From 470ca7ba8282f12e4cafa85dee9444401ffaae97 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Mon, 30 Mar 2026 12:56:17 -0600 Subject: [PATCH 01/12] Adds generic cryptocb support for PK, hash, and symmetric crypto --- .github/workflows/test-cryptocb-simulator.yml | 242 ++++++++++++++++++ .../e2studio/RA6M4/wolfBoot/user_settings.h | 3 + .../e2studio/RX72N/include/user_settings.h | 2 + IDE/Renesas/e2studio/RZN2L/user_settings.h | 2 + arch.mk | 2 + hal/sim.c | 78 ++++++ include/user_settings.h | 14 + include/wolfboot/wolfboot.h | 13 + options.mk | 26 +- src/image.c | 51 ++-- src/libwolfboot.c | 8 +- tools/scripts/sim-cryptocb-sunnyday-update.sh | 71 +++++ 12 files changed, 470 insertions(+), 42 deletions(-) create mode 100644 .github/workflows/test-cryptocb-simulator.yml create mode 100755 tools/scripts/sim-cryptocb-sunnyday-update.sh diff --git a/.github/workflows/test-cryptocb-simulator.yml b/.github/workflows/test-cryptocb-simulator.yml new file mode 100644 index 0000000000..64b2f156f5 --- /dev/null +++ b/.github/workflows/test-cryptocb-simulator.yml @@ -0,0 +1,242 @@ +name: test simulator with crypto callback (cryptocb) + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + cryptocb_simulator_tests: + runs-on: ubuntu-latest + container: + image: ghcr.io/wolfssl/wolfboot-ci-sim:v1.0 + timeout-minutes: 30 + + steps: + - uses: actions/checkout@v4 + with: + submodules: true + + - name: Trust workspace + run: git config --global --add safe.directory "$GITHUB_WORKSPACE" + + # 64 bit simulator, cryptocb enabled + # + - name: make clean + run: | + make keysclean + + - name: Select config (64 bit simulator) + run: | + cp config/examples/sim.config .config + + - name: Build tools + run: | + make -C tools/keytools && make -C tools/bin-assemble + + # Classical algorithms (each tested once with SPMATH=1) + # Note: ECC uses wc_ecc_verify_hash_ex which bypasses cryptocb PK dispatch, + # so we only verify hash for ECC. ED25519 and RSA dispatch PK through cryptocb. + # + - name: Build wolfboot.elf (ED25519, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ED25519 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ED25519) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC256, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC256 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC256) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC521, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC521 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC521) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA2048, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA2048 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA2048) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA3072, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA3072 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA3072) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA4096, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA4096 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA4096) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" + + # SHA-384 hash coverage (paired with algorithms that naturally use 384-bit) + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384 + SHA384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 HASH=SHA384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384 + SHA384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-384" + + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (RSA4096 + SHA384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=RSA4096 HASH=SHA384 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (RSA4096 + SHA384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-384" "RSA" + + # SHA3-384 hash coverage + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ECC384 + SHA3-384, cryptocb) + run: | + make clean && make test-sim-internal-flash-with-update SIGN=ECC384 HASH=SHA3 SPMATH=1 WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ECC384 + SHA3-384) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA3-384" + + # AES encrypted partition coverage (external flash + AES128-CTR) + # + - name: Cleanup to change key type + run: | + make keysclean + + - name: Build wolfboot.elf (ED25519 + AES128 encrypt, cryptocb) + run: | + cp config/examples/sim-encrypt-update.config .config + make clean && make test-sim-external-flash-with-enc-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run cryptocb sunnyday test (ED25519 + AES128 encrypt) + run: | + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" "AES-CTR" + + # PQ algorithms (each uses its own config, build + test inline) + # + - name: Build and test LMS (cryptocb) + run: | + cp config/examples/sim-lms.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Build and test XMSS (cryptocb) + run: | + cp config/examples/sim-xmss.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" + + - name: Build and test ML-DSA level 2 (cryptocb) + run: | + cp config/examples/sim-ml-dsa.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + - name: Build and test ML-DSA level 3 (cryptocb) + run: | + cp config/examples/sim-ml-dsa3.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + - name: Build and test ML-DSA level 5 (cryptocb) + run: | + cp config/examples/sim-ml-dsa5.config .config + make keysclean && make clean + make keytools + make test-sim-internal-flash-with-update WOLFBOOT_TEST_SIM_CRYPTOCB=1 + tools/scripts/sim-cryptocb-sunnyday-update.sh "SHA-256" "ML-DSA-verify" + + # Hybrid auth: ML_DSA + ECDSA + # + - name: make clean (hybrid) + run: | + make keysclean + + - name: Select config (hybrid ML_DSA + ECC) + run: | + cp config/examples/sim-ml-dsa-ecc-hybrid.config .config + + - name: Build tools (hybrid) + run: | + make -C tools/keytools && make -C tools/bin-assemble + + - name: Build wolfboot.elf (hybrid, cryptocb) + run: | + make clean && make WOLFBOOT_TEST_SIM_CRYPTOCB=1 + + - name: Run hybrid boot test with cryptocb verification + run: | + ./wolfboot.elf get_version > sim_cryptocb.log 2>/dev/null + grep -q "sim-cryptocb: hash SHA-256" sim_cryptocb.log || (echo "hash SHA-256 not found" && cat sim_cryptocb.log && exit 1) + grep -q "sim-cryptocb: pk ML-DSA-verify" sim_cryptocb.log || (echo "pk ML-DSA-verify not found" && cat sim_cryptocb.log && exit 1) + echo "Hybrid cryptocb verification passed" diff --git a/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h b/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h index 931be82297..9b7041aab0 100644 --- a/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h +++ b/IDE/Renesas/e2studio/RA6M4/wolfBoot/user_settings.h @@ -60,6 +60,9 @@ # define WOLF_CRYPTO_CB # define RENESAS_SCE_INSTALLEDKEY_ADDR 0x08001000U # define SCE_ID 7890 +# define RENESAS_DEVID SCE_ID +# define WOLFBOOT_DEVID_PUBKEY SCE_ID +# define WOLFBOOT_DEVID_CRYPT (SCE_ID + 1) # undef VECTOR_Reset_Handler # define VECTOR_Reset_Handler ((uint32_t *)(0x20204)) ... diff --git a/IDE/Renesas/e2studio/RX72N/include/user_settings.h b/IDE/Renesas/e2studio/RX72N/include/user_settings.h index 767bb4c28d..9f7e15f0a7 100644 --- a/IDE/Renesas/e2studio/RX72N/include/user_settings.h +++ b/IDE/Renesas/e2studio/RX72N/include/user_settings.h @@ -42,6 +42,8 @@ # define WOLF_CRYPTO_CB # define RENESAS_TSIP_INSTALLEDKEY_ADDR 0xFFFF0000 # define RENESAS_DEVID 7890 +# define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID +# define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) #else #define WOLFBOOT_SIGN_RSA2048 /* #define WOLFBOOT_SIGN_RSA3072 */ diff --git a/IDE/Renesas/e2studio/RZN2L/user_settings.h b/IDE/Renesas/e2studio/RZN2L/user_settings.h index 8f9a0fc015..bc182a7b91 100644 --- a/IDE/Renesas/e2studio/RZN2L/user_settings.h +++ b/IDE/Renesas/e2studio/RZN2L/user_settings.h @@ -56,6 +56,8 @@ #define RENESAS_RSIP_INSTALLEDKEY_FLASH_ADDR 0x60200000 #define RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR 0x10000100 #define RENESAS_DEVID 7890 + #define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID + #define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) #if defined(WOLFBOOT_SIGN_RSA3072) ||\ defined(WOLFBOOT_SIGN_RSA4096) ||\ diff --git a/arch.mk b/arch.mk index 58957fc682..446c36c344 100644 --- a/arch.mk +++ b/arch.mk @@ -504,6 +504,8 @@ ifeq ($(ARCH),RENESAS_RX) ifeq ($(PKA),1) CFLAGS+=-DWOLFBOOT_RENESAS_TSIP + CFLAGS+=-DWOLFBOOT_DEVID_PUBKEY=7890 + CFLAGS+=-DWOLFBOOT_DEVID_CRYPT=7891 RX_DRIVER_PATH?=./lib OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o \ diff --git a/hal/sim.c b/hal/sim.c index b35a6c47ff..caac7af9ad 100644 --- a/hal/sim.c +++ b/hal/sim.c @@ -48,6 +48,66 @@ #include "elf.h" #endif +#if defined(WOLFBOOT_TEST_SIM_CRYPTOCB) && defined(__WOLFBOOT) +#include +#include + +/* Crypto callback that prints dispatched algorithm names to stdout, then + * returns CRYPTOCB_UNAVAILABLE to trigger software fallback. Test scripts + * redirect stdout to a log and grep for "sim-cryptocb: " lines. + * + * NOTE: We only need to support the algorithms used by wolfBoot that also have + * internal support for crypto callbacks. Algorithms like ED448 do not need to + * be handled here since they do not dispatch to a crypto callback internally. + */ +static int sim_cryptocb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + (void)devIdArg; + (void)ctx; + + if (info == NULL) + return CRYPTOCB_UNAVAILABLE; + + if (info->algo_type == WC_ALGO_TYPE_HASH) { + const char* name = "unknown"; + switch (info->hash.type) { + case WC_HASH_TYPE_SHA256: name = "SHA-256"; break; + case WC_HASH_TYPE_SHA384: name = "SHA-384"; break; + case WC_HASH_TYPE_SHA3_384: name = "SHA3-384"; break; + default: break; + } + printf("sim-cryptocb: hash %s\n", name); + } + else if (info->algo_type == WC_ALGO_TYPE_PK) { + const char* name = "unknown"; + switch (info->pk.type) { + case WC_PK_TYPE_RSA: name = "RSA"; break; + case WC_PK_TYPE_ECDSA_VERIFY: name = "ECDSA-verify"; break; + case WC_PK_TYPE_ED25519_VERIFY: name = "ED25519-verify"; break; + #ifdef HAVE_DILITHIUM + case WC_PK_TYPE_PQC_SIG_VERIFY: + name = "ML-DSA-verify"; + break; + #endif + default: break; + } + printf("sim-cryptocb: pk %s\n", name); + } + #if !defined(NO_AES) || !defined(NO_DES3) + else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { + const char* name = "unknown"; + switch (info->cipher.type) { + case WC_CIPHER_AES_CTR: name = "AES-CTR"; break; + default: break; + } + printf("sim-cryptocb: cipher %s\n", name); + } + #endif + + return CRYPTOCB_UNAVAILABLE; +} +#endif /* WOLFBOOT_TEST_SIM_CRYPTOCB && __WOLFBOOT */ + #ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT #include "wolfhsm/wh_error.h" #include "wolfhsm/wh_client.h" @@ -438,6 +498,23 @@ void hal_init(void) else if (strcmp(main_argv[i], "emergency") == 0) forceEmergency = 1; } + +#if defined(WOLFBOOT_TEST_SIM_CRYPTOCB) && defined(__WOLFBOOT) + { + int cb_ret; + /* wolfCrypt_Init() must be called before RegisterDevice — + * it initializes CryptoDev[] slots to INVALID_DEVID via + * wc_CryptoCb_Init(). Ref-counted, safe to call multiple times. */ + wolfCrypt_Init(); + cb_ret = wc_CryptoCb_RegisterDevice(0xCB, sim_cryptocb, NULL); + if (cb_ret != 0) { + wolfBoot_printf("Failed to register sim crypto callback: %d\n", + cb_ret); + exit(-1); + } + wolfBoot_printf("Registered sim_cryptocb with devId 0xCB\n"); + } +#endif } void ext_flash_lock(void) @@ -583,6 +660,7 @@ void do_boot(const uint32_t *app_offset) } wolfBoot_printf("Stored test-app to memfd, address %p (%zu bytes)\n", app_offset, wret); + fflush(stdout); ret = fexecve(fd, main_argv, envp); wolfBoot_printf( "fexecve error\n"); #endif diff --git a/include/user_settings.h b/include/user_settings.h index 4c701be45d..fca2a68e47 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -702,6 +702,7 @@ extern int tolower(int c); #define WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY #define RENESAS_SCE_INSTALLEDKEY_ADDR 0x08001000U #define SCE_ID 7890 + #define RENESAS_DEVID SCE_ID #endif #ifdef WOLFBOOT_RENESAS_RSIP #define WOLFSSL_RENESAS_FSPSM @@ -712,6 +713,12 @@ extern int tolower(int c); #define RENESAS_RSIP_INSTALLEDKEY_RAM_ADDR 0x10000100 #define RENESAS_DEVID 7890 #endif + #ifndef WOLFBOOT_DEVID_PUBKEY + #define WOLFBOOT_DEVID_PUBKEY RENESAS_DEVID + #endif + #ifndef WOLFBOOT_DEVID_CRYPT + #define WOLFBOOT_DEVID_CRYPT (RENESAS_DEVID + 1) + #endif #endif #endif /* WOLFBOOT_PKCS11_APP */ @@ -742,4 +749,11 @@ extern int tolower(int c); #define HAVE_UINTPTR_T /* make sure stdint.h is included */ #endif +/* WOLF_CRYPTO_CB requires WC_RNG type for cryptocb.h function declarations. + * Forward-declare as incomplete type — sufficient for WC_RNG* pointers in + * function signatures. We never call functions that dereference WC_RNG. */ +#if defined(WOLF_CRYPTO_CB) && defined(WC_NO_RNG) +typedef struct WC_RNG WC_RNG; +#endif + #endif /* !_WOLFBOOT_USER_SETTINGS_H_ */ diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 88ea47523b..0c85fb7eec 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -323,6 +323,19 @@ extern "C" { #include "wolfssl/wolfcrypt/wc_port.h" #include "wolfssl/wolfcrypt/types.h" +/* HAL crypto device ID abstraction. + * Override per-class via build system -D flags. + * Defaults to INVALID_DEVID (software-only). */ +#ifndef WOLFBOOT_DEVID_HASH + #define WOLFBOOT_DEVID_HASH INVALID_DEVID +#endif +#ifndef WOLFBOOT_DEVID_PUBKEY + #define WOLFBOOT_DEVID_PUBKEY INVALID_DEVID +#endif +#ifndef WOLFBOOT_DEVID_CRYPT + #define WOLFBOOT_DEVID_CRYPT INVALID_DEVID +#endif + #ifdef WOLFBOOT_RENESAS_TSIP /* Include these before any algorithm headers */ #include "mcu/all/r_bsp_common.h" diff --git a/options.mk b/options.mk index 24f6e32904..fabf0062d7 100644 --- a/options.mk +++ b/options.mk @@ -1167,6 +1167,18 @@ ifneq ($(WOLFBOOT_PART_ID),) SIGN_OPTIONS+=--id $(WOLFBOOT_PART_ID) endif +# Simulator crypto callback test option +ifeq ($(ARCH),sim) +ifeq ($(WOLFBOOT_TEST_SIM_CRYPTOCB),1) + CFLAGS += -DWOLFBOOT_TEST_SIM_CRYPTOCB + CFLAGS += -DWOLF_CRYPTO_CB + CFLAGS += -DWOLFBOOT_DEVID_HASH=0xCB + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=0xCB + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=0xCB + WOLFCRYPT_OBJS += $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/cryptocb.o +endif +endif + # wolfHSM client options ifeq ($(WOLFHSM_CLIENT),1) WOLFCRYPT_OBJS += \ @@ -1200,6 +1212,12 @@ ifeq ($(WOLFHSM_CLIENT),1) CFLAGS += -I"$(WOLFBOOT_LIB_WOLFHSM)" # defines CFLAGS += -DWOLFBOOT_ENABLE_WOLFHSM_CLIENT -DWOLFHSM_CFG_ENABLE_CLIENT + # HAL crypto devId abstraction for wolfHSM client + CFLAGS += -DWOLFBOOT_DEVID_HASH=hsmDevIdHash + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=hsmDevIdPubKey + ifeq ($(ENCRYPT),1) + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=hsmDevIdCrypt + endif # Make sure we export generated public keys so they can be used to load into # HSM out-of-band KEYGEN_OPTIONS += --exportpubkey --der @@ -1258,8 +1276,14 @@ ifeq ($(WOLFHSM_SERVER),1) #includes CFLAGS += -I"$(WOLFBOOT_LIB_WOLFHSM)" - # defines' + # defines CFLAGS += -DWOLFBOOT_ENABLE_WOLFHSM_SERVER -DWOLFHSM_CFG_ENABLE_SERVER + # HAL crypto devId abstraction for wolfHSM server + CFLAGS += -DWOLFBOOT_DEVID_HASH=hsmDevIdHash + CFLAGS += -DWOLFBOOT_DEVID_PUBKEY=hsmDevIdPubKey + ifeq ($(ENCRYPT),1) + CFLAGS += -DWOLFBOOT_DEVID_CRYPT=hsmDevIdCrypt + endif # Ensure wolfHSM is configured to use certificate manager if we are # doing cert chain verification diff --git a/src/image.c b/src/image.c index 18038cb150..c0c29f508c 100644 --- a/src/image.c +++ b/src/image.c @@ -141,7 +141,7 @@ static void wolfBoot_verify_signature_ed25519(uint8_t key_slot, { int ret, res; ed25519_key ed; - ret = wc_ed25519_init(&ed); + ret = wc_ed25519_init_ex(&ed, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret < 0) { /* Failed to initialize key */ return; @@ -165,7 +165,7 @@ static void wolfBoot_verify_signature_ed448(uint8_t key_slot, { int ret, res; ed448_key ed; - ret = wc_ed448_init(&ed); + ret = wc_ed448_init_ex(&ed, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret < 0) { /* Failed to initialize key */ return; @@ -227,16 +227,7 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, } #endif -#if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ - defined(WOLFBOOT_RENESAS_TSIP) || \ - defined(WOLFBOOT_RENESAS_RSIP) - ret = wc_ecc_init_ex(&ecc, NULL, RENESAS_DEVID); -#elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ - defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) - ret = wc_ecc_init_ex(&ecc, NULL, hsmDevIdPubKey); -#else - ret = wc_ecc_init(&ecc); -#endif + ret = wc_ecc_init_ex(&ecc, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { #if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ @@ -450,7 +441,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, #if defined(WOLFBOOT_RENESAS_SCEPROTECT) || \ defined(WOLFBOOT_RENESAS_TSIP) || \ defined(WOLFBOOT_RENESAS_RSIP) - ret = wc_InitRsaKey_ex(&rsa, NULL, RENESAS_DEVID); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE); RSA_VERIFY_FN(ret, @@ -463,7 +454,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, (void)digest_out; #elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) - ret = wc_InitRsaKey_ex(&rsa, NULL, hsmDevIdPubKey); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { return; } @@ -533,7 +524,7 @@ static void wolfBoot_verify_signature_rsa(uint8_t key_slot, #endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ #else /* wolfCrypt software RSA verify */ - ret = wc_InitRsaKey(&rsa, NULL); + ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret == 0) { /* Import public key */ ret = wc_RsaPublicKeyDecode((byte*)pubkey, &inOutIdx, &rsa, pubkey_sz); @@ -585,7 +576,7 @@ static void wolfBoot_verify_signature_lms(uint8_t key_slot, return; } - ret = wc_LmsKey_Init(&lms, NULL, INVALID_DEVID); + ret = wc_LmsKey_Init(&lms, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_LmsKey_Init returned %d\n", ret); return; @@ -653,7 +644,7 @@ static void wolfBoot_verify_signature_xmss(uint8_t key_slot, return; } - ret = wc_XmssKey_Init(&xmss, NULL, INVALID_DEVID); + ret = wc_XmssKey_Init(&xmss, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_XmssKey_Init returned %d\n", ret); return; @@ -726,11 +717,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, } #endif -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - ret = wc_MlDsaKey_Init(&ml_dsa, NULL, hsmDevIdPubKey); -#else - ret = wc_MlDsaKey_Init(&ml_dsa, NULL, INVALID_DEVID); -#endif + ret = wc_MlDsaKey_Init(&ml_dsa, NULL, WOLFBOOT_DEVID_PUBKEY); if (ret != 0) { wolfBoot_printf("error: wc_MlDsaKey_Init returned %d\n", ret); @@ -988,11 +975,7 @@ static int header_sha256(wc_Sha256 *sha256_ctx, struct wolfBoot_image *img) return -1; } #endif -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - (void)wc_InitSha256_ex(sha256_ctx, NULL, hsmDevIdHash); -#else - wc_InitSha256(sha256_ctx); -#endif + (void)wc_InitSha256_ex(sha256_ctx, NULL, WOLFBOOT_DEVID_HASH); #ifdef WOLFBOOT_IMG_HASH_ONESHOT wc_Sha256Update(sha256_ctx, p, (word32)(end_sha - p)); #else @@ -1070,7 +1053,7 @@ static void key_sha256(uint8_t key_slot, uint8_t *hash) if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha256(&sha256_ctx); + (void)wc_InitSha256_ex(&sha256_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha256Update(&sha256_ctx, pubkey, (word32)pubkey_sz); wc_Sha256Final(&sha256_ctx, hash); wc_Sha256Free(&sha256_ctx); @@ -1100,11 +1083,7 @@ static int header_sha384(wc_Sha384 *sha384_ctx, struct wolfBoot_image *img) return -1; } #endif -#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT - (void)wc_InitSha384_ex(sha384_ctx, NULL, hsmDevIdHash); -#else - wc_InitSha384(sha384_ctx); -#endif + (void)wc_InitSha384_ex(sha384_ctx, NULL, WOLFBOOT_DEVID_HASH); #ifdef WOLFBOOT_IMG_HASH_ONESHOT wc_Sha384Update(sha384_ctx, p, (word32)(end_sha - p)); #else @@ -1190,7 +1169,7 @@ static void key_sha384(uint8_t key_slot, uint8_t *hash) if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha384(&sha384_ctx); + (void)wc_InitSha384_ex(&sha384_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha384Update(&sha384_ctx, pubkey, (word32)pubkey_sz); wc_Sha384Final(&sha384_ctx, hash); wc_Sha384Free(&sha384_ctx); @@ -1222,7 +1201,7 @@ static int header_sha3_384(wc_Sha3 *sha3_ctx, struct wolfBoot_image *img) return -1; } #endif - wc_InitSha3_384(sha3_ctx, NULL, INVALID_DEVID); + (void)wc_InitSha3_384(sha3_ctx, NULL, WOLFBOOT_DEVID_HASH); #ifdef WOLFBOOT_IMG_HASH_ONESHOT wc_Sha3_384_Update(sha3_ctx, p, (word32)(end_sha - p)); #else @@ -1305,7 +1284,7 @@ static void key_sha3_384(uint8_t key_slot, uint8_t *hash) memset(hash, 0, WC_SHA3_384_DIGEST_SIZE); if (!pubkey || (pubkey_sz < 0)) return; - wc_InitSha3_384(&sha3_ctx, NULL, INVALID_DEVID); + (void)wc_InitSha3_384(&sha3_ctx, NULL, WOLFBOOT_DEVID_HASH); wc_Sha3_384_Update(&sha3_ctx, pubkey, (word32)pubkey_sz); wc_Sha3_384_Final(&sha3_ctx, hash); wc_Sha3_384_Free(&sha3_ctx); diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 79fa0eddcb..c68eab89e5 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1780,7 +1780,6 @@ Aes aes_dec, aes_enc; */ int aes_init(void) { - int devId = INVALID_DEVID; int ret = 0; #if defined(CUSTOM_ENCRYPT_KEY) && !defined(WOLFBOOT_RENESAS_TSIP) uint8_t stored_nonce[ENCRYPT_NONCE_SIZE]; @@ -1791,7 +1790,6 @@ int aes_init(void) #endif #ifdef WOLFBOOT_RENESAS_TSIP wrap_enc_key_t* enc_key; - devId = RENESAS_DEVID + 1; enc_key =(wrap_enc_key_t*)RENESAS_TSIP_INSTALLEDENCKEY_ADDR; key = enc_key->encrypted_user_key; stored_nonce = enc_key->initial_vector; @@ -1815,8 +1813,8 @@ int aes_init(void) XMEMSET(&aes_enc, 0, sizeof(aes_enc)); XMEMSET(&aes_dec, 0, sizeof(aes_dec)); - wc_AesInit(&aes_enc, NULL, devId); - wc_AesInit(&aes_dec, NULL, devId); + wc_AesInit(&aes_enc, NULL, WOLFBOOT_DEVID_CRYPT); + wc_AesInit(&aes_dec, NULL, WOLFBOOT_DEVID_CRYPT); if (!encrypt_key_is_valid(key, ENCRYPT_KEY_SIZE)) { ret = -1; @@ -1843,7 +1841,7 @@ int aes_init(void) XMEMCPY(&aes_dec.ctx, &aes_enc.ctx, sizeof(aes_enc.ctx)); /* register AES crypto callback */ - wc_CryptoCb_RegisterDevice(devId, wc_tsip_AesCipher, NULL); + wc_CryptoCb_RegisterDevice(WOLFBOOT_DEVID_CRYPT, wc_tsip_AesCipher, NULL); #endif /* WOLFBOOT_RENESAS_TSIP */ /* AES_ENCRYPTION is used for both directions in CTR diff --git a/tools/scripts/sim-cryptocb-sunnyday-update.sh b/tools/scripts/sim-cryptocb-sunnyday-update.sh new file mode 100755 index 0000000000..647fd7cf71 --- /dev/null +++ b/tools/scripts/sim-cryptocb-sunnyday-update.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# +# Sunnyday update test with cryptocb dispatch verification. +# stdout is redirected to sim_cryptocb.log which contains both +# sim_cryptocb output ("sim-cryptocb: ...") and the test-app +# version number. Version is extracted by filtering out crypto lines. +# +# Usage: sim-cryptocb-sunnyday-update.sh [expected_pk] [expected_cipher] +# Example: sim-cryptocb-sunnyday-update.sh "SHA-256" "RSA" +# Example: sim-cryptocb-sunnyday-update.sh "SHA-256" "ED25519-verify" "AES-CTR" +# + +LOGFILE="sim_cryptocb.log" + +if [ $# -lt 1 ]; then + echo "usage: $0 [expected_pk] [expected_cipher]" + exit 1 +fi + +EXPECTED_HASH=$1 +EXPECTED_PK=${2:-} +EXPECTED_CIPHER=${3:-} + +# First boot: update_trigger + get_version (stdout -> log) +./wolfboot.elf update_trigger get_version > $LOGFILE 2>/dev/null +V=$(grep -v "^sim-cryptocb:" $LOGFILE | tail -1) +if [ "x$V" != "x1" ]; then + echo "Failed first boot with update_trigger (V: $V)" + cat $LOGFILE + exit 1 +fi + +# Second boot: success + get_version (stdout -> log) +./wolfboot.elf success get_version > $LOGFILE 2>/dev/null +V=$(grep -v "^sim-cryptocb:" $LOGFILE | tail -1) +if [ "x$V" != "x2" ]; then + echo "Failed update (V: $V)" + cat $LOGFILE + exit 1 +fi + +# Verify crypto callback log entries +if ! grep -q "sim-cryptocb: hash $EXPECTED_HASH" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: hash $EXPECTED_HASH' not found" + cat $LOGFILE + exit 1 +fi +echo "Verified: hash $EXPECTED_HASH dispatched through cryptocb" + +# Optional PK verification (skip for ECC which bypasses cryptocb PK dispatch) +if [ -n "$EXPECTED_PK" ]; then + if ! grep -q "sim-cryptocb: pk $EXPECTED_PK" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: pk $EXPECTED_PK' not found" + cat $LOGFILE + exit 1 + fi + echo "Verified: pk $EXPECTED_PK dispatched through cryptocb" +fi + +# Optional Cipher verification (for encrypted partition tests) +if [ -n "$EXPECTED_CIPHER" ]; then + if ! grep -q "sim-cryptocb: cipher $EXPECTED_CIPHER" $LOGFILE; then + echo "Error: expected 'sim-cryptocb: cipher $EXPECTED_CIPHER' not found" + cat $LOGFILE + exit 1 + fi + echo "Verified: cipher $EXPECTED_CIPHER dispatched through cryptocb" +fi + +echo Test successful. +exit 0 From 4a9747c4d79b1e4e07db77b9e285a1be2eb0d473 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Tue, 14 Apr 2026 11:45:10 -0600 Subject: [PATCH 02/12] fix include order for unit tests --- include/wolfboot/wolfboot.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 0c85fb7eec..6cba00a603 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -316,26 +316,26 @@ extern "C" { #define KEY_VERIFY_SELF_ONLY KEY_VERIFY_ONLY_ID(0) #define KEY_VERIFY_APP_ONLY KEY_VERIFY_ONLY_ID(1) -#if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH) - -#include "wolfssl/wolfcrypt/settings.h" -#include "wolfssl/wolfcrypt/visibility.h" -#include "wolfssl/wolfcrypt/wc_port.h" -#include "wolfssl/wolfcrypt/types.h" - /* HAL crypto device ID abstraction. * Override per-class via build system -D flags. * Defaults to INVALID_DEVID (software-only). */ #ifndef WOLFBOOT_DEVID_HASH - #define WOLFBOOT_DEVID_HASH INVALID_DEVID + #define WOLFBOOT_DEVID_HASH (-2) /* INVALID_DEVID */ #endif #ifndef WOLFBOOT_DEVID_PUBKEY - #define WOLFBOOT_DEVID_PUBKEY INVALID_DEVID + #define WOLFBOOT_DEVID_PUBKEY (-2) /* INVALID_DEVID */ #endif #ifndef WOLFBOOT_DEVID_CRYPT - #define WOLFBOOT_DEVID_CRYPT INVALID_DEVID + #define WOLFBOOT_DEVID_CRYPT (-2) /* INVALID_DEVID */ #endif +#if defined(__WOLFBOOT) || defined(UNIT_TEST_AUTH) + +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/wolfcrypt/visibility.h" +#include "wolfssl/wolfcrypt/wc_port.h" +#include "wolfssl/wolfcrypt/types.h" + #ifdef WOLFBOOT_RENESAS_TSIP /* Include these before any algorithm headers */ #include "mcu/all/r_bsp_common.h" From 5dd4ba0f7cbbcb93ac4e8c70d7e1bc14cddd14c6 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Tue, 14 Apr 2026 12:43:02 -0600 Subject: [PATCH 03/12] update unit tests to use new APIs --- tools/unit-tests/unit-image.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tools/unit-tests/unit-image.c b/tools/unit-tests/unit-image.c index ba158193ac..02f9f94fb1 100644 --- a/tools/unit-tests/unit-image.c +++ b/tools/unit-tests/unit-image.c @@ -361,7 +361,9 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr) } #if defined(WOLFBOOT_SIGN_ECC256) -int wc_ecc_init(ecc_key* key) { +int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) { + (void)heap; + (void)devId; if (ecc_init_fail) return -1; return 0; @@ -460,10 +462,11 @@ END_TEST defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048) || \ defined(WOLFBOOT_SIGN_SECONDARY_RSA3072) || \ defined(WOLFBOOT_SIGN_SECONDARY_RSA4096) -int wc_InitRsaKey(RsaKey* key, void* heap) +int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { (void)key; (void)heap; + (void)devId; return 0; } From a3b13c2ff8302ca69d79885cd51fb5abcdca160f Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Tue, 14 Apr 2026 15:09:05 -0600 Subject: [PATCH 04/12] review feedback --- .github/workflows/test-cryptocb-simulator.yml | 2 +- hal/sim.c | 11 ++++++----- tools/unit-tests/unit-image.c | 3 ++- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test-cryptocb-simulator.yml b/.github/workflows/test-cryptocb-simulator.yml index 64b2f156f5..b3c0d3aa49 100644 --- a/.github/workflows/test-cryptocb-simulator.yml +++ b/.github/workflows/test-cryptocb-simulator.yml @@ -4,7 +4,7 @@ on: push: branches: [ 'master', 'main', 'release/**' ] pull_request: - branches: [ '*' ] + branches: [ '**' ] jobs: cryptocb_simulator_tests: diff --git a/hal/sim.c b/hal/sim.c index caac7af9ad..702f381070 100644 --- a/hal/sim.c +++ b/hal/sim.c @@ -502,17 +502,18 @@ void hal_init(void) #if defined(WOLFBOOT_TEST_SIM_CRYPTOCB) && defined(__WOLFBOOT) { int cb_ret; - /* wolfCrypt_Init() must be called before RegisterDevice — - * it initializes CryptoDev[] slots to INVALID_DEVID via - * wc_CryptoCb_Init(). Ref-counted, safe to call multiple times. */ wolfCrypt_Init(); - cb_ret = wc_CryptoCb_RegisterDevice(0xCB, sim_cryptocb, NULL); + /* simulator WOLFBOOT_DEVID_XXX are all the same, only need to register + * one of them for the sim test - chose hash. */ + cb_ret = wc_CryptoCb_RegisterDevice(WOLFBOOT_DEVID_HASH, + sim_cryptocb, NULL); if (cb_ret != 0) { wolfBoot_printf("Failed to register sim crypto callback: %d\n", cb_ret); exit(-1); } - wolfBoot_printf("Registered sim_cryptocb with devId 0xCB\n"); + wolfBoot_printf("Registered sim_cryptocb with devId %d\n", + WOLFBOOT_DEVID_HASH); } #endif } diff --git a/tools/unit-tests/unit-image.c b/tools/unit-tests/unit-image.c index 02f9f94fb1..b2efa29610 100644 --- a/tools/unit-tests/unit-image.c +++ b/tools/unit-tests/unit-image.c @@ -360,7 +360,8 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr) } } -#if defined(WOLFBOOT_SIGN_ECC256) +#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_ECC384) || \ + defined(WOLFBOOT_SIGN_ECC521) int wc_ecc_init_ex(ecc_key* key, void* heap, int devId) { (void)heap; (void)devId; From ba0548b57af68c6d089554219ece5bfeff7766e8 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 12 Mar 2026 12:11:17 -0600 Subject: [PATCH 05/12] add self-header to tricore config --- .../examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config b/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config index a5b25ef6f8..2cefe091a9 100644 --- a/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config +++ b/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config @@ -34,6 +34,10 @@ IMAGE_HEADER_SIZE=4096 ARCH_FLASH_OFFSET=0x800A0000 WOLFBOOT_SECTOR_SIZE=0x4000 +# self-header feature (persist header in external flash) +WOLFBOOT_SELF_HEADER=1 +SELF_HEADER_EXT=1 + # ELF memory partitioning (same PFLASH1 space as standard wolfBoot): # Standard wolfBoot uses 0x80300000-0x80600000 (3MB) for BOOT+UPDATE+SWAP # ELF mode splits this same space into EXEC+BOOT+UPDATE+SWAP: @@ -43,10 +47,11 @@ WOLFBOOT_SECTOR_SIZE=0x4000 # - SWAP sector: 0x805FC000 (16KB) - for atomic updates # ELF storage partitions (where signed ELF files are stored) +WOLFBOOT_PARTITION_SIZE=0xC0000 +WOLFBOOT_PARTITION_SELF_HEADER_ADDRESS=0x80240000 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x8047C000 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x8053C000 WOLFBOOT_PARTITION_SWAP_ADDRESS=0x805FC000 -WOLFBOOT_PARTITION_SIZE=0xC0000 # ELF execution space (where test app runs after scatter loading) # Uses the same space that would be the BOOT partition in standard mode From 584314ea74e800fcde30a7f809bb93f118863de3 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Fri, 13 Mar 2026 12:04:09 -0600 Subject: [PATCH 06/12] tc3: fix for latest wolfHSM, remove devId from cryptoCtx as it no longer exists --- hal/aurix_tc3xx.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hal/aurix_tc3xx.c b/hal/aurix_tc3xx.c index 3e1799de8a..99010f9e85 100644 --- a/hal/aurix_tc3xx.c +++ b/hal/aurix_tc3xx.c @@ -809,9 +809,7 @@ static whNvmFlashContext nvmFlashCtx[1] = {{0}}; static whNvmCb nvmCb[1] = {WH_NVM_FLASH_CB}; static whNvmContext nvmCtx[1] = {0}; -static whServerCryptoContext cryptoCtx[1] = {{ - .devId = INVALID_DEVID, /* HSM_DEVID once CCB enabled */ -}}; +static whServerCryptoContext cryptoCtx[1] = {0}; /* Global server context */ whServerContext hsmServerCtx = {0}; From e6aa84b93ae40d3c68c14dd005b42b6245bcd8cc Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Fri, 13 Mar 2026 13:47:53 -0600 Subject: [PATCH 07/12] tc3: add echo test to test-app when wolfHSM is enabled --- test-app/Makefile | 14 +++++++++++++- test-app/app_aurix_tc3xx.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) diff --git a/test-app/Makefile b/test-app/Makefile index 13e53d2a58..a8d921a162 100644 --- a/test-app/Makefile +++ b/test-app/Makefile @@ -941,9 +941,21 @@ ifeq ($(TARGET),aurix_tc3xx) ifeq ($(WOLFHSM_SERVER),1) - APP_OBJS += $(WOLFBOOT_LIB_WOLFHSM)/src/wh_transport_mem.o APP_OBJS += $(WOLFHSM_INFINEON_TC3XX)/port/server/port_halflash_df1.o endif + + # wolfHSM TC3xx port objects needed by the HAL (aurix_tc3xx.c) + ifneq ($(filter 1,$(WOLFHSM_CLIENT) $(WOLFHSM_SERVER)),) + APP_OBJS += $(WOLFHSM_INFINEON_TC3XX)/port/tchsm_common.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/tchsm_hsmhost.o \ + $(WOLFBOOT_LIB_WOLFHSM)/src/wh_transport_mem.o + endif + + ifeq ($(WOLFHSM_CLIENT),1) + APP_OBJS += $(WOLFHSM_INFINEON_TC3XX)/port/client/hsm_ipc.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/client/io.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/client/tchsm_hh_host.o + endif endif # Capture final flags for locally built wolfSSL objects. diff --git a/test-app/app_aurix_tc3xx.c b/test-app/app_aurix_tc3xx.c index 4418bff7c0..ba8e218bdb 100644 --- a/test-app/app_aurix_tc3xx.c +++ b/test-app/app_aurix_tc3xx.c @@ -27,6 +27,9 @@ #include "printf.h" #include "hal.h" #include "wolfboot/wolfboot.h" +#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT +#include "wolfhsm/wh_client.h" +#endif #define BASE_FW_VERSION 1 @@ -77,6 +80,34 @@ void tc3tc_main(void) wolfBoot_success(); } +#ifdef WOLFBOOT_ENABLE_WOLFHSM_CLIENT + { + int rc; + const char echoMsg[] = "wolfHSM echo test"; + char echoResp[sizeof(echoMsg)]; + uint16_t echoRespLen = 0; + + rc = hal_hsm_init_connect(); + if (rc == 0) { + wolfBoot_printf("wolfHSM Echo: sending %d bytes\n", + sizeof(echoMsg)); + rc = wh_Client_Echo(&hsmClientCtx, sizeof(echoMsg), echoMsg, + &echoRespLen, echoResp); + if (rc == 0) { + wolfBoot_printf("wolfHSM Echo success: received %d bytes\n", + echoRespLen); + } + else { + wolfBoot_printf("wolfHSM Echo test failed: %d\n", rc); + } + hal_hsm_disconnect(); + } + else { + wolfBoot_printf("HSM connect failed: %d\n", rc); + } + } +#endif + /* Main application loop */ while(1) { /* spin forever */ From c01c21ad9e57cdc98ccece29f26d5d7cefe96ff4 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Sun, 29 Mar 2026 20:07:27 -0600 Subject: [PATCH 08/12] tc3: disable/capture bus errors for lifetime of bootloader --- hal/aurix_tc3xx.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hal/aurix_tc3xx.c b/hal/aurix_tc3xx.c index 99010f9e85..16255607dd 100644 --- a/hal/aurix_tc3xx.c +++ b/hal/aurix_tc3xx.c @@ -308,6 +308,9 @@ void hal_init(void) WOLFBOOT_VERSION); #endif #endif /* DEBUG_UART */ + + /* Catch bus errors due to ECC faults. Reenabled on application boot */ + TC3_CAPTURE_BUS_ERRORS(); } /* This function is called by the bootloader at a very late stage, before @@ -338,6 +341,9 @@ void hal_prepare_boot(void) /* Undo pre-init*/ tc3tc_UnpreInit(); #endif + + /* Reenable bus trap/exception masking */ + TC3_ENFORCE_BUS_ERRORS(); } #ifndef WOLFBOOT_AURIX_TC3XX_HSM From 64a1ecd957f5e3df718ec4100110685357c66bf5 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 23 Apr 2026 13:37:47 -0600 Subject: [PATCH 09/12] support AURIX hw accel --- arch.mk | 16 +++++++--------- hal/aurix_tc3xx.c | 14 ++++++++++---- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/arch.mk b/arch.mk index 446c36c344..a43c4b018c 100644 --- a/arch.mk +++ b/arch.mk @@ -1614,15 +1614,13 @@ ifeq ($(ARCH), AURIX_TC3) $(WOLFHSM_INFINEON_TC3XX)/port/server/io.o \ $(WOLFHSM_INFINEON_TC3XX)/port/server/sysmem.o \ $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hh_hsm.o \ - $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_utils.o - - # SW only for now, as we dont have the right protection macros - #$(WOLFHSM_INFINEON_TC3XX)/port/server/ccb_hsm.o \ - #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hash.o \ - #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_aes.o \ - #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_cmac.o \ - #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_pk.o \ - #$(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_trng.o + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_utils.o\ + $(WOLFHSM_INFINEON_TC3XX)/port/server/ccb_hsm.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_hash.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_aes.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_cmac.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_pk.o \ + $(WOLFHSM_INFINEON_TC3XX)/port/server/tchsm_trng.o endif # HSM BSP specific object files diff --git a/hal/aurix_tc3xx.c b/hal/aurix_tc3xx.c index 16255607dd..5b5c9f2997 100644 --- a/hal/aurix_tc3xx.c +++ b/hal/aurix_tc3xx.c @@ -68,7 +68,7 @@ #include "wolfhsm/wh_nvm_flash.h" #include "tchsm_hh_hsm.h" #include "port_halflash_df1.h" - +#include "ccb_hsm.h" #endif #endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || WOLFBOOT_ENABLE_WOLFHSM_SERVER */ @@ -117,8 +117,8 @@ const whNvmId hsmNvmIdCertRootCA = 1; #elif defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) /*WOLFBOOT_ENABLE_WOLFHSM_CLIENT*/ /* map wolfBoot HAL layer wofHSM exports to their tchsm config vals */ -const int hsmDevIdHash = INVALID_DEVID; /*HSM_DEVID once CCB enabled*/ -const int hsmDevIdPubKey = INVALID_DEVID; /*HSM_DEVID once CCB enabled*/ +const int hsmDevIdHash = HSM_DEVID; +const int hsmDevIdPubKey = HSM_DEVID; const whNvmId hsmNvmIdCertRootCA = 1; #ifdef EXT_ENCRYPT #error "AURIX does not support firmware encryption with wolfHSM(yet)" @@ -860,7 +860,7 @@ int hal_hsm_server_init(void) .comm_config = commServerConfig, .nvm = nvmCtx, .crypto = cryptoCtx, - .devId = INVALID_DEVID, /*HSM_DEVID once CCB enabled */ + .devId = HSM_DEVID, }}; rc = wh_Nvm_Init(nvmCtx, nvmCfg); @@ -869,6 +869,12 @@ int hal_hsm_server_init(void) } (void)wolfCrypt_Init(); + rc = wc_CryptoCb_RegisterDevice(HSM_DEVID, hsmCryptoCb, NULL); + if (rc != 0) { + wolfBoot_printf( + "[ERROR] cryptocb registration for HASH failed, rc=%d\n", rc); + wolfBoot_panic(); + } rc = wc_InitRng_ex(cryptoCtx->rng, NULL, INVALID_DEVID); if (rc != WH_ERROR_OK) { From 3d7138febb4f95cd3c8a6be1261db0a7b2296afe Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 23 Apr 2026 13:42:13 -0600 Subject: [PATCH 10/12] enable WOLFBOOT_IMG_HASH_ONESHOT for all AURIX configs --- config/examples/aurix-tc375-ecc.config | 1 + config/examples/aurix-tc375-elf-ecc.config | 1 + config/examples/aurix-tc375-elf-wolfHSM-certs-ecc.config | 1 + config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config | 1 + config/examples/aurix-tc375-elf-wolfHSM-ecc.config | 1 + config/examples/aurix-tc375-hsm-ecc.config | 1 + .../aurix-tc375-hsm-self-update-wolfHSM-certs-rsa4096.config | 1 + config/examples/aurix-tc375-hsm-wolfHSM-certs-ecc.config | 1 + config/examples/aurix-tc375-hsm-wolfHSM-certs-rsa4096.config | 1 + 9 files changed, 9 insertions(+) diff --git a/config/examples/aurix-tc375-ecc.config b/config/examples/aurix-tc375-ecc.config index 11ab9c0bb9..0f7ac970b1 100644 --- a/config/examples/aurix-tc375-ecc.config +++ b/config/examples/aurix-tc375-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 ARCH_FLASH_OFFSET=0x800A0000 WOLFBOOT_SECTOR_SIZE=0x4000 diff --git a/config/examples/aurix-tc375-elf-ecc.config b/config/examples/aurix-tc375-elf-ecc.config index 2a72217df5..5dc89c7a4f 100644 --- a/config/examples/aurix-tc375-elf-ecc.config +++ b/config/examples/aurix-tc375-elf-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # ELF loading specific configuration ELF=1 diff --git a/config/examples/aurix-tc375-elf-wolfHSM-certs-ecc.config b/config/examples/aurix-tc375-elf-wolfHSM-certs-ecc.config index 7be4b5bb12..07a35b775a 100644 --- a/config/examples/aurix-tc375-elf-wolfHSM-certs-ecc.config +++ b/config/examples/aurix-tc375-elf-wolfHSM-certs-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # wolfHSM options WOLFHSM_CLIENT=1 diff --git a/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config b/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config index 2cefe091a9..303753dd11 100644 --- a/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config +++ b/config/examples/aurix-tc375-elf-wolfHSM-certs-rsa4096.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # wolfHSM options WOLFHSM_CLIENT=1 diff --git a/config/examples/aurix-tc375-elf-wolfHSM-ecc.config b/config/examples/aurix-tc375-elf-wolfHSM-ecc.config index 393f2697f7..fed0044d3e 100644 --- a/config/examples/aurix-tc375-elf-wolfHSM-ecc.config +++ b/config/examples/aurix-tc375-elf-wolfHSM-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 WOLFHSM_CLIENT=1 # ELF loading specific configuration diff --git a/config/examples/aurix-tc375-hsm-ecc.config b/config/examples/aurix-tc375-hsm-ecc.config index 36c4fa0c56..38db3e0b87 100644 --- a/config/examples/aurix-tc375-hsm-ecc.config +++ b/config/examples/aurix-tc375-hsm-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 ARCH_FLASH_OFFSET=0x80028000 WOLFBOOT_SECTOR_SIZE=0x4000 diff --git a/config/examples/aurix-tc375-hsm-self-update-wolfHSM-certs-rsa4096.config b/config/examples/aurix-tc375-hsm-self-update-wolfHSM-certs-rsa4096.config index d014ec4333..8fb9e84788 100644 --- a/config/examples/aurix-tc375-hsm-self-update-wolfHSM-certs-rsa4096.config +++ b/config/examples/aurix-tc375-hsm-self-update-wolfHSM-certs-rsa4096.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # wolfHSM options WOLFHSM_SERVER=1 diff --git a/config/examples/aurix-tc375-hsm-wolfHSM-certs-ecc.config b/config/examples/aurix-tc375-hsm-wolfHSM-certs-ecc.config index db83dcb6e6..9a9bdf7c6d 100644 --- a/config/examples/aurix-tc375-hsm-wolfHSM-certs-ecc.config +++ b/config/examples/aurix-tc375-hsm-wolfHSM-certs-ecc.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # wolfHSM options WOLFHSM_SERVER=1 diff --git a/config/examples/aurix-tc375-hsm-wolfHSM-certs-rsa4096.config b/config/examples/aurix-tc375-hsm-wolfHSM-certs-rsa4096.config index af9feb1525..f4caaa5ed9 100644 --- a/config/examples/aurix-tc375-hsm-wolfHSM-certs-rsa4096.config +++ b/config/examples/aurix-tc375-hsm-wolfHSM-certs-rsa4096.config @@ -16,6 +16,7 @@ FLAGS_INVERT=1 FLASH_MULTI_SECTOR_ERASE=1 DEBUG_UART=1 PRINTF_ENABLED=1 +WOLFBOOT_IMG_HASH_ONESHOT=1 # wolfHSM options WOLFHSM_SERVER=1 From bcb13d327e1c112d2a35567c36611d5f5ac1e9d4 Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 23 Apr 2026 13:44:25 -0600 Subject: [PATCH 11/12] increase size --- tools/test.mk | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/test.mk b/tools/test.mk index 82a9d5ffbb..f7dc713c27 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -1187,7 +1187,7 @@ test-all: clean test-size-all: make test-size SIGN=NONE LIMIT=5066 NO_ARM_ASM=1 make keysclean - make test-size SIGN=ED25519 LIMIT=11818 NO_ARM_ASM=1 + make test-size SIGN=ED25519 LIMIT=11820 NO_ARM_ASM=1 make keysclean make test-size SIGN=ECC256 LIMIT=18944 NO_ARM_ASM=1 make clean @@ -1213,11 +1213,11 @@ test-size-all: make keysclean make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \ WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \ - IMAGE_HEADER_SIZE?=5288 LIMIT=7798 NO_ARM_ASM=1 + IMAGE_HEADER_SIZE?=5288 LIMIT=7828 NO_ARM_ASM=1 make keysclean make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \ IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \ - LIMIT=8658 NO_ARM_ASM=1 + LIMIT=8688 NO_ARM_ASM=1 make keysclean make clean make test-size SIGN=ML_DSA ML_DSA_LEVEL=2 LIMIT=19800 \ From dc558c2fff99bd0afe1b1039875b3495a210c05f Mon Sep 17 00:00:00 2001 From: Brett Nicholas <7547222+bigbrett@users.noreply.github.com> Date: Thu, 23 Apr 2026 13:47:23 -0600 Subject: [PATCH 12/12] set TC3 ARCH_FLASH_OFFSET with ?= --- arch.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/arch.mk b/arch.mk index a43c4b018c..f18cda3633 100644 --- a/arch.mk +++ b/arch.mk @@ -1568,7 +1568,7 @@ ifeq ($(ARCH), AURIX_TC3) endif ifeq ($(AURIX_TC3_HSM),1) - ARCH_FLASH_OFFSET=0x80028000 + ARCH_FLASH_OFFSET?=0x80028000 # HSM compiler flags, build options, source code, etc ifeq ($(USE_GCC),1) # Just arm-none-eabi-gcc for now @@ -1635,7 +1635,7 @@ ifeq ($(ARCH), AURIX_TC3) else # Tricore compiler settings - ARCH_FLASH_OFFSET=0x800A0000 + ARCH_FLASH_OFFSET?=0x800A0000 ifeq ($(USE_GCC),1) HT_ROOT?=/opt/hightec/gnutri_v4.9.4.1-11fcedf-lin64 CROSS_COMPILE?=$(HT_ROOT)/bin/tricore-