Added support for treating external FRAM as internal flash. Added check on image header size and sector size. Expanded the ML-DSA testing. Improved the Vorago build_test scripts to use .config for parameters. Made EDAC parameters build-time macros.

Author: dgarske

.github/workflows/test-configs.yml

@@ -463,11 +463,12 @@ jobs:
 
   # TODO: ti-tms570lc435.config requires CCS_ROOT
 
-  vorago_va416x0_test:
-    uses: ./.github/workflows/test-build.yml
-    with:
-      arch: arm
-      config-file: ./config/examples/vorago_va416x0.config
+  # Cannot run on CI without the SDK (see VORAGO_SDK_DIR)
+  # vorago_va416x0_test:
+  #   uses: ./.github/workflows/test-build.yml
+  #   with:
+  #     arch: arm
+  #     config-file: ./config/examples/vorago_va416x0.config
 
   x86_64_efi_test:
     uses: ./.github/workflows/test-build.yml

.github/workflows/test-renode-nrf52.yml

@@ -61,16 +61,23 @@ jobs:
 
 # LMS TEST
       - name: Renode Tests LMS-8-5-5
-        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288"
+        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288 WOLFBOOT_SECTOR_SIZE=0x2000"
 
 # XMSS TEST
       - name: Renode Tests XMSS-SHA2_10_256
-        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000"
+        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 WOLFBOOT_SECTOR_SIZE=0x2000"
 
-# ML-DSA TEST
+# ML-DSA Level 2 TEST
       - name: Renode Tests ML-DSA-44
-        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840"
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840 WOLFBOOT_SECTOR_SIZE=0x2000"
 
+# ML-DSA Level 3 TEST
+      - name: Renode Tests ML-DSA-65
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=3 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=3309 IMAGE_HEADER_SIZE=8192 WOLFBOOT_SECTOR_SIZE=0x2000"
+
+# ML-DSA Level 5 TEST
+      - name: Renode Tests ML-DSA-87
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=5 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=4627 IMAGE_HEADER_SIZE=12288 WOLFBOOT_SECTOR_SIZE=0x3000"
 
       - name: Upload Output Dir
         uses: actions/upload-artifact@v4

.github/workflows/test-sunnyday-simulator.yml

@@ -104,12 +104,12 @@ jobs:
       - name: Run dualbank swap simulation
         run: |
           tools/scripts/sim-dualbank-swap-update.sh
-      
+
       - name: Cleanup before WOLFBOOT_SMALL_STACK test
         run: |
           make keysclean
           mv .config.orig .config
-      
+
       - name: Build wolfboot.elf (ECC256, WOLFBOOT_SMALL_STACK)
         run: |
           make clean && make test-sim-internal-flash-with-update SIGN=ECC256 WOLFBOOT_SMALL_STACK=1 SPMATH=1
@@ -617,10 +617,18 @@ jobs:
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-xmss.config
 
-      - name: Run sunny day ML-DSA update test
+      - name: Run sunny day ML-DSA level 2 update test
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa.config
 
+      - name: Run sunny day ML-DSA level 3 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa3.config
+
+      - name: Run sunny day ML-DSA level 5 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa5.config
+
       # 64 Bit simulator, Hybrid auth ML_DSA + ECDSA
       #
       - name: make clean

config/examples/sim-ml-dsa.config

@@ -49,7 +49,7 @@ IMAGE_HEADER_SIZE=8192
 # ML_DSA_LEVEL=5
 # IMAGE_SIGNATURE_SIZE=4627
 # IMAGE_HEADER_SIZE=12288
-# This example needsd larger sector size.
+# NOTE: This example needs larger sector size.
 # WOLFBOOT_SECTOR_SIZE=0x3000
 #
 

config/examples/sim-ml-dsa3.config

@@ -0,0 +1,52 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 3:
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE=8192
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x2000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-ml-dsa5.config

@@ -0,0 +1,53 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 5:
+ML_DSA_LEVEL=5
+IMAGE_SIGNATURE_SIZE=4627
+IMAGE_HEADER_SIZE=12288
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+# This example needs larger sector size.
+WOLFBOOT_SECTOR_SIZE=0x3000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/vorago_va416x0.config

@@ -1,16 +1,26 @@
 ARCH?=ARM
 CORTEX_M4?=1
 TARGET?=va416x0
+
+# ECDSA P384 and SHA384
 SIGN?=ECC384
 HASH?=SHA384
 IMAGE_HEADER_SIZE=512
+
+# ML-DSA Level 5 (87)
+#SIGN=ML_DSA
+#HASH=SHA256
+#ML_DSA_LEVEL=5
+#IMAGE_SIGNATURE_SIZE=4627
+#IMAGE_HEADER_SIZE=12288
+
 WOLFBOOT_VERSION?=1
 ARMORED?=1
 DEBUG?=0
 DEBUG_SYMBOLS?=1
 DEBUG_UART?=1
 VTOR?=1
-EXT_FLASH?=1
+EXT_FLASH?=0
 SPI_FLASH?=0
 NO_XIP?=1
 NVM_FLASH_WRITEONCE?=0
@@ -35,19 +45,34 @@ NO_ARM_ASM?=0
 # Optional: Use smaller SHA512
 #CFLAGS_EXTRA+=-DUSE_SLOW_SHA512
 
-# 2KB sector
-WOLFBOOT_SECTOR_SIZE?=0x800
-
 # 38KB boot, 108KB partitions, 2KB swap
+WOLFBOOT_SECTOR_SIZE?=0x800
 WOLFBOOT_PARTITION_SIZE?=0x1B000
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
 WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800
 
+# ML-DSA 5: 36KB boot, 104KB partitions, 12KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x3000
+#WOLFBOOT_PARTITION_SIZE?=0x1A000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9000
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x23000
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3D000
+
+# Debug: 64KB boot, 95KB partitions, 2KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x800
+#WOLFBOOT_PARTITION_SIZE?=0x18000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xFC00
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x27C00
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3FC00
+
 # Vorago SDK common drivers directory
 VORAGO_SDK_DIR?=$(PWD)/../VA416xx_SDK/
 
 # Use Verago FRAM driver
 USE_HAL_SPI_FRAM=1
 
 #CFLAGS_EXTRA+=-DDEBUG_EXT_FLASH
+
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_RAM_SCRUB=1000
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_ROM_SCRUB=125

docs/PQ.md

@@ -26,6 +26,8 @@ In terms of relative tradeoffs:
 See these config files for simulated target examples:
 
 - `config/examples/sim-ml-dsa.config`
+- `config/examples/sim-ml-dsa3.config`
+- `config/examples/sim-ml-dsa5.config`
 - `config/examples/sim-lms.config`
 - `config/examples/sim-xmss.config`
 
@@ -60,15 +62,16 @@ all depend on the parameter set:
 
 ### ML-DSA Config
 
-A new ML-DSA sim example has been added here:
+See ML-DSA sim examples here:
 
 ```
 config/examples/sim-ml-dsa.config
+config/examples/sim-ml-dsa3.config
+config/examples/sim-ml-dsa5.config
 ```
 
 The security category level is configured with `ML_DSA_LEVEL=<num>`, where
-num = 2, 3, 5. Here is an example from the `sim-ml-dsa.config` for category
-2:
+num = 2, 3, 5. Here is an example for level 2:
 
 ```
 # ML-DSA config examples:

docs/Targets.md

@@ -3586,12 +3586,12 @@ FLASH: The VA41630 has 256KB of internal SPI FRAM (for the VA41620 its external)
 
 Default flash layout:
 
-| Partition | Size  | Address | Description |
-|-----------|-------|---------|-------------|
-| Boot      | 38KB  | 0x0     | Bootloader partition |
-| Boot      | 108KB | 0x9800  | Boot partition |
-| Update    | 108KB | 0x24800 | Update partition |
-| Swap      | 2KB   | 0x3F800 | Swap area |
+| Partition   | Size  | Address | Description |
+|-------------|-------|---------|-------------|
+| Bootloader  | 38KB  | 0x0     | Bootloader partition |
+| Application | 108KB | 0x9800  | Boot partition |
+| Update      | 108KB | 0x24800 | Update partition |
+| Swap        | 2KB   | 0x3F800 | Swap area |
 
 SRAM: 64KB on-chip SRAM and 256KB on-chip instruction/program memory
 

hal/imx_rt.c

@@ -67,7 +67,6 @@
 
 /* #define DEBUG_EXT_FLASH */
 
-#ifdef __WOLFBOOT
 
 /** Built-in ROM API for bootloaders **/
 
@@ -850,7 +849,7 @@ static int hal_flash_init(void);
 
 void hal_init(void)
 {
-#ifdef WOLFSSL_IMXRT_DCP
+#if defined(__WOLFBOOT) && defined(WOLFSSL_IMXRT_DCP)
     wc_dcp_init();
 #endif
     ARM_MPU_Disable();
@@ -866,8 +865,6 @@ void hal_prepare_boot(void)
 {
 }
 
-#endif /* __WOLFBOOT */
-
 static int RAMFUNCTION hal_flash_init(void)
 {
     status_t ret = 0;