Skip to content

Commit

Permalink
Merge pull request wolfSSL#348 from jpbland1/nvm-encrypt-configs
Browse files Browse the repository at this point in the history 
add configs for more NVM_FLASH_WRITEONCE combinations and fix powerfail problems
  • Loading branch information
@dgarske
dgarske authored Aug 21, 2023
2 parents 9fc9f05 + 131df54 commit 053b1ba
Show file tree
Hide file tree
Showing 4 changed files with 174 additions and 10 deletions.
66 changes: 66 additions & 0 deletions .github/workflows/test-powerfail-simulator.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -314,3 +314,69 @@ jobs:
- name: Run update-revert test with power failures (AES128 NVM_WRITEONCE)
run: |
tools/scripts/sim-update-powerfail-resume.sh
# TEST with encryption (aes128) and NVM_WRITEONCE and FLAGS_HOME

- name: make clean
run: |
make keysclean && make -C tools/keytools clean && rm -f include/target.h
- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-nvm-writeonce-flags-home-update.config .config
- name: Build key tools
run: |
make -C tools/keytools
- name: Build bin assemble
run: |
make -C tools/bin-assemble
- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run sunny day update test (AES128 NVM_WRITEONCE FLAGS_HOME)
run: |
tools/scripts/sim-sunnyday-update.sh
- name: Rebuild wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run update-revert test (AES128 NVM_WRITEONCE FLAGS_HOME)
run: |
tools/scripts/sim-update-fallback.sh
- name: Rebuild wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run update-revert test with power failures (AES128 NVM_WRITEONCE FLAGS_HOME)
run: |
tools/scripts/sim-update-powerfail-resume.sh
# TEST with encryption (aes128) and NVM_WRITEONCE and FLAGS_HOME and FLAGS_INVERT

- name: make clean
run: |
make keysclean && make -C tools/keytools clean && rm -f include/target.h
- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-nvm-writeonce-flags-home-invert-update.config .config
- name: Build key tools
run: |
make -C tools/keytools
- name: Build bin assemble
run: |
make -C tools/bin-assemble
- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run sunny day update test (AES128 NVM_WRITEONCE FLAGS_HOME FLAGS_INVERT)
run: |
tools/scripts/sim-sunnyday-update.sh
- name: Rebuild wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run update-revert test (AES128 NVM_WRITEONCE FLAGS_HOME FLAGS_INVERT)
run: |
tools/scripts/sim-update-fallback.sh
- name: Rebuild wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
- name: Run update-revert test with power failures (AES128 NVM_WRITEONCE FLAGS_HOME FLAGS_INVERT)
run: |
tools/scripts/sim-update-powerfail-resume.sh
24 changes: 24 additions & 0 deletions config/examples/sim-encrypt-nvm-writeonce-flags-home-invert-update.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
ARCH=sim
TARGET=sim
SIGN?=ED25519
HASH?=SHA256
WOLFBOOT_SMALL_STACK=1
SPI_FLASH=0
EXT_FLASH=1
ENCRYPT=1
ENCRYPT_WITH_AES128=1
DEBUG=1
# it should be multiple of system page size
NVM_FLASH_WRITEONCE=1
FLAGS_HOME=1
ALLOW_DOWNGRADE?=0
FLAGS_INVERT?=1
FILL_BYTE?=0x00
WOLFBOOT_PARTITION_SIZE=0x40000
WOLFBOOT_SECTOR_SIZE=0x1000
WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
# if on external flash, it should be multiple of system page size
WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000
WOLFBOOT_PARTITION_SWAP_ADDRESS=0x40000
# required for keytools
WOLFBOOT_FIXED_PARTITIONS=1
21 changes: 21 additions & 0 deletions config/examples/sim-encrypt-nvm-writeonce-flags-home-update.config
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
ARCH=sim
TARGET=sim
SIGN?=ED25519
HASH?=SHA256
WOLFBOOT_SMALL_STACK=1
SPI_FLASH=0
EXT_FLASH=1
ENCRYPT=1
ENCRYPT_WITH_AES128=1
DEBUG=1
# it should be multiple of system page size
NVM_FLASH_WRITEONCE=1
FLAGS_HOME=1
WOLFBOOT_PARTITION_SIZE=0x40000
WOLFBOOT_SECTOR_SIZE=0x1000
WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
# if on external flash, it should be multiple of system page size
WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000
WOLFBOOT_PARTITION_SWAP_ADDRESS=0x40000
# required for keytools
WOLFBOOT_FIXED_PARTITIONS=1
73 changes: 63 additions & 10 deletions src/libwolfboot.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -166,17 +166,55 @@ static uint8_t get_base_offset(uint8_t *base, uintptr_t off)
#pragma GCC diagnostic pop
#endif

static int nvm_select_fresh_sector(int part)
static int RAMFUNCTION nvm_select_fresh_sector(int part)
{
int sel;
uintptr_t off;
uint8_t *base;
uint8_t *addr_align;
uint8_t* addrErase;

if (part == PART_BOOT)
/* if FLAGS_HOME check both boot and update for changes */
#ifdef FLAGS_HOME
base = (uint8_t *)PART_BOOT_ENDFLAGS;
addrErase = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS +
WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE;
#else
if (part == PART_BOOT) {
base = (uint8_t *)PART_BOOT_ENDFLAGS;
else
addrErase = (uint8_t *)WOLFBOOT_PARTITION_BOOT_ADDRESS +
WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE;
}
else {
base = (uint8_t *)PART_UPDATE_ENDFLAGS;
addrErase = (uint8_t *)WOLFBOOT_PARTITION_UPDATE_ADDRESS +
WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE;
}
#endif

#ifdef EXT_ENCRYPTED
uint32_t word_0;
uint32_t word_1;
#ifndef FLAGS_HOME
if (part == PART_BOOT)
#endif
{
word_0 = *((uint32_t *)(ENCRYPT_TMP_SECRET_OFFSET +
WOLFBOOT_PARTITION_BOOT_ADDRESS));
word_1 = *((uint32_t *)(ENCRYPT_TMP_SECRET_OFFSET +
WOLFBOOT_PARTITION_BOOT_ADDRESS - WOLFBOOT_SECTOR_SIZE));

if (word_0 == FLASH_WORD_ERASED && word_1 !=
FLASH_WORD_ERASED) {
sel = 1;
goto finish;
}
else if (word_0 != FLASH_WORD_ERASED && word_1 ==
FLASH_WORD_ERASED) {
sel = 0;
goto finish;
}
}
#endif

/* Default to last sector if no match is found */
sel = 0;
Expand All @@ -195,8 +233,15 @@ static int nvm_select_fresh_sector(int part)
break;
}
else if ((byte_0 == FLASH_BYTE_ERASED) &&
(byte_1 == FLASH_BYTE_ERASED))
{
(byte_1 == FLASH_BYTE_ERASED)) {
#ifdef FLAGS_HOME
/* if we're still checking boot flags, check update flags */
if (base - off > (uint8_t*)PART_UPDATE_ENDFLAGS) {
base = (uint8_t *)PART_UPDATE_ENDFLAGS;
off = 0;
continue;
}
#endif
/* First time boot? Assume no pending update */
if (off == 1) {
sel=0;
Expand All @@ -210,12 +255,12 @@ static int nvm_select_fresh_sector(int part)
break;
}
}
finish:
/* Erase the non-selected partition */
addr_align = (uint8_t *)((((uintptr_t)base - ((1 + (!sel)) * WOLFBOOT_SECTOR_SIZE)))
& ((~(NVM_CACHE_SIZE - 1))));
if (*((uint32_t*)(addr_align + WOLFBOOT_SECTOR_SIZE - sizeof(uint32_t)))
addrErase -= WOLFBOOT_SECTOR_SIZE * (!sel);
if (*((uint32_t*)(addrErase + WOLFBOOT_SECTOR_SIZE - sizeof(uint32_t)))
!= FLASH_WORD_ERASED) {
hal_flash_erase((uintptr_t)addr_align, WOLFBOOT_SECTOR_SIZE);
hal_flash_erase((uintptr_t)addrErase, WOLFBOOT_SECTOR_SIZE);
}
return sel;
}
Expand Down Expand Up @@ -1090,6 +1135,10 @@ int RAMFUNCTION chacha_init(void)
uint8_t ff[ENCRYPT_KEY_SIZE];
uint8_t* stored_nonce;

#ifdef NVM_FLASH_WRITEONCE
key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
#endif

stored_nonce = key + ENCRYPT_KEY_SIZE;

XMEMSET(&chacha, 0, sizeof(chacha));
Expand Down Expand Up @@ -1125,6 +1174,10 @@ int aes_init(void)
uint8_t iv_buf[ENCRYPT_NONCE_SIZE];
uint8_t* stored_nonce;

#ifdef NVM_FLASH_WRITEONCE
key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
#endif

stored_nonce = key + ENCRYPT_KEY_SIZE;

XMEMSET(&aes_enc, 0, sizeof(aes_enc));
Expand Down

0 comments on commit 053b1ba

Please sign in to comment.