wolfBoot

Commit Graph

Author	SHA1	Message	Date
David Garske	ef35f473c9	Merge pull request #296 from jpbland1/tpm-root-trust wolfTPM pubkey storage with policy based access restriction	2023-05-04 15:09:06 -07:00
John Bland	fe2b797b01	get wolfboot simulator working with the tpm simulator move pcr reset and extend outside of session the tpm uses policy checking for modifying PCR's so we need to reset and extend the PCR's with the image hash before the session begins, currently tested unseal, having trouble getting the simulator to run update in order to test reseal	2023-05-03 11:39:25 -04:00
John Bland	eb30566bba	add encryption key unsealing from the tpm make the config/examples/stm32f4-tpm-keystore.config config use ecc256	2023-04-24 13:23:09 -04:00
David Garske	69ca95eb94	Adds `factory_wstage1.bin` option to include first stage loader. Fix test-app verbose issue.	2023-04-21 16:41:00 +02:00
John Bland	79e2f43b68	add TPM pubkey sealing doc and update code based on pr comments	2023-04-14 01:55:14 -04:00
John Bland	7dd97be63c	update policy sealing logic based on pr comments	2023-04-12 11:20:46 -04:00
John Bland	3fbc99d36e	wolfTPM pubkey storage with policy based access restriction this update uses the tpm to retreive the public key used to validate the image that will boot and restricts access to that key by tpm policy. when the image is updated it's signature is used to extend the PCR and when the image is loaded it's signature must match what was sealed in order to get the public key from the tpm. enabling this option is done by setting WOLFBOOT_TPM_KEYSTORE in .config	2023-04-11 11:46:21 -04:00
Daniele Lacamera	43fa7b17f1	Added WOLFBOOT_HUGE_STACK option The option can be enabled to use RSA4096 with fast math.	2023-03-21 17:06:22 +01:00
David Garske	cb1eaff8e8	Support for SP math with AARCH64 when hardware supports it.	2023-03-09 07:05:24 +01:00
David Garske	8dd0ee347f	Support for the STM32 OCTOSPI peripheral.	2023-02-02 12:11:23 -08:00
David Garske	a9526bab8f	STM32 QSPI Flash support. Refactor SPI to allow different GPIO base/AF for each pin. Adds `DEBUG_UART` support for H7.	2022-12-20 13:31:28 +01:00
David Garske	f283929161	Improvements to gap fill. The default gap filling byte is `0xFF`. If using `FLAGS_INVERT=1` uses `0x00`. Can be overridden at build-time using `FILL_BYTE`. Fixes ZD 15356.	2022-12-19 11:38:00 +01:00
David Garske	6d45564112	Test size increases. Improve user_settings.h ECC options.	2022-12-06 06:20:48 +01:00
David Garske	2fc899254f	Cleanups for NXP T2080 DEOS support: * Expanded the NXP QorIQ T2080 documentation in `docs/Targets.md`. * T2080 fixes for boot code placement and generation of .bin. * T2080 UART driver cleanup. * Improve bin-assemble fill speed and report items added. * Make portability fixes to enable building in `mingw32-make`. * Cleanup the `docs/Targets.md` sections and links. * Cleanup execute bits on code files.	2022-12-06 06:20:48 +01:00
Daniele Lacamera	5114e308ae	Updated wolfSSL and wolfTPM submodules	2022-10-14 12:48:47 +02:00
Daniele Lacamera	a6fdec3901	self-encrypt prototype; tested on stm32l0	2022-09-21 18:49:52 +02:00
Daniele Lacamera	9605dd283f	Fixes for test cases using keystore	2022-07-19 15:33:29 +02:00
Daniele Lacamera	513163a77b	Added "ARMORED" check for part id flags mask	2022-07-19 15:32:28 +02:00
Daniele Lacamera	1542a15c90	Keystore: array of public keys generated by keygen	2022-07-19 15:32:28 +02:00
Daniele Lacamera	acfdd1f676	Added support for RSA3072	2022-05-31 12:13:34 +02:00
David Garske	f63c323677	Cleanups and restore a few changes.	2022-05-20 08:06:07 +02:00
David Garske	6068a8047c	wolfBoot improvements (from elms): * Add `WOLFBOOT_DUALBOOT` for dynamic fallback * Refactor header field parsing * Cleanup compiler warnings and logic extra check * Option to leave out partition based functions * Add `WOLFBOOT_FIXED_PARTITIONS` enable using partition enum and related functions * Wrap all delta update references * Update raspberry documentation * EFI refactoring * Add `keytools_check` target * Add "library" target	2022-05-20 08:06:07 +02:00
Daniele Lacamera	082a7b2fb2	Adjusted stack size for ECC256	2022-05-04 14:40:27 +02:00
Daniele Lacamera	5a4a574a68	Fixed stack usage limit for SIGN=NONE	2022-04-08 19:53:54 +02:00
Daniele Lacamera	b32aaee4d4	Fixed stack size for ECC384 + FAST_MATH	2022-04-07 18:38:16 +02:00
Daniele Lacamera	f04889ee29	Added SHA2-384 support for integrity checks	2022-04-06 09:41:37 +02:00
Daniele Lacamera	d06178c3a8	Added new signature algo: ECC384	2022-04-01 12:21:42 -07:00
Daniele	d3b910b91d	Removed redundant assignment of IMAGE_HEADER_SIZE	2022-03-24 11:46:41 +01:00
Daniele	b3e9c49a2c	Fix to override small image_hdr_size	2022-03-24 07:48:35 +01:00
Daniele	c4acbbe59a	Added default IMAGE_HDR_SIZE for ECC256	2022-03-23 22:44:20 +01:00
David Garske	a56abdcffb	Fix for ED25519 default image header size not being set. Fixed others to allow override.	2022-03-23 22:23:17 +01:00
Daniele Lacamera	5a15fe1138	Added armored panic() function form arm cortex-m	2022-03-14 13:06:13 +01:00
David Garske	262a5b0a78	Merge pull request #167 from danielinux/aes-encryption Add AES encryption support	2022-02-09 10:55:51 -08:00
Daniele Lacamera	daff2a04a8	Fixed STM32L4 HAL, added IMAGE_HEADER_SIZE option	2022-02-02 12:05:14 +01:00
Daniele Lacamera	43a5a38629	Fixes to AES-CTR encryption after testing	2022-01-31 16:46:09 +01:00
Daniele Lacamera	5551666e08	Draft: added AES encryption support	2022-01-28 20:26:59 +01:00
Daniele Lacamera	5be0b42c8d	Fixed delta manifest header alignment	2022-01-17 13:34:54 +01:00
Daniele Lacamera	845fd02edf	Added tests for ed448, fixed sign.py	2021-12-14 16:55:10 +01:00
Daniele Lacamera	2e7b63eae5	Adding support for ED448 verification	2021-12-13 12:05:37 +01:00
Marco Oliverio	a187442455	support booting EFI application on x86_64 architecture Co-authored-by: Daniele Lacamera <daniele@wolfssl.com>	2021-11-30 18:43:50 +01:00
Daniele Lacamera	51ad005976	CL bmpatch/bmdiff tool moved to separate module	2021-08-17 16:01:16 +02:00
Daniele Lacamera	b21f0f93b7	Using fixed delta blocks of 256B to save memory	2021-08-16 16:38:06 +02:00
Daniele Lacamera	13541ec046	Delta updates, draft update mechanism with hdr replacement	2021-08-16 11:56:13 +02:00
Daniele Lacamera	572414fba6	Use library version as default WOLFBOOT_VERSION	2021-07-19 17:02:40 +02:00
Daniele Lacamera	6aa5ee96ca	Updated submodules, added -Werror	2021-07-15 17:38:12 +02:00
Daniele Lacamera	02d886b318	Fixed stack limit for ECC + FAST_MATH	2021-07-15 17:21:18 +02:00
Daniele Lacamera	a31b83fee4	Inverted logic for stack size check on TPM	2021-07-15 15:36:29 +02:00
Daniele Lacamera	6815ab6d03	Fixed stack warning in ECC+FASTMATH	2021-07-15 15:03:39 +02:00
Daniele Lacamera	7d26f3990e	Fixed stack usage warnings	2021-07-15 14:51:28 +02:00
Daniele Lacamera	cb0f3ec3a3	Fixed RSA+SMALL_STACK+FASTMATH	2021-07-14 16:17:34 +02:00
Daniele Lacamera	45570e6c21	Fixes for USE_FAST_MATH	2021-07-13 18:09:20 +02:00
Daniele Lacamera	330cbac7e2	Fixed case NO_SIGN + SMALL_STACK, added test	2021-07-09 11:40:31 +02:00
Daniele Lacamera	4c70ea94ed	Removed duplicate code	2021-07-09 10:46:27 +02:00
Daniele Lacamera	4c4d7d69f8	Add support for WOLFBOOT_SMALL_STACK	2021-07-09 10:15:37 +02:00
Daniele Lacamera	e749ecd18b	Update options after rebase on latest master	2021-06-28 13:54:00 +02:00
Daniele Lacamera	f2bab09777	Added support for SIGN=NONE	2021-06-28 13:52:00 +02:00
Elms	b4f68d0c6b	TMS570LC43xx: fix default compiler programs and options	2021-06-23 09:12:17 +02:00
Elms	fad70ef7f7	make: refactor `-Wstack-usage` and `XMALLOC_USER` and override for R5	2021-06-23 09:12:17 +02:00
Elms	ee0f93fee0	TMS570LC43xx: Add flash from RAM and test-app and cleanup * add flash demo from RAM * clean up linker script and flags * Add hercules test-app: link script and minimal c file `make CCS_ROOT=/c/ti/ccs1031/ccs/tools/compiler/ti-cgt-arm_20.2.4.LTS F021_DIR=/c/ti/Hercules/F021\ Flash\ API/02.01.01`	2021-06-23 09:12:17 +02:00
David Garske	31b785fe7e	Progress with cross-compiling wolfBoot. Will also be creating CCS project.	2021-06-23 09:12:17 +02:00
David Garske	fcf7fcc93e	Adjust RSA4096 stack usage warning.	2021-03-26 16:38:08 +01:00
David Garske	7793433b3a	Updated RSA to use inline operation and disable OAEP padding. This allows removal of the XMALLOC/XFREE SP code. Once PR https://github.com/wolfSSL/wolfssl/pull/3918 is merged we can update submodule.	2021-03-26 16:38:08 +01:00
David Garske	c14e70a12c	Changed RSA4096 to use SP math. Fix to disable dynamic stacks `WOLFSSL_SP_NO_DYN_STACK`. Added G0 details. Update submodules.	2021-03-26 16:38:08 +01:00
Dimitar Tomov	2f3fc6600b	Latest wolfTPM has Parameter Encryption that requires HMAC and AES support * Add new src/tpm2_param_enc object for wolfTPM * Enable wolfcrypt HMAC support required for TPM2.0 KDFa * Enable wolfcrypt AES support required for AES CFB parameter encryption Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>	2021-01-26 08:13:26 +01:00
Dimitar Tomov	a2ff8f1d8e	Make sure wolfTPM support is included when measured boot is enabled Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>	2020-12-10 17:46:51 +02:00
Dimitar Tomov	259008d418	Add user option to select the PCR for measured boot Define name is intentionally using PCR_X naming scheme to allow multiple stage measured boot in the future. Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>	2020-12-10 00:22:11 +02:00
Dimitar Tomov	5d877bc912	Added measured boot Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>	2020-12-10 00:15:02 +02:00
David Garske	4706d2f126	Peer review fixes. Fixes for SHA3 and RSA4096 in makefiles. Fixes for Xilinx SDK excludes. Cleanup of the printf to use the built-in facilities (`wolfBoot_printf`).	2020-11-12 10:47:32 +01:00
Daniele Lacamera	5562107ec8	Fixed build with RSA4096 (tfm.o was missing)	2020-11-05 10:16:51 +01:00
Daniele Lacamera	4e27d9197f	Added compile-time option to invert FLAGS logic (FLAGS_INVERT=1)	2020-11-03 11:05:14 +01:00
Daniele Lacamera	b0fbafe014	Added DISABLE_BACKUP option	2020-09-14 16:31:07 +02:00
Daniele Lacamera	75898806eb	Added option FLAGS_HOME to store UPDATE flags in the BOOT partition	2020-09-11 11:25:51 +02:00

1 2 3

122 Commits (8b1babb7d8c78d236fffd86943f5669b4eec8f63)