WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,134 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

358 Commits (28bf0604883d0d7e81c87ec6e6c9ef8eb700e1e7)

Author SHA1 Message Date
Daniele Lacamera 9d62a7d13d Added ECC PK_CALLBACKS + CRYPTO_CB APIs 2023-09-21 07:57:18 +02:00
Daniele Lacamera 0cc1eea05d Added raw file read from NS-domain 
+ fix linker script with the correct NSC address
+ fix ecc key import
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 0971d47436 New keyvault slots structure in Secure SRAM 
- Example with slots allocated at compile time
- Defining/allocating slots, provisioned as well as empty
- Checks for memory usage
- No free function for slots
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 399ee6b594 WCS: Front-end wrappers for ECC sign/verify calls 2023-09-21 07:57:18 +02:00
Daniele Lacamera e2ab9a5553 Unified TZ support for STM32L5/U5 
- added file with common code
- added support for TRNG on U5
- added support for wolfcrypt NSC on U5
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 426d0346ad Use generic C types for NSC calls 
+ cosmetic changes
 2023-09-21 07:57:18 +02:00
Daniele Lacamera fd809c5b69 Expanded WCS interface 
- Added TRNG driver for STM32L5
- Link with correct objects in test-app
- Expanded wc_callable interface
 2023-09-21 07:57:18 +02:00
Daniele Lacamera 61ea65747b Added secure functions to set/provision key slots 2023-09-21 07:57:18 +02:00
Daniele Lacamera c7c90cd2cc Back-end calls for ecc sign/verify/getpublic 2023-09-21 07:57:18 +02:00
Daniele Lacamera 9bf80ab8cd Initial draft: wolfcrypt secure mode 2023-09-21 07:57:18 +02:00
Marco Oliverio e24c372777 fsp: remove WOLFBOOT_FIXED_PARTITIONS (and hardcoded size limit) 
now the size of the image is limited by the available memory only.
The image is loaded in RAM just after wolfboot.
 2023-09-19 10:12:59 +00:00
Marco Oliverio d88315c801 fsp: move _stage2_params symbol in wolfboot .bss 
including the symbol in the C file will ensure that the linker reserves the
necessary space.
 2023-09-19 10:12:59 +00:00
Marco Oliverio f4411f2fe4 x86: fsp: add more debugging 2023-09-19 10:12:59 +00:00
David Garske 6dbe4a0129 Refactor to allow using seal/unseal without image header. Just pass the public key hint and policy directly. 2023-09-12 12:26:48 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 2349a68e76 Added support for storing sealed blobs into NV. Refactor the TPM signature verify to use existing load public key function and generic verify hash TPM function. Added support for RSA sign with ASN.1 encoding (Example: `SIGN=RSA2048ENC`). 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
jordan e23d450e45 LMS wolfBoot support. 2023-09-06 07:57:10 +02:00
Daniele Lacamera 87f97c111c Addressed reviewer's comments 2023-09-05 10:31:09 +02:00
Daniele Lacamera 75444cf93b Support for ATA Security feature set 2023-09-04 18:05:37 +02:00
Marco Oliverio e67b853308 pci: support pci bridges enumeration 2023-08-25 18:43:50 +02:00
Marco Oliverio fc76b90126 pci: add pci_config_{read,write}8 2023-08-25 18:43:50 +02:00
Marco Oliverio aaf0071ece mptable: use stdint for field. add __packed__ attribute 2023-08-25 18:43:50 +02:00
Marco Oliverio d01c08b451 mptable: use sipmler irq table. compute mp_float checksum at runtime 2023-08-25 18:43:50 +02:00
David Garske 95b0d9090d Fixes for building TPM keystore with arch x86_64. 2023-08-24 16:38:20 +02:00
David Garske 6ea1a1e4a5 Added GitHub action build tests for NXP parts (iMX RT, Kinetis and LPC). 2023-08-21 11:08:48 +02:00
David Garske 0ee918f9f6 Fixes for simulator malloc/free. Fix for RSA encrypt missing `wc_RsaPublicEncrypt_ex`. 2023-08-17 13:43:58 +02:00
David Garske 9ca58248e4 Adding GitHub Action for testing TPM features. 2023-08-17 13:43:58 +02:00
David Garske b05c7ab980 Measure wolfBoot, not application. Added TPM docs. 2023-08-17 13:43:58 +02:00
David Garske 103503cf8a Fixes to get WOLFBOOT_TPM_KEYSTORE working with ECC SRK and Parameter Encryption. 2023-08-17 13:43:58 +02:00
David Garske 69adb25496 wolfBoot TPM improvements: 
* Added TPM SPI wait state support and debug logging.
* Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`.
* Added parameter encryption support.
* Added TPM based root of trust based on https://github.com/wolfSSL/wolfTPM/pull/276
* Removed the TPM hashing feature (not practical).
* Fixed RSA with wolfTPM build.
* Fixed cleanup wolfTPM objects on make clean.
 2023-08-17 13:43:58 +02:00
David Garske b9949b0a0c For the hal_flash API's make the change to uintptr_t to support 64-bit explicit using `ARCH_64BIT` or known 64-bit architectures. 2023-08-07 20:54:18 +02:00
David Garske 7190392245 Simulator fixes and support for using MacOS: 
* Added simulator support for Mac.
* Fix for simulator to properly assemble wolfboot.bin + signedtestapp + update + swap.
* Fixes for handling 64-bit assigned mmap virtual addresses. Added hal_flash_write and hal_flash_erase support for 64-bit address using uintptr_t. Enabled if platform is 64-bit and `FORCE_32BIT` is not defined
* Fix simulator conflict with src/libwolfboot.o object in test-app.
* Cleanup test-app linker flags.
 2023-08-07 20:54:18 +02:00
David Garske 0f4675f6b7 Fixes and improvements for NXP QorIQ: 
* Fix and refactor the L2SRAM support and use it for stage 1 loader stack.
* Fix NXP eSPI driver to support all sizes and properly handle keeping CS active.
 2023-08-04 16:31:09 +02:00
David Garske 3797238546 Documentation and code comment cleanups: 
* Update documentation for signing with `--no-sign`, as the key argument should not be supplied.
* Recommend `make keysclean` instead of distclean on keys mismatch.
* Renesas headings/readme link and white-space.
 2023-08-04 10:13:56 +02:00
Marco Oliverio c4ec5eef35 x86: support Intel FSP (TigerLake and QEMU) 2023-07-24 18:12:32 +00:00
Marco Oliverio 93b7281d12 x86: support MMU paging on x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio ab60ec47cb feature: support multiboot2 boot protocol 2023-07-24 18:12:14 +00:00
Marco Oliverio 30af6f617c x86: support Linux boot protocol for 32bit x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio bb93ce95d7 x86: MPTABLE: support multi processor table 
BIOS uses this table to communiate IRQ routing and CPUs number to the OS.
 2023-07-24 18:12:14 +00:00
Daniele Lacamera 5d6662af35 x86: GPT: support GUID Partition Table 
support parsing the table and reading/writing to/from a partition.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Daniele Lacamera dbf913deb0 x86: ATA: support ATA commands 
support ATA commands to read, write and identify a SATA disk.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Daniele Lacamera 8ed6dd3281 x86: AHCI: support AHCI 
supports querying the ports, detecting the disk and configuring FIS areas.

Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:14 +00:00
Marco Oliverio 8ce80d6a65 PCI: add initial support 
It support basic enumeration (only bus 0), and reading/writing to config space
register.
 2023-07-24 18:12:13 +00:00
Marco Oliverio 1e754ca8f5 x86: common I/O, MMIO and misc architecture specific functions 2023-07-24 18:12:13 +00:00
Marco Oliverio 9aee0b4cdd TPM: support WOLFTPM_MMIO 2023-07-24 18:12:13 +00:00
Daniele Lacamera efa28e3787 x86_64: support SP_MATH on x86_64 architecture 
Signed-off-by: Marco Oliverio <marco@wolfssl.com>
 2023-07-24 18:12:13 +00:00
Marco Oliverio 0fd34f23c7 ELF: add mmu callback to map segments before loading 2023-07-24 18:12:13 +00:00
Daniele Lacamera 2600df9a21 Updated bootloader version 2023-07-06 14:17:52 +02:00
David Garske 1d6c421b41 Disable dynamic stack for SP math and SP math all. 2023-07-05 18:34:42 +02:00
Daniele Lacamera 17b948bd25 Added WOLFSSL_SP_NO_DYN_STACK to user_settings.h 2023-07-05 18:34:42 +02:00
Daniele Lacamera 180d819d4a Added WOLFSSL_SP_NO_DYN_STACK 2023-07-05 18:34:42 +02:00
David Garske db15f9b0f1 Further NXP P1021 fixes and improvements: 
* Added ELF32 and ELF64 loader support (config `ELF=1` or build option `WOLFBOOT_ELF`).
* Add ELF support to `update_ram.c` loader.
* Add support for loading entire flash image to RAM when `EXT_FLASH=1` and `NO_XIP=1` (or `WOLFBOOT_USE_RAMBOOT`).
* Added QUICC Engine support to load microcode and enable.
* Add multiple core support for NXP P1021.
* Fixes to resolve first stage boot ROM relocation.
  - Implemented temporary workaround to resolve stack traps.
* Added PPC GOT relocation support.
* Fix for the PPC `isr_empty` handler address.
* Fix to allow stack to use DDR by having assembly setup DDR TLB. After relocating wolfBoot use stack on DDR.
* Cleanup wolfBoot output.
  - Only remove extra .bin/.elf created unless `make distclean` is used.
  - Don't output the key grep test (only check result).
  - Adjust build order (first stage, wolfboot, test app, key, sign test app and factory).
  - Fix to make sure linker script is rebuilt before objects.

Sample NXP P1021 Output:

```
Relocating BOOT ROM to DDR
Loading wolfBoot to DDR
Jumping to full wolfBoot
wolfBoot HAL Init
Flash Init: Ret 0, ID 0x76207620
QE: Length 63732, Count 1
QE: uploading 'Microcode for P1021 r1.0' version 0.0.1
QE: Traps 0
MP: Starting core 2 (spin table 0xFFFFF240)
Versions: Boot 1, Update 0
Trying Boot partition at 0x200000
Loading header 512 bytes to 0x1DFFFE00
Loading image 3170724 bytes to 0x1E000000
Image size 3170724
Firmware Valid
Loading elf at 0x1E000000
Found valid elf32 (big endian)
Booting at 0x6000
```
 2023-07-05 17:03:57 +02:00
David Garske a56e2252c1 Revert the TPM based key store (root of trust). This feature is not ready for next release. 2023-07-04 08:36:41 +02:00
Hideki Miyazaki 5ed7390c40 reorganize folders under IDE/Renesas 2023-06-10 08:53:32 +02:00
Takashi Kojo 6393c48860 print partition info 2023-06-10 08:53:32 +02:00
Takashi Kojo def2a530e4 Simple boot 2023-06-10 08:53:32 +02:00
Hideki Miyazaki 170bb9a585 Support Renesas RA6M4 with SCE use 2023-05-17 14:15:18 +02:00
billphipps 106b78086a
Merge pull request #302 from dgarske/nxp_tpm 
Support for NXP P1021 eSPI and TPM (and fixes for eLBC NAND)
 2023-05-10 20:17:27 -04:00
David Garske 28ee143a1b Update the new `spi_xfer` to include a "continue" flag to allow leaving the CS asserted. 2023-05-10 15:26:57 -07:00
David Garske 0b7603f7bf
Merge pull request #303 from jpbland1/preseal 
add script for preseal a public key to tpm
 2023-05-05 15:02:55 -07:00
John Bland bf3ebee8bb use correct digest when getting unsealing the pubkey 
add deinit call when wolfboot exits so the TPM doesn't have a hanging session
 2023-05-05 16:27:22 -04:00
David Garske fb20f2d41f Fix the eLBC NAND flash driver issues with page/col selection. Allow override of the `WOLFBOOT_SHA_BLOCK_SIZE`. 
```
wolfBoot HAL Init
Flash Init: Ret 0, ID 0x76207620
Part: Active 0, Address 0
Boot partition: 200000
Image size 3964
Firmware Valid
Loading 3964 bytes to RAM at 1E000000
Booting at 1E000000
```
 2023-05-05 12:18:16 -07:00
David Garske 0f110e4cd9 Progress on eSPI support for NXP P1021 TPM. 2023-05-04 15:23:45 -07:00
David Garske ef35f473c9
Merge pull request #296 from jpbland1/tpm-root-trust 
wolfTPM pubkey storage with policy based access restriction
 2023-05-04 15:09:06 -07:00
John Bland eb30566bba add encryption key unsealing from the tpm 
make the config/examples/stm32f4-tpm-keystore.config config use ecc256
 2023-04-24 13:23:09 -04:00
David Garske 69ca95eb94 Adds `factory_wstage1.bin` option to include first stage loader. Fix test-app verbose issue. 2023-04-21 16:41:00 +02:00
David Garske 553ec760fd NXP QorIQ refactor for shared PPC (e500 / e6500) registers 
* Fixes for e500 L1/L2 cache.
* Fixes for eLBC and DDR3 drivers on P1021.
* Fixes for LAW and TLB for P1021.
* Fix for the e500v2 core peripheral issues with data barrier / coherency safety.
* Support for SP math all (`SPMATHALL=1`).
* Support for stage 1 loader (`make stage1`).
 2023-04-21 16:41:00 +02:00
Daniele Lacamera 65635b3940 Updated version & README.md 2023-04-13 17:34:26 +02:00
John Bland 3fbc99d36e wolfTPM pubkey storage with policy based access restriction 
this update uses the tpm to retreive the public key used to validate the image that will boot and restricts access to that key by tpm policy. when the image is updated it's signature is used to extend the PCR and when the image is loaded it's signature must match what was sealed in order to get the public key from the tpm. enabling this option is done by setting WOLFBOOT_TPM_KEYSTORE in .config
 2023-04-11 11:46:21 -04:00
David Garske 6f12975bc5
Merge pull request #289 from danielinux/gh-action-rsa4096 
Parallelize renode tests execution, remove unfeasible test, add compile-time check for large stack usage
 2023-03-21 10:01:17 -07:00
Daniele Lacamera 43fa7b17f1 Added WOLFBOOT_HUGE_STACK option 
The option can be enabled to use RSA4096 with fast math.
 2023-03-21 17:06:22 +01:00
Daniele Lacamera 0b06efd347 Added unit test for encrypted external flash 2023-03-14 08:57:14 +01:00
Daniele Lacamera 2f2a6d416d Support encrypted images in MMU targets 2023-03-09 16:31:29 +01:00
David Garske cb1eaff8e8 Support for SP math with AARCH64 when hardware supports it. 2023-03-09 07:05:24 +01:00
David Garske 8dd0ee347f Support for the STM32 OCTOSPI peripheral. 2023-02-02 12:11:23 -08:00
Daniele Lacamera 3d517cfe8c NVM_FLASH_WRITEONCE refactoring 
- Using two sectors to keep partition/sector flags
- Keep two redundant set of flags, update one at a time
- Erase is done when the sector is old
- Flags update is faster because Erase is done in advance
- Accessing trailer information (including encryption keys) is done by
  selecting the newest information

Tested via renode, using nrf52 with NVM_FLASH_WRITEONCE flag on.
 2023-01-26 09:22:48 +01:00
Daniele Lacamera f250a5b5d4 Update wolfBoot version 2022-12-30 10:57:05 +01:00
David Garske e746c3f65a Fix for wolfBoot with wolfTPM. Tested with `cp ./config/examples/stm32wb-tpm.config .config && make clean && make`. 2022-12-28 19:15:50 +01:00
David Garske 8d7d4d4f74 Fixes for QSPI read. Adds alternate byte support. Cleanup of simple QSPI read/write. 2022-12-22 15:02:31 -08:00
David Garske 5331f5ee23 QSPI Flash tests passing in single SPI mode (working on Quad mode). 
```
wolfBoot Init
Flash ID (ret 0): 0x1870EF, status 0
Erase Sector: Ret 0
Flash Write: Ret 0, Address 0x200000, Page 0, Len 256
Write Page: Ret 0
Flash Read: Ret 0, Address 0x200000, Len 256, Cmd 0xB
Read Page: Ret 0
Checking...
Flash Test Passed
```
 2022-12-20 16:44:53 -08:00
David Garske a9526bab8f STM32 QSPI Flash support. Refactor SPI to allow different GPIO base/AF for each pin. Adds `DEBUG_UART` support for H7. 2022-12-20 13:31:28 +01:00
David Garske da6d364f1e Fixes for encrypt/decrypt with unaligned address. Fix issue with byte count result on Mac. Cleanups for uart-flash-server. 2022-12-16 17:50:02 +01:00
Lealem Amedie 18bfcecd6b wolfBoot cmake support 2022-12-07 13:00:10 -08:00
David Garske 6d45564112 Test size increases. Improve user_settings.h ECC options. 2022-12-06 06:20:48 +01:00
David Garske bc89cb6594 Added minimalistic printf UART support (enabled with `DEBUG_UART`). 2022-12-06 06:20:48 +01:00
David Garske 2fc899254f Cleanups for NXP T2080 DEOS support: 
* Expanded the NXP QorIQ T2080 documentation in `docs/Targets.md`.
* T2080 fixes for boot code placement and generation of .bin.
* T2080 UART driver cleanup.
* Improve bin-assemble fill speed and report items added.
* Make portability fixes to enable building in `mingw32-make`.
* Cleanup the `docs/Targets.md` sections and links.
* Cleanup execute bits on code files.
 2022-12-06 06:20:48 +01:00
David Garske c3b5ac156b Experimental STM32U5 external flash support. 2022-11-23 18:13:03 +01:00
Daniele Lacamera 5114e308ae Updated wolfSSL and wolfTPM submodules 2022-10-14 12:48:47 +02:00
Daniele Lacamera a6fdec3901 self-encrypt prototype; tested on stm32l0 2022-09-21 18:49:52 +02:00
Daniele Lacamera f6eeb8dd5d Preparing release v1.12 2022-07-26 09:57:32 +02:00
David Garske 3c2c26bf3a Fixes for IAR. Switch to new `src/keystore.c` for keys. Fixes for building keytools in Visual Studio. 2022-07-26 09:34:53 +02:00
Daniele Lacamera 5252ac2f68 Added default sector size to raspi3.config 
(mandatory to compile sign.c)
 2022-07-21 21:28:17 +02:00
Daniele Lacamera 93dd53ac0f Fixed support for raspberry-pi 2022-07-21 20:18:34 +02:00
Daniele Lacamera c4ca592f43 Fixed rpi load address, do_boot jump 2022-07-21 20:18:34 +02:00
Daniele Lacamera 9605dd283f Fixes for test cases using keystore 2022-07-19 15:33:29 +02:00
Daniele Lacamera 513163a77b Added "ARMORED" check for part id flags mask 2022-07-19 15:32:28 +02:00
Daniele Lacamera 1e11f3081b keygen.c : exporting keystore also in binary format 2022-07-19 15:32:28 +02:00
Daniele Lacamera 1542a15c90 Keystore: array of public keys generated by keygen 2022-07-19 15:32:28 +02:00
Daniele Lacamera acfdd1f676 Added support for RSA3072 2022-05-31 12:13:34 +02:00
Daniele Lacamera 063c21430c Added partition ID. Extended sign manual 2022-05-24 13:31:50 +02:00
David Garske 6068a8047c wolfBoot improvements (from elms): 
* Add `WOLFBOOT_DUALBOOT` for dynamic fallback
* Refactor header field parsing
* Cleanup compiler warnings and logic extra check
* Option to leave out partition based functions
* Add `WOLFBOOT_FIXED_PARTITIONS` enable using partition enum and related functions
* Wrap all delta update references
* Update raspberry documentation
* EFI refactoring
* Add `keytools_check` target
* Add "library" target
 2022-05-20 08:06:07 +02:00
Daniele Lacamera acd96323a2 Prepare release 1.11 2022-05-05 07:28:21 +02:00
Daniele Lacamera f04889ee29 Added SHA2-384 support for integrity checks 2022-04-06 09:41:37 +02:00
Daniele Lacamera d06178c3a8 Added new signature algo: ECC384 2022-04-01 12:21:42 -07:00
Daniele Lacamera a017e482b9 Removed dead code after reviewer's comments 2022-03-23 09:19:33 +01:00
Daniele Lacamera 7b7282e74d Added comment as suggested by reviewer. 2022-03-17 12:10:57 +01:00
Daniele Lacamera 986855ce0a Review's feedback 2022-03-17 11:53:49 +01:00
Daniele Lacamera 4527347173 Error if attempting to build ARMORED on not-arm-gcc 2022-03-17 10:48:49 +01:00
Daniele Lacamera 73fe84c55c Fixed version check armor, add no-downgrade tests 2022-03-16 11:19:05 +01:00
Daniele Lacamera 0684245187 Added canary vars around signature_ok flag, improved checks 2022-03-15 12:36:24 +01:00
Daniele Lacamera 0665eeff67 Reverted 'return -1' fix; removed _update() optim. 2022-03-14 18:14:50 +01:00
Daniele Lacamera a72715caa3 Improved "return -1" in version check 2022-03-14 17:58:43 +01:00
Daniele Lacamera 028d184b17 Added armored image version, improve armor 2022-03-14 17:45:47 +01:00
Daniele Lacamera 32ecb5c3b6 Added pre-boot sanity check 2022-03-14 16:04:11 +01:00
Daniele Lacamera 75fb9f70e3 Fixed ECC with no armor 2022-03-14 15:22:04 +01:00
Daniele Lacamera 9ac4a6d365 Armored signature verification back-end 2022-03-14 15:12:36 +01:00
Daniele Lacamera 5a15fe1138 Added armored panic() function form arm cortex-m 2022-03-14 13:06:13 +01:00
Daniele Lacamera 61275ec9dd Update Chacha ENCRYPT_BLOCK_SIZE to match IV ctr 2022-02-07 16:35:25 +01:00
Marco Oliverio 0f9613837a libwolfboot: make crypto_*() functions public 2022-02-07 15:03:08 +01:00
Daniele Lacamera 43a5a38629 Fixes to AES-CTR encryption after testing 2022-01-31 16:46:09 +01:00
Daniele Lacamera 5551666e08 Draft: added AES encryption support 2022-01-28 20:26:59 +01:00
Daniele Lacamera b3ada3a265 Version up to 1.10.0000 2022-01-10 17:35:27 +01:00
Daniele Lacamera 2e7b63eae5 Adding support for ED448 verification 2021-12-13 12:05:37 +01:00
Marco Oliverio a187442455 support booting EFI application on x86_64 architecture 
Co-authored-by: Daniele Lacamera <daniele@wolfssl.com>
 2021-11-30 18:43:50 +01:00
Daniele Lacamera f26dd61e23 Fixed delta updates from external devices (+ test) 2021-10-07 14:32:51 +02:00
Daniele Lacamera aaf780fae9 Added test for delta-update-ext 2021-10-07 14:32:51 +02:00
Daniele Lacamera 922c17f1cc Draft: integrate delta updates with external flash support 2021-10-07 14:32:48 +02:00
Elms d302c633c2 TMS570LC43xx: flash updates and init stack pointer 
- cleanup warnings and rework exceptions to be more robust
 - CORTEX R5: Initialization of stack pointer
 - updates to F021 flash from testing
 - sync options for command line build with IDE
 2021-10-07 01:45:18 -07:00
Daniele Lacamera aba428b243 Changed bitrate for uart_flash tests 2021-08-24 10:00:04 +02:00
Daniele Lacamera 012bba3ce3 Fixed after review comments 2021-08-20 10:10:51 +02:00
Daniele Lacamera 39ee01a948 Added roll-back feature via inverse patch 2021-08-17 15:44:34 +02:00
Daniele Lacamera 3b0c434a13 Added missing header delta.h 2021-08-16 12:00:39 +02:00
Daniele Lacamera b74a4f69e2 Changed delta mechanism + added key tool diff function 2021-08-16 11:59:45 +02:00
Daniele Lacamera 13541ec046 Delta updates, draft update mechanism with hdr replacement 2021-08-16 11:56:13 +02:00
Daniele Lacamera 7ff1887ad7 Initial delta code + HDR tag for manifest 2021-08-16 11:54:27 +02:00
Daniele Lacamera 572414fba6 Use library version as default WOLFBOOT_VERSION 2021-07-19 17:02:40 +02:00
David Garske 64661ef08c Add wolfBoot library version. 2021-07-19 07:53:08 -07:00
David Garske d38de3b432 Update copyright year 2021-07-19 07:50:02 -07:00
Daniele Lacamera 45570e6c21 Fixes for USE_FAST_MATH 2021-07-13 18:09:20 +02:00
Daniele Lacamera 4c4d7d69f8 Add support for WOLFBOOT_SMALL_STACK 2021-07-09 10:15:37 +02:00
Daniele Lacamera f2bab09777 Added support for SIGN=NONE 2021-06-28 13:52:00 +02:00
Elms 1a33885cfb handle big endianess with header 2021-05-14 09:38:31 +02:00
David Garske 7793433b3a Updated RSA to use inline operation and disable OAEP padding. This allows removal of the XMALLOC/XFREE SP code. Once PR https://github.com/wolfSSL/wolfssl/pull/3918 is merged we can update submodule. 2021-03-26 16:38:08 +01:00
David Garske c14e70a12c Changed RSA4096 to use SP math. Fix to disable dynamic stacks `WOLFSSL_SP_NO_DYN_STACK`. Added G0 details. Update submodules. 2021-03-26 16:38:08 +01:00
Daniele Lacamera 3516620f1a fix wolfTPM option 2021-01-26 09:07:03 +01:00
Dimitar Tomov bf74ba9cb4 Added ifndef to wolfTPM specific build settings for wolfCrypt 
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2021-01-26 08:13:26 +01:00
Dimitar Tomov 2f3fc6600b Latest wolfTPM has Parameter Encryption that requires HMAC and AES support 
* Add new src/tpm2_param_enc object for wolfTPM
* Enable wolfcrypt HMAC support required for TPM2.0 KDFa
* Enable wolfcrypt AES support required for AES CFB parameter encryption

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2021-01-26 08:13:26 +01:00
Daniele Lacamera 82da68028b Fix fallback using encryption by storing the key after swaping 
partitions
 2021-01-11 13:07:07 +01:00
Glenn Ergeerts 3682e66818 stm32l0: add support for external SPI flash 2020-11-19 13:30:14 +01:00
David Garske 4706d2f126 Peer review fixes. Fixes for SHA3 and RSA4096 in makefiles. Fixes for Xilinx SDK excludes. Cleanup of the printf to use the built-in facilities (`wolfBoot_printf`). 2020-11-12 10:47:32 +01:00
Daniele Lacamera 4e27d9197f Added compile-time option to invert FLAGS logic (FLAGS_INVERT=1) 2020-11-03 11:05:14 +01:00
Daniele Lacamera 72eb2c205b Relocate sector flags in FLAGS_HOME mode to a constant location 2020-10-16 10:29:19 +02:00
Daniele Lacamera 533fa9b4a2 Added RAMFUNCTION tag to SPI flash functions 2020-07-06 10:13:52 +02:00
Daniele Lacamera f3f27ae2cb Fixed ChaCha20 IV usage/setting. Test/docs updated. 2020-06-18 11:12:01 +02:00
Daniele Lacamera 53bf4d04db Encrypt: API design 2020-06-16 17:50:55 +02:00
Daniele Lacamera 1d24d326b1 Experimental: chacha20 encryption for external partitions 2020-06-16 17:50:55 +02:00
Daniele Lacamera aa3fb3fab0 Changed set|get_sector_flag argument to uint16_t 
On some platforms with very small sector size this index could overflow
 2020-05-29 08:19:18 +02:00
David Garske 2560bdc6d7 Added TPM RSA verify support. Added support for using software SHA-256 hasing with TPM because its much faster. (Note: to use TPM for hashing define `WOLFBOOT_HASH_TPM`). 2020-05-25 08:28:02 -07:00
Daniele Lacamera f3d0d8fc83 PSoC6 support: updated configuration, docs added to Targets.md, revert 
custom NVM_CACHE_SIZE
 2020-05-20 06:53:00 -07:00
Daniele Lacamera 3db37a6b5c Updated NVM_CACHE_SIZE to match different configurations. 
Progress on psoc6 HAL, fixed memory mapping and test app
 2020-05-20 06:53:00 -07:00
Daniele Lacamera f7da6c5f6e Added SPI support for nrf52 2020-05-19 18:16:17 +02:00
Daniele Lacamera aaa5f962e6 minor changes after code review 2020-04-07 16:39:37 +02:00
Daniele Lacamera 92e1f632c1 Removed magic numbers for bitrate 2020-04-03 20:24:13 +02:00
Daniele Lacamera f04aac6a9f Added missing include file 2020-04-03 20:19:45 +02:00
David Garske e7446c570f Fixes for Device Tree (DTS) handling. Updated documentation. 2020-03-06 15:33:41 -08:00
David Garske 2867025ae5 Fixes for handling U-Boot image and DTS. Moved the Xilinx SDK project target settings into target.h. 2020-03-05 15:39:22 -08:00
David Garske c0b534edd7 wolfBoot Aarch64 support (Xilinx Zynq and Raspberry Pi): 
* Added Aarch64 boot/startup support
* Added configuration templates for Raspberry Pi 3 and Xilinx ZynqMP UltraScale+
* Added Xilinx Zynq QSPI bare-metal Driver
* Added `NO_XIP` option for full `ext_flash_*` API on all partitions
* Added Xilinx SDK Project Template
* Added support for DTS image partitions
* Added wolfBoot signing tool in Native C (`tools/keytools/sign.c`).
* Added libwolfboot functions `int wolfBoot_fallback_is_possible(void);` and `int wolfBoot_dualboot_candidate(void);`
* Performance improvement to only hash application firmware image once
 2020-03-04 12:04:46 -08:00
Daniele Lacamera d33c5acac8 Added support for SHA3 2020-01-07 20:35:31 +01:00
Daniele Lacamera c847529698 Added RSA-4096 bit support 2020-01-07 11:32:09 +01:00
Chris Conlon 1f57ad9f39 update copyright to 2020 2020-01-03 15:36:00 -08:00
David Garske 79277d60ce Progress on expanding STM32WB testing support. Including external SPI/TPM and RSA. Fixes to prevent STM32WB macro collisions with PKA. Makefile improvements for combinations of PKA, SIGN and WOLFTPM. 2019-12-20 19:08:31 +01:00
Daniele Lacamera 25455744b6 Make Stm32 SPI driver more generic to reuse on other STM32 platforms 2019-12-20 19:08:31 +01:00
David Garske 041ca75793 Added support for TPM2.0 module via wolfTPM. Tested with STM32F4. Build using `make SIGN=ECC256 WOLFTPM=1`. 2019-12-17 10:59:11 -08:00
David Garske 6ed1e5ca5f Fixes for external SPI build options. 2019-12-17 10:38:18 -08:00
David Garske ac9e2b8647 Updated SP build options and stack usage warning. 2019-12-17 09:44:02 -08:00
David Garske fae6a974c8 Adds RSA support to wolfBoot using "SIGN=RSA2048". Includes RSA signing script tool in Python and instructions. 2019-12-17 09:44:02 -08:00
Daniele Lacamera 0b822cefbb Fixes to kinetis K82F 2019-11-11 14:27:16 -08:00
Daniele Lacamera ca9ffbab7c Configuration (via .config), single entry point for options 2019-10-10 20:39:25 +02:00
Daniele Lacamera 1970fbdd2e Fix for header type on SPI flash 2019-09-19 08:44:55 +02:00
Daniele Lacamera 34def41dd1 Added support for STM32F7 + DUALBANK_SWAP hw-assisted support 2019-07-17 11:37:43 -07:00
David Garske 33e3607e21 Updates to documentation for RISC-V addresses. Added link to wolfBoot-examples repo. Revert target.h changes. 2019-06-10 17:58:31 +02:00
David Garske 0f00f8e700 SiFive HiFive (FE310) RISC-V support 
* HiFive1 HAL Support for PLL Clock, UART, RTC and Flash QSPI Erase/Write.
* HiFive1 update demo application for accepting firmware updates over UART.
* Added test-update-server application for pushing firmware image over UART.
* Fixes for building with `make SIGN=ECC256`.
* Improvements to wolfCrypt `user_settings.h`.
* General library cleanup (license headers and formatting)
* Updated the wolfSSL submodule to latest.
* Documentation updates including new `Targets.md` section for hardare instructions.
 2019-06-07 13:08:15 -07:00
Daniele Lacamera 2ef5e47d61 Added test for bootloader update 2019-04-29 20:32:04 +02:00
Daniele Lacamera fc547e4a25 wolfBoot can update itself when compiled with RAM_CODE=1 
- Added wolfBoot version
- Added extra 16bit header tag to identify the image type and authentication
- Implemented optional in-ram self-update of the bootloader, with version control
and authentication mechanism (not fail-safe)
 2019-04-29 20:32:04 +02:00
Daniele Lacamera 937e9d46fb Introducing RAMCODE tag to transfer functions to RAM 
- Moved functions in the flash write path to RAM, so their execution
does not depend on flash access

- RAMCODE can be enabled via "make RAM_CODE=1"
 2019-04-29 20:32:04 +02:00
Daniele Lacamera b918014203 Multi-platform test application, added K82 to Kinetis port 2019-04-04 16:31:45 +02:00
Daniele Lacamera b5fd49a82a Initial experimental support for RISC-V 
- New Makefile to support multiple architectures
- Separate architecture-specific start-up files
- Stub for a hifive1 HAL port
 2019-04-01 14:01:14 +02:00
Daniele Lacamera 6324e8fe37 [CI] SPI tests fixed 2019-03-18 12:21:44 +01:00
Daniele Lacamera 630a10eafa Automated tests for EXT_FLASH/SPI_FLASH 2019-03-15 11:16:34 +01:00
Daniele Lacamera 7f60f68474 Faster sector copy 2019-03-10 09:48:06 +01:00
Daniele Lacamera bfa3f50a60 Restored target.h for default test 2019-02-15 14:45:27 +01:00
Daniele Lacamera 503b008cf5 New feature: allow swapping from external memory (e.g. SPI flash) 2019-02-15 13:41:06 +01:00
Daniele Lacamera 07db864ab1 EXT flash support: image header mapping 2019-02-13 13:08:32 +01:00
Daniele Lacamera 3a455383a1 STM32F4 Test application: modified to turn a led on early at boot to measure 
boot time.
 2019-01-22 11:58:42 +01:00
Daniele Lacamera 41c60f4bd2 Ecc256 signature verification with sp-math support, work in progress 2019-01-21 05:28:59 +01:00
Daniele Lacamera 61bbfef35c Separated library functions for in-app use 2018-11-22 16:22:30 +01:00
Daniele Lacamera ce98d46cb3 Separate include file for application access 2018-11-22 16:13:50 +01:00
Daniele Lacamera 9403c711ad Update mechanism implemented, ed25519 signing tool changed 2018-11-22 15:47:41 +01:00