From 4f5ad04a9af383cfb8c8bb517f3a9c86d8948fb6 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 13:11:18 +0200 Subject: [PATCH 1/7] Updated submodule 'wolfssl' to latest master --- lib/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfssl b/lib/wolfssl index 00e42151c..ce9d0e236 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit 00e42151ca061463ba6a95adb2290f678cbca472 +Subproject commit ce9d0e236c8d81a75b55803367b6505a0bd32e98 From c115ed3f159152e0a03a7f6369727af2824600c8 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 13:11:34 +0200 Subject: [PATCH 2/7] Updated footprint limits --- tools/test.mk | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tools/test.mk b/tools/test.mk index ffb1f2ecd..1cd9e20ee 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -991,13 +991,13 @@ test-size-all: make clean make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13480 make keysclean - make test-size SIGN=RSA2048 LIMIT=11124 + make test-size SIGN=RSA2048 LIMIT=11212 make clean - make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11696 + make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11788 make keysclean - make test-size SIGN=RSA4096 LIMIT=11408 + make test-size SIGN=RSA4096 LIMIT=11500 make clean - make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11984 + make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12076 make keysclean make test-size SIGN=ECC384 LIMIT=17504 make clean @@ -1005,9 +1005,9 @@ test-size-all: make keysclean make test-size SIGN=ED448 LIMIT=13408 make keysclean - make test-size SIGN=RSA3072 LIMIT=11264 + make test-size SIGN=RSA3072 LIMIT=11352 make clean - make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11804 + make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11892 make keysclean make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \ WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \ From b65879f9a0c82d799097ceab78dc71c1b6f9b01e Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 9 Oct 2024 14:47:51 +0200 Subject: [PATCH 3/7] Update to wolfssl with PR 8053 --- lib/wolfssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/wolfssl b/lib/wolfssl index ce9d0e236..9c4960f3f 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit ce9d0e236c8d81a75b55803367b6505a0bd32e98 +Subproject commit 9c4960f3fa9913bdc430b67b6d8a0021554e92f9 From 2f78ffdd7be618d1b9c63c92115f8d140e112283 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 11 Oct 2024 08:40:56 +0200 Subject: [PATCH 4/7] New ECC curve spec size (fixes SMALL_STACK + ECC) --- src/xmalloc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/xmalloc.c b/src/xmalloc.c index f4aac6b24..5abb9095f 100644 --- a/src/xmalloc.c +++ b/src/xmalloc.c @@ -70,7 +70,7 @@ struct xmalloc_slot { /* SP MATH */ #ifdef WOLFBOOT_SIGN_ECC256 #define MP_SCHEME "SP ECC256" - #define MP_CURVE_SPECS_SIZE (76) + #define MP_CURVE_SPECS_SIZE (72) #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM #define MP_POINT_SIZE (196) #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 8) @@ -85,7 +85,7 @@ struct xmalloc_slot { #endif /* WOLFBOOT_SIGN_ECC256 */ #ifdef WOLFBOOT_SIGN_ECC384 #define MP_SCHEME "SP ECC384" - #define MP_CURVE_SPECS_SIZE (108) + #define MP_CURVE_SPECS_SIZE (104) #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM #define MP_POINT_SIZE (292) #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 12) @@ -101,7 +101,7 @@ struct xmalloc_slot { #endif /* WOLFBOOT_SIGN_ECC384 */ #ifdef WOLFBOOT_SIGN_ECC521 #define MP_SCHEME "SP ECC521" - #define MP_CURVE_SPECS_SIZE (148) + #define MP_CURVE_SPECS_SIZE (144) #ifdef WOLFSSL_SP_ARM_CORTEX_M_ASM #define MP_POINT_SIZE (412) #define MP_DIGITS_BUFFER_SIZE_0 (MP_DIGIT_SIZE * 18 * 17) From ab6b1bb41649edd8d908786d44f703672047b362 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 11 Oct 2024 10:43:26 +0200 Subject: [PATCH 5/7] Fix qemu-fsp build dep --- .github/workflows/test-x86-fsp-qemu.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-x86-fsp-qemu.yml b/.github/workflows/test-x86-fsp-qemu.yml index afd2edc00..6465c02eb 100644 --- a/.github/workflows/test-x86-fsp-qemu.yml +++ b/.github/workflows/test-x86-fsp-qemu.yml @@ -13,7 +13,7 @@ jobs: - name: install req run: | sudo apt-get update - sudo apt-get install --no-install-recommends -y -q nasm gcc-multilib qemu-system-x86 swtpm + sudo apt-get install --no-install-recommends -y -q nasm gcc-multilib qemu-system-x86 swtpm uuid-dev - name: setup git run: | git config --global user.email "you@example.com" From 855b968d75fa312d55ad690ddb9d9bf8e61337d8 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 11 Oct 2024 14:49:43 +0200 Subject: [PATCH 6/7] Activate debug in sim_tpm tests --- config/examples/sim-tpm-keystore.config | 2 +- config/examples/sim-tpm-measured.config | 2 +- config/examples/sim-tpm-seal.config | 2 +- config/examples/sim-tpm.config | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/examples/sim-tpm-keystore.config b/config/examples/sim-tpm-keystore.config index efd28516a..5bb7193b6 100644 --- a/config/examples/sim-tpm-keystore.config +++ b/config/examples/sim-tpm-keystore.config @@ -3,7 +3,7 @@ TARGET=sim SIGN?=ECC256 HASH?=SHA256 SPI_FLASH=0 -DEBUG=0 +DEBUG=1 WOLFTPM=1 # sizes should be multiple of system page size diff --git a/config/examples/sim-tpm-measured.config b/config/examples/sim-tpm-measured.config index af9319171..cfa124081 100644 --- a/config/examples/sim-tpm-measured.config +++ b/config/examples/sim-tpm-measured.config @@ -3,7 +3,7 @@ TARGET=sim SIGN?=ECC256 HASH?=SHA256 SPI_FLASH=0 -DEBUG=0 +DEBUG=1 WOLFTPM=1 # sizes should be multiple of system page size diff --git a/config/examples/sim-tpm-seal.config b/config/examples/sim-tpm-seal.config index ff1b94961..096ca1d0b 100644 --- a/config/examples/sim-tpm-seal.config +++ b/config/examples/sim-tpm-seal.config @@ -3,7 +3,7 @@ TARGET=sim SIGN?=ECC256 HASH?=SHA256 SPI_FLASH=0 -DEBUG=0 +DEBUG=1 WOLFTPM=1 # sizes should be multiple of system page size diff --git a/config/examples/sim-tpm.config b/config/examples/sim-tpm.config index 95639bf91..42b7405f2 100644 --- a/config/examples/sim-tpm.config +++ b/config/examples/sim-tpm.config @@ -4,7 +4,7 @@ TARGET=sim SIGN?=ECC256 HASH?=SHA256 SPI_FLASH=0 -DEBUG=0 +DEBUG=1 WOLFTPM=1 # enable offloading of asymmetric verify to TPM WOLFBOOT_TPM_VERIFY?=1 From 8386a503f87ffdc3f3bffd6940802eb80e8b44fa Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 11 Oct 2024 20:41:57 +0200 Subject: [PATCH 7/7] Added NO_WOLFSSL_MALLOC --- include/user_settings.h | 1 + lib/wolfssl | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/include/user_settings.h b/include/user_settings.h index 2a1ada3d9..5e9e02209 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -421,6 +421,7 @@ extern int tolower(int c); # define WOLFSSL_SP_NO_DYN_STACK # endif # if !defined(SECURE_PKCS11) +# define NO_WOLFSSL_MEMORY # define WOLFSSL_NO_MALLOC # endif #else diff --git a/lib/wolfssl b/lib/wolfssl index 9c4960f3f..65742c4a7 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit 9c4960f3fa9913bdc430b67b6d8a0021554e92f9 +Subproject commit 65742c4a7a21d58c5a065ae80a1b02541b839e43