From 75efbd9cfb9ad62d91ca2550d638d7dfcb34e523 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Tue, 26 Nov 2024 12:56:25 +0100 Subject: [PATCH] Removed all compile-time dependency from keytools --- Makefile | 9 ++-- include/delta.h | 1 + include/wolfboot/wolfboot.h | 2 + src/delta.c | 49 ++++++++++++++++--- test-app/app_hifive1.c | 1 + test-app/app_imx_rt.c | 1 + test-app/app_kinetis.c | 1 + test-app/app_mcxa.c | 1 + test-app/app_nrf52.c | 1 + test-app/app_nrf5340.c | 1 + test-app/app_nrf5340_net.c | 1 + test-app/app_renesas_rx.c | 1 + test-app/app_sim.c | 1 + test-app/app_stm32f4.c | 1 + test-app/app_stm32f7.c | 1 + test-app/app_stm32h5.c | 3 +- test-app/app_stm32h7.c | 1 + test-app/app_stm32l0.c | 1 + test-app/app_stm32l4.c | 1 + test-app/app_stm32l5.c | 1 + test-app/app_stm32u5.c | 1 + test-app/app_stm32wb.c | 1 + tools/efi/compile_efi_linux.sh | 6 +-- tools/keytools/Makefile | 16 +----- tools/keytools/sign.c | 23 ++++++--- tools/scripts/nrf5340/build_flash.sh | 13 +++-- .../scripts/prepare_encrypted_delta_update.sh | 22 --------- tools/scripts/prepare_encrypted_update.sh | 26 ---------- tools/scripts/prepare_update.sh | 6 +-- tools/scripts/prepare_update_l5.sh | 6 +-- tools/scripts/prepare_update_l5_dualbank.sh | 8 +-- tools/scripts/prepare_update_u5.sh | 7 +-- tools/scripts/prepare_update_u5_dualbank.sh | 6 +-- tools/test-delta.mk | 8 +-- tools/test-enc.mk | 12 ++--- tools/test-renode.mk | 41 +++++++--------- tools/test.mk | 34 ++++++------- 37 files changed, 154 insertions(+), 161 deletions(-) delete mode 100755 tools/scripts/prepare_encrypted_delta_update.sh delete mode 100755 tools/scripts/prepare_encrypted_update.sh diff --git a/Makefile b/Makefile index b34c11129..dd7b3694c 100644 --- a/Makefile +++ b/Makefile @@ -85,6 +85,9 @@ ifeq ($(TARGET),ti_hercules) LSCRIPT_FLAGS+=--run_linker $(LSCRIPT) endif +# Environment variables for sign tool +SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE) + MAIN_TARGET=factory.bin TARGET_H_TEMPLATE:=include/target.h.in @@ -218,7 +221,7 @@ $(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) keystore.der -g $(SECONDARY_PRIVATE_KEY)) || true $(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true -keytools: include/target.h +keytools: @echo "Building key tools" @$(MAKE) -C tools/keytools -s clean @$(MAKE) -C tools/keytools -j @@ -238,10 +241,10 @@ test-app/image_v1_signed.bin: $(BOOT_IMG) @echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)" @echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)" - $(Q)(test $(SIGN) = NONE) || IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) \ + $(Q)(test $(SIGN) = NONE) || $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) \ $(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \ $(SECONDARY_PRIVATE_KEY) 1 || true - $(Q)(test $(SIGN) = NONE) && IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true + $(Q)(test $(SIGN) = NONE) && $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true test-app/image.elf: wolfboot.elf $(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" image.elf diff --git a/include/delta.h b/include/delta.h index 6a16068c6..10ba26caa 100644 --- a/include/delta.h +++ b/include/delta.h @@ -72,6 +72,7 @@ int wb_patch_init(WB_PATCH_CTX *bm, uint8_t *src, uint32_t ssz, uint8_t *patch, int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len); int wolfBoot_get_delta_info(uint8_t part, int inverse, uint32_t **img_offset, uint32_t **img_size, uint8_t **base_hash, uint16_t *base_hash_size); +int wb_diff_get_sector_size(void); #endif diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 8a9f99e82..44c8bba98 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -30,7 +30,9 @@ extern "C" { #endif #include +#ifdef __WOLFBOOT #include "target.h" +#endif #include "wolfboot/version.h" #ifdef WOLFCRYPT_SECURE_MODE diff --git a/src/delta.c b/src/delta.c index 201360495..83e5ef6db 100644 --- a/src/delta.c +++ b/src/delta.c @@ -22,11 +22,11 @@ #include #include #include -#include /* WOLFBOOT_SECTOR_SIZE */ #define ESC 0x7f + #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \ defined(__GNUC__) #define BLOCK_HDR_PACKED __attribute__ ((packed)) @@ -46,7 +46,7 @@ struct BLOCK_HDR_PACKED block_hdr { #include "encrypt.h" #define ext_flash_check_write ext_flash_encrypt_write #define ext_flash_check_read ext_flash_decrypt_read -#else +#elif defined(__WOLFBOOT) #include "hal.h" #define ext_flash_check_write ext_flash_write #define ext_flash_check_read ext_flash_read @@ -169,6 +169,36 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len) return dst_off; } +#ifndef __WOLFBOOT + +#include +#include +#include + +static uint32_t wolfboot_sector_size = 0; + +int wb_diff_get_sector_size(void) +{ + uint32_t sec_sz = 0; + char *env_sector_size = NULL; + env_sector_size = getenv("WOLFBOOT_SECTOR_SIZE"); + if (!env_sector_size) { + fprintf(stderr, "Please set the WOLFBOOT_SECTOR_SIZE environment variable in\n" + "order to sign a delta update.\n"); + exit(6); + } else { + sec_sz = atoi(env_sector_size); + if (sec_sz == 0) { + errno = 0; + sec_sz = strtol(env_sector_size, NULL, 16); + if (errno != 0) { + fprintf(stderr, "Invalid WOLFBOOT_SECTOR_SIZE value\n"); + exit(6); + } + } + } + return sec_sz; +} int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_b, uint32_t len_b) { @@ -179,6 +209,8 @@ int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_ ctx->src_b = src_b; ctx->size_a = len_a; ctx->size_b = len_b; + wolfboot_sector_size = wb_diff_get_sector_size(); + printf("WOLFBOOT_SECTOR_SIZE: %u\n", wolfboot_sector_size); return 0; } @@ -196,7 +228,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) return -1; while ((ctx->off_b + BLOCK_HDR_SIZE < ctx->size_b) && (len > p_off + BLOCK_HDR_SIZE)) { - uintptr_t page_start = ctx->off_b / WOLFBOOT_SECTOR_SIZE; + uintptr_t page_start = ctx->off_b / wolfboot_sector_size; uintptr_t pa_start; found = 0; if (p_off + BLOCK_HDR_SIZE > len) @@ -210,14 +242,14 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) * base for the sectors that have already been updated. */ - pa_start = WOLFBOOT_SECTOR_SIZE * page_start; + pa_start = wolfboot_sector_size * page_start; pa = ctx->src_a + pa_start; while (((uintptr_t)(pa - ctx->src_a) < (uintptr_t)ctx->size_a) && (p_off < len)) { if ((uintptr_t)(ctx->size_a - (pa - ctx->src_a)) < BLOCK_HDR_SIZE) break; if ((ctx->size_b - ctx->off_b) < BLOCK_HDR_SIZE) break; - if ((WOLFBOOT_SECTOR_SIZE - (ctx->off_b % WOLFBOOT_SECTOR_SIZE)) < BLOCK_HDR_SIZE) + if ((wolfboot_sector_size - (ctx->off_b % wolfboot_sector_size)) < BLOCK_HDR_SIZE) break; if ((memcmp(pa, (ctx->src_b + ctx->off_b), BLOCK_HDR_SIZE) == 0)) { uintptr_t b_start; @@ -238,7 +270,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) /* Stop matching if the source image size limit is hit. */ break; } - if ((b_start / WOLFBOOT_SECTOR_SIZE) < ((ctx->off_b + 1) / WOLFBOOT_SECTOR_SIZE)) { + if ((b_start / wolfboot_sector_size) < ((ctx->off_b + 1) / wolfboot_sector_size)) { /* Stop matching when the sector bound is hit. */ break; } @@ -262,7 +294,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) } if (!found) { /* Try matching an earlier section in the resulting image */ - uintptr_t pb_end = page_start * WOLFBOOT_SECTOR_SIZE; + uintptr_t pb_end = page_start * wolfboot_sector_size; pb = ctx->src_b; while (((uintptr_t)(pb - ctx->src_b) < pb_end) && (p_off < len)) { /* Check image boundary */ @@ -274,7 +306,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) /* Don't try matching backwards if the distance between the two * blocks is smaller than one sector. */ - if (WOLFBOOT_SECTOR_SIZE > (page_start * WOLFBOOT_SECTOR_SIZE) + if (wolfboot_sector_size > (page_start * wolfboot_sector_size) - (pb - ctx->src_b)) break; @@ -338,5 +370,6 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len) } return (int)p_off; } +#endif /* __WOLFBOOT */ #endif /* DELTA_UPDATES */ diff --git a/test-app/app_hifive1.c b/test-app/app_hifive1.c index d224b075f..608c451e0 100644 --- a/test-app/app_hifive1.c +++ b/test-app/app_hifive1.c @@ -24,6 +24,7 @@ #include #include "hal.h" #include "wolfboot/wolfboot.h" +#include "target.h" /* Change to '1' to enable uart update */ #define UART_UPDATE 0 diff --git a/test-app/app_imx_rt.c b/test-app/app_imx_rt.c index 94c49c0c1..317826d43 100644 --- a/test-app/app_imx_rt.c +++ b/test-app/app_imx_rt.c @@ -24,6 +24,7 @@ #include "fsl_debug_console.h" #include "fsl_gpio.h" #include "fsl_iomuxc.h" +#include "target.h" static int g_pinSet = false; extern void imx_rt_init_boot_clock(void); diff --git a/test-app/app_kinetis.c b/test-app/app_kinetis.c index b603fdc23..50df518dc 100644 --- a/test-app/app_kinetis.c +++ b/test-app/app_kinetis.c @@ -27,6 +27,7 @@ #include "fsl_gpio.h" #include "fsl_clock.h" #include "wolfboot/wolfboot.h" +#include "target.h" /* FRDM-K64 board */ #if defined(CPU_MK64FN1M0VLL12) diff --git a/test-app/app_mcxa.c b/test-app/app_mcxa.c index ac77c0111..087ed4334 100644 --- a/test-app/app_mcxa.c +++ b/test-app/app_mcxa.c @@ -31,6 +31,7 @@ #include "fsl_clock.h" #include "wolfboot/wolfboot.h" +#include "target.h" extern void hal_init(void); diff --git a/test-app/app_nrf52.c b/test-app/app_nrf52.c index ad7c60b8e..593a7e9ee 100644 --- a/test-app/app_nrf52.c +++ b/test-app/app_nrf52.c @@ -25,6 +25,7 @@ #include "wolfboot/wolfboot.h" #include "hal/nrf52.h" #include "printf.h" +#include "target.h" static const char extradata[1024 * 16] = "hi!"; diff --git a/test-app/app_nrf5340.c b/test-app/app_nrf5340.c index 1042f70c4..f4459c4a3 100644 --- a/test-app/app_nrf5340.c +++ b/test-app/app_nrf5340.c @@ -25,6 +25,7 @@ #include "wolfboot/wolfboot.h" #include "hal/nrf5340.h" #include "printf.h" +#include "target.h" void gpiotoggle(uint32_t port, uint32_t pin) { diff --git a/test-app/app_nrf5340_net.c b/test-app/app_nrf5340_net.c index 8325d754a..f79ef83a3 100644 --- a/test-app/app_nrf5340_net.c +++ b/test-app/app_nrf5340_net.c @@ -25,6 +25,7 @@ #include "wolfboot/wolfboot.h" #include "hal/nrf5340.h" #include "printf.h" +#include "target.h" void gpiotoggle(uint32_t port, uint32_t pin) { diff --git a/test-app/app_renesas_rx.c b/test-app/app_renesas_rx.c index e0116926f..ffb26dfa7 100644 --- a/test-app/app_renesas_rx.c +++ b/test-app/app_renesas_rx.c @@ -28,6 +28,7 @@ #include "hal.h" #include "printf.h" #include "wolfboot/wolfboot.h" +#include "target.h" /* route stdout to UART */ int write(int fileno, char *buf, int count) diff --git a/test-app/app_sim.c b/test-app/app_sim.c index 7221a114c..e118e5a99 100644 --- a/test-app/app_sim.c +++ b/test-app/app_sim.c @@ -26,6 +26,7 @@ #include #include #include +#include "target.h" #include "wolfboot/wolfboot.h" diff --git a/test-app/app_stm32f4.c b/test-app/app_stm32f4.c index 99d54341a..c8f1db89a 100644 --- a/test-app/app_stm32f4.c +++ b/test-app/app_stm32f4.c @@ -30,6 +30,7 @@ #include "hal.h" #include "wolfboot/wolfboot.h" #include "spi_flash.h" +#include "target.h" #ifdef TARGET_stm32f4 diff --git a/test-app/app_stm32f7.c b/test-app/app_stm32f7.c index ad19d1478..842629738 100644 --- a/test-app/app_stm32f7.c +++ b/test-app/app_stm32f7.c @@ -27,6 +27,7 @@ #include "system.h" #include "wolfboot/wolfboot.h" #include "hal.h" +#include "target.h" /* UART module */ diff --git a/test-app/app_stm32h5.c b/test-app/app_stm32h5.c index 91e431260..b0250c771 100644 --- a/test-app/app_stm32h5.c +++ b/test-app/app_stm32h5.c @@ -32,6 +32,7 @@ #include "uart_drv.h" #include "wolfboot/wolfboot.h" #include "keystore.h" +#include "target.h" #ifdef SECURE_PKCS11 #include "wcs/user_settings.h" @@ -867,4 +868,4 @@ void * _sbrk(unsigned int incr) } return old_heap; } -#endif \ No newline at end of file +#endif diff --git a/test-app/app_stm32h7.c b/test-app/app_stm32h7.c index c0a029a77..bba25cc17 100644 --- a/test-app/app_stm32h7.c +++ b/test-app/app_stm32h7.c @@ -38,6 +38,7 @@ #include "system.h" #include "hal.h" #include "wolfboot/wolfboot.h" +#include "target.h" #define SET_BIT(REG, BIT) ((REG) |= (BIT)) #define CLEAR_BIT(REG, BIT) ((REG) &= ~(BIT)) diff --git a/test-app/app_stm32l0.c b/test-app/app_stm32l0.c index 8b5e2748f..b4cfe8d71 100644 --- a/test-app/app_stm32l0.c +++ b/test-app/app_stm32l0.c @@ -29,6 +29,7 @@ #ifdef SPI_FLASH #include "spi_flash.h" #endif +#include "target.h" #ifdef TARGET_stm32l0 diff --git a/test-app/app_stm32l4.c b/test-app/app_stm32l4.c index d8b85dcd9..e3073901c 100644 --- a/test-app/app_stm32l4.c +++ b/test-app/app_stm32l4.c @@ -25,6 +25,7 @@ #include "led.h" #include "hal.h" #include "wolfboot/wolfboot.h" +#include "target.h" #ifdef TARGET_stm32l4 diff --git a/test-app/app_stm32l5.c b/test-app/app_stm32l5.c index a62c1f1c4..919a060d7 100644 --- a/test-app/app_stm32l5.c +++ b/test-app/app_stm32l5.c @@ -30,6 +30,7 @@ #include "uart_drv.h" #include "wolfboot/wolfboot.h" #include "wolfboot/wc_secure.h" +#include "target.h" #ifdef SECURE_PKCS11 #include "wcs/user_settings.h" diff --git a/test-app/app_stm32u5.c b/test-app/app_stm32u5.c index ea8f56dfa..d55f3d4ea 100644 --- a/test-app/app_stm32u5.c +++ b/test-app/app_stm32u5.c @@ -28,6 +28,7 @@ #include "system.h" #include "hal.h" #include "wolfboot/wolfboot.h" +#include "target.h" #define LED_BOOT_PIN (7) /* PH7 - Discovery - Green Led */ #define LED_USR_PIN (6) /* PH6 - Discovery - Red Led */ diff --git a/test-app/app_stm32wb.c b/test-app/app_stm32wb.c index b1d051aaa..f0a4395f9 100644 --- a/test-app/app_stm32wb.c +++ b/test-app/app_stm32wb.c @@ -28,6 +28,7 @@ #include "hal.h" #include "wolfboot/wolfboot.h" #include "uart_drv.h" +#include "target.h" #ifdef TARGET_stm32wb diff --git a/tools/efi/compile_efi_linux.sh b/tools/efi/compile_efi_linux.sh index a8bbabc16..c42c0d081 100755 --- a/tools/efi/compile_efi_linux.sh +++ b/tools/efi/compile_efi_linux.sh @@ -4,6 +4,7 @@ WORK_DIR=/tmp/wolfBoot_efi BR_VER=2022.08.3 BR_DIR=buildroot-$BR_VER IMAGE_DIR=$WORK_DIR/output +. .config if (test ! -d $WORK_DIR);then mkdir -p $WORK_DIR @@ -17,10 +18,7 @@ fi BR2_EXTERNAL=$(pwd)/tools/efi/br_ext_dir make -C $WORK_DIR/$BR_DIR tiny_defconfig O=$IMAGE_DIR make -C $WORK_DIR/$BR_DIR O=$IMAGE_DIR -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +SIGN_TOOL="./tools/keytools/sign" $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 1 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 2 diff --git a/tools/keytools/Makefile b/tools/keytools/Makefile index eeae52fc2..00b0c5ee7 100644 --- a/tools/keytools/Makefile +++ b/tools/keytools/Makefile @@ -177,25 +177,11 @@ endif .PHONY: clean all -all: $(WOLFBOOTDIR)/include/target.h sign keygen +all: sign keygen debug: CFLAGS+=$(DEBUG_FLAGS) debug: all -# Target.h is required for key tools -$(WOLFBOOTDIR)/include/target.h: $(WOLFBOOTDIR)/include/target.h.in - @cat $(WOLFBOOTDIR)/include/target.h.in | \ - sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \ - sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_PARTITION_SWAP_ADDRESS@/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_DTS_BOOT_ADDRESS@/$(WOLFBOOT_DTS_BOOT_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_DTS_UPDATE_ADDRESS@/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_LOAD_ADDRESS@/$(WOLFBOOT_LOAD_ADDRESS)/g" | \ - sed -e "s/@WOLFBOOT_LOAD_DTS_ADDRESS@/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" \ - > $@ - # build objects $(OBJDIR)/%.o: %.c $(Q)$(CC) $(CFLAGS) -c -o $@ $< diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index 06bee96c0..2d6a29814 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -42,13 +42,10 @@ #include #include #include -/* target.h is a generated file based on .config (see target.h.in) - * Provides: WOLFBOOT_SECTOR_SIZE */ -#include #include #include "wolfboot/version.h" -#include "wolfboot/wolfboot.h" +//#include "wolfboot/wolfboot.h" #ifdef DEBUG_SIGNTOOL #define DEBUG_PRINT(...) fprintf(stderr, __VA_ARGS__) @@ -1798,10 +1795,9 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in struct stat st; void *base = NULL; void *buffer = NULL; - static uint8_t dest[WOLFBOOT_SECTOR_SIZE]; + uint8_t *dest = NULL; uint8_t ff = 0xff; int r; - uint32_t blksz = WOLFBOOT_SECTOR_SIZE; uint32_t patch_sz, patch_inv_sz; uint32_t patch_inv_off; uint32_t delta_base_version = 0; @@ -1811,6 +1807,17 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in int io_sz; uint8_t *base_hash = NULL; uint32_t base_hash_sz = 0; + uint32_t wolfboot_sector_size = 0; + uint32_t blksz; + + wolfboot_sector_size = wb_diff_get_sector_size(); + printf("delta update: WOLFBOOT_SECTOR_SIZE: %u\n", wolfboot_sector_size); + blksz = wolfboot_sector_size; + dest = malloc(wolfboot_sector_size); + if (!dest) { + printf("Error allocating memory to prepare patch sectors\n"); + goto cleanup; + } /* Get source file size */ if (stat(f_base, &st) < 0) { @@ -2039,6 +2046,10 @@ static int base_diff(const char *f_base, uint8_t *pubkey, uint32_t pubkey_sz, in delta_base_version, patch_sz, patch_inv_off, patch_inv_sz, base_hash, base_hash_sz); cleanup: + if (dest) { + free(dest); + dest = NULL; + } /* Unlink output file */ unlink(wolfboot_delta_file); #if HAVE_MMAP diff --git a/tools/scripts/nrf5340/build_flash.sh b/tools/scripts/nrf5340/build_flash.sh index f339b004b..26bc98574 100755 --- a/tools/scripts/nrf5340/build_flash.sh +++ b/tools/scripts/nrf5340/build_flash.sh @@ -15,6 +15,9 @@ # Build dela update version 3 and flash to external (also reprograms internal flash) # ./tools/scripts/nrf5340/build_flash.sh --delta +#import config for IMAGE_HEADER_SIZE and WOLFBOOT_SECTOR_SIZE +. config/examples/nrf5340.config + # Defaults MAKE_ARGS=" DEBUG_SYMBOLS=1" DO_CLEAN=0 @@ -28,6 +31,8 @@ DO_PROGRAM_EXT=0 DO_DELTA=0 UPDATE_VERSION=1 +SIGN_ENV=IMAGE_HEADER_SIZE=$IMAGE_HEADER_SIZE WOLFBOOT_SECTOR_SIZE=$WOLFBOOT_SECTOR_SIZE +SIGN_TOOL=tools/keytools/sign SIGN_ARGS="--ecc384 --sha384" #SIGN_ARGS="--ecc256 --sha256" @@ -161,8 +166,8 @@ fi if [[ $DO_UPDATE == 1 ]]; then # Sign flash update for testing (for network partition using --id 2) - tools/keytools/sign $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION - tools/keytools/sign $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin @@ -177,8 +182,8 @@ fi if [[ $DO_DELTA == 1 ]]; then # Sign flash update for testing (for network partition using --id 2) delta between v1 and v3 - tools/keytools/sign $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION - tools/keytools/sign $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION + $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING): echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin diff --git a/tools/scripts/prepare_encrypted_delta_update.sh b/tools/scripts/prepare_encrypted_delta_update.sh deleted file mode 100755 index 655aaa22d..000000000 --- a/tools/scripts/prepare_encrypted_delta_update.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi - -# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT") -SIZE=131023 -VERSION=7 -APP=test-app/image_v"$VERSION"_signed_diff_encrypted.bin - -# Create test key -echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der - -$SIGN_TOOL --ecc256 \ - --encrypt enc_key.der \ - --delta test-app/image_v1_signed.bin \ - test-app/image.bin wolfboot_signing_private_key.der $VERSION -dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin -dd if=$APP of=update.bin bs=1 conv=notrunc -printf "pBOOT" >> update.bin diff --git a/tools/scripts/prepare_encrypted_update.sh b/tools/scripts/prepare_encrypted_update.sh deleted file mode 100755 index 1b3661ecf..000000000 --- a/tools/scripts/prepare_encrypted_update.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi - -# SIZE is WOLFBOOT_PARTITION_SIZE - 49 (44B: key + nonce, 5B: "pBOOT") -SIZE=131023 -#SIZE=65487 -VERSION=8 -APP=test-app/image_v"$VERSION"_signed_and_encrypted.bin - -# Create test key -echo -n "0123456789abcdef0123456789abcdef0123456789ab" > enc_key.der - -$SIGN_TOOL --ecc256 --encrypt enc_key.der test-app/image.bin wolfboot_signing_private_key.der $VERSION -dd if=/dev/zero bs=$SIZE count=1 2>/dev/null | tr "\000" "\377" > update.bin -dd if=$APP of=update.bin bs=1 conv=notrunc - -printf "pBOOT" >> update.bin - -#Make a 1MB rom image for SPI -rm -f update.rom -dd if=/dev/zero bs=1M count=1 2>/dev/null | tr "\000" "\377" > update.rom -dd if=update.bin of=update.rom bs=1 conv=notrunc diff --git a/tools/scripts/prepare_update.sh b/tools/scripts/prepare_update.sh index 576690f9c..251fe93f4 100755 --- a/tools/scripts/prepare_update.sh +++ b/tools/scripts/prepare_update.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=131067 diff --git a/tools/scripts/prepare_update_l5.sh b/tools/scripts/prepare_update_l5.sh index 2ab7c39b7..9a85d8d1f 100755 --- a/tools/scripts/prepare_update_l5.sh +++ b/tools/scripts/prepare_update_l5.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. ./.config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=129019 diff --git a/tools/scripts/prepare_update_l5_dualbank.sh b/tools/scripts/prepare_update_l5_dualbank.sh index e7a3ef2e5..f4a1b3e1e 100755 --- a/tools/scripts/prepare_update_l5_dualbank.sh +++ b/tools/scripts/prepare_update_l5_dualbank.sh @@ -1,9 +1,9 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +echo IMAGE_HEADER_SIZE= $IMAGE_HEADER_SIZE +echo WOLFBOOT_SECTOR_SIZE= $WOLFBOOT_SECTOR_SIZE +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=229371 diff --git a/tools/scripts/prepare_update_u5.sh b/tools/scripts/prepare_update_u5.sh index 55090de35..29f826aea 100755 --- a/tools/scripts/prepare_update_u5.sh +++ b/tools/scripts/prepare_update_u5.sh @@ -1,9 +1,6 @@ #!/bin/bash - -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=131067 diff --git a/tools/scripts/prepare_update_u5_dualbank.sh b/tools/scripts/prepare_update_u5_dualbank.sh index e7a3ef2e5..124bc5623 100755 --- a/tools/scripts/prepare_update_u5_dualbank.sh +++ b/tools/scripts/prepare_update_u5_dualbank.sh @@ -1,9 +1,7 @@ #!/bin/bash -SIGN_TOOL="python3 ./tools/keytools/sign.py" -if [ -f "./tools/keytools/sign" ]; then - SIGN_TOOL="./tools/keytools/sign" -fi +. .config +SIGN_TOOL="./tools/keytools/sign" # SIZE is WOLFBOOT_PARTITION_SIZE - 5 SIZE=229371 diff --git a/tools/test-delta.mk b/tools/test-delta.mk index 729feb6a3..cd7967bd3 100644 --- a/tools/test-delta.mk +++ b/tools/test-delta.mk @@ -26,9 +26,9 @@ test-delta-update: distclean factory.bin test-app/image.bin tools/uart-flash-ser @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 7 - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 2 @st-flash write factory.bin 0x08000000 @echo Expecting version '1' @@ -79,7 +79,7 @@ test-delta-update-ext: distclean factory.bin test-app/image.bin tools/uart-flash @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-ext.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \ $(PRIVATE_KEY) 7 @(tools/uart-flash-server/ufserver test-app/image_v7_signed_diff.bin $(USBTTY))& @st-flash reset @@ -121,7 +121,7 @@ test-delta-enc-update-ext: distclean factory.bin test-app/image.bin tools/uart-f @st-flash erase || st-flash erase @rm -f zero.bin @diff .config config/examples/stm32wb-delta-enc-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-enc-ext.config to .config to run this test\n\n" && exit 1) - $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \ + $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \ $(ENCRYPT_STRING) --encrypt /tmp/enc_key.der \ test-app/image.bin \ $(PRIVATE_KEY) 7 diff --git a/tools/test-enc.mk b/tools/test-enc.mk index 0214417a5..7e7faff7a 100644 --- a/tools/test-enc.mk +++ b/tools/test-enc.mk @@ -24,8 +24,8 @@ tools/uart-flash-server/ufserver: FORCE test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef0123456789ab" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 @@ -47,8 +47,8 @@ test-enc-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption-aes128.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes128.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 @@ -70,8 +70,8 @@ test-enc-aes128-update: factory.bin test-app/image.bin tools/uart-flash-server/u test-enc-aes256-update: factory.bin test-app/image.bin tools/uart-flash-server/ufserver @diff .config config/examples/stm32wb-uart-flash-encryption-aes256.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-uart-flash-encryption-aes256.config to .config to run this test\n\n" && exit 1) @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) - @$(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ENC_ARGS) test-app/image.bin $(PRIVATE_KEY) $(ENC_TEST_UPDATE_VERSION) @(tools/uart-flash-server/ufserver test-app/image_v$(ENC_TEST_UPDATE_VERSION)_signed_and_encrypted.bin $(USBTTY))& @st-flash erase @st-flash write factory.bin 0x08000000 diff --git a/tools/test-renode.mk b/tools/test-renode.mk index bec829698..a3b00e294 100644 --- a/tools/test-renode.mk +++ b/tools/test-renode.mk @@ -24,26 +24,19 @@ LMS_OPTS=LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 \ XMSS_OPTS=WOLFBOOT_XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 \ IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 -# python version only supported using -# KEYGEN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/keygen.py" -ifeq ("$(KEYGEN_TOOL)","") - ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","") - KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe - else - KEYGEN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/keygen - endif +ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/keygen.exe)","") + KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen.exe +else + KEYGEN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/keygen endif -# python version only supported using -# SIGN_TOOL="python3 $(WOLFBOOT_ROOT)/tools/keytools/sign.py" -ifeq ("$(SIGN_TOOL)","") - ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") - SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe - else - SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign - endif +ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") + SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe +else + SIGN_TOOL?=$(WOLFBOOT_ROOT)/tools/keytools/sign endif +SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE) ifeq ($(TARGET),stm32f7) RENODE_CONFIG=tools/renode/stm32f746_wolfboot.resc @@ -140,7 +133,7 @@ renode-off: FORCE $(RENODE_UPDATE_FILE): test-app/image.bin FORCE - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $@ @@ -150,7 +143,7 @@ $(RENODE_UPDATE_FILE): test-app/image.bin FORCE renode-factory: factory.bin test-app/image.bin $(RENODE_UPDATE_FILE) $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 ${Q}cp test-app/image_v1_signed.bin $(TMP)/renode-test-v1.bin ${Q}cp wolfboot.elf $(TMP)/renode-wolfboot.elf ${Q}make renode-on @@ -175,8 +168,8 @@ renode-update: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc @@ -201,8 +194,8 @@ renode-no-downgrade: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 7 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 5 ${Q}dd if=test-app/image_v5_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc ${Q}printf "pBOOT" >> $(RENODE_UPDATE_FILE) @@ -225,8 +218,8 @@ renode-corrupted: factory.bin test-app/image.bin $(EXPVER) FORCE ${Q}rm -f $(RENODE_UART) ${Q}dd if=/dev/zero bs=$(POFF) count=1 2>/dev/null | tr "\000" "\377" \ > $(RENODE_UPDATE_FILE) - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 - ${Q}$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) 1 + ${Q}$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) \ $(TEST_UPDATE_VERSION) ${Q}dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin \ of=$(RENODE_UPDATE_FILE) bs=1 conv=notrunc diff --git a/tools/test.mk b/tools/test.mk index 8e88c93ce..1c96e1ebb 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -16,9 +16,9 @@ else endif ifneq ("$(wildcard $(WOLFBOOT_ROOT)/tools/keytools/sign.exe)","") - SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign.exe + SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign.exe else - SIGN_TOOL=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) $(WOLFBOOT_ROOT)/tools/keytools/sign + SIGN_TOOL=$(WOLFBOOT_ROOT)/tools/keytools/sign endif # Make sign algorithm argument @@ -138,7 +138,7 @@ test-spi-off: FORCE test-update: test-app/image.bin FORCE @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-update.bin - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.bin bs=1 conv=notrunc @printf "pBOOT" >> test-update.bin @make test-reset @@ -150,10 +150,10 @@ test-update: test-app/image.bin FORCE test-sim-external-flash-with-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1K count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) # Assembling internal flash image # $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd @@ -168,13 +168,13 @@ test-sim-external-flash-with-enc-delta-update-extradata:DELTA_UPDATE_OPTIONS=--d test-sim-external-flash-with-enc-delta-update-extradata:SIGN_ENC_ARGS=--encrypt /tmp/enc_key.der --aes128 test-sim-external-flash-with-enc-delta-update-extradata: wolfboot.bin test-app/image.elf FORCE @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image_v1_signed.bin test-app/image_v1_signed.bak $(Q)rm -f test-app/image.elf test-app/app_sim.o $(Q)make -C test-app delta-extra-data DELTA_DATA_SIZE=$(DELTA_DATA_SIZE) $(Q)cp test-app/image_v1_signed.bak test-app/image_v1_signed.bin - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_PARTITION_SIZE))) count=1 2>/dev/null $(INVERSION) > v1_part.dd $(Q)dd if=test-app/image_v1_signed.bin bs=256 of=v1_part.dd conv=notrunc @@ -192,11 +192,11 @@ test-sim-external-flash-with-enc-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc @printf "0123456789abcdef0123456789abcdef0123456789abcdef" > /tmp/enc_key.der - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(SIGN_ENC_ARGS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) $(SIGN_ENC_ARGS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) # Assembling internal flash image # @@ -217,12 +217,12 @@ test-sim-external-flash-with-enc-delta-update: test-sim-internal-flash-with-update: wolfboot.bin test-app/image.elf FORCE $(Q)cp test-app/image.elf test-app/image.bak.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) 1 $(Q)cp test-app/image.bak.elf test-app/image.elf $(Q)dd if=/dev/urandom of=test-app/image.elf bs=1k count=16 oflag=append conv=notrunc - $(Q)$(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)dd if=/dev/zero bs=$$(($(WOLFBOOT_SECTOR_SIZE))) count=1 2>/dev/null $(INVERSION) > erased_sec.dd - $(Q)$(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \ + $(Q)$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) $(DELTA_UPDATE_OPTIONS) \ test-app/image.elf $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) $(Q)$(BINASSEMBLE) internal_flash.dd \ 0 wolfboot.bin \ @@ -268,12 +268,12 @@ test-sim-rollback-flash: wolfboot.elf test-sim-internal-flash-with-update FORCE test-self-update: FORCE @mv $(PRIVATE_KEY) private_key.old @make clean factory.bin RAM_CODE=1 WOLFBOOT_VERSION=1 SIGN=$(SIGN) - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @st-flash --reset write test-app/image_v2_signed.bin 0x08020000 || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) || \ (make test-reset && sleep 1 && st-flash --reset write test-app/image_v2_signed.bin 0x08020000) @dd if=/dev/zero bs=131067 count=1 2>/dev/null $(INVERSION) > test-self-update.bin - @$(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --wolfboot-update wolfboot.bin private_key.old $(WOLFBOOT_VERSION) @dd if=wolfboot_v$(WOLFBOOT_VERSION)_signed.bin of=test-self-update.bin bs=1 conv=notrunc @printf "pBOOT" >> test-self-update.bin @st-flash --reset write test-self-update.bin 0x08040000 || \ @@ -281,7 +281,7 @@ test-self-update: FORCE (make test-reset && sleep 1 && st-flash --reset write test-self-update.bin 0x08040000) test-update-ext: test-app/image.bin FORCE - @$(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) + @$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) test-app/image.bin $(PRIVATE_KEY) $(TEST_UPDATE_VERSION) @(dd if=/dev/zero bs=1M count=1 | tr '\000' '\377' > test-update.rom) @dd if=test-app/image_v$(TEST_UPDATE_VERSION)_signed.bin of=test-update.rom bs=1 count=524283 conv=notrunc @printf "pBOOT" | dd of=test-update.rom obs=1 seek=524283 count=5 conv=notrunc