Merge pull request wolfSSL#330 from danielinux/stage1_verify

x86 Stage1: add verification of components
philljj · Aug 10, 2023 · db032d1 · db032d1
2 parents 727fc12 + 051bbcc
commit db032d1
Show file tree

Hide file tree

Showing 18 changed files with 363 additions and 60 deletions.
diff --git a/Makefile b/Makefile
@@ -230,7 +230,8 @@ $(LSCRIPT): $(LSCRIPT_IN) FORCE
 		sed -e "s/@WOLFBOOT_STAGE1_FLASH_ADDR@/$(WOLFBOOT_STAGE1_FLASH_ADDR)/g" | \
 		sed -e "s/@WOLFBOOT_STAGE1_BASE_ADDR@/$(WOLFBOOT_STAGE1_BASE_ADDR)/g" | \
 		sed -e "s/@WOLFBOOT_LOAD_BASE@/$(WOLFBOOT_LOAD_BASE)/g" | \
-		sed -e "s/@BOOTLOADER_START@/$(BOOTLOADER_START)/g" \
+		sed -e "s/@BOOTLOADER_START@/$(BOOTLOADER_START)/g" | \
+		sed -e "s/@IMAGE_HEADER_SIZE@/$(IMAGE_HEADER_SIZE)/g" \
 		> $@
 
 hex: wolfboot.hex

diff --git a/arch.mk b/arch.mk
@@ -489,7 +489,9 @@ ifeq ("${FSP}", "1")
               --defsym wb_start_bss=`grep _start_bss ../wolfboot.map | awk '{print $$1}'` \
               --defsym wb_end_bss=`grep _end_bss ../wolfboot.map | awk '{print $$1}'` \
               --defsym _stage2_params=`grep _stage2_params ../wolfboot.map | awk '{print $$1}'`
-    LDFLAGS +=  --no-gc-sections --print-gc-sections -T $(LSCRIPT) -m elf_i386  -Map=loader.map
+    LDFLAGS +=  --no-gc-sections --print-gc-sections -T $(LSCRIPT) -m elf_i386  -Map=loader_stage1.map
+    CFLAGS+=-DFSP_M_LOAD_BASE=$(FSP_M_LOAD_BASE)
+    CFLAGS+=-DFSP_S_LOAD_BASE=$(FSP_S_LOAD_BASE)
     OBJS += src/boot_x86_fsp.o
     OBJS += src/boot_x86_fsp_start.o
     OBJS += src/fsp_m.o
@@ -501,12 +503,24 @@ ifeq ("${FSP}", "1")
     OBJS += src/pci.o
     OBJS += hal/x86_uart.o
     OBJS += src/string.o
+    ifeq ($(filter-out $(STAGE1_AUTH),1),)
+      OBJS += src/libwolfboot.o
+      OBJS += src/image.o
+      OBJS += src/keystore.o
+      OBJS += src/sig_wolfboot_raw.o
+      OBJS += src/sig_fsp_s.o
+      ifeq ($(TARGET), kontron_vx3060_s2)
+        OBJS += hal/kontron_vx3060_s2_loader.o
+      endif
+      OBJS += $(WOLFCRYPT_OBJS)
+      CFLAGS+=-DSTAGE1_AUTH
+    endif
+
     CFLAGS += -fno-stack-protector -m32 -fno-PIC -fno-pie -mno-mmx -mno-sse -DDEBUG_UART
     ifeq ($(FSP_TGL), 1)
       OBJS+=src/x86/tgl_fsp.o
       OBJS+=src/fsp_tgl_s_upd.o
       OBJS+=src/ucode0.o
-      OBJS+=$(MATH_OBJS)
       CFLAGS += -DUCODE0_ADDRESS=$(UCODE0_BASE)
     endif
     ifeq ($(TARGET),x86_fsp_qemu)

diff --git a/config/examples/kontron_vx3060_s2.config b/config/examples/kontron_vx3060_s2.config
@@ -21,11 +21,11 @@ WOLFBOOT_LOAD_ADDRESS=0x1000000
 WOLFBOOT_SECTOR_SIZE?=0x1000
 WOLFBOOT_DATA_ADDRESS=0x1000000
 
-FSP_M_BASE=0xffe37000
+FSP_M_BASE=0xffc33000
 FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
 
-WOLFBOOT_ORIGIN=0xffff0000
+WOLFBOOT_ORIGIN=0xfffa0000
 # 4 MB
 BOOTLOADER_PARTITION_SIZE=0x400000
 # 12 MB
@@ -57,3 +57,7 @@ ELF=1
 DEBUG_ELF=0
 MULTIBOOT2=1
 64BIT=1
+
+STAGE1_AUTH=1
+FSP_S_LOAD_BASE=0x0FED5F00
+
diff --git a/config/examples/x86_fsp_qemu.config b/config/examples/x86_fsp_qemu.config
@@ -30,7 +30,7 @@ WOLFBOOT_DATA_ADDRESS=0x1000000
 FSP_M_BASE=0xffe30000
 FSP_S_BASE=0xffed6000
 FSP_T_BASE=0xfffe0000
-WOLFBOOT_ORIGIN=0xffff0000
+WOLFBOOT_ORIGIN=0xfffa0000
 LINUX_PAYLOAD=1
 
 BOOTLOADER_PARTITION_SIZE=0xa0000
@@ -39,3 +39,4 @@ MACHINE_OBJ=src/x86/qemu_fsp.o
 FSP_T_BIN=./src/x86/fsp_t.bin
 FSP_M_BIN=./src/x86/fsp_m.bin
 FSP_S_BIN=./src/x86/fsp_s.bin
+STAGE1_AUTH=1
diff --git a/config/examples/x86_fsp_qemu_stage1_auth.config b/config/examples/x86_fsp_qemu_stage1_auth.config
@@ -0,0 +1,43 @@
+ARCH=x86_64
+TARGET=x86_fsp_qemu
+WOLFBOOT_SMALL_STACK=1
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG=1
+SPMATH=1
+FORCE_32BIT=1
+ENCRYPTION=0
+WOLFBOOT_FIXED_PARTITIONS=1
+WOLFBOOT_PARTITION_SIZE=0x8000000
+WOLFTPM=0
+
+# TPM Keystore options
+#WOLFBOOT_TPM_KEYSTORE?=1
+#WOLFBOOT_TPM_KEYSTORE_NV_INDEX?=0x01800200
+#WOLFBOOT_TPM_POLICY_NV_INDEX?=0x01800201
+
+# 4gb - 8mb
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0xff800000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x0
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x0
+WOLFBOOT_LOAD_BASE=0x2000000
+WOLFBOOT_LOAD_ADDRESS=0x1000000
+
+# required for keytools
+WOLFBOOT_SECTOR_SIZE?=0x1000
+WOLFBOOT_DATA_ADDRESS=0x1000000
+
+FSP_M_BASE=0xffe30000
+FSP_S_BASE=0xffed6000
+FSP_T_BASE=0xfffe0000
+FSP_S_LOAD_BASE=0x0FED5F00
+WOLFBOOT_ORIGIN=0xfffa0000
+LINUX_PAYLOAD=1
+
+BOOTLOADER_PARTITION_SIZE=0xa0000
+BIOS_REGION_SIZE=0x800000
+MACHINE_OBJ=src/x86/qemu_fsp.o
+FSP_T_BIN=./src/x86/fsp_t.bin
+FSP_M_BIN=./src/x86/fsp_m.bin
+FSP_S_BIN=./src/x86/fsp_s.bin
+STAGE1_AUTH=1
diff --git a/hal/kontron_vx3060_s2_loader.c b/hal/kontron_vx3060_s2_loader.c
@@ -0,0 +1,95 @@
+/* kontron_vx3060_s2_loader.c
+ *
+ * Copyright (C) 2023 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <wolfboot/wolfboot.h>
+#include <stdint.h>
+#include <string.h>
+#include <uart_drv.h>
+
+#ifdef __WOLFBOOT
+#include <printf.h>
+
+extern uint8_t* _stage2_params[];
+
+static void panic(void);
+
+void hal_init(void)
+{
+}
+
+void hal_prepare_boot(void)
+{
+}
+#endif
+
+int hal_flash_write(uint32_t address, const uint8_t *data, int len)
+{
+    return 0;
+}
+
+void hal_flash_unlock(void)
+{
+}
+
+void hal_flash_lock(void)
+{
+}
+
+int hal_flash_erase(uint32_t address, int len)
+{
+    return 0;
+}
+
+int wolfBoot_fallback_is_possible(void)
+{
+    return 0;
+
+}
+
+int wolfBoot_dualboot_candidate(void)
+{
+    return PART_BOOT;
+}
+
+void* hal_get_primary_address(void)
+{
+    return (void*)0;
+}
+
+void* hal_get_update_address(void)
+{
+  return (void*)0;
+}
+
+void *hal_get_dts_address(void)
+{
+    return 0;
+}
+
+void *hal_get_dts_update_address(void)
+{
+    return 0;
+}
+
+static void panic(void)
+{
+    while(1) {}
+}
diff --git a/hal/x86_fsp_qemu_stage1.ld.in b/hal/x86_fsp_qemu_stage1.ld.in
@@ -1,10 +1,10 @@
 FLASH_SIZE = @BOOTLOADER_PARTITION_SIZE@;
 FLASH_START = 0x100000000 - @BOOTLOADER_PARTITION_SIZE@;
+BOOTLOADER_JUMP32_START = 0xfffff000;
 RESETVECTOR_START = 0xffffffec;
-FSP_T_BASE = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
-FSP_M_BASE = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
-FSP_S_BASE = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
-WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
+FSP_T_ORIGIN = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
+FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
+FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
 OUTPUT_FORMAT(elf32-i386)
 
@@ -16,46 +16,55 @@ MEMORY
 
 SECTIONS
 {
+    .jmpto32 BOOTLOADER_JUMP32_START : 
+    {
+       _off_boot = ABSOLUTE(.) & 0xffff;
+       KEEP(*(.jmpto32))
+    }
     .reset_vector RESETVECTOR_START :
     {
        KEEP(*(.reset_vector))
     }
 
     .bootloader WOLFBOOT_ORIGIN :
     {
-       _off_boot = ABSOLUTE(.) & 0xffff;
        KEEP(*(.boot*))
        *(.text*)
        *(.rodata*)
        *(.eh_frame*)
        *(.data*)
-       . = ALIGN(4);
+       . = ALIGN(256);
     }
 
     .wolfboot FLASH_START :
     {
         _wolfboot_flash_start = .;
+        KEEP(*(.sig_wolfboot_raw*))
         *(.wolfboot)
         _wolfboot_flash_end = .;
     }
 
-    .fsp_t FSP_T_BASE :
-    AT(FSP_T_BASE)
+    .fsp_t FSP_T_ORIGIN :
+    AT(FSP_T_ORIGIN)
     {
        _start_fsp_t = .;
        *(.fsp_t)
     }
 
-    .fsp_s FSP_S_BASE :
+    .fsp_s FSP_S_ORIGIN :
     {
+       _fsp_s_hdr = .;
+       KEEP(*(.sig_fsp_s*))
        _start_fsp_s = .;
        *(.fsp_s)
+       _end_fsp_s = .;
     }
 
-    .fsp_m FSP_M_BASE :
+    .fsp_m FSP_M_ORIGIN :
     {
        _start_fsp_m = .;
        *(.fsp_m)
+       _end_fsp_m = .;
     }
 
 }
diff --git a/hal/x86_fsp_tgl.c b/hal/x86_fsp_tgl.c
@@ -47,3 +47,4 @@ void x86_fsp_tgl_init_sata(void)
 }
 
 #endif
+
diff --git a/hal/x86_fsp_tgl_stage1.ld.in b/hal/x86_fsp_tgl_stage1.ld.in
@@ -1,15 +1,14 @@
 FLASH_SIZE = @BOOTLOADER_PARTITION_SIZE@;
 FLASH_START = 0x100000000 - @BOOTLOADER_PARTITION_SIZE@;
+BOOTLOADER_JUMP32_START = 0xfffff000;
 RESETVECTOR_START = 0xffffffec;
-FSP_T_BASE = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
-FSP_M_BASE = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
-FSP_S_BASE = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
-WOLFBOOT_LOAD_BASE = @WOLFBOOT_LOAD_BASE@;
+FSP_T_ORIGIN = @FSP_T_BASE@; /* default base:size 0xFFFFF000:0x3000 [0xfffff000:0x100002000] */
+FSP_M_ORIGIN = @FSP_M_BASE@; /* default base:size 0xfffdd000:0x22000 [0xfffdd000:0xfffff000] */
+FSP_S_ORIGIN = @FSP_S_BASE@; /* default base:size 0xfffc8000:0x15000 [0xfffdd000:0xfffdd000] */
 FIT_TABLE_PTR = 0xffffffc0;
 UCODE0_BASE = @UCODE0_BASE@;
 FSP_S_UPD_DATA_BASE = @FSP_S_UPD_DATA_BASE@;
 WOLFBOOT_ORIGIN = @WOLFBOOT_ORIGIN@;
-
 OUTPUT_FORMAT(elf32-i386)
 
 MEMORY
@@ -20,6 +19,12 @@ MEMORY
 
 SECTIONS
 {
+    .jmpto32 BOOTLOADER_JUMP32_START :
+    {
+       _off_boot = ABSOLUTE(.) & 0xffff;
+       KEEP(*(.jmpto32))
+    }
+
     .fit_table_tr FIT_TABLE_PTR :
     {
         QUAD(fit_table);
@@ -37,7 +42,6 @@ SECTIONS
 
     .bootloader WOLFBOOT_ORIGIN :
     {
-       _off_boot = ABSOLUTE(.) & 0xffff;
        KEEP(./boot_x86_fsp_start.o(.boot*))
        KEEP(./tgl_fsp.o(.boot))
        *(.boot*)
@@ -55,28 +59,34 @@ SECTIONS
 
    .text FLASH_START :
     {
-       _wolfboot_flash_start = ABSOLUTE(FLASH_START);
-       *(.wolfboot)
-       _wolfboot_flash_end = .;
+        _wolfboot_flash_start = .;
+        KEEP(*(.sig_wolfboot_raw*))
+        *(.wolfboot)
+        _wolfboot_flash_end = .;
     }
 
-    .fsp_t FSP_T_BASE :
-    AT(FSP_T_BASE)
+    .fsp_t FSP_T_ORIGIN :
+    AT(FSP_T_ORIGIN)
     {
        _start_fsp_t = .;
        *(.fsp_t)
     }
 
-    .fsp_s FSP_S_BASE :
+    .fsp_s FSP_S_ORIGIN :
     {
+       _fsp_s_hdr = .;
+       KEEP(*(.sig_fsp_s*))
        _start_fsp_s = .;
        *(.fsp_s)
+       _end_fsp_s = .;
     }
 
-    .fsp_m FSP_M_BASE :
+    .fsp_m FSP_M_ORIGIN :
     {
+       _fsp_m_hdr = .;
        _start_fsp_m = .;
        *(.fsp_m)
+       _end_fsp_m = .;
     }
 
 }