Skip to content

wolfBoot TPM improvements #105

wolfBoot TPM improvements

wolfBoot TPM improvements #105

Workflow file for this run

name: Wolfboot keytools test workflow
on:
push:
branches: [master]
pull_request:
branches: [master]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Workaround for sources.list
run: sudo sed -i 's|http://azure.archive.ubuntu.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/sources.list
- name: Update repository
run: sudo apt-get update
- name: Install wolfSSL
run: |
sudo apt-get install --no-install-recommends -y -q make libwolfssl-dev
# ECC
- name: make clean
run: |
make distclean && make keysclean && make -C tools/keytools clean && rm -f include/target.h
- name: Select config
run: |
cp config/examples/sim-ecc.config .config && make include/target.h
- name: Build key tools
run: |
make -C tools/keytools
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl ecparam -name prime256v1 -genkey -noout -outform DER -out private-key.der
- name: Export external public key
run: |
openssl ec -in private-key.der -inform DER -pubout -out public-key.der -outform DER
- name: Import external public key
run: |
./tools/keytools/keygen --ecc256 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --ecc256 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --ecc256 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
# ED25519
- name: make clean
run: |
make distclean && make keysclean && make -C tools/keytools clean && rm -f include/target.h
- name: Select config
run: |
cp config/examples/sim.config .config && make include/target.h
- name: Build key tools
run: |
make -C tools/keytools
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl genpkey -algorithm ed25519 -out private-key.der -outform DER
- name: Export external public key
run: |
openssl pkey -in private-key.der -inform DER -pubout -out public-key.der -outform DER
- name: Import external public key
run: |
./tools/keytools/keygen --ed25519 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --ed25519 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -rawin -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --ed25519 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig
# RSA
- name: make clean
run: |
make distclean && make keysclean && make -C tools/keytools clean && rm -f include/target.h
- name: Select config
run: |
cp config/examples/sim-rsa.config .config && make include/target.h
- name: Build key tools
run: |
make -C tools/keytools
- name: Build wolfboot
run: |
make ${{inputs.make-args}}
- name: Generate external key
run: |
openssl genrsa -out private-key.pem 2048
- name: Convert to DER
run: |
openssl rsa -in private-key.pem -inform PEM -out private-key.der -outform DER
- name: Export external public key
run: |
openssl rsa -inform DER -outform DER -in private-key.der -out public-key.der -pubout
- name: Import external public key
run: |
./tools/keytools/keygen --rsa2048 -i public-key.der
- name: Hash the image elf
run: |
./tools/keytools/sign --rsa2048 --sha-only --sha256 test-app/image.elf public-key.der 1
- name: Sign the digest with the external key
run: |
openssl pkeyutl -sign -keyform der -inkey private-key.der -in test-app/image_v1_digest.bin > test-app/image_v1.sig
- name: Generate final signed binary
run: |
./tools/keytools/sign --rsa2048 --sha256 --manual-sign test-app/image.elf public-key.der 1 test-app/image_v1.sig