WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

wolfTPM Zephyr Project Port #395 - Work by @aidangarske, @night1rider, and @dgarske

pull/395/head
Aidan Garske 2025-05-14 13:56:08 -07:00
parent 33a5f47eaf
commit 8b8bd479a4
27 changed files with 1034 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
.github/workflows/zephyr.yml vendored 100644
View File

@ -0,0 +1,102 @@
name: Zephyr wolfTPM Tests
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
jobs:
run_test:
name: Build
strategy:
matrix:
config:
- zephyr-ref: v3.4.0
zephyr-sdk: 0.16.1
runs-on: ubuntu-22.04
# This should be a safe limit for the tests to run.
timeout-minutes: 25
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
# most of the ci-base zephyr docker image packages
sudo apt-get install -y zip bridge-utils uml-utilities \
git cmake ninja-build gperf ccache dfu-util device-tree-compiler wget \
python3-dev python3-pip python3-setuptools python3-tk python3-wheel xz-utils file \
make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \
autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \
cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \
gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \
libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \
libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \
net-tools openssh-client parallel pkg-config python3-dev python3-pip \
python3-ply python3-setuptools python-is-python3 qemu-kvm rsync socat srecord sudo \
texinfo unzip wget ovmf xz-utils
- name: Install west
run: sudo pip install west
- name: Init west workspace
run: west init --mr ${{ matrix.config.zephyr-ref }} zephyr
- name: Update west.yml
working-directory: zephyr/zephyr
run: |
REF=$(echo '${{ github.ref }}' | sed -e 's/\//\\\//g')
sed -e 's/remotes:/remotes:\n \- name: wolfssl\n url\-base: https:\/\/github.com\/wolfssl/' -i west.yml
sed -e "s/remotes:/remotes:\n \- name: wolftpm\n url\-base: https:\/\/github.com\/${{ github.repository_owner }}/" -i west.yml
sed -e "s/projects:/projects:\n \- name: wolftpm\n path: modules\/lib\/wolftpm\n remote: wolftpm\n revision: $REF/" -i west.yml
sed -e 's/projects:/projects:\n \- name: wolfssl\n path: modules\/crypto\/wolfssl\n remote: wolfssl\n revision: master/' -i west.yml
- name: Update west workspace
working-directory: zephyr
run: west update -n -o=--depth=1
- name: Export zephyr
working-directory: zephyr
run: west zephyr-export
- name: Install pip dependencies
working-directory: zephyr
run: sudo pip install -r zephyr/scripts/requirements.txt
- name: Install zephyr SDK
run: |
wget -q https://github.com/zephyrproject-rtos/sdk-ng/releases/download/v${{ matrix.config.zephyr-sdk }}/zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
tar xf zephyr-sdk-${{ matrix.config.zephyr-sdk }}_linux-x86_64_minimal.tar.xz
cd zephyr-sdk-${{ matrix.config.zephyr-sdk }}
./setup.sh -h -c -t x86_64-zephyr-elf
- name: Build wolftpm tests
id: wolftpm_build
working-directory: zephyr
run : |
west build -p auto -b qemu_x86 modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_test
west build -p auto -b qemu_x86 modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_caps
# skipping tests, because no simulator TPM to run
#- name: Run wolftpm tests
# id: wolftpm_tests
# working-directory: zephyr
# run: |
# ./zephyr/scripts/twister --testsuite-root modules/lib/wolftpm --test zephyr/samples/wolftpm_wrap_caps/sample.lib.wolftpm_wrap_caps -vvv
# rm -rf zephyr/twister-out
# ./zephyr/scripts/twister --testsuite-root modules/lib/wolftpm --test zephyr/samples/wolftpm_wrap_test/sample.lib.wolftpm_wrap_test -vvv
# rm -rf zephyr/twister-out
- name: Zip failure logs
if: ${{ failure() && steps.wolftpm_build.outcome == 'failure' }}
run: |
zip -9 -r logs.zip zephyr/twister-out
- name: Upload failure logs
if: ${{ failure() && steps.wolftpm_build.outcome == 'failure' }}
uses: actions/upload-artifact@v4
with:
name: zephyr-client-test-logs
path: logs.zip
retention-days: 5

1
Makefile.am
View File

@ -42,6 +42,7 @@ include docs/include.am
include wrapper/include.am
include hal/include.am
include cmake/include.am
include zephyr/include.am
EXTRA_DIST+= .cyignore
EXTRA_DIST+= README.md

21
examples/csr/csr.c
View File

@ -38,12 +38,25 @@
#include <wolfssl/wolfcrypt/asn_public.h>
#ifndef NO_RSA
static const char* gClientCsrRsaFile = "./certs/tpm-rsa-cert.csr";
static const char* gClientCertRsaFile = "./certs/tpm-rsa-cert.pem";
#ifndef RSA_CERT_CSR
#define RSA_CERT_CSR "./certs/tpm-rsa-cert.csr"
#endif
#ifndef RSA_CERT_PEM
#define RSA_CERT_PEM "./certs/tpm-rsa-cert.pem"
#endif
static const char* gClientCsrRsaFile = RSA_CERT_CSR;
static const char* gClientCertRsaFile = RSA_CERT_PEM;
#endif
#ifdef HAVE_ECC
static const char* gClientCsrEccFile = "./certs/tpm-ecc-cert.csr";
static const char* gClientCertEccFile = "./certs/tpm-ecc-cert.pem";
#ifndef ECC_CERT_CSR
#define ECC_CERT_CSR "./certs/tpm-ecc-cert.csr"
#endif
#ifndef ECC_CERT_PEM
#define ECC_CERT_PEM "./certs/tpm-ecc-cert.pem"
#endif
static const char* gClientCsrEccFile = ECC_CERT_CSR;
static const char* gClientCertEccFile = ECC_CERT_PEM;
#endif
#ifndef MAX_PEM_SIZE

32
examples/keygen/keygen.c
View File

@ -36,6 +36,28 @@
#include <examples/tpm_test.h>
#include <examples/tpm_test_keys.h>
/* Output file path defines with defaults */
#ifndef OUTPUT_FILE
#define OUTPUT_FILE "keyblob.bin"
#endif
#ifndef EK_PUB_FILE
#define EK_PUB_FILE "ek.pub"
#endif
#ifndef SRK_PUB_FILE
#define SRK_PUB_FILE "srk.pub"
#endif
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
#ifndef AK_NAME_FILE
#define AK_NAME_FILE "ak.name"
#endif
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
/* PEM_FILE is NULL by default, but can be overridden */
#ifndef PEM_FILE
#define PEM_FILE NULL
#endif
#endif
#endif
/******************************************************************************/
/* --- BEGIN TPM Keygen Example -- */
@ -121,14 +143,14 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
int keyBits = 256;
const char* uniqueStr = NULL;
const char* authStr = NULL;
const char *outputFile = "keyblob.bin";
const char *ekPubFile = "ek.pub";
const char *srkPubFile = "srk.pub";
const char *outputFile = OUTPUT_FILE;
const char *ekPubFile = EK_PUB_FILE;
const char *srkPubFile = SRK_PUB_FILE;
const char *pubFilename = NULL;
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
const char *nameFile = "ak.name"; /* Name Digest for attestation purposes */
const char *nameFile = AK_NAME_FILE; /* Name Digest for attestation purposes */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_ASN)
const char *pemFilename = NULL;
const char *pemFilename = PEM_FILE;
#endif
#endif
const char* symMode = "aesctr";

62
examples/tls/tls_server.c
View File

@ -46,6 +46,34 @@ static int mStop = 0;
double benchStart;
#endif
/* CA Certificate path defines with defaults */
#ifndef CA_RSA_CERT_PATH
#define CA_RSA_CERT_PATH "./certs/ca-rsa-cert.pem"
#endif
#ifndef WOLF_CA_RSA_CERT_PATH
#define WOLF_CA_RSA_CERT_PATH "./certs/wolf-ca-rsa-cert.pem"
#endif
#ifndef CA_ECC_CERT_PATH
#define CA_ECC_CERT_PATH "./certs/ca-ecc-cert.pem"
#endif
#ifndef WOLF_CA_ECC_CERT_PATH
#define WOLF_CA_ECC_CERT_PATH "./certs/wolf-ca-ecc-cert.pem"
#endif
/* Server Certificate path defines with defaults */
#ifndef SERVER_RSA_CERT_PATH
#define SERVER_RSA_CERT_PATH "./certs/server-rsa-cert.pem"
#endif
#ifndef TPM_RSA_CERT_PATH
#define TPM_RSA_CERT_PATH "./certs/tpm-rsa-cert.pem"
#endif
#ifndef SERVER_ECC_CERT_PATH
#define SERVER_ECC_CERT_PATH "./certs/server-ecc-cert.pem"
#endif
#ifndef TPM_ECC_CERT_PATH
#define TPM_ECC_CERT_PATH "./certs/tpm-ecc-cert.pem"
#endif
/*
* Generating the Server Certificate
*
@ -380,14 +408,14 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
/* Load CA Certificates */
if (!useECC) {
#ifndef NO_RSA
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/ca-rsa-cert.pem",
if (wolfSSL_CTX_load_verify_locations(ctx, CA_RSA_CERT_PATH,
0) != WOLFSSL_SUCCESS) {
printf("Error loading ca-rsa-cert.pem cert\n");
printf("Error loading %s cert\n", CA_RSA_CERT_PATH);
goto exit;
}
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/wolf-ca-rsa-cert.pem",
if (wolfSSL_CTX_load_verify_locations(ctx, WOLF_CA_RSA_CERT_PATH,
0) != WOLFSSL_SUCCESS) {
printf("Error loading wolf-ca-rsa-cert.pem cert\n");
printf("Error loading %s cert\n", WOLF_CA_RSA_CERT_PATH);
goto exit;
}
#else
@ -398,16 +426,16 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
}
else {
#ifdef HAVE_ECC
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/ca-ecc-cert.pem",
if (wolfSSL_CTX_load_verify_locations(ctx, CA_ECC_CERT_PATH,
0) != WOLFSSL_SUCCESS) {
printf("Error loading ca-ecc-cert.pem cert\n");
printf("Error loading %s cert\n", CA_ECC_CERT_PATH);
#ifndef WOLFTPM_MFG_IDENTITY /* not fatal if using mfg identity */
goto exit;
#endif
}
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/wolf-ca-ecc-cert.pem",
if (wolfSSL_CTX_load_verify_locations(ctx, WOLF_CA_ECC_CERT_PATH,
0) != WOLFSSL_SUCCESS) {
printf("Error loading wolf-ca-ecc-cert.pem cert\n");
printf("Error loading %s cert\n", WOLF_CA_ECC_CERT_PATH);
goto exit;
}
#else
@ -461,14 +489,18 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
WOLFSSL_FILETYPE_ASN1);
#endif
#else
const char* useCert = "./certs/server-rsa-cert.pem";
const char* useCert = SERVER_RSA_CERT_PATH;
if (useSelfSign) {
useCert = "./certs/tpm-rsa-cert.pem";
useCert = TPM_RSA_CERT_PATH;
}
rc = wolfSSL_CTX_use_certificate_file(ctx, useCert, WOLFSSL_FILETYPE_PEM);
#endif
if (rc != WOLFSSL_SUCCESS) {
#ifndef NO_FILESYSTEM
printf("Error loading RSA client cert: %s\n", useCert);
#else
printf("Error loading RSA client cert\n");
#endif
goto exit;
}
#else
@ -496,14 +528,18 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
WOLFSSL_FILETYPE_ASN1);
#endif
#else
const char* useCert = "./certs/server-ecc-cert.pem";
const char* useCert = SERVER_ECC_CERT_PATH;
if (useSelfSign) {
useCert = "./certs/tpm-ecc-cert.pem";
useCert = TPM_ECC_CERT_PATH;
}
rc = wolfSSL_CTX_use_certificate_file(ctx, useCert, WOLFSSL_FILETYPE_PEM);
#endif
if (rc != WOLFSSL_SUCCESS) {
#ifndef NO_FILESYSTEM
printf("Error loading ECC client cert: %s\n", useCert);
#else
printf("Error loading ECC client cert\n");
#endif
goto exit;
}
#else
@ -649,7 +685,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
}
exit:
mStop = 0; /* Reset the stop flag for if example is compiled into a demo */
if (rc != 0) {
printf("Failure %d (0x%x): %s\n", rc, rc, wolfTPM2_GetRCString(rc));
}

26
examples/tpm_test.h
View File

@ -52,6 +52,19 @@
#define TPM2_DEMO_PCR_INDEX 16
#ifndef PEM_FILE_AK
#define PEM_FILE_AK "ak.pem"
#endif
#ifndef PEM_FILE_EK
#define PEM_FILE_EK "ek.pem"
#endif
#ifndef PEM_FILE_SRK
#define PEM_FILE_SRK "srk.pem"
#endif
#ifndef PEM_FILE_KEY
#define PEM_FILE_KEY "key.pem"
#endif
static const char gStorageKeyAuth[] = "ThisIsMyStorageKeyAuth";
static const char gAiKeyAuth[] = "ThisIsMyAiKeyAuth";
static const char gKeyAuth[] = "ThisIsMyKeyAuth";
@ -60,10 +73,10 @@ static const char gUsageAuth[] = "ThisIsASecretUsageAuth";
static const char gNvAuth[] = "ThisIsMyNvAuth";
static const char gXorAuth[] = "ThisIsMyXorAuth";
static const char pemFileAk[] = "ak.pem";
static const char pemFileEk[] = "ek.pem";
static const char pemFileSrk[] = "srk.pem";
static const char pemFileKey[] = "key.pem";
static const char pemFileAk[] = PEM_FILE_AK;
static const char pemFileEk[] = PEM_FILE_EK;
static const char pemFileSrk[] = PEM_FILE_SRK;
static const char pemFileKey[] = PEM_FILE_KEY;
/* Default Test PCR */
/* PCR16 is for DEBUG purposes, thus safe to use */
@ -100,6 +113,8 @@ static const char pemFileKey[] = "key.pem";
#include <time.h>
#elif defined(WOLFTPM_MICROCHIP_HARMONY)
#include "system/time/sys_time.h"
#elif defined(WOLFTPM_ZEPHYR)
#include <zephyr/kernel.h>
#else
#include <sys/time.h>
#endif
@ -119,6 +134,9 @@ static const char pemFileKey[] = "key.pem";
SYS_TIME_CounterSet(0);
return (double)(SYS_TIME_Counter64Get()) /
(double)SYS_TIME_FrequencyGet();
#elif defined(WOLFTPM_ZEPHYR)
(void)reset;
return (double)k_uptime_get() / 1000.0;
#else
struct timeval tv;
gettimeofday(&tv, 0);

14
examples/tpm_test_keys.c
View File

@ -40,8 +40,22 @@
#include <stdio.h>
#ifdef WOLFTPM_ZEPHYR
#include <zephyr/fs/fs.h>
#define XFILE struct fs_file_t*
/* Note: Other filesystem macros (XFOPEN, XFCLOSE etc) are already defined
* in wolfSSL's wc_port.h for Zephyr */
#else
#define XFILE FILE*
#endif
#ifndef RSA_FILENAME
#define RSA_FILENAME "rsa_test_blob.raw"
#endif
#ifndef ECC_FILENAME
#define ECC_FILENAME "ecc_test_blob.raw"
#endif
#ifndef WOLFTPM2_NO_WRAPPER

2
examples/wrap/caps.c
View File

@ -129,6 +129,8 @@ int TPM2_Wrapper_CapsArgs(void* userCtx, int argc, char *argv[])
/* Print the available PCR's */
TPM2_PCRs_Print();
printf("wolfTPM caps read successfully\n");
exit:
/* Only doShutdown=1: Just shutdown the TPM */
wolfTPM2_Reset(&dev, 1, 0);

2
examples/wrap/wrap_test.c
View File

@ -997,6 +997,8 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
if (rc != 0) goto exit;
#endif
printf("wolfTPM wrapper test completed successfully\n");
exit:
if (rc != 0) {

4
hal/tpm_io.c
View File

@ -73,6 +73,8 @@
#include "hal/tpm_io_microchip.c"
#elif defined(WOLFSSL_ESPIDF)
#include "hal/tpm_io_espressif.c"
#elif defined(WOLFSSL_ZEPHYR)
#include "hal/tpm_io_zephyr.c"
#endif
#if !defined(WOLFTPM_I2C) && !defined(WOLFTPM_MMIO)
@ -155,6 +157,8 @@ int TPM2_IoCb(TPM2_CTX* ctx, INT32 isRead, UINT32 addr,
#elif defined(WOLFTPM_MICROCHIP_HARMONY)
/* Use Microchip Harmony I2C */
ret = TPM2_IoCb_MicrochipHarmony_I2C(ctx, isRead, addr, buf, size, userCtx);
#elif defined(WOLFSSL_ZEPHYR)
ret = TPM2_IoCb_Zephyr_I2C(ctx, isRead, addr, buf, size, userCtx);
#else
/* TODO: Add your platform here for HW I2C interface */
printf("Add your platform here for HW I2C interface\n");

3
hal/tpm_io.h
View File

@ -92,6 +92,9 @@ WOLFTPM_LOCAL int TPM2_IoCb_Espressif_I2C(TPM2_CTX* ctx, int isRead, word32 addr
#elif defined(WOLFTPM_MICROCHIP_HARMONY)
WOLFTPM_LOCAL int TPM2_IoCb_MicrochipHarmony_I2C(TPM2_CTX* ctx, int isRead, word32 addr,
byte* buf, word16 size, void* userCtx);
#elif defined(WOLFSSL_ZEPHYR)
WOLFTPM_LOCAL int TPM2_IoCb_Zephyr_I2C(TPM2_CTX* ctx, int isRead, word32 addr,
byte* buf, word16 size, void* userCtx);
#endif /* __linux__ */
#else /* SPI */

186
hal/tpm_io_zephyr.c 100644
View File

@ -0,0 +1,186 @@
/* tpm_io_zephyr.c
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfTPM.
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
/* This example shows IO interfaces for Zephyr-based micro-controllers
* using Zephyr's kernel and drivers
*/
/*****************************************************************************/
/* --- BEGIN IO Callback Logic -- */
/*****************************************************************************/
/* Included via tpm_io.c if WOLFTPM_INCLUDE_IO_FILE is defined */
#ifdef WOLFTPM_INCLUDE_IO_FILE
#ifdef WOLFTPM_ZEPHYR
/* Zephyr Includes Start */
#include <zephyr/kernel.h>
#include <zephyr/sys/printk.h>
#include <zephyr/drivers/i2c.h>
/* Zephyr Includes End */
#ifdef WOLFTPM_I2C
/* Zephyr Configurations */
/* I2C master clock frequency */
/* Zephyr DTSI Defines this as I2C_BITRATE_STANDARD */
/* This means we have a clock rate of 100 khz */
/* Infineon 9673 I2C at 0x2e */
#define TPM2_INFINEON_9673_ADDR 0x2e
#if defined(WOLFTPM_I2C_CUST_ADDR)
#define TPM2_I2C_ADDR WOLFTPM_I2C_CUST_ADDR
#elif defined(WOLFTPM_SLB9673)
#define TPM2_I2C_ADDR TPM2_INFINEON_9673_ADDR
#else
#error Set WOLFTPM_I2C_CUST_ADDR to i2c device ID or use supported device
#endif
/* Set to slowest speed supported in zephyr */
#if !defined(WOLFTPM_ZEPHYR_I2C_SPEED)
#warning WOLFTPM_ZEPHYR_I2C_SPEED set to slowest Zephyr supports
#define WOLFTPM_ZEPHYR_I2C_SPEED I2C_SPEED_STANDARD
#endif
#if !defined(WOLFTPM_ZEPHYR_I2C_BUS)
#error Set WOLFTPM_ZEPHYR_I2C_BUS to devicetree node label for i2c bus
#endif
/* Init to False */
static int _is_initialized_i2c = 0;
/* Grab pointer from device tree label */
const struct device *i2c_dev = \
DEVICE_DT_GET(DT_NODELABEL(WOLFTPM_ZEPHYR_I2C_BUS));
/* Setup the i2c tmp device */
/* Pass in pointer to the target */
int TPM2_I2C_Zephyr_Init(void)
{
int ret = 0;
uint32_t config = 0;
config = I2C_MODE_CONTROLLER | I2C_SPEED_SET(WOLFTPM_ZEPHYR_I2C_SPEED);
ret = i2c_configure(i2c_dev, config);
return ret;
}
int TPM2_IoCb_Zephyr_I2C(TPM2_CTX* ctx, int isRead, word32 addr,
byte* buf, word16 size, void* userCtx)
{
int ret = 0;
byte* tempBuf = NULL;
if (buf == NULL) {
printf("Buffer passed is NULL");
return -1;
}
if (i2c_dev == NULL) {
printf("I2C device not found in Device Tree!\n");
return -1;
}
/* Confirm i2c bus is ready */
if (!device_is_ready(i2c_dev)) {
printf("Device is not ready");
return -1;
}
if (userCtx == NULL) {
//printf("UserCtx Cannot be NULL\n");
}
/* Init Zephyr I2C Driver */
if (_is_initialized_i2c == 0) {
if (TPM2_I2C_Zephyr_Init() != 0) {
printf("Could Not Init\n");
return -1;
}
_is_initialized_i2c = 1;
}
if (isRead) {
tempBuf = (byte*)XMALLOC(1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tempBuf == NULL) {
printf("Failed to allocate temp buffer\n");
}
tempBuf[0] = (byte)(addr & 0xFF);
// Read operation: First send register address, then read data
ret = i2c_write_read(i2c_dev, TPM2_I2C_ADDR, tempBuf, 1, buf, size);
if (ret < 0) {
printf("Failed to read from TPM at register 0x%02X! Error: %d\n", addr, ret);
}
XFREE(tempBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
else {
// Write operation: Register address + Data
tempBuf = (byte*)XMALLOC(size + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (tempBuf == NULL) {
printf("Failed to allocate temp buffer\n");
}
tempBuf[0] = (byte)(addr & 0xFF);
XMEMCPY((tempBuf + 1), buf, size);
ret = i2c_write(i2c_dev, tempBuf, size + 1, TPM2_I2C_ADDR);
if (ret < 0) {
printf("Failed to write to TPM at register 0x%02X! Error: %d\n", addr, ret);
}
XFREE(tempBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
if (ret != 0) {
printf("Could not perform operation: %d\n", ret);
if (ret == -EIO) {
printf("Input/Output Error\n");
}
}
(void)ctx;
return ret;
}
#else /* If not I2C, it must be SPI */
/* TODO implement SPI */
#error TPM2 SPI support on zephyr yet
#endif
#endif /* WOLFSSL_ZEPHYR */
#endif /* WOLFTPM_INCLUDE_IO_FILE */
/******************************************************************************/
/* --- END IO Callback Logic -- */
/******************************************************************************/

54
src/tpm2_swtpm.c
View File

@ -43,7 +43,12 @@
#include <wolftpm/tpm2_swtpm.h>
#include <wolftpm/tpm2_packet.h>
#ifdef WOLFTPM_ZEPHYR
#include <zephyr/posix/unistd.h>
#include <zephyr/net/socket.h>
#elif defined(HAVE_UNISTD_H)
#include <unistd.h>
#endif
#include <errno.h>
#include <string.h>
#include <stdio.h>
@ -126,10 +131,54 @@ static TPM_RC SwTpmReceive(TPM2_CTX* ctx, void* buffer, size_t rxSz)
static TPM_RC SwTpmConnect(TPM2_CTX* ctx, const char* host, const char* port)
{
TPM_RC rc = TPM_RC_FAILURE;
int s;
int fd = -1;
/* Zephyr doesnt support getaddrinfo;
* so we need to use Zephyr's socket API
*/
#ifdef WOLFTPM_ZEPHYR
struct zsock_addrinfo hints;
struct zsock_addrinfo *result, *rp;
if (ctx == NULL) {
return BAD_FUNC_ARG;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
s = zsock_getaddrinfo(host, port, &hints, &result);
if (s != 0) {
// Handle error
return rc;
}
for (rp = result; rp != NULL; rp = rp->ai_next) {
fd = zsock_socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
if (fd < 0)
continue;
if (zsock_connect(fd, rp->ai_addr, rp->ai_addrlen) < 0) {
zsock_close(fd);
} else {
break;
}
}
zsock_freeaddrinfo(result);
if (rp != NULL) {
ctx->tcpCtx.fd = fd;
rc = TPM_RC_SUCCESS;
}
#ifdef DEBUG_WOLFTPM
else {
printf("Failed to connect to %s %s\n", host, port);
}
#endif
#else /* !WOLFTPM_ZEPHYR */
struct addrinfo hints;
struct addrinfo *result, *rp;
int s;
int fd;
if (ctx == NULL) {
return BAD_FUNC_ARG;
@ -167,6 +216,7 @@ static TPM_RC SwTpmConnect(TPM2_CTX* ctx, const char* host, const char* port)
printf("Failed to connect to %s %s\n", host, port);
}
#endif
#endif /* WOLFTPM_ZEPHYR */
return rc;
}

4
wolftpm/tpm2_socket.h
View File

@ -36,6 +36,10 @@
/* TODO: HACKY for win32 */
#undef SOCKET_INVALID
#define SOCKET_INVALID 0xFFFFFFFF
#elif defined(WOLFTPM_ZEPHYR)
#include <zephyr/net/socket.h>
#define SOCKET_T int
#else
#include <sys/types.h>
#include <sys/socket.h>

18
wolftpm/tpm2_types.h
View File

@ -263,8 +263,12 @@ typedef int64_t INT64;
#define XFEOF feof
#endif
#ifndef XREWIND /* used in tpm_test_keys.c */
#ifdef XFREWIND
#define XREWIND XFREWIND
#else
#define XREWIND rewind
#endif
#endif
/* enable way for customer to override printf */
#ifdef XPRINTF
@ -475,11 +479,10 @@ typedef int64_t INT64;
/* sleep helper, used in firmware update */
#ifndef XSLEEP_MS
#ifdef WIN32
#include <windows.h>
#define XSLEEP_MS(ms) Sleep(ms)
#elif defined(FREERTOS)
#define XSLEEP_MS(ms) vTaskDelay(ms)
#if defined(WOLFTPM_ZEPHYR)
/* For Zephyr, use k_sleep() instead of usleep() */
#include <zephyr/kernel.h>
#define XSLEEP_MS(ms) k_msleep(ms)
#elif defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 199309L
#include <time.h>
#define XSLEEP_MS(ms) ({ \
@ -488,6 +491,11 @@ typedef int64_t INT64;
ts.tv_nsec = (ms % 1000) * 1000000; \
nanosleep(&ts, NULL); \
})
#elif defined(WIN32)
#include <windows.h>
#define XSLEEP_MS(ms) Sleep(ms)
#elif defined(FREERTOS)
#define XSLEEP_MS(ms) vTaskDelay(ms)
#else
#include <unistd.h>
#define XSLEEP_MS(ms) ({ \

17
zephyr/CMakeLists.txt 100644
View File

@ -0,0 +1,17 @@
if(CONFIG_WOLFTPM)
zephyr_include_directories(${ZEPHYR_CURRENT_MODULE_DIR})
zephyr_include_directories(${ZEPHYR_CURRENT_MODULE_DIR}/zephyr)
zephyr_library_include_directories(${ZEPHYR_CURRENT_MODULE_DIR})
FILE(GLOB wolftpm_sources
${ZEPHYR_CURRENT_MODULE_DIR}/src/*.c
${ZEPHYR_CURRENT_MODULE_DIR}/hal/*.c
)
target_sources(app PRIVATE ${wolftpm_sources})
if(CONFIG_WOLFTPM_DEBUG)
target_compile_definitions(app PUBLIC DEBUG_WOLFTPM)
endif()
target_compile_definitions(app PUBLIC WOLFTPM_ZEPHYR)
endif()

27
zephyr/Kconfig 100644
View File

@ -0,0 +1,27 @@
menuconfig WOLFTPM
bool "wolfTPM module support"
select WOLFSSL
if WOLFTPM
config WOLFTPM_DEBUG
bool "wolfTPM debug activation"
help
Enable debugging activation for wolfTPM.
config WOLFTPM_I2C
bool "wolfTPM I2C support"
help
Enables the I2C HAL and Advanced IO
config WOLFTPM_SPI
bool "wolfTPM SPI support"
help
Enables the SPI HAL (default)
config ZEPHYR_WOLFTPM_MODULE
bool
depends on WOLFTPM
endif
# Add relevant macros for tpm

82
zephyr/README.md 100644
View File

@ -0,0 +1,82 @@
Zephyr Project Port
===================
## Overview
This port is for the Zephyr RTOS Project, available [here](https://www.zephyrproject.org/).
It provides the following zephyr code.
- modules/lib/wolftpm
- wolfTPM library code
- modules/lib/wolftpm/zephyr/
- Configuration and CMake files for wolfTPM as a Zephyr module
- modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_caps
- wolfTPM test application
- modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_test
- wolfTPM test application
## How to setup as a Zephyr Module
Follow the [instructions](https://docs.zephyrproject.org/latest/develop/getting_started/index.html) to setup a zephyr project.
### Modify your project's west manifest
Add wolfTPM as a project to your west.yml:
```
manifest:
remotes:
# <your other remotes>
- name: wolftpm
url-base: https://github.com/wolfssl
projects:
# <your other projects>
- name: wolftpm
path: modules/lib/wolftpm
revision: master
remote: wolftpm
```
Note: wolfTPM has dependencies with wolfSSL so you need to also need to add wolfSSL into the west.yml like shown above.
Update west's modules:
```bash
west update
```
Now west recognizes 'wolftpm' as a module, and will include it's Kconfig and
CMakeFiles.txt in the build system.
## Build and Run Tests
### Build and Run wolfTPM wrap Test Application
If you want to run build apps without running `west zephyr-export` then it is
possible by setting the `CMAKE_PREFIX_PATH` variable to the location of the
zephyr sdk and building from the `zephyr` directory. For example:
```
CMAKE_PREFIX_PATH=/path/to/zephyr-sdk-<VERSION> west build -p always -b qemu_x86 ../modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_test/
```
build and execute `wolftpm_wrap_test`
```
cd [zephyrproject]
west build -p auto -b qemu_x86 modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_test
west build -t run
```
### Build and Run wolfTPM wrap Capabilities Application
build and execute `wolftpm_wrap_caps`
```
cd [zephyrproject]
west build -p auto -b qemu_x86 modules/lib/wolftpm/zephyr/samples/wolftpm_wrap_caps
west build -t run
```

15
zephyr/include.am 100644
View File

@ -0,0 +1,15 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST+= zephyr/CMakeLists.txt
EXTRA_DIST+= zephyr/Kconfig
EXTRA_DIST+= zephyr/module.yml
EXTRA_DIST+= zephyr/README.md
EXTRA_DIST+= zephyr/user_settings.h
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_caps/CMakeLists.txt
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_caps/prj.conf
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_caps/sample.yaml
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_test/CMakeLists.txt
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_test/prj.conf
EXTRA_DIST+= zephyr/samples/wolftpm_wrap_test/sample.yaml

6
zephyr/module.yml 100644
View File

@ -0,0 +1,6 @@
name: wolftpm
build:
cmake: zephyr
kconfig: zephyr/Kconfig
depends:
- wolfssl

24
zephyr/samples/wolftpm_wrap_caps/CMakeLists.txt 100644
View File

@ -0,0 +1,24 @@
cmake_minimum_required(VERSION 3.13.1)
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(wolftpm_wrap_caps)
# Include source code for wrap test
target_sources(app PRIVATE ${ZEPHYR_WOLFTPM_MODULE_DIR}/examples/wrap/caps.c)
target_sources(app PRIVATE ${app_sources})
# Include header files
target_include_directories(app PRIVATE
${ZEPHYR_BASE}/include
${ZEPHYR_BASE}/include/zephyr
${ZEPHYR_WOLFTPM_MODULE_DIR}/zephyr
${ZEPHYR_WOLFTPM_MODULE_DIR}/hal
${ZEPHYR_WOLFTPM_MODULE_DIR}/tests
${ZEPHYR_WOLFTPM_MODULE_DIR}/wolftpm
${ZEPHYR_WOLFTPM_MODULE_DIR}/examples/wrap
${ZEPHYR_WOLFTPM_MODULE_DIR}/examples
${ZEPHYR_WOLFTPM_MODULE_DIR}
)
add_definitions(-DWOLFSSL_ZEPHYR)
add_definitions(-DWOLFSSL_USER_SETTINGS)
add_definitions(-DWOLFTPM_USER_SETTINGS)

45
zephyr/samples/wolftpm_wrap_caps/prj.conf 100644
View File

@ -0,0 +1,45 @@
# Configure stack and heap sizes
CONFIG_MAIN_STACK_SIZE=32768
CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
# Include wolfTPM config
CONFIG_WOLFTPM=y
CONFIG_WOLFTPM_I2C=n
CONFIG_WOLFTPM_SPI=n
# POSIX file operations
CONFIG_POSIX_API=y
CONFIG_POSIX_FS=n
# Pthreads
CONFIG_PTHREAD_IPC=y
# Clock for time()
CONFIG_POSIX_CLOCK=y
# TLS configuration
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
# Floating Point
CONFIG_FPU=y
# Networking configuration
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
# Logging
CONFIG_PRINTK=y
CONFIG_CBPRINTF_LIBC_SUBSTS=y
CONFIG_CBPRINTF_FP_SUPPORT=y
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_LOG_BUFFER_SIZE=15360
CONFIG_LOG_MODE_IMMEDIATE=y
#CONFIG_WOLFSSL_DEBUG=y
# Entropy
CONFIG_TEST_RANDOM_GENERATOR=y
CONFIG_ENTROPY_GENERATOR=y
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y

15
zephyr/samples/wolftpm_wrap_caps/sample.yaml 100644
View File

@ -0,0 +1,15 @@
sample:
description: wolfTPM wrap caps
name: wolfTPM wrap caps
common:
harness: console
harness_config:
type: one_line
regex:
- "wolfTPM caps read successfully"
tests:
sample.lib.wolftpm_wrap_caps:
timeout: 200
platform_allow: qemu_x86
integration_platforms:
- qemu_x86

24
zephyr/samples/wolftpm_wrap_test/CMakeLists.txt 100644
View File

@ -0,0 +1,24 @@
cmake_minimum_required(VERSION 3.13.1)
find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE})
project(wolftpm_wrap_test)
# Include source code for wrap test
target_sources(app PRIVATE ${ZEPHYR_WOLFTPM_MODULE_DIR}/examples/wrap/wrap_test.c)
target_sources(app PRIVATE ${app_sources})
# Include header files
target_include_directories(app PRIVATE
${ZEPHYR_BASE}/include
${ZEPHYR_BASE}/include/zephyr
${ZEPHYR_WOLFTPM_MODULE_DIR}/zephyr
${ZEPHYR_WOLFTPM_MODULE_DIR}/hal
${ZEPHYR_WOLFTPM_MODULE_DIR}/tests
${ZEPHYR_WOLFTPM_MODULE_DIR}/wolftpm
${ZEPHYR_WOLFTPM_MODULE_DIR}/examples/wrap
${ZEPHYR_WOLFTPM_MODULE_DIR}/examples
${ZEPHYR_WOLFTPM_MODULE_DIR}
)
add_definitions(-DWOLFSSL_ZEPHYR)
add_definitions(-DWOLFSSL_USER_SETTINGS)
add_definitions(-DWOLFTPM_USER_SETTINGS)

45
zephyr/samples/wolftpm_wrap_test/prj.conf 100644
View File

@ -0,0 +1,45 @@
# Configure stack and heap sizes
CONFIG_MAIN_STACK_SIZE=32768
CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192
# Include wolfTPM config
CONFIG_WOLFTPM=y
CONFIG_WOLFTPM_I2C=n
CONFIG_WOLFTPM_SPI=n
# POSIX file operations
CONFIG_POSIX_API=y
CONFIG_POSIX_FS=n
# Pthreads
CONFIG_PTHREAD_IPC=y
# Clock for time()
CONFIG_POSIX_CLOCK=y
# TLS configuration
CONFIG_WOLFSSL=y
CONFIG_WOLFSSL_BUILTIN=y
# Floating Point
CONFIG_FPU=y
# Networking configuration
CONFIG_NETWORKING=y
CONFIG_NET_SOCKETS=y
# Logging
CONFIG_PRINTK=y
CONFIG_CBPRINTF_LIBC_SUBSTS=y
CONFIG_CBPRINTF_FP_SUPPORT=y
CONFIG_CONSOLE=y
CONFIG_LOG=y
CONFIG_LOG_BACKEND_UART=y
CONFIG_LOG_BUFFER_SIZE=15360
CONFIG_LOG_MODE_IMMEDIATE=y
#CONFIG_WOLFSSL_DEBUG=y
# Entropy
CONFIG_TEST_RANDOM_GENERATOR=y
CONFIG_ENTROPY_GENERATOR=y
CONFIG_ENTROPY_DEVICE_RANDOM_GENERATOR=y

15
zephyr/samples/wolftpm_wrap_test/sample.yaml 100644
View File

@ -0,0 +1,15 @@
sample:
description: wolfTPM wrap test
name: wolfTPM wrap test
common:
harness: console
harness_config:
type: one_line
regex:
- "wolfTPM wrapper test completed successfully"
tests:
sample.lib.wolftpm_wrap_test:
timeout: 200
platform_allow: qemu_x86
integration_platforms:
- qemu_x86

218
zephyr/user_settings.h 100644
View File

@ -0,0 +1,218 @@
/* user_settings.h
*
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfTPM.
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef _ZEPHYR_USER_SETTINGS_H_
#define _ZEPHYR_USER_SETTINGS_H_
#ifdef __cplusplus
extern "C" {
#endif
/* -- WOLFTPM ZEPHYR SETTINGS -- */
#undef WOLFTPM_USER_SETTINGS
#define WOLFTPM_USER_SETTINGS
#undef WOLFTPM_EXAMPLE_HAL
#define WOLFTPM_EXAMPLE_HAL
#undef WOLFTPM_ZEPHYR
#define WOLFTPM_ZEPHYR
/* -- WOLFSSL SETTINGS -- */
#undef WOLFSSL_USER_SETTINGS
#define WOLFSSL_USER_SETTINGS
#ifdef CONFIG_WOLFTPM_I2C
#define WOLFTPM_I2C
#define WOLFTPM_ADV_IO
//#define WOLFTPM_ZEPHYR_I2C_BUS flexcomm3_lpi2c3
//#define WOLFTPM_ZEPHYR_I2C_SPEED I2C_SPEED_STANDARD /* I2C_SPEED_FAST */
#elif defined(CONFIG_WOLFTPM_SPI)
/* default */
#else
#undef WOLFTPM_SWTPM
#define WOLFTPM_SWTPM
#endif
#undef WOLF_CRYPTO_CB
#define WOLF_CRYPTO_CB
#undef WOLFSSL_AES_CFB
#define WOLFSSL_AES_CFB
/* -- WOLFTPM SETTINGS -- */
/* enable for low resource options */
#if 0
#define USE_LOW_RESOURCE
#endif
#ifdef USE_LOW_RESOURCE
/* wolfCrypt only (no SSL/TLS) */
#define WOLFCRYPT_ONLY
#else
/* wolfTPM with TLS example (v1.3 only) */
#define WOLFSSL_TLS13
#define WOLFSSL_NO_TLS12
#define NO_OLD_TLS
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_SERVER_RENEGOTIATION_INFO
#define HAVE_ENCRYPT_THEN_MAC
#define HAVE_HKDF
#define WC_RSA_PSS
#define WOLFSSL_PSS_LONG_SALT
#endif
/* No threading or file system */
#define SINGLE_THREADED
#ifdef USE_LOW_RESOURCE
/* Single Precision math for RSA 2048 only (small) */
#define WOLFSSL_HAVE_SP_RSA
#define WOLFSSL_SP_MATH
#define WOLFSSL_SP_SMALL
#define WOLFSSL_SP_NO_3072 /* 2048-only */
#else
/* Enable SP math all (sp_int.c) with multi-precision support */
#define WOLFSSL_SP_MATH_ALL
#endif
/* Enable hardening (timing resistance) */
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
/* Enable PRNG (SHA2-256) */
#ifdef USE_LOW_RESOURCE
/* use TPM TRNG */
#define WC_NO_HASHDRBG
#else
#define HAVE_HASHDRBG
#endif
/* Asymmetric */
#if 1 /* RSA - needed to encrypt salt */
#undef NO_RSA
#ifdef USE_LOW_RESOURCE
#define WOLFSSL_RSA_PUBLIC_ONLY
#define WOLFSSL_RSA_VERIFY_INLINE
#define NO_CHECK_PRIVATE_KEY
#endif
#else
#define NO_RSA
#endif
#if 1 /* ECC - needed for encrypt ECC salt */
#define HAVE_ECC
#define ECC_USER_CURVES /* default to only SECP256R1 */
#endif
#ifndef USE_LOW_RESOURCE /* DH */
#undef NO_DH
#define HAVE_FFDHE_2048
#define HAVE_DH_DEFAULT_PARAMS
#else
#define NO_DH
#endif
/* Symmetric Hash */
#undef NO_SHA
#undef NO_SHA256
#ifndef USE_LOW_RESOURCE
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#endif
/* Symmetric Cipher */
#define WOLFSSL_AES_CFB
#define HAVE_AES_DECRYPT
#ifndef USE_LOW_RESOURCE
#define HAVE_AES_KEYWRAP
#define WOLFSSL_AES_DIRECT
#define HAVE_AESGCM
#define GCM_TABLE_4BIT
#else
#define NO_AES_CBC
#endif
#if 0 /* ChaCha20 / Poly1305 */
#define HAVE_POLY1305
#define HAVE_CHACHA
#endif
/* Features */
#define WOLFSSL_ASN_TEMPLATE
#define WOLFSSL_USER_IO /* user recv/send callbacks for network IO */
#ifndef USE_LOW_RESOURCE
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_REQ
#define WOLFSSL_CERT_EXT
#define HAVE_PKCS7
#define HAVE_X963_KDF
#define WOLFSSL_BASE64_ENCODE
#endif
/* Disables */
#define NO_PKCS8
#define NO_PKCS12
#define NO_PWDBASED
#define NO_DSA
#define NO_DES3
#define NO_RC4
#define NO_PSK
#define NO_MD4
#define NO_MD5
#define WOLFSSL_NO_SHAKE128
#define WOLFSSL_NO_SHAKE256
#define NO_WRITEV
/* Low Resource Options */
#ifdef USE_LOW_RESOURCE
#define NO_FILESYSTEM /* File system disable */
#define NO_ERROR_STRINGS
#define WOLFSSL_NO_ASM
#define TFM_NO_ASM
#define NO_WOLFSSL_MEMORY
#define NO_SESSION_CACHE
#define RSA_LOW_MEM
#define WOLFSSL_AES_SMALL_TABLES
#define WOLFSSL_AES_NO_UNROLL
#define GCM_SMALL
#undef GCM_TABLE_4BIT
#define NO_AES_192
#define NO_AES_256
#define USE_SLOW_SHA
#define USE_SLOW_SHA256
#define USE_SLOW_SHA512
#define NO_SIG_WRAPPER
#define NO_ASN_TIME
#define NO_CODING
#define NO_BIG_INT
#endif
#ifdef __cplusplus
}
#endif
#endif /* _ZEPHYR_USER_SETTINGS_H_ */