WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,665 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

148 Commits (02bfe8a6a1c9f12e89a8293aa668a04d1e10c68c)

Author SHA1 Message Date
Daniele Lacamera 02bfe8a6a1 Added OTP support for STM32H5 2024-05-15 10:55:47 +02:00
Daniele Lacamera 572e1157bc Added "otp-keystore-primer" tool 2024-05-15 10:55:46 +02:00
Daniele Lacamera d1eabc2e31 Keystore module for OTP in FLASH 2024-05-15 10:55:46 +02:00
David Garske 0ddde6f074
Merge pull request #444 from miyazakh/renesas_rz_rsip 
Add  RSIP use to Renesas RZ support
 2024-05-10 11:52:12 -07:00
jordan bd0e25af16 Add wc_lms support. 2024-05-07 19:25:18 +02:00
jordan 13d746ab9a Add wc_xmss support. 2024-05-07 19:25:18 +02:00
David Garske cafef6be55 Update the KeyTools for Windows. 2024-05-02 14:14:25 +02:00
Hideki Miyazaki 7725cc1a8b initial support Renesas RZ with RSIP 2024-04-26 07:28:07 +09:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
Jim Norton 1a0eb3d851 Fixed indentation issue. 2024-04-05 08:52:03 +02:00
Jim Norton e4c6d4c34c Added support for custom-tlv-string 2024-04-05 08:52:03 +02:00
jordan cf0519903c Fix lms and xmss build. 2024-03-19 21:50:46 +01:00
Daniele Lacamera e9d65b3bd2 Fixed TLV alignment for 8B fields 
+ added sim "get_tlv" command
 2024-03-08 18:40:34 +01:00
David Garske 01e22edb34 Fix sign tool TLV alignment padding. 2024-03-08 11:38:46 +01:00
Daniele Lacamera df3ccc55b5 Address reviewer's comment 
Don't allow "0xFF" in custom tags
 2024-02-29 17:29:29 +01:00
Daniele Lacamera 304e0e876e Added sign option `--custom-tlv-buffer` 2024-02-29 17:29:29 +01:00
Daniele Lacamera 43f7730576 Added support for custom TLVs in manifest header 2024-02-29 17:29:29 +01:00
David Garske 3eb41afa85 Fixes for ECC sign where the r/s is does not match key size and needs zero padded. 2023-11-29 22:24:07 +01:00
jordan 79aadb5cc1 XMSS wolfBoot support. 2023-11-06 14:31:05 +01:00
Hideki Miyazaki 0f5b5abf5f fix and update rx72n 2023-10-25 13:22:33 +02:00
David Garske 798993d471 Fix for `directive output may be truncated` on Win where PATH_MAX is 260, not 1024. 2023-10-25 13:17:24 +02:00
David Garske c76a6f1695 Fixes for building keytools on mingw. 2023-10-25 13:17:24 +02:00
Daniele Lacamera 8d7ed16ad9 Fixed keygen ecc key initialization 2023-10-13 17:28:10 +02:00
Daniele Lacamera eba3f6514c keygen: Added --id {list} option, updated docs 2023-09-28 17:28:32 +02:00
Daniele Lacamera 0636e7d882 Added option WOLFBOOT_UNIVERSAL_KEYSTORE 
- Allows keys with different algorithms and sizes to be imported/generated
- Skips check for keys matching type/length in keystore
 2023-09-28 17:28:32 +02:00
Daniele Lacamera 04c8e8921c Add --no-ts option to sign tool 
For tests with reproducible payload across build
 2023-09-28 17:28:32 +02:00
David Garske 9cf947282c * Fix for building on MacOS (new keystore section issues). 
* Fix for library.o workaround.
* Added new `WOLFBOOT_DEBUG_MALLOC` option to help diagnosing malloc failures.
 2023-09-28 17:27:23 +02:00
Daniele Lacamera 5db2714eae Moved keystore section to the end of the flash 2023-09-19 10:12:59 +00:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
jordan 938e6c2a3b Support LMS with pub key only. 2023-09-06 18:01:39 +02:00
jordan e23d450e45 LMS wolfBoot support. 2023-09-06 07:57:10 +02:00
Daniele Lacamera 66109b9f11 Delta updates: 32-bit fields for patch size 2023-09-01 13:36:21 +02:00
David Garske 9fc9f05988
Merge pull request #349 from danielinux/sign_image_size 
Override IMAGE_HEADER_SIZE via configuration value
 2023-08-21 08:04:11 -07:00
Daniele Lacamera dab16d3512 Override IMAGE_HEADER_SIZE via configuration 
If the calculated header_sz is smaller than the value requested via
.config (or via IMAGE_HEADER_SIZE=x when compiling keytools), override
the value calculated with the preset.
 2023-08-21 13:36:15 +02:00
David Garske fce1d53dd6 Clean Visual Studio builds for sign and keygen. 2023-08-18 10:56:26 -07:00
David Garske 2f0e699f82 Fix for keytools with path having spaces. Added note about sign.c use of `WOLFBOOT_SECTOR_SIZE` for delta support. 2023-08-18 10:39:42 -07:00
Daniele Lacamera e6e3afa0f4 sign.c: Fixed delta file truncate-before-close 2023-08-17 17:04:02 +02:00
Daniele Lacamera 77dd56de73 Fixes to sign.c running on windows 
Use generic buffer API to ensure that the files are open with the right
flags.

Non-POSIX systems would require `open()` to use an extra O_BINARY flag
to ensure the file is properly processed and sizes calculated
accordingly. As file descriptors are only needed in mmap() mode, the
win32 interface is reworked to use `fopen()` instead.

Thanks to Erik Chang for reporting this issue.
 2023-08-17 16:49:36 +02:00
David Garske 9ca58248e4 Adding GitHub Action for testing TPM features. 2023-08-17 13:43:58 +02:00
David Garske 727fc12a35 Speedup the key tool builds. 2023-08-07 20:54:18 +02:00
David Garske 95d98645bd
Merge pull request #337 from jpbland1/decode-ed-keys 
decode ed keys instead of just ecc keys for key_import
 2023-08-04 13:41:54 -07:00
John Bland 3dc1e2fad2 fix bad type comparison 2023-08-04 11:36:38 -04:00
John Bland 98c1feafdd decode ed keys instead of just ecc keys for key_import 2023-08-04 11:32:46 -04:00
David Garske 3797238546 Documentation and code comment cleanups: 
* Update documentation for signing with `--no-sign`, as the key argument should not be supplied.
* Recommend `make keysclean` instead of distclean on keys mismatch.
* Renesas headings/readme link and white-space.
 2023-08-04 10:13:56 +02:00
David Garske 6ce7643b29
Merge pull request #332 from danielinux/deprecate-python-keytools 
Deprecate python keytools.
 2023-08-03 08:06:35 -07:00
Daniele Lacamera 21493fcd8d Deprecate python keytools. 2023-08-03 08:05:18 +02:00
Hideki Miyazaki c93a5fa185 first commit for TSIP cryp only support 
-rsa 2048 verification
 -sha256
 2023-08-03 08:01:25 +02:00
John Bland 517cf6b9b8 update sign to decode keys instead of assuming they're raw 
add a github workflow for testing external partition signing
 2023-07-28 07:55:16 +02:00