diff --git a/Makefile b/Makefile index b34c11129..dd7b3694c 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,9 @@ ifeq ($(TARGET),ti_hercules) LSCRIPT_FLAGS+=--run_linker $(LSCRIPT) endif +# Environment variables for sign tool +SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE) + MAIN_TARGET=factory.bin TARGET_H_TEMPLATE:=include/target.h.in @@ -218,7 +221,7 @@ $(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) keystore.der -g $(SECONDARY_PRIVATE_KEY)) || true $(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true -keytools: include/target.h +keytools: @echo "Building key tools" @$(MAKE) -C tools/keytools -s clean @$(MAKE) -C tools/keytools -j @@ -238,10 +241,10 @@ test-app/image_v1_signed.bin: $(BOOT_IMG) @echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)" @echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)" - $(Q)(test $(SIGN) = NONE) || IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) \ + $(Q)(test $(SIGN) = NONE) || $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) \ $(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \ $(SECONDARY_PRIVATE_KEY) 1 || true - $(Q)(test $(SIGN) = NONE) && IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true + $(Q)(test $(SIGN) = NONE) && $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true test-app/image.elf: wolfboot.elf $(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" image.elf diff --git a/src/delta.c b/src/delta.c index 201360495..151d80180 100644 --- a/src/delta.c +++ b/src/delta.c @@ -22,11 +22,11 @@ #include #include #include -#include /* WOLFBOOT_SECTOR_SIZE */ #define ESC 0x7f + #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ defined(__GNUC__) #define BLOCK_HDR_PACKED __attribute__ ((packed)) @@ -169,9 +169,17 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len) return dst_off; } +#ifndef __WOLFBOOT + +#include +#include +#include + +static uint32_t wolfboot_sector_size = 0; int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_b, uint32_t len_b) { + char *env_sector_size = NULL; if (!ctx || (len_a == 0) || (len_b == 0)) return -1; memset(ctx, 0, sizeof(WB_DIFF_CTX)); @@ -179,6 +187,24 @@ int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_ ctx->src_b = src_b; ctx->size_a = len_a; ctx->size_b = len_b; + + env_sector_size = getenv("WOLFBOOT_SECTOR_SIZE"); + if (!env_sector_size) { + fprintf(stderr, "Please set the WOLFBOOT_SECTOR_SIZE environment variable in\n" + "order to sign a delta update.\n"); + exit(6); + } else { + wolfboot_sector_size = atoi(env_sector_size); + if (wolfboot_sector_size == 0) { + errno = 0; + wolfboot_sector_size = strtol(env_sector_size, NULL, 16); + if (errno != 0) { + fprintf(stderr, "Invalid WOLFBOOT_SECTOR_SIZE value\n"); + exit(6); + } + } + } + printf("WOLFBOOT_SECTOR_SIZE: %d\n", wolfboot_sector_size); return 0; } @@ -196,7 +222,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) return -1; while ((ctx->off_b + BLOCK_HDR_SIZE < ctx->size_b) && (len > p_off + BLOCK_HDR_SIZE)) { - uintptr_t page_start = ctx->off_b / WOLFBOOT_SECTOR_SIZE; + uintptr_t page_start = ctx->off_b / wolfboot_sector_size; uintptr_t pa_start; found = 0; if (p_off + BLOCK_HDR_SIZE > len) @@ -210,14 +236,14 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) * base for the sectors that have already been updated. */ - pa_start = WOLFBOOT_SECTOR_SIZE * page_start; + pa_start = wolfboot_sector_size * page_start; pa = ctx->src_a + pa_start; while (((uintptr_t)(pa - ctx->src_a) < (uintptr_t)ctx->size_a) && (p_off < len)) { if ((uintptr_t)(ctx->size_a - (pa - ctx->src_a)) < BLOCK_HDR_SIZE) break; if ((ctx->size_b - ctx->off_b) < BLOCK_HDR_SIZE) break; - if ((WOLFBOOT_SECTOR_SIZE - (ctx->off_b % WOLFBOOT_SECTOR_SIZE)) < BLOCK_HDR_SIZE) + if ((wolfboot_sector_size - (ctx->off_b % wolfboot_sector_size)) < BLOCK_HDR_SIZE) break; if ((memcmp(pa, (ctx->src_b + ctx->off_b), BLOCK_HDR_SIZE) == 0)) { uintptr_t b_start; @@ -238,7 +264,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) /* Stop matching if the source image size limit is hit. */ break; } - if ((b_start / WOLFBOOT_SECTOR_SIZE) < ((ctx->off_b + 1) / WOLFBOOT_SECTOR_SIZE)) { + if ((b_start / wolfboot_sector_size) < ((ctx->off_b + 1) / wolfboot_sector_size)) { /* Stop matching when the sector bound is hit. */ break; } @@ -262,7 +288,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) } if (!found) { /* Try matching an earlier section in the resulting image */ - uintptr_t pb_end = page_start * WOLFBOOT_SECTOR_SIZE; + uintptr_t pb_end = page_start * wolfboot_sector_size; pb = ctx->src_b; while (((uintptr_t)(pb - ctx->src_b) < pb_end) && (p_off < len)) { /* Check image boundary */ @@ -274,7 +300,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) /* Don't try matching backwards if the distance between the two * blocks is smaller than one sector. */ - if (WOLFBOOT_SECTOR_SIZE > (page_start * WOLFBOOT_SECTOR_SIZE) + if (wolfboot_sector_size > (page_start * wolfboot_sector_size) - (pb - ctx->src_b)) break; @@ -338,5 +364,6 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) } return (int)p_off; } +#endif /* __WOLFBOOT */ #endif /* DELTA_UPDATES */ diff --git a/tools/efi/compile_efi_linux.sh b/tools/efi/compile_efi_linux.sh index a8bbabc16..c42c0d081 100755 --- a/tools/efi/compile_efi_linux.sh +++ b/tools/efi/compile_efi_linux.sh @@ -4,6 +4,7 @@ WORK_DIR=/tmp/wolfBoot_efi BR_VER=2022.08.3 BR_DIR=buildroot-$BR_VER IMAGE_DIR=$WORK_DIR/output +. .config if (test ! -d $WORK_DIR);then mkdir -p $WORK_DIR @@ -17,10 +18,7 @@ fi BR2_EXTERNAL=$(pwd)/tools/efi/br_ext_dir make -C $WORK_DIR/$BR_DIR tiny_defconfig O=$IMAGE_DIR make -C $WORK_DIR/$BR_DIR O=$IMAGE_DIR -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +SIGN_TOOL="./tools/keytools/sign" $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 1 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 2 diff --git a/tools/keytools/Makefile b/tools/keytools/Makefile index eeae52fc2..00b0c5ee7 100644 --- a/tools/keytools/Makefile +++ b/tools/keytools/Makefile @@ -177,25 +177,11 @@ endif .PHONY: clean all -all: $(WOLFBOOTDIR)/include/target.h sign keygen +all: sign keygen debug: CFLAGS+=$(DEBUG_FLAGS) debug: all -# Target.h is required for key tools -$(WOLFBOOTDIR)/include/target.h: $(WOLFBOOTDIR)/include/target.h.in - @cat $(WOLFBOOTDIR)/include/target.h.in | \ - sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \ - sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_SWAP_ADDRESS@/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_DTS_BOOT_ADDRESS@/$(WOLFBOOT_DTS_BOOT_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_DTS_UPDATE_ADDRESS@/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_LOAD_ADDRESS@/$(WOLFBOOT_LOAD_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_LOAD_DTS_ADDRESS@/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" \ - > $@ - # build objects $(OBJDIR)/%.o: %.c $(Q)$(CC) $(CFLAGS) -c -o $@ $< diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 06bee96c0..43126031f 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -42,9 +42,6 @@ #include #include #include -/* target.h is a generated file based on .config (see target.h.in) - * Provides: WOLFBOOT_SECTOR_SIZE */ -#include #include #include "wolfboot/version.h" diff --git a/tools/scripts/nrf5340/build_flash.sh b/tools/scripts/nrf5340/build_flash.sh index f339b004b..26bc98574 100755 --- a/tools/scripts/nrf5340/build_flash.sh +++ b/tools/scripts/nrf5340/build_flash.sh @@ -15,6 +15,9 @@ # Build dela update version 3 and flash to external (also reprograms internal flash) # ./tools/scripts/nrf5340/build_flash.sh --delta +#import config for IMAGE_HEADER_SIZE and WOLFBOOT_SECTOR_SIZE +. config/examples/nrf5340.config + # Defaults MAKE_ARGS=" DEBUG_SYMBOLS=1" DO_CLEAN=0 @@ -28,6 +31,8 @@ DO_PROGRAM_EXT=0 DO_DELTA=0 UPDATE_VERSION=1 +SIGN_ENV=IMAGE_HEADER_SIZE=$IMAGE_HEADER_SIZE WOLFBOOT_SECTOR_SIZE=$WOLFBOOT_SECTOR_SIZE +SIGN_TOOL=tools/keytools/sign SIGN_ARGS="--ecc384 --sha384" #SIGN_ARGS="--ecc256 --sha256" @@ -161,8 +166,8 @@ fi if [[ $DO_UPDATE == 1 ]]; then # Sign flash update for testing (for network partition using --id 2) - tools/keytools/sign $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION - tools/keytools/sign $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin @@ -177,8 +182,8 @@ fi if [[ $DO_DELTA == 1 ]]; then # Sign flash update for testing (for network partition using --id 2) delta between v1 and v3 - tools/keytools/sign $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION - tools/keytools/sign $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin diff --git a/tools/scripts/prepare_encrypted_delta_update.sh b/tools/scripts/prepare_encrypted_delta_update.sh deleted file mode 100755 index 655aaa22d..000000000 --- a/tools/scripts/prepare_encrypted_delta_update.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi - -# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT") -SIZE=131023 -VERSION=7 -APP=test-app/image_v"$VERSION"_signed_diff_encrypted.bin - -# Create test key -echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der - -$SIGN_TOOL --ecc256 \ - --encrypt enc_key.der \ - --delta test-app/image_v1_signed.bin \ - test-app/image.bin wolfboot_signing_private_key.der $VERSION -dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin -dd if=$APP of=update.bin bs=1 conv=notrunc -printf "pBOOT" >> update.bin diff --git a/tools/scripts/prepare_encrypted_update.sh b/tools/scripts/prepare_encrypted_update.sh deleted file mode 100755 index 1b3661ecf..000000000 --- a/tools/scripts/prepare_encrypted_update.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi - -# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT") -SIZE=131023 -#SIZE=65487 -VERSION=8 -APP=test-app/image_v"$VERSION"_signed_and_encrypted.bin - -# Create test key -echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der - -$SIGN_TOOL --ecc256 --encrypt enc_key.der test-app/image.bin wolfboot_signing_private_key.der $VERSION -dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin -dd if=$APP of=update.bin bs=1 conv=notrunc - -printf "pBOOT" >> update.bin - -#Make a 1MB rom image for SPI -rm -f update.rom -dd if=/dev/zero bs=1M count=1 2>/dev/null | tr "\000" "\377" > update.rom -dd if=update.bin of=update.rom bs=1 conv=notrunc diff --git a/tools/scripts/prepare_update.sh b/tools/scripts/prepare_update.sh index 576690f9c..251fe93f4 100755 --- a/tools/scripts/prepare_update.sh +++ b/tools/scripts/prepare_update.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=131067 diff --git a/tools/scripts/prepare_update_l5.sh b/tools/scripts/prepare_update_l5.sh index 2ab7c39b7..9a85d8d1f 100755 --- a/tools/scripts/prepare_update_l5.sh +++ b/tools/scripts/prepare_update_l5.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. ./.config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=129019 diff --git a/tools/scripts/prepare_update_l5_dualbank.sh b/tools/scripts/prepare_update_l5_dualbank.sh index e7a3ef2e5..f4a1b3e1e 100755 --- a/tools/scripts/prepare_update_l5_dualbank.sh +++ b/tools/scripts/prepare_update_l5_dualbank.sh @@ -1,9 +1,9 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +echo IMAGE_HEADER_SIZE= $IMAGE_HEADER_SIZE +echo WOLFBOOT_SECTOR_SIZE= $WOLFBOOT_SECTOR_SIZE +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=229371 diff --git a/tools/scripts/prepare_update_u5.sh b/tools/scripts/prepare_update_u5.sh index 55090de35..29f826aea 100755 --- a/tools/scripts/prepare_update_u5.sh +++ b/tools/scripts/prepare_update_u5.sh @@ -1,9 +1,6 @@ #!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=131067 diff --git a/tools/scripts/prepare_update_u5_dualbank.sh b/tools/scripts/prepare_update_u5_dualbank.sh index e7a3ef2e5..124bc5623 100755 --- a/tools/scripts/prepare_update_u5_dualbank.sh +++ b/tools/scripts/prepare_update_u5_dualbank.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=229371 diff --git a/tools/test-delta.mk b/tools/test-delta.mk index 729feb6a3..cd7967bd3 100644 --- a/tools/test-delta.mk +++ b/tools/test-delta.mk @@ -26,9 +26,9 @@ test-delta-update: distclean factory.bin test-app/image.bin tools/uart-flash-ser @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 7 - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 2 @st-flash write factory.bin 0x08000000 @echo Expecting version '1' @@ -79,7 +79,7 @@ test-delta-update-ext: distclean factory.bin test-app/image.bin tools/uart-flash @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-ext.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 7 @(tools/uart-flash-server/ufserver test-app/image_v7_signed_diff.bin $(USBTTY))& @st-flash reset @@ -121,7 +121,7 @@ test-delta-enc-update-ext: distclean factory.bin test-app/image.bin tools/uart-f @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta-enc-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-enc-ext.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \ $(ENCRYPT_STRING) --encrypt /tmp/enc_key.der \ test-app/image.bin \ $(PRIVATE_KEY) 7 diff --git a/tools/test-enc.mk b/tools/test-enc.mk index 0214417a5..7e7faff7a 100644 --- a/tools/test-enc.mk +++ b/tools/test-enc.mk @@ -24,8 +24,8 @@ tools/uart-flash-server/ufserver: FORCE test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef0123456789ab" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 @@ -47,8 +47,8 @@ test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption-aes128.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes128.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 @@ -70,8 +70,8 @@ test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/u test-enc-aes256-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption-aes256.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes256.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 diff --git a/tools/test-renode.mk b/tools/test-renode.mk index bec829698..a3b00e294 100644 --- a/tools/test-renode.mk +++ b/tools/test-renode.mk @@ -24,26 +24,19 @@ LMS_OPTS=LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 \ XMSS_OPTS=WOLFBOOT_XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \ IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 -# python version only supported using -# KEYGEN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/keygen.py" -ifeq ("$(KEYGEN_TOOL)","") - ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","") - KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe - else - KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen - endif +ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","") + KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe +else + KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen endif -# python version only supported using -# SIGN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/sign.py" -ifeq ("$(SIGN_TOOL)","") - ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") - SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe - else - SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign - endif +ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") + SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe +else + SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign endif +SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE) ifeq ($(TARGET),stm32f7) RENODE_CONFIG=tools/renode/stm32f746_wolfboot.resc @@ -140,7 +133,7 @@ renode-off: FORCE $(RENODE_UPDATE_FILE): test-app/image.bin FORCE - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $@ @@ -150,7 +143,7 @@ $(RENODE_UPDATE_FILE): test-app/image.bin FORCE renode-factory: factory.bin test-app/image.bin $(RENODE_UPDATE_FILE) $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 ${Q}cp test-app/image_v1_signed.bin $(TMP)/renode-test-v1.bin ${Q}cp wolfboot.elf $(TMP)/renode-wolfboot.elf ${Q}make renode-on @@ -175,8 +168,8 @@ renode-update: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc @@ -201,8 +194,8 @@ renode-no-downgrade: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5 ${Q}dd if=test-app/image_v5_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc ${Q}printf "pBOOT" >> $(RENODE_UPDATE_FILE) @@ -225,8 +218,8 @@ renode-corrupted: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc diff --git a/tools/test.mk b/tools/test.mk index 8e88c93ce..1c96e1ebb 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -16,9 +16,9 @@ else endif ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") - SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign.exe + SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe else - SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign + SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign endif # Make sign algorithm argument @@ -138,7 +138,7 @@ test-spi-off: FORCE test-update: test-app/image.bin FORCE @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-update.bin - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc @printf "pBOOT" >> test-update.bin @make test-reset @@ -150,10 +150,10 @@ test-update: test-app/image.bin FORCE test-sim-external-flash-with-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) # Assembling internal flash image # $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd @@ -168,13 +168,13 @@ test-sim-external-flash-with-enc-delta-update-extradata:DELTA_UPDATE_OPTIONS=--d test-sim-external-flash-with-enc-delta-update-extradata:SIGN_ENC_ARGS=--encrypt /tmp/enc_key.der --aes128 test-sim-external-flash-with-enc-delta-update-extradata: wolfboot.bin test-app/image.elf FORCE @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image_v1_signed.bin test-app/image_v1_signed.bak $(Q)rm -f test-app/image.elf test-app/app_sim.o $(Q)make -C test-app delta-extra-data DELTA_DATA_SIZE=$(DELTA_DATA_SIZE) $(Q)cp test-app/image_v1_signed.bak test-app/image_v1_signed.bin - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd $(Q)dd if=test-app/image_v1_signed.bin bs=256 of=v1_part.dd conv=notrunc @@ -192,11 +192,11 @@ test-sim-external-flash-with-enc-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) # Assembling internal flash image # @@ -217,12 +217,12 @@ test-sim-external-flash-with-enc-delta-update: test-sim-internal-flash-with-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_SECTOR_SIZE))) count=1 2>/dev/null $(INVERSION) > erased_sec.dd - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(BINASSEMBLE) internal_flash.dd \ 0 wolfboot.bin \ @@ -268,12 +268,12 @@ test-sim-rollback-flash: wolfboot.elf test-sim-internal-flash-with-update FORCE test-self-update: FORCE @mv $(PRIVATE_KEY) private_key.old @make clean factory.bin RAM_CODE=1 WOLFBOOT_VERSION=1 SIGN=$(SIGN) - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-self-update.bin - @$(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) @dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc @printf "pBOOT" >> test-self-update.bin @st-flash --reset write test-self-update.bin 0x08040000 || \ @@ -281,7 +281,7 @@ test-self-update: FORCE (make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000) test-update-ext: test-app/image.bin FORCE - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom) @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc @printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc