WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity
2,122 Commits
29 Branches
28 Tags
20 MiB
Commit Graph

148 Commits (d689656a718c6c6423af4476b7deedb245e23948)

Author SHA1 Message Date
Daniele Lacamera b8a5a6243d Cleanup, config rename, documentation 2023-09-21 08:31:30 +02:00
Daniele Lacamera 291adfe87d Fixed merge of user_settings with new TPM logic 2023-09-21 08:31:28 +02:00
Daniele Lacamera d53999de18 Fixed PKCS11 store functions. 
Working C_InitToken/C_Login.
 2023-09-21 08:28:23 +02:00
Daniele Lacamera fd862cbd8f Working PKCS11 test. 
Temporarily removed some features so the image fits in 64Kb
 2023-09-21 08:28:09 +02:00
Daniele Lacamera 5b57d2d08f PKCS11 store functions using wolfBoot hal 2023-09-21 07:57:18 +02:00
Daniele Lacamera f7d6c17685 TZ: PKCS11 wrappers via wolfPKCS11 in S world 2023-09-21 07:57:18 +02:00
Daniele Lacamera fd809c5b69 Expanded WCS interface 
- Added TRNG driver for STM32L5
- Link with correct objects in test-app
- Expanded wc_callable interface
 2023-09-21 07:57:18 +02:00
Marco Oliverio 478afe33f3 x86_fsp: move cflags into options.mk 2023-09-19 09:33:16 +00:00
David Garske 2349a68e76 Added support for storing sealed blobs into NV. Refactor the TPM signature verify to use existing load public key function and generic verify hash TPM function. Added support for RSA sign with ASN.1 encoding (Example: `SIGN=RSA2048ENC`). 2023-09-12 12:26:48 +02:00
David Garske 490286be7d Support for sealing/unseal a secret based on an externally signed PCR policy. 
* Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options.
* Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy.
* Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used.
* Added example seal/unseal to update_flash for ARCH_SIM.
* Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys.
* Refactored most TPM code into tpm.c.
* Refactored the keystore ROT to use new `wolfBoot_check_rot` API.
* Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing.
* Fix for make distclean && make using the wrong key tools.
 2023-09-12 12:26:48 +02:00
jordan e23d450e45 LMS wolfBoot support. 2023-09-06 07:57:10 +02:00
Daniele Lacamera 87f97c111c Addressed reviewer's comments 2023-09-05 10:31:09 +02:00
Daniele Lacamera 75444cf93b Support for ATA Security feature set 2023-09-04 18:05:37 +02:00
David Garske 19424c86c9 Added optional `WOLFBOOT_TPM_KEYSTORE_AUTH` for build-time NV auth. 2023-08-22 07:12:05 +02:00
David Garske 0ee918f9f6 Fixes for simulator malloc/free. Fix for RSA encrypt missing `wc_RsaPublicEncrypt_ex`. 2023-08-17 13:43:58 +02:00
David Garske 103503cf8a Fixes to get WOLFBOOT_TPM_KEYSTORE working with ECC SRK and Parameter Encryption. 2023-08-17 13:43:58 +02:00
David Garske 69adb25496 wolfBoot TPM improvements: 
* Added TPM SPI wait state support and debug logging.
* Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`.
* Added parameter encryption support.
* Added TPM based root of trust based on https://github.com/wolfSSL/wolfTPM/pull/276
* Removed the TPM hashing feature (not practical).
* Fixed RSA with wolfTPM build.
* Fixed cleanup wolfTPM objects on make clean.
 2023-08-17 13:43:58 +02:00
David Garske 7190392245 Simulator fixes and support for using MacOS: 
* Added simulator support for Mac.
* Fix for simulator to properly assemble wolfboot.bin + signedtestapp + update + swap.
* Fixes for handling 64-bit assigned mmap virtual addresses. Added hal_flash_write and hal_flash_erase support for 64-bit address using uintptr_t. Enabled if platform is 64-bit and `FORCE_32BIT` is not defined
* Fix simulator conflict with src/libwolfboot.o object in test-app.
* Cleanup test-app linker flags.
 2023-08-07 20:54:18 +02:00
Marco Oliverio c4ec5eef35 x86: support Intel FSP (TigerLake and QEMU) 2023-07-24 18:12:32 +00:00
Marco Oliverio 93b7281d12 x86: support MMU paging on x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio ab60ec47cb feature: support multiboot2 boot protocol 2023-07-24 18:12:14 +00:00
Marco Oliverio 30af6f617c x86: support Linux boot protocol for 32bit x86 architecture 2023-07-24 18:12:14 +00:00
Marco Oliverio 9aee0b4cdd TPM: support WOLFTPM_MMIO 2023-07-24 18:12:13 +00:00
David Garske db15f9b0f1 Further NXP P1021 fixes and improvements: 
* Added ELF32 and ELF64 loader support (config `ELF=1` or build option `WOLFBOOT_ELF`).
* Add ELF support to `update_ram.c` loader.
* Add support for loading entire flash image to RAM when `EXT_FLASH=1` and `NO_XIP=1` (or `WOLFBOOT_USE_RAMBOOT`).
* Added QUICC Engine support to load microcode and enable.
* Add multiple core support for NXP P1021.
* Fixes to resolve first stage boot ROM relocation.
  - Implemented temporary workaround to resolve stack traps.
* Added PPC GOT relocation support.
* Fix for the PPC `isr_empty` handler address.
* Fix to allow stack to use DDR by having assembly setup DDR TLB. After relocating wolfBoot use stack on DDR.
* Cleanup wolfBoot output.
  - Only remove extra .bin/.elf created unless `make distclean` is used.
  - Don't output the key grep test (only check result).
  - Adjust build order (first stage, wolfboot, test app, key, sign test app and factory).
  - Fix to make sure linker script is rebuilt before objects.

Sample NXP P1021 Output:

```
Relocating BOOT ROM to DDR
Loading wolfBoot to DDR
Jumping to full wolfBoot
wolfBoot HAL Init
Flash Init: Ret 0, ID 0x76207620
QE: Length 63732, Count 1
QE: uploading 'Microcode for P1021 r1.0' version 0.0.1
QE: Traps 0
MP: Starting core 2 (spin table 0xFFFFF240)
Versions: Boot 1, Update 0
Trying Boot partition at 0x200000
Loading header 512 bytes to 0x1DFFFE00
Loading image 3170724 bytes to 0x1E000000
Image size 3170724
Firmware Valid
Loading elf at 0x1E000000
Found valid elf32 (big endian)
Booting at 0x6000
```
 2023-07-05 17:03:57 +02:00
David Garske a56e2252c1 Revert the TPM based key store (root of trust). This feature is not ready for next release. 2023-07-04 08:36:41 +02:00
David Garske 0f110e4cd9 Progress on eSPI support for NXP P1021 TPM. 2023-05-04 15:23:45 -07:00
David Garske ef35f473c9
Merge pull request #296 from jpbland1/tpm-root-trust 
wolfTPM pubkey storage with policy based access restriction
 2023-05-04 15:09:06 -07:00
John Bland fe2b797b01 get wolfboot simulator working with the tpm simulator 
move pcr reset and extend outside of session

the tpm uses policy checking for modifying PCR's so we need to reset and extend the PCR's with the image hash before the session begins, currently tested unseal, having trouble getting the simulator to run update in order to test reseal
 2023-05-03 11:39:25 -04:00
John Bland eb30566bba add encryption key unsealing from the tpm 
make the config/examples/stm32f4-tpm-keystore.config config use ecc256
 2023-04-24 13:23:09 -04:00
David Garske 69ca95eb94 Adds `factory_wstage1.bin` option to include first stage loader. Fix test-app verbose issue. 2023-04-21 16:41:00 +02:00
John Bland 79e2f43b68 add TPM pubkey sealing doc and update code based on pr comments 2023-04-14 01:55:14 -04:00
John Bland 7dd97be63c update policy sealing logic based on pr comments 2023-04-12 11:20:46 -04:00
John Bland 3fbc99d36e wolfTPM pubkey storage with policy based access restriction 
this update uses the tpm to retreive the public key used to validate the image that will boot and restricts access to that key by tpm policy. when the image is updated it's signature is used to extend the PCR and when the image is loaded it's signature must match what was sealed in order to get the public key from the tpm. enabling this option is done by setting WOLFBOOT_TPM_KEYSTORE in .config
 2023-04-11 11:46:21 -04:00
Daniele Lacamera 43fa7b17f1 Added WOLFBOOT_HUGE_STACK option 
The option can be enabled to use RSA4096 with fast math.
 2023-03-21 17:06:22 +01:00
David Garske cb1eaff8e8 Support for SP math with AARCH64 when hardware supports it. 2023-03-09 07:05:24 +01:00
David Garske 8dd0ee347f Support for the STM32 OCTOSPI peripheral. 2023-02-02 12:11:23 -08:00
David Garske a9526bab8f STM32 QSPI Flash support. Refactor SPI to allow different GPIO base/AF for each pin. Adds `DEBUG_UART` support for H7. 2022-12-20 13:31:28 +01:00
David Garske f283929161 Improvements to gap fill. The default gap filling byte is `0xFF`. If using `FLAGS_INVERT=1` uses `0x00`. Can be overridden at build-time using `FILL_BYTE`. Fixes ZD 15356. 2022-12-19 11:38:00 +01:00
David Garske 6d45564112 Test size increases. Improve user_settings.h ECC options. 2022-12-06 06:20:48 +01:00
David Garske 2fc899254f Cleanups for NXP T2080 DEOS support: 
* Expanded the NXP QorIQ T2080 documentation in `docs/Targets.md`.
* T2080 fixes for boot code placement and generation of .bin.
* T2080 UART driver cleanup.
* Improve bin-assemble fill speed and report items added.
* Make portability fixes to enable building in `mingw32-make`.
* Cleanup the `docs/Targets.md` sections and links.
* Cleanup execute bits on code files.
 2022-12-06 06:20:48 +01:00
Daniele Lacamera 5114e308ae Updated wolfSSL and wolfTPM submodules 2022-10-14 12:48:47 +02:00
Daniele Lacamera a6fdec3901 self-encrypt prototype; tested on stm32l0 2022-09-21 18:49:52 +02:00
Daniele Lacamera 9605dd283f Fixes for test cases using keystore 2022-07-19 15:33:29 +02:00
Daniele Lacamera 513163a77b Added "ARMORED" check for part id flags mask 2022-07-19 15:32:28 +02:00
Daniele Lacamera 1542a15c90 Keystore: array of public keys generated by keygen 2022-07-19 15:32:28 +02:00
Daniele Lacamera acfdd1f676 Added support for RSA3072 2022-05-31 12:13:34 +02:00
David Garske f63c323677 Cleanups and restore a few changes. 2022-05-20 08:06:07 +02:00
David Garske 6068a8047c wolfBoot improvements (from elms): 
* Add `WOLFBOOT_DUALBOOT` for dynamic fallback
* Refactor header field parsing
* Cleanup compiler warnings and logic extra check
* Option to leave out partition based functions
* Add `WOLFBOOT_FIXED_PARTITIONS` enable using partition enum and related functions
* Wrap all delta update references
* Update raspberry documentation
* EFI refactoring
* Add `keytools_check` target
* Add "library" target
 2022-05-20 08:06:07 +02:00
Daniele Lacamera 082a7b2fb2 Adjusted stack size for ECC256 2022-05-04 14:40:27 +02:00
Daniele Lacamera 5a4a574a68 Fixed stack usage limit for SIGN=NONE 2022-04-08 19:53:54 +02:00
Daniele Lacamera b32aaee4d4 Fixed stack size for ECC384 + FAST_MATH 2022-04-07 18:38:16 +02:00
Daniele Lacamera f04889ee29 Added SHA2-384 support for integrity checks 2022-04-06 09:41:37 +02:00
Daniele Lacamera d06178c3a8 Added new signature algo: ECC384 2022-04-01 12:21:42 -07:00
Daniele d3b910b91d Removed redundant assignment of IMAGE_HEADER_SIZE 2022-03-24 11:46:41 +01:00
Daniele b3e9c49a2c Fix to override small image_hdr_size 2022-03-24 07:48:35 +01:00
Daniele c4acbbe59a Added default IMAGE_HDR_SIZE for ECC256 2022-03-23 22:44:20 +01:00
David Garske a56abdcffb Fix for ED25519 default image header size not being set. Fixed others to allow override. 2022-03-23 22:23:17 +01:00
Daniele Lacamera 5a15fe1138 Added armored panic() function form arm cortex-m 2022-03-14 13:06:13 +01:00
David Garske 262a5b0a78
Merge pull request #167 from danielinux/aes-encryption 
Add AES encryption support
 2022-02-09 10:55:51 -08:00
Daniele Lacamera daff2a04a8 Fixed STM32L4 HAL, added IMAGE_HEADER_SIZE option 2022-02-02 12:05:14 +01:00
Daniele Lacamera 43a5a38629 Fixes to AES-CTR encryption after testing 2022-01-31 16:46:09 +01:00
Daniele Lacamera 5551666e08 Draft: added AES encryption support 2022-01-28 20:26:59 +01:00
Daniele Lacamera 5be0b42c8d Fixed delta manifest header alignment 2022-01-17 13:34:54 +01:00
Daniele Lacamera 845fd02edf Added tests for ed448, fixed sign.py 2021-12-14 16:55:10 +01:00
Daniele Lacamera 2e7b63eae5 Adding support for ED448 verification 2021-12-13 12:05:37 +01:00
Marco Oliverio a187442455 support booting EFI application on x86_64 architecture 
Co-authored-by: Daniele Lacamera <daniele@wolfssl.com>
 2021-11-30 18:43:50 +01:00
Daniele Lacamera 51ad005976 CL bmpatch/bmdiff tool moved to separate module 2021-08-17 16:01:16 +02:00
Daniele Lacamera b21f0f93b7 Using fixed delta blocks of 256B to save memory 2021-08-16 16:38:06 +02:00
Daniele Lacamera 13541ec046 Delta updates, draft update mechanism with hdr replacement 2021-08-16 11:56:13 +02:00
Daniele Lacamera 572414fba6 Use library version as default WOLFBOOT_VERSION 2021-07-19 17:02:40 +02:00
Daniele Lacamera 6aa5ee96ca Updated submodules, added -Werror 2021-07-15 17:38:12 +02:00
Daniele Lacamera 02d886b318 Fixed stack limit for ECC + FAST_MATH 2021-07-15 17:21:18 +02:00
Daniele Lacamera a31b83fee4 Inverted logic for stack size check on TPM 2021-07-15 15:36:29 +02:00
Daniele Lacamera 6815ab6d03 Fixed stack warning in ECC+FASTMATH 2021-07-15 15:03:39 +02:00
Daniele Lacamera 7d26f3990e Fixed stack usage warnings 2021-07-15 14:51:28 +02:00
Daniele Lacamera cb0f3ec3a3 Fixed RSA+SMALL_STACK+FASTMATH 2021-07-14 16:17:34 +02:00
Daniele Lacamera 45570e6c21 Fixes for USE_FAST_MATH 2021-07-13 18:09:20 +02:00
Daniele Lacamera 330cbac7e2 Fixed case NO_SIGN + SMALL_STACK, added test 2021-07-09 11:40:31 +02:00
Daniele Lacamera 4c70ea94ed Removed duplicate code 2021-07-09 10:46:27 +02:00
Daniele Lacamera 4c4d7d69f8 Add support for WOLFBOOT_SMALL_STACK 2021-07-09 10:15:37 +02:00
Daniele Lacamera e749ecd18b Update options after rebase on latest master 2021-06-28 13:54:00 +02:00
Daniele Lacamera f2bab09777 Added support for SIGN=NONE 2021-06-28 13:52:00 +02:00
Elms b4f68d0c6b TMS570LC43xx: fix default compiler programs and options 2021-06-23 09:12:17 +02:00
Elms fad70ef7f7 make: refactor `-Wstack-usage` and `XMALLOC_USER` and override for R5 2021-06-23 09:12:17 +02:00
Elms ee0f93fee0 TMS570LC43xx: Add flash from RAM and test-app and cleanup 
* add flash demo from RAM
 * clean up linker script and flags
 * Add hercules test-app: link script and minimal c file

`make CCS_ROOT=/c/ti/ccs1031/ccs/tools/compiler/ti-cgt-arm_20.2.4.LTS F021_DIR=/c/ti/Hercules/F021\ Flash\ API/02.01.01`
 2021-06-23 09:12:17 +02:00
David Garske 31b785fe7e Progress with cross-compiling wolfBoot. Will also be creating CCS project. 2021-06-23 09:12:17 +02:00
David Garske fcf7fcc93e Adjust RSA4096 stack usage warning. 2021-03-26 16:38:08 +01:00
David Garske 7793433b3a Updated RSA to use inline operation and disable OAEP padding. This allows removal of the XMALLOC/XFREE SP code. Once PR https://github.com/wolfSSL/wolfssl/pull/3918 is merged we can update submodule. 2021-03-26 16:38:08 +01:00
David Garske c14e70a12c Changed RSA4096 to use SP math. Fix to disable dynamic stacks `WOLFSSL_SP_NO_DYN_STACK`. Added G0 details. Update submodules. 2021-03-26 16:38:08 +01:00
Dimitar Tomov 2f3fc6600b Latest wolfTPM has Parameter Encryption that requires HMAC and AES support 
* Add new src/tpm2_param_enc object for wolfTPM
* Enable wolfcrypt HMAC support required for TPM2.0 KDFa
* Enable wolfcrypt AES support required for AES CFB parameter encryption

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2021-01-26 08:13:26 +01:00
Dimitar Tomov a2ff8f1d8e Make sure wolfTPM support is included when measured boot is enabled 
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2020-12-10 17:46:51 +02:00
Dimitar Tomov 259008d418 Add user option to select the PCR for measured boot 
Define name is intentionally using PCR_X naming scheme to allow
multiple stage measured boot in the future.

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2020-12-10 00:22:11 +02:00
Dimitar Tomov 5d877bc912 Added measured boot 
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
 2020-12-10 00:15:02 +02:00
David Garske 4706d2f126 Peer review fixes. Fixes for SHA3 and RSA4096 in makefiles. Fixes for Xilinx SDK excludes. Cleanup of the printf to use the built-in facilities (`wolfBoot_printf`). 2020-11-12 10:47:32 +01:00
Daniele Lacamera 5562107ec8 Fixed build with RSA4096 (tfm.o was missing) 2020-11-05 10:16:51 +01:00
Daniele Lacamera 4e27d9197f Added compile-time option to invert FLAGS logic (FLAGS_INVERT=1) 2020-11-03 11:05:14 +01:00
Daniele Lacamera b0fbafe014 Added DISABLE_BACKUP option 2020-09-14 16:31:07 +02:00
Daniele Lacamera 75898806eb Added option FLAGS_HOME to store UPDATE flags in the BOOT partition 2020-09-11 11:25:51 +02:00