WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,061 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

341 Commits (build-cmake-test)

Author SHA1 Message Date
Marco Oliverio 0f8f30d6b8
Merge pull request #457 from danielinux/otp-regressions 
Fix build OTP options
 2024-06-26 12:07:02 +02:00
David Garske a92c1b9ad9 STM32U5 cache support. Including cache invalidate on `nvm_select_fresh_sector`. ZD 18210 2024-06-25 18:12:47 +02:00
Daniel Pouzzner 441200f469 fix: support DEBUG=0 build 
* build lib/wolfssl/wolfcrypt/src/logging.o unconditionally,
* gate debug printing in do_tpm_selftest() appropriately,
* initialize top_address in src/boot_x86_fsp.c:start() to fix -Wmaybe-uninitialized,
* and add __attribute__((used)) to static src/x86/exceptions.c:common_exception_handler() and _timer_handler() implementations to accommodate asm-only calling;
* fix parallel make: add dependency of stage1/loader_stage1.bin on wolfboot.elf.
* add -ffreestanding -static flags to avoid gcc compiler optimize strings functions

Co-authored-by: Daniel Pouzzner <douzzer@wolfssl.com>
 2024-06-19 09:47:06 +02:00
Daniele Lacamera 391e8d05d8 Fix build OTP options 
- ARMORED option is not needed in otp_primer
- do not attempt to compile otp_primer if the option is not declared
 2024-06-18 15:00:54 +02:00
Daniele Lacamera 4dda0571c7 Fix building PKCS11 Trustzone with any auth algo 2024-05-29 15:05:56 +02:00
David Garske 971cbe0ecc
Merge pull request #449 from danielinux/stm32h7_otp 
Support for OTP Flash as trust anchor for keystore
 2024-05-24 16:34:29 -07:00
Daniele Lacamera 9b378d005b Reviewer requests: fix portability of "packed" 
+ separate object for hal in otp-keystore-primer
 2024-05-24 16:42:07 +02:00
Daniele Lacamera 75cd725c9d Fix linker warnings when building with otp 2024-05-24 16:37:25 +02:00
Marco Oliverio bf55ac1ab5 x86_efi: fixes 
- do not use a custom section for the keystore as it will not be loaded in the
UEFI env
- remove and disable WOLFBOOT_LOAD_ADDRESS
- copy .rodata from .elf to .efi as the new version of gnu-efi ld scripts do
not merge .rodata into .data anymore
- fix typo in compile_efi_linux.sh
 2024-05-20 17:03:16 +02:00
Daniele Lacamera 307e3b426c otp_keystore_primer: fixed provisioning + readonly 2024-05-20 10:58:43 +02:00
Daniele Lacamera 9dd8b7cf97 Renamed FLASH_OTP_ROT to FLASH_OTP_KEYSTORE 2024-05-15 10:55:47 +02:00
Daniele Lacamera 02bfe8a6a1 Added OTP support for STM32H5 2024-05-15 10:55:47 +02:00
Daniele Lacamera 572e1157bc Added "otp-keystore-primer" tool 2024-05-15 10:55:46 +02:00
Daniele Lacamera d1eabc2e31 Keystore module for OTP in FLASH 2024-05-15 10:55:46 +02:00
Daniele Lacamera 62a5b9f8fa Export hal functions for OTP read/write access 2024-05-15 10:55:46 +02:00
David Garske 0ddde6f074
Merge pull request #444 from miyazakh/renesas_rz_rsip 
Add  RSIP use to Renesas RZ support
 2024-05-10 11:52:12 -07:00
David Garske 027c6847e5
Merge pull request #443 from wolfSSL/x86_fsp_backport 
x86 fsp backport
 2024-05-09 07:46:56 -07:00
Daniele Lacamera 3ec982109c STM32H5: added support for TrustZone 
- Unified TZ support for STM32L5, STM32H5, STM32U5
- Fixed/added example configuration files
- Expanded documentation
- Added new configurations to automated tests
 2024-05-09 16:33:40 +02:00
Marco Oliverio a98e74fa33 fix: user_settings.h: fix typo in ECC521 defines 2024-04-29 12:50:37 +02:00
Marco Oliverio ee4747e79c pci: move pcie_retraining_link in boot_x86_fsp 
the function relies a non-general delay() function, so move the function in a
more target-specific file.
 2024-04-29 10:27:42 +02:00
Marco Oliverio 71a43064f6 pci: stage2: uniform parameter-less function prototype 2024-04-29 09:53:49 +02:00
Marco Oliverio 0aa886783f fsp: support stage2_get_parameters() helper 2024-04-29 09:53:49 +02:00
Marco Oliverio e96babef24 refactor: rename stage1.{h,c} in stage2_params.{h,c} 2024-04-29 09:53:49 +02:00
Marco Oliverio 7ce14a242a pci: dump pci bus, lspci format 2024-04-29 09:53:49 +02:00
Marco Oliverio 37fb0aaa2a tpm: include self test wrapper 2024-04-29 09:53:49 +02:00
Marco Oliverio 8dc8c8ca22 fsp: tgl: retraing 0.6.0 link after SiliconInit 2024-04-29 09:53:49 +02:00
Marco Oliverio 7a72bc719b ata: support master password in ata_security_erase_unit() 2024-04-29 09:53:49 +02:00
Marco Oliverio 85d6437433 ata: enable to compare against master password 2024-04-29 09:53:49 +02:00
Marco Oliverio 992bb4c13d ata: support aync ATA command operation 
only one operation at the time at driver level is allowed.
 2024-04-29 09:53:49 +02:00
Marco Oliverio e90ddcaadc ata: add missing prototypes 2024-04-29 09:53:49 +02:00
Marco Oliverio 2d67742be9 x86: ahci: make freeze optional in sata_unlock_disk 2024-04-29 09:53:49 +02:00
Marco Oliverio 4bbe43e222 x86: support cpu exceptions 2024-04-29 09:53:49 +02:00
Hideki Miyazaki 7725cc1a8b initial support Renesas RZ with RSIP 2024-04-26 07:28:07 +09:00
Marco Oliverio e7a626223a gpt: support partition label 2024-04-24 17:07:35 +02:00
Marco Oliverio 7247d1184b x86: sata: separate sata_unlock_disk() as a separate operation 2024-04-24 10:50:50 +02:00
Marco Oliverio 7f4db8247c user_settings: allow multiples HAVE_ECC* defines 2024-04-23 10:42:07 +02:00
David Garske a553dc9943
Merge pull request #436 from danielinux/prepare-release-2.1.0 
Release 2.1.0: Updated ChangeLog and version.h
 2024-04-16 11:29:03 -07:00
Daniele Lacamera 0581d9920d Updated ChangeLog and version.h 2024-04-16 19:42:54 +02:00
David Garske a37a816693
Merge pull request #433 from danielinux/gpl3 
Update license GPL2 -> GPL3
 2024-04-16 10:36:10 -07:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
Daniele Lacamera da5b73817e Update wolfPKCS11 to v1.3.0. Fixed doc 2024-04-16 16:24:31 +02:00
Daniele Lacamera 92f630ad3c Added "cc" clobbers 2024-04-11 12:39:12 +02:00
Daniele Lacamera d73341112d Anti-glitch armor: Added clobbers to assembly 2024-04-10 09:59:14 +02:00
David Garske 5ecd2f749d Cleaned up TLV example and simulator output. Moved `wolfBoot_find_header` to the public header. 2024-03-08 12:15:23 -08:00
Daniele Lacamera a314875c79 Added support for SIGN=ECC521 2024-03-01 15:32:33 +01:00
Daniele Lacamera c70c8a470d Added support for Microchip SAM E51 2024-02-15 17:30:11 +01:00
David Garske fea3b9ed1d Improve PCIe code. 2024-02-12 19:54:12 +01:00
David Garske 0b206d6758 Fixes for NXP T1024 with Integrity OS. Adds additional FDT fixups for FMAN, Ethernet, PCI. Add PCI init and enumeration. 2024-02-12 19:54:12 +01:00
David Garske 30620bf47a Upstreaming TigerLake TPM improvements. 2024-02-03 10:52:39 -08:00
David Garske 83283c6cf7 Fixes for NXP T1024 and booting Integrity OS: 
* Fixed PPC spin table based on ePAPR 1.1.
* Added flattened device tree (FDT) support. Setting required FDT fields per ePAPR 1.1.
* Added Frame Manager microcode upload.
* Fixed CPLD and setting QE clock.
* Added support for setting logical device numbers and updated device tree.
* Fixed QUICC Engine base address (was incorrect, should be 0x140000).
* Fixed "cpu-release-addr" to use 64-bit value.
* Added secondary cached boot page.
* Added L2 cache support to multi-core.
* Added flattened device tree parser tool for testing (`make fdt-parser` and `tools/fdt-parser/fdt-parser`).
* Added checks for FDT header.
* Added automated test case for NXP T1024 FDT.
 2024-01-17 14:16:15 +01:00
Daniele Lacamera 4564588b69 Preparing release v2.0.2 2023-12-29 11:31:48 +01:00
Daniele Lacamera 10b2b290d3 wolfBoot_get_blob_type: fix return type 2023-11-16 09:21:56 +01:00
Daniele Lacamera da96e4610c Updated version 2023-11-07 16:48:27 +01:00
David Garske dd11fad566
Merge pull request #385 from danielinux/test-delta 
Improve delta tests + fix delta+encrypt bug
 2023-11-06 07:52:04 -08:00
jordan 79aadb5cc1 XMSS wolfBoot support. 2023-11-06 14:31:05 +01:00
Daniele Lacamera f4e0cc61b3 Delta update fixes 
- img_size: use 32-bit variable
- remove '+1' from pa_start calculation
- fix broken delta.c wb_diff check for distance between matching
  patterns (root cause for the delta+encrypt bug)
 2023-11-04 19:32:34 +01:00
David Garske 96d55c84e9 Fix for unseal not properly using auth. 2023-10-25 13:24:27 +02:00
David Garske 758eda1ad4 Add support for sealing/unsealing a secret with auth. 2023-10-25 13:24:27 +02:00
David Garske cd385df8a0
Merge pull request #378 from danielinux/fix_bigendian_constant 
Fix prefix typo in Bigendian constant define
 2023-10-13 08:08:04 -07:00
John Bland 6c2a37bdea remove complicated key saving process and instead 
leave the encryption key for wolfBoot_success to erase.
FINAL_SWAP was also stopping the case where the partition was put into testing before the update sector status flags could be erased. now, don't erase the update sector flags. instead put the update partition in IMG_STATE_FINAL_FLAGS state before putting the boot partition in IMG_STATE_TESTING. Then only erase the update sector flags on wolfBoot_update_trigger. under this scheme, the sector flags are intact if the power failed before we could set IMG_STATE_TESTING but are wiped if we do need to swap over after after wolfBoot_success fails to be called
 2023-10-13 14:30:04 +02:00
John Bland 00a9572b94 change the final steps of wolfBoot_update into 
repeatable steps so that power failure wont erase the encryption key and wont cause skipping the testing phase of boot. this is done by marking the update partition as final swap when erasing the final sector and backing up the key in boot sector 0 after swaping the real boot sector 0 to swap. then when a power failure occurs the encryption key will be available in either boot sector 0 or the normal location. the intermediate phase also prevents skipping the testing phase since the last sector, which holds the boot state, is erased and then set repeatably, since the final swap state is set on the update partition
 2023-10-13 14:30:04 +02:00
Daniele Lacamera 1216835219 Fix prefix typo in Bigendian constant define 2023-10-12 17:41:11 +02:00
Daniele Lacamera 25c8356a6b safety: panic() when calling random stub 2023-10-09 11:13:42 +02:00
David Garske 389e12faf1 Fixes to get TPM working with T1024 and MMU enabled. 2023-10-06 15:28:16 +02:00
David Garske b3e2fb9ddd NXP T1024 wolfBoot support: 
* Added DDR4 w/ECC.
* Added L2 and L2 CPC SRAM support
* Added platform SRAM 160KB support
* Added support for core timers (timebase) and platform clock.
* Added IFC driver with erase/write
* Added stage 1 loader to relocate wolfBoot to DDR
* Added CPLD, QUICC, FMAN and MP drivers
* Added eSPI driver for TPM.
* Added hal_early_init instead of calling ddr_init directly.
* Fixes for device tree (DTB) loading with update_ram and PPC boot.
* Fixes for relocating CCSRBAR to upper.
* Fixes for interrupt offsets.
 2023-10-06 15:28:16 +02:00
Marco Oliverio b49ecbec86 fsp: improve debugging 2023-10-02 15:20:39 +02:00
Daniele Lacamera 0636e7d882 Added option WOLFBOOT_UNIVERSAL_KEYSTORE 
- Allows keys with different algorithms and sizes to be imported/generated
- Skips check for keys matching type/length in keystore
 2023-09-28 17:28:32 +02:00
David Garske 9cf947282c * Fix for building on MacOS (new keystore section issues). 
* Fix for library.o workaround.
* Added new `WOLFBOOT_DEBUG_MALLOC` option to help diagnosing malloc failures.
 2023-09-28 17:27:23 +02:00
David Garske 2143cdc189 tpm: delete existing NV secret on sealing 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-09-28 13:12:26 +02:00
Marco Oliverio 559f07f11e user_settings: tpm: reduce MMIO pooling delay 2023-09-28 13:12:26 +02:00
Marco Oliverio 133479f212 fsp: defer SATA init in wolfBoot_start 
In hal_init() TPM is not ready yet. SATA inti code needs TPM to unlock disk when
using TPM sealed secret based disk locking.
 2023-09-28 13:12:26 +02:00
Marco Oliverio fa7bb89edb ahci: add support for disk unlocking based on tpm sealed secret 2023-09-28 13:12:26 +02:00
Marco Oliverio 2c4df2866b fsp: tpm: support policy stored in the flash 2023-09-28 13:12:26 +02:00
Daniele Lacamera bf426fb2b4 tpm: add const qualifier to constant parameters 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-09-28 13:12:26 +02:00
Daniele Lacamera f28eec1b90 stage1: add TPM support 2023-09-28 13:12:26 +02:00
Marco Oliverio aaa66e7980 user_settings.h: remove redundant XTPM_WAIT() definition 2023-09-28 13:12:26 +02:00
Daniele Lacamera b8a5a6243d Cleanup, config rename, documentation 2023-09-21 08:31:30 +02:00
Daniele Lacamera 291adfe87d Fixed merge of user_settings with new TPM logic 2023-09-21 08:31:28 +02:00
Daniele Lacamera ed0357289c Fixed NS flash access + flash write unlock + misc 
- non-secure flash area increased to cover BOOT+UPDATE partitions
- call unlock/lock functions before accessing pkcs11 store for writing
- Enabled more features in application wolfcrypt front-end
- Fixed compiler w4rnings
 2023-09-21 08:28:23 +02:00
Daniele Lacamera bcbb0c2cfe Rebased on latest master 2023-09-21 08:28:23 +02:00
Daniele Lacamera fd862cbd8f Working PKCS11 test. 
Temporarily removed some features so the image fits in 64Kb
 2023-09-21 08:28:09 +02:00
Daniele Lacamera 20e8b021b5 Added NS wrappers for PKCS11 API 2023-09-21 07:57:18 +02:00
Daniele Lacamera f7d6c17685 TZ: PKCS11 wrappers via wolfPKCS11 in S world 2023-09-21 07:57:18 +02:00
Daniele Lacamera 9d62a7d13d Added ECC PK_CALLBACKS + CRYPTO_CB APIs 2023-09-21 07:57:18 +02:00
Daniele Lacamera 0cc1eea05d Added raw file read from NS-domain 
+ fix linker script with the correct NSC address
+ fix ecc key import
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 0971d47436 New keyvault slots structure in Secure SRAM 
- Example with slots allocated at compile time
- Defining/allocating slots, provisioned as well as empty
- Checks for memory usage
- No free function for slots
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 399ee6b594 WCS: Front-end wrappers for ECC sign/verify calls 2023-09-21 07:57:18 +02:00
Daniele Lacamera e2ab9a5553 Unified TZ support for STM32L5/U5 
- added file with common code
- added support for TRNG on U5
- added support for wolfcrypt NSC on U5
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 426d0346ad Use generic C types for NSC calls 
+ cosmetic changes
 2023-09-21 07:57:18 +02:00
Daniele Lacamera fd809c5b69 Expanded WCS interface 
- Added TRNG driver for STM32L5
- Link with correct objects in test-app
- Expanded wc_callable interface
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 61ea65747b Added secure functions to set/provision key slots 2023-09-21 07:57:18 +02:00
Daniele Lacamera c7c90cd2cc Back-end calls for ecc sign/verify/getpublic 2023-09-21 07:57:18 +02:00
Daniele Lacamera 9bf80ab8cd Initial draft: wolfcrypt secure mode 2023-09-21 07:57:18 +02:00
Marco Oliverio e24c372777 fsp: remove WOLFBOOT_FIXED_PARTITIONS (and hardcoded size limit) 
now the size of the image is limited by the available memory only.
The image is loaded in RAM just after wolfboot.
 2023-09-19 10:12:59 +00:00
Marco Oliverio d88315c801 fsp: move _stage2_params symbol in wolfboot .bss 
including the symbol in the C file will ensure that the linker reserves the
necessary space.
 2023-09-19 10:12:59 +00:00
Marco Oliverio f4411f2fe4 x86: fsp: add more debugging 2023-09-19 10:12:59 +00:00
David Garske 6dbe4a0129 Refactor to allow using seal/unseal without image header. Just pass the public key hint and policy directly. 2023-09-12 12:26:48 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 2349a68e76 Added support for storing sealed blobs into NV. Refactor the TPM signature verify to use existing load public key function and generic verify hash TPM function. Added support for RSA sign with ASN.1 encoding (Example: `SIGN=RSA2048ENC`). 2023-09-12 12:26:48 +02:00