diff --git a/.gitignore b/.gitignore index bc8cbf89eb..c17c21bac0 100644 --- a/.gitignore +++ b/.gitignore @@ -61,8 +61,8 @@ src/ecc512_pub_key.c src/rsa2048_pub_key.c src/rsa4096_pub_key.c # Renesas key data files -include/key_data.c -include/key_data.h +include/key_data.* +include/enckey_data.* # keygen binaries tools/keytools/sign diff --git a/arch.mk b/arch.mk index 0ac53ceb8f..4fd1c5372f 100644 --- a/arch.mk +++ b/arch.mk @@ -458,7 +458,8 @@ ifeq ($(ARCH),RENESAS_RX) OBJS+=./lib/wolfssl/wolfcrypt/src/cryptocb.o \ ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.o \ - ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.o + ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.o \ + ./lib/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.o # RX TSIP uses pre-compiled .a library by default ifneq ($(RX_TSIP_SRC),1) diff --git a/docs/Renesas.md b/docs/Renesas.md index a2e5fd72e9..944eefa0d6 100644 --- a/docs/Renesas.md +++ b/docs/Renesas.md @@ -17,7 +17,7 @@ Platforms Supported: All of the Renesas examples support using e2Studio. The Renesas RX parts support using wolfBoot Makefile's with the rx-elf-gcc cross-compiler and example .config files. -### Security Key Management Tool (SKMT) Key Wrapping +## Security Key Management Tool (SKMT) Key Wrapping 1) Setup a Renesas KeyWrap account and do the PGP key exchange. https://dlm.renesas.com/keywrap @@ -34,12 +34,13 @@ Use GPG4Win and the Sign/Encrypt option. Sign with your own GPG key and encrypt It will use the Hidden Root Key (HRK) that both Renesas and the RX TSIP have pre-provisioned from Renesas Factory. Result is `sample.key_enc.key`. Example: `00000001 6CCB9A1C 8AA58883 B1CB02DE 6C37DA60 54FB94E2 06EAE720 4D9CCF4C 6EEB288C` -### RX TSIP +## RX TSIP 1) Build key tools for Renesas ```sh # Build keytools for Renesas RX (TSIP) +# Use RENESAS_KEY=2 for TSIP $ make keytools RENESAS_KEY=2 ``` @@ -163,8 +164,36 @@ Output image(s) successfully created. Download files to flash using Renesas flash programmer. +## RX TSIP AES Encryption (optional) -#### RX TSIP Benchmarks +Create a wrapped AES key for encrypting/decrypting the update + +Example key: `fwenc.key`: e07227e477450b1ca266078e217a3c89cbae827a7bb117ff851bc25300163575 +Note: `.config` must include `ENCRYPT=1` and `ENCRYPT_WITH_AES256=1` + +```sh +$ C:\Renesas\SecurityKeyManagementTool\cli\skmt.exe -genkey -ufpk file=./sample.key -wufpk file=./sample.key_enc.key -key file=./fwenc.key -mcu RX-TSIP -keytype AES-256 -output include/enckey_data.c -filetype csource -keyname wrap_enc_key -iv A8B14B0F5F09D73F31D4777FC0103FB4 +Output File: C:\CPG_Controls\wolfboot\include\enckey_data.h +Output File: C:\CPG_Controls\wolfboot\include\enckey_data.c +UFPK: B94A2B961C75510174F0C967ECFC20B377C7FB256DB627B1BFFADEE05EE98AC4 +W-UFPK: 000000016CCB9A1C8AA58883B1CB02DE6C37DA6054FB94E206EAE7204D9CCF4C6EEB288C +IV: A8B14B0F5F09D73F31D4777FC0103FB4 +Encrypted key: 3C39BE75E9CA5CB9D2D0BBDE111CABC894A2B13F857399B05E7B140518F35D05CD97D8DF20817CEEBA2F207CC90BAF2C + +$ C:\Renesas\SecurityKeyManagementTool\cli\skmt.exe -genkey -ufpk file=./sample.key -wufpk file=./sample.key_enc.key -key file=./fwenc.key -mcu RX-TSIP -keytype AES-256 -output fwenc.srec -filetype "mot" -address FFFF0100 -iv A8B14B0F5F09D73F31D4777FC0103FB4 +Output File: C:\CPG_Controls\wolfboot\fwenc.srec +UFPK: B94A2B961C75510174F0C967ECFC20B377C7FB256DB627B1BFFADEE05EE98AC4 +W-UFPK: 000000016CCB9A1C8AA58883B1CB02DE6C37DA6054FB94E206EAE7204D9CCF4C6EEB288C +IV: A8B14B0F5F09D73F31D4777FC0103FB4 +Encrypted key: 3C39BE75E9CA5CB9D2D0BBDE111CABC894A2B13F857399B05E7B140518F35D05CD97D8DF20817CEEBA2F207CC90BAF2C +``` + +The offset for the wrapped AES key is determined by `RENESAS_TSIP_INSTALLEDENCKEY_ADDR` and defaults to `RENESAS_TSIP_INSTALLEDKEY_ADDR` + 0x100 + +The key needed for the firmware signing tool is the 32 byte AES Key + 16 byte IV. +`echo "e07227e477450b1ca266078e217a3c89cbae827a7bb117ff851bc25300163575A8B14B0F5F09D73F31D4777FC0103FB4" | xxd -r -p - > fwkey.bin` + +### RX TSIP Benchmarks | Hardware | Clock | Algorithm | RX TSIP | Debug | Release (-Os) | Release (-O2) | | -------- | ------ | ----------------- | -------- | -------- | ------------- | ------------- | @@ -172,3 +201,16 @@ Download files to flash using Renesas flash programmer. | RX72N | 240MHz | ECDSA Verify P256 | 2.73 ms | 469 ms | 135 ms | 107 ms | | RX65N | 120MHz | ECDSA Verify P384 | 18.57 ms | 4213 ms | 2179 ms | 1831 ms | | RX65N | 120MHz | ECDSA Verify P256 | 2.95 ms | 1208 ms | 602 ms | 517 ms | + + +## RX Production Protection (recommendations) + +1) Lockdown external serial programmer `SPCC.SPE = 0` +2) Flash Access Window Setting Register (FAW) + * BTFLG: Start-up Area Select FAW.BTFLG (1=FFFF E000h to FFFF FFFFh, 0=FFFF C000h to FFFF DFFFh) + * FSPR - FAW.FSPR Access Window Protection (0=protections enabled) Once changed to 0 cannot be reset. +3) ROM Code Protection Register `ROMCODE.CODE[31:0]` + * 0000 0000h: ROM code protection enabled (ROM code protection 1) + * 0000 0001h: ROM code protection enabled (ROM code protection 2) + * Other than above: ROM code protection disabled +4) Options Trusted Memory (TM) Enable `TMEF.TMEF[2:0] = b000` - prevents reading of blocks 8 and 9 (see 59.17 Trusted Memory) - Location for keys or code that should not be read diff --git a/docs/Targets.md b/docs/Targets.md index a8db49c352..2cf3cf44dd 100644 --- a/docs/Targets.md +++ b/docs/Targets.md @@ -2453,7 +2453,7 @@ Boot header magic 0x00000000 invalid at 0x20000128 Copy sector 1 (part 1->2) Copy sector 1 (part 0->1) Copy sector 1 (part 2->0) -Erasing remainder of partitions (235 sectors)... +Erasing remainder of partition (235 sectors)... Boot partition: 0xC000 (sz 4832, ver 0x2, type 0x201) Boot header magic 0x00000000 invalid at 0x20000128 Copy sector 236 (part 0->2) @@ -2495,7 +2495,7 @@ Copy sector 1 (part 2->0) Copy sector 2 (part 1->2) Copy sector 2 (part 0->1) Copy sector 2 (part 2->0) -Erasing remainder of partitions (88 sectors)... +Erasing remainder of partition (88 sectors)... Boot partition: 0x100C000 (sz 4120, ver 0x2, type 0x202) Update partition: 0x100000 (sz 4120, ver 0x1, type 0x201) Copy sector 90 (part 0->2) diff --git a/hal/renesas-ra.c b/hal/renesas-ra.c index 4e90ff867f..ed36e57b5c 100644 --- a/hal/renesas-ra.c +++ b/hal/renesas-ra.c @@ -54,29 +54,19 @@ static inline void hal_panic(void) extern flash_ctrl_t g_flash0_ctrl; extern flash_cfg_t g_flash0_cfg; -void hal_init(void) +#if defined(WOLFBOOT_RENESAS_SCEPROTECT) && !defined(WOLFBOOT_RENESAS_APP) +static int sipInitDone = 0; +int hal_renesas_init(void) { fsp_err_t err; + uint32_t *pubkey; -#if defined(WOLFBOOT_RENESAS_SCEPROTECT) && !defined(WOLFBOOT_RENESAS_APP) - /* retrieve installed pubkey from flash */ - uint32_t *pubkey = keystore_get_buffer(0); -#endif - err = R_FLASH_HP_Close(&g_flash0_ctrl); - err = R_FLASH_HP_Open(&g_flash0_ctrl, &g_flash0_cfg); + if (sipInitDone) + return 0; - if(err != FSP_ERR_ALREADY_OPEN && err != FSP_SUCCESS){ - printf("ERROR: %d\n", err); - hal_panic(); - } + /* retrieve installed pubkey from flash */ + pubkey = keystore_get_buffer(0); - /* Setup Default Block 0 as Startup Setup Block */ - err = R_FLASH_HP_StartUpAreaSelect(&g_flash0_ctrl, FLASH_STARTUP_AREA_BLOCK0, true); - if(err != FSP_SUCCESS){ - printf("ERROR: %d\n", err); - hal_panic(); - } -#if defined(WOLFBOOT_RENESAS_SCEPROTECT) && !defined(WOLFBOOT_RENESAS_APP) err = wolfCrypt_Init(); if (err != 0) { printf("ERROR: wolfCrypt_Init %d\n", err); @@ -93,12 +83,39 @@ void hal_init(void) pkInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1; pkInfo.keyflgs_crypt.bits.message_type = 1; err = wc_CryptoCb_CryptInitRenesasCmn(NULL, &pkInfo); - if (err < 0) { printf("ERROR: wc_CryptoCb_CryptInitRenesasCmn %d\n", err); - hal_panic(); + return err; } + sipInitDone = 1; + return 0; +} +#endif +void hal_init(void) +{ + fsp_err_t err; + + err = R_FLASH_HP_Close(&g_flash0_ctrl); + err = R_FLASH_HP_Open(&g_flash0_ctrl, &g_flash0_cfg); + + if (err != FSP_ERR_ALREADY_OPEN && err != FSP_SUCCESS){ + wolfBoot_printf("ERROR: %d\n", err); + hal_panic(); + } + + /* Setup Default Block 0 as Startup Setup Block */ + err = R_FLASH_HP_StartUpAreaSelect(&g_flash0_ctrl, FLASH_STARTUP_AREA_BLOCK0, true); + if (err != FSP_SUCCESS){ + wolfBoot_printf("ERROR: %d\n", err); + hal_panic(); + } +#if defined(WOLFBOOT_RENESAS_SCEPROTECT) && !defined(WOLFBOOT_RENESAS_APP) + err = hal_renesas_init(); + if (err != 0) { + wolfBoot_printf("ERROR: hal_renesas_init %d\n", err); + hal_panic(); + } #endif } diff --git a/hal/renesas-rx.c b/hal/renesas-rx.c index 0141790388..0aa939082c 100644 --- a/hal/renesas-rx.c +++ b/hal/renesas-rx.c @@ -367,38 +367,23 @@ void hal_clk_init(void) PROTECT_ON(); /* write protect on */ } -void hal_init(void) +#if defined(WOLFBOOT_RENESAS_TSIP) && !defined(WOLFBOOT_RENESAS_APP) +static int sipInitDone = 0; +int hal_renesas_init(void) { -#if defined(WOLFBOOT_RENESAS_TSIP) && \ - !defined(WOLFBOOT_RENESAS_APP) int err; uint32_t key_type = 0; int tsip_key_type = -1; + /* This structure is generated using Renesas Security Key Management Tool + * See docs/Renesas.md */ struct enc_pub_key *encrypted_user_key_data; -#endif - -/* For CCRX, mcu_clock_setup() in resetprg.c will set up clocks. */ -#if defined(__GNUC__) - hal_clk_init(); -#endif -#ifdef ENABLE_LED - hal_led_off(); -#endif + if (sipInitDone) + return 0; -#ifdef DEBUG_UART - uart_init(); - uart_write("wolfBoot HAL Init\n", 18); -#endif - - hal_flash_init(); - -#if defined(WOLFBOOT_RENESAS_TSIP) && \ - !defined(WOLFBOOT_RENESAS_APP) err = wolfCrypt_Init(); if (err != 0) { - wolfBoot_printf("ERROR: wolfCrypt_Init %d\n", err); - hal_panic(); + return err; } /* retrive installed pubkey data from flash */ @@ -407,19 +392,19 @@ void hal_init(void) key_type = keystore_get_key_type(0); switch (key_type) { case AUTH_KEY_RSA2048: - tsip_key_type = TSIP_RSA2048; + tsip_key_type = TSIP_KEY_TYPE_RSA2048; break; case AUTH_KEY_RSA3072: - tsip_key_type = TSIP_RSA3072; + tsip_key_type = TSIP_KEY_TYPE_RSA3072; break; case AUTH_KEY_RSA4096: - tsip_key_type = TSIP_RSA4096; + tsip_key_type = TSIP_KEY_TYPE_RSA4096; break; case AUTH_KEY_ECC256: - tsip_key_type = TSIP_ECCP256; + tsip_key_type = TSIP_KEY_TYPE_ECDSAP256; break; case AUTH_KEY_ECC384: - tsip_key_type = TSIP_ECCP384; + tsip_key_type = TSIP_KEY_TYPE_ECDSAP384; break; case AUTH_KEY_ECC521: case AUTH_KEY_ED25519: @@ -430,7 +415,7 @@ void hal_init(void) } if (tsip_key_type == -1) { wolfBoot_printf("key type (%d) not supported\n", key_type); - hal_panic(); + return -1; } /* Load encrypted UFPK (User Factory Programming Key) */ @@ -447,7 +432,7 @@ void hal_init(void) sizeof(encrypted_user_key_data->encrypted_user_key), tsip_key_type) != 0) { wolfBoot_printf("ERROR tsip_use_PublicKey_buffer\n"); - hal_panic(); + return -1; } /* Init Crypt Callback */ @@ -456,9 +441,43 @@ void hal_init(void) err = wc_CryptoCb_CryptInitRenesasCmn(NULL, &pkInfo); if (err < 0) { wolfBoot_printf("ERROR: wc_CryptoCb_CryptInitRenesasCmn %d\n", err); - hal_panic(); + return -1; } + sipInitDone = 1; + return 0; +} #endif /* TSIP */ + + +void hal_init(void) +{ +#if defined(WOLFBOOT_RENESAS_TSIP) && !defined(WOLFBOOT_RENESAS_APP) + int err; +#endif + +/* For CCRX, mcu_clock_setup() in resetprg.c will set up clocks. */ +#if defined(__GNUC__) + hal_clk_init(); +#endif + +#ifdef ENABLE_LED + hal_led_off(); +#endif + +#ifdef DEBUG_UART + uart_init(); + uart_write("wolfBoot HAL Init\n", 18); +#endif + + hal_flash_init(); + +#if defined(WOLFBOOT_RENESAS_TSIP) && !defined(WOLFBOOT_RENESAS_APP) + err = hal_renesas_init(); + if (err != 0) { + wolfBoot_printf("ERROR: hal_renesas_init %d\n", err); + hal_panic(); + } +#endif } void hal_prepare_boot(void) diff --git a/hal/renesas-rz.c b/hal/renesas-rz.c index f4a3124047..4ba9089458 100644 --- a/hal/renesas-rz.c +++ b/hal/renesas-rz.c @@ -34,7 +34,7 @@ #include "wolfssl/wolfcrypt/wc_port.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h" #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h" - + FSPSM_ST pkInfo; uint8_t wrapped_public_key[RSIP_BYTE_SIZE_WRAPPED_KEY_VALUE_RSA_2048_PUBLIC]; rsip_wrapped_key_t *p_wrapped_public_key = (rsip_wrapped_key_t *) wrapped_public_key; @@ -125,20 +125,22 @@ void ext_flash_unlock(void) #endif -void hal_init(void) -{ - #if defined(WOLFBOOT_RENESAS_RSIP) && !defined(WOLFBOOT_RENESAS_APP) - +static int sipInitDone = 0; +int hal_renesas_init(void) +{ fsp_err_t err; int ret; rsa_public_t rsip_pub_key; const size_t key_size = sizeof(rsip_pub_key); - err = wolfCrypt_Init(); - if (err != 0) { - printf("ERROR: wolfCrypt_Init %d\n", err); - hal_panic(); + if (sipInitDone) + return 0; + + ret = wolfCrypt_Init(); + if (ret != 0) { + wolfBoot_printf("ERROR: wolfCrypt_Init %d\n", ret); + return ret; } /* copy the key from ext flash to RAM */ @@ -146,8 +148,8 @@ void hal_init(void) (uint8_t*)RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR, key_size); if (ret != key_size){ wolfBoot_printf("Error reading public key at %lx\n", - RENESAS_RSIP_INSTALLEDKEY_FLASH_ADDR); - hal_panic(); + RENESAS_RSIP_INSTALLEDKEY_FLASH_ADDR); + return -1; } /* import enrypted key */ XMEMCPY(&rsip_pub_key, (const void*)RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR, key_size); @@ -166,12 +168,23 @@ void hal_init(void) pkInfo.keyflgs_crypt.bits.message_type = 1; pkInfo.hash_type = RSIP_HASH_TYPE_SHA256; err = wc_CryptoCb_CryptInitRenesasCmn(NULL, &pkInfo); - if (err < 0) { wolfBoot_printf("ERROR: wc_CryptoCb_CryptInitRenesasCmn %d\n", err); - hal_panic(); + return err; } + sipInitDone = 1; + return 0; +} +#endif +void hal_init(void) +{ +#if defined(WOLFBOOT_RENESAS_RSIP) && !defined(WOLFBOOT_RENESAS_APP) + int err = hal_renesas_init(); + if (err != 0) { + printf("ERROR: hal_renesas_init %d\n", err); + hal_panic(); + } #endif } diff --git a/include/encrypt.h b/include/encrypt.h index ce1cb184ef..fc85bc3f84 100644 --- a/include/encrypt.h +++ b/include/encrypt.h @@ -27,19 +27,19 @@ #if defined(__WOLFBOOT) || defined(UNIT_TEST) #include -#include -#include +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/wolfcrypt/sha256.h" #include "target.h" #include "wolfboot/wolfboot.h" #ifdef ENCRYPT_WITH_CHACHA -#include + #include "wolfssl/wolfcrypt/chacha.h" #else -#include + #include "wolfssl/wolfcrypt/aes.h" #endif -#include +#include "wolfssl/wolfcrypt/pwdbased.h" #ifdef ENCRYPT_WITH_CHACHA @@ -65,7 +65,7 @@ int aes_init(void); void aes_set_iv(uint8_t *nonce, uint32_t address); #endif /* ENCRYPT_WITH_CHACHA */ -/* Internal read/write functions (not exported in the libwolfboot API) */ +/* external flash encryption read/write functions */ int ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, int len); int ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len); diff --git a/include/image.h b/include/image.h index 0697ab805a..f57993ad92 100644 --- a/include/image.h +++ b/include/image.h @@ -833,7 +833,6 @@ int wolfBoot_open_image_external(struct wolfBoot_image* img, uint8_t part, uint8 int wolfBoot_open_image_address(struct wolfBoot_image* img, uint8_t* image); int wolfBoot_verify_integrity(struct wolfBoot_image *img); int wolfBoot_verify_authenticity(struct wolfBoot_image *img); -int wolfBoot_get_partition_state(uint8_t part, uint8_t *st); int wolfBoot_set_partition_state(uint8_t part, uint8_t newst); int wolfBoot_get_update_sector_flag(uint16_t sector, uint8_t *flag); int wolfBoot_set_update_sector_flag(uint16_t sector, uint8_t newflag); @@ -932,6 +931,9 @@ static inline int wb_flash_write_verify_word(struct wolfBoot_image *img, #else +# define SWAP_EXT (0) +# define BOOT_EXT (0) +# define UPDATE_EXT (0) # define PART_IS_EXT(x) (0) # define PARTN_IS_EXT(x) (0) # define wb_flash_erase(im, of, siz) \ diff --git a/include/user_settings.h b/include/user_settings.h index 299bbf3baf..61b5cfab80 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -37,6 +37,8 @@ #define WOLFSSL_USER_MUTEX /* avoid wc_port.c wc_InitAndAllocMutex */ #define WOLFCRYPT_ONLY #define SIZEOF_LONG_LONG 8 +#define HAVE_EMPTY_AGGREGATES 0 +#define HAVE_ANONYMOUS_INLINE_AGGREGATES 0 /* Stdlib Types */ #define CTYPE_USER /* don't let wolfCrypt types.h include ctype.h */ @@ -111,12 +113,16 @@ extern int tolower(int c); # define FREESCALE_LTC_TFM # endif - /* Some ECC options are disabled to reduce size */ # if !defined(WOLFCRYPT_SECURE_MODE) # if !defined(WOLFBOOT_TPM) # define NO_ECC_SIGN # define NO_ECC_DHE + /* For Renesas RX do not enable the misc.c constant time code + * due to issue with 64-bit types */ +# if defined(__RX__) +# define WOLFSSL_NO_CT_OPS /* don't use constant time ops in misc.c */ +# endif # if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) # define NO_ECC_EXPORT # define NO_ECC_KEY_EXPORT @@ -499,6 +505,9 @@ extern int tolower(int c); #define WOLF_CRYPTO_CB_ONLY_ECC #define WOLF_CRYPTO_CB_ONLY_RSA #define WOLFSSL_NO_SW_MATH + #define MAX_CRYPTO_DEVID_CALLBACKS 2 + #define WC_NO_DEFAULT_DEVID + #define WOLFSSL_AES_SMALL_TABLES #ifdef WOLFBOOT_RENESAS_TSIP #define WOLFSSL_RENESAS_TSIP @@ -507,6 +516,10 @@ extern int tolower(int c); #define WOLFSSL_RENESAS_TSIP_CRYPTONLY #define NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH #define RENESAS_TSIP_INSTALLEDKEY_ADDR 0xFFFF0000 + #ifndef RENESAS_TSIP_INSTALLEDENCKEY_ADDR + #define RENESAS_TSIP_INSTALLEDENCKEY_ADDR \ + (RENESAS_TSIP_INSTALLEDKEY_ADDR + 0x100) + #endif #define ENCRYPTED_KEY_BYTE_SIZE ENC_PUB_KEY_SIZE #define RENESAS_DEVID 7890 #endif @@ -533,6 +546,7 @@ extern int tolower(int c); #ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT # define WOLF_CRYPTO_CB +# undef HAVE_ANONYMOUS_INLINE_AGGREGATES # define HAVE_ANONYMOUS_INLINE_AGGREGATES 1 # define WOLFSSL_KEY_GEN #endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT */ diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 84aa389d9e..ec5b043f0e 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -161,9 +161,23 @@ extern "C" { #if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH) +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/wolfcrypt/visibility.h" +#include "wolfssl/wolfcrypt/wc_port.h" +#include "wolfssl/wolfcrypt/types.h" + +#ifdef WOLFBOOT_RENESAS_TSIP + /* Include these before any algorithm headers */ + #include "mcu/all/r_bsp_common.h" + #include "r_bsp_config.h" + #include "r_tsip_rx_if.h" + #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h" +#endif + + /* Hashing configuration */ #if defined(WOLFBOOT_HASH_SHA256) -# include "wolfssl/wolfcrypt/sha256.h" + #include "wolfssl/wolfcrypt/sha256.h" # ifndef WOLFBOOT_SHA_BLOCK_SIZE # define WOLFBOOT_SHA_BLOCK_SIZE (256) # endif @@ -178,7 +192,7 @@ extern "C" { typedef wc_Sha256 wolfBoot_hash_t; # define HDR_HASH HDR_SHA256 #elif defined(WOLFBOOT_HASH_SHA384) -# include "wolfssl/wolfcrypt/sha512.h" + #include "wolfssl/wolfcrypt/sha512.h" # ifndef WOLFBOOT_SHA_BLOCK_SIZE # define WOLFBOOT_SHA_BLOCK_SIZE (256) # endif @@ -193,9 +207,9 @@ extern "C" { typedef wc_Sha384 wolfBoot_hash_t; # define HDR_HASH HDR_SHA384 #elif defined(WOLFBOOT_HASH_SHA3_384) -# include "wolfssl/wolfcrypt/sha3.h" + #include "wolfssl/wolfcrypt/sha3.h" # ifndef WOLFBOOT_SHA_BLOCK_SIZE -# define WOLFBOOT_SHA_BLOCK_SIZE (128) +# define WOLFBOOT_SHA_BLOCK_SIZE (256) # endif # define WOLFBOOT_SHA_HDR HDR_SHA3_384 # define WOLFBOOT_SHA_DIGEST_SIZE (48) @@ -222,7 +236,8 @@ extern "C" { #endif -#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER) || defined (UNIT_TEST_AUTH) || defined(WOLFBOOT_TPM) +#if defined(__WOLFBOOT) || defined (__FLASH_OTP_PRIMER) || \ + defined (UNIT_TEST_AUTH) || defined(WOLFBOOT_TPM) /* Authentication configuration */ #if defined(WOLFBOOT_NO_SIGN) @@ -325,6 +340,12 @@ extern "C" { #define FLASH_WORD_ERASED 0x00000000UL #endif +#ifdef __WOLFBOOT + /* include after PART_* are defined */ + /* for wolfBoot_verify_integrity and wolfBoot_verify_authenticity */ + #include "image.h" +#endif + void wolfBoot_update_trigger(void); void wolfBoot_success(void); uint32_t wolfBoot_image_size(uint8_t *image); diff --git a/options.mk b/options.mk index 41dfeff8b2..36b8253ba8 100644 --- a/options.mk +++ b/options.mk @@ -549,7 +549,10 @@ ifeq ($(ENCRYPT),1) endif ifeq ($(EXT_FLASH),1) - CFLAGS+= -D"EXT_FLASH=1" -D"PART_UPDATE_EXT=1" -D"PART_SWAP_EXT=1" + CFLAGS+= -D"EXT_FLASH=1" -D"PART_UPDATE_EXT=1" + ifeq ($(NO_SWAP_EXT),) + CFLAGS+= -D"PART_SWAP_EXT=1" + endif ifeq ($(NO_XIP),1) CFLAGS+=-D"PART_BOOT_EXT=1" endif @@ -762,9 +765,7 @@ OBJS+=$(SECURE_OBJS) # ifeq ($(RAM_CODE),1) ifeq ($(ENCRYPT),1) - ifneq ($(ENCRYPT_WITH_CHACHA),1) - LSCRIPT_IN=NONE - else + ifeq ($(ENCRYPT_WITH_CHACHA),1) LSCRIPT_IN=hal/$(TARGET)_chacha_ram.ld endif endif diff --git a/src/delta.c b/src/delta.c index 83e5ef6db3..f26f06b711 100644 --- a/src/delta.c +++ b/src/delta.c @@ -43,7 +43,7 @@ struct BLOCK_HDR_PACKED block_hdr { #define BLOCK_HDR_SIZE (sizeof (struct block_hdr)) #if defined(EXT_ENCRYPTED) && defined(__WOLFBOOT) -#include "encrypt.h" +#include "image.h" #define ext_flash_check_write ext_flash_encrypt_write #define ext_flash_check_read ext_flash_decrypt_read #elif defined(__WOLFBOOT) diff --git a/src/image.c b/src/image.c index e850a85988..2033cf2876 100644 --- a/src/image.c +++ b/src/image.c @@ -53,7 +53,7 @@ #endif /* Globals */ -static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE]; +static uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED(4); /* TPM based verify */ #if defined(WOLFBOOT_TPM) && defined(WOLFBOOT_TPM_VERIFY) @@ -748,7 +748,7 @@ uint16_t wolfBoot_get_header(struct wolfBoot_image *img, uint16_t type, } #ifdef EXT_FLASH -static uint8_t ext_hash_block[WOLFBOOT_SHA_BLOCK_SIZE]; +static uint8_t ext_hash_block[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED(4); #endif /** * @brief Get a block of data to be hashed. @@ -772,7 +772,7 @@ static uint8_t *get_sha_block(struct wolfBoot_image *img, uint32_t offset) } #ifdef EXT_FLASH -static uint8_t hdr_cpy[IMAGE_HEADER_SIZE]; +static uint8_t hdr_cpy[IMAGE_HEADER_SIZE] XALIGNED(4); static int hdr_cpy_done = 0; /** @@ -1354,7 +1354,7 @@ static int copy_flash_buffered(uintptr_t src_addr, uintptr_t dst_addr, #ifndef BUFFER_DECLARED #define BUFFER_DECLARED - static uint8_t buffer[FLASHBUFFER_SIZE]; + static uint8_t buffer[FLASHBUFFER_SIZE] XALIGNED(4); #endif #ifdef WOLFBOOT_FLASH_MULTI_SECTOR_ERASE @@ -1446,7 +1446,7 @@ static int read_flash_fwimage(struct wolfBoot_image* img, uint32_t offset, #ifdef EXT_FLASH if (PART_IS_EXT(img)) { if (ext_flash_check_read((uintptr_t)img->fw_base + offset, buffer, - size) != 0) { + size) < 0) { wolfBoot_printf( "ERROR: ext_flash_check_read failed at offset %lu, size %u\n", (unsigned long)offset, size); @@ -1474,7 +1474,7 @@ static int read_flash_addr(void* src, void* buffer, uint32_t size, int src_ext) #ifdef EXT_FLASH if (src_ext) { - if (ext_flash_check_read((uintptr_t)src, buffer, size) != 0) { + if (ext_flash_check_read((uintptr_t)src, buffer, size) < 0) { wolfBoot_printf( "ERROR: ext_flash_check_read failed at address %p, size %u\n", src, size); @@ -1500,7 +1500,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t* ctx, { uint32_t current_offset = offset; uint32_t remaining_size = size; - uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE]; /* Use local buffer */ + uint8_t read_buf[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4); /* Use local buffer */ while (remaining_size > 0) { uint32_t read_size = (remaining_size > WOLFBOOT_SHA_BLOCK_SIZE) @@ -1529,7 +1529,7 @@ static int update_hash_flash_fwimg(wolfBoot_hash_t* ctx, static int update_hash_flash_addr(wolfBoot_hash_t* ctx, uintptr_t addr, uint32_t size, int src_ext) { - uint8_t buffer[WOLFBOOT_SHA_BLOCK_SIZE]; + uint8_t buffer[WOLFBOOT_SHA_BLOCK_SIZE] XALIGNED_STACK(4); uint32_t remaining_size = size; uintptr_t current_addr = addr; @@ -1568,7 +1568,7 @@ int wolfBoot_check_flash_image_elf(uint8_t part, unsigned long* entry_out) size_t ph_size = 0; size_t current_ph_offset = 0; int64_t final_offset = -1; - uint8_t calc_digest[WOLFBOOT_SHA_DIGEST_SIZE]; + uint8_t calc_digest[WOLFBOOT_SHA_DIGEST_SIZE] XALIGNED_STACK(4); uint8_t* exp_digest; int32_t stored_sha_len; int i; @@ -1913,7 +1913,14 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) * TSIP encrypted key is installed at * RENESAS_TSIP_INSTALLEDKEY_ADDR */ + extern int hal_renesas_init(void); + int rc = hal_renesas_init(); + if (rc != 0) { + wolfBoot_printf("hal_renesas_init failed! %d\n", rc); + return rc; + } key_slot = 0; + #elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) /* Don't care about the key slot, we are using a fixed wolfHSM keyId */ diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 8b30fc5da3..01e0870646 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -64,7 +64,7 @@ #if defined(EXT_ENCRYPTED) static int encrypt_initialized = 0; -static uint8_t encrypt_iv_nonce[ENCRYPT_NONCE_SIZE]; +static uint8_t encrypt_iv_nonce[ENCRYPT_NONCE_SIZE] XALIGNED(4); #if defined(__WOLFBOOT) #include "encrypt.h" #elif !defined(XMEMSET) @@ -1335,6 +1335,14 @@ int wolfBoot_fallback_is_possible(void) #ifdef EXT_ENCRYPTED #include "encrypt.h" +#if defined(WOLFBOOT_RENESAS_TSIP) + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" + + /* Provides wrap_enc_key_t structure generated using + * Renesas Security Key Management Tool. See docs/Renesas.md */ + #include "enckey_data.h" +#endif + #if !defined(EXT_FLASH) && !defined(MMU) #error option EXT_ENCRYPTED requires EXT_FLASH or MMU mode #endif @@ -1357,20 +1365,25 @@ static uint8_t ENCRYPT_KEY[ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE]; static int RAMFUNCTION hal_set_key(const uint8_t *k, const uint8_t *nonce) { +#ifdef WOLFBOOT_RENESAS_TSIP + /* must be flashed to RENESAS_TSIP_INSTALLEDENCKEY_ADDR */ + (void)k; + (void)nonce; + return 0; +#elif defined(MMU) + XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE); + XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE); + return 0; +#else uintptr_t addr, addr_align, addr_off; int ret = 0; int sel_sec = 0; uint32_t trailer_relative_off = 4; - -#if !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) && !defined(WOLFBOOT_ENCRYPT_CACHE) +#if !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) && \ + !defined(WOLFBOOT_ENCRYPT_CACHE) uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED_STACK(32); #endif -#ifdef MMU - XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE); - XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE); - return 0; -#else addr = ENCRYPT_TMP_SECRET_OFFSET + WOLFBOOT_PARTITION_BOOT_ADDRESS; addr_align = addr & (~(WOLFBOOT_SECTOR_SIZE - 1)); addr_off = addr & (WOLFBOOT_SECTOR_SIZE - 1); @@ -1463,7 +1476,11 @@ int RAMFUNCTION wolfBoot_set_encrypt_key(const uint8_t *key, */ int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *k, uint8_t *nonce) { -#if defined(MMU) +#ifdef WOLFBOOT_RENESAS_TSIP + wrap_enc_key_t* enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR; + XMEMCPY(k, enc_key->encrypted_user_key, ENCRYPT_KEY_SIZE); + XMEMCPY(nonce, enc_key->initial_vector, ENCRYPT_NONCE_SIZE); +#elif defined(MMU) XMEMCPY(k, ENCRYPT_KEY, ENCRYPT_KEY_SIZE); XMEMCPY(nonce, ENCRYPT_KEY + ENCRYPT_KEY_SIZE, ENCRYPT_NONCE_SIZE); #else @@ -1491,7 +1508,9 @@ int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *k, uint8_t *nonce) */ int RAMFUNCTION wolfBoot_erase_encrypt_key(void) { -#if defined(MMU) +#ifdef WOLFBOOT_RENESAS_TSIP + /* nothing to erase */ +#elif defined(MMU) ForceZero(ENCRYPT_KEY, ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE); #else uint8_t ff[ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE]; @@ -1553,6 +1572,7 @@ int RAMFUNCTION chacha_init(void) #elif defined(ENCRYPT_WITH_AES128) || defined(ENCRYPT_WITH_AES256) Aes aes_dec, aes_enc; + /** * @brief Initialize AES encryption. * @@ -1564,26 +1584,37 @@ Aes aes_dec, aes_enc; */ int aes_init(void) { + int devId; + uint8_t *stored_nonce; + uint8_t *key; + uint8_t ff[ENCRYPT_KEY_SIZE]; + +#ifdef WOLFBOOT_RENESAS_TSIP + int ret; + wrap_enc_key_t* enc_key; + devId = RENESAS_DEVID + 1; + enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR; + key = enc_key->encrypted_user_key; + stored_nonce = enc_key->initial_vector; + wolfCrypt_Init(); /* required to setup the crypto callback defaults */ +#else /* non TSIP */ + devId = INVALID_DEVID; #if defined(MMU) || defined(UNIT_TEST) - uint8_t *key = ENCRYPT_KEY; + key = ENCRYPT_KEY; #else - uint8_t *key = (uint8_t *)(WOLFBOOT_PARTITION_BOOT_ADDRESS + + key = (uint8_t*)(WOLFBOOT_PARTITION_BOOT_ADDRESS + ENCRYPT_TMP_SECRET_OFFSET); #endif - uint8_t ff[ENCRYPT_KEY_SIZE]; - uint8_t iv_buf[ENCRYPT_NONCE_SIZE]; - uint8_t* stored_nonce; - #ifdef NVM_FLASH_WRITEONCE key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT); #endif - stored_nonce = key + ENCRYPT_KEY_SIZE; +#endif /* WOLFBOOT_RENESAS_TSIP */ XMEMSET(&aes_enc, 0, sizeof(aes_enc)); XMEMSET(&aes_dec, 0, sizeof(aes_dec)); - wc_AesInit(&aes_enc, NULL, 0); - wc_AesInit(&aes_dec, NULL, 0); + wc_AesInit(&aes_enc, NULL, devId); + wc_AesInit(&aes_dec, NULL, devId); /* Check against 'all 0xff' or 'all zero' cases */ XMEMSET(ff, 0xFF, ENCRYPT_KEY_SIZE); @@ -1593,12 +1624,37 @@ int aes_init(void) if (XMEMCMP(key, ff, ENCRYPT_KEY_SIZE) == 0) return -1; +#ifdef WOLFBOOT_RENESAS_TSIP + /* Unwrap key and get key index */ +#if ENCRYPT_KEY_SIZE == 32 + ret = R_TSIP_GenerateAes256KeyIndex(enc_key->wufpk, enc_key->initial_vector, + enc_key->encrypted_user_key, &aes_enc.ctx.tsip_keyIdx); +#else + ret = R_TSIP_GenerateAes128KeyIndex(enc_key->wufpk, enc_key->initial_vector, + enc_key->encrypted_user_key, &aes_enc.ctx.tsip_keyIdx); +#endif + if (ret != TSIP_SUCCESS) { + return -1; + } + /* set encryption key size */ + aes_enc.ctx.keySize = ENCRYPT_KEY_SIZE; + + /* copy TSIP ctx to decryption key */ + XMEMCPY(&aes_dec.ctx, &aes_enc.ctx, sizeof(aes_enc.ctx)); + + /* register AES crypto callback */ + wc_CryptoCb_RegisterDevice(devId, wc_tsip_AesCipher, NULL); +#endif /* WOLFBOOT_RENESAS_TSIP */ + + /* AES_ENCRYPTION is used for both directions in CTR + * IV is set later with "wc_AesSetIV" */ + wc_AesSetKeyDirect(&aes_enc, key, ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION); + wc_AesSetKeyDirect(&aes_dec, key, ENCRYPT_KEY_SIZE, NULL, AES_ENCRYPTION); + + /* Set global IV nonce used in aes_set_iv */ XMEMCPY(encrypt_iv_nonce, stored_nonce, ENCRYPT_NONCE_SIZE); - XMEMCPY(iv_buf, stored_nonce, ENCRYPT_NONCE_SIZE); - /* AES_ENCRYPTION is used for both directions in CTR */ - wc_AesSetKeyDirect(&aes_enc, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION); - wc_AesSetKeyDirect(&aes_dec, key, ENCRYPT_KEY_SIZE, iv_buf, AES_ENCRYPTION); encrypt_initialized = 1; + return 0; } @@ -1606,10 +1662,10 @@ int aes_init(void) * @brief Set the AES initialization vector (IV) for CTR mode. * * This function sets the AES initialization vector (IV) for the Counter (CTR) - * mode encryption. It takes a 12-byte nonce and a 32-bit IV counter value to + * mode encryption. It takes a 16-byte nonce and a 32-bit IV counter value to * construct the 16-byte IV used for encryption. * - * @param nonce Pointer to the 12-byte nonce (IV) buffer. + * @param nonce Pointer to the 16-byte nonce (IV) buffer. * @param iv_ctr The IV counter value. * */ @@ -1702,7 +1758,8 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, int sz = len, i, step; uint8_t part; uint32_t iv_counter = 0; -#if defined(EXT_ENCRYPTED) && !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) +#if defined(EXT_ENCRYPTED) && !defined(WOLFBOOT_SMALL_STACK) && \ + !defined(NVM_FLASH_WRITEONCE) uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED_STACK(32); #endif @@ -1779,8 +1836,8 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data, */ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len) { - uint8_t block[ENCRYPT_BLOCK_SIZE]; - uint8_t dec_block[ENCRYPT_BLOCK_SIZE]; + uint8_t block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4); + uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4); uint32_t row_address = address, row_offset, iv_counter = 0; int i; int flash_read_size; @@ -1814,9 +1871,8 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len crypto_set_iv(encrypt_iv_nonce, iv_counter); break; case PART_SWAP: - { - break; - } + break; + default: return -1; } @@ -1859,7 +1915,7 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len unaligned_trailer_size = read_remaining; if (unaligned_trailer_size > 0) { - uint8_t dec_block[ENCRYPT_BLOCK_SIZE]; + uint8_t dec_block[ENCRYPT_BLOCK_SIZE] XALIGNED_STACK(4); if (ext_flash_read(address, block, ENCRYPT_BLOCK_SIZE) != ENCRYPT_BLOCK_SIZE) return -1; diff --git a/src/update_flash.c b/src/update_flash.c index a055538f5e..c1d339014d 100644 --- a/src/update_flash.c +++ b/src/update_flash.c @@ -50,7 +50,7 @@ static volatile const uint32_t __attribute__((used)) wolfboot_version = WOLFBOOT #ifdef EXT_FLASH # ifndef BUFFER_DECLARED # define BUFFER_DECLARED -static uint8_t buffer[FLASHBUFFER_SIZE]; +static uint8_t buffer[FLASHBUFFER_SIZE] XALIGNED(4); # endif #endif @@ -153,7 +153,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, #ifdef EXT_ENCRYPTED wolfBoot_get_encrypt_key(key, nonce); - if(src->part == PART_SWAP) + if (src->part == PART_SWAP) iv_counter = dst_sector_offset; else iv_counter = src_sector_offset; @@ -166,14 +166,14 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, if (PART_IS_EXT(src)) { #ifndef BUFFER_DECLARED #define BUFFER_DECLARED - static uint8_t buffer[FLASHBUFFER_SIZE]; + static uint8_t buffer[FLASHBUFFER_SIZE] XALIGNED(4); #endif wb_flash_erase(dst, dst_sector_offset, WOLFBOOT_SECTOR_SIZE); while (pos < WOLFBOOT_SECTOR_SIZE) { if (src_sector_offset + pos < (src->fw_size + IMAGE_HEADER_SIZE + FLASHBUFFER_SIZE)) { - /* bypass decryption, copy encrypted data into swap */ - if (dst->part == PART_SWAP) { + /* bypass decryption, copy encrypted data into swap if its external */ + if (dst->part == PART_SWAP && SWAP_EXT) { ext_flash_read((uintptr_t)(src->hdr) + src_sector_offset + pos, (void *)buffer, FLASHBUFFER_SIZE); } else { @@ -202,7 +202,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, return pos; } -#ifndef DISABLE_BACKUP +#if !defined(DISABLE_BACKUP) && !defined(CUSTOM_PARTITION_TRAILER) #ifdef EXT_ENCRYPTED # define TRAILER_OFFSET_WORDS \ @@ -214,7 +214,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, /** * @brief Performs the final swap and erase operations during a secure update, * ensuring that if power is lost during the update, the process can be resumed - * on next boot. + * on next boot. Not supported with CUSTOM_PARTITION_TRAILER * * This function handles the final phase of the three-way swap update process. * It ensures that the update is atomic and power-fail safe by: @@ -341,7 +341,7 @@ static int wolfBoot_swap_and_final_erase(int resume) return 0; } -#endif +#endif /* !DISABLE_BACKUP && !CUSTOM_PARTITION_TRAILER */ #ifdef DELTA_UPDATES @@ -541,9 +541,10 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot, ext_flash_lock(); #endif hal_flash_lock(); + +#if !defined(DISABLE_BACKUP) && !defined(CUSTOM_PARTITION_TRAILER) /* start re-entrant final erase, return code is only for resumption in * wolfBoot_start */ -#ifndef DISABLE_BACKUP if (ret == 0) { wolfBoot_swap_and_final_erase(0); } @@ -777,7 +778,7 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) } } - /* Erase remainder of partitions */ + /* Erase remainder of partition */ #if defined(WOLFBOOT_FLASH_MULTI_SECTOR_ERASE) || defined(PRINTF_ENABLED) /* calculate number of remaining bytes */ /* reserve 1 sector for status (2 sectors for NV write once) */ @@ -787,7 +788,7 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) size = WOLFBOOT_PARTITION_SIZE - (sector * sector_size) - sector_size; #endif - wolfBoot_printf("Erasing remainder of partitions (%d sectors)...\n", + wolfBoot_printf("Erasing remainder of partition (%d sectors)...\n", size/sector_size); #endif @@ -817,9 +818,15 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) ext_flash_lock(); #endif hal_flash_lock(); + +#if !defined(CUSTOM_PARTITION_TRAILER) /* start re-entrant final erase, return code is only for resumption in - * wolfBoot_start*/ + * wolfBoot_start */ wolfBoot_swap_and_final_erase(0); +#else + /* Mark boot partition as TESTING - this tells bootloader to fallback if update fails */ + wolfBoot_set_partition_state(PART_BOOT, IMG_STATE_TESTING); +#endif #else /* DISABLE_BACKUP */ #ifdef WOLFBOOT_ELF_FLASH_SCATTER @@ -1033,7 +1040,7 @@ void RAMFUNCTION wolfBoot_start(void) #endif #endif -#if !defined(DISABLE_BACKUP) +#if !defined(DISABLE_BACKUP) && !defined(CUSTOM_PARTITION_TRAILER) /* resume the final erase in case the power failed before it finished */ resumedFinalErase = wolfBoot_swap_and_final_erase(1); if (resumedFinalErase != 0) diff --git a/tools/keytools/keygen.c b/tools/keytools/keygen.c index cf72042650..5e54c92518 100644 --- a/tools/keytools/keygen.c +++ b/tools/keytools/keygen.c @@ -168,8 +168,8 @@ const char Cfile_Banner[]= const char Store_hdr[] = "\n" "#if defined(__APPLE__) && defined(__MACH__)\n" "#define KEYSTORE_SECTION __attribute__((section (\"__KEYSTORE,__keystore\")))\n" - "#elif defined(__CCRX__) /* Renesas RX */\n" - "#define KEYSTORE_SECTION\n" + "#elif defined(__CCRX__) || defined(WOLFBOOT_RENESAS_RSIP) || defined(WOLFBOOT_RENESAS_TSIP) || defined(WOLFBOOT_RENESAS_SCEPROTECT)\n" + "#define KEYSTORE_SECTION /* Renesas RX */\n" "#elif defined(TARGET_x86_64_efi)\n" "#define KEYSTORE_SECTION\n" "#else\n" @@ -258,7 +258,7 @@ const char Keystore_API[] = "{\n" " if (id >= keystore_num_pubkeys())\n" " return 0;\n" - " return (int)PubKeys[id].part_id_mask;\n" + " return PubKeys[id].part_id_mask;\n" "}\n" "\n" "uint32_t keystore_get_key_type(int id)\n" diff --git a/tools/keytools/keygen.py b/tools/keytools/keygen.py old mode 100755 new mode 100644 index 8e2b63769e..46c6a0029c --- a/tools/keytools/keygen.py +++ b/tools/keytools/keygen.py @@ -172,7 +172,7 @@ def keystore_add(slot, pub, sz = 0): Keystore_API += "{\n" Keystore_API += " if (id >= keystore_num_pubkeys())\n" Keystore_API += " return -1;\n" -Keystore_API += " return (int)PubKeys[id].part_id_mask;\n" +Keystore_API += " return PubKeys[id].part_id_mask;\n" Keystore_API += "}\n\n" Keystore_API += "#endif /* Keystore public key size check */\n" Keystore_API += "#endif /* WOLFBOOT_NO_SIGN */\n"