Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove compile-time dependencies from key tools #521

Merged
merged 29 commits into from
Dec 5, 2024
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
bf4c801
Test: adding action to build keytools on windows.
dgarske Nov 25, 2024
6c8aafe
Remove keytools dependency on IMAGE_HEADER_SIZE.
danielinux Nov 26, 2024
93866f7
Use minimum 512B of header with delta updates
danielinux Nov 26, 2024
bc5e2ce
Makefile passes IMAGE_HEADER_SIZE to sign tool.
danielinux Nov 26, 2024
97fb3b6
Test: add IMAGE_HEADER_SIZE to sign command
danielinux Nov 26, 2024
75efbd9
Removed all compile-time dependency from keytools
danielinux Nov 26, 2024
4007d14
Added dep to target.h on tpmtools
danielinux Nov 26, 2024
10cdc54
Add env variable to unit test
danielinux Nov 28, 2024
b6d3d4a
Renode test: add V=1
danielinux Nov 28, 2024
a31ddfc
Fixed include order
danielinux Nov 28, 2024
d393577
Fix header size in hybrid mode
danielinux Dec 2, 2024
b0e3000
Added libwolfboot to nrf53 app build
danielinux Dec 2, 2024
137a97f
Correct include order in nrf53 test app
danielinux Dec 2, 2024
05d0e92
Removed forced inflation of header size in `sign`
danielinux Dec 2, 2024
b2bf298
Shorten tests by not re-building keytools
danielinux Dec 2, 2024
04d2ecd
Remove dependency from PQC parameters. Speed up tests.
danielinux Dec 2, 2024
7132a13
Complete generic sign
danielinux Dec 3, 2024
d5e402e
Removing compile-time parameters from keygen
danielinux Dec 3, 2024
5ab6616
keygen: removed compile-time parameters (lms, xmss)
danielinux Dec 3, 2024
51eff3e
Adjusted size for ML_DSA build
danielinux Dec 3, 2024
c3fe505
Fix check on ML_DSA pubkey size at runtime
danielinux Dec 3, 2024
eddf0bd
Progress getting the Windows tools to build.
dgarske Dec 5, 2024
4ac4de5
Fix ML-DSA level comment.
dgarske Dec 5, 2024
8cdefaa
Fix to remove ext_XMS artifact from keytools Makefile. Caused mingw r…
dgarske Dec 5, 2024
29794f2
Update wolfssl submodule to latest master that includes https://githu…
dgarske Dec 5, 2024
35b98e7
Fix the Windows keytools artifact upload.
dgarske Dec 5, 2024
4991eab
Peer review fixes. Default to ML-DSA level 2.
dgarske Dec 5, 2024
6bed80f
ML-DSA default is level 2. The keytools must be able to support all M…
dgarske Dec 5, 2024
fae36f2
Reserve enough size for the ML-DSA public key in gen.
dgarske Dec 5, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .github/workflows/build-keytools-windows.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Build Windows Keytools executables

on:
push:
branches:
- master
pull_request:
branches: [ '*' ]

jobs:
build-windows:
runs-on: windows-latest

steps:
# Step 1: Checkout the repository
- name: Checkout Code
uses: actions/checkout@v3
with:
submodules: true

# Step 2: Setup MSBuild
- name: Setup MSBuild
uses: microsoft/setup-msbuild@v1

# Step 3: Build the solution
- name: Build Solution
shell: cmd
run: |
echo #define WOLFBOOT_SECTOR_SIZE 1024 > include\target.h
MSBuild.exe tools\keytools\wolfBootKeyTools.sln /m /p:Configuration=Release /p:Platform="x64"

# Step 4: Upload executables as artifacts
- name: Upload EXE Artifacts
uses: actions/upload-artifact@v3
with:
name: windows-keytools
path: |
tools\keytools\x64\Release\*.exe
4 changes: 2 additions & 2 deletions .github/workflows/footprint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:

- name: make clean
run: |
make keysclean && make -C tools/keytools clean && rm -f include/target.h
make keysclean && rm -f include/target.h

- name: Install wolfSSL
run: |
Expand All @@ -34,7 +34,7 @@ jobs:

- name: Build key tools
run: |
make -C tools/keytools
make keytools

- name: Build wolfboot and test footprint
run: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-build-sim-tpm.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@ jobs:
with:
submodules: true

- name: make distclean
- name: make keysclean
run: |
make distclean
make keysclean

- name: Select config
run: |
Expand Down
74 changes: 13 additions & 61 deletions .github/workflows/test-powerfail-simulator.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:

- name: make clean
run: |
make distclean
make keysclean

- name: Select config
run: |
Expand Down Expand Up @@ -63,16 +63,12 @@ jobs:
# TEST with NVM_FLASH_WRITEONCE enabled
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with NVM_FLASH_WRITEONCE
run: |
cp config/examples/sim-nvm-writeonce.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-update
Expand Down Expand Up @@ -109,16 +105,12 @@ jobs:
# TEST with NVM_FLASH_WRITEONCE AND FLAGS_HOME enabled
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with NVM_FLASH_WRITEONCE and FLAGS_HOME
run: |
cp config/examples/sim-nvm-writeonce-flags-home.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-update
Expand Down Expand Up @@ -155,16 +147,12 @@ jobs:
# TEST with NVM_FLASH_WRITEONCE AND FLAGS_HOME AND FLAGS_INVERT enabled
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with NVM_FLASH_WRITEONCE and FLAGS_HOME and FLAGS_INVERT
run: |
cp config/examples/sim-nvm-writeonce-flags-home-invert.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-update
Expand Down Expand Up @@ -201,16 +189,12 @@ jobs:
# TEST with DELTA updates
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with DELTA updates
run: |
cp config/examples/sim-delta-update.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-delta-update
Expand Down Expand Up @@ -254,16 +238,12 @@ jobs:
# TEST with encryption (aes128)
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-update.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
Expand Down Expand Up @@ -299,15 +279,11 @@ jobs:
# TEST with encryption (aes128) and delta updates
- name: make clean
run: |
make distclean
make keysclean
- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-delta-update.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-delta-update
Expand Down Expand Up @@ -336,16 +312,12 @@ jobs:
# TEST with encryption (aes128) and NVM_FLASH_WRITEONCE
- name: make clean
run: |
make distclean
make keysclean

- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-nvm-writeonce-update.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-update
Expand Down Expand Up @@ -463,15 +435,11 @@ jobs:
# TEST with encryption (aes128) and NVM_FLASH_WRITEONCE and DELTA updates
- name: make clean
run: |
make distclean
make keysclean
- name: Select config with encrypted updates
run: |
cp config/examples/sim-encrypt-delta-nvm-writeonce-update.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-external-flash-with-enc-delta-update
Expand Down Expand Up @@ -499,15 +467,11 @@ jobs:
# TEST with backup disabled
- name: make clean
run: |
make distclean
make keysclean
- name: Select config with backup disabled
run: |
cp config/examples/sim-nobackup.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-update
Expand All @@ -527,15 +491,11 @@ jobs:
# TEST with backup disabled + NVM_FLASH_WRITEONCE
- name: make clean
run: |
make distclean
make keysclean
- name: Select config with backup disabled + NVM WRITEONCE
run: |
cp config/examples/sim-nobackup-nvm-writeonce.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-update
Expand All @@ -555,15 +515,11 @@ jobs:
# TEST with backup disabled + FLAGS_HOME
- name: make clean
run: |
make distclean
make keysclean
- name: Select config with backup disabled + FLAGS_HOME
run: |
cp config/examples/sim-nobackup-flags-home.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf
run: |
make clean && make test-sim-internal-flash-with-update
Expand All @@ -584,16 +540,12 @@ jobs:
# TEST with FLASH_MULTI_SECTOR_ERASE
- name: make clean
run: |
make distclean
make keysclean

- name: Select config
run: |
cp config/examples/sim.config .config

- name: Build tools
run: |
make -C tools/keytools && make -C tools/bin-assemble

- name: Build wolfboot.elf (FLASH_MULTI_SECTOR_ERASE=1)
run: |
make clean && make test-sim-internal-flash-with-update FLASH_MULTI_SECTOR_ERASE=1
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/test-renode-nrf52.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,12 @@ jobs:
# SIGN=NONE TEST

- name: Renode Tests SIGN=NONE
run: ./tools/renode/docker-test.sh "SIGN=NONE"
run: ./tools/renode/docker-test.sh "SIGN=NONE V=1"
philljj marked this conversation as resolved.
Show resolved Hide resolved


# ECC256 TEST
- name: Renode Tests ECC256
run: ./tools/renode/docker-test.sh "SIGN=ECC256"
run: ./tools/renode/docker-test.sh "SIGN=ECC256 V=1"

# ECC384 TEST
- name: Renode Tests ECC384
Expand Down
Loading
Loading