Update PQ docs, and fix spelling errors.

Author: philljj

config/examples/sim-xmss.config

@@ -1,5 +1,10 @@
 # XMSS/XMSS^MT/HSS signature example, based on sim.config example.
 #
+# XMSS/XMSS^MT is a post-quantum, stateful, hash-based signature scheme.
+#
+# Use the helper script
+#   tools/xmss/xmss_siglen.sh
+# to calculate your signature length given an xmss parameter string.
 #
 
 ARCH=sim

docs/PQ.md

@@ -19,42 +19,18 @@ See these links for more info on stateful HBS support and wolfSSL/wolfCrypt:
 - https://www.wolfssl.com/documentation/manuals/wolfssl/appendix07.html#post-quantum-stateful-hash-based-signatures
 - https://github.com/wolfSSL/wolfssl-examples/tree/master/pq/stateful_hash_sig
 
+## Supported PQ Signature Methods
 
-## LMS/HSS
+These four PQ signature options are supported:
+- LMS: uses wolfcrypt implementation from `wc_lms.c`, and `wc_lms_impl.c`.
+- XMSS: uses wolfcrypt implementation from `wc_xmss.c`, and `wc_xmss_impl.c`.
+- ext_LMS: uses external integration from `ext_lms.c`.
+- ext_XMSS: uses external integration from `ext_xmss.c`.
 
+The wolfcrypt implementations are more performant and are recommended.
+The external integrations are experimental and for testing interoperability.
 
-### Building with LMS Support
-
-LMS/HSS support in wolfCrypt requires the hash-sigs library ( https://github.com/cisco/hash-sigs ).
-Use the following procedure to prepare hash-sigs for building with wolfBoot:
-
-```
-$ cd lib
-$ mkdir hash-sigs
-$ls
- CMakeLists.txt  hash-sigs  wolfssl  wolfTPM
-$ cd hash-sigs
-$ mkdir lib
-$ git clone https://github.com/cisco/hash-sigs.git src
-$ cd src
-$ git checkout b0631b8891295bf2929e68761205337b7c031726
-$ git apply ../../../tools/lms/0001-Patch-to-support-wolfBoot-LMS-build.patch
-```
-
-Nothing more is needed, as wolfBoot will automatically produce the required
-hash-sigs build artifacts.
-
-Note: the hash-sigs project only builds static libraries:
-- hss_verify.a: a single-threaded verify-only static lib.
-- hss_lib.a: a single-threaded static lib.
-- hss_lib_thread.a: a multi-threaded static lib.
-
-The keytools utility links against `hss_lib.a`, as it needs full
-keygen, signing, and verifying functionality. However wolfBoot
-links directly with the subset of objects in the `hss_verify.a`
-build rule, as it only requires verify functionality.
-
-### LMS Config
+### LMS/HSS Config
 
 A new LMS sim example has been added here:
 ```
@@ -86,31 +62,8 @@ winternitz: 8
 signature length: 2644
 ```
 
-## XMSS/XMSS^MT
+### XMSS/XMSS^MT Config
 
-### Building with XMSS Support
-
-XMSS/XMSS^MT support in wolfCrypt requires a patched version of the
-xmss-reference library ( https://github.com/XMSS/xmss-reference.git ).
-Use the following procedure to prepare xmss-reference for building with
-wolfBoot:
-
-```
-$ cd lib
-$ git clone https://github.com/XMSS/xmss-reference.git xmss
-$ ls
-CMakeLists.txt  wolfPKCS11  wolfTPM  wolfssl  xmss
-$ cd xmss
-$ git checkout 171ccbd26f098542a67eb5d2b128281c80bd71a6
-$ git apply ../../tools/xmss/0001-Patch-to-support-wolfSSL-xmss-reference-integration.patch
-```
-
-The patch creates an addendum readme, `patch_readme.md`, with further comments.
-
-Nothing more is needed beyond the patch step, as wolfBoot will handle building
-the xmss build artifacts it requires.
-
-### XMSS Config
 A new XMSS sim example has been added here:
 ```
 config/examples/sim-xmss.config
@@ -142,3 +95,59 @@ $ ./tools/xmss/xmss_siglen.sh XMSSMT-SHA2_20/2_256
 parameter set:    XMSSMT-SHA2_20/2_256
 signature length: 4963
 ```
+
+## Building the external PQ Integrations
+
+### ext_LMS Support
+
+The external LMS/HSS support in wolfCrypt requires the hash-sigs library ( https://github.com/cisco/hash-sigs ).
+Use the following procedure to prepare hash-sigs for building with wolfBoot:
+
+```
+$ cd lib
+$ mkdir hash-sigs
+$ls
+ CMakeLists.txt  hash-sigs  wolfssl  wolfTPM
+$ cd hash-sigs
+$ mkdir lib
+$ git clone https://github.com/cisco/hash-sigs.git src
+$ cd src
+$ git checkout b0631b8891295bf2929e68761205337b7c031726
+$ git apply ../../../tools/lms/0001-Patch-to-support-wolfBoot-LMS-build.patch
+```
+
+Nothing more is needed, as wolfBoot will automatically produce the required
+hash-sigs build artifacts.
+
+Note: the hash-sigs project only builds static libraries:
+- hss_verify.a: a single-threaded verify-only static lib.
+- hss_lib.a: a single-threaded static lib.
+- hss_lib_thread.a: a multi-threaded static lib.
+
+The keytools utility links against `hss_lib.a`, as it needs full
+keygen, signing, and verifying functionality. However wolfBoot
+links directly with the subset of objects in the `hss_verify.a`
+build rule, as it only requires verify functionality.
+
+
+### ext_XMSS Support
+
+The external XMSS/XMSS^MT support in wolfCrypt requires a patched version of the
+xmss-reference library ( https://github.com/XMSS/xmss-reference.git ).
+Use the following procedure to prepare xmss-reference for building with
+wolfBoot:
+
+```
+$ cd lib
+$ git clone https://github.com/XMSS/xmss-reference.git xmss
+$ ls
+CMakeLists.txt  wolfPKCS11  wolfTPM  wolfssl  xmss
+$ cd xmss
+$ git checkout 171ccbd26f098542a67eb5d2b128281c80bd71a6
+$ git apply ../../tools/xmss/0001-Patch-to-support-wolfSSL-xmss-reference-integration.patch
+```
+
+The patch creates an addendum readme, `patch_readme.md`, with further comments.
+
+Nothing more is needed beyond the patch step, as wolfBoot will handle building
+the xmss build artifacts it requires.

docs/STM32-TZ.md

@@ -53,7 +53,7 @@ OPTION BYTES BANK: 0
      nRST_STOP    : 0x1 (No reset generated when entering Stop mode) 
      nRST_STDBY   : 0x1 (No reset generated when entering Standby mode) 
      nRST_SHDW    : 0x1 (No reset generated when entering the Shutdown mode) 
-     IWDG_SW      : 0x1 (Software independant watchdog) 
+     IWDG_SW      : 0x1 (Software independent watchdog)
      IWDG_STOP    : 0x1 (IWDG counter active in stop mode) 
      IWDG_STDBY   : 0x1 (IWDG counter active in standby mode) 
      WWDG_SW      : 0x1 (Software window watchdog) 

docs/Signing.md

@@ -104,6 +104,12 @@ file is in this format.
   * `--rsa4096` Use rsa4096 for signing the firmware. Assume that the given KEY.DER
 file is in this format.
 
+  * `--lms` Use LMS/HSS for signing the firmware. Assume that the given KEY.DER
+file is in this format.
+
+  * `--xmss` Use XMSS/XMSS^MT for signing the firmware. Assume that the given KEY.DER
+file is in this format.
+
   * `--no-sign` Disable secure boot signature verification. No signature
     verification is performed in the bootloader, and the KEY.DER argument should
     not be supplied.

docs/Targets.md

@@ -1766,7 +1766,7 @@ O.K.
 
 Reset or power cycle board.
 
-Once wolfBoot has performaed validation of the partition and booted the D15 Green LED on P3_13 will illuminate.
+Once wolfBoot has performed validation of the partition and booted the D15 Green LED on P3_13 will illuminate.
 
 ### MCX A: Testing firmware update
 
@@ -1935,10 +1935,10 @@ Flash Allocation:
 Detailed steps can be found at [Readme.md](../IDE/Renesas/e2studio/RA6M4/Readme.md).
 
 ## Renesas RZN2L
-This example demonstrates simple secure firmware boot from extarnal flash by wolfBoot.
+This example demonstrates simple secure firmware boot from external flash by wolfBoot.
 A sample application v1 is securely loaded into internal RAM if there is not higher version in update region. A sample application v2 will be loaded when it is in update region.Both versions behave the same except blinking LED Red(v1) or Yellow(v2). They are compiled by e2Studio and running on the target board.
 
-The exmaple uses SPI boot mode with external flash on the evaluation board. On this boot mode, the loader program, which is wolfBoot, is copied to the internal RAM(B-TCM). wolfBoot copies the application program from external flash memory to RAM(System RAM). As final step of wolfBoot the entry point of the copied applicatin program is called if its integrity and authenticity are OK.
+The example uses SPI boot mode with external flash on the evaluation board. On this boot mode, the loader program, which is wolfBoot, is copied to the internal RAM(B-TCM). wolfBoot copies the application program from external flash memory to RAM(System RAM). As final step of wolfBoot the entry point of the copied application program is called if its integrity and authenticity are OK.
 
 ![Operation Overview](../IDE/Renesas/e2studio/RZN2L/doc/image1.png)