WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,215 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

370 Commits (1fcac3557b0493a561a01e6919946f73d9128561)

Author SHA1 Message Date
Tesfa Mael a29b78d680 Add function headers 2023-08-22 07:18:15 +02:00
David Garske f791e98b16 Offload verify to TPM. 2023-08-22 07:12:05 +02:00
David Garske 19424c86c9 Added optional `WOLFBOOT_TPM_KEYSTORE_AUTH` for build-time NV auth. 2023-08-22 07:12:05 +02:00
John Bland 131df548e6 Merge branch 'master' into nvm-encrypt-configs 2023-08-21 10:13:46 -04:00
David Garske b33da11d7d Improve the array-bounds logic for the NVM write once. Tell GCC 12 its okay. 2023-08-21 11:08:48 +02:00
John Bland 4a9973ce06 fix powerfail problems with NVM_FLASH_WRITEONCE combinations 
simplify the erase address logic within nvm_select_fresh_sector
add several checks to nvm_select_fresh_sector:
    when FLAGS_HOME is enabled, add a check for both the boot and update partition flags
    when EXT_ENCRYPTED is enabled, add a check for the encryption key, always perform this check when FLAGS_HOME is enabled
update aes_init and chacha_init to properly account for NVM_FLASH_WRITEONCE
 2023-08-21 01:30:49 -04:00
David Garske 6a5279ae77 Delta comparison fix. 2023-08-18 10:51:04 -07:00
David Garske 6997df733e Fixes for type warnings between pointer and number in delta.c. 2023-08-18 09:58:02 -07:00
David Garske 701674be4f
Merge pull request #343 from jpbland1/add-nvm-configs 
add combinations of NVM_FLASH_WRITEONCE config tests
 2023-08-17 07:02:51 -07:00
David Garske 9ca58248e4 Adding GitHub Action for testing TPM features. 2023-08-17 13:43:58 +02:00
David Garske 5454a9728e Support for EXT_FLASH and NO_XIP for "self_hash". 2023-08-17 13:43:58 +02:00
David Garske b05c7ab980 Measure wolfBoot, not application. Added TPM docs. 2023-08-17 13:43:58 +02:00
David Garske d05672ea64 TPM based root of trust using NV index. 2023-08-17 13:43:58 +02:00
David Garske b012cb9479 Fixes for measured boot. 2023-08-17 13:43:58 +02:00
David Garske 103503cf8a Fixes to get WOLFBOOT_TPM_KEYSTORE working with ECC SRK and Parameter Encryption. 2023-08-17 13:43:58 +02:00
David Garske 69adb25496 wolfBoot TPM improvements: 
* Added TPM SPI wait state support and debug logging.
* Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`.
* Added parameter encryption support.
* Added TPM based root of trust based on https://github.com/wolfSSL/wolfTPM/pull/276
* Removed the TPM hashing feature (not practical).
* Fixed RSA with wolfTPM build.
* Fixed cleanup wolfTPM objects on make clean.
 2023-08-17 13:43:58 +02:00
John Bland d63316fd7f erase the sector flags when wolfBoot_update_trigger 
is called for NVM_FLASH_WRITEONCE and WOLFBOOT_FLAGS_INVERT since NVM_FLASH_WRITEONCE relies on finding non-erased flags to determine which sector is fresh and since WOLFBOOT_FLAGS_INVERT may use a different fill byte than what bin-assemble was compiled with
 2023-08-17 01:22:47 -04:00
John Bland cbccccb3fa remove the FLAGS_HOME section since it will erase 
the encryption key
 2023-08-15 17:30:38 -04:00
John Bland c26f1e6a9c update based on pr comments 2023-08-15 15:20:20 -04:00
John Bland 36bf4c3d80 fix powerfail case where the first and second sectors 
are swapped and therefore the fw_sizes are wrong
 2023-08-15 14:45:16 -04:00
David Garske 98cbde707a
Merge pull request #339 from jpbland1/address-fix 
fix bad address copy if base is not the same as addr_read
 2023-08-15 10:19:53 -07:00
John Bland d08ed5c473 only call nvm_select_fresh_sector on internal partitions 2023-08-15 11:57:22 -04:00
John Bland 171d19b6ee fix bad address copy if base is not the same as addr_read 2023-08-15 02:34:05 -04:00
David Garske db032d1461
Merge pull request #330 from danielinux/stage1_verify 
x86 Stage1: add verification of components
 2023-08-10 13:52:24 -07:00
Daniele Lacamera 51f240d8b1 Moved load address for second stage wolfboot 2023-08-10 15:26:01 +02:00
Daniele Lacamera 3f03f6d460 Fixed wrong printf 2023-08-09 16:48:53 +02:00
David Garske 7190392245 Simulator fixes and support for using MacOS: 
* Added simulator support for Mac.
* Fix for simulator to properly assemble wolfboot.bin + signedtestapp + update + swap.
* Fixes for handling 64-bit assigned mmap virtual addresses. Added hal_flash_write and hal_flash_erase support for 64-bit address using uintptr_t. Enabled if platform is 64-bit and `FORCE_32BIT` is not defined
* Fix simulator conflict with src/libwolfboot.o object in test-app.
* Cleanup test-app linker flags.
 2023-08-07 20:54:18 +02:00
Daniele Lacamera 95c7b92762 Moved FSP_M back to XIP 2023-08-07 15:47:40 +02:00
David Garske 0f4675f6b7 Fixes and improvements for NXP QorIQ: 
* Fix and refactor the L2SRAM support and use it for stage 1 loader stack.
* Fix NXP eSPI driver to support all sizes and properly handle keeping CS active.
 2023-08-04 16:31:09 +02:00
Daniele Lacamera 66c9ce8daa Addressed some of reviewer's comments 2023-08-03 19:37:31 +02:00
Hideki Miyazaki c93a5fa185 first commit for TSIP cryp only support 
-rsa 2048 verification
 -sha256
 2023-08-03 08:01:25 +02:00
Daniele Lacamera 7712a38639 Load FSP_S and FSP_M to RAM before auth 2023-07-27 17:53:19 +02:00
Daniele Lacamera 02dfec6fac Added wolfBoot authentication in stage1 2023-07-27 14:49:23 +02:00
Daniele Lacamera 0a56a70872 FSP_T auth: removed. FSP_M/S auth: before use 2023-07-27 10:45:02 +02:00
Daniele Lacamera 82bf6c76c6 Removed hardcoded manifest header size 2023-07-27 10:16:07 +02:00
Daniele Lacamera 06b6c0103e Feature: verification of FSP images' signatures 2023-07-27 09:39:53 +02:00
Daniele Lacamera 2144057da8 Added option for authentication in stage1 2023-07-26 17:54:35 +02:00
Marco Oliverio c4ec5eef35 x86: support Intel FSP (TigerLake and QEMU) 2023-07-24 18:12:32 +00:00
Marco Oliverio 93b7281d12 x86: support MMU paging on x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio ab60ec47cb feature: support multiboot2 boot protocol 2023-07-24 18:12:14 +00:00
Marco Oliverio 30af6f617c x86: support Linux boot protocol for 32bit x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio bb93ce95d7 x86: MPTABLE: support multi processor table 
BIOS uses this table to communiate IRQ routing and CPUs number to the OS.
 2023-07-24 18:12:14 +00:00
Daniele Lacamera 1d5231c969 feature: support disk boot/update 2023-07-24 18:12:14 +00:00
Daniele Lacamera 5d6662af35 x86: GPT: support GUID Partition Table 
support parsing the table and reading/writing to/from a partition.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Daniele Lacamera dbf913deb0 x86: ATA: support ATA commands 
support ATA commands to read, write and identify a SATA disk.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Daniele Lacamera 8ed6dd3281 x86: AHCI: support AHCI 
supports querying the ports, detecting the disk and configuring FIS areas.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Marco Oliverio 8ce80d6a65 PCI: add initial support 
It support basic enumeration (only bus 0), and reading/writing to config space
register.
 2023-07-24 18:12:13 +00:00
Marco Oliverio 1e754ca8f5 x86: common I/O, MMIO and misc architecture specific functions 2023-07-24 18:12:13 +00:00
Marco Oliverio 9aee0b4cdd TPM: support WOLFTPM_MMIO 2023-07-24 18:12:13 +00:00
Marco Oliverio 0fd34f23c7 ELF: add mmu callback to map segments before loading 2023-07-24 18:12:13 +00:00