Skip to content

Commit 968e5bf

Browse files
authored
Merge pull request #727 from mattia-moffa/20260318-nsc-tzen
NSC veneers when TZEN=1; WOLFCRYPT_TZ_PKCS11 on the NXP MCX N
2 parents 5222385 + 1a6c219 commit 968e5bf

24 files changed

Lines changed: 247 additions & 73 deletions

File tree

.github/workflows/test-configs.yml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,13 @@ jobs:
260260
config-file: ./config/examples/mcxn-tz.config
261261
board-name: frdmmcxn947
262262

263+
nxp_mcxn_wolfcrypt_tz_test:
264+
uses: ./.github/workflows/test-build-mcux-sdk-manifests.yml
265+
with:
266+
arch: arm
267+
config-file: ./config/examples/mcxn-wolfcrypt-tz.config
268+
board-name: frdmmcxn947
269+
263270
nxp_s32k142_test:
264271
uses: ./.github/workflows/test-build.yml
265272
with:

CMakeLists.txt

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -668,7 +668,11 @@ if(ARCH STREQUAL "ARM")
668668
endif()
669669
if(${WOLFBOOT_TARGET} STREQUAL "stm32u5")
670670
set(ARCH_FLASH_OFFSET 0x08000000)
671-
set(WOLFBOOT_ORIGIN ${ARCH_FLASH_OFFSET})
671+
if(TZEN)
672+
set(WOLFBOOT_ORIGIN 0x0C000000)
673+
else()
674+
set(WOLFBOOT_ORIGIN ${ARCH_FLASH_OFFSET})
675+
endif()
672676
endif()
673677

674678
if(${WOLFBOOT_TARGET} STREQUAL "stm32h5")
@@ -696,14 +700,14 @@ if(ARCH STREQUAL "ARM")
696700
list(APPEND WOLFBOOT_COMPILE_OPTIONS -mcmse)
697701
list(APPEND WOLFBOOT_LINK_OPTIONS -mcmse)
698702
endif()
703+
list(APPEND WOLFBOOT_LINK_OPTIONS
704+
-Wl,--cmse-implib
705+
-Wl,--out-implib=${CMAKE_CURRENT_BINARY_DIR}/wolfboot_tz_nsc.o)
699706

700707
# wolfCrypt TrustZone secure mode
701708
if(WOLFCRYPT_TZ)
702709
list(APPEND WOLFBOOT_DEFS WOLFCRYPT_SECURE_MODE)
703710
list(APPEND WOLFBOOT_SOURCES src/wc_callable.c)
704-
list(APPEND WOLFBOOT_LINK_OPTIONS
705-
-Wl,--cmse-implib
706-
-Wl,--out-implib=${CMAKE_CURRENT_BINARY_DIR}/wc_secure_calls.o)
707711

708712
# PKCS11 TrustZone interface
709713
if(WOLFCRYPT_TZ_PKCS11)

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -562,7 +562,7 @@ keys: $(PRIVATE_KEY)
562562

563563
clean:
564564
$(Q)rm -f src/*.o hal/*.o hal/spi/*.o test-app/*.o src/x86/*.o
565-
$(Q)rm -f src/wc_secure_calls.o
565+
$(Q)rm -f src/wolfboot_tz_nsc.o
566566
$(Q)rm -f $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/*.o $(WOLFBOOT_LIB_WOLFTPM)/src/*.o $(WOLFBOOT_LIB_WOLFTPM)/hal/*.o $(WOLFBOOT_LIB_WOLFTPM)/examples/pcr/*.o
567567
$(Q)rm -f $(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/Renesas/*.o
568568
$(Q)rm -f wolfboot.bin wolfboot.elf wolfboot.map test-update.rom wolfboot.hex wolfboot.srec factory.srec

arch.mk

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -360,13 +360,13 @@ else
360360
OBJS+=hal/stm32_tz.o
361361
endif
362362
CFLAGS+=-mcmse
363+
SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wolfboot_tz_nsc.o
363364
ifeq ($(WOLFCRYPT_TZ),1)
364365
CORTEXM_ARM_EXTRA_OBJS=
365366
CORTEXM_ARM_EXTRA_CFLAGS=
366367
SECURE_OBJS+=./src/wc_callable.o
367368
WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o
368369
CFLAGS+=-DWOLFCRYPT_SECURE_MODE
369-
SECURE_LDFLAGS+=-Wl,--cmse-implib -Wl,--out-implib=./src/wc_secure_calls.o
370370
endif
371371
endif # TZEN=1
372372
ifeq ($(SPMATH),1)

cmake/wolfboot.cmake

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,8 +52,8 @@ function(gen_wolfboot_platform_target PLATFORM_NAME LINKER_SCRIPT_TARGET)
5252
${LINKER_SCRIPT_TARGET})
5353

5454
# TrustZone import library (generated by the linker via --out-implib)
55-
if(TZEN AND WOLFCRYPT_TZ)
56-
set(_wcs_implib "${CMAKE_BINARY_DIR}/wc_secure_calls.o")
55+
if(TZEN)
56+
set(_wcs_implib "${CMAKE_BINARY_DIR}/wolfboot_tz_nsc.o")
5757
add_custom_command(TARGET wolfboot_${PLATFORM_NAME} POST_BUILD
5858
BYPRODUCTS "${_wcs_implib}"
5959
COMMAND ${CMAKE_COMMAND} -E true

config/examples/mcxn-tz.config

Lines changed: 16 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ MCUXPRESSO_CPU?=MCXN947VDF_cm33_core0
1010
MCUXPRESSO_DRIVERS?=$(MCUXPRESSO)/devices/MCX/MCXN/MCXN947
1111
MCUXPRESSO_PROJECT_TEMPLATE?=$(MCUXPRESSO)/examples/_boards/frdmmcxn947/project_template
1212
DEBUG?=0
13-
DEBUG_UART?=0
13+
DEBUG_UART?=1
1414
VTOR?=1
1515
CORTEX_M0?=0
1616
CORTEX_M33?=1
@@ -27,29 +27,28 @@ SPMATH?=1
2727
RAM_CODE?=1
2828
DUALBANK_SWAP?=0
2929
PKA?=1
30-
WOLFCRYPT_TZ?=1
3130

3231
# 8KB sectors
3332
WOLFBOOT_SECTOR_SIZE?=0x2000
3433

3534
# Default configuration
36-
# 64KB boot, 80KB keyvault, 8KB NSC, 60KB partitions, 8KB swap
37-
WOLFBOOT_KEYVAULT_ADDRESS?=0x12000
38-
WOLFBOOT_KEYVAULT_SIZE?=0x14000
39-
WOLFBOOT_NSC_ADDRESS?=0x26000
35+
# 40KB boot, no keyvault, 8KB NSC, 64KB partitions, 8KB swap
36+
WOLFBOOT_KEYVAULT_ADDRESS?=0xA000
37+
WOLFBOOT_KEYVAULT_SIZE?=0
38+
WOLFBOOT_NSC_ADDRESS?=0xA000
4039
WOLFBOOT_NSC_SIZE?=0x2000
41-
WOLFBOOT_PARTITION_SIZE?=0xE000
42-
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x28000
43-
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x36000
44-
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x44000
40+
WOLFBOOT_PARTITION_SIZE?=0x10000
41+
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xC000
42+
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x1C000
43+
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x2C000
4544

4645
# Alternate larger configuration for debugging or ARMASM
47-
# 128KB boot, 80KB keyvault, 8KB NSC, 60KB partitions, 8KB swap
46+
# 128KB boot, no keyvault, 8KB NSC, 64KB partitions, 8KB swap
4847
#WOLFBOOT_KEYVAULT_ADDRESS?=0x20000
49-
#WOLFBOOT_KEYVAULT_SIZE?=0x14000
50-
#WOLFBOOT_NSC_ADDRESS?=0x34000
48+
#WOLFBOOT_KEYVAULT_SIZE?=0
49+
#WOLFBOOT_NSC_ADDRESS?=0x20000
5150
#WOLFBOOT_NSC_SIZE?=0x2000
52-
#WOLFBOOT_PARTITION_SIZE?=0xE000
53-
#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x36000
54-
#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x45000
55-
#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x54000
51+
#WOLFBOOT_PARTITION_SIZE?=0x10000
52+
#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x22000
53+
#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x32000
54+
#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x42000
Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
ARCH?=ARM
2+
TZEN?=1
3+
TARGET?=mcxn
4+
SIGN?=ECC384
5+
HASH?=SHA384
6+
MCUXSDK?=1
7+
MCUXPRESSO?=$(PWD)/../NXP/mcuxpresso-sdk/mcuxsdk
8+
MCUXPRESSO_CMSIS?=$(PWD)/../NXP/CMSIS_5/CMSIS
9+
MCUXPRESSO_CPU?=MCXN947VDF_cm33_core0
10+
MCUXPRESSO_DRIVERS?=$(MCUXPRESSO)/devices/MCX/MCXN/MCXN947
11+
MCUXPRESSO_PROJECT_TEMPLATE?=$(MCUXPRESSO)/examples/_boards/frdmmcxn947/project_template
12+
DEBUG?=0
13+
DEBUG_UART?=1
14+
VTOR?=1
15+
CORTEX_M0?=0
16+
CORTEX_M33?=1
17+
NO_ASM?=0
18+
NO_MPU=1
19+
EXT_FLASH?=0
20+
SPI_FLASH?=0
21+
ALLOW_DOWNGRADE?=0
22+
NVM_FLASH_WRITEONCE?=1
23+
NO_ARM_ASM=1
24+
WOLFBOOT_VERSION?=0
25+
V?=0
26+
SPMATH?=1
27+
RAM_CODE?=1
28+
DUALBANK_SWAP?=0
29+
PKA?=1
30+
WOLFCRYPT_TZ?=1
31+
WOLFCRYPT_TZ_PKCS11?=1
32+
33+
# 8KB sectors
34+
WOLFBOOT_SECTOR_SIZE?=0x2000
35+
36+
# Default configuration
37+
# 192KB boot, 96KB keyvault, 8KB NSC, 64KB partitions, 8KB swap
38+
WOLFBOOT_KEYVAULT_ADDRESS?=0x30000
39+
WOLFBOOT_KEYVAULT_SIZE?=0x18000
40+
WOLFBOOT_NSC_ADDRESS?=0x48000
41+
WOLFBOOT_NSC_SIZE?=0x2000
42+
WOLFBOOT_PARTITION_SIZE?=0x10000
43+
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x4A000
44+
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x5A000
45+
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x6A000
46+
47+
# Alternate larger configuration for debugging or ARMASM
48+
# 320KB boot, 96KB keyvault, 8KB NSC, 64KB partitions, 8KB swap
49+
#WOLFBOOT_KEYVAULT_ADDRESS?=0x50000
50+
#WOLFBOOT_KEYVAULT_SIZE?=0x18000
51+
#WOLFBOOT_NSC_ADDRESS?=0x68000
52+
#WOLFBOOT_NSC_SIZE?=0x2000
53+
#WOLFBOOT_PARTITION_SIZE?=0x10000
54+
#WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x6A000
55+
#WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x7A000
56+
#WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x8A000

docs/API.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,6 +78,8 @@ secure domain. For this purpose, wolfBoot provides Non-Secure Callable (NSC)
7878
APIs that allow code running in the non-secure domain to call into the secure
7979
domain managed by wolfBoot.
8080

81+
When `TZEN=1` is enabled, these APIs are available to non-secure applications.
82+
8183
These APIs are listed below.
8284

8385
- `void wolfBoot_nsc_success(void)`: wrapper for `wolfBoot_success()`

docs/Targets.md

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4349,7 +4349,14 @@ cp config/examples/mcxn.config .config`
43494349
make
43504350
```
43514351

4352-
We also provide a TrustZone configuration at `config/examples/mcxn-tz.config`.
4352+
We provide three configuration files:
4353+
- `mcxn.config`: basic configuration file; both wolfBoot and your application
4354+
run in secure world.
4355+
- `mcxn-tz.config`: wolfBoot runs in secure world, your application runs in
4356+
non-secure world.
4357+
- `mcxn-wolfcrypt-tz.config`: same as above, but also includes a non-secure
4358+
callable (NSC) wolfPKCS11 API to perform crypto operations via wolfCrypt and
4359+
access a secure keyvault provided by wolfBoot.
43534360

43544361
### MCX N: Loading the firmware
43554362

hal/mcxn.c

Lines changed: 59 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,11 @@
4040
#include "hal/armv8m_tz.h"
4141
#endif
4242

43+
#ifdef WOLFCRYPT_SECURE_MODE
44+
void hal_trng_init(void);
45+
int hal_trng_get_entropy(unsigned char *out, unsigned int len);
46+
#endif
47+
4348
static flash_config_t pflash;
4449
static uint32_t pflash_sector_size = WOLFBOOT_SECTOR_SIZE;
4550
uint32_t SystemCoreClock;
@@ -104,6 +109,7 @@ void hal_init(void)
104109
#if defined(TZEN) && !defined(NONSECURE_APP)
105110
hal_sau_init();
106111
#endif
112+
107113
}
108114

109115
#ifdef __WOLFBOOT
@@ -207,21 +213,69 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len)
207213
}
208214

209215
#ifdef WOLFCRYPT_SECURE_MODE
210-
/* These functions are stubs for now, because the MCUXpresso SDK doesn't
211-
* implement drivers for the MCXN's TRNG. */
216+
#define ELS_CMD_RND_REQ 24U
217+
212218
void hal_trng_init(void)
213219
{
220+
/* Enable ELS and wait for it to be ready */
221+
ELS->ELS_CTRL = S50_ELS_CTRL_ELS_EN(1);
222+
while (ELS->ELS_STATUS & S50_ELS_STATUS_ELS_BUSY_MASK)
223+
;
214224
}
215225

216226
void hal_trng_fini(void)
217227
{
228+
/* Don't disable ELS, it might be used by other actors */
229+
}
230+
231+
static int els_rnd_req(void *out, uint32_t len)
232+
{
233+
while (ELS->ELS_STATUS & S50_ELS_STATUS_ELS_BUSY_MASK)
234+
;
235+
ELS->ELS_DMA_RES0 = (uint32_t)(uintptr_t)out;
236+
ELS->ELS_DMA_RES0_LEN = len;
237+
ELS->ELS_CMDCFG0 = 0;
238+
ELS->ELS_CTRL = S50_ELS_CTRL_ELS_EN(1)
239+
| S50_ELS_CTRL_ELS_START(1)
240+
| S50_ELS_CTRL_ELS_CMD(ELS_CMD_RND_REQ);
241+
while (ELS->ELS_STATUS & S50_ELS_STATUS_ELS_BUSY_MASK)
242+
;
243+
return (ELS->ELS_STATUS & S50_ELS_STATUS_ELS_ERR_MASK) ? -1 : 0;
218244
}
219245

220246
int hal_trng_get_entropy(unsigned char *out, unsigned int len)
221247
{
222-
(void)out;
223-
(void)len;
224-
return -1;
248+
uint32_t tmp;
249+
250+
/* Handle unaligned head (up to 3 bytes) via temporary word */
251+
if ((uintptr_t)out & 3U) {
252+
uint32_t head = 4U - ((uintptr_t)out & 3U);
253+
if (head > len)
254+
head = len;
255+
if (els_rnd_req(&tmp, 4) != 0)
256+
return -1;
257+
memcpy(out, &tmp, head);
258+
out += head;
259+
len -= head;
260+
}
261+
262+
/* Bulk aligned portion in one request */
263+
if (len >= 4) {
264+
uint32_t aligned_len = len & ~3U;
265+
if (els_rnd_req(out, aligned_len) != 0)
266+
return -1;
267+
out += aligned_len;
268+
len -= aligned_len;
269+
}
270+
271+
/* Handle remaining tail bytes (1-3) via temporary word */
272+
if (len > 0) {
273+
if (els_rnd_req(&tmp, 4) != 0)
274+
return -1;
275+
memcpy(out, &tmp, len);
276+
}
277+
278+
return 0;
225279
}
226280
#endif
227281

0 commit comments

Comments
 (0)