Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for wolfcrypt in secure-mode from TrustZone-M secure domain #275

Merged
merged 31 commits into from
Sep 21, 2023
Merged

Support for wolfcrypt in secure-mode from TrustZone-M secure domain #275

merged 31 commits into from
Sep 21, 2023

Conversation

danielinux
Copy link
Member

@danielinux danielinux commented Jan 20, 2023
edited
Loading

Support for non-secure callable crypto functions.

  • Access crypto functions from non-secure application, through specific NSC methods
  • PKCS11 interface in non-secure world (mapped through nsc)

Secure-mode wolfBoot integrates wolfPKCS11 and exposes a PKCS11 NSC API to perform crypto operations.

Private keys and secrets can be stored in secure-domain. Test NS application uses wolfCrypt PKCS11 support.

dgarske
dgarske reviewed Feb 8, 2023
View reviewed changes
arch.mk Outdated Show resolved Hide resolved
@danielinux danielinux mentioned this pull request Sep 15, 2023
Merged
@dgarske dgarske self-requested a review September 15, 2023 15:30
@danielinux danielinux marked this pull request as ready for review September 15, 2023 16:28
dgarske
dgarske previously approved these changes Sep 19, 2023
View reviewed changes
@danielinux
Added raw file read from NS-domain
0cc1eea 
+ fix linker script with the correct NSC address
+ fix ecc key import
@danielinux
Added uart support for stm32l5 (LPUART1)
41b11ed
@danielinux
Added ECC PK_CALLBACKS + CRYPTO_CB APIs
9d62a7d
@danielinux
Reverted accidental changes in uart_drv_stm32wb
c849ddf
@danielinux
TZ: PKCS11 wrappers via wolfPKCS11 in S world
f7d6c17
@danielinux
PKCS11 store functions using wolfBoot hal
5b57d2d
@danielinux
Added NS wrappers for PKCS11 API
20e8b02
@danielinux
Working PKCS11 test.
fd862cb 
Temporarily removed some features so the image fits in 64Kb
@danielinux
Fixed PKCS11 store functions.
d53999d 
Working C_InitToken/C_Login.
@danielinux
Rebased on latest master
bcbb0c2
@danielinux
Test code clean-up
4205e31
@danielinux
Fixed NS flash access + flash write unlock + misc
ed03572 
- non-secure flash area increased to cover BOOT+UPDATE partitions
- call unlock/lock functions before accessing pkcs11 store for writing
- Enabled more features in application wolfcrypt front-end
- Fixed compiler w4rnings
@danielinux
Expanded RAM space for App 64->128 KB
e4abcbd
@danielinux
Fix nonsecure RAM area in SAU
5ae3f14
@danielinux
Fixed merge of user_settings with new TPM logic
291adfe
@danielinux
Cleanup, config rename, documentation
b8a5a62
@danielinux
Added STM32-TZ documentation
900b646
@danielinux
Added copyright notices
fcf993a
@danielinux
Fix build size for PPC stage1
212d1d8
@danielinux
Added flag WOLFSSL_PKCS11_RW_TOKENS
b29290b 
Writable token support in PR wolfSSL/wolfssl#6778
@danielinux danielinux removed their assignment Sep 21, 2023
@dgarske dgarske merged commit 2ced878 into wolfSSL:master Sep 21, 2023
64 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielinux @dgarske