WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'master' into psoc6_hwcrypto

psoc6_hwcrypto
Daniele Lacamera 2020-06-16 09:36:54 +02:00
parent ec3234bf6b e5752249cb
commit d21dfc2778
5 changed files with 99 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -35,9 +35,6 @@ The bootloader consists of the following components:
- The core bootloader
- A small application library used by the application to interact with the bootloader [src/libwolfboot.c](src/libwolfboot.c)
Only ARM Cortex-M boot mechanism is supported at this stage. Support for more architectures and
microcontrollers will be added later. Relocating the interrupt vector can be disabled if needed.
## Integrating wolfBoot in an existing project
### Required steps

78
hal/stm32wb.c
View File

@ -97,7 +97,8 @@ PKA_HandleTypeDef hpka = { };
#define FLASH_ACR_LATENCY_MASK (0x07)
#ifndef WOLFSSL_STM32_PKA
#define FLASH_SR_BSY (1 << 16)
#define FLASH_SR_BSY (1 << 16)
#define FLASH_SR_CFGBSY (1 << 18)
#define FLASH_SR_SIZERR (1 << 6)
#define FLASH_SR_PGAERR (1 << 5)
#define FLASH_SR_WRPERR (1 << 4)
@ -109,11 +110,12 @@ PKA_HandleTypeDef hpka = { };
#define FLASH_CR_PER (1 << 1)
#define FLASH_CR_PG (1 << 0)
#define FLASH_CR_FSTPG (1 << 18)
#endif /* !WOLFSSL_STM32_PKA */
#define FLASH_CR_PNB_SHIFT 3
#define FLASH_CR_PNB_MASK 0x3f
#define FLASH_CR_PNB_MASK 0xFF
#define FLASH_KEY1 (0x45670123)
#define FLASH_KEY2 (0xCDEF89AB)
@ -128,7 +130,7 @@ static void RAMFUNCTION flash_set_waitstates(unsigned int waitstates)
static RAMFUNCTION void flash_wait_complete(void)
{
while ((FLASH_SR & FLASH_SR_BSY) == FLASH_SR_BSY)
while ((FLASH_SR & (FLASH_SR_BSY | FLASH_SR_CFGBSY)) != 0)
;
}
@ -137,21 +139,50 @@ static void RAMFUNCTION flash_clear_errors(void)
FLASH_SR |= ( FLASH_SR_SIZERR | FLASH_SR_PGAERR | FLASH_SR_WRPERR | FLASH_SR_PROGERR);
}
void RAMFUNCTION hal_flash_unlock(void)
{
flash_wait_complete();
if ((FLASH_CR & FLASH_CR_LOCK) != 0) {
FLASH_KEY = FLASH_KEY1;
DMB();
FLASH_KEY = FLASH_KEY2;
DMB();
while ((FLASH_CR & FLASH_CR_LOCK) != 0)
;
}
}
void RAMFUNCTION hal_flash_lock(void)
{
flash_wait_complete();
if ((FLASH_CR & FLASH_CR_LOCK) == 0)
FLASH_CR |= FLASH_CR_LOCK;
}
int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
{
int i = 0;
uint32_t *src, *dst;
uint32_t pdword[2] __attribute__((aligned(16)));
uint32_t reg;
flash_clear_errors();
FLASH_CR |= FLASH_CR_PG;
reg = FLASH_CR & (~FLASH_CR_FSTPG);
FLASH_CR = reg | FLASH_CR_PG;
while (i < len) {
flash_clear_errors();
if ((len - i > 3) && ((((address + i) & 0x07) == 0) && ((((uint32_t)data) + i) & 0x07) == 0)) {
uint32_t idx = i >> 2;
src = (uint32_t *)data;
dst = (uint32_t *)(address + FLASHMEM_ADDRESS_SPACE);
dst = (uint32_t *)(address);
pdword[0] = src[idx];
pdword[1] = src[idx + 1];
flash_wait_complete();
dst[i >> 2] = src[i >> 2];
dst[(i >> 2) + 1] = src[(i >> 2) + 1];
dst[idx] = pdword[0];
dst[idx + 1] = pdword[1];
flash_wait_complete();
i+=8;
} else {
@ -176,42 +207,26 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
return 0;
}
void RAMFUNCTION hal_flash_unlock(void)
{
flash_wait_complete();
if ((FLASH_CR & FLASH_CR_LOCK) != 0) {
FLASH_KEY = FLASH_KEY1;
DMB();
FLASH_KEY = FLASH_KEY2;
DMB();
while ((FLASH_CR & FLASH_CR_LOCK) != 0)
;
}
}
void RAMFUNCTION hal_flash_lock(void)
{
flash_wait_complete();
if ((FLASH_CR & FLASH_CR_LOCK) == 0)
FLASH_CR |= FLASH_CR_LOCK;
}
int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
{
int start = -1, end = -1;
uint32_t end_address;
uint32_t p;
if (len == 0)
return -1;
address -= FLASHMEM_ADDRESS_SPACE;
end_address = address + len - 1;
flash_wait_complete();
for (p = address; p < end_address; p += FLASH_PAGE_SIZE) {
uint32_t reg = FLASH_CR & (~(FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT));
FLASH_CR = reg | ((p >> 12) << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER | FLASH_CR_PG;
uint32_t reg;
flash_clear_errors();
reg = FLASH_CR & ~((FLASH_CR_PNB_MASK << FLASH_CR_PNB_SHIFT) | FLASH_CR_FSTPG | FLASH_CR_PG);
FLASH_CR = reg | ((p >> 12) << FLASH_CR_PNB_SHIFT) | FLASH_CR_PER;
DMB();
FLASH_CR |= FLASH_CR_STRT;
DMB();
flash_wait_complete();
FLASH_CR &= ~(FLASH_CR_PER | FLASH_CR_PG);
FLASH_CR &= ~(FLASH_CR_PER);
}
return 0;
}
@ -310,7 +325,6 @@ void hal_prepare_boot(void)
#ifdef SPI_FLASH
spi_release();
#endif
hal_flash_lock();
clock_pll_off();
}

2
tools/keytools/keygen.c
View File

@ -301,7 +301,7 @@ int main(int argc, char** argv)
fclose(f);
printf("** Warning: key file already exist! Are you sure you want to generate a new key and overwrite the existing key? [Type 'Yes, I am sure!']: ");
fflush(stdout);
gets(reply);
scanf("%s", reply);
printf("Reply is [%s]\n", reply);
if (strcmp(reply, "Yes, I am sure!") != 0) {
printf("Operation aborted by user.");

46
tools/keytools/sign.c
View File

@ -103,7 +103,7 @@ static void header_append_u16(uint8_t* header, uint32_t* idx, uint16_t tmp16)
memcpy(&header[*idx], &tmp16, sizeof(tmp16));
*idx += sizeof(tmp16);
}
static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag,
static void header_append_tag(uint8_t* header, uint32_t* idx, uint16_t tag,
uint16_t len, void* data)
{
header_append_u16(header, idx, tag);
@ -227,7 +227,7 @@ int main(int argc, char** argv)
if (tmpstr) {
*tmpstr = '\0'; /* null terminate at last "." */
}
snprintf(output_image_file, sizeof(output_image_file), "%s_v%s_%s.bin",
snprintf(output_image_file, sizeof(output_image_file), "%s_v%s_%s.bin",
(char*)buf, fw_version, sha_only ? "digest" : "signed");
printf("Update type: %s\n", self_update ? "wolfBoot" : "Firmware");
@ -256,14 +256,34 @@ int main(int argc, char** argv)
}
/* key type "auto" selection */
if (key_buffer_sz == 64) {
if (sign == SIGN_ECC256) {
printf("Error: key size does not match the cipher selected\n");
if (key_buffer_sz == 32) {
if ((sign != SIGN_ED25519) && !manual_sign && !sha_only ) {
printf("Error: key too short for cipher\n");
goto exit;
}
if (sign == SIGN_AUTO) {
if (sign == SIGN_AUTO && (manual_sign || sha_only)) {
printf("ed25519 public key autodetected\n");
sign = SIGN_ED25519;
printf("ed25519 key autodetected\n");
}
}
else if (key_buffer_sz == 64) {
if (sign == SIGN_ECC256) {
if (!manual_sign && !sha_only) {
printf("Error: key size does not match the cipher selected\n");
goto exit;
} else {
printf("ECC256 public key detected\n");
}
}
if (sign == SIGN_AUTO) {
if (!manual_sign && !sha_only) {
sign = SIGN_ED25519;
printf("ed25519 key autodetected\n");
} else {
sign = SIGN_ECC256;
printf("ecc256 public key autodetected\n");
}
}
}
else if (key_buffer_sz == 96) {
@ -298,7 +318,7 @@ int main(int argc, char** argv)
}
/* get header and signature sizes */
if (sign == SIGN_ED25519) {
if (sign == SIGN_ED25519) {
header_sz = 256;
signature_sz = 64;
}
@ -323,7 +343,7 @@ int main(int argc, char** argv)
if (!sha_only && !manual_sign) {
/* import (decode) private key for signing */
if (sign == SIGN_ED25519) {
#ifdef HAVE_ED25519
#ifdef HAVE_ED25519
ret = wc_ed25519_init(&key.ed);
if (ret == 0) {
pubkey = key_buffer + ED25519_KEY_SIZE;
@ -336,7 +356,7 @@ int main(int argc, char** argv)
#ifdef HAVE_ECC
ret = wc_ecc_init(&key.ecc);
if (ret == 0) {
ret = wc_ecc_import_unsigned(&key.ecc, &key_buffer[0], &key_buffer[32],
ret = wc_ecc_import_unsigned(&key.ecc, &key_buffer[0], &key_buffer[32],
&key_buffer[64], ECC_SECP256R1);
if (ret == 0) {
pubkey = key_buffer; /* first 64 bytes is public porition */
@ -405,7 +425,7 @@ int main(int argc, char** argv)
/* Append Version field */
fw_version32 = strtol(fw_version, NULL, 10);
header_append_tag(header, &header_idx, HDR_VERSION, HDR_VERSION_LEN,
header_append_tag(header, &header_idx, HDR_VERSION, HDR_VERSION_LEN,
&fw_version32);
/* Append Four pad bytes, so timestamp is aligned */
@ -413,14 +433,14 @@ int main(int argc, char** argv)
/* Append Timestamp field */
stat(image_file, &attrib);
header_append_tag(header, &header_idx, HDR_TIMESTAMP, HDR_TIMESTAMP_LEN,
header_append_tag(header, &header_idx, HDR_TIMESTAMP, HDR_TIMESTAMP_LEN,
&attrib.st_ctime);
/* Append Image type field */
image_type = (uint16_t)sign;
if (!self_update)
image_type |= HDR_IMG_TYPE_APP;
header_append_tag(header, &header_idx, HDR_IMG_TYPE, HDR_IMG_TYPE_LEN,
header_append_tag(header, &header_idx, HDR_IMG_TYPE, HDR_IMG_TYPE_LEN,
&image_type);
/* Six pad bytes, Sha-3 requires 8-byte alignment. */

24
tools/keytools/sign.py
View File

@ -135,13 +135,27 @@ else:
kf = open(key_file, "rb")
wolfboot_key_buffer = kf.read(4096)
wolfboot_key_buffer_len = len(wolfboot_key_buffer)
if wolfboot_key_buffer_len == 64:
if (sign == 'ecc256'):
print("Error: key size does not match the cipher selected")
if wolfboot_key_buffer_len == 32:
if (sign != 'ed25519' and not manual_sign and not sha_only):
print("Error: key too short for cipher")
sys.exit(1)
if sign == 'auto':
elif sign == 'auto' and (manual_sign or sha_only):
sign = 'ed25519'
print("'ed25519' key autodetected.")
print("'ed25519' public key autodetected.")
elif wolfboot_key_buffer_len == 64:
if (sign == 'ecc256'):
if not manual_sign and not sha_only:
print("Error: key size does not match the cipher selected")
sys.exit(1)
else:
print("Ecc256 public key detected")
if sign == 'auto':
if (manual_sign or sha_only):
sign = 'ecc256'
print("'ecc256' public key autodetected.")
else:
sign = 'ed25519'
print("'ed25519' key autodetected.")
elif wolfboot_key_buffer_len == 96:
if (sign == 'ed25519'):
print("Error: key size does not match the cipher selected")