WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

stage1: add TPM support

pull/374/head
Daniele Lacamera 2023-08-22 07:46:26 +02:00 committed by Daniele Lacamera
parent 9722f2e2e1
commit f28eec1b90
7 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile
View File

@ -175,6 +175,11 @@ tpmtools: keys
@$(MAKE) -C tools/tpm -s clean @$(MAKE) -C tools/tpm -s clean
@$(MAKE) -C tools/tpm -j @$(MAKE) -C tools/tpm -j
swtpmtools:
@echo "Building TPM tools"
@$(MAKE) -C tools/tpm -s clean
@$(MAKE) -C tools/tpm -j swtpm
test-app/image_v1_signed.bin: $(BOOT_IMG) test-app/image_v1_signed.bin: $(BOOT_IMG)
@echo "\t[SIGN] $(BOOT_IMG)" @echo "\t[SIGN] $(BOOT_IMG)"
$(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1 $(Q)(test $(SIGN) = NONE) || "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) 1

5
config/examples/x86_fsp_qemu_tpm.config
View File

@ -1,6 +1,6 @@
ARCH=x86_64 ARCH=x86_64
TARGET=x86_fsp_qemu TARGET=x86_fsp_qemu
WOLFBOOT_SMALL_STACK=1 WOLFBOOT_SMALL_STACK=0
SIGN?=ECC384 SIGN?=ECC384
HASH?=SHA384 HASH?=SHA384
DEBUG=1 DEBUG=1
@ -10,6 +10,9 @@ ENCRYPTION=0
WOLFBOOT_NO_PARTITIONS=1 WOLFBOOT_NO_PARTITIONS=1
WOLFTPM=1 WOLFTPM=1
# Measured boot
WOLFBOOT_MEASURED_BOOT=1
# TPM Keystore options # TPM Keystore options
#WOLFBOOT_TPM_KEYSTORE?=1 #WOLFBOOT_TPM_KEYSTORE?=1
#WOLFBOOT_TPM_KEYSTORE_NV_BASE?=0x01800200 #WOLFBOOT_TPM_KEYSTORE_NV_BASE?=0x01800200

1
include/tpm.h
View File

@ -24,6 +24,7 @@
#ifdef WOLFBOOT_TPM #ifdef WOLFBOOT_TPM
#include <image.h>
#include "wolftpm/tpm2.h" #include "wolftpm/tpm2.h"
#include "wolftpm/tpm2_wrap.h" #include "wolftpm/tpm2_wrap.h"

4
src/boot_x86_fsp.c
View File

@ -37,6 +37,10 @@
#include "wolfboot/wolfboot.h" #include "wolfboot/wolfboot.h"
#include "image.h" #include "image.h"
#ifdef WOLFBOOT_TPM
#include <loader.h>
#endif
#define WOLFBOOT_X86_STACK_SIZE 0x10000 #define WOLFBOOT_X86_STACK_SIZE 0x10000

18
stage1/Makefile
View File

@ -43,14 +43,27 @@ ELF=0
MULTIBOOT2=0 MULTIBOOT2=0
LINUX_PAYLOAD=0 LINUX_PAYLOAD=0
## Architecture/CPU configuration ## Architecture/CPU configuration
include ../arch.mk include ../arch.mk
# Parse config options # Parse config options
include ../options.mk include ../options.mk
ifeq ($(WOLFTPM),1)
LS1_OBJS += \
tpm_io.o \
tpm2.o \
tpm2_packet.o \
tpm2_tis.o \
tpm2_wrap.o \
tpm2_param_enc.o \
image.o
endif
CFLAGS+= \ CFLAGS+= \
-I".." -I"../include/" -I"../lib/wolfssl" -I"../lib/wolfTPM" \ -I".." -I"../include/" -I"../lib/wolfssl" \
-I"../lib/wolfTPM" \
-D"WOLFSSL_USER_SETTINGS" \ -D"WOLFSSL_USER_SETTINGS" \
-D"WOLFTPM_USER_SETTINGS" \ -D"WOLFTPM_USER_SETTINGS" \
-D"PLATFORM_$(TARGET)" \ -D"PLATFORM_$(TARGET)" \
@ -96,8 +109,7 @@ BUILD_DIR=.
LS1_OBJS=$(addprefix $(BUILD_DIR)/, $(notdir $(OBJS))) LS1_OBJS=$(addprefix $(BUILD_DIR)/, $(notdir $(OBJS)))
vpath %.c ../src vpath %.c ../src
vpath %.c ../hal vpath %.c ../hal
vpath %.c ../lib/wolfssl/wolfcrypt/src vpath %.c ../lib/wolfssl/wolfcrypt/src ../lib/wolfTPM/src
vpath %.c ../lib/wolfTPM/src
vpath %.c ../src/x86 vpath %.c ../src/x86
vpath %.S ../src vpath %.S ../src

3
tools/tpm/Makefile
View File

@ -81,6 +81,9 @@ all: rot policy_create pcr_extend pcr_read pcr_reset
debug: CFLAGS+=$(DEBUG_FLAGS) debug: CFLAGS+=$(DEBUG_FLAGS)
debug: all debug: all
swtpm:CFLAGS+=-DWOLFTPM_SWTPM
swtpm:all
# build objects # build objects
$(OBJDIR)/%.o: %.c $(OBJDIR)/%.o: %.c
$(Q)$(CC) $(CFLAGS) -c -o $@ $< $(Q)$(CC) $(CFLAGS) -c -o $@ $<

4
tools/tpm/rot.c
View File

@ -71,7 +71,11 @@ static int TPM2_Boot_SecureROT_Example(TPMI_RH_NV_AUTH authHandle, word32 nvBase
/* setup the parent handle OWNER/PLATFORM */ /* setup the parent handle OWNER/PLATFORM */
parent.hndl = authHandle; parent.hndl = authHandle;
#ifndef WOLFTPM_ADV_IO
rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL); rc = wolfTPM2_Init(&dev, TPM2_IoCb, NULL);
#else
rc = wolfTPM2_Init(&dev, NULL, NULL);
#endif
if (rc != TPM_RC_SUCCESS) { if (rc != TPM_RC_SUCCESS) {
printf("\nwolfTPM2_Init failed\n"); printf("\nwolfTPM2_Init failed\n");
goto exit; goto exit;