Remove keytools dependency on IMAGE_HEADER_SIZE.

- Added getenv() to override the value at runtime
- Removed doc on old python tools

docs/Signing.md

@@ -4,39 +4,18 @@
 server) environment to manage wolfBoot private keys and sign the initial
 firmware and all the updates for the target.
 
-## C or Python
-
-The tools are distributed in two versions, using the same command line syntax,
-for portability reasons.
-
-By default, C keytools are compiled. The makefiles and scripts in this
-repository will use the C tools.
-
-### C Key Tools
+## C Key Tools
 
 A standalone C version of the key tools is available in: `./tools/keytools`.
 
 These can be built in `tools/keytools` using `make` or from the wolfBoot root using `make keytools`.
 
-If the C version of the key tools exists they will be used by wolfBoot's makefile and scripts.
-
 #### Windows Visual Studio
 
 Use the `wolfBootSignTool.vcxproj` Visual Studio project to build the `sign.exe` and `keygen.exe` tools for use on Windows.
 
 If you see any error about missing `target.h` this is a generated file based on your .config using the make process. It is needed for `WOLFBOOT_SECTOR_SIZE` used in delta updates.
 
-### Python key tools
-
-**Please note that the Python tools are deprecated and will be removed in future versions.**
-
-In order to use the python key tools, ensure that the `wolfcrypt` package is
-installed in your python environment. In most systems it's sufficient to run a
-command similar to:
-
-`pip install wolfcrypt`
-
-to ensure that the dependencies are met.
 
 ## Command Line Usage
 
@@ -78,6 +57,19 @@ Usage: `sign [OPTIONS] IMAGE.BIN KEY.DER VERSION`
 `VERSION`:    The version associated with this signed software
 `OPTIONS`:    Zero or more options, described below
 
+#### Image header size
+
+By default, the manifest header size used by SIGN tool depends on the ideal
+value for the configuration chosen. In some cases however, it is necessary to use
+a different value than the default. To override the `IMAGE_HEADER_SIZE` value,
+set an environment variable with the same name and the desired value, via `setenv`,
+`export`, or simply inlining it with the sign command:
+
+```
+IMAGE_HEADER_SIZE=2048 sign [OPTIONS] IMAGE.BIN KEY.DER VERSION
+```
+
+
 #### Public key signature options
 
 If none of the following arguments is given, the tool will try to guess the key

tools/keytools/Makefile

@@ -79,11 +79,6 @@ else
   CFLAGS+=$(OPTIMIZE)
 endif
 
-ifeq ($(IMAGE_HEADER_SIZE),)
-  IMAGE_HEADER_SIZE=256
-endif
-
-CFLAGS+=-DIMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE)
 CFLAGS+=-DDELTA_UPDATES
 
 ifneq ($(RENESAS_KEY),)

tools/keytools/sign.c

@@ -147,9 +147,6 @@ static inline int fp_truncate(FILE *f, size_t len)
     #define PATH_MAX 256
 #endif
 
-#ifndef IMAGE_HEADER_SIZE
-    #define IMAGE_HEADER_SIZE 256
-#endif
 
 #define WOLFBOOT_MAGIC          0x464C4F57 /* WOLF */
 
@@ -314,7 +311,6 @@ static struct cmd_options CMD = {
     .sign = SIGN_AUTO,
     .encrypt  = ENC_OFF,
     .hash_algo = HASH_SHA256,
-    .header_sz = IMAGE_HEADER_SIZE,
     .partition_id = HDR_IMG_TYPE_APP,
     .hybrid = 0
 };
@@ -324,7 +320,7 @@ static uint16_t sign_tool_find_header(uint8_t *haystack, uint16_t type, uint8_t
     uint8_t *p = haystack;
     uint16_t len, htype;
     const volatile uint8_t *max_p = (haystack - IMAGE_HEADER_OFFSET) +
-                                                    IMAGE_HEADER_SIZE;
+                                                    CMD.header_sz;
     *ptr = NULL;
     if (p > max_p) {
         fprintf(stderr, "Illegal address (too high)\n");
@@ -344,10 +340,10 @@ static uint16_t sign_tool_find_header(uint8_t *haystack, uint16_t type, uint8_t
 
         len = p[2] | (p[3] << 8);
         /* check len */
-        if ((4 + len) > (uint16_t)(IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET)) {
+        if ((4 + len) > (uint16_t)(CMD.header_sz - IMAGE_HEADER_OFFSET)) {
             fprintf(stderr, "This field is too large (bigger than the space available "
                      "in the current header)\n");
-            //fprintf(stderr, "%d %d %d\n", len, IMAGE_HEADER_SIZE, IMAGE_HEADER_OFFSET);
+            //fprintf(stderr, "%d %d %d\n", len, CMD.header_sz, IMAGE_HEADER_OFFSET);
             break;
         }
         /* check max pointer */
@@ -923,13 +919,6 @@ static uint8_t *load_key(uint8_t **key_buffer, uint32_t *key_buffer_sz,
         goto failure;
     }
 
-    if (CMD.header_sz < IMAGE_HEADER_SIZE) {
-        printf("image header size overridden by config value (%u bytes)\n", IMAGE_HEADER_SIZE);
-        CMD.header_sz = IMAGE_HEADER_SIZE;
-    } else {
-        printf("image header size calculated at runtime (%u bytes)\n", CMD.header_sz);
-    }
-
     DEBUG_PRINT("Pubkey %d\n", *pubkey_sz);
     DEBUG_BUFFER(*pubkey, *pubkey_sz);
     return *key_buffer;
@@ -2112,6 +2101,8 @@ static void set_signature_sizes(int secondary)
 {
     uint32_t *sz = &CMD.signature_sz;
     int *sign = &CMD.sign;
+    uint32_t suggested_sz = 0;
+    char *env_image_header_size;
     if (secondary) {
         sz = &CMD.secondary_signature_sz;
         sign = &CMD.secondary_sign;
@@ -2261,6 +2252,18 @@ static void set_signature_sizes(int secondary)
         *sz = sig_sz;
     }
 #endif /* WOLFSSL_WC_DILITHIUM */
+
+    env_image_header_size = getenv("IMAGE_HEADER_SIZE");
+    if (env_image_header_size) {
+        suggested_sz = atoi(env_image_header_size);
+    }
+    if (suggested_sz != 0) {
+        if (CMD.header_sz <= suggested_sz)
+            CMD.header_sz = suggested_sz;
+        else
+            printf("Environment variable IMAGE_HEADER_SIZE=%u overridden.\n", suggested_sz);
+    }
+    printf("Manifest header size: %u\n", CMD.header_sz);
 }
 
 int main(int argc, char** argv)
@@ -2291,6 +2294,9 @@ int main(int argc, char** argv)
         exit(1);
     }
 
+    /* Set initial manifest header size to a minimum default value */
+    CMD.header_sz = 256;
+
     /* Parse Arguments */
     for (i=1; i<argc; i++) {
         if (strcmp(argv[i], "--no-sign") == 0) {