Cleanup, config rename, documentation

arch.mk

@@ -170,10 +170,9 @@ ifeq ($(CORTEX_M33),1)
   ifeq ($(TZEN),1)
     OBJS+=hal/stm32_tz.o
     CFLAGS+=-mcmse
-    ifeq ($(WCSM),1)
+    ifeq ($(WOLFCRYPT_TZ),1)
       SECURE_OBJS+=./src/wc_callable.o
       SECURE_OBJS+=./lib/wolfssl/wolfcrypt/src/random.o
-      SECURE_OBJS+=./lib/wolfssl/wolfcrypt/src/asn.o
       CFLAGS+=-DWOLFCRYPT_SECURE_MODE
       SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wc_secure_calls.o
     endif

config/examples/stm32l5-wcs-pkcs11.config → config/examples/stm32l5-wolfcrypt-tz.config

@@ -25,5 +25,5 @@ WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x805F800
 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x0807F000
 FLAGS_HOME=0
 DISABLE_BACKUP=0
-WCSM=1
-SECURE_PKCS11=1
+WOLFCRYPT_TZ=1
+WOLFCRYPT_TZ_PKCS11=1

docs/Targets.md

@@ -109,6 +109,9 @@ Example 1MB partitioning on STM32L4
 
 ### Scenario 1: TrustZone Enabled
 
+__NOTE__: to run wolfBoot in secure mode with wolfCrypt as secure crypto engine,
+please refer to [/docs/STM32-TZ.md](/docs/STM32-TZ.md).
+
 #### Example Description
 
 The implementation shows how to switch from secure application to non-secure application,
@@ -150,6 +153,7 @@ SECWM2_PSTRT=0x1  SECWM2_PEND=0x0   No page of internal Flash Bank2 set as secur
 * Linux: `/usr/local/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin/STM32_Programmer_CLI`
 * Mac OS/X: `/Applications/STMicroelectronics/STM32Cube/STM32CubeProgrammer/STM32CubeProgrammer.app/Contents/MacOs/bin/STM32_Programmer_CLI`
 
+
 ### Scenario 2: Trustzone Disabled
 
 #### Example Description

hal/stm32l5.c

@@ -328,7 +328,6 @@ static void periph_unsecure()
     GPIO_SECCFGR(GPIOC_BASE) &= ~(1<<LED_EXTRA_PIN);
 #endif
 
-
     /* Unsecure LPUART1 */
     TZSC_PRIVCFGR1 &= ~(TZSC_PRIVCFG1_LPUARTPRIV);
     GPIO_SECCFGR(GPIOG_BASE) &= ~(1<<UART1_TX_PIN);

include/user_settings.h

@@ -165,6 +165,8 @@ extern int tolower(int c);
     defined(WOLFBOOT_SIGN_RSA3072) || \
     defined(WOLFBOOT_SIGN_RSA4096) || \
     defined(WOLFCRYPT_SECURE_MODE)
+
+
 #   define WC_RSA_BLINDING 
 #   define WC_RSA_DIRECT
 #   define RSA_LOW_MEM
@@ -199,6 +201,13 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_NO_3072
 #       define WOLFSSL_SP_4096
 #   endif
+#   ifdef WOLFCRYPT_SECURE_MODE
+#       undef FP_MAX_BITS
+#       define FP_MAX_BITS (4096 * 2)
+#       define WOLFSSL_SP_2048
+#       define WOLFSSL_SP_3072
+#       define WOLFSSL_SP_4096
+#   endif
 #else
 #   define NO_RSA
 #endif /* RSA */
@@ -383,7 +392,7 @@ extern int tolower(int c);
 #       define WOLFSSL_SP_NO_MALLOC
 #       define WOLFSSL_SP_NO_DYN_STACK
 #   endif
-#   if !defined(ARCH_SIM) && !defined(WOLFCRYPT_SECURE_MODE)
+#   if !defined(ARCH_SIM) && !defined(SECURE_PKCS11)
 #       define WOLFSSL_NO_MALLOC
 #   endif
 #else

options.mk

@@ -189,9 +189,6 @@ ifeq ($(SIGN),ED448)
     endif
   endif
 
-ifeq ($(SECURE_PKCS11),1)
-endif
-
 
   ifneq ($(HASH),SHA3)
     WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/sha3.o
@@ -533,7 +530,7 @@ ifeq ($(WOLFBOOT_HUGE_STACK),1)
   CFLAGS+=-DWOLFBOOT_HUGE_STACK
 endif
 
-ifeq ($(SECURE_PKCS11),1)
+ifeq ($(WOLFCRYPT_TZ_PKCS11),1)
   CFLAGS+=-DSECURE_PKCS11
   CFLAGS+=-DCK_CALLABLE="__attribute__((cmse_nonsecure_entry))"
   CFLAGS+=-Ilib/wolfPKCS11
@@ -549,7 +546,10 @@ ifeq ($(SECURE_PKCS11),1)
 		./lib/wolfPKCS11/src/internal.o \
 		./lib/wolfPKCS11/src/slot.o \
 		./lib/wolfPKCS11/src/wolfpkcs11.o
-  STACK_USAGE=12596
+endif
+
+ifeq ($(WOLFCRYPT_TZ),1)
+  STACK_USAGE=16688
 endif
 
 OBJS+=$(PUBLIC_KEY_OBJS)