Added Vorago VA416x0 wolfBoot support

Added check on image header size and sector size.
Expanded the ML-DSA testing.

Author: dgarske

.github/workflows/test-configs.yml

@@ -463,6 +463,13 @@ jobs:
 
   # TODO: ti-tms570lc435.config requires CCS_ROOT
 
+  # Cannot run on CI without the SDK (see VORAGO_SDK_DIR)
+  # vorago_va416x0_test:
+  #   uses: ./.github/workflows/test-build.yml
+  #   with:
+  #     arch: arm
+  #     config-file: ./config/examples/vorago_va416x0.config
+
   x86_64_efi_test:
     uses: ./.github/workflows/test-build.yml
     with:

.github/workflows/test-renode-nrf52.yml

@@ -61,16 +61,23 @@ jobs:
 
 # LMS TEST
       - name: Renode Tests LMS-8-5-5
-        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288"
+        run: ./tools/renode/docker-test.sh "SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 IMAGE_HEADER_SIZE=5288 WOLFBOOT_SECTOR_SIZE=0x2000"
 
 # XMSS TEST
       - name: Renode Tests XMSS-SHA2_10_256
-        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000"
+        run: ./tools/renode/docker-test.sh "SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE=5000 WOLFBOOT_SECTOR_SIZE=0x2000"
 
-# ML-DSA TEST
+# ML-DSA Level 2 TEST
       - name: Renode Tests ML-DSA-44
-        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840"
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=2 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2420 IMAGE_HEADER_SIZE=4840 WOLFBOOT_SECTOR_SIZE=0x2000"
 
+# ML-DSA Level 3 TEST
+      - name: Renode Tests ML-DSA-65
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=3 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=3309 IMAGE_HEADER_SIZE=8192 WOLFBOOT_SECTOR_SIZE=0x2000"
+
+# ML-DSA Level 5 TEST
+      - name: Renode Tests ML-DSA-87
+        run: ./tools/renode/docker-test.sh "SIGN=ML_DSA ML_DSA_LEVEL=5 WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=4627 IMAGE_HEADER_SIZE=12288 WOLFBOOT_SECTOR_SIZE=0x3000"
 
       - name: Upload Output Dir
         uses: actions/upload-artifact@v4

.github/workflows/test-sunnyday-simulator.yml

@@ -104,12 +104,12 @@ jobs:
       - name: Run dualbank swap simulation
         run: |
           tools/scripts/sim-dualbank-swap-update.sh
-      
+
       - name: Cleanup before WOLFBOOT_SMALL_STACK test
         run: |
           make keysclean
           mv .config.orig .config
-      
+
       - name: Build wolfboot.elf (ECC256, WOLFBOOT_SMALL_STACK)
         run: |
           make clean && make test-sim-internal-flash-with-update SIGN=ECC256 WOLFBOOT_SMALL_STACK=1 SPMATH=1
@@ -617,10 +617,18 @@ jobs:
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-xmss.config
 
-      - name: Run sunny day ML-DSA update test
+      - name: Run sunny day ML-DSA level 2 update test
         run: |
           tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa.config
 
+      - name: Run sunny day ML-DSA level 3 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa3.config
+
+      - name: Run sunny day ML-DSA level 5 update test
+        run: |
+          tools/scripts/sim-pq-sunnyday-update.sh config/examples/sim-ml-dsa5.config
+
       # 64 Bit simulator, Hybrid auth ML_DSA + ECDSA
       #
       - name: make clean

arch.mk

@@ -266,6 +266,26 @@ ifeq ($(ARCH),ARM)
      CFLAGS+=-DWOLFBOOT_USE_STDLIBC
   endif
 
+  ifeq ($(TARGET),va416x0)
+    CFLAGS+=-I$(WOLFBOOT_ROOT)/include/vorago/ \
+            -I$(VORAGO_SDK_DIR)/common/drivers/hdr/ \
+            -I$(VORAGO_SDK_DIR)/common/mcu/hdr/ \
+            -I$(VORAGO_SDK_DIR)/common/utils/hdr/
+    SDK_OBJS=$(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_spi.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_clkgen.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_ioconfig.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_irqrouter.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_uart.o \
+             $(VORAGO_SDK_DIR)/common/drivers/src/va416xx_hal_timer.o \
+             $(VORAGO_SDK_DIR)/common/mcu/src/system_va416xx.o
+    ifeq ($(USE_HAL_SPI_FRAM),1)
+      SDK_OBJS+=$(VORAGO_SDK_DIR)/common/utils/src/spi_fram.o
+      CFLAGS+=-DUSE_HAL_SPI_FRAM
+    endif
+    OBJS+=$(SDK_OBJS)
+  endif
+
 ## Cortex CPU
 
 ifeq ($(CORTEX_A5),1)

config/examples/sim-ml-dsa-ecc-hybrid.config

@@ -13,7 +13,8 @@ SIGN_SECONDARY=ECC384
 
 # sizes should be multiple of system page size
 WOLFBOOT_PARTITION_SIZE=0x40000
-WOLFBOOT_SECTOR_SIZE=0x1000
+# sector size must be larger than IMAGE_HEADER_SIZE
+WOLFBOOT_SECTOR_SIZE=0x2000
 WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
 # if on external flash, it should be multiple of system page size
 WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000

config/examples/sim-ml-dsa.config

@@ -49,7 +49,7 @@ IMAGE_HEADER_SIZE=8192
 # ML_DSA_LEVEL=5
 # IMAGE_SIGNATURE_SIZE=4627
 # IMAGE_HEADER_SIZE=12288
-# This example needsd larger sector size.
+# NOTE: This example needs larger sector size.
 # WOLFBOOT_SECTOR_SIZE=0x3000
 #
 

config/examples/sim-ml-dsa3.config

@@ -0,0 +1,52 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 3:
+ML_DSA_LEVEL=3
+IMAGE_SIGNATURE_SIZE=3309
+IMAGE_HEADER_SIZE=8192
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x2000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/sim-ml-dsa5.config

@@ -0,0 +1,53 @@
+# ML-DSA signature example, based on sim.config example.
+#
+# The acceptable parameter values are those in FIPS 204:
+#
+#   ML_DSA_LEVEL = {2, 3, 5}
+#
+# This corresponds to these security levels (from FIPS 204, Table 1.):
+#
+#               Claimed Security Strength
+#   ML-DSA-44      Category 2
+#   ML-DSA-65      Category 3
+#   ML-DSA-87      Category 5
+#
+# The signature, pub key, and priv key lengths are all a function
+# of this parameter. Refer to this table (from FIPS 204, Table 2.)
+# to configure your IMAGE_SIGNATURE_SIZE:
+#
+#   Table 2. Sizes (in bytes) of keys and signatures of ML-DSA
+#
+#               Private Key   Public Key   Signature Size
+#   ML-DSA-44      2560          1312         2420
+#   ML-DSA-65      4032          1952         3309
+#   ML-DSA-87      4896          2592         4627
+#
+
+ARCH=sim
+TARGET=sim
+SIGN=ML_DSA
+HASH=SHA256
+WOLFBOOT_SMALL_STACK=0
+SPI_FLASH=0
+DEBUG=0
+DELTA_UPDATES=0
+
+#
+# ML-DSA config examples:
+#
+# Category 5:
+ML_DSA_LEVEL=5
+IMAGE_SIGNATURE_SIZE=4627
+IMAGE_HEADER_SIZE=12288
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+# This example needs larger sector size.
+WOLFBOOT_SECTOR_SIZE=0x3000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x20000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x60000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0xA0000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1

config/examples/vorago_va416x0.config

@@ -0,0 +1,78 @@
+ARCH?=ARM
+CORTEX_M4?=1
+TARGET?=va416x0
+
+# ECDSA P384 and SHA384
+SIGN?=ECC384
+HASH?=SHA384
+IMAGE_HEADER_SIZE=512
+
+# ML-DSA Level 5 (87)
+#SIGN=ML_DSA
+#HASH=SHA256
+#ML_DSA_LEVEL=5
+#IMAGE_SIGNATURE_SIZE=4627
+#IMAGE_HEADER_SIZE=12288
+
+WOLFBOOT_VERSION?=1
+ARMORED?=1
+DEBUG?=0
+DEBUG_SYMBOLS?=1
+DEBUG_UART?=1
+VTOR?=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+NO_XIP?=1
+NVM_FLASH_WRITEONCE?=0
+UART_FLASH?=0
+V?=0
+NO_MPU?=1
+RAM_CODE?=0
+SPMATH?=1
+DUALBANK_SWAP?=0
+PKA?=0
+ENCRYPT=0
+WOLFTPM?=0
+OPTIMIZATION_LEVEL=1
+
+# Optionally allow downgrade to older valid version in update partition
+ALLOW_DOWNGRADE?=0
+
+# Use assembly version of ECDSA and SHA
+NO_ASM?=0
+NO_ARM_ASM?=0
+
+# Optional: Use smaller SHA512
+#CFLAGS_EXTRA+=-DUSE_SLOW_SHA512
+
+# 38KB boot, 108KB partitions, 2KB swap
+WOLFBOOT_SECTOR_SIZE?=0x800
+WOLFBOOT_PARTITION_SIZE?=0x1B000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800
+
+# ML-DSA 5: 36KB boot, 104KB partitions, 12KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x3000
+#WOLFBOOT_PARTITION_SIZE?=0x1A000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9000
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x23000
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3D000
+
+# Debug: 64KB boot, 95KB partitions, 2KB swap
+#WOLFBOOT_SECTOR_SIZE?=0x800
+#WOLFBOOT_PARTITION_SIZE?=0x18000
+#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xFC00
+#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x27C00
+#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3FC00
+
+# Vorago SDK common drivers directory
+VORAGO_SDK_DIR?=$(PWD)/../VA416xx_SDK/
+
+# Use Verago FRAM driver
+USE_HAL_SPI_FRAM=1
+
+#CFLAGS_EXTRA+=-DDEBUG_EXT_FLASH
+
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_RAM_SCRUB=1000
+#CFLAGS_EXTRA+=-DWOLFBOOT_EDAC_ROM_SCRUB=125

docs/PQ.md

@@ -26,6 +26,8 @@ In terms of relative tradeoffs:
 See these config files for simulated target examples:
 
 - `config/examples/sim-ml-dsa.config`
+- `config/examples/sim-ml-dsa3.config`
+- `config/examples/sim-ml-dsa5.config`
 - `config/examples/sim-lms.config`
 - `config/examples/sim-xmss.config`
 
@@ -60,15 +62,16 @@ all depend on the parameter set:
 
 ### ML-DSA Config
 
-A new ML-DSA sim example has been added here:
+See ML-DSA sim examples here:
 
 ```
 config/examples/sim-ml-dsa.config
+config/examples/sim-ml-dsa3.config
+config/examples/sim-ml-dsa5.config
 ```
 
 The security category level is configured with `ML_DSA_LEVEL=<num>`, where
-num = 2, 3, 5. Here is an example from the `sim-ml-dsa.config` for category
-2:
+num = 2, 3, 5. Here is an example for level 2:
 
 ```
 # ML-DSA config examples: