diff --git a/.github/workflows/footprint.yml b/.github/workflows/footprint.yml index 096c2d1e9d..247403651d 100644 --- a/.github/workflows/footprint.yml +++ b/.github/workflows/footprint.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true diff --git a/.github/workflows/test-build-kontron-vx3060-s2.yml b/.github/workflows/test-build-kontron-vx3060-s2.yml index 08e3395d5f..f9cbecbc23 100644 --- a/.github/workflows/test-build-kontron-vx3060-s2.yml +++ b/.github/workflows/test-build-kontron-vx3060-s2.yml @@ -7,7 +7,7 @@ jobs: fsp_qemu_test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true - name: install req diff --git a/.github/workflows/test-configs.yml b/.github/workflows/test-configs.yml index 2b282fe8e6..87fa2f713c 100644 --- a/.github/workflows/test-configs.yml +++ b/.github/workflows/test-configs.yml @@ -106,6 +106,13 @@ jobs: config-file: ./config/examples/kinetis-k82f.config library_test: + uses: ./.github/workflows/test-build.yml + with: + arch: host + config-file: ./config/examples/library.config + make-args: test-lib + + libwolfboot_test: uses: ./.github/workflows/test-build.yml with: arch: host diff --git a/.github/workflows/test-cppcheck.yml b/.github/workflows/test-cppcheck.yml index a641c2e3a7..2ef562b4fe 100644 --- a/.github/workflows/test-cppcheck.yml +++ b/.github/workflows/test-cppcheck.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: false diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml new file mode 100644 index 0000000000..50cc7a748f --- /dev/null +++ b/.github/workflows/test-library.yml @@ -0,0 +1,57 @@ +name: wolfBoot as Library test + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + test-lib: + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + math: [SPMATH=1 WOLFBOOT_SMALL_STACK=0, + SPMATH=1 WOLFBOOT_SMALL_STACK=1, + SPMATHALL=1 WOLFBOOT_SMALL_STACK=0, + SPMATHALL=1 WOLFBOOT_SMALL_STACK=1, + SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=0, + SPMATH=0 SPMATHALL=0 WOLFBOOT_SMALL_STACK=1] + asym: [ed25519, ecc256, ecc384, ecc521, rsa2048, rsa3072, rsa4096, ed448] + hash: [sha256, sha384, sha3] + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - name: make clean + run: | + make keysclean && make -C tools/keytools clean && rm -f include/target.h + + - name: Build test-lib + env: + ASYM: ${{ matrix.asym }} + HASH: ${{ matrix.hash }} + run: | + cp config/examples/library.config .config + make keytools + ./tools/keytools/keygen --${{ matrix.asym }} -g wolfboot_signing_private_key.der + echo "Test" > test.bin + ./tools/keytools/sign --${{ matrix.asym }} --${{ matrix.hash }} test.bin wolfboot_signing_private_key.der 1 + # Convert asym and hash to upper case + make test-lib SIGN=${ASYM^^} HASH=${HASH^^} + + - name: Run test-lib + run: | + ./test-lib test_v1_signed.bin + ./test-lib test_v1_signed.bin 2>&1 | grep "Firmware Valid" + + - name: Run test-lib (expect failure) + run: | + # Corrupt signed binary + truncate -s -1 test_v1_signed.bin + echo "A" >> test_v1_signed.bin + ./test-lib test_v1_signed.bin + ./test-lib test_v1_signed.bin 2>&1 | grep "Failure" diff --git a/.github/workflows/test-renode-fastmath.yml b/.github/workflows/test-renode-fastmath.yml index 60e034dc6f..a5f72f8680 100644 --- a/.github/workflows/test-renode-fastmath.yml +++ b/.github/workflows/test-renode-fastmath.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true diff --git a/.github/workflows/test-units.yml b/.github/workflows/test-units.yml index f951595b17..bde71c23de 100644 --- a/.github/workflows/test-units.yml +++ b/.github/workflows/test-units.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true diff --git a/.github/workflows/test-wolfhsm-simulator.yml b/.github/workflows/test-wolfhsm-simulator.yml index 0df3f97a2d..6cee7367d3 100644 --- a/.github/workflows/test-wolfhsm-simulator.yml +++ b/.github/workflows/test-wolfhsm-simulator.yml @@ -53,6 +53,8 @@ jobs: uses: actions/checkout@v4 with: repository: wolfssl/wolfHSM-examples + # Make sure to update this when the wolfHSM submodule is updated! + ref: wolfHSM-v1.1.0 path: wolfHSM-examples - name: Build example POSIX TCP server diff --git a/.github/workflows/test-x86-fsp-qemu.yml b/.github/workflows/test-x86-fsp-qemu.yml index 6465c02eb1..024458591f 100644 --- a/.github/workflows/test-x86-fsp-qemu.yml +++ b/.github/workflows/test-x86-fsp-qemu.yml @@ -7,7 +7,7 @@ jobs: fsp_qemu_test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 with: submodules: true - name: install req diff --git a/.gitignore b/.gitignore index 0da8e1b290..a498d9c9ef 100644 --- a/.gitignore +++ b/.gitignore @@ -116,8 +116,9 @@ tools/tpm/pcr_extend tools/tpm/policy_create tools/tpm/policy_sign config/*.ld +test-lib -# Generated confiuguration file +# Generated configuration file .config .vs *.filters @@ -144,7 +145,7 @@ hal/x86_fsp_qemu_stage1.ld debug/lauterbach -#cland cache +#clangd cache .cache/* #gcov files diff --git a/IDE/XilinxSDK/README.md b/IDE/XilinxSDK/README.md index 7bb11eda83..97345bb8ab 100644 --- a/IDE/XilinxSDK/README.md +++ b/IDE/XilinxSDK/README.md @@ -28,6 +28,7 @@ A build settings template for Zynq UltraScale+ can be found here `./config/examp ```sh $ cp ./config/examples/zynqmp.config .config $ make keytools +$ make wolfboot.elf ``` These template settings are also in this `.cproject` as preprocessor macros. These settings are loaded into the `target.h.in` template by the wolfBoot `make`. If not using the built-in make then the following defines will need to be manually created in `target.h`: @@ -201,33 +202,34 @@ Successfully ran Hello World application ### Adding RSA Authentication -1. Generate keys: +1. Update boot.bif (see boot_auth.bif) + + ``` +[auth_params] ppk_select=0; spk_id=0x00000000 +[pskfile] pskf.pem +[sskfile] sskf.pem +authentication=rsa + ``` + +2. Generate keys: * `bootgen.exe -generate_keys auth pem -arch zynqmp -image boot_auth.bif` -2. Create hash for primary key: +3. Create hash for primary key: * `bootgen.exe -image boot_auth.bif -arch zynqmp -w -o i BOOT.BIN -efuseppkbits ppkf_hash.txt` -3. Import example project for programming eFuses: +4. Import example project for programming eFuses: * New BSP project (program efuses , ZCU102_hw_platform, standalone, CPU: PSU_cortexa53_0) * Goto Xilinx Board Support Packet Settings. * Scroll down to Supported Libraries and Check the xiskey library * In the system.mss pane, scroll down to Libraries and click Import Examples. * Check the xilskey_esfuseps_zynqmp_example -4. Edit `xilskey_efuseps_zynqmp_input.h` +5. Edit `xilskey_efuseps_zynqmp_input.h` * 433 `#define XSK_EFUSEPS_WRITE_PPK0_HASH TRUE` * 453 `#define XSK_EFUSEPS_PPK0_IS_SHA3 TRUE` * 454 `#define XSK_EFUSEPS_PPK0_HASH "0000000000000000000000000000000000000000000000000000000000000000" /* from ppkf_hash.txt */` -5. Update boot.bif (see boot_auth.bif) - - ``` - [auth_params] ppk_select=0; spk_id=0x00000000 - [pskfile] pskf.pem - [sskfile] sskf.pem - authentication=rsa - ``` 6. Build “boot.bin” image: * `bootgen -image boot_auth.bif -arch zynqmp -o i BOOT.BIN -w` -Note: During testing add `[fsbl_config] bh_auth_enable` to allow skipping of the eFuse check of the PPK hash. In production the RSA_EN eFuses must be blown to force checking of the PPK hash. +Note: During testing add `[fsbl_config] bh_auth_enable` to allow skipping of the eFuse check of the PPK hash. In production the `RSA_EN` eFuses must be blown to force checking of the PPK hash. Note: To generate a report of a boot.bin use the `bootgen_utility` or after 2022.1 use `bootgen -read`: `bootgen -arch zynqmp -read BOOT.BIN` diff --git a/Makefile b/Makefile index 525ecbfc17..1a71db3691 100644 --- a/Makefile +++ b/Makefile @@ -34,8 +34,11 @@ OBJS:= \ ./src/string.o \ ./src/image.o \ ./src/libwolfboot.o \ - ./hal/hal.o \ - ./hal/$(TARGET).o + ./hal/hal.o + +ifneq ($(TARGET),library) + OBJS+=./hal/$(TARGET).o +endif ifeq ($(SIGN),NONE) PRIVATE_KEY= @@ -126,7 +129,7 @@ endif ifeq ($(TARGET),library) CFLAGS+=-g - MAIN_TARGET:=test-lib + MAIN_TARGET:=libwolfboot.a endif ifeq ($(TARGET),raspi3) @@ -171,8 +174,13 @@ stage1/loader_stage1.bin: FORCE @echo "\t[BIN] $@" $(Q)$(MAKE) -C $(dir $@) $(notdir $@) -test-lib: include/target.h $(OBJS) - $(Q)$(CC) $(CFLAGS) -o $@ $(OBJS) +libwolfboot.a: include/target.h $(OBJS) + @echo "\t[LIB] $@" + $(Q)$(AR) rcs $@ $(OBJS) + +test-lib: libwolfboot.a hal/library.o + @echo "\t[BIN] $@" + $(Q)$(CC) $(CFLAGS) -o $@ hal/library.o libwolfboot.a wolfboot.efi: wolfboot.elf @echo "\t[BIN] $@" @@ -193,7 +201,6 @@ wolfboot.bin: wolfboot.elf $(Q)$(SIZE) wolfboot.elf @echo - test-app/image.bin: wolfboot.elf $(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" $(Q)$(SIZE) test-app/image.elf @@ -377,7 +384,7 @@ distclean: clean keysclean utilsclean $(Q)rm -f *.bin *.elf include/target.h: $(TARGET_H_TEMPLATE) FORCE - @cat $(TARGET_H_TEMPLATE) | \ + $(Q)cat $(TARGET_H_TEMPLATE) | \ sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \ sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \ sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \ @@ -445,16 +452,16 @@ tools/keytools/otp/otp-keystore-primer.bin: FORCE secondary: $(SECONDARY_PRIVATE_KEY) %.o:%.c - @echo "\t[CC-$(ARCH)] $@" + @echo "\t[CC $(ARCH)] $@" $(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^ %.o:%.S - @echo "\t[AS-$(ARCH)] $@" + @echo "\t[AS $(ARCH)] $@" $(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^ src/x86/fsp_s.o: $(FSP_S_BIN) $(OBJCOPY) -I binary -O elf64-x86-64 -B i386 --rename-section .data=.fsp_s $^ $@ - + pico-sdk-info: FORCE @echo "To complete the build, check IDE/pico-sdk/rp2350" diff --git a/arch.mk b/arch.mk index 54d0d513bd..328a122263 100644 --- a/arch.mk +++ b/arch.mk @@ -410,6 +410,7 @@ ifeq ($(ARCH),RENESAS_RX) # Must use LD directly (gcc link calls LD with sysroot and is not supported) LD=$(CROSS_COMPILE)ld AS=$(CROSS_COMPILE)gcc + AR=$(CROSS_COMPILE)ar OBJCOPY?=$(CROSS_COMPILE)objcopy SIZE=$(CROSS_COMPILE)size @@ -460,7 +461,7 @@ ifeq ($(ARCH),RENESAS_RX) ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.o # RX TSIP uses pre-compiled .a library by default - ifeq ($(RX_TSIP_SRC),) + ifneq ($(RX_TSIP_SRC),1) ifeq ($(TARGET),rx65n) ifeq ($(BIG_ENDIAN),1) LIBS+=$(RX_DRIVER_PATH)/r_tsip_rx/lib/gcc/libr_tsip_rx65n_big.a @@ -489,38 +490,13 @@ ifeq ($(ARCH),RENESAS_RX) $(RX_TSIP_SRC_PATH)/r_tsip_aes_rx.o \ $(RX_TSIP_SRC_PATH)/r_tsip_hash_rx.o \ $(RX_TSIP_SRC_PATH)/r_tsip_ecc_rx.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_pfa.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_pfb.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_pf1.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_pf5.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_pf6.o \ $(RX_TSIP_SRC_PATH)/ip/s_flash.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p00.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p01.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p02.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p23.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p26.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p72.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_subprc01.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_subprc02.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function004.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function005.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function006.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function009.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function010.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function011.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function023.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function027.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function028.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function050.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function051.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function052.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function053.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function054.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function100.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function101.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function102.o \ - $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function103.o + $(patsubst %.c,%.o,$(wildcard $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_p*.c)) \ + $(patsubst %.c,%.o,$(wildcard $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_subprc*.c)) \ + $(patsubst %.c,%.o,$(wildcard $(RX_TSIP_SRC_PATH)/ip/r_tsip_rx_function*.c)) + + # Ignore sign compare warnings in TSIP RX driver + CFLAGS+=-Wno-error=sign-compare endif OBJS+=$(RX_DRIVER_PATH)/r_bsp/mcu/all/r_bsp_cpu.o \ @@ -872,6 +848,7 @@ ifeq ($(TARGET),ti_hercules) CC=$(CROSS_COMPILE)armcl LD=$(CROSS_COMPILE)armcl AS=$(CROSS_COMPILE)armasm + AR=$(CROSS_COMPILE)armcl -ar OBJCOPY=$(CROSS_COMPILE)armobjcopy SIZE=$(CROSS_COMPILE)armsize OUTPUT_FLAG=--output_file @@ -972,6 +949,7 @@ ifeq ($(USE_GCC),1) CC=$(CROSS_COMPILE)gcc LD=$(CROSS_COMPILE)gcc AS=$(CROSS_COMPILE)gcc + AR=$(CROSS_COMPILE)ar OBJCOPY?=$(CROSS_COMPILE)objcopy SIZE=$(CROSS_COMPILE)size endif @@ -1117,10 +1095,12 @@ ifeq ($(TARGET),x86_64_efi) UPDATE_OBJS:=src/update_ram.o endif -ifeq ($(TARGET),sim) +ifeq ($(ARCH),sim) USE_GCC_HEADLESS=0 LD = gcc - UPDATE_OBJS:=src/update_flash.o + ifneq ($(TARGET),library) + UPDATE_OBJS:=src/update_flash.o + endif LD_START_GROUP= LD_END_GROUP= BOOT_IMG=test-app/image.elf @@ -1155,11 +1135,18 @@ else UPDATE_OBJS:=src/update_flash_hwswap.o endif endif -# Set default update object (if not library) -ifneq ($(TARGET),library) -ifeq ($(UPDATE_OBJS),) - UPDATE_OBJS:=./src/update_flash.o + +## For library target disable partitions +ifeq ($(TARGET),library) + WOLFBOOT_NO_PARTITIONS=1 + NO_LOADER=1 endif + +## Set default update object +ifneq ($(WOLFBOOT_NO_PARTITIONS),1) + ifeq ($(UPDATE_OBJS),) + UPDATE_OBJS:=./src/update_flash.o + endif endif ## wolfBoot origin diff --git a/config/examples/library.config b/config/examples/library.config index 5e20bfffed..72cf091df4 100644 --- a/config/examples/library.config +++ b/config/examples/library.config @@ -1,14 +1,19 @@ -ARCH= -NO_LOADER=1 -USE_GCC_HEADLESS=0 +ARCH=sim TARGET=library -WOLFBOOT_SMALL_STACK=1 + SIGN?=ED25519 HASH?=SHA256 IMAGE_HEADER_SIZE?=256 DEBUG=0 -SPMATH=0 +SPMATH?=0 +SPMATHALL?=0 + +# Required for library (libwolfboot.a) +NO_LOADER=1 WOLFBOOT_NO_PARTITIONS=1 +USE_GCC_HEADLESS=0 + +WOLFBOOT_SMALL_STACK?=1 # Required to build keytools WOLFBOOT_SECTOR_SIZE=0x1000 diff --git a/docs/Targets.md b/docs/Targets.md index 0a50cd9c40..a8db49c352 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -2614,24 +2614,22 @@ Note: This also works on Mac OS, but `objcopy` does not exist. Install with `bre See instructions in [IDE/pico-sdk/rp2350/README.md](/IDE/pico-sdk/rp2350/README.md) + ## Renesas RX65N Tested on the: -* RX65N-2MB-Starter-Kit-Plus +* RX65N-2MB-Starter-Kit-Plus (RSK+) * RX65N Target Board (RTK5RX65N0C00000BR) (includes onboard E2 Lite emulator) -Both include an E2 Lite Emulator. - ### Renesas Console Console output is supported with `DEBUG_UART=1`. -RSK+: +* RSK+: This board includes a USB to Serial port that uses SCI8 and PJ1/PJ2. This is the wolfBoot HAL default for RX65N. -RX65N target board: - +* RX65N target board: Can route UART Serial output to PC3 via PMOD1-IO0 at Pin 9. This requires an external TTL UART to USB adapter. You will need to set `CFLAGS_EXTRA+="-DDEBUG_UART_SCI=3"` in .config. @@ -2689,7 +2687,12 @@ Default Onboard Flash Memory Layout (2MB) (32KB sector): ### Renesas Data Endianess -To switch RX parts to big endian data use: +To switch RX parts to big endian data use the Renesas Flashing Tool: + +Download the Renesas Flashing Tool: https://www.renesas.com/us/en/software-tool/renesas-flash-programmer-programming-gui +Download the Renesas E2 Lite Linux Driver: https://www.renesas.com/us/en/document/swo/e2-emulator-e2-emulator-lite-linux-driver?r=488806 + +Default location on Windows: `C:\Program Files (x86)\Renesas Electronics\Programming Tools\Renesas Flash Programmer V3.14`. ```sh # Big Endian @@ -2724,9 +2727,6 @@ TSIP: To enable TSIP use `make PKA=1`. See [docs/Renesas.md](docs/Renesas.md) fo ### Flashing Renesas RX65N -Download the Renesas Flashing Tool: https://www.renesas.com/us/en/software-tool/renesas-flash-programmer-programming-gui -Download the Renesas E2 Lite Linux Driver: https://www.renesas.com/us/en/document/swo/e2-emulator-e2-emulator-lite-linux-driver?r=488806 - Default Flash ID Code: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Flash Using: diff --git a/hal/library.c b/hal/library.c index 1835b5cc8e..8cfb4e71ad 100644 --- a/hal/library.c +++ b/hal/library.c @@ -41,6 +41,11 @@ #include "image.h" #include "printf.h" +/* force off NO_FILESYSTEM coming from include/user_settings.h */ +#ifdef PRINTF_ENABLED + #undef NO_FILESYSTEM +#endif + /* HAL Stubs */ void hal_init(void) { @@ -152,8 +157,12 @@ int main(int argc, const char* argv[]) gImage = (uintptr_t)test_img; #else if (argc > 1) { - size_t sz = 0; + size_t sz = 0, bread; FILE* img = fopen(argv[1], "rb"); + if (img == NULL) { + wolfBoot_printf("failed to open %s!\n", argv[1]); + return -3; + } fseek(img, 0, SEEK_END); sz = ftell(img); fseek(img, 0, SEEK_SET); @@ -164,7 +173,7 @@ int main(int argc, const char* argv[]) ret = -1; } - size_t bread = fread((void*)gImage, 1, sz, img); + bread = fread((void*)gImage, 1, sz, img); if (bread != sz) { ret = -2; wolfBoot_printf("read %zu of %zu bytes from %s\n", bread, sz, argv[1]); @@ -172,14 +181,16 @@ int main(int argc, const char* argv[]) fclose(img); } else { wolfBoot_printf("usage: %s image_file.bin\n", argv[0]); - return 255; + ret = 255; } #endif - - ret = wolfBoot_start(); + if (ret == 0) { + ret = wolfBoot_start(); + } #ifndef NO_FILESYSTEM - free((void*)gImage); + if ((void*)gImage != NULL) + free((void*)gImage); #endif return ret; } diff --git a/hal/renesas-rx.c b/hal/renesas-rx.c index 35e8a5a799..0141790388 100644 --- a/hal/renesas-rx.c +++ b/hal/renesas-rx.c @@ -81,13 +81,14 @@ void hal_led_on(void) PORT_PODR(4) &= ~(1 << 0); /* low */ #endif } + void hal_led_off(void) { -#ifdef TARGET_rx65n +#if defined(TARGET_rx65n) /* RX65N RSK+ LED0 P73 */ PORT_PDR(7) |= (1 << 3); /* output */ PORT_PODR(7) |= (1 << 3); /* high */ -#else +#elif defined(TARGET_rx72n) /* RX72N Envision USR LED P40 */ PORT_PDR(4) |= (1 << 0); /* output */ PORT_PODR(4) |= (1 << 0); /* high */ @@ -377,7 +378,7 @@ void hal_init(void) #endif /* For CCRX, mcu_clock_setup() in resetprg.c will set up clocks. */ -#if defined(_GNUC_) +#if defined(__GNUC__) hal_clk_init(); #endif @@ -620,6 +621,7 @@ void RAMFUNCTION hal_flash_lock(void) return; } +#if !defined(WOLFBOOT_NO_PARTITIONS) && !defined(TARGET_library) void* hal_get_primary_address(void) { return (void*)WOLFBOOT_PARTITION_BOOT_ADDRESS; @@ -629,3 +631,4 @@ void* hal_get_update_address(void) { return (void*)WOLFBOOT_PARTITION_UPDATE_ADDRESS; } +#endif diff --git a/include/image.h b/include/image.h index c2f4483905..22e4f6d879 100644 --- a/include/image.h +++ b/include/image.h @@ -940,8 +940,9 @@ static inline int wb_flash_write_verify_word(struct wolfBoot_image *img, #define UBOOT_IMG_HDR_SZ 64 /* --- Flattened Device Tree Blob */ +#ifdef MMU #include "fdt.h" - +#endif #ifndef EXT_ENCRYPTED #define WOLFBOOT_MAX_SPACE (WOLFBOOT_PARTITION_SIZE - \ diff --git a/include/user_settings.h b/include/user_settings.h index b921e93ee9..10d2c8b705 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -215,12 +215,14 @@ extern int tolower(int c); # endif # if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) # define FP_MAX_BITS (2048 * 2) +# define SP_INT_BITS 2048 # define WOLFSSL_SP_NO_3072 # define WOLFSSL_SP_NO_4096 # define WOLFSSL_SP_2048 # endif # if defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) # define FP_MAX_BITS (3072 * 2) +# define SP_INT_BITS 3072 # define WOLFSSL_SP_NO_2048 # define WOLFSSL_SP_NO_4096 # define WOLFSSL_SP_3072 @@ -228,6 +230,7 @@ extern int tolower(int c); # if defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) # define FP_MAX_BITS (4096 * 2) +# define SP_INT_BITS 4096 # define WOLFSSL_SP_NO_2048 # define WOLFSSL_SP_NO_3072 # define WOLFSSL_SP_4096 @@ -235,6 +238,7 @@ extern int tolower(int c); # ifdef WOLFCRYPT_SECURE_MODE # undef FP_MAX_BITS # define FP_MAX_BITS (4096 * 2) +# define SP_INT_BITS 4096 # define WOLFSSL_SP_2048 # define WOLFSSL_SP_3072 # define WOLFSSL_SP_4096 @@ -468,7 +472,7 @@ extern int tolower(int c); #endif #ifndef WOLFBOOT_SMALL_STACK -# ifdef WOLFSSL_SP_MATH +# if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) # define WOLFSSL_SP_NO_MALLOC # define WOLFSSL_SP_NO_DYN_STACK # endif diff --git a/src/update_ram.c b/src/update_ram.c index b5cef82cf8..6237d72069 100644 --- a/src/update_ram.c +++ b/src/update_ram.c @@ -29,6 +29,9 @@ #include "printf.h" #include "wolfboot/wolfboot.h" #include +#ifdef WOLFBOOT_TPM +#include "tpm.h" +#endif #ifdef WOLFBOOT_ELF #include "elf.h" #endif diff --git a/src/xmalloc.c b/src/xmalloc.c index b36f157a89..730615fa9c 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -1,4 +1,3 @@ - /* xmalloc.c * * Fixed-pool implementation of malloc/free for wolfBoot @@ -35,13 +34,12 @@ #endif #include "target.h" +#ifdef WOLFBOOT_SMALL_STACK #ifdef WOLFBOOT_DEBUG_MALLOC #include #endif - - struct xmalloc_slot { uint8_t *addr; uint32_t size; @@ -322,8 +320,6 @@ static uint8_t asncheck_buf[ASNCHECK_BUF_SIZE]; #define MPDIGIT_BUF1_SIZE (MP_DIGIT_SIZE * (106 * 4 + 3)) static uint8_t mp_digit_buf1[MPDIGIT_BUF1_SIZE]; #endif - - #else #define MP_SCHEME "SP RSA4096" #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM @@ -346,7 +342,7 @@ static uint8_t asncheck_buf[ASNCHECK_BUF_SIZE]; #endif { NULL, 0, 0} }; -#else /* FAST MATH */ +#else /* Old tom's Fast math (tfm.c) */ #define MP_SCHEME "TFM RSA" #define MP_INT_TYPE_SIZE (sizeof(mp_int)) #define MP_MONT_REDUCE_BUF_SIZE (sizeof(fp_digit)*(FP_SIZE + 1)) @@ -409,6 +405,7 @@ void* XMALLOC(size_t n, void* heap, int type) static int detect_init = 0; if (detect_init++ == 0) { printf("MP_SCHEME %s\n", MP_SCHEME); + printf("MP_DIGIT %d\n", (int)MP_DIGIT_SIZE); dump_pool(); } printf("MALLOC: Type %d, Size %zd", type, n); @@ -450,3 +447,5 @@ void XFREE(void *ptr, void *heap, int type) (void)heap; (void)type; } + +#endif /* WOLFBOOT_SMALL_STACK */ diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c index 986325193b..cf72042650 100644 --- a/tools/keytools/keygen.c +++ b/tools/keytools/keygen.c @@ -519,8 +519,8 @@ void keystore_add(uint32_t ktype, uint8_t *key, uint32_t sz, const char *keyfile sl.pubkey_size = get_pubkey_size(ktype); if (sl.pubkey_size > sizeof(sl.pubkey)){ - printf("error: %s pubkey larger than keystore: %d > %zu\n", - KName[ktype], sl.pubkey_size, sizeof(sl.pubkey)); + printf("error: %s pubkey larger than keystore: %d > %d\n", + KName[ktype], sl.pubkey_size, (int)sizeof(sl.pubkey)); exit(1); } @@ -844,7 +844,7 @@ static void keygen_lms(const char *priv_fname, uint32_t id_mask) if (pub_len != sizeof(lms_pub)) { fprintf(stderr, "error: wc_LmsKey_ExportPubRaw returned pub_len=%d\n" \ - ", expected %zu\n", pub_len, sizeof(lms_pub)); + ", expected %d\n", pub_len, (int)sizeof(lms_pub)); exit(1); } @@ -943,7 +943,7 @@ static void keygen_xmss(const char *priv_fname, uint32_t id_mask) if (pub_len != sizeof(xmss_pub)) { fprintf(stderr, "error: wc_XmssKey_ExportPubRaw returned pub_len=%d\n" \ - ", expected %zu\n", pub_len, sizeof(xmss_pub)); + ", expected %d\n", pub_len, (int)sizeof(xmss_pub)); exit(1); } diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 04a201d715..d7d570d2e3 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -64,7 +64,7 @@ static inline int fp_truncate(FILE *f, size_t len) if (f == NULL) return -1; fd = _fileno(f); - return _chsize_s(fd, len); + return _chsize(fd, len); } #else #define HAVE_MMAP 1 diff --git a/tools/lms/lms_common.h b/tools/lms/lms_common.h index ba7ba35bc7..7e70014d53 100644 --- a/tools/lms/lms_common.h +++ b/tools/lms/lms_common.h @@ -56,8 +56,8 @@ static int lms_write_key(const byte * priv, word32 privSz, void * context) n_write = fwrite(priv, 1, privSz, file); if (n_write != privSz) { - fprintf(stderr, "error: wrote %zu, expected %d: %d\n", n_write, privSz, - ferror(file)); + fprintf(stderr, "error: wrote %d, expected %d: %d\n", + (int)n_write, privSz, ferror(file)); return WC_LMS_RC_WRITE_FAIL; } @@ -80,8 +80,8 @@ static int lms_write_key(const byte * priv, word32 privSz, void * context) n_read = fread(buff, 1, n_write, file); if (n_read != n_write) { - fprintf(stderr, "error: read %zu, expected %zu: %d\n", n_read, n_write, - ferror(file)); + fprintf(stderr, "error: read %d, expected %d: %d\n", + (int)n_read, (int)n_write, ferror(file)); return WC_LMS_RC_WRITE_FAIL; } @@ -122,8 +122,8 @@ static int lms_read_key(byte * priv, word32 privSz, void * context) n_read = fread(priv, 1, privSz, file); if (n_read != privSz) { - fprintf(stderr, "error: read %zu, expected %d: %d\n", n_read, privSz, - ferror(file)); + fprintf(stderr, "error: read %d, expected %d: %d\n", + (int)n_read, privSz, ferror(file)); return WC_LMS_RC_READ_FAIL; } diff --git a/tools/xmss/xmss_common.h b/tools/xmss/xmss_common.h index 66e8a30501..62ec3a27c9 100644 --- a/tools/xmss/xmss_common.h +++ b/tools/xmss/xmss_common.h @@ -56,8 +56,8 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co n_write = fwrite(priv, 1, privSz, file); if (n_write != privSz) { - fprintf(stderr, "error: wrote %zu, expected %d: %d\n", n_write, privSz, - ferror(file)); + fprintf(stderr, "error: wrote %d, expected %d: %d\n", + (int)n_write, privSz, ferror(file)); return WC_XMSS_RC_WRITE_FAIL; } @@ -86,8 +86,8 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co n_read = fread(buff, 1, n_write, file); if (n_read != n_write) { - fprintf(stderr, "error: read %zu, expected %zu: %d\n", n_read, n_write, - ferror(file)); + fprintf(stderr, "error: read %d, expected %d: %d\n", + (int)n_read, (int)n_write, ferror(file)); free(buff); return WC_XMSS_RC_WRITE_FAIL; } @@ -132,8 +132,8 @@ static enum wc_XmssRc xmss_read_key(byte * priv, word32 privSz, void * context) n_read = fread(priv, 1, privSz, file); if (n_read != privSz) { - fprintf(stderr, "error: read %zu, expected %d: %d\n", n_read, privSz, - ferror(file)); + fprintf(stderr, "error: read %d, expected %d: %d\n", + (int)n_read, privSz, ferror(file)); return WC_XMSS_RC_READ_FAIL; }