Added support for TPM2.0 module via wolfTPM. Tested with STM32F4. Build using make SIGN=ECC256 WOLFTPM=1.

dgarske · dgarske · commit 041ca7579353 · 2019-12-17T10:59:11.000-08:00
diff --git a/.gitmodules b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "lib/wolfssl"]
 	path = lib/wolfssl
 	url = https://github.com/wolfSSL/wolfssl.git
+[submodule "lib/wolfTPM"]
+	path = lib/wolfTPM
+	url = https://github.com/wolfssl/wolfTPM
diff --git a/Makefile b/Makefile
@@ -17,6 +17,7 @@ OBJS:= \
 ./src/string.o \
 ./src/image.o \
 ./src/libwolfboot.o
+WOLFCRYPT_OBJS:=
 
 
 ## Architecture/CPU configuration
@@ -27,7 +28,7 @@ ifeq ($(SIGN),ECC256)
   KEYGEN_OPTIONS=--ecc256
   SIGN_OPTIONS=--ecc256
   PRIVATE_KEY=ecc256.der
-  OBJS+= \
+  WOLFCRYPT_OBJS+= \
     $(ECC_EXTRA_OBJS) \
     $(MATH_OBJS) \
 	./lib/wolfssl/wolfcrypt/src/ecc.o \
@@ -45,7 +46,7 @@ ifeq ($(SIGN),ED25519)
   KEYGEN_OPTIONS=--ed25519
   SIGN_OPTIONS=--ed25519
   PRIVATE_KEY=ed25519.der
-  OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \
+  WOLFCRYPT_OBJS+= ./lib/wolfssl/wolfcrypt/src/sha512.o \
 	./lib/wolfssl/wolfcrypt/src/ed25519.o \
 	./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
     ./lib/wolfssl/wolfcrypt/src/sha256.o \
@@ -63,7 +64,7 @@ ifeq ($(SIGN),RSA2048)
   SIGN_OPTIONS=--rsa2048
   PRIVATE_KEY=rsa2048.der
   IMAGE_HEADER_SIZE=512
-  OBJS+= \
+  WOLFCRYPT_OBJS+= \
     $(RSA_EXTRA_OBJS) \
     $(MATH_OBJS) \
 	./lib/wolfssl/wolfcrypt/src/rsa.o \
@@ -93,7 +94,8 @@ endif
 ifeq ($(SPI_FLASH),1)
    EXT_FLASH=1
    CFLAGS+= -DSPI_FLASH=1
-   OBJS+= src/spi_flash.o hal/spi/spi_drv_$(TARGET).o
+   OBJS+= src/spi_flash.o
+   WOLFCRYPT_OBJS+=hal/spi/spi_drv_$(TARGET).o
 endif
 
 ifeq ($(EXT_FLASH),1)
@@ -124,6 +126,21 @@ ifeq ($(VTOR),0)
     CFLAGS+=-DNO_VTOR
 endif
 
+ifeq ($(WOLFTPM),1)
+OBJS += lib/wolfTPM/src/tpm2.o \
+	lib/wolfTPM/src/tpm2_packet.o \
+	lib/wolfTPM/src/tpm2_tis.o \
+	lib/wolfTPM/src/tpm2_wrap.o \
+    src/ecc256_pub_key.o \
+    hal/spi/spi_drv_$(TARGET).o
+    CFLAGS+=-DWOLFTPM_SLB9670 -DWOLFTPM2_NO_WOLFCRYPT -DSIZEOF_LONG=4 -Ilib/wolfTPM \
+			-DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1024 -DWOLFTPM2_MAX_BUFFER=1500 -DMAX_SESSION_NUM=1 -DMAX_DIGEST_BUFFER=973 \
+			-DWOLFTPM_SMALL_STACK
+
+else
+    OBJS+=$(WOLFCRYPT_OBJS)
+endif
+
 ASFLAGS:=$(CFLAGS)
 
 all: factory.bin
diff --git a/docs/Targets.md b/docs/Targets.md
@@ -352,6 +352,8 @@ reset
 halt
 ```
 
+`openocd --file openocd.cfg`
+
 OpenOCD can be either run in background (to allow remote GDB and monitor terminal connections), or
 directly from command line, to execute terminal scripts.
 
@@ -395,9 +397,10 @@ Use the OpenOCD configuration from the previous section to run OpenOCD.
 
 From another console, connect using gdb, e.g.:
 
+Add wolfboot.elf to the make.
+
 ```
-arm-none-eabi-gdb
-(gdb) target remote:3333
+arm-none-eabi-gdb wolfboot.elf -ex "set remotetimeout 240" -ex "target extended-remote localhost:3333"
 (gdb) add-symbol-file test-app/image.elf 0x08020000
 (gdb) add-symbol-file wolfboot.elf 0x08000000
 ```
diff --git a/hal/spi/spi_drv_stm32f4.c b/hal/spi/spi_drv_stm32f4.c
@@ -28,17 +28,17 @@
 #include "spi_drv.h"
 #include "spi_drv_stm32f4.h"
 
-void spi_cs_off(void)
+void spi_cs_off(int pin)
 {
-    GPIOE_BSRR |= (1 << SPI_FLASH_PIN);
-    while(!(GPIOE_ODR & (1 << SPI_FLASH_PIN)))
+    GPIOE_BSRR |= (1 << pin);
+    while(!(GPIOE_ODR & (1 << pin)))
         ;
 }
 
-void spi_cs_on(void)
+void spi_cs_on(int pin)
 {
-    GPIOE_BSRR |= (1 << (SPI_FLASH_PIN + 16));
-    while(GPIOE_ODR & (1 << SPI_FLASH_PIN))
+    GPIOE_BSRR |= (1 << (pin + 16));
+    while(GPIOE_ODR & (1 << pin))
         ;
 }
 
@@ -47,15 +47,28 @@ static void spi_flash_pin_setup(void)
 {
     uint32_t reg;
     AHB1_CLOCK_ER |= GPIOE_AHB1_CLOCK_ER;
-    reg = GPIOE_MODE & ~ (0x03 << (SPI_FLASH_PIN * 2));
-    GPIOE_MODE = reg | (1 << (SPI_FLASH_PIN * 2));
-
-    reg = GPIOE_PUPD & ~(0x03 <<  (SPI_FLASH_PIN * 2));
-    GPIOE_PUPD = reg | (0x01 << (SPI_FLASH_PIN * 2));
-
-    reg = GPIOE_OSPD & ~(0x03 << (SPI_FLASH_PIN * 2));
-    GPIOE_OSPD |= (0x03 << (SPI_FLASH_PIN * 2));
+    reg = GPIOE_MODE & ~ (0x03 << (SPI_CS_FLASH * 2));
+    GPIOE_MODE = reg | (1 << (SPI_CS_FLASH * 2));
+    reg = GPIOE_PUPD & ~(0x03 <<  (SPI_CS_FLASH * 2));
+    GPIOE_PUPD = reg | (0x01 << (SPI_CS_FLASH * 2));
+    reg = GPIOE_OSPD & ~(0x03 << (SPI_CS_FLASH * 2));
+    GPIOE_OSPD |= (0x03 << (SPI_CS_FLASH * 2));
+    spi_cs_off(SPI_CS_FLASH);
+}
 
+static void spi_tpm2_pin_setup(void)
+{
+#ifdef WOLFTPM2_NO_WOLFCRYPT
+    uint32_t reg;
+    AHB1_CLOCK_ER |= GPIOE_AHB1_CLOCK_ER;
+    reg = GPIOE_MODE & ~ (0x03 << (SPI_CS_TPM * 2));
+    GPIOE_MODE = reg | (1 << (SPI_CS_TPM * 2));
+    reg = GPIOE_PUPD & ~(0x03 <<  (SPI_CS_TPM * 2));
+    GPIOE_PUPD = reg | (0x01 << (SPI_CS_TPM * 2));
+    reg = GPIOE_OSPD & ~(0x03 << (SPI_CS_TPM * 2));
+    GPIOE_OSPD |= (0x03 << (SPI_CS_TPM * 2));
+    spi_cs_off(SPI_CS_TPM);
+#endif
 }
 
 static void spi1_pins_setup(void)
@@ -98,8 +111,8 @@ static void spi_pins_release(void)
     GPIOB_PUPD &= ~ (0x03 << (SPI1_MISO_PIN * 2));
 
     /* Release CS */
-    GPIOE_MODE &= ~ (0x03 << (SPI_FLASH_PIN * 2));
-    GPIOE_PUPD &= ~ (0x03 <<  (SPI_FLASH_PIN * 2));
+    GPIOE_MODE &= ~ (0x03 << (SPI_CS_FLASH * 2));
+    GPIOE_PUPD &= ~ (0x03 <<  (SPI_CS_TPM * 2));
 
     /* Disable GPIOB+GPIOE clock */
     AHB1_CLOCK_ER &= ~(GPIOB_AHB1_CLOCK_ER | GPIOE_AHB1_CLOCK_ER);
@@ -136,13 +149,18 @@ void spi_write(const char byte)
 
 void spi_init(int polarity, int phase)
 {
-    spi1_pins_setup();
-    spi_flash_pin_setup();
-    APB2_CLOCK_ER |= SPI1_APB2_CLOCK_ER_VAL;
-    spi1_reset();
-	SPI1_CR1 = SPI_CR1_MASTER | (5 << 3) | (polarity << 1) | (phase << 0);
-	SPI1_CR2 |= SPI_CR2_SSOE;
-    SPI1_CR1 |= SPI_CR1_SPI_EN;
+    static int initialized = 0;
+    if (!initialized) {
+        initialized++;
+        spi1_pins_setup();
+        spi_flash_pin_setup();
+        spi_tpm2_pin_setup();
+        APB2_CLOCK_ER |= SPI1_APB2_CLOCK_ER_VAL;
+        spi1_reset();
+        SPI1_CR1 = SPI_CR1_MASTER | (5 << 3) | (polarity << 1) | (phase << 0);
+        SPI1_CR2 |= SPI_CR2_SSOE;
+        SPI1_CR1 |= SPI_CR1_SPI_EN;
+    }
 }
 
 void spi_release(void)
diff --git a/hal/spi/spi_drv_stm32f4.h b/hal/spi/spi_drv_stm32f4.h
@@ -4,7 +4,8 @@
 /** SPI settings **/
 
 #define SPI1 (0x40013000)/* SPI1 base address */
-#define SPI_FLASH_PIN  1 /* Flash CS connected to GPIOE1 */
+#define SPI_CS_FLASH 3 /* Flash CS connected to GPIOE1 */
+#define SPI_CS_TPM   1 /* TPM CS connected to GPIOE0 */
 #define SPI1_PIN_AF    5 /* Alternate function for SPI pins */
 #define SPI1_CLOCK_PIN 3 /* SPI_SCK: PB3  */
 #define SPI1_MISO_PIN  4 /* SPI_MISO PB4  */
diff --git a/include/loader.h b/include/loader.h
@@ -47,5 +47,7 @@
 #   error "No public key available for given signing algorithm."
 #endif /* Algorithm selection */
 
-
+#ifdef WOLFTPM2_NO_WOLFCRYPT
+    int wolfBoot_tpm2_init(void);
+#endif
 #endif /* LOADER_H */
diff --git a/include/spi_drv.h b/include/spi_drv.h
@@ -30,11 +30,14 @@
 #define SPI_DRV_H_INCLUDED
 
 #include <stdint.h>
+#ifdef PLATFORM_stm32f4
+#include "hal/spi/spi_drv_stm32f4.h"
+#endif
 
 void spi_init(int polarity, int phase);
 void spi_write(const char byte);
 uint8_t spi_read(void);
-void spi_cs_on(void);
-void spi_cs_off(void);
+void spi_cs_on(int pin);
+void spi_cs_off(int pin);
 
 #endif /* !SPI_DRV_H_INCLUDED */
diff --git a/lib/wolfTPM b/lib/wolfTPM
@@ -0,0 +1 @@
+Subproject commit b37ac1d98aa4834ca1779051409032b39d206fdf
diff --git a/src/image.c b/src/image.c
diff --git a/src/loader.c b/src/loader.c
diff --git a/src/spi_flash.c b/src/spi_flash.c
diff --git a/tools/config.mk b/tools/config.mk
