Set trailer on BOOT partition when storing the enc key

danielinux · danielinux · commit 8b732503246f · 2024-07-17T17:00:11.000+02:00
diff --git a/src/libwolfboot.c b/src/libwolfboot.c
@@ -196,6 +196,12 @@ static int RAMFUNCTION nvm_select_fresh_sector(int part)
     uint32_t word_0;
     uint32_t word_1;
 
+#ifdef EXT_FLASH
+    if ((part == PART_UPDATE) && FLAGS_UPDATE_EXT()) {
+        return 0;
+    }
+#endif
+
     hal_cache_invalidate();
 
     if (part == PART_BOOT) {
@@ -219,6 +225,7 @@ static int RAMFUNCTION nvm_select_fresh_sector(int part)
     word_1 = *((uint32_t*)((uintptr_t)base - (WOLFBOOT_SECTOR_SIZE + magic_off +
                     sizeof(uint32_t))));
 
+
     if (word_0 == WOLFBOOT_MAGIC_TRAIL && word_1 != WOLFBOOT_MAGIC_TRAIL) {
         sel = 0;
         goto finish;
@@ -287,6 +294,7 @@ static int RAMFUNCTION trailer_write(uint8_t part, uintptr_t addr, uint8_t val)
     uintptr_t addr_off = addr & (NVM_CACHE_SIZE - 1);
     int ret = 0;
 
+
     nvm_cached_sector = nvm_select_fresh_sector(part);
     addr_read = addr_align - (nvm_cached_sector * NVM_CACHE_SIZE);
     XMEMCPY(NVM_CACHE, (void*)addr_read, NVM_CACHE_SIZE);
@@ -329,6 +337,7 @@ static int RAMFUNCTION partition_magic_write(uint8_t part, uintptr_t addr)
     uintptr_t base = (uintptr_t)addr - off;
     uintptr_t addr_read, addr_write;
     int ret;
+
     nvm_cached_sector = nvm_select_fresh_sector(part);
     addr_read = base - (nvm_cached_sector * NVM_CACHE_SIZE);
     addr_write = base - (!nvm_cached_sector * NVM_CACHE_SIZE);
@@ -1403,6 +1412,7 @@ static int RAMFUNCTION hal_set_key(const uint8_t *k, const uint8_t *nonce)
 int RAMFUNCTION wolfBoot_set_encrypt_key(const uint8_t *key,
     const uint8_t *nonce)
 {
+    set_partition_magic(PART_BOOT);
     hal_set_key(key, nonce);
     return 0;
 }
@@ -1670,10 +1680,6 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data,
     if (sz < ENCRYPT_BLOCK_SIZE) {
         sz = ENCRYPT_BLOCK_SIZE;
     }
-    if (!encrypt_initialized) {
-        if (crypto_init() < 0)
-            return -1;
-    }
     part = part_address(address);
     switch (part) {
         case PART_UPDATE:
@@ -1684,6 +1690,10 @@ int RAMFUNCTION ext_flash_encrypt_write(uintptr_t address, const uint8_t *data,
                     ENCRYPT_BLOCK_SIZE) {
                 return ext_flash_write(address, data, len);
             }
+            if (!encrypt_initialized) {
+                if (crypto_init() < 0)
+                    return -1;
+            }
             crypto_set_iv(encrypt_iv_nonce, iv_counter);
             break;
         case PART_SWAP:
@@ -1752,10 +1762,6 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len
     if (row_offset != 0) {
         row_address = address & ~(ENCRYPT_BLOCK_SIZE - 1);
     }
-    if (!encrypt_initialized) {
-        if (crypto_init() < 0)
-            return -1;
-    }
     part = part_address(row_address);
     switch (part) {
         case PART_UPDATE:
@@ -1766,6 +1772,11 @@ int RAMFUNCTION ext_flash_decrypt_read(uintptr_t address, uint8_t *data, int len
                     ENCRYPT_BLOCK_SIZE) {
                 return ext_flash_read(address, data, len);
             }
+            if (!encrypt_initialized) {
+                if (crypto_init() < 0) {
+                    return -1;
+                }
+            }
             crypto_set_iv(encrypt_iv_nonce, iv_counter);
             break;
         case PART_SWAP:
@@ -1847,18 +1858,15 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst)
     uint32_t dst_offset = 0, iv_counter = 0;
     uint32_t magic, len;
 
-    wolfBoot_printf("Decrypting %p to %p\n", src, dst);
 
     if (!encrypt_initialized) {
         if (crypto_init() < 0) {
-            wolfBoot_printf("Error initializing crypto!\n");
             return -1;
         }
     }
 
     /* Attempt to decrypt firmware header */
     if (decrypt_header(src) != 0) {
-        wolfBoot_printf("Error decrypting header at %p!\n", src);
         return -1;
     }
     len = *((uint32_t*)(dec_hdr + sizeof(uint32_t)));
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -501,6 +501,7 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     uint32_t up_v;
 #endif
 
+
     /* No Safety check on open: we might be in the middle of a broken update */
     wolfBoot_open_image(&update, PART_UPDATE);
     wolfBoot_open_image(&boot, PART_BOOT);
@@ -819,7 +820,8 @@ void RAMFUNCTION wolfBoot_start(void)
     bootRet = wolfBoot_get_partition_state(PART_BOOT, &bootState);
     updateRet = wolfBoot_get_partition_state(PART_UPDATE, &updateState);
 
-#ifndef DISABLE_BACKUP
+
+#if !defined(DISABLE_BACKUP) && !defined(EXT_ENCRYPTED)
     /* resume the final erase in case the power failed before it finished */
     resumedFinalErase = wolfBoot_swap_and_final_erase(1);
     if (resumedFinalErase != 0)
diff --git a/test-app/app_sim.c b/test-app/app_sim.c
@@ -61,6 +61,12 @@ int do_cmd(const char *cmd)
         printf("%d\n", wolfBoot_current_firmware_version());
         return 0;
     }
+    if (strcmp(cmd, "get_state") == 0) {
+        uint8_t st = 0;
+        wolfBoot_get_partition_state(PART_UPDATE, &st);
+        printf("%02x\n", st);
+        return 0;
+    }
     if (strcmp(cmd, "success") == 0) {
         wolfBoot_success();
         return 0;
diff --git a/tools/unit-tests/unit-enc-nvm.c b/tools/unit-tests/unit-enc-nvm.c
@@ -99,16 +99,46 @@ void hal_prepare_boot(void)
 
 int ext_flash_erase(uintptr_t address, int len)
 {
+    printf("%s", __FUNCTION__);
+    if ((address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS) &&
+            (address < WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE)) {
+        erased_update++;
+        memset(address, 0xFF, len);
+        if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE) {
+            erased_nvm_bank0++;
+        } else if (address >= WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE - 2 * WOLFBOOT_SECTOR_SIZE) {
+            erased_nvm_bank1++;
+        }
+    } else if ((address >= WOLFBOOT_PARTITION_SWAP_ADDRESS) &&
+            (address < WOLFBOOT_PARTITION_SWAP_ADDRESS + WOLFBOOT_SECTOR_SIZE)) {
+        erased_swap++;
+        memset(address, 0xFF, len);
+    } else {
+        fail("Invalid address\n");
+        return -1;
+    }
     return 0;
 }
 
 int ext_flash_write(uintptr_t address, const uint8_t *data, int len)
 {
+    int i;
+    uint8_t *a = (uint8_t *)address;
+    fail_if(locked, "Attempting to write to a locked FLASH");
+    printf("%s", __FUNCTION__);
+    for (i = 0; i < len; i++) {
+        a[i] = data[i];
+    }
     return 0;
 }
 
 int ext_flash_read(uintptr_t address, uint8_t *data, int len)
 {
+    int i;
+    uint8_t *a = (uint8_t *)address;
+    for (i = 0; i < len; i++) {
+         data[i] = a[i];
+    }
     return 0;
 }
 
