Skip to content

Commit 2560bdc

Browse files
dgarskedgarske
committed
Added TPM RSA verify support. Added support for using software SHA-256 hasing with TPM because its much faster. (Note: to use TPM for hashing define WOLFBOOT_HASH_TPM).
1 parent 782d4b6 commit 2560bdc

5 files changed

Lines changed: 145 additions & 130 deletions

File tree

Makefile

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ ifeq ($(SIGN),ED25519)
5757
./lib/wolfssl/wolfcrypt/src/ge_low_mem.o \
5858
./lib/wolfssl/wolfcrypt/src/hash.o \
5959
./lib/wolfssl/wolfcrypt/src/wolfmath.o \
60+
./lib/wolfssl/wolfcrypt/src/wc_port.o \
6061
./lib/wolfssl/wolfcrypt/src/fe_low_mem.o
6162
PUBLIC_KEY_OBJS=./src/ed25519_pub_key.o
6263
CFLAGS+=-DWOLFBOOT_SIGN_ED25519 \
@@ -74,6 +75,7 @@ ifeq ($(SIGN),RSA2048)
7475
./lib/wolfssl/wolfcrypt/src/rsa.o \
7576
./lib/wolfssl/wolfcrypt/src/asn.o \
7677
./lib/wolfssl/wolfcrypt/src/hash.o \
78+
./lib/wolfssl/wolfcrypt/src/wc_port.o \
7779
./src/xmalloc_rsa.o
7880
PUBLIC_KEY_OBJS=./src/rsa2048_pub_key.o
7981
CFLAGS+=-DWOLFBOOT_SIGN_RSA2048 -DXMALLOC_USER $(RSA_EXTRA_CFLAGS) \
@@ -148,17 +150,17 @@ endif
148150

149151

150152
ifeq ($(DEBUG),1)
151-
CFLAGS+=-O0 -g -ggdb3 -DDEBUG=1
153+
CFLAGS+=-O0 -g -ggdb3 -DDEBUG=1
152154
else
153-
CFLAGS+=-Os
155+
CFLAGS+=-Os
154156
endif
155157

156158
ifeq ($(V),0)
157159
Q=@
158160
endif
159161

160162
ifeq ($(VTOR),0)
161-
CFLAGS+=-DNO_VTOR
163+
CFLAGS+=-DNO_VTOR
162164
endif
163165

164166
ifeq ($(PKA),1)
@@ -170,18 +172,21 @@ OBJS+=$(PUBLIC_KEY_OBJS)
170172
OBJS+=$(UPDATE_OBJS)
171173

172174
ifeq ($(WOLFTPM),1)
173-
OBJS += lib/wolfTPM/src/tpm2.o \
174-
lib/wolfTPM/src/tpm2_packet.o \
175-
lib/wolfTPM/src/tpm2_tis.o \
176-
lib/wolfTPM/src/tpm2_wrap.o \
175+
OBJS += lib/wolfTPM/src/tpm2.o \
176+
lib/wolfTPM/src/tpm2_packet.o \
177+
lib/wolfTPM/src/tpm2_tis.o \
178+
lib/wolfTPM/src/tpm2_wrap.o \
177179
hal/spi/spi_drv_$(SPI_TARGET).o
178-
CFLAGS+=-DWOLFTPM_SLB9670 -DWOLFTPM2_NO_WOLFCRYPT -DSIZEOF_LONG=4 -Ilib/wolfTPM \
179-
-DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1024 -DWOLFTPM2_MAX_BUFFER=1500 -DMAX_SESSION_NUM=1 -DMAX_DIGEST_BUFFER=973 \
180-
-DWOLFTPM_SMALL_STACK
181-
182-
else
183-
OBJS+=$(WOLFCRYPT_OBJS)
180+
CFLAGS+=-DWOLFBOOT_TPM -DSIZEOF_LONG=4 -Ilib/wolfTPM \
181+
-DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1024 -DWOLFTPM2_MAX_BUFFER=1500 \
182+
-DMAX_SESSION_NUM=1 -DMAX_DIGEST_BUFFER=973 \
183+
-DWOLFTPM_SMALL_STACK
184+
# Chip Type: WOLFTPM_SLB9670, WOLFTPM_ST33, WOLFTPM_MCHP
185+
CFLAGS+=-DWOLFTPM_SLB9670
186+
# Use TPM for hashing (slow)
187+
#CFLAGS+=-DWOLFBOOT_HASH_TPM
184188
endif
189+
OBJS+=$(WOLFCRYPT_OBJS)
185190

186191

187192
ASFLAGS:=$(CFLAGS)

hal/spi/spi_drv_stm32.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -58,7 +58,7 @@ static void spi_flash_pin_setup(void)
5858

5959
static void spi_tpm2_pin_setup(void)
6060
{
61-
#ifdef WOLFTPM2_NO_WOLFCRYPT
61+
#ifdef WOLFBOOT_TPM
6262
uint32_t reg;
6363
RCC_GPIO_CLOCK_ER |= SPI_PIO_CS_CEN;
6464
reg = SPI_PIO_CS_MODE & ~ (0x03 << (SPI_CS_TPM * 2));

include/loader.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,7 @@
5353
# error "No public key available for given signing algorithm."
5454
#endif /* Algorithm selection */
5555

56-
#ifdef WOLFTPM2_NO_WOLFCRYPT
56+
#ifdef WOLFBOOT_TPM
5757
int wolfBoot_tpm2_init(void);
5858
#endif
5959

0 commit comments

Comments
 (0)