Add support for wolfHSM multi-root certificate verification

Author: bigbrett

docs/wolfHSM.md

@@ -58,7 +58,7 @@ To use certificate verification with wolfHSM:
 
 1. Enable `WOLFBOOT_CERT_CHAIN_VERIFY` in your wolfBoot configuration
 2. Ensure the wolfHSM server is configured with certificate manager support (`WOLFHSM_CFG_CERTIFICATE_MANAGER`)
-3. Pre-provision the root CA certificate on the wolfHSM server at the NVM ID specified by the HAL `hsmNvmIdCertRootCA`
+3. Pre-provision one or more root CA certificates on the wolfHSM server at the NVM IDs listed in the HAL `hsmNvmIdCertRootCAList`. Verification succeeds if the embedded chain anchors to *any* root in the list (absent NVM IDs are silently skipped). The list length must not exceed `WOLFHSM_CFG_CERT_MAX_VERIFY_ROOTS` (default 8).
 4. Sign firmware images with the `--cert-chain` option, providing a DER-encoded certificate chain
 
 To build the simulator using wolfHSM for certificate verification:
@@ -96,6 +96,7 @@ In addition to the standard wolfBoot HAL functions, wolfHSM-enabled platforms mu
 - `hsmDevIdHash`: The HSM device ID for hash operations. This is used to identify the HSM device to wolfBoot.
 - `hsmDevIdPubKey`: The HSM device ID for public key operations. This is used to identify the HSM device to wolfBoot.
 - `hsmKeyIdPubKey`: The HSM key ID for public key operations. This is used to identify the key to use for public key operations.
+- `hsmNvmIdCertRootCAList` / `hsmNvmIdCertRootCACount`: Array of NVM IDs identifying the trusted root CA certificate(s) and its element count. Only used when building with `WOLFBOOT_CERT_CHAIN_VERIFY`. The chain in the firmware header may anchor to any of the listed roots; the count is bounded by `WOLFHSM_CFG_CERT_MAX_VERIFY_ROOTS` (default 8). Each in-tree HAL provides a default of `{ 1 }`; override at build time by passing a comma-separated initializer in `WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST`, e.g. `make CFLAGS_EXTRA='-DWOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST="1, 2, 3"'`.
 
 ### Client HAL Functions
 

hal/aurix_tc3xx.c

@@ -111,15 +111,27 @@ const int hsmDevIdCrypt = WH_DEV_ID;
 const int hsmKeyIdCrypt = 0xFF;
 #endif
 #ifdef WOLFBOOT_CERT_CHAIN_VERIFY
-const whNvmId hsmNvmIdCertRootCA = 1;
+/* Override at build time, e.g. -DWOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST="1, 2, 3" */
+#ifndef WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST
+#define WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST 1
+#endif
+const whNvmId  hsmNvmIdCertRootCAList[] = { WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST };
+const uint16_t hsmNvmIdCertRootCACount  =
+    sizeof(hsmNvmIdCertRootCAList) / sizeof(hsmNvmIdCertRootCAList[0]);
 #endif
 
 #elif defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) /*WOLFBOOT_ENABLE_WOLFHSM_CLIENT*/
 
 /* map wolfBoot HAL layer wofHSM exports to their tchsm config vals */
-const int     hsmDevIdHash       = HSM_DEVID;
-const int     hsmDevIdPubKey     = HSM_DEVID;
-const whNvmId hsmNvmIdCertRootCA = 1;
+const int      hsmDevIdHash             = HSM_DEVID;
+const int      hsmDevIdPubKey           = HSM_DEVID;
+/* Override at build time, e.g. -DWOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST="1, 2, 3" */
+#ifndef WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST
+#define WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST 1
+#endif
+const whNvmId  hsmNvmIdCertRootCAList[] = { WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST };
+const uint16_t hsmNvmIdCertRootCACount  =
+    sizeof(hsmNvmIdCertRootCAList) / sizeof(hsmNvmIdCertRootCAList[0]);
 #ifdef EXT_ENCRYPT
 #error "AURIX does not support firmware encryption with wolfHSM(yet)"
 const int     hsmDevIdCrypt      = INVALID_DEVID; /*HSM_DEVID once CCB enabled*/

hal/sim.c

@@ -191,7 +191,13 @@ const int hsmDevIdCrypt = WH_DEV_ID;
 const int hsmKeyIdCrypt = 0xFF;
 #endif
 #ifdef WOLFBOOT_CERT_CHAIN_VERIFY
-const whNvmId hsmNvmIdCertRootCA = 1;
+/* Override at build time, e.g. -DWOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST="1, 2, 3" */
+#ifndef WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST
+#define WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST 1
+#endif
+const whNvmId  hsmNvmIdCertRootCAList[] = { WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST };
+const uint16_t hsmNvmIdCertRootCACount  =
+    sizeof(hsmNvmIdCertRootCAList) / sizeof(hsmNvmIdCertRootCAList[0]);
 #endif
 
 int hal_hsm_init_connect(void);
@@ -257,9 +263,15 @@ whServerConfig s_conf[1] = {{
 
 whServerContext hsmServerCtx = {0};
 
-const int     hsmDevIdHash       = INVALID_DEVID;
-const int     hsmDevIdPubKey     = INVALID_DEVID;
-const whNvmId hsmNvmIdCertRootCA = 1;
+const int      hsmDevIdHash             = INVALID_DEVID;
+const int      hsmDevIdPubKey           = INVALID_DEVID;
+/* Override at build time, e.g. -DWOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST="1, 2, 3" */
+#ifndef WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST
+#define WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST 1
+#endif
+const whNvmId  hsmNvmIdCertRootCAList[] = { WOLFBOOT_WOLFHSM_NVM_ROOT_CA_LIST };
+const uint16_t hsmNvmIdCertRootCACount  =
+    sizeof(hsmNvmIdCertRootCAList) / sizeof(hsmNvmIdCertRootCAList[0]);
 #ifdef EXT_ENCRYPT
 #error "Simulator does not support firmware encryption with wolfHSM(yet)"
 const int     hsmDevIdCrypt      = WH_DEV_ID;

include/hal.h

@@ -221,8 +221,11 @@ extern const int hsmDevIdCrypt; /* devId for image (enc)decryption */
 extern const int hsmKeyIdCrypt; /* KeyId for image (enc/dec)ryption */
 #endif
 #ifdef WOLFBOOT_CERT_CHAIN_VERIFY
-/* NvmId for trusted root CA certificate */
-extern const whNvmId hsmNvmIdCertRootCA;
+/* List of NvmIds for trusted root CA certificates. Verification succeeds if
+ * the cert chain anchors to any root in the list. The list length must not
+ * exceed WOLFHSM_CFG_CERT_MAX_VERIFY_ROOTS. */
+extern const whNvmId  hsmNvmIdCertRootCAList[];
+extern const uint16_t hsmNvmIdCertRootCACount;
 #endif
 
 #endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || WOLFBOOT_ENABLE_WOLFHSM_SERVER */

lib/wolfHSM

@@ -2319,25 +2319,28 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
 #if defined(WOLFHSM_CFG_DMA)
         wolfBoot_printf(
             "verifying cert chain and caching leaf pubkey (using DMA)\n");
-        hsm_ret = wh_Client_CertVerifyDmaAndCacheLeafPubKey(
-            &hsmClientCtx, cert_chain, cert_chain_size, hsmNvmIdCertRootCA,
+        hsm_ret = wh_Client_CertVerifyMultiRootDmaAndCacheLeafPubKey(
+            &hsmClientCtx, cert_chain, cert_chain_size,
+            hsmNvmIdCertRootCAList, hsmNvmIdCertRootCACount,
             WH_NVM_FLAGS_USAGE_VERIFY, &g_certLeafKeyId, &cert_verify_result);
 #else
         wolfBoot_printf("verifying cert chain and caching leaf pubkey\n");
-        hsm_ret = wh_Client_CertVerifyAndCacheLeafPubKey(
-            &hsmClientCtx, cert_chain, cert_chain_size, hsmNvmIdCertRootCA,
+        hsm_ret = wh_Client_CertVerifyMultiRootAndCacheLeafPubKey(
+            &hsmClientCtx, cert_chain, cert_chain_size,
+            hsmNvmIdCertRootCAList, hsmNvmIdCertRootCACount,
             WH_NVM_FLAGS_USAGE_VERIFY, &g_certLeafKeyId, &cert_verify_result);
 #endif
 #elif defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
         wolfBoot_printf("verifying cert chain and caching leaf pubkey\n");
-        hsm_ret = wh_Server_CertVerify(
-            &hsmServerCtx, cert_chain, cert_chain_size, hsmNvmIdCertRootCA,
+        hsm_ret = wh_Server_CertVerifyMultiRoot(
+            &hsmServerCtx, cert_chain, cert_chain_size,
+            hsmNvmIdCertRootCAList, hsmNvmIdCertRootCACount,
             WH_CERT_FLAGS_CACHE_LEAF_PUBKEY, WH_NVM_FLAGS_USAGE_VERIFY,
             &g_certLeafKeyId);
         if (hsm_ret == WH_ERROR_OK) {
             cert_verify_result = 0;
         }
-        wolfBoot_printf("wh_Server_CertVerify returned %d\n", hsm_ret);
+        wolfBoot_printf("wh_Server_CertVerifyMultiRoot returned %d\n", hsm_ret);
 #endif
 
         /* Error or verification failure results in standard auth check failure