WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,873 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

73 Commits (b97abd4ace4bda6bc7888bd74622c7b13bfc08c0)

Author SHA1 Message Date
jordan b97abd4ace Add ML-DSA support. 2024-10-14 10:13:52 +02:00
David Garske 9e17315d49 Fixes for building wolfBoot with XMSS/LMS. 2024-08-14 18:06:12 +02:00
David Garske 918fdc57fd Added keygen `--der` option to allow ECC private key as ASN.1/DER. Added sign tool ECC key load support for ASN.1/DER private key (default is raw pub x/y, priv d). Refactored sign tool RSA/ECC logic to consolidate code and allow proper "auto" detection for different RSA key sizes. 2024-06-26 20:11:04 +02:00
jordan bd0e25af16 Add wc_lms support. 2024-05-07 19:25:18 +02:00
jordan 13d746ab9a Add wc_xmss support. 2024-05-07 19:25:18 +02:00
David Garske cafef6be55 Update the KeyTools for Windows. 2024-05-02 14:14:25 +02:00
Daniele Lacamera fce6149cf8 Update license GPL2 -> GPL3 2024-04-16 16:46:15 +02:00
Jim Norton 1a0eb3d851 Fixed indentation issue. 2024-04-05 08:52:03 +02:00
Jim Norton e4c6d4c34c Added support for custom-tlv-string 2024-04-05 08:52:03 +02:00
Daniele Lacamera e9d65b3bd2 Fixed TLV alignment for 8B fields 
+ added sim "get_tlv" command
 2024-03-08 18:40:34 +01:00
David Garske 01e22edb34 Fix sign tool TLV alignment padding. 2024-03-08 11:38:46 +01:00
Daniele Lacamera df3ccc55b5 Address reviewer's comment 
Don't allow "0xFF" in custom tags
 2024-02-29 17:29:29 +01:00
Daniele Lacamera 304e0e876e Added sign option `--custom-tlv-buffer` 2024-02-29 17:29:29 +01:00
Daniele Lacamera 43f7730576 Added support for custom TLVs in manifest header 2024-02-29 17:29:29 +01:00
David Garske 3eb41afa85 Fixes for ECC sign where the r/s is does not match key size and needs zero padded. 2023-11-29 22:24:07 +01:00
jordan 79aadb5cc1 XMSS wolfBoot support. 2023-11-06 14:31:05 +01:00
David Garske 798993d471 Fix for `directive output may be truncated` on Win where PATH_MAX is 260, not 1024. 2023-10-25 13:17:24 +02:00
Daniele Lacamera 04c8e8921c Add --no-ts option to sign tool 
For tests with reproducible payload across build
 2023-09-28 17:28:32 +02:00
David Garske 05b83544fb Fixes based on peer review. Add output of signed policy to file (append .sig). Tested successfully with multiple PCRs. In example unlock_disk extend PCR with random value after unseal to prevent unsealing after boot. 2023-09-12 12:26:48 +02:00
David Garske c04960c097 Fix simulator to not just while(1) on panic, which causes CI to spin/timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack. 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
jordan 938e6c2a3b Support LMS with pub key only. 2023-09-06 18:01:39 +02:00
jordan e23d450e45 LMS wolfBoot support. 2023-09-06 07:57:10 +02:00
Daniele Lacamera 66109b9f11 Delta updates: 32-bit fields for patch size 2023-09-01 13:36:21 +02:00
David Garske 9fc9f05988
Merge pull request #349 from danielinux/sign_image_size 
Override IMAGE_HEADER_SIZE via configuration value
 2023-08-21 08:04:11 -07:00
Daniele Lacamera dab16d3512 Override IMAGE_HEADER_SIZE via configuration 
If the calculated header_sz is smaller than the value requested via
.config (or via IMAGE_HEADER_SIZE=x when compiling keytools), override
the value calculated with the preset.
 2023-08-21 13:36:15 +02:00
David Garske fce1d53dd6 Clean Visual Studio builds for sign and keygen. 2023-08-18 10:56:26 -07:00
David Garske 2f0e699f82 Fix for keytools with path having spaces. Added note about sign.c use of `WOLFBOOT_SECTOR_SIZE` for delta support. 2023-08-18 10:39:42 -07:00
Daniele Lacamera e6e3afa0f4 sign.c: Fixed delta file truncate-before-close 2023-08-17 17:04:02 +02:00
Daniele Lacamera 77dd56de73 Fixes to sign.c running on windows 
Use generic buffer API to ensure that the files are open with the right
flags.

Non-POSIX systems would require `open()` to use an extra O_BINARY flag
to ensure the file is properly processed and sizes calculated
accordingly. As file descriptors are only needed in mmap() mode, the
win32 interface is reworked to use `fopen()` instead.

Thanks to Erik Chang for reporting this issue.
 2023-08-17 16:49:36 +02:00
John Bland 517cf6b9b8 update sign to decode keys instead of assuming they're raw 
add a github workflow for testing external partition signing
 2023-07-28 07:55:16 +02:00
John Bland 6a21c02e6c add a simulator test for using encryption and delta updates 
increase argument count max since the tools duplicate the sig and hash args
 2023-05-17 19:39:00 +02:00
John Bland 1e93b3d042 add policy signed header to sign.c 2023-04-12 13:36:03 -04:00
David Garske 2fc899254f Cleanups for NXP T2080 DEOS support: 
* Expanded the NXP QorIQ T2080 documentation in `docs/Targets.md`.
* T2080 fixes for boot code placement and generation of .bin.
* T2080 UART driver cleanup.
* Improve bin-assemble fill speed and report items added.
* Make portability fixes to enable building in `mingw32-make`.
* Cleanup the `docs/Targets.md` sections and links.
* Cleanup execute bits on code files.
 2022-12-06 06:20:48 +01:00
David Garske 3c2c26bf3a Fixes for IAR. Switch to new `src/keystore.c` for keys. Fixes for building keytools in Visual Studio. 2022-07-26 09:34:53 +02:00
Daniele Lacamera dd9c19a1f3 Fixed typo in argument parsing 2022-07-20 20:17:39 +02:00
Daniele Lacamera acfdd1f676 Added support for RSA3072 2022-05-31 12:13:34 +02:00
Daniele Lacamera a9ffb3c98a Fixed typos. Removed verbose command line help. 2022-05-24 17:24:31 +02:00
Daniele Lacamera 063c21430c Added partition ID. Extended sign manual 2022-05-24 13:31:50 +02:00
Daniele Lacamera b47b9cef9b Corrected style (indentation, line wrap) 2022-05-23 20:39:57 +02:00
Daniele Lacamera 3731157efe Sign tool: improved output (version, algorithms) 2022-05-23 15:27:22 +02:00
Daniele Lacamera 6d7d8646c6 Encrypted delta: support in C keytools + fixed test 2022-05-23 14:10:13 +02:00
David Garske 6068a8047c wolfBoot improvements (from elms): 
* Add `WOLFBOOT_DUALBOOT` for dynamic fallback
* Refactor header field parsing
* Cleanup compiler warnings and logic extra check
* Option to leave out partition based functions
* Add `WOLFBOOT_FIXED_PARTITIONS` enable using partition enum and related functions
* Wrap all delta update references
* Update raspberry documentation
* EFI refactoring
* Add `keytools_check` target
* Add "library" target
 2022-05-20 08:06:07 +02:00
Daniele Lacamera 3815067fa0 Fixed SIGN=NONE. Improved tests 2022-04-08 13:04:26 +02:00
Daniele Lacamera f04889ee29 Added SHA2-384 support for integrity checks 2022-04-06 09:41:37 +02:00
Daniele Lacamera d06178c3a8 Added new signature algo: ECC384 2022-04-01 12:21:42 -07:00
David Garske 262a5b0a78
Merge pull request #167 from danielinux/aes-encryption 
Add AES encryption support
 2022-02-09 10:55:51 -08:00
Daniele Lacamera 67912790de Fixed Chacha in C keytools 2022-02-07 16:39:56 +01:00
Daniele Lacamera 92e9a443fb Updated key tools to use complete IV range for AES 2022-02-07 10:51:18 +01:00
Daniele Lacamera bd69326e0f Propagate the selected IMAGE_HEADER_SIZE to sign.c 2022-02-02 12:23:32 +01:00