WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,956 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

18 Commits (bigbrett-patch-2)

Author SHA1 Message Date
Daniele Lacamera cc447ea879 Support for hybrid authentication (2 ciphers) 2024-10-30 13:17:06 +01:00
Daniele Lacamera f90197044a Added missing symbol to compile tpmtools 2024-10-30 10:28:21 +01:00
David Garske 080dae0125 Fixes to properly support TPM policy with more than one PCR. 2024-09-10 20:53:10 +02:00
Marco Oliverio abee55e7f5 tpm: policy_sign: fix: modulo by zero 2024-04-23 10:55:42 +02:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
Daniele Lacamera 12f8f75c89 Add `HAVE_NETDB_H` to tpmtools and sim-wolfboot 2024-04-10 12:45:52 +02:00
David Garske b1ff7b0d95 Fix return code to avoid TLS/SSL header use. Fixed in https://github.com/wolfSSL/wolftpm/pull/308 2023-12-27 15:06:26 -08:00
Daniele Lacamera f8ab11eede [tpmtools] Added missing include to policy_sign 2023-12-27 12:44:09 +01:00
David Garske 3eb41afa85 Fixes for ECC sign where the r/s is does not match key size and needs zero padded. 2023-11-29 22:24:07 +01:00
David Garske eb2978ab7f TPM sealing cleanups. If using simulator don't extend the unseal PCR to prevent further access. Added `WOLFBOOT_NO_UNSEAL_PCR_EXTEND` option to prevent locking of PCR by random extend. Improvements to the `policy_sign` tool (example usage, ecc384 support). 2023-10-06 13:34:37 -07:00
Marco Oliverio 9aad079c85 tools/tpm: add policy_sign tool 
The tool is based on the code from wolfTPM/examples/pcr/policy_sign.c
 2023-09-28 13:12:26 +02:00
Daniele Lacamera f28eec1b90 stage1: add TPM support 2023-09-28 13:12:26 +02:00
Marco Oliverio 9722f2e2e1 tools/tpm: fix name in license header 2023-09-28 13:12:26 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
David Garske 95b0d9090d Fixes for building TPM keystore with arch x86_64. 2023-08-24 16:38:20 +02:00
David Garske 9ca58248e4 Adding GitHub Action for testing TPM features. 2023-08-17 13:43:58 +02:00