WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,092 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

89 Commits (8fff9cf3d721026b9cc8974e24b2592d1537f83d)

Author SHA1 Message Date
David Garske 8fff9cf3d7 Temp fix: `sign.c:67:5: error: implicit declaration of function '_chsize_s' [-Werror=implicit-function-declaration]` 2025-04-29 11:50:29 +02:00
Daniele Lacamera afcdefa733 Sign: use manifest header to retrieve base version 2024-12-30 16:36:00 +01:00
David Garske 4991eabb18 Peer review fixes. Default to ML-DSA level 2. 2024-12-05 13:39:47 -08:00
Daniele Lacamera 7132a13545 Complete generic sign 2024-12-03 11:10:16 +01:00
Daniele Lacamera 04d2ecd246 Remove dependency from PQC parameters. Speed up tests. 2024-12-02 18:55:32 +01:00
Daniele Lacamera 05d0e92ecf Removed forced inflation of header size in `sign` 2024-12-02 14:07:43 +01:00
Daniele Lacamera d3935774d9 Fix header size in hybrid mode 2024-12-02 12:03:32 +01:00
Daniele Lacamera 75efbd9cfb Removed all compile-time dependency from keytools 2024-11-26 13:17:00 +01:00
Daniele Lacamera 93866f7376 Use minimum 512B of header with delta updates 2024-11-26 11:04:09 +01:00
Daniele Lacamera 6c8aafe09d Remove keytools dependency on IMAGE_HEADER_SIZE. 
- Added getenv() to override the value at runtime
- Removed doc on old python tools
 2024-11-26 10:57:06 +01:00
David Garske bf4c8017dd Test: adding action to build keytools on windows. 
* Update key tools VS project to 2022.
* Fix a few warnings in sign.c
* Fix issues with windows already having min/max.
* Fix (workaround) issue with key tools needing WOLFBOOT_SECTOR_SIZE.
 2024-11-25 14:38:29 -08:00
Daniele Lacamera 3a69b0e41a Don't fail if the image contains no base sha 
+ Added --no-base-sha option to sign
 2024-11-22 11:58:17 +01:00
Daniele Lacamera 7347f334b3 Delta update: check sha digest of base image 
Only allow delta update if the sha digest of the base image matches the
expected value. This is to prevent the delta update from being applied
to an image that is not the expected base image, even if the version
matches.

The mismatch should never happen in real-life scenarios, but it is to check
for false positives during integration, testing and development.
 2024-11-21 14:28:40 +01:00
David Garske aec2809212 Cleanups after hybrid signing PR. 2024-10-31 11:23:52 +01:00
Daniele Lacamera 4743ec06c1 Reviewer comments: fixed typos, less verbose sign 
Removed some debug leftovers
 2024-10-30 13:17:09 +01:00
Daniele Lacamera cc447ea879 Support for hybrid authentication (2 ciphers) 2024-10-30 13:17:06 +01:00
jordan b97abd4ace Add ML-DSA support. 2024-10-14 10:13:52 +02:00
David Garske 9e17315d49 Fixes for building wolfBoot with XMSS/LMS. 2024-08-14 18:06:12 +02:00
David Garske 918fdc57fd Added keygen `--der` option to allow ECC private key as ASN.1/DER. Added sign tool ECC key load support for ASN.1/DER private key (default is raw pub x/y, priv d). Refactored sign tool RSA/ECC logic to consolidate code and allow proper "auto" detection for different RSA key sizes. 2024-06-26 20:11:04 +02:00
jordan bd0e25af16 Add wc_lms support. 2024-05-07 19:25:18 +02:00
jordan 13d746ab9a Add wc_xmss support. 2024-05-07 19:25:18 +02:00
David Garske cafef6be55 Update the KeyTools for Windows. 2024-05-02 14:14:25 +02:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
Jim Norton 1a0eb3d851 Fixed indentation issue. 2024-04-05 08:52:03 +02:00
Jim Norton e4c6d4c34c Added support for custom-tlv-string 2024-04-05 08:52:03 +02:00
Daniele Lacamera e9d65b3bd2 Fixed TLV alignment for 8B fields 
+ added sim "get_tlv" command
 2024-03-08 18:40:34 +01:00
David Garske 01e22edb34 Fix sign tool TLV alignment padding. 2024-03-08 11:38:46 +01:00
Daniele Lacamera df3ccc55b5 Address reviewer's comment 
Don't allow "0xFF" in custom tags
 2024-02-29 17:29:29 +01:00
Daniele Lacamera 304e0e876e Added sign option `--custom-tlv-buffer` 2024-02-29 17:29:29 +01:00
Daniele Lacamera 43f7730576 Added support for custom TLVs in manifest header 2024-02-29 17:29:29 +01:00
David Garske 3eb41afa85 Fixes for ECC sign where the r/s is does not match key size and needs zero padded. 2023-11-29 22:24:07 +01:00
jordan 79aadb5cc1 XMSS wolfBoot support. 2023-11-06 14:31:05 +01:00
David Garske 798993d471 Fix for `directive output may be truncated` on Win where PATH_MAX is 260, not 1024. 2023-10-25 13:17:24 +02:00
Daniele Lacamera 04c8e8921c Add --no-ts option to sign tool 
For tests with reproducible payload across build
 2023-09-28 17:28:32 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
jordan 938e6c2a3b Support LMS with pub key only. 2023-09-06 18:01:39 +02:00
jordan e23d450e45 LMS wolfBoot support. 2023-09-06 07:57:10 +02:00
Daniele Lacamera 66109b9f11 Delta updates: 32-bit fields for patch size 2023-09-01 13:36:21 +02:00
David Garske 9fc9f05988
Merge pull request #349 from danielinux/sign_image_size 
Override IMAGE_HEADER_SIZE via configuration value
 2023-08-21 08:04:11 -07:00
Daniele Lacamera dab16d3512 Override IMAGE_HEADER_SIZE via configuration 
If the calculated header_sz is smaller than the value requested via
.config (or via IMAGE_HEADER_SIZE=x when compiling keytools), override
the value calculated with the preset.
 2023-08-21 13:36:15 +02:00
David Garske fce1d53dd6 Clean Visual Studio builds for sign and keygen. 2023-08-18 10:56:26 -07:00
David Garske 2f0e699f82 Fix for keytools with path having spaces. Added note about sign.c use of `WOLFBOOT_SECTOR_SIZE` for delta support. 2023-08-18 10:39:42 -07:00
Daniele Lacamera e6e3afa0f4 sign.c: Fixed delta file truncate-before-close 2023-08-17 17:04:02 +02:00
Daniele Lacamera 77dd56de73 Fixes to sign.c running on windows 
Use generic buffer API to ensure that the files are open with the right
flags.

Non-POSIX systems would require `open()` to use an extra O_BINARY flag
to ensure the file is properly processed and sizes calculated
accordingly. As file descriptors are only needed in mmap() mode, the
win32 interface is reworked to use `fopen()` instead.

Thanks to Erik Chang for reporting this issue.
 2023-08-17 16:49:36 +02:00
John Bland 517cf6b9b8 update sign to decode keys instead of assuming they're raw 
add a github workflow for testing external partition signing
 2023-07-28 07:55:16 +02:00
John Bland 6a21c02e6c add a simulator test for using encryption and delta updates 
increase argument count max since the tools duplicate the sig and hash args
 2023-05-17 19:39:00 +02:00
John Bland 1e93b3d042 add policy signed header to sign.c 2023-04-12 13:36:03 -04:00
David Garske 2fc899254f Cleanups for NXP T2080 DEOS support: 
* Expanded the NXP QorIQ T2080 documentation in `docs/Targets.md`.
* T2080 fixes for boot code placement and generation of .bin.
* T2080 UART driver cleanup.
* Improve bin-assemble fill speed and report items added.
* Make portability fixes to enable building in `mingw32-make`.
* Cleanup the `docs/Targets.md` sections and links.
* Cleanup execute bits on code files.
 2022-12-06 06:20:48 +01:00