Skip to content

Commit bd179ed

Browse files
dgarskedanielinux
dgarske
authored and
danielinux
committed
Added TSIP support to the set_key, get_key and erase_key API's. Finished full encrypted update testing on Renesas RX with TSIP. Fixed issue with No rule to make target NONE’` using encrypted AES.
1 parent 566f3b9 commit bd179ed

File tree

2 files changed

+31
-22
lines changed

2 files changed

+31
-22
lines changed

options.mk

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -765,9 +765,7 @@ OBJS+=$(SECURE_OBJS)
765765
#
766766
ifeq ($(RAM_CODE),1)
767767
ifeq ($(ENCRYPT),1)
768-
ifneq ($(ENCRYPT_WITH_CHACHA),1)
769-
LSCRIPT_IN=NONE
770-
else
768+
ifeq ($(ENCRYPT_WITH_CHACHA),1)
771769
LSCRIPT_IN=hal/$(TARGET)_chacha_ram.ld
772770
endif
773771
endif

src/libwolfboot.c

Lines changed: 30 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1335,6 +1335,14 @@ int wolfBoot_fallback_is_possible(void)
13351335
#ifdef EXT_ENCRYPTED
13361336
#include "encrypt.h"
13371337

1338+
#if defined(WOLFBOOT_RENESAS_TSIP)
1339+
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
1340+
1341+
/* Provides wrap_enc_key_t structure generated using
1342+
* Renesas Security Key Management Tool. See docs/Renesas.md */
1343+
#include "enckey_data.h"
1344+
#endif
1345+
13381346
#if !defined(EXT_FLASH) && !defined(MMU)
13391347
#error option EXT_ENCRYPTED requires EXT_FLASH or MMU mode
13401348
#endif
@@ -1357,20 +1365,25 @@ static uint8_t ENCRYPT_KEY[ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE];
13571365

13581366
static int RAMFUNCTION hal_set_key(const uint8_t *k, const uint8_t *nonce)
13591367
{
1368+
#ifdef WOLFBOOT_RENESAS_TSIP
1369+
/* must be flashed to RENESAS_TSIP_INSTALLEDENCKEY_ADDR */
1370+
(void)k;
1371+
(void)nonce;
1372+
return 0;
1373+
#elif defined(MMU)
1374+
XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE);
1375+
XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE);
1376+
return 0;
1377+
#else
13601378
uintptr_t addr, addr_align, addr_off;
13611379
int ret = 0;
13621380
int sel_sec = 0;
13631381
uint32_t trailer_relative_off = 4;
1364-
1365-
#if !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) && !defined(WOLFBOOT_ENCRYPT_CACHE)
1382+
#if !defined(WOLFBOOT_SMALL_STACK) && !defined(NVM_FLASH_WRITEONCE) && \
1383+
!defined(WOLFBOOT_ENCRYPT_CACHE)
13661384
uint8_t ENCRYPT_CACHE[NVM_CACHE_SIZE] XALIGNED_STACK(32);
13671385
#endif
13681386

1369-
#ifdef MMU
1370-
XMEMCPY(ENCRYPT_KEY, k, ENCRYPT_KEY_SIZE);
1371-
XMEMCPY(ENCRYPT_KEY + ENCRYPT_KEY_SIZE, nonce, ENCRYPT_NONCE_SIZE);
1372-
return 0;
1373-
#else
13741387
addr = ENCRYPT_TMP_SECRET_OFFSET + WOLFBOOT_PARTITION_BOOT_ADDRESS;
13751388
addr_align = addr & (~(WOLFBOOT_SECTOR_SIZE - 1));
13761389
addr_off = addr & (WOLFBOOT_SECTOR_SIZE - 1);
@@ -1463,7 +1476,11 @@ int RAMFUNCTION wolfBoot_set_encrypt_key(const uint8_t *key,
14631476
*/
14641477
int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *k, uint8_t *nonce)
14651478
{
1466-
#if defined(MMU)
1479+
#ifdef WOLFBOOT_RENESAS_TSIP
1480+
wrap_enc_key_t* enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR;
1481+
XMEMCPY(k, enc_key->encrypted_user_key, ENCRYPT_KEY_SIZE);
1482+
XMEMCPY(nonce, enc_key->initial_vector, ENCRYPT_NONCE_SIZE);
1483+
#elif defined(MMU)
14671484
XMEMCPY(k, ENCRYPT_KEY, ENCRYPT_KEY_SIZE);
14681485
XMEMCPY(nonce, ENCRYPT_KEY + ENCRYPT_KEY_SIZE, ENCRYPT_NONCE_SIZE);
14691486
#else
@@ -1491,7 +1508,9 @@ int RAMFUNCTION wolfBoot_get_encrypt_key(uint8_t *k, uint8_t *nonce)
14911508
*/
14921509
int RAMFUNCTION wolfBoot_erase_encrypt_key(void)
14931510
{
1494-
#if defined(MMU)
1511+
#ifdef WOLFBOOT_RENESAS_TSIP
1512+
/* nothing to erase */
1513+
#elif defined(MMU)
14951514
ForceZero(ENCRYPT_KEY, ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE);
14961515
#else
14971516
uint8_t ff[ENCRYPT_KEY_SIZE + ENCRYPT_NONCE_SIZE];
@@ -1554,14 +1573,6 @@ int RAMFUNCTION chacha_init(void)
15541573

15551574
Aes aes_dec, aes_enc;
15561575

1557-
#if defined(WOLFBOOT_RENESAS_TSIP)
1558-
#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
1559-
1560-
/* Provides wrap_enc_key_t structure generated using
1561-
* Renesas Security Key Management Tool. See docs/Renesas.md */
1562-
#include "enckey_data.h"
1563-
#endif
1564-
15651576
/**
15661577
* @brief Initialize AES encryption.
15671578
*
@@ -1586,7 +1597,7 @@ int aes_init(void)
15861597
key = enc_key->encrypted_user_key;
15871598
stored_nonce = enc_key->initial_vector;
15881599
wolfCrypt_Init(); /* required to setup the crypto callback defaults */
1589-
#else
1600+
#else /* non TSIP */
15901601
devId = INVALID_DEVID;
15911602
#if defined(MMU) || defined(UNIT_TEST)
15921603
key = ENCRYPT_KEY;
@@ -1598,7 +1609,7 @@ int aes_init(void)
15981609
key -= WOLFBOOT_SECTOR_SIZE * nvm_select_fresh_sector(PART_BOOT);
15991610
#endif
16001611
stored_nonce = key + ENCRYPT_KEY_SIZE;
1601-
#endif
1612+
#endif /* WOLFBOOT_RENESAS_TSIP */
16021613

16031614
XMEMSET(&aes_enc, 0, sizeof(aes_enc));
16041615
XMEMSET(&aes_dec, 0, sizeof(aes_dec));

0 commit comments

Comments
 (0)