Added support for treating external FRAM as internal flash. Added check on image header size and sector size. Expanded the ML-DSA testing. Improved the Vorago build_test scripts to use .config for parameters. Made EDAC parameters build-time macros.

Author: dgarske

.github/workflows/test-sunnyday-simulator.yml

@@ -104,12 +104,12 @@ jobs:
       - name: Run dualbank swap simulation
         run: |
           tools/scripts/sim-dualbank-swap-update.sh
-      
+
       - name: Cleanup before WOLFBOOT_SMALL_STACK test
         run: |
           make keysclean
           mv .config.orig .config
-      
+
       - name: Build wolfboot.elf (ECC256, WOLFBOOT_SMALL_STACK)
         run: |
           make clean && make test-sim-internal-flash-with-update SIGN=ECC256 WOLFBOOT_SMALL_STACK=1 SPMATH=1
@@ -617,10 +617,18 @@ jobs:
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-xmss.config
 
-      - name: Run sunny day ML-DSA update test
+      - name: Run sunny day ML-DSA level 2 update test
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa.config
 
+      - name: Run sunny day ML-DSA level 3 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa3.config
+
+      - name: Run sunny day ML-DSA level 5 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa5.config
+
       # 64 Bit simulator, Hybrid auth ML_DSA + ECDSA
       #
       - name: make clean

config/examples/sim-ml-dsa.config

@@ -49,7 +49,7 @@ IMAGE_HEADER_SIZE=8192
 # ML_DSA_LEVEL=5
 # IMAGE_SIGNATURE_SIZE=4627
 # IMAGE_HEADER_SIZE=12288
-# This example needsd larger sector size.
+# NOTE: This example needs larger sector size.
 # WOLFBOOT_SECTOR_SIZE=0x3000
 #
 

config/examples/sim-ml-dsa3.config

@@ -0,0 +1,52 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 3:
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE=8192
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x2000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-ml-dsa5.config

@@ -0,0 +1,53 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 5:
+ML_DSA_LEVEL=5
+IMAGE_SIGNATURE_SIZE=4627
+IMAGE_HEADER_SIZE=12288
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+# This example needs larger sector size.
+WOLFBOOT_SECTOR_SIZE=0x3000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/vorago_va416x0.config

@@ -1,16 +1,26 @@
 ARCH?=ARM
 CORTEX_M4?=1
 TARGET?=va416x0
+
+# ECDSA P384 and SHA384
 SIGN?=ECC384
 HASH?=SHA384
 IMAGE_HEADER_SIZE=512
+
+# ML-DSA Level 5 (87)
+#SIGN=ML_DSA
+#HASH=SHA256
+#ML_DSA_LEVEL=5
+#IMAGE_SIGNATURE_SIZE=4627
+#IMAGE_HEADER_SIZE=12288
+
 WOLFBOOT_VERSION?=1
 ARMORED?=1
 DEBUG?=0
 DEBUG_SYMBOLS?=1
 DEBUG_UART?=1
 VTOR?=1
-EXT_FLASH?=1
+EXT_FLASH?=0
 SPI_FLASH?=0
 NO_XIP?=1
 NVM_FLASH_WRITEONCE?=0
@@ -35,19 +45,34 @@ NO_ARM_ASM?=0
 # Optional: Use smaller SHA512
 #CFLAGS_EXTRA+=-DUSE_SLOW_SHA512
 
-# 2KB sector
-WOLFBOOT_SECTOR_SIZE?=0x800
-
 # 38KB boot, 108KB partitions, 2KB swap
+WOLFBOOT_SECTOR_SIZE?=0x800
 WOLFBOOT_PARTITION_SIZE?=0x1B000
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
 WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800
 
+# ML-DSA 5: 36KB boot, 104KB partitions, 12KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x3000
+#WOLFBOOT_PARTITION_SIZE?=0x1A000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9000
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x23000
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3D000
+
+# Debug: 64KB boot, 95KB partitions, 2KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x800
+#WOLFBOOT_PARTITION_SIZE?=0x18000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xFC00
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x27C00
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3FC00
+
 # Vorago SDK common drivers directory
 VORAGO_SDK_DIR?=$(PWD)/../VA416xx_SDK/
 
 # Use Verago FRAM driver
 USE_HAL_SPI_FRAM=1
 
 #CFLAGS_EXTRA+=-DDEBUG_EXT_FLASH
+
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_RAM_SCRUB=1000
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_ROM_SCRUB=125

docs/PQ.md

@@ -26,6 +26,8 @@ In terms of relative tradeoffs:
 See these config files for simulated target examples:
 
 - `config/examples/sim-ml-dsa.config`
+- `config/examples/sim-ml-dsa3.config`
+- `config/examples/sim-ml-dsa5.config`
 - `config/examples/sim-lms.config`
 - `config/examples/sim-xmss.config`
 
@@ -60,15 +62,16 @@ all depend on the parameter set:
 
 ### ML-DSA Config
 
-A new ML-DSA sim example has been added here:
+See ML-DSA sim examples here:
 
 ```
 config/examples/sim-ml-dsa.config
+config/examples/sim-ml-dsa3.config
+config/examples/sim-ml-dsa5.config
 ```
 
 The security category level is configured with `ML_DSA_LEVEL=<num>`, where
-num = 2, 3, 5. Here is an example from the `sim-ml-dsa.config` for category
-2:
+num = 2, 3, 5. Here is an example for level 2:
 
 ```
 # ML-DSA config examples:

docs/Targets.md

@@ -3586,12 +3586,12 @@ FLASH: The VA41630 has 256KB of internal SPI FRAM (for the VA41620 its external)
 
 Default flash layout:
 
-| Partition | Size  | Address | Description |
-|-----------|-------|---------|-------------|
-| Boot      | 38KB  | 0x0     | Bootloader partition |
-| Boot      | 108KB | 0x9800  | Boot partition |
-| Update    | 108KB | 0x24800 | Update partition |
-| Swap      | 2KB   | 0x3F800 | Swap area |
+| Partition   | Size  | Address | Description |
+|-------------|-------|---------|-------------|
+| Bootloader  | 38KB  | 0x0     | Bootloader partition |
+| Application | 108KB | 0x9800  | Boot partition |
+| Update      | 108KB | 0x24800 | Update partition |
+| Swap        | 2KB   | 0x3F800 | Swap area |
 
 SRAM: 64KB on-chip SRAM and 256KB on-chip instruction/program memory
 

hal/imx_rt.c

@@ -67,7 +67,6 @@
 
 /* #define DEBUG_EXT_FLASH */
 
-#ifdef __WOLFBOOT
 
 /** Built-in ROM API for bootloaders **/
 
@@ -866,8 +865,6 @@ void hal_prepare_boot(void)
 {
 }
 
-#endif /* __WOLFBOOT */
-
 static int RAMFUNCTION hal_flash_init(void)
 {
     status_t ret = 0;

hal/va416x0.c

@@ -296,28 +296,48 @@ hal_status_t FRAM_Erase(uint8_t spiBank, uint32_t addr, uint32_t len)
 
 void RAMFUNCTION hal_flash_unlock(void)
 {
-
+    /* Enable writes to code memory space */
+    VOR_SYSCONFIG->ROM_PROT |= SYSCONFIG_ROM_PROT_WREN_Msk;
 }
 
 void RAMFUNCTION hal_flash_lock(void)
 {
-
+    /* Disable writes to code memory space */
+    VOR_SYSCONFIG->ROM_PROT &= ~SYSCONFIG_ROM_PROT_WREN_Msk;
 }
 
 int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 {
-    /* no internal flash */
-    (void)address;
-    (void)data;
-    (void)len;
-    return 0;
+    hal_status_t status;
+#ifdef DEBUG_EXT_FLASH
+    wolfBoot_printf("ext write: addr 0x%x, dst 0x%x, len %d\n",
+        address, data, len);
+#endif
+    status = FRAM_Write(ROM_SPI_BANK, address, (uint8_t*)data, len);
+    if (status == hal_status_ok) {
+        /* update the shadow IRAM */
+        memcpy((void*)address, data, len);
+    }
+    else {
+        return -(int)status; /* convert to negative error code */
+    }
+    return len;
 }
 
 int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
 {
-    /* no internal flash */
-    (void)address;
-    (void)len;
+    hal_status_t status;
+#ifdef DEBUG_EXT_FLASH
+    wolfBoot_printf("ext erase: addr 0x%x, len %d\n", address, len);
+#endif
+    status = FRAM_Erase(ROM_SPI_BANK, address, len);
+    if (status == hal_status_ok) {
+        /* update the shadow IRAM */
+        memset((void*)address, 0xFF, len);
+    }
+    else {
+        return -(int)status; /* convert to negative error code */
+    }
     return 0;
 }
 
@@ -461,14 +481,14 @@ void hal_init(void)
     hal_status_t status;
 
 #ifdef __WOLFBOOT /* build for wolfBoot only */
-    /* Configure PLL to set CPU clock to 100MHz */
+    /* Configure PLL to set CPU clock to 100MHz - 40MHz crystal * 2.5 */
     status = HAL_Clkgen_PLL(CLK_CTRL0_XTAL_N_PLL2P5X);
     if (status != hal_status_ok) {
         wolfBoot_printf("HAL_Clkgen_PLL failed\n");
         /* continue anyways */
     }
 
-    /* Disable Watchdog */
+    /* Disable Watchdog - should be already disabled out of reset */
     VOR_WATCH_DOG->WDOGLOCK    = 0x1ACCE551;
     VOR_WATCH_DOG->WDOGCONTROL = 0x0;
     NVIC_ClearPendingIRQ(WATCHDOG_IRQn);
@@ -477,7 +497,7 @@ void hal_init(void)
     SCB->CPACR |= ((0x3 << 20)|(0x3 << 22));
 
     /* Init EDAC */
-    ConfigEdac(1000, 125);
+    ConfigEdac(WOLFBOOT_EDAC_RAM_SCRUB, WOLFBOOT_EDAC_ROM_SCRUB);
 #else
     /* get clock settings and update SystemCoreClock */
     SystemCoreClockUpdate();
@@ -518,6 +538,6 @@ void hal_init(void)
 
 void hal_prepare_boot(void)
 {
-
+    /* Restore clock to hear-beat oscillator */
+    (void)HAL_Clkgen_PLL(CLK_CFG_HBO);
 }
-

hal/va416x0.h

@@ -99,5 +99,13 @@
 #define ROM_SPI_CSN   (0)
 
 
+/* EDAC Configuration defaults */
+#ifndef WOLFBOOT_EDAC_RAM_SCRUB
+    #define WOLFBOOT_EDAC_RAM_SCRUB     1000
+#endif
+#ifndef WOLFBOOT_EDAC_ROM_SCRUB
+    #define WOLFBOOT_EDAC_ROM_SCRUB     125
+#endif
+
 
 #endif /* VA416X0_DEF_INCLUDED */