-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support for sealing/unseal a secret based on an externally signed PCR…
… policy. * Added new `WOLFBOOT_TPM_SEAL` and `WOLFBOOT_TPM_SEAL_NV_BASE` config options. * Added new `tools/tpm/policy_create` tool for assisting with creation of a policy digest. The sign keytool `--policy=file` signs the policy. * Added new `WOLFBOOT_TPM_VERIFY` option to enable offloading of the asymmetric verification to the TPM. By default wolfCrypt will be used. * Added example seal/unseal to update_flash for ARCH_SIM. * Renamed `WOLFBOOT_TPM_KEYSTORE_NV_INDEX` to `WOLFBOOT_TPM_KEYSTORE_NV_BASE` to support multiple public keys. * Refactored most TPM code into tpm.c. * Refactored the keystore ROT to use new `wolfBoot_check_rot` API. * Refactored the sign keytool to have a sign_digest function to allow signing firmware and policy for sealing/unsealing. * Fix for make distclean && make using the wrong key tools.
- Loading branch information
Showing
38 changed files
with
2,099 additions
and
722 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
ARCH=sim | ||
TARGET=sim | ||
SIGN?=ECC256 | ||
HASH?=SHA256 | ||
SPI_FLASH=0 | ||
DEBUG=0 | ||
WOLFTPM=1 | ||
|
||
# sizes should be multiple of system page size | ||
WOLFBOOT_PARTITION_SIZE=0x40000 | ||
WOLFBOOT_SECTOR_SIZE=0x1000 | ||
WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000 | ||
# if on external flash, it should be multiple of system page size | ||
WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000 | ||
WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000 | ||
|
||
# required for keytools | ||
WOLFBOOT_FIXED_PARTITIONS=1 | ||
|
||
# Use NV for TPM based Root of Trust | ||
WOLFBOOT_TPM_KEYSTORE?=1 | ||
WOLFBOOT_TPM_KEYSTORE_NV_BASE?=0x01400200 | ||
#WOLFBOOT_TPM_KEYSTORE_AUTH?=TestAuth | ||
|
||
# Measured boot at test PCR index 16 | ||
MEASURED_BOOT?=1 | ||
MEASURED_PCR_A?=16 | ||
|
||
# Sealing a secret into TPM based on external PCR policy signed by the sign tool | ||
WOLFBOOT_TPM_SEAL?=1 | ||
WOLFBOOT_TPM_SEAL_NV_BASE=0x01400300 | ||
|
||
# TPM Logging | ||
#CFLAGS_EXTRA+=-DDEBUG_WOLFTPM | ||
#CFLAGS_EXTRA+=-DWOLFTPM_DEBUG_VERBOSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.