Skip to content

Commit 715b0f3

Browse files
committed
Merge remote-tracking branch 'upstream/master' into h5-wolfhsm-port
# Conflicts: # tools/unit-tests/Makefile
2 parents 121ebea + dd4fc26 commit 715b0f3

21 files changed

Lines changed: 853 additions & 94 deletions

.github/workflows/test-configs.yml

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -518,6 +518,18 @@ jobs:
518518
arch: arm
519519
config-file: ./config/examples/stm32h5-tz-tpm.config
520520

521+
stm32h5_tz_tpm_mfgid_test:
522+
uses: ./.github/workflows/test-build.yml
523+
with:
524+
arch: arm
525+
config-file: ./config/examples/stm32h5-tz-tpm-mfgid.config
526+
527+
stm32h5_tz_tpm_mfgid_precomputed_test:
528+
uses: ./.github/workflows/test-build.yml
529+
with:
530+
arch: arm
531+
config-file: ./config/examples/stm32h5-tz-tpm-mfgid-precomputed.config
532+
521533
stm32h5_tz_dualbank_test:
522534
uses: ./.github/workflows/test-build.yml
523535
with:

.github/workflows/test-wolfhsm-simulator.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ jobs:
9191
./Build/wh_posix_server.elf --type tcp --nvminit $tmpfile &
9292
else
9393
# --flags=0x100 sets the WH_NVM_FLAGS_USAGE_VERIFY flag
94-
./Build/wh_posix_server.elf --type tcp --client 12 --id 255 --flags 0x100 --key ../../../../../wolfboot_signing_private_key_pub.der &
94+
./Build/wh_posix_server.elf --type tcp --client 1 --id 255 --flags 0x100 --key ../../../../../wolfboot_signing_private_key_pub.der &
9595
fi
9696
TCP_SERVER_PID=$!
9797
echo "TCP_SERVER_PID=$TCP_SERVER_PID" >> $GITHUB_ENV

Makefile

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -119,6 +119,17 @@ ifneq ($(USER_NVM_INIT),)
119119
NVM_CONFIG:=$(USER_NVM_INIT)
120120
endif
121121

122+
# Eliminates compilation and linkage of the built-in wolfBoot keystore
123+
WOLFBOOT_NO_KEYSTORE :=
124+
ifeq ($(WOLFHSM_CLIENT),1)
125+
WOLFBOOT_NO_KEYSTORE := 1
126+
endif
127+
ifeq ($(WOLFHSM_SERVER),1)
128+
ifneq ($(CERT_CHAIN_VERIFY),)
129+
WOLFBOOT_NO_KEYSTORE := 1
130+
endif
131+
endif
132+
122133
ifeq ($(SIGN),NONE)
123134
PRIVATE_KEY=
124135
else
@@ -139,6 +150,14 @@ else
139150
endif
140151
ifeq ($(FLASH_OTP_KEYSTORE),1)
141152
OBJS+=./src/flash_otp_keystore.o
153+
else ifeq ($(WOLFBOOT_NO_KEYSTORE),1)
154+
CFLAGS+=-DWOLFBOOT_NO_KEYSTORE
155+
# No built-in keystore is compiled in, but firmware images must still be
156+
# signed (for test/factory builds). src/keystore.o normally triggers
157+
# generation of the signing key via 'src/keystore.c: $(PRIVATE_KEY)'.
158+
# Without it, tie the key to the bootloader build so the signing key is
159+
# still produced before any downstream signing step runs.
160+
WOLFBOOT_SIGN_KEY_DEP=$(PRIVATE_KEY)
142161
else
143162
OBJS+=./src/keystore.o
144163
endif
@@ -550,8 +569,8 @@ factory_wstage1.bin: $(BINASSEMBLE) stage1/loader_stage1.bin wolfboot.bin $(BOOT
550569
wolfboot_stage1.bin: wolfboot.elf stage1/loader_stage1.bin
551570
$(Q) cp stage1/loader_stage1.bin wolfboot_stage1.bin
552571

553-
wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(BINASSEMBLE) FORCE
554-
$(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \
572+
wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(BINASSEMBLE) $(WOLFBOOT_SIGN_KEY_DEP) FORCE
573+
$(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (test "$(WOLFBOOT_NO_KEYSTORE)" = "1") || (grep -q $(SIGN_ALG) src/keystore.c) || \
555574
(echo "Key mismatch: please run 'make keysclean' to remove all keys if you want to change algorithm" && false)
556575
@echo "\t[LD] $@"
557576
@echo $(OBJS)

config/examples/sim-wolfHSM-client-ecc.config

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -23,9 +23,5 @@ WOLFBOOT_FIXED_PARTITIONS=1
2323

2424
WOLFHSM_CLIENT=1
2525

26-
# Uncomment the following to use wolfHSM ephemeral keys from the keystore
27-
# for image auth
28-
#WOLFHSM_CLIENT_LOCAL_KEYS=1
29-
3026
# Uncomment for verbose wolfHSM printf statements
3127
#CFLAGS_EXTRA+=-DDEBUG_CRYPTOCB -DDEBUG_CRYPTOCB_VERBOSE

config/examples/sim-wolfHSM-client-mldsa.config

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -44,9 +44,5 @@ WOLFBOOT_FIXED_PARTITIONS=1
4444

4545
WOLFHSM_CLIENT=1
4646

47-
# Uncomment the following to use public wolfHSM ephemeral keys from the keystore
48-
# for image auth
49-
#WOLFHSM_CLIENT_LOCAL_KEYS=1
50-
5147
# Uncomment for verbose wolfHSM printf statements
5248
#CFLAGS_EXTRA+=-DDEBUG_CRYPTOCB -DDEBUG_CRYPTOCB_VERBOSE
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
ARCH?=ARM
2+
TZEN?=1
3+
TARGET?=stm32h5
4+
SIGN?=ECC256
5+
HASH?=SHA256
6+
DEBUG?=0
7+
VTOR?=1
8+
CORTEX_M0?=0
9+
CORTEX_M33?=1
10+
NO_ASM?=0
11+
NO_MPU=1
12+
EXT_FLASH?=0
13+
SPI_FLASH?=0
14+
ALLOW_DOWNGRADE?=0
15+
NVM_FLASH_WRITEONCE?=1
16+
WOLFBOOT_VERSION?=1
17+
V?=0
18+
SPMATH?=1
19+
RAM_CODE?=1
20+
DUALBANK_SWAP?=0
21+
WOLFBOOT_PARTITION_SIZE?=0xA0000
22+
WOLFBOOT_SECTOR_SIZE?=0x2000
23+
WOLFBOOT_KEYVAULT_ADDRESS?=0x0C040000
24+
WOLFBOOT_KEYVAULT_SIZE?=0x1C000
25+
WOLFBOOT_NSC_ADDRESS?=0x0C05C000
26+
WOLFBOOT_NSC_SIZE?=0x4000
27+
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08060000
28+
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x0C100000
29+
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0C1A0000
30+
FLAGS_HOME=0
31+
DISABLE_BACKUP=0
32+
WOLFCRYPT_TZ=1
33+
WOLFCRYPT_TZ_PKCS11=1
34+
IMAGE_HEADER_SIZE?=1024
35+
ARMORED=1
36+
WOLFTPM=1
37+
# Exercise the pre-provisioned ST33KTPM identity keys (IAK/IDevID).
38+
# ST33 vendor support is required (wolfTPM2_SetIdentityAuth -> TPM2_GetProductInfo).
39+
CFLAGS_EXTRA+=-DWOLFTPM_ST33
40+
CFLAGS_EXTRA+=-DWOLFTPM_MFG_IDENTITY
41+
# Default precomputed mode (WOLFBOOT_TPM_MFG_AUTH_DERIVE unset): the per-device
42+
# authValue is set directly from the WOLFBOOT_TPM_MFG_AIK_AUTH/EH_AUTH macros.
43+
# Ships a 0xFF placeholder that fails TPM auth until provisioned per-device; this
44+
# config exists to build-test the precomputed branch in CI.
Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
ARCH?=ARM
2+
TZEN?=1
3+
TARGET?=stm32h5
4+
SIGN?=ECC256
5+
HASH?=SHA256
6+
DEBUG?=0
7+
VTOR?=1
8+
CORTEX_M0?=0
9+
CORTEX_M33?=1
10+
NO_ASM?=0
11+
NO_MPU=1
12+
EXT_FLASH?=0
13+
SPI_FLASH?=0
14+
ALLOW_DOWNGRADE?=0
15+
NVM_FLASH_WRITEONCE?=1
16+
WOLFBOOT_VERSION?=1
17+
V?=0
18+
SPMATH?=1
19+
RAM_CODE?=1
20+
DUALBANK_SWAP?=0
21+
WOLFBOOT_PARTITION_SIZE?=0xA0000
22+
WOLFBOOT_SECTOR_SIZE?=0x2000
23+
WOLFBOOT_KEYVAULT_ADDRESS?=0x0C040000
24+
WOLFBOOT_KEYVAULT_SIZE?=0x1C000
25+
WOLFBOOT_NSC_ADDRESS?=0x0C05C000
26+
WOLFBOOT_NSC_SIZE?=0x4000
27+
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08060000
28+
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x0C100000
29+
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0C1A0000
30+
FLAGS_HOME=0
31+
DISABLE_BACKUP=0
32+
WOLFCRYPT_TZ=1
33+
WOLFCRYPT_TZ_PKCS11=1
34+
IMAGE_HEADER_SIZE?=1024
35+
ARMORED=1
36+
WOLFTPM=1
37+
# Exercise the pre-provisioned ST33KTPM identity keys (IAK/IDevID).
38+
# ST33 vendor support is required (wolfTPM2_SetIdentityAuth -> TPM2_GetProductInfo).
39+
CFLAGS_EXTRA+=-DWOLFTPM_ST33
40+
CFLAGS_EXTRA+=-DWOLFTPM_MFG_IDENTITY
41+
# Derive the authValue on-device so the test-app works on a sample TPM. The
42+
# default precomputed mode ships a 0xFF placeholder that must be provisioned
43+
# per-device first.
44+
WOLFBOOT_TPM_MFG_AUTH_DERIVE=1

docs/TPM.md

Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,42 @@ In wolfBoot we support TPM based root of trust, sealing/unsealing, cryptographic
1717
| `WOLFBOOT_TPM_SEAL=1` | `WOLFBOOT_TPM_SEAL` | Enables support for sealing/unsealing based on PCR policy signed externally. |
1818
| `WOLFBOOT_TPM_SEAL_NV_BASE=0x01400300` | `WOLFBOOT_TPM_SEAL_NV_BASE` | To override the default sealed blob storage location in the platform hierarchy. |
1919
| `WOLFBOOT_TPM_SEAL_AUTH=secret` | `WOLFBOOT_TPM_SEAL_AUTH` | Password for sealing/unsealing secrets, if omitted the PCR policy will be used |
20+
| `WOLFBOOT_TPM_MFG_AUTH_DERIVE=1` | `WOLFBOOT_TPM_MFG_AUTH_DERIVE` | MFG identity: opt into on-device derive-from-master. The default is a precomputed per-device authValue (no master secret on device). Requires `WOLFTPM_MFG_IDENTITY`. |
21+
| (header macro) | `WOLFBOOT_TPM_MFG_AIK_AUTH` / `WOLFBOOT_TPM_MFG_EH_AUTH` | Default (precomputed) mode: the 16-byte per-device AIK / EH authValues (placeholder `0xFF` default). |
22+
| (header macro) | `WOLFBOOT_TPM_MFG_EH_MASTER` | Derive mode: override the endorsement-hierarchy master value (16-byte initializer list, sample default). |
23+
24+
## TPM manufacturing identity (IAK / IDevID authValue)
25+
26+
When `WOLFTPM_MFG_IDENTITY` is enabled, `wolfBoot_tpm2_get_aik()` and
27+
`wolfBoot_tpm2_get_timestamp()` authorize the pre-provisioned ST33KTPM identity
28+
keys. There are two ways to supply the required `authValue`:
29+
30+
- **Precomputed mode (default, recommended).** The final **per-device**
31+
`authValue` is set directly into the key handle; no master secret is present on
32+
the device. Defaults to a `0xFF` placeholder (fails TPM auth until
33+
provisioned). Per-device values are computed off-device at provisioning
34+
(`SHA-256(CPSN || master)`, low 16 bytes) and baked in via
35+
`WOLFBOOT_TPM_MFG_AIK_AUTH` / `WOLFBOOT_TPM_MFG_EH_AUTH`. When `WOLFBOOT_TPM_MFG_AUTH_DERIVE`
36+
is not enabled, the `authOverride` argument to `wolfBoot_tpm2_get_aik()` is
37+
treated as an optional override for the final AIK `authValue` (not a master secret).
38+
39+
- **Derive mode (`WOLFBOOT_TPM_MFG_AUTH_DERIVE`).** The `authValue` is computed
40+
on-device as the low 16 bytes of `SHA-256(TPM serial || master)`.
41+
The endorsement master defaults to a sample and is overridable with
42+
`WOLFBOOT_TPM_MFG_EH_MASTER`; the AIK master is passed to
43+
`wolfBoot_tpm2_get_aik()` (NULL = sample). Convenient, but the master is
44+
**shared across the whole reel/batch** — extracting it
45+
from one device's firmware lets an attacker derive the `authValue` for every
46+
sibling device.
47+
48+
The byte-array macros are header defaults (overridable via `-D` / `CFLAGS_EXTRA`);
49+
they are not plain `options.mk` variables because brace initializers contain
50+
commas. `WOLFTPM_MFG_IDENTITY` itself is supplied via `CFLAGS_EXTRA`.
51+
52+
> Note: because precomputed mode is the default and ships a `0xFF` placeholder, a
53+
> build that enables `WOLFTPM_MFG_IDENTITY` without provisioning the authValue (or
54+
> selecting `WOLFBOOT_TPM_MFG_AUTH_DERIVE`) fails TPM auth by design. The test-app
55+
> builds with `WOLFBOOT_TPM_MFG_AUTH_DERIVE` so it works on a sample TPM.
2056
2157
## Root of Trust (ROT)
2258

docs/wolfHSM.md

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -75,16 +75,12 @@ This section describes the configuration options available for wolfHSM integrati
7575

7676
This option enables wolfHSM client support in wolfBoot. Without defining this option, support for wolfHSM client mode is not compiled in.
7777

78+
In client mode, wolfBoot always uses HSM-resident public keys for firmware authentication; public keys are never baked into a local `keystore.c`. The key to verify against is referenced either by the reserved key ID defined in the HAL (`hsmKeyIdPubKey`), or, when certificate-chain verification (`WOLFBOOT_CERT_CHAIN_VERIFY`) is enabled, by the leaf key ID resolved from the verified chain.
79+
7880
### `WOLFBOOT_ENABLE_WOLFHSM_SERVER`
7981

8082
This option enables wolfHSM server support in wolfBoot. When defined, wolfBoot includes an embedded wolfHSM server that provides HSM functionality locally within the bootloader. This is mutually exclusive with `WOLFBOOT_ENABLE_WOLFHSM_CLIENT`.
8183

82-
### `WOLFBOOT_USE_WOLFHSM_PUBKEY_ID`
83-
84-
This option enables use of the reserved wolfHSM public key ID for firmware authentication, and is typically the desired behavior for using wolfHSM. When this option is defined, wolfBoot will use the reserved wolfHSM keyId defined by the HAL (`hsmKeyIdPubKey`). This option is meant to be used in conjunction with the `--nolocalkeys` keygen option, as the key material in the keystore will not be used.
85-
86-
If this option is not defined, cryptographic operations are still performed on the wolfHSM server, but wolfBoot assumes the key material is present in the keystore and NOT stored on the HSM. This means that wolfBoot will first load keys from the keystore, send the key material to the wolfHSM server at the time of use (cached as ephemeral keys), and finally evict the key from the HSM after usage. This behavior is typically only useful for debugging or testing scenarios, where the keys may not be pre-loaded onto the HSM. The keystore for use in this mode should not be generated with the `--nolocalkeys` option.
87-
8884
## HAL Implementations
8985

9086
In addition to the standard wolfBoot HAL functions, wolfHSM-enabled platforms must also implement or instantiate the following wolfHSM-specific items in the platform HAL:
@@ -127,7 +123,7 @@ The wolfBoot simulator supports using wolfHSM with all algorithms mentioned in [
127123

128124
#### wolfHSM Client Mode Build
129125

130-
To build the simulator configured to use wolfHSM client mode, ensure you build with the `WOLFHSM_CLIENT=1` makefile option. This will automatically define `WOLFBOOT_USE_WOLFHSM_PUBKEY_ID`, and requires the public key corresponding to the private key that signed the image to be pre-loaded into the HSM at the keyId specified by `hsmKeyIdPubKey` in the simulator HAL.
126+
To build the simulator configured to use wolfHSM client mode, ensure you build with the `WOLFHSM_CLIENT=1` makefile option. This requires the public key corresponding to the private key that signed the image to be pre-loaded into the HSM at the keyId specified by `hsmKeyIdPubKey` in the simulator HAL.
131127

132128
```sh
133129
# Grab the HSM client simulator configuration
@@ -175,8 +171,10 @@ Next, in a new terminal window, run the wolfHSM POSIX TCP server, loading the pu
175171
cd lib/wolfHSM/examples/posix/tcp/wh_server_tcp
176172
make WOLFSSL_DIR=../../../../../wolfssl
177173

178-
# Run the server, loading the wolfBoot public key and using the client ID and keyId matching the values declared in `hal/sim.c`)
179-
./Build/wh_server_tcp.elf --client 12 --id 255 --key ../../../../../../wolfboot_signing_private_key_pub.der &
174+
# Run the server, loading the wolfBoot public key. The client ID (--client) must
175+
# match WOLFHSM_CLIENT_ID from the build config (default 1) and the keyId (--id)
176+
# must match hsmKeyIdPubKey in `hal/sim.c` (255 / 0xFF).
177+
./Build/wh_server_tcp.elf --client 1 --id 255 --key ../../../../../../wolfboot_signing_private_key_pub.der &
180178

181179
# The server will now be waiting for connections
182180
```

hal/aurix_tc3xx.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,14 @@ static int _connectCb(void* context, whCommConnected connect);
9595
static whTransportMemClientContext tmcCtx[1] = {0};
9696
static whTransportClientCb tmcCb[1] = {WH_TRANSPORT_MEM_CLIENT_CB};
9797

98+
/* wolfHSM client ID presented to the HSM server. Defined by the build system
99+
* (WOLFHSM_CLIENT_ID in options.mk, default 1); must match the client ID the
100+
* keys are provisioned under in the whnvmtool config
101+
* (tools/scripts/tc3xx/wolfBoot-wolfHSM-keys.nvminit). */
102+
#ifndef WOLFBOOT_WOLFHSM_CLIENT_ID
103+
#error "WOLFBOOT_WOLFHSM_CLIENT_ID is not defined. Set WOLFHSM_CLIENT_ID in your .config or on the make command line."
104+
#endif
105+
98106
/* Globally exported HAL symbols */
99107
whClientContext hsmClientCtx = {0};
100108
const int hsmDevIdHash = WH_DEV_ID_DMA;
@@ -768,7 +776,7 @@ int hal_hsm_init_connect(void)
768776
.transport_cb = tmcCb,
769777
.transport_context = (void*)tmcCtx,
770778
.transport_config = (void*)tmcCfg,
771-
.client_id = 1,
779+
.client_id = WOLFBOOT_WOLFHSM_CLIENT_ID,
772780
.connect_cb = _connectCb,
773781
}};
774782

0 commit comments

Comments
 (0)