Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 28 additions & 0 deletions .github/workflows/test-configs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -804,6 +804,34 @@ jobs:
arch: host
config-file: ./config/examples/sim-wolfHSM-server-certchain-rsa4096.config

sim_wolfhsm_server_certchain_rsa2048_ca_test:
uses: ./.github/workflows/test-build.yml
with:
arch: host
config-file: ./config/examples/sim-wolfHSM-server-certchain-rsa2048-ca.config

# Auxiliary algorithms (AUX_PK_ALGOS/AUX_HASH_ALGOS) compile-only matrix
sim_aux_algos_ed25519_rsa_ecc_test:
uses: ./.github/workflows/test-build.yml
with:
arch: host
config-file: ./config/examples/sim.config
make-args: AUX_PK_ALGOS=rsa4096,ecc384 AUX_HASH_ALGOS=sha384,sha512

sim_aux_algos_multi_rsa_test:
uses: ./.github/workflows/test-build.yml
with:
arch: host
config-file: ./config/examples/sim.config
make-args: SIGN=RSA2048 AUX_PK_ALGOS=rsa4096,rsapss2048,ecc521,ed448 AUX_HASH_ALGOS=sha3

sim_aux_algos_tpm_fallback_test:
uses: ./.github/workflows/test-build.yml
with:
arch: host
config-file: ./config/examples/sim.config
make-args: WOLFTPM=1 SIM_TPM=1

rp2350_test:
uses: ./.github/workflows/test-build-pico-sdk.yml
with:
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/test-wolfhsm-simulator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,11 @@ jobs:
needs_posix_server: false
posix_server_nvminit: false
needs_nvm_image: true
- name: "wolfHSM server cert chain verify RSA2048/SHA384 CA, ECC256 leaf"
file: "config/examples/sim-wolfHSM-server-certchain-rsa2048-ca.config"
needs_posix_server: false
posix_server_nvminit: false
needs_nvm_image: true

fail-fast: false

Expand Down
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -432,7 +432,7 @@ ifeq ($(USER_PRIVATE_KEY),)
$(Q)(test $(SIGN) = NONE) || ($(SIGN_ENV) "$(KEYGEN_TOOL)" $(KEYGEN_OPTIONS) -g wolfboot_signing_private_key.der) || true
$(Q)(test $(SIGN) = NONE) && (echo "// SIGN=NONE" > src/keystore.c) || true
$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
$(Q)(test $(SIGN) = NONE) || (test "$(CERT_CHAIN_VERIFY)" = "") || (test "$(USER_CERT_CHAIN)" != "") || (tools/scripts/sim-gen-dummy-chain.sh --algo $(CERT_CHAIN_GEN_ALGO) --leaf wolfboot_signing_private_key.der)
$(Q)(test $(SIGN) = NONE) || (test "$(CERT_CHAIN_VERIFY)" = "") || (test "$(USER_CERT_CHAIN)" != "") || (tools/scripts/sim-gen-dummy-chain.sh --leaf-algo $(CERT_CHAIN_GEN_LEAF_ALGO) --ca-algo $(CERT_CHAIN_GEN_CA_ALGO) --ca-hash $(CERT_CHAIN_GEN_CA_HASH) --leaf wolfboot_signing_private_key.der)
else
@echo "Using user-provided private key: $(USER_PRIVATE_KEY)"
endif
Expand Down
36 changes: 36 additions & 0 deletions config/examples/sim-wolfHSM-server-certchain-rsa2048-ca.config
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
ARCH=sim
TARGET=sim
SIGN?=ECC256
HASH?=SHA256
WOLFBOOT_SMALL_STACK?=0
SPI_FLASH=0
DEBUG=0
SPMATH=1

# Cert chain options: leaf follows SIGN (ecc256), CA certs use RSA2048
# signed with SHA-384. The CA algorithms are compiled in automatically
# through AUX_PK_ALGOS/AUX_HASH_ALGOS.
CERT_CHAIN_VERIFY=1
CERT_CHAIN_GEN_CA_ALGO=rsa2048
CERT_CHAIN_GEN_CA_HASH=sha384

# Ensure header is large enough to hold the cert chain (check sign tool output)
# for actual length
IMAGE_HEADER_SIZE=4096

# wolfHSM options
WOLFHSM_SERVER=1

# sizes should be multiple of system page size
WOLFBOOT_PARTITION_SIZE=0x200000
WOLFBOOT_SECTOR_SIZE=0x1000
WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
# if on external flash, it should be multiple of system page size
WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x280000
WOLFBOOT_PARTITION_SWAP_ADDRESS=0x480000

# required for keytools
WOLFBOOT_FIXED_PARTITIONS=1

# For debugging XMALLOC/XFREE
#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC
6 changes: 6 additions & 0 deletions docs/TPM.md
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ In wolfBoot we support TPM based root of trust, sealing/unsealing, cryptographic
| (header macro) | `WOLFBOOT_TPM_MFG_AIK_AUTH` / `WOLFBOOT_TPM_MFG_EH_AUTH` | Default (precomputed) mode: the 16-byte per-device AIK / EH authValues (placeholder `0xFF` default). |
| (header macro) | `WOLFBOOT_TPM_MFG_EH_MASTER` | Derive mode: override the endorsement-hierarchy master value (16-byte initializer list, sample default). |

The TPM primary key (SRK) and parameter encryption need ECC or RSA in
wolfCrypt. When `WOLFTPM=1` and neither `SIGN`, `SIGN_SECONDARY`, nor
`AUX_PK_ALGOS` provides one (e.g. `SIGN=ML_DSA` or `SIGN=ED25519`), the build
automatically adds `ecc256` to `AUX_PK_ALGOS`. See "Auxiliary crypto
algorithms" in [docs/compile.md](compile.md).

## TPM manufacturing identity (IAK / IDevID authValue)

When `WOLFTPM_MFG_IDENTITY` is enabled, `wolfBoot_tpm2_get_aik()` and
Expand Down
43 changes: 43 additions & 0 deletions docs/compile.md
Original file line number Diff line number Diff line change
Expand Up @@ -142,6 +142,49 @@ It's possible to disable authentication of the firmware image by explicitly usin
in the Makefile commandline. This will compile a minimal bootloader with no support for public-key authenticated
secure boot.

### Auxiliary crypto algorithms

Some features need crypto algorithms beyond the ones selected with `SIGN` and
`HASH`: certificate-chain verification may meet CA certificates signed with a
different algorithm than the leaf, and TPM support needs ECC or RSA for its
primary key and parameter encryption even when `SIGN` is a post-quantum or
Ed25519/Ed448 algorithm.

`AUX_PK_ALGOS` and `AUX_HASH_ALGOS` compile extra wolfCrypt algorithms into
wolfBoot for those uses. Both take a comma-separated, case-insensitive list
(no spaces):

```sh
make SIGN=ECC256 AUX_PK_ALGOS=rsa2048,ecc384 AUX_HASH_ALGOS=sha384
```

Valid `AUX_PK_ALGOS` entries: `ecc256`, `ecc384`, `ecc521`, `rsa2048`,
`rsa3072`, `rsa4096`, `rsapss2048`, `rsapss3072`, `rsapss4096`, `ed25519`,
`ed448`. Valid `AUX_HASH_ALGOS` entries: `sha256`, `sha384`, `sha512`,
`sha3`. Post-quantum algorithms (ML-DSA, LMS, XMSS) are not yet supported as
auxiliary algorithms.

Auxiliary algorithms are never used to verify the firmware image signature;
that remains bound to `SIGN` (and `SIGN_SECONDARY` for hybrid mode). Each
entry defines a `WOLFBOOT_AUX_PK_<ALGO>` or `WOLFBOOT_AUX_HASH_<ALGO>` macro
and links the matching wolfCrypt objects; entries already covered by
`SIGN`/`SIGN_SECONDARY` are no-ops.

Notes:

- Not compatible with `WOLFBOOT_SMALL_STACK=1`: the static memory pools are
sized for the primary `SIGN` algorithm only.
- `STACK_USAGE` is not adjusted automatically. If an auxiliary algorithm with
larger stack needs (e.g. `rsa4096`) is actually exercised, consider
`WOLFBOOT_HUGE_STACK=1` (the RSA4096 cert-chain configurations already do).
- When `WOLFTPM=1` and neither `SIGN`, `SIGN_SECONDARY`, nor `AUX_PK_ALGOS`
provides an ECC or RSA algorithm, `ecc256` is added automatically so the
TPM SRK and parameter encryption work.
- With `CERT_CHAIN_VERIFY=1`, the generated dummy chain's CA algorithms
(`CERT_CHAIN_GEN_CA_ALGO`/`CERT_CHAIN_GEN_CA_HASH`) are bridged into these
lists automatically. Users providing `USER_CERT_CHAIN` must list their
chain's algorithms here themselves.

### Incremental updates

wolfBoot support incremental updates. To enable this feature, compile with `DELTA_UPDATES=1`.
Expand Down
15 changes: 15 additions & 0 deletions docs/wolfHSM.md
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,25 @@ To use certificate verification with wolfHSM:
3. Pre-provision one or more root CA certificates on the wolfHSM server at the NVM IDs listed in the HAL `hsmNvmIdCertRootCAList`. Verification succeeds if the embedded chain anchors to *any* root in the list (absent NVM IDs are silently skipped). The list length must not exceed `WOLFHSM_CFG_CERT_MAX_VERIFY_ROOTS` (default 8).
4. Sign firmware images with the `--cert-chain` option, providing a DER-encoded certificate chain

The chain's CA certificates do not need to use the same algorithm as the leaf
(which wraps the wolfBoot signing key and therefore follows `SIGN`). The
verifier only needs the CA algorithms compiled in, via `AUX_PK_ALGOS` and
`AUX_HASH_ALGOS` (see [docs/compile.md](compile.md)):

- When the build auto-generates the dummy test chain (no `USER_CERT_CHAIN`),
the CA key algorithm and cert signature hash can be chosen with
`CERT_CHAIN_GEN_CA_ALGO` (`ecc256`/`ecc384`/`ecc521`/`rsa2048`/`rsa3072`/
`rsa4096`, default: same as the leaf) and `CERT_CHAIN_GEN_CA_HASH`
(`sha256`/`sha384`/`sha512`, default `sha256`). Both are bridged into the
auxiliary algorithm lists automatically.
- When providing `USER_CERT_CHAIN`, set `AUX_PK_ALGOS`/`AUX_HASH_ALGOS` to
cover every algorithm used by the chain's certificate signatures.

To build the simulator using wolfHSM for certificate verification:

- **Client Mode**: Use [config/examples/sim-wolfHSM-client-certchain.config](config/examples/sim-wolfHSM-client-certchain.config)
- **Server Mode**: Use [config/examples/sim-wolfHSM-server-certchain.config](config/examples/sim-wolfHSM-server-certchain.config)
- **Server Mode, mixed-algorithm chain**: Use [config/examples/sim-wolfHSM-server-certchain-rsa2048-ca.config](../config/examples/sim-wolfHSM-server-certchain-rsa2048-ca.config) (RSA2048/SHA-384 CA certs, ECC256 leaf)

## Configuration Options

Expand Down
Loading
Loading