Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for OTP Flash as trust anchor for keystore #449

Merged
merged 19 commits into from
May 24, 2024
Merged

Support for OTP Flash as trust anchor for keystore #449

merged 19 commits into from
May 24, 2024

Conversation

danielinux
Copy link
Member

@danielinux danielinux commented May 10, 2024
edited
Loading

Goals:

  • HAL for STM32H7
  • HAL for STM32H5
  • Build option + keystore module for OTP flash
  • keygen tool generates a one-time provisioning mechanism
  • examples, .config with their build tests, documentation

(re)based on PR #400

@danielinux danielinux mentioned this pull request May 10, 2024
Closed
danielinux
danielinux commented May 10, 2024
View reviewed changes
tools/keytools/keygen.c
@@ -200,7 +200,7 @@ const char Keystore_API[] =
"uint32_t keystore_get_mask(int id)\n"
"{\n"
" if (id >= keystore_num_pubkeys())\n"
" return -1;\n"
" return 0;\n"
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looked like a bug in the generated software keystore, a mask with all "1" being returned for an invalid slot. Spotted while writing the API for the OTP trust anchor.

@dgarske dgarske self-requested a review May 10, 2024 15:46
@danielinux danielinux force-pushed the stm32h7_otp branch 2 times, most recently from 53ff0ad to 268f187 Compare May 15, 2024 08:54
@danielinux
Copy link
Member Author

Tested provisioning on a new STM32H563. OTP keystore working as expected. Ready for review.

@danielinux danielinux marked this pull request as ready for review May 20, 2024 09:05
@danielinux danielinux assigned dgarske and unassigned danielinux May 21, 2024
dgarske
dgarske requested changes May 21, 2024
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Builds good. Changes look good. Curious your thoughts on how best to test.

tools/keytools/otp/Makefile Outdated
@$(OBJCOPY) -O binary $(^) $(@)

otp-keystore-primer.elf: $(PRI_KS_OBJS)
@$(CC) -o otp-keystore-primer.elf $(LDFLAGS) $(CFLAGS) $(PRI_KS_OBJS)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might consider the V=1 logic and $(Q) logic.

Got a warning about missing entry symbol _start. Still built fine, but is the default entry at 0x8000 really okay?

% make clean && make
arm-none-eabi-gcc -D"__WOLFBOOT" -Werror -Wextra -Wno-array-bounds -mthumb -mlittle-endian -mthumb-interwork -DARCH_ARM -Ihal -mcpu=cortex-m33 -DCORTEX_M33 -mcmse -DWOLFCRYPT_SECURE_MODE -DWOLFSSL_SP_ASM -DWOLFSSL_SP_ARM_CORTEX_M_ASM -DTZEN -DARCH_FLASH_OFFSET=0x08000000 -DWOLFBOOT_DUALBOOT -DWOLFBOOT_ORIGIN=0x0C000000 -DBOOTLOADER_PARTITION_SIZE= -DWOLFBOOT_ARCH_ARM -DTARGET_stm32h5 -D"FLASH_OTP_KEYSTORE" -D"WOLFBOOT_SIGN_ECC256" -D"FILL_BYTE=0xFF" -D"DUALBANK_SWAP=1" -D"NVM_FLASH_WRITEONCE" -Os -D"WOLFBOOT_NO_MPU" -DWOLFBOOT_VERSION=1 -DSECURE_PKCS11 -DWOLFSSL_PKCS11_RW_TOKENS -DCK_CALLABLE="__attribute__((cmse_nonsecure_entry))" -Ilib/wolfPKCS11 -DWP11_HASH_PIN_COST=3 -D"WOLFBOOT_HASH_SHA256" -DIMAGE_HEADER_SIZE=256  "-Wstack-usage=16688" -I"." -I"include/" -I"lib/wolfssl" -Wno-array-bounds -D"WOLFSSL_USER_SETTINGS" -D"WOLFTPM_USER_SETTINGS" -D"PLATFORM_stm32h5" -Wall -Wextra -Wno-main -ffreestanding -Wno-unused -nostartfiles -ffunction-sections -fdata-sections -fomit-frame-pointer   -mthumb -mlittle-endian -mthumb-interwork -mcpu=cortex-m33 -Wl,-gc-sections -Wl,-Map=wolfboot.map -ffreestanding -nostartfiles  tools/keytools/otp/otp-keystore-primer.c   -o tools/keytools/otp/otp-keystore-primer
/usr/local/Cellar/gcc-arm-none-eabi/20200630/bin/../lib/gcc/arm-none-eabi/9.3.1/../../../../arm-none-eabi/bin/ld: warning: cannot find entry symbol _start; defaulting to 0000000000008000
	[CC-ARM] hal/stm32h5.o

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was an actual issue with otp-keystore-primer build, not selecting the right linker script

include/wolfboot/wolfboot.h Outdated
@@ -175,6 +175,10 @@ extern "C" {
#endif
#endif

#endif

#if defined __WOLFBOOT || defined __FLASH_OTP_PRIMER
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe use defined(__WOLFBOOT) || with parenthesis for consistency?

include/otp_keystore.h Outdated

#define OTP_HDR_SIZE 16

struct __attribute__((packed)) wolfBoot_otp_hdr {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eventually I'd like to see our use of PACKED come from a macro, so it's not just GCC.

#if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \
        defined(__GNUC__)
    #define WOLFBOOT_PACK __attribute__ ((packed))
#else
    #define WOLFBOOT_PACK
#endif

@danielinux danielinux requested a review from dgarske May 24, 2024 14:44
@danielinux danielinux removed their assignment May 24, 2024
@dgarske dgarske merged commit 971cbe0 into wolfSSL:master May 24, 2024
93 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielinux @dgarske