Merge pull request #431 from danielinux/update-wolfssl-v5.7.0

Updated submodules: wolfSSL-v5.7.0 + wolfTPM latest

Author: dgarske

.github/workflows/footprint.yml

@@ -17,10 +17,8 @@ jobs:
 
       # Get the arm-non-eabi-gcc toolchain
       - name: Install arm-none-eabi-gcc
-        uses: fiam/arm-none-eabi-gcc@v1
-        with:
-          # The arm-none-eabi-gcc release to use.
-          release: "9-2019-q4"
+        run : |
+          sudo apt-get install -y gcc-arm-none-eabi
 
       - name: make clean
         run: |

.github/workflows/test-build-lms.yml

@@ -0,0 +1,62 @@
+name: Wolfboot Reusable Build Workflow
+
+on:
+
+  workflow_call:
+    inputs:
+      arch:
+        required: true
+        type: string
+      config-file:
+        required: true
+        type: string
+      make-args:
+        required: false
+        type: string
+
+jobs:
+
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+
+      - name: Workaround for sources.list
+        run: sudo sed -i 's|http://azure.archive.ubuntu.com/ubuntu/|http://mirror.arizona.edu/ubuntu/|g' /etc/apt/sources.list
+
+      - name: Update repository
+        run: sudo apt-get update
+
+      - name: Install cross compilers
+        run: |
+          sudo apt-get install -y gcc-arm-none-eabi gcc-aarch64-linux-gnu gcc-powerpc-linux-gnu gnu-efi
+
+      - name: Create lib hash-sigs
+        run: |
+          mkdir -p lib/hash-sigs/lib
+
+      - name: Clone hash-sigs repository
+        run: |
+          git clone https://github.com/cisco/hash-sigs.git lib/hash-sigs/src && \
+          cd lib/hash-sigs/src && git checkout b0631b8891295bf2929e68761205337b7c031726 && \
+          git apply ../../../tools/lms/0001-Patch-to-support-wolfBoot-LMS-build.patch && \
+          cd ../../.. 
+
+      - name: make clean
+        run: |
+          make distclean
+
+      - name: Select config
+        run: |
+          cp ${{inputs.config-file}} .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot
+        run: |
+          make ${{inputs.make-args}}

.github/workflows/test-build-sim-tpm.yml

@@ -26,7 +26,7 @@ on:
 jobs:
 
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       # setup ibmswtpm2

.github/workflows/test-configs.yml

@@ -169,6 +169,18 @@ jobs:
       arch: arm
       config-file: ./config/examples/stm32c0.config
 
+  stm32c0-rsa248:
+    uses: ./.github/workflows/test-build.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32c0-rsa2048.config
+
+  stm32c0-lms-8-10-1:
+    uses: ./.github/workflows/test-build-lms.yml
+    with:
+      arch: arm
+      config-file: ./config/examples/stm32c0-lms-8-10-1.config
+
   stm32f4_small_blocks_uart_update_test:
     uses: ./.github/workflows/test-build.yml
     with:

.github/workflows/test-custom-tlv-simulator.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   custom_tlv_simulator_tests:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v3

.github/workflows/test-powerfail-simulator.yml

@@ -8,7 +8,7 @@ on:
 
 jobs:
   powerfail_simulator_tests:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v3

config/examples/stm32c0-lms-8-10-1.config

@@ -0,0 +1,51 @@
+ARCH?=ARM
+TARGET?=stm32c0
+SIGN?=LMS
+LMS_LEVELS=1
+LMS_HEIGHT=10
+LMS_WINTERNITZ=8
+IMAGE_SIGNATURE_SIZE=1456
+IMAGE_HEADER_SIZE=2048
+HASH?=SHA256
+DEBUG?=0
+VTOR?=1
+CORTEX_M0?=1
+NO_ASM?=0
+NO_MPU?=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=1
+WOLFBOOT_VERSION?=0
+V?=0
+SPMATH?=1
+DUALBANK_SWAP?=0
+
+# Enable this to support wolfBoot self-update
+RAM_CODE?=0
+
+# Use slightly smaller SHA2-256
+CFLAGS_EXTRA+=-DUSE_SLOW_SHA256
+
+# Enable this feature for secure memory support
+# Makes the flash sectors for the bootloader unaccessible from the application
+# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
+#CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT
+
+
+#Partition: Boot: 10KB, App, 10KB
+WOLFBOOT_PARTITION_SIZE?=0x2800
+WOLFBOOT_SECTOR_SIZE?=0x800
+#Max WOLFBOOT size is 10KB
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08002800
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x085000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08007800
+
+#Example debugging partition for larger wolfBoot
+#Partition: Boot: 22KB, App, 4K
+#DEBUG?=1
+#WOLFBOOT_PARTITION_SIZE?=0x1000
+#WOLFBOOT_SECTOR_SIZE?=0x800
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08005800
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x08006800
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08007800

config/examples/stm32c0-rsa2048.config

@@ -0,0 +1,46 @@
+ARCH?=ARM
+TARGET?=stm32c0
+SIGN?=RSA2048
+HASH?=SHA256
+DEBUG?=0
+VTOR?=1
+CORTEX_M0?=1
+NO_ASM?=0
+NO_MPU?=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=1
+WOLFBOOT_VERSION?=0
+V?=0
+SPMATH?=1
+DUALBANK_SWAP?=0
+
+# Enable this to support wolfBoot self-update
+RAM_CODE?=0
+
+# Use slightly smaller SHA2-256
+CFLAGS_EXTRA+=-DUSE_SLOW_SHA256
+
+# Enable this feature for secure memory support
+# Makes the flash sectors for the bootloader unaccessible from the application
+# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
+#CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT
+
+
+#Partition: Boot: 12KB, App, 8KB
+WOLFBOOT_PARTITION_SIZE?=0x2000
+WOLFBOOT_SECTOR_SIZE?=0x800
+#Max WOLFBOOT size is 10KB
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08003000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x08005000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08007800
+
+#Example debugging partition for larger wolfBoot
+#Partition: Boot: 22KB, App, 4K
+#DEBUG?=1
+#WOLFBOOT_PARTITION_SIZE?=0x1000
+#WOLFBOOT_SECTOR_SIZE?=0x800
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08005800
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x08006800
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08007800

config/examples/stm32c0.config

@@ -1,8 +1,7 @@
 ARCH?=ARM
 TARGET?=stm32c0
-#Supports ED25519/SHA384 or RSA2048/SHA256
-SIGN?=RSA2048
-HASH?=SHA256
+SIGN?=ED25519
+HASH?=SHA384
 DEBUG?=0
 VTOR?=1
 CORTEX_M0?=1

docs/Targets.md

@@ -444,10 +444,13 @@ mon reset init
 Supports STM32C0x0/STM32C0x1. Instructions are for the STM Nucleo-C031C6 dev board.
 
 Tested build configurations:
-* With RSA2048 and SHA2-256 the code size is 9724 and it boots in under 1 second.
+* With RSA2048 and SHA2-256 the code size is 10988 and it boots in under 1 second.
 * With ED25519 and SHA2-384 the code size is 10024 and takes about 10 seconds for the LED to turn on.
+* With LMS-8-10-1 and SHA2-256 the code size is 8164 on gcc-13 (could fit in 8KB partition)
 
-Example 32KB partitioning on STM32-G070:
+### Example 32KB partitioning on STM32-G070
+
+with ED25519 or LMS-8-10-1:
 
 - Sector size: 2KB
 - Wolfboot partition size: 10KB
@@ -462,11 +465,28 @@ Example 32KB partitioning on STM32-G070:
 #define WOLFBOOT_PARTITION_SWAP_ADDRESS      0x08007800 /* at 30KB */
 ```
 
+with RSA2048:
+
+- Sector size: 2KB
+- Wolfboot partition size: 12KB
+- Application partition size: 8 KB
+- Swap size 2KB
+
+```C
+#define WOLFBOOT_SECTOR_SIZE                 0x800      /* 2 KB */
+#define WOLFBOOT_PARTITION_BOOT_ADDRESS      0x08003000 /* at 12KB */
+#define WOLFBOOT_PARTITION_SIZE              0x2000     /* 8 KB */
+#define WOLFBOOT_PARTITION_UPDATE_ADDRESS    0x08005000 /* at 20KB */
+#define WOLFBOOT_PARTITION_SWAP_ADDRESS      0x08007800 /* at 30KB */
+```
+
 ### Building STM32C0
 
-Reference configuration (see [/config/examples/stm32c0.config](/config/examples/stm32c0.config)).
+Reference configuration files (see [config/examples/stm32c0.config](/config/examples/stm32c0.config),
+[config/examples/stm32c0-rsa2048.config](/config/examples/stm32c0-rsa2048.config) and
+[config/examples/stm32c0-lms-8-10-1.config](/config/examples/stm32c0-lms-8-10-1.config)).
 
-You can copy this to wolfBoot root as `.config`: `cp ./config/examples/stm32c0.config .config`.
+You can copy one of these to wolfBoot root as `.config`: `cp ./config/examples/stm32c0.config .config`.
 To build you can use `make`.
 
 The TARGET for this is `stm32c0`: `make TARGET=stm32c0`.