Skip to content

Commit 8905b1e

Browse files
committed
PR review: default H5 TZ wolfHSM test to UART (bkpt opt-in), gate server AES/HMAC to TZ engine, bump wolfHSM pin to merged main
1 parent dd4ee40 commit 8905b1e

7 files changed

Lines changed: 50 additions & 49 deletions

File tree

Makefile

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,9 @@ OBJS+=$(WOLFCRYPT_OBJS)
199199
OBJS+=$(PUBLIC_KEY_OBJS)
200200
OBJS+=$(WOLFHSM_OBJS)
201201

202+
# Vendored wolfHSM sources: keep cosmetic unused-parameter warnings non-fatal
203+
$(WOLFHSM_OBJS): CFLAGS += -Wno-error=unused-parameter
204+
202205
CFLAGS+= \
203206
-I"." -I"include/" -I"$(WOLFBOOT_LIB_WOLFSSL)" \
204207
-Wno-array-bounds \

docs/wolfHSM.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -254,10 +254,10 @@ cp config/examples/stm32h5-tz-wolfhsm.config .config
254254
make
255255
```
256256

257-
For on-board hardware testing, add `WOLFBOOT_TZ_TEST_NO_BKPT=1` so the auto-test prints a UART pass/fail line and idles in `while (1)` instead of issuing `bkpt #0x7f` (which HardFaults on real silicon without a debugger):
257+
By default the auto-test prints a UART pass/fail line and idles in `while (1)`, which is safe on real silicon. For emulator or under-debugger runs that signal pass/fail via a breakpoint, add `WOLFBOOT_TZ_TEST_BKPT=1` so the auto-test issues `bkpt` instead (this HardFaults on real silicon without a debugger attached):
258258

259259
```sh
260-
make WOLFBOOT_TZ_TEST_NO_BKPT=1
260+
make WOLFBOOT_TZ_TEST_BKPT=1
261261
```
262262

263263
### Flash
@@ -283,7 +283,7 @@ wolfHSM first boot path, committing key to NVM
283283
wolfHSM NSC tests passed
284284
```
285285

286-
The default build raises `bkpt #0x7d` on first-boot success and `bkpt #0x7f` on second-boot success (after the persisted key is reloaded from flash on reset). The `WOLFBOOT_TZ_TEST_NO_BKPT=1` build prints a final `WOLFHSM_TZ_TEST_PASS` UART line instead. Reset the board (no re-flash) to verify persistence; the second boot prints `wolfHSM second boot path, restored persisted key`.
286+
The default build prints a final `WOLFHSM_TZ_TEST_PASS` UART line on success. The `WOLFBOOT_TZ_TEST_BKPT=1` build raises `bkpt #0x7d` on first-boot success and `bkpt #0x7f` on second-boot success (after the persisted key is reloaded from flash on reset) instead, for emulator and debugger runs. Reset the board (no re-flash) to verify persistence; the second boot prints `wolfHSM second boot path, restored persisted key`.
287287

288288
### Notes
289289

include/user_settings.h

Lines changed: 32 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -785,39 +785,10 @@ extern int tolower(int c);
785785
# define WOLFSSL_KEY_GEN
786786
#endif
787787

788-
/* Crypto algorithms exercised by the wolfHSM client test suite over
789-
* the NSC bridge. These are SECURE-SIDE only - the wolfHSM server
790-
* needs AES/HKDF/SHA384/512 to handle the test requests. Gated out
791-
* of the wolfHSM client build (which has NO_AES) and out of host
792-
* unit tests (UNIT_TEST), neither of which want AES dragged in. */
788+
/* Secure-side sizing common to any wolfHSM server build (TZ engine and
789+
* the verify-only cert-chain server). Gated out of host unit tests. */
793790
#if (defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) || \
794791
defined(WOLFCRYPT_TZ_WOLFHSM)) && !defined(UNIT_TEST)
795-
/* Earlier guards in this file set NO_AES and NO_HMAC for the
796-
* verify-only bootloader path. The wolfHSM server needs both AES
797-
* and HMAC (HKDF builds on HMAC), so drop them here. */
798-
# undef NO_AES
799-
# undef NO_HMAC
800-
# ifndef WOLFSSL_AES_DIRECT
801-
# define WOLFSSL_AES_DIRECT
802-
# endif
803-
# ifndef HAVE_HKDF
804-
# define HAVE_HKDF
805-
# endif
806-
# ifndef WOLFSSL_AES_COUNTER
807-
# define WOLFSSL_AES_COUNTER
808-
# endif
809-
# ifndef HAVE_AESCTR
810-
# define HAVE_AESCTR
811-
# endif
812-
# ifndef WOLFSSL_AES_GCM
813-
# define WOLFSSL_AES_GCM
814-
# endif
815-
# ifndef HAVE_AESGCM
816-
# define HAVE_AESGCM
817-
# endif
818-
# ifndef GCM_TABLE_4BIT
819-
# define GCM_TABLE_4BIT
820-
# endif
821792
/* Match NS-side WC_MAX_DIGEST_SIZE. NS test-app/wcs/user_settings.h
822793
* enables WOLFSSL_SHA3 which sets WC_MAX_DIGEST_SIZE = 64. Without
823794
* SHA384/SHA512 on the secure side, WC_MAX_DIGEST_SIZE caps at
@@ -842,6 +813,36 @@ extern int tolower(int c);
842813
# endif
843814
#endif /* WOLFBOOT_ENABLE_WOLFHSM_SERVER || WOLFCRYPT_TZ_WOLFHSM, !UNIT_TEST */
844815

816+
/* AES/HMAC/HKDF are only needed by the STM32H5 TrustZone engine, whose
817+
* non-secure client routes general crypto (AES/HMAC/HKDF) through the
818+
* secure server. The verify-only cert-chain server does not service these
819+
* requests, so it keeps the NO_AES/NO_HMAC set earlier in this file. */
820+
#if defined(WOLFCRYPT_TZ_WOLFHSM) && !defined(UNIT_TEST)
821+
# undef NO_AES
822+
# undef NO_HMAC
823+
# ifndef WOLFSSL_AES_DIRECT
824+
# define WOLFSSL_AES_DIRECT
825+
# endif
826+
# ifndef HAVE_HKDF
827+
# define HAVE_HKDF
828+
# endif
829+
# ifndef WOLFSSL_AES_COUNTER
830+
# define WOLFSSL_AES_COUNTER
831+
# endif
832+
# ifndef HAVE_AESCTR
833+
# define HAVE_AESCTR
834+
# endif
835+
# ifndef WOLFSSL_AES_GCM
836+
# define WOLFSSL_AES_GCM
837+
# endif
838+
# ifndef HAVE_AESGCM
839+
# define HAVE_AESGCM
840+
# endif
841+
# ifndef GCM_TABLE_4BIT
842+
# define GCM_TABLE_4BIT
843+
# endif
844+
#endif /* WOLFCRYPT_TZ_WOLFHSM && !UNIT_TEST */
845+
845846
#if defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) && \
846847
defined(WOLFBOOT_CERT_CHAIN_VERIFY)
847848
# define NO_TLS

lib/wolfHSM

Submodule wolfHSM updated 48 files

options.mk

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1493,10 +1493,7 @@ ifeq ($(WOLFHSM_SERVER),1)
14931493
WOLFCRYPT_OBJS += \
14941494
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o \
14951495
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/coding.o \
1496-
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o \
1497-
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o \
1498-
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/aes.o \
1499-
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_encrypt.o
1496+
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
15001497
# SHA-384/512 are used by the wolfHSM crypto handlers (HKDF, larger
15011498
# ECDSA hash sizes, etc.). Always link sha512.o except when ED25519
15021499
# is the signature algorithm, which already pulls it in.

test-app/Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -387,8 +387,8 @@ ifeq ($(TZEN),1)
387387
CFLAGS+=-DWOLFHSM_CFG_COMM_DATA_LEN=1280
388388
CFLAGS+=-DWOLFHSM_CFG_PORT_ARMV8M_TZ_NSC
389389
CFLAGS+=-DWOLFHSM_CFG_NO_SYS_TIME
390-
ifeq ($(WOLFBOOT_TZ_TEST_NO_BKPT),1)
391-
CFLAGS+=-DWOLFBOOT_TZ_TEST_NO_BKPT
390+
ifeq ($(WOLFBOOT_TZ_TEST_BKPT),1)
391+
CFLAGS+=-DWOLFBOOT_TZ_TEST_BKPT
392392
endif
393393
CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFHSM)"
394394
CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFHSM)/port/armv8m-tz"

test-app/app_stm32h5.c

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1510,21 +1510,21 @@ void main(void)
15101510

15111511
#ifdef WOLFCRYPT_TZ_WOLFHSM
15121512
ret = cmd_wolfhsm_test(NULL);
1513-
#ifdef WOLFBOOT_TZ_TEST_NO_BKPT
1513+
#ifdef WOLFBOOT_TZ_TEST_BKPT
1514+
if (ret == WOLFHSM_TEST_FIRST_BOOT_OK)
1515+
asm volatile ("bkpt #0x7d");
1516+
else if (ret == WOLFHSM_TEST_SECOND_BOOT_OK)
1517+
asm volatile ("bkpt #0x7f");
1518+
else
1519+
asm volatile ("bkpt #0x7e");
1520+
#else
15141521
if (ret == WOLFHSM_TEST_FIRST_BOOT_OK || ret == WOLFHSM_TEST_SECOND_BOOT_OK) {
15151522
printf("WOLFHSM_TZ_TEST_PASS\r\n");
15161523
while (1) { }
15171524
} else {
15181525
printf("WOLFHSM_TZ_TEST_FAIL\r\n");
15191526
while (1) { }
15201527
}
1521-
#else
1522-
if (ret == WOLFHSM_TEST_FIRST_BOOT_OK)
1523-
asm volatile ("bkpt #0x7d");
1524-
else if (ret == WOLFHSM_TEST_SECOND_BOOT_OK)
1525-
asm volatile ("bkpt #0x7f");
1526-
else
1527-
asm volatile ("bkpt #0x7e");
15281528
#endif
15291529
#endif
15301530

0 commit comments

Comments
 (0)