick */
static uint32_t cpu_freq = 250000000;
#define SYSTICK_BASE (0xE000E010)
#define SYSTICK_CSR (*(volatile uint32_t *)(SYSTICK_BASE + 0x00))
#define SYSTICK_RVR (*(volatile uint32_t *)(SYSTICK_BASE + 0x04))
#define SYSTICK_CVR (*(volatile uint32_t *)(SYSTICK_BASE + 0x08))
#define SYSTICK_CALIB (*(volatile uint32_t *)(SYSTICK_BASE + 0x0C))
int clock_gettime (clockid_t clock_id, struct timespec *tp)
{
(void)clock_id;
tp->tv_sec = jiffies / 1000;
tp->tv_nsec = (jiffies % 1000) * 1000000;
return 0;
}
static void systick_enable(void)
{
SYSTICK_RVR = ((cpu_freq / 1000) - 1);
SYSTICK_CVR = 0;
SYSTICK_CSR |= 0x07;
}
void isr_systick(void)
{
jiffies++;
}
static void boot_led_on(void) static void boot_led_on(void)
{ {
uint32_t reg; uint32_t reg;
@ -133,6 +167,298 @@ static uint8_t my_pubkey[200];
extern int ecdsa_sign_verify(int devId); extern int ecdsa_sign_verify(int devId);
/* Command line commands */
static int cmd_help(const char *args);
static int cmd_info(const char *args);
static int cmd_success(const char *args);
static int cmd_login_pkcs11(const char *args);
static int cmd_random(const char *args);
static int cmd_benchmark(const char *args);
static int cmd_test(const char *args);
static int cmd_timestamp(const char *args);
#define CMD_BUFFER_SIZE 256
#define CMD_NAME_MAX 64
/* Command parser */
struct console_command {
int (*fn)(const char *args);
const char name[CMD_NAME_MAX];
const char help[CMD_BUFFER_SIZE];
};
struct console_command COMMANDS[] =
{
{ cmd_help, "help", "shows this help message"},
{ cmd_info, "info", "display information about the system and partitions"},
{ cmd_success, "success", "confirm a successful update"},
{ cmd_login_pkcs11, "pkcs11", "enable and test crypto calls with PKCS11 in secure mode" },
{ cmd_random, "random", "generate a random number"},
{ cmd_timestamp, "timestamp", "print the current timestamp"},
{ cmd_benchmark, "benchmark", "run the wolfCrypt benchmark"},
{ cmd_test, "test", "run the wolfCrypt test"},
{ NULL, "", ""}
};
static int cmd_help(const char *args)
{
int i;
for (i = 0;; i++) {
if(COMMANDS[i].fn == NULL)
break;
printf("%s : %s\r\n", COMMANDS[i].name, COMMANDS[i].help);
}
return 0;
}
static int cmd_info(const char *args)
{
int i, j;
uint32_t cur_fw_version, update_fw_version;
uint32_t n_keys;
uint16_t hdrSz;
cur_fw_version = wolfBoot_current_firmware_version();
update_fw_version = wolfBoot_update_firmware_version();
printf("\r\n");
printf("System information\r\n");
printf("====================================\r\n");
printf("Firmware version : 0x%lx\r\n", wolfBoot_current_firmware_version());
if (update_fw_version != 0) {
printf("Candidate firmware version : 0x%lx\r\n", update_fw_version);
} else {
printf("No image in update partition.\r\n");
}
printf("\r\n");
printf("Bootloader OTP keystore information\r\n");
printf("====================================\r\n");
n_keys = keystore_num_pubkeys();
printf("Number of public keys: %lu\r\n", n_keys);
for (i = 0; i < n_keys; i++) {
uint32_t size = keystore_get_size(i);
uint32_t type = keystore_get_key_type(i);
uint32_t mask = keystore_get_mask(i);
uint8_t *keybuf = keystore_get_buffer(i);
printf("\r\n");
printf(" Public Key #%d: size %lu, type %lx, mask %08lx\r\n", i,
size, type, mask);
printf(" ====================================\r\n ");
for (j = 0; j < size; j++) {
printf("%02X ", keybuf[j]);
if (j % 16 == 15) {
printf("\r\n ");
}
}
printf("\r\n");
}
return 0;
}
static int cmd_success(const char *args)
{
wolfBoot_success();
printf("update success confirmed.\r\n");
return 0;
}
static int cmd_random(const char *args)
{
WC_RNG rng;
int ret;
uint32_t rand;
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("Failed to initialize RNG\r\n");
return -1;
}
ret = wc_RNG_GenerateBlock(&rng, (byte *)&rand, sizeof(rand));
if (ret != 0) {
printf("Failed to generate random number\r\n");
wc_FreeRng(&rng);
return -1;
}
printf("Today's lucky number: 0x%08lX\r\n", rand);
printf("Brought to you by wolfCrypt's DRBG fed by HW TRNG in Secure world\r\n");
wc_FreeRng(&rng);
return 0;
}
static int cmd_timestamp(const char *args)
{
struct timespec tp = {};
clock_gettime(0, &tp);
printf("Current timestamp: %llu.%03lu\r\n", tp.tv_sec, tp.tv_nsec/1000000);
printf("Current systick: %u\r\n", jiffies);
printf("VTOR: %08lx\r\n", (*(volatile uint32_t *)(0xE000ED08)));
return 0;
}
static int cmd_login_pkcs11(const char *args)
{
int ret = -1;
unsigned int devId = 0;
Pkcs11Token token;
Pkcs11Dev PKCS11_d;
unsigned long session;
char TokenPin[] = "0123456789ABCDEF";
char UserPin[] = "ABCDEF0123456789";
char SoPinName[] = "SO-PIN";
static int pkcs11_initialized = 0;
if (pkcs11_initialized) {
printf("PKCS11 already initialized.\r\n");
return 0;
}
#ifdef SECURE_PKCS11
printf("PKCS11 Login\r\n");
printf("Initializing wolfCrypt...");
fflush(stdout);
wolfCrypt_Init();
printf("Done.\r\n");
PKCS11_d.heap = NULL,
PKCS11_d.func = (CK_FUNCTION_LIST *)&wolfpkcs11nsFunctionList;
printf("Initializing EccKey token...");
fflush(stdout);
ret = wc_Pkcs11Token_Init(&token, &PKCS11_d, 1, "EccKey",
(const byte*)TokenPin, strlen(TokenPin));
if (ret == 0) {
printf("Done.\r\n");
printf("Retrieving crypto engine function list...");
fflush(stdout);
ret = wolfpkcs11nsFunctionList.C_OpenSession(1,
CKF_SERIAL_SESSION | CKF_RW_SESSION,
NULL, NULL, &session);
}
if (ret == 0) {
printf("Done.\r\n");
printf("Initializing token...");
fflush(stdout);
ret = wolfpkcs11nsFunctionList.C_InitToken(1,
(byte *)TokenPin, strlen(TokenPin), (byte *)SoPinName);
}
if (ret == 0) {
printf("Done.\r\n");
printf("Logging in as SO...");
ret = wolfpkcs11nsFunctionList.C_Login(session, CKU_SO,
(byte *)TokenPin,
strlen(TokenPin));
}
if (ret == 0) {
extra_led_on();
printf("Done.\r\n");
printf("Setting PIN...");
ret = wolfpkcs11nsFunctionList.C_InitPIN(session,
(byte *)TokenPin,
strlen(TokenPin));
}
if (ret == 0) {
printf("Done.\r\n");
printf("Logging out...");
ret = wolfpkcs11nsFunctionList.C_Logout(session);
}
if (ret == 0) {
printf("Done.\r\n");
printf("Registering crypto calls with wolfCrypt...");
ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
&token);
}
if (ret == 0) {
printf("Done.\r\n");
#ifdef HAVE_ECC
printf("Testing ECC...");
ret = ecdsa_sign_verify(devId);
if (ret != 0) {
ret = -1;
printf("Failed.\r\n");
}
else {
usr_led_on();
printf("Done.\r\n");
}
#endif
}
#endif /* SECURE_PKCS11 */
if (ret == 0) {
printf("PKCS11 initialization completed successfully.\r\n");
pkcs11_initialized = 1;
}
return ret;
}
static int cmd_benchmark(const char *args)
{
benchmark_test(NULL);
return 0;
}
/* Test command */
static int cmd_test(const char *args)
{
wolfcrypt_test(NULL);
return 0;
}
static int parse_cmd(const char *cmd)
{
int retval = -2;
int i;
for (i = 0;; i++) {
if(COMMANDS[i].fn == NULL)
break;
if (strncmp(cmd, COMMANDS[i].name, strlen(COMMANDS[i].name)) == 0) {
retval = COMMANDS[i].fn(cmd);
break;
}
}
return retval;
}
/* Main loop reading commands from UART */
static void console_loop(void)
{
int ret;
int idx = 0;
char cmd[CMD_BUFFER_SIZE];
char c;
while (1) {
printf("\r\n");
printf("cmd> ");
fflush(stdout);
idx = 0;
do {
ret = uart_rx((uint8_t *)&c);
if (ret > 0) {
if (c == '\r')
break;
cmd[idx++] = c;
}
} while (idx < (CMD_BUFFER_SIZE - 1));
if (idx > 0) {
cmd[idx] = 0;
if (parse_cmd(cmd) == -2) {
printf("Unknown command\r\n");
}
}
}
}
void main(void) void main(void)
{ {
@ -141,94 +467,113 @@ void main(void)
uint32_t i; uint32_t i;
uint32_t klen = 200; uint32_t klen = 200;
int otherkey_slot; int otherkey_slot;
unsigned int devId = 0; uint32_t app_version;
#ifdef SECURE_PKCS11
WC_RNG rng;
Pkcs11Token token;
Pkcs11Dev PKCS11_d;
unsigned long session;
char TokenPin[] = "0123456789ABCDEF";
char UserPin[] = "ABCDEF0123456789";
char SoPinName[] = "SO-PIN";
#endif
/* Turn on boot LED */ /* Turn on boot LED */
boot_led_on(); boot_led_on();
/* Enable SysTick */
systick_enable();
app_version = wolfBoot_current_firmware_version();
uart_init(115200, 8, 'N', 1); uart_init(115200, 8, 'N', 1);
for (i = 0; i < 10000; i++) { printf("========================\r\n");
uart_tx('T'); printf("STM32H5 wolfBoot demo Application\r\n");
uart_tx('E'); printf("Copyright 2024 wolfSSL Inc\r\n");
uart_tx('S'); printf("GPL v3\r\n");
uart_tx('T'); printf("Version : 0x%lx\r\n", app_version);
uart_tx('\r'); printf("========================\r\n");
}
#ifdef SECURE_PKCS11 console_loop();
wolfCrypt_Init();
PKCS11_d.heap = NULL,
PKCS11_d.func = (CK_FUNCTION_LIST *)&wolfpkcs11nsFunctionList;
ret = wc_Pkcs11Token_Init(&token, &PKCS11_d, 1, "EccKey",
(const byte*)TokenPin, strlen(TokenPin));
if (ret == 0) {
ret = wolfpkcs11nsFunctionList.C_OpenSession(1,
CKF_SERIAL_SESSION | CKF_RW_SESSION,
NULL, NULL, &session);
}
if (ret == 0) {
ret = wolfpkcs11nsFunctionList.C_InitToken(1,
(byte *)TokenPin, strlen(TokenPin), (byte *)SoPinName);
}
if (ret == 0) {
extra_led_on();
ret = wolfpkcs11nsFunctionList.C_Login(session, CKU_SO,
(byte *)TokenPin,
strlen(TokenPin));
}
if (ret == 0) {
ret = wolfpkcs11nsFunctionList.C_InitPIN(session,
(byte *)TokenPin,
strlen(TokenPin));
}
if (ret == 0) {
ret = wolfpkcs11nsFunctionList.C_Logout(session);
}
if (ret != 0) {
while(1)
;
}
if (ret == 0) {
ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb,
&token);
if (ret != 0) {
while(1)
;
}
if (ret == 0) {
#ifdef HAVE_ECC
ret = ecdsa_sign_verify(devId);
if (ret != 0)
ret = 1;
else
usr_led_on();
#endif
}
wc_Pkcs11Token_Final(&token);
}
#else
/* Check if version > 1 and turn on user led */
if (wolfBoot_current_firmware_version() > 1) {
usr_led_on();
}
#endif /* SECURE_PKCS11 */
while(1) while(1)
; ;
/* Never reached */ /* Never reached */
} }
/* Syscall helpers + UART interface for printf */
int _getpid(void)
{
return 1;
}
int _kill(int pid, int sig)
{
(void)pid;
(void)sig;
return -1;
}
void _exit (int status)
{
_kill(status, -1);
while (1) {} /* Make sure we hang here */
}
__attribute__((weak)) int _read(int file, char *ptr, int len)
{
(void)file;
int DataIdx;
int ret;
for (DataIdx = 0; DataIdx < len; DataIdx++)
{
do {
ret = uart_rx((uint8_t *)ptr);
if (ret > 0)
ptr++;
} while (ret == 0);
if (ret == 0)
break;
}
return DataIdx;
}
int _write(int file, char *ptr, int len)
{
(void)file;
int DataIdx;
for (DataIdx = 0; DataIdx < len; DataIdx++)
{
uart_tx(*ptr++);
}
return len;
}
int _close(int file)
{
(void)file;
return -1;
}
int _isatty(int file)
{
(void)file;
return 1;
}
int _lseek(int file, int ptr, int dir)
{
(void)file;
(void)ptr;
(void)dir;
return 0;
}
int _fstat(int file, struct stat *st)
{
(void)file;
st->st_mode = S_IFCHR;
return 0;
}

8
test-app/startup_arm.c
View File

@ -33,6 +33,10 @@ extern unsigned int _start_heap;
extern void isr_tim2(void); extern void isr_tim2(void);
#endif #endif
#ifdef APP_HAS_SYSTICK
extern void isr_systick(void);
#endif
#ifndef STACK_PAINTING #ifndef STACK_PAINTING
#define STACK_PAINTING 0 #define STACK_PAINTING 0
#endif #endif
@ -127,7 +131,11 @@ void (* const IV[])(void) =
isr_empty, // DebugMonitor isr_empty, // DebugMonitor
0, // reserved 0, // reserved
isr_empty, // PendSV isr_empty, // PendSV
#ifdef APP_HAS_SYSTICK
isr_systick, // SysTick
#else
isr_empty, // SysTick isr_empty, // SysTick
#endif
/* Device specific IRQs for LM3S */ /* Device specific IRQs for LM3S */

2
test-app/wcs/user_settings.h
View File

@ -132,8 +132,6 @@ extern int tolower(int c);
#define NO_ERROR_STRINGS #define NO_ERROR_STRINGS
#define BENCH_EMBEDDED #define BENCH_EMBEDDED
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK
#define CUSTOM_RAND_GENERATE_BLOCK wcs_get_random #define CUSTOM_RAND_GENERATE_BLOCK wcs_get_random