Fixed more comments from copilot + fenrir

danielinux · danielinux · commit 6540f17ef218 · 2026-04-14T20:00:41.000+02:00
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -632,8 +632,11 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
         return -1;
     }
     delta_img_size = wb_delta_im2n(*img_size);
-    if (inverse)
+    if (inverse) {
         delta_img_offset = wb_delta_im2n(*img_offset);
+    } else {
+        delta_img_offset = IMAGE_HEADER_SIZE;
+    }
     cur_v = wolfBoot_current_firmware_version();
     upd_v = wolfBoot_update_firmware_version();
     delta_base_v = wolfBoot_get_diffbase_version(PART_UPDATE);
@@ -691,7 +694,7 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
             ret = -1;
         } else {
             ret = wb_patch_init(&ctx, boot->hdr, boot->fw_size + IMAGE_HEADER_SIZE,
-                    update->hdr + IMAGE_HEADER_SIZE, delta_img_size);
+                    update->hdr + delta_img_offset, delta_img_size);
         }
     }
     if (ret < 0)
@@ -1488,6 +1491,10 @@ void RAMFUNCTION wolfBoot_start(void)
             }
         }
     }
+    if ((boot.hdr_ok != 1U) || (boot.sha_ok != 1U) ||
+        (boot.signature_ok != 1U)) {
+        wolfBoot_panic();
+    }
     PART_SANITY_CHECK(&boot);
 #else
     if (bootRet < 0) {
diff --git a/src/x86/ahci.c b/src/x86/ahci.c
@@ -122,6 +122,14 @@ static int wolfBoot_local_constant_compare(const uint8_t* a, const uint8_t* b,
     return diff;
 }
 
+static void ahci_secret_zeroize(void *ptr, size_t len)
+{
+    volatile uint8_t *p = (volatile uint8_t *)ptr;
+    while (len-- > 0U) {
+        *p++ = 0U;
+    }
+}
+
 /**
  * @brief Sets the AHCI Base Address Register (ABAR) for the given device.
  *
@@ -278,7 +286,7 @@ static int sata_get_random_base64(uint8_t *out, int *out_size)
     ret = 0;
 
 cleanup:
-    TPM2_ForceZero(rand, sizeof(rand));
+    ahci_secret_zeroize(rand, sizeof(rand));
     return ret;
 }
 
@@ -322,7 +330,7 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,
         }
 
         wolfBoot_printf("Secret Check %d bytes\n", secret_check_sz);
-        TPM2_ForceZero(secret_check, sizeof(secret_check));
+        ahci_secret_zeroize(secret_check, sizeof(secret_check));
     }
 
     if (ret == 0)
@@ -495,7 +503,7 @@ int sata_unlock_disk(int drv, int freeze)
 error:
     r = -1;
 cleanup:
-    TPM2_ForceZero(secret, sizeof(secret));
+    ahci_secret_zeroize(secret, sizeof(secret));
     return r;
 }
 #endif /* WOLFBOOT_ATA_DISK_LOCK */

Original file line number	Diff line number	Diff line change
`@@ -632,8 +632,11 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,`
`632`	`632`	`return -1;`
`633`	`633`	`}`
`634`	`634`	`delta_img_size = wb_delta_im2n(*img_size);`
`635`		`- if (inverse)`
	`635`	`+ if (inverse) {`
`636`	`636`	`delta_img_offset = wb_delta_im2n(*img_offset);`
	`637`	`+ } else {`
	`638`	`+ delta_img_offset = IMAGE_HEADER_SIZE;`
	`639`	`+ }`
`637`	`640`	`cur_v = wolfBoot_current_firmware_version();`
`638`	`641`	`upd_v = wolfBoot_update_firmware_version();`
`639`	`642`	`delta_base_v = wolfBoot_get_diffbase_version(PART_UPDATE);`
`@@ -691,7 +694,7 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,`
`691`	`694`	`ret = -1;`
`692`	`695`	`} else {`
`693`	`696`	`ret = wb_patch_init(&ctx, boot->hdr, boot->fw_size + IMAGE_HEADER_SIZE,`
`694`		`- update->hdr + IMAGE_HEADER_SIZE, delta_img_size);`
	`697`	`+ update->hdr + delta_img_offset, delta_img_size);`
`695`	`698`	`}`
`696`	`699`	`}`
`697`	`700`	`if (ret < 0)`
`@@ -1488,6 +1491,10 @@ void RAMFUNCTION wolfBoot_start(void)`
`1488`	`1491`	`}`
`1489`	`1492`	`}`
`1490`	`1493`	`}`
	`1494`	`+ if ((boot.hdr_ok != 1U) \|\| (boot.sha_ok != 1U) \|\|`
	`1495`	`+ (boot.signature_ok != 1U)) {`
	`1496`	`+ wolfBoot_panic();`
	`1497`	`+ }`
`1491`	`1498`	`PART_SANITY_CHECK(&boot);`
`1492`	`1499`	`#else`
`1493`	`1500`	`if (bootRet < 0) {`
Original file line number	Diff line number	Diff line change
`@@ -122,6 +122,14 @@ static int wolfBoot_local_constant_compare(const uint8_t* a, const uint8_t* b,`
`122`	`122`	`return diff;`
`123`	`123`	`}`
`124`	`124`
	`125`	`+static void ahci_secret_zeroize(void *ptr, size_t len)`
	`126`	`+{`
	`127`	`+ volatile uint8_t p = (volatile uint8_t )ptr;`
	`128`	`+ while (len-- > 0U) {`
	`129`	`+ *p++ = 0U;`
	`130`	`+ }`
	`131`	`+}`
	`132`	`+`
`125`	`133`	`/**`
`126`	`134`	`* @brief Sets the AHCI Base Address Register (ABAR) for the given device.`
`127`	`135`	`*`
`@@ -278,7 +286,7 @@ static int sata_get_random_base64(uint8_t out, int out_size)`
`278`	`286`	`ret = 0;`
`279`	`287`
`280`	`288`	`cleanup:`
`281`		`- TPM2_ForceZero(rand, sizeof(rand));`
	`289`	`+ ahci_secret_zeroize(rand, sizeof(rand));`
`282`	`290`	`return ret;`
`283`	`291`	`}`
`284`	`292`
`@@ -322,7 +330,7 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,`
`322`	`330`	`}`
`323`	`331`
`324`	`332`	`wolfBoot_printf("Secret Check %d bytes\n", secret_check_sz);`
`325`		`- TPM2_ForceZero(secret_check, sizeof(secret_check));`
	`333`	`+ ahci_secret_zeroize(secret_check, sizeof(secret_check));`
`326`	`334`	`}`
`327`	`335`
`328`	`336`	`if (ret == 0)`
`@@ -495,7 +503,7 @@ int sata_unlock_disk(int drv, int freeze)`
`495`	`503`	`error:`
`496`	`504`	`r = -1;`
`497`	`505`	`cleanup:`
`498`		`- TPM2_ForceZero(secret, sizeof(secret));`
	`506`	`+ ahci_secret_zeroize(secret, sizeof(secret));`
`499`	`507`	`return r;`
`500`	`508`	`}`
`501`	`509`	`#endif /* WOLFBOOT_ATA_DISK_LOCK */`