WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,134 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

12 Commits (28bf0604883d0d7e81c87ec6e6c9ef8eb700e1e7)

Author SHA1 Message Date
Marco Oliverio 37fb0aaa2a tpm: include self test wrapper 2024-04-29 09:53:49 +02:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
David Garske 30620bf47a Upstreaming TigerLake TPM improvements. 2024-02-03 10:52:39 -08:00
David Garske 96d55c84e9 Fix for unseal not properly using auth. 2023-10-25 13:24:27 +02:00
David Garske 758eda1ad4 Add support for sealing/unsealing a secret with auth. 2023-10-25 13:24:27 +02:00
David Garske 2143cdc189 tpm: delete existing NV secret on sealing 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-09-28 13:12:26 +02:00
Daniele Lacamera bf426fb2b4 tpm: add const qualifier to constant parameters 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-09-28 13:12:26 +02:00
Daniele Lacamera f28eec1b90 stage1: add TPM support 2023-09-28 13:12:26 +02:00
David Garske 6dbe4a0129 Refactor to allow using seal/unseal without image header. Just pass the public key hint and policy directly. 2023-09-12 12:26:48 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske 2349a68e76 Added support for storing sealed blobs into NV. Refactor the TPM signature verify to use existing load public key function and generic verify hash TPM function. Added support for RSA sign with ASN.1 encoding (Example: `SIGN=RSA2048ENC`). 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00