Added "otp-keystore-primer" tool

Author: danielinux

.gitignore

@@ -69,6 +69,7 @@ tools/keytools/keygen.exe
 tools/keytools/x64
 tools/keytools/Debug
 tools/keytools/Release
+tools/keytools/otp/otp-keystore-primer
 
 # delta binaries
 tools/delta/bmdiff

Makefile

@@ -127,6 +127,10 @@ ifeq ($(TARGET),nxp_t1024)
 	MAIN_TARGET:=factory_wstage1.bin
 endif
 
+ifeq ($(FLASH_OTP_ROT),1)
+	MAIN_TARGET:=include/target.h tools/keytools/otp/otp-keystore-primer factory.bin
+endif
+
 ASFLAGS:=$(CFLAGS)
 BOOTLOADER_PARTITION_SIZE?=$$(( $(WOLFBOOT_PARTITION_BOOT_ADDRESS) - $(ARCH_FLASH_OFFSET)))
 
@@ -184,6 +188,7 @@ $(PRIVATE_KEY):
 	$(Q)$(MAKE) keytools_check
 	$(Q)(test $(SIGN) = NONE) || ("$(KEYGEN_TOOL)" $(KEYGEN_OPTIONS) -g $(PRIVATE_KEY)) || true
 	$(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" >  src/keystore.c) || true
+	$(Q)(test $(FLASH_OTP_ROT) = 0) || (make -C tools/keytools/otp) || true
 
 keytools: include/target.h
 	@echo "Building key tools"
@@ -239,7 +244,7 @@ wolfboot_stage1.bin: wolfboot.elf stage1/loader_stage1.bin
 	$(Q) cp stage1/loader_stage1.bin wolfboot_stage1.bin
 
 wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(LIBS) $(BINASSEMBLE) FORCE
-	$(Q)(test $(SIGN) = NONE) || (grep -q $(SIGN_ALG) src/keystore.c) || \
+	$(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_ROT) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \
 		(echo "Key mismatch: please run 'make distclean' to remove all keys if you want to change algorithm" && false)
 	@echo "\t[LD] $@"
 	@echo $(OBJS)
@@ -279,6 +284,8 @@ hex: wolfboot.hex
 
 src/keystore.c: $(PRIVATE_KEY)
 
+flash_keystore: $(PRIVATE_KEY) src/flash_otp_keystore.o
+
 keys: $(PRIVATE_KEY)
 
 clean:
@@ -302,6 +309,7 @@ utilsclean: clean
 	$(Q)$(MAKE) -C tools/test-update-server -s clean
 	$(Q)$(MAKE) -C tools/uart-flash-server -s clean
 	$(Q)$(MAKE) -C tools/unit-tests -s clean
+	$(Q)$(MAKE) -C tools/keytools/otp -s clean
 
 keysclean: clean
 	$(Q)rm -f *.pem *.der tags ./src/*_pub_key.c ./src/keystore.c include/target.h
@@ -359,6 +367,12 @@ cppcheck:
 		--suppress="objectIndex" --suppress="comparePointers" \
 		--error-exitcode=89 --std=c89 src/*.c hal/*.c hal/spi/*.c hal/uart/*.c
 
+otp: tools/keytools/otp/otp-keystore-primer.bin
+
+tools/keytools/otp/otp-keystore-primer.bin: FORCE
+	make -C tools/keytools/otp clean
+	make -C tools/keytools/otp
+
 %.o:%.c
 	@echo "\t[CC-$(ARCH)] $@"
 	$(Q)$(CC) $(CFLAGS) -c $(OUTPUT_FLAG) $@ $^

hal/stm32h7.c

@@ -543,7 +543,7 @@ static void hal_flash_otp_lock(void)
 
 /* Public API */
 
-int hal_flash_otp_write(uint32_t flashAddress, uint16_t* data, uint16_t length)
+int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length)
 {
     volatile uint16_t tmp;
     uint16_t idx = 0;
@@ -569,28 +569,31 @@ int hal_flash_otp_write(uint32_t flashAddress, uint16_t* data, uint16_t length)
         DSB();
 
         /* Program an OTP word (16 bits) */
-        *(volatile uint16_t*)flashAddress = *(volatile uint16_t*)data;
+        *(volatile uint16_t*)flashAddress = *(const uint16_t*)data;
 
+#if 0
         /* Read it back */
         tmp = *(volatile uint16_t*)flashAddress;
         (void)tmp; /* avoid unused warnings */
-        flashAddress += sizeof(uint16_t);
-        data++;
-        idx += sizeof(uint16_t);
+#endif
 
         /* Wait for last operation to be completed */
         flash_otp_wait();
 
         /* clear OTP_PG bit */
         FLASH_OPTCR &= ~FLASH_OPTCR_PG_OTP;
+
+        flashAddress += sizeof(uint16_t);
+        data++;
+        idx += sizeof(uint16_t);
     }
 
     hal_flash_otp_lock();
     hal_flash_lock();
     return 0;
 }
 
-int hal_flash_otp_read(uint32_t flashAddress, uint16_t* data, uint32_t length)
+int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length)
 {
     uint32_t i;
     if (!(flashAddress >= FLASH_OTP_BASE && flashAddress <= FLASH_OTP_END)) {
@@ -600,7 +603,7 @@ int hal_flash_otp_read(uint32_t flashAddress, uint16_t* data, uint32_t length)
         (i < length) && (flashAddress <= (FLASH_OTP_END-1));
         i += sizeof(uint16_t))
     {
-        *data = *(volatile uint16_t*)flashAddress;
+        *(uint16_t *)data = *(volatile uint16_t*)flashAddress;
         flashAddress += sizeof(uint16_t);
         data++;
     }

include/hal.h

@@ -132,8 +132,8 @@ int hal_trng_get_entropy(unsigned char *out, unsigned len);
 
 #ifdef FLASH_OTP_ROT
 
-int hal_flash_otp_write(uint32_t flashAddress, uint16_t* data, uint16_t length);
-int hal_flash_otp_read(uint32_t flashAddress, uint16_t* data, uint32_t length);
+int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length);
+int hal_flash_otp_read(uint32_t flashAddress, void* data, uint32_t length);
 
 #endif
 

include/otp_keystore.h

@@ -0,0 +1,70 @@
+/* otp_keystore.h
+ *
+ * Helper for storing/retrieving Trust Anchor to/from OTP flash
+ *
+ *
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+#ifndef OTP_KEYSTORE_H
+#define OTP_KEYSTORE_H
+
+#if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN)
+/* Specific includes for supported targets
+ * (needed for OTP_SIZE)
+ */
+#ifdef TARGET_stm32h7
+    #include "hal/stm32h7.h"
+#else
+    #error "Unsupported target for OTP"
+#endif
+
+#include "keystore.h"
+
+#define OTP_HDR_SIZE 16
+
+struct __attribute__((packed)) wolfBoot_otp_hdr {
+    char keystore_hdr_magic[8];
+    uint16_t item_count;
+    uint16_t flags;
+    uint32_t version;
+};
+
+static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT";
+
+#if !defined(KEYSTORE_ANY) && (KEYSTORE_PUBKEY_SIZE != KEYSTORE_PUBKEY_SIZE_ECC256)
+	#error Key algorithm mismatch. Remove old keys via 'make keysclean'
+#else
+
+#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT)
+
+#if (OTP_SIZE == 0)
+#error WRONG OTP SIZE
+#endif
+
+#if (KEYSTORE_MAX_PUBKEYS < 1)
+    #error "No space for any keystores in OTP with current algorithm"
+#endif
+
+#endif /* KEYSTORE_ANY */
+
+#endif /* FLASH_OTP_ROT */ 
+
+#endif /* OTP_KEYSTORE_H */

include/wolfboot/wolfboot.h

@@ -330,6 +330,7 @@ int wolfBoot_set_encrypt_key(const uint8_t *key, const uint8_t *nonce);
 int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce);
 int wolfBoot_erase_encrypt_key(void);
 
+
 #ifdef __cplusplus
 }
 #endif

src/flash_otp_keystore.c

@@ -27,38 +27,14 @@
 #include "wolfboot/wolfboot.h"
 #include "keystore.h"
 #include "hal.h"
+#include "otp_keystore.h"
 
 #if defined(FLASH_OTP_ROT) && !defined(WOLFBOOT_NO_SIGN)
 
-#ifdef TARGET_stm32h7
-#include "hal/stm32h7.h"
-#endif
-
-#define OTP_HDR_SIZE 16
-
-struct wolfBoot_otp_hdr_size {
-    char keystore_hdr_magic[8];
-    uint16_t item_count;
-    uint16_t flags;
-    uint32_t version;
-};
-
-static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT";
-
-#if !defined(KEYSTORE_ANY) && (KEYSTORE_PUBKEY_SIZE != KEYSTORE_PUBKEY_SIZE_ECC256)
-	#error Key algorithm mismatch. Remove old keys via 'make keysclean'
-#else
-
-#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT)
-
-#if (KEYSTORE_MAX_PUBKEYS < 1)
-    #error "No space for keystore in OTP with current algorithm"
-#endif
-
 int keystore_num_pubkeys(void)
 {
     uint8_t otp_header[OTP_HDR_SIZE];
-    struct wolfBoot_otp_hdr_size *hdr = (struct wolfBoot_otp_hdr_size *)otp_header;
+    struct wolfBoot_otp_hdr *hdr = (struct wolfBoot_otp_hdr *)otp_header;
     if (hal_flash_otp_read(FLASH_OTP_BASE, (void *)otp_header, OTP_HDR_SIZE) != 0)
         return 0;
     if (memcmp(hdr->keystore_hdr_magic, KEYSTORE_HDR_MAGIC, 8) != 0) {
@@ -123,6 +99,5 @@ uint32_t keystore_get_key_type(int id)
     return slot->key_type;
 }
 
-#endif /* Keystore public key size check */
 
 #endif /* FLASH_OTP_ROT && !WOLFBOOT_NO_SIGN */

tools/keytools/otp/Makefile

@@ -0,0 +1,36 @@
+-include ../../../.config
+-include ../../../tools/config.mk
+-include ../../../options.mk
+-include ../../../wcs/pkcs11.mk
+
+TARGET?=none
+ARCH?=ARM
+CROSS_COMPILE?=arm-none-eabi-
+CFLAGS+=-O0 -ggdb
+CFLAGS+=-I. -I../../../ -I../../../include
+CFLAGS+=-I./wcs
+CFLAGS+=-DFLASH_OTP_ROT
+OBJS+=startup.o otp-keystore-primer.o ../../../src/keystore.o
+LSCRIPT=target.ld
+LDFLAGS+=$(CFLAGS) -T$(LSCRIPT) -lc -Wl,-Map=otp-keystore-primer.map
+
+ifeq ($(TARGET),stm32h7)
+    CFLAGS+=-DTARGET_stm32h7
+    CFLAGS+=-mcpu=cortex-m7 -ffunction-sections -fdata-sections -fno-common -ffreestanding -nostartfiles
+    OBJS+=../../../hal/stm32h7.o
+endif
+CC=$(CROSS_COMPILE)gcc
+OBJCOPY?=$(CROSS_COMPILE)objcopy
+SIZE?=$(CROSS_COMPILE)size
+
+
+otp-keystore-primer.bin: otp-keystore-primer.elf
+	@$(OBJCOPY) -O binary $(^) $(@)
+
+otp-keystore-primer.elf: $(OBJS)
+	@$(CC) -o otp-keystore-primer.elf $(LDFLAGS) $(CFLAGS) $(OBJS)
+	@$(SIZE) $(@)
+	
+
+clean:
+	@rm -rf $(OBJS) *.bin *.elf

tools/keytools/otp/otp-keystore-primer.c

@@ -0,0 +1,61 @@
+/* otp-keystore-primer.c
+ *
+ * Primer app to provision public keys into OTP flash
+ *
+ *
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <stdint.h>
+#include <string.h>
+#include "hal.h"
+#include "otp_keystore.h"
+
+extern struct keystore_slot PubKeys[];
+
+void main(void)
+{
+    int n_keys = keystore_num_pubkeys();
+    int i;
+    struct wolfBoot_otp_hdr hdr;
+    memcpy(hdr.keystore_hdr_magic, KEYSTORE_HDR_MAGIC, 8);
+    hdr.item_count = n_keys;
+    hdr.flags = 0;
+    hdr.version = WOLFBOOT_VERSION;
+
+    /* Sanity check to avoid writing an empty keystore */
+    if (n_keys < 1) {
+        while(1)
+            ;
+    }
+
+    /* Write the header to the beginning of the OTP memory */
+    hal_flash_otp_write(FLASH_OTP_BASE, (uint16_t *)&hdr, sizeof(hdr));
+
+    for (i = 0; i < n_keys; i++) {
+        /* Write each public key to its slot in OTP */
+        hal_flash_otp_write(FLASH_OTP_BASE +
+                OTP_HDR_SIZE + i * SIZEOF_KEYSTORE_SLOT, (uint16_t *)&PubKeys[i],
+                sizeof(struct keystore_slot));
+    }
+
+    /* Done! */
+    while(1)
+        ;
+
+}