From 20184d2b24be5eb957e47f671cf86ca3cc9d73f7 Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 15 Aug 2023 02:48:18 -0400
Subject: [PATCH 1/4] add test to demonstrate that NVM_FLASH_WRITEONCE

is calling nvm_select_fresh_sector on a potentially external partition, which will fail and crashes the simulator. the next commit will hold the fix
---
 .../workflows/test-powerfail-simulator.yml    | 38 +++++++++++++++++++
 .../sim-encrypt-nvm-writeonce-update.config   | 20 ++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 config/examples/sim-encrypt-nvm-writeonce-update.config

diff --git a/.github/workflows/test-powerfail-simulator.yml b/.github/workflows/test-powerfail-simulator.yml
index 7c5633d73..8b726e6e9 100644
--- a/.github/workflows/test-powerfail-simulator.yml
+++ b/.github/workflows/test-powerfail-simulator.yml
@@ -225,3 +225,41 @@ jobs:
         run: |
           tools/scripts/sim-update-powerfail-resume.sh
 
+     # TEST with encryption (aes128) and NVM_WRITEONCE
+
+      - name: make clean
+        run: |
+          make keysclean && make -C tools/keytools clean && rm -f include/target.h
+      - name: Select config with encrypted updates
+        run: |
+          cp config/examples/sim-encrypt-nvm-writeonce-update.config .config
+      - name: Build key tools
+        run: |
+          make -C tools/keytools
+      - name: Build bin assemble
+        run: |
+          make -C tools/bin-assemble
+      - name: Build wolfboot.elf
+        run: |
+          make clean && make test-sim-external-flash-with-enc-update
+      - name: Run sunny day update test (AES128 NVM_WRITEONCE)
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-external-flash-with-enc-update
+      - name: Run update-revert test (AES128 NVM_WRITEONCE)
+        run: |
+          tools/scripts/sim-update-fallback.sh
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-external-flash-with-enc-update
+      - name: Run update-revert test with power failures (AES128 NVM_WRITEONCE)
+        run: |
+          tools/scripts/sim-update-powerfail-resume.sh
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-external-flash-with-enc-update
+      - name: Run update-revert test with progressive power failures (AES128 NVM_WRITEONCE)
+        run: |
+          tools/scripts/sim-update-powerfail-resume-nvm-writeonce.sh
diff --git a/config/examples/sim-encrypt-nvm-writeonce-update.config b/config/examples/sim-encrypt-nvm-writeonce-update.config
new file mode 100644
index 000000000..e65673c3b
--- /dev/null
+++ b/config/examples/sim-encrypt-nvm-writeonce-update.config
@@ -0,0 +1,20 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ED25519
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK=1
+SPI_FLASH=0
+EXT_FLASH=1
+ENCRYPT=1
+ENCRYPT_WITH_AES128=1
+DEBUG=1
+# it should be multiple of system page size
+NVM_FLASH_WRITEONCE=1
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0xC0020000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x40000
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

From d08ed5c47317251999c4b052507c0776d3fe996e Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 15 Aug 2023 11:57:22 -0400
Subject: [PATCH 2/4] only call nvm_select_fresh_sector on internal partitions

---
 src/libwolfboot.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/libwolfboot.c b/src/libwolfboot.c
index d107ad853..b55f763e4 100644
--- a/src/libwolfboot.c
+++ b/src/libwolfboot.c
@@ -268,15 +268,16 @@ static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at)
 {
     uint8_t *ret = NULL;
     uint32_t sel_sec = 0;
-#ifdef NVM_FLASH_WRITEONCE
-    sel_sec = nvm_select_fresh_sector(part);
-#endif
     if (part == PART_BOOT) {
         if (FLAGS_BOOT_EXT()){
             ext_flash_check_read(PART_BOOT_ENDFLAGS - (sizeof(uint32_t) + at),
                 (void *)&ext_cache, sizeof(uint32_t));
             ret = (uint8_t *)&ext_cache;
         } else {
+            /* only internal flash should be writeonce */
+#ifdef NVM_FLASH_WRITEONCE
+            sel_sec = nvm_select_fresh_sector(part);
+#endif
             ret = (void *)(PART_BOOT_ENDFLAGS -
                     (WOLFBOOT_SECTOR_SIZE * sel_sec + (sizeof(uint32_t) + at)));
         }
@@ -287,6 +288,10 @@ static uint8_t* RAMFUNCTION get_trailer_at(uint8_t part, uint32_t at)
                 (void *)&ext_cache, sizeof(uint32_t));
             ret = (uint8_t *)&ext_cache;
         } else {
+            /* only internal flash should be writeonce */
+#ifdef NVM_FLASH_WRITEONCE
+            sel_sec = nvm_select_fresh_sector(part);
+#endif
             ret = (void *)(PART_UPDATE_ENDFLAGS -
                     (WOLFBOOT_SECTOR_SIZE * sel_sec + (sizeof(uint32_t) + at)));
         }

From 6cbac8326fe3d3520973d521031fb4f7787c3e0f Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 15 Aug 2023 12:44:35 -0400
Subject: [PATCH 3/4] fix old address scheme in config

---
 config/examples/sim-encrypt-nvm-writeonce-update.config | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/examples/sim-encrypt-nvm-writeonce-update.config b/config/examples/sim-encrypt-nvm-writeonce-update.config
index e65673c3b..5ea137b84 100644
--- a/config/examples/sim-encrypt-nvm-writeonce-update.config
+++ b/config/examples/sim-encrypt-nvm-writeonce-update.config
@@ -12,7 +12,7 @@ DEBUG=1
 NVM_FLASH_WRITEONCE=1
 WOLFBOOT_PARTITION_SIZE=0x40000
 WOLFBOOT_SECTOR_SIZE=0x1000
-WOLFBOOT_PARTITION_BOOT_ADDRESS=0xC0020000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
 # if on external flash, it should be multiple of system page size
 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x00000
 WOLFBOOT_PARTITION_SWAP_ADDRESS=0x40000

From f5a2e23de665da74726072ffa178d4df7c93bacf Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 15 Aug 2023 12:53:41 -0400
Subject: [PATCH 4/4] remove unready test

---
 .github/workflows/test-powerfail-simulator.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/test-powerfail-simulator.yml b/.github/workflows/test-powerfail-simulator.yml
index 8b726e6e9..f1ff2377a 100644
--- a/.github/workflows/test-powerfail-simulator.yml
+++ b/.github/workflows/test-powerfail-simulator.yml
@@ -257,9 +257,3 @@ jobs:
       - name: Run update-revert test with power failures (AES128 NVM_WRITEONCE)
         run: |
           tools/scripts/sim-update-powerfail-resume.sh
-      - name: Rebuild wolfboot.elf
-        run: |
-          make clean && make test-sim-external-flash-with-enc-update
-      - name: Run update-revert test with progressive power failures (AES128 NVM_WRITEONCE)
-        run: |
-          tools/scripts/sim-update-powerfail-resume-nvm-writeonce.sh