From 4dda0571c7591457dbd6c787f8a6d0ce8f1cd78c Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 29 May 2024 14:05:20 +0200 Subject: [PATCH 1/2] Fix building PKCS11 Trustzone with any auth algo --- include/otp_keystore.h | 6 ------ include/user_settings.h | 2 +- options.mk | 12 ++++++++++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/otp_keystore.h b/include/otp_keystore.h index 8c66724b0..bf2fadead 100644 --- a/include/otp_keystore.h +++ b/include/otp_keystore.h @@ -58,10 +58,6 @@ struct KEYSTORE_HDR_PACKED wolfBoot_otp_hdr { static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT"; -#if !defined(KEYSTORE_ANY) && (KEYSTORE_PUBKEY_SIZE != KEYSTORE_PUBKEY_SIZE_ECC256) - #error Key algorithm mismatch. Remove old keys via 'make keysclean' -#else - #define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT) #if (OTP_SIZE == 0) @@ -72,8 +68,6 @@ static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT"; #error "No space for any keystores in OTP with current algorithm" #endif -#endif /* KEYSTORE_ANY */ - #endif /* FLASH_OTP_KEYSTORE */ #endif /* OTP_KEYSTORE_H */ diff --git a/include/user_settings.h b/include/user_settings.h index 0eff5fc79..599387962 100644 --- a/include/user_settings.h +++ b/include/user_settings.h @@ -130,7 +130,7 @@ extern int tolower(int c); /* Curve */ -# ifdef WOLFBOOT_SIGN_ECC256 +# if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) # define HAVE_ECC256 # elif defined(WOLFBOOT_SIGN_ECC384) # define HAVE_ECC384 diff --git a/options.mk b/options.mk index 422d9339b..2638d2134 100644 --- a/options.mk +++ b/options.mk @@ -646,8 +646,6 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1) CFLAGS+=-DWP11_HASH_PIN_COST=3 OBJS+=src/pkcs11_store.o OBJS+=src/pkcs11_callable.o - WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/aes.o - WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/rsa.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/pwdbased.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/hmac.o WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/dh.o @@ -656,6 +654,16 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1) ./lib/wolfPKCS11/src/slot.o \ ./lib/wolfPKCS11/src/wolfpkcs11.o STACK_USAGE=16688 + ifneq ($(ENCRYPT),1) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/aes.o + endif + ifeq ($(findstring RSA,$(SIGN)),) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/rsa.o + endif + ifeq ($(findstring ECC,$(SIGN)),) + WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/ecc.o + endif + WOLFCRYPT_OBJS+=$(MATH_OBJS) ./lib/wolfssl/wolfcrypt/src/wolfmath.o endif OBJS+=$(PUBLIC_KEY_OBJS) From 7b3328ff2f8dc5cd2012a7305f9065a6144360b8 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Wed, 29 May 2024 15:18:19 +0200 Subject: [PATCH 2/2] Fix regression with ECC build --- options.mk | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/options.mk b/options.mk index 2638d2134..5622b41f4 100644 --- a/options.mk +++ b/options.mk @@ -663,7 +663,11 @@ ifeq ($(WOLFCRYPT_TZ_PKCS11),1) ifeq ($(findstring ECC,$(SIGN)),) WOLFCRYPT_OBJS+=./lib/wolfssl/wolfcrypt/src/ecc.o endif - WOLFCRYPT_OBJS+=$(MATH_OBJS) ./lib/wolfssl/wolfcrypt/src/wolfmath.o + ifeq ($(findstring RSA,$(SIGN)),) + ifeq ($(findstring ECC,$(SIGN)),) + WOLFCRYPT_OBJS+=$(MATH_OBJS) ./lib/wolfssl/wolfcrypt/src/wolfmath.o + endif + endif endif OBJS+=$(PUBLIC_KEY_OBJS)