Fix simulator to not just while(1) on panic, which causes CI to spin/…

…timeout (instead exit with error). Fix ROT logic and make sure read error code gets passed up stack.
wolfSSL · Sep 8, 2023 · 27ae089 · 27ae089
1 parent 8532b1f
commit 27ae089
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 25 deletions.
diff --git a/.github/workflows/test-build-sim-tpm.yml b/.github/workflows/test-build-sim-tpm.yml
@@ -53,14 +53,9 @@ jobs:
         run: |
           make -C tools/keytools && make -C tools/bin-assemble
 
-      # needed for tpm tools
-      - name: Build keystore.c
-        run: |
-          make keys ${{inputs.make-args}}
-
       - name: Build TPM tools
         run: |
-          make tpmtools
+          make tpmtools ${{inputs.make-args}}
 
       - name: Write TPM ROT to TPM
         run: |

diff --git a/.github/workflows/test-tpm.yml b/.github/workflows/test-tpm.yml
@@ -107,5 +107,6 @@ jobs:
     with:
       arch: host
       config-file: ./config/examples/sim-tpm-seal.config
-      make-args: SIGN=RSA2048ENC HASH=SHA256 POLICY_FILE=policy.bin
+      # use larger image header size for two 2048-bit signatures
+      make-args: SIGN=RSA2048ENC HASH=SHA256 POLICY_FILE=policy.bin IMAGE_HEADER_SIZE=1024
       authstr: TestAuth
diff --git a/Makefile b/Makefile
@@ -167,7 +167,7 @@ keytools:
 	@$(MAKE) -C tools/keytools -s clean
 	@$(MAKE) -C tools/keytools -j
 
-tpmtools:
+tpmtools: keys
 	@echo "Building TPM tools"
 	@$(MAKE) -C tools/tpm -s clean
 	@$(MAKE) -C tools/tpm -j

diff --git a/include/loader.h b/include/loader.h
@@ -83,6 +83,12 @@ void wolfBoot_start(void);
     asm volatile("b .-6"); \
     asm volatile("b .-8");
 
+#elif defined(ARCH_SIM)
+#include <stdlib.h>
+static inline void wolfBoot_panic(void)
+{
+    exit(1);
+}
 #else
 static inline void wolfBoot_panic(void)
 {

diff --git a/lib/wolfTPM b/lib/wolfTPM
diff --git a/src/tpm.c b/src/tpm.c
@@ -824,7 +824,6 @@ int wolfBoot_unseal_blob(struct wolfBoot_image* img, WOLFTPM2_KEYBLOB* seal_blob
     int rc, i;
     WOLFTPM2_SESSION policy_session;
     uint32_t key_type;
-    int key_slot = -1;
     TPM_ALG_ID pcrAlg = WOLFBOOT_TPM_PCR_ALG;
     TPM_ALG_ID alg = TPM_ALG_NULL, sigAlg;
     TPMT_PUBLIC template;
@@ -868,6 +867,7 @@ int wolfBoot_unseal_blob(struct wolfBoot_image* img, WOLFTPM2_KEYBLOB* seal_blob
     memset(&authKey, 0, sizeof(authKey));
     memset(&template, 0, sizeof(template));
     memset(&policy_session, 0, sizeof(policy_session));
+    memset(&checkTicket, 0, sizeof(checkTicket));
 
     /* Setup a TPM session that can be used for parameter encryption */
     rc = wolfTPM2_StartSession(&wolftpm_dev, &policy_session, &wolftpm_srk,
@@ -1152,6 +1152,7 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
     #ifdef WOLFBOOT_TPM_KEYSTORE_AUTH
     nv.handle.auth.size = (UINT16)strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
     memcpy(nv.handle.auth.buffer, WOLFBOOT_TPM_KEYSTORE_AUTH, nv.handle.auth.size);
+    wolfTPM2_SetAuthHandle(&wolftpm_dev, 0, &nv.handle);
     #endif
 
     /* Enable parameter encryption for session - to protect auth */
@@ -1163,12 +1164,16 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
         nv.handle.hndl = WOLFBOOT_TPM_KEYSTORE_NV_BASE + key_slot;
         rc = wolfTPM2_NVReadAuth(&wolftpm_dev, &nv, nv.handle.hndl,
             digest, &digestSz, 0);
-        if (rc == 0 && digestSz == WOLFBOOT_SHA_DIGEST_SIZE &&
-            memcmp(digest, pubkey_hint, WOLFBOOT_SHA_DIGEST_SIZE) == 0) {
-            wolfBoot_printf("TPM Root of Trust valid (id %d)\n", key_slot);
+        if (rc == 0) {
+            if (digestSz == WOLFBOOT_SHA_DIGEST_SIZE &&
+                memcmp(digest, pubkey_hint, WOLFBOOT_SHA_DIGEST_SIZE) == 0) {
+                wolfBoot_printf("TPM Root of Trust valid (id %d)\n", key_slot);
+            }
+            else {
+                rc = -1; /* digest match failure */
+            }
         }
-        else {
-            if (rc >= 0) rc = -1; /* failure */
+        if (rc != 0) {
             wolfBoot_printf("TPM Root of Trust failed! %d (%s)\n",
                 rc, wolfTPM2_GetRCString(rc));
             wolfBoot_printf("Expected Hash %d\n", digestSz);

diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c
@@ -614,19 +614,22 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
 
                 if (*pubkey_sz <= KEYSTORE_PUBKEY_SIZE_RSA2048) {
                     CMD.sign = SIGN_RSA2048;
-                    CMD.header_sz = 512;
+                    if (CMD.policy_sign) {
+                        CMD.header_sz = 1024;
+                    }
+                    else {
+                        CMD.header_sz = 512;
+                    }
                     CMD.signature_sz = 256;
                 }
                 else if (*pubkey_sz <= KEYSTORE_PUBKEY_SIZE_RSA3072) {
                     CMD.sign = SIGN_RSA3072;
-
-                    if(CMD.hash_algo != HASH_SHA256) {
+                    if (CMD.hash_algo != HASH_SHA256 || CMD.policy_sign) {
                         CMD.header_sz = 1024;
                     }
                     else {
                         CMD.header_sz = 512;
                     }
-
                     CMD.signature_sz = 384;
                 }
                 else if (*pubkey_sz <= KEYSTORE_PUBKEY_SIZE_RSA4096) {
@@ -673,22 +676,24 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
                     }
                     else if (keySzOut == 384) {
                         CMD.sign = SIGN_RSA3072;
-
-                        if(CMD.hash_algo != HASH_SHA256) {
+                        if (CMD.hash_algo != HASH_SHA256 || CMD.policy_sign) {
                             CMD.header_sz = 1024;
                         }
                         else {
                             CMD.header_sz = 512;
                         }
-
                         CMD.signature_sz = 384;
                     }
                     else {
                         CMD.sign = SIGN_RSA2048;
-                        CMD.header_sz = 512;
+                        if (CMD.policy_sign) {
+                            CMD.header_sz = 1024;
+                        }
+                        else {
+                            CMD.header_sz = 512;
+                        }
                         CMD.signature_sz = 256;
                     }
-
                     break;
                 }
             }
@@ -743,7 +748,7 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
         printf("image header size overridden by config value (%u bytes)\n", IMAGE_HEADER_SIZE);
         CMD.header_sz = IMAGE_HEADER_SIZE;
     } else {
-        printf("image header size calculated at runtime (%u bytes)\n", IMAGE_HEADER_SIZE);
+        printf("image header size calculated at runtime (%u bytes)\n", CMD.header_sz);
     }
 
 #ifdef DEBUG_SIGNTOOL

diff --git a/tools/tpm/rot.c b/tools/tpm/rot.c
@@ -104,6 +104,9 @@ static int TPM2_Boot_SecureROT_Example(TPMI_RH_NV_AUTH authHandle, word32 nvBase
 
         printf("Computing keystore hash for index %d\n", id);
 
+        printf("Public Key (%d)\n", bufSz);
+        TPM2_PrintBin(buf, bufSz);
+
         /* hash public key */
         digestSz = wc_HashGetDigestSize(hashType);
         rc = wc_Hash(hashType, buf, (word32)bufSz, digest, digestSz);
+1 −2		examples/boot/secure_rot.c
+1 −1		examples/keygen/keygen.c
+1 −1		examples/keygen/keyimport.c
+24 −13		examples/nvram/counter.c
+34 −12		examples/nvram/read.c
+31 −9		examples/nvram/store.c
+1 −1		examples/seal/seal.c
+0 −1		src/tpm2.c
+9 −1		src/tpm2_wrap.c