OTP fixes to include UDS, added tests

Author: danielinux

.github/workflows/trustzone-emulator-tests.yml

@@ -48,3 +48,20 @@ jobs:
         working-directory: test-app/emu-test-apps
         run: |
           TARGET=stm32l5 ./test.sh
+
+      - name: Clean and build test with DICE attestation (stm32h5)
+        run: |
+          make clean distclean
+          cp config/examples/stm32h5-tz-psa.config .config
+          make
+          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 180
+
+      - name: Clean and build test with DICE attestation + OTP (stm32h5)
+        run: |
+          make clean distclean
+          cp config/examples/stm32h5-tz-psa-otp.config .config
+          make
+          make -C tools/keytools/otp TARGET=stm32h5 otp-keystore-primer.bin otp-keystore-gen
+          ./tools/keytools/otp/otp-keystore-gen
+          m33mu tools/keytools/otp/otp-keystore-primer.bin --persist --timeout 10 || true
+          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 180 --persist

hal/uart/uart_drv_stm32h5.c

@@ -130,7 +130,6 @@ int uart_tx(const uint8_t c)
 int uart_rx(uint8_t *c)
 {
     volatile uint32_t reg;
-    int i = 0;
     reg = UART_ISR(USE_UART);
     if (reg & (UART_ENE | UART_EPE | UART_ORE | UART_EFE))
         uart_clear_errors(USE_UART);

include/user_settings.h

@@ -164,12 +164,14 @@ extern int tolower(int c);
 #       define HAVE_ECC256
 #   endif
 #   if defined(WOLFBOOT_SIGN_ECC384) || \
-        defined(WOLFBOOT_SIGN_SECONDARY_ECC384)
+        defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
+        defined(WOLFCRYPT_SECURE_MODE)
 #       define HAVE_ECC384
 #       define WOLFSSL_SP_384
 #   endif
 #   if defined(WOLFBOOT_SIGN_ECC521) || \
-        defined(WOLFBOOT_SIGN_SECONDARY_ECC521)
+        defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
+        defined(WOLFCRYPT_SECURE_MODE)
 #       define HAVE_ECC521
 #       define WOLFSSL_SP_521
 #   endif

options.mk

@@ -616,6 +616,14 @@ endif
 ifeq ($(NO_XIP),1)
   CFLAGS+=-D"NO_XIP"
 endif
+
+ifeq ($(DEBUG_UART),1)
+  CFLAGS+=-DDEBUG_UART
+  UART_DRV_OBJ:=hal/uart/uart_drv_$(UART_TARGET).o
+  ifneq ($(findstring $(UART_DRV_OBJ),$(OBJS)),$(UART_DRV_OBJ))
+    OBJS+=$(UART_DRV_OBJ)
+  endif
+endif
 ifeq ($(NO_QNX),1)
   CFLAGS+=-D"NO_QNX"
 endif
@@ -767,6 +775,7 @@ endif
 
 ifeq ($(WOLFCRYPT_TZ_PSA),1)
   CFLAGS+=-DWOLFCRYPT_TZ_PSA
+  CFLAGS+=-DWOLFCRYPT_SECURE_MODE
   CFLAGS+=-DWOLFSSL_PSA_ENGINE
   CFLAGS+=-DWOLFPSA_CUSTOM_STORE
   CFLAGS+=-DNO_DES3 -DNO_DES3_TLS_SUITES

src/arm_tee_psa_ipc.c

@@ -31,6 +31,7 @@
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfboot/arm_tee_api.h>
 #include <wolfboot/dice.h>
+#include "printf.h"
 
 /* Service IDs/handles aligned with ARM TEE defaults. */
 #define ARM_TEE_CRYPTO_SID   (0x00000080U)
@@ -877,11 +878,15 @@ int32_t arm_tee_psa_call(psa_handle_t handle, int32_t type,
                 return PSA_ERROR_INVALID_ARGUMENT;
             }
 
+            wolfBoot_printf("[ATTEST] GET_TOKEN: challenge_len=%u out_len=%u\r\n",
+                            (unsigned)challenge_vec->len, (unsigned)out_vec[0].len);
             dice_rc = wolfBoot_dice_get_token((const uint8_t *)challenge_vec->base,
                                               challenge_vec->len,
                                               (uint8_t *)out_vec[0].base,
                                               out_vec[0].len,
                                               &token_len);
+            wolfBoot_printf("[ATTEST] GET_TOKEN: dice_rc=%d token_len=%u\r\n",
+                            dice_rc, (unsigned)token_len);
             status = wolfboot_attest_status(dice_rc);
             if (status == PSA_SUCCESS || status == PSA_ERROR_BUFFER_TOO_SMALL) {
                 out_vec[0].len = token_len;
@@ -906,8 +911,12 @@ int32_t arm_tee_psa_call(psa_handle_t handle, int32_t type,
                 }
 
                 challenge_size = (const rot_size_t *)in_vec[0].base;
+                wolfBoot_printf("[ATTEST] GET_TOKEN_SIZE: challenge_size=%u\r\n",
+                                (unsigned)*challenge_size);
                 dice_rc = wolfBoot_dice_get_token_size(*challenge_size,
                                                        &token_size_native);
+                wolfBoot_printf("[ATTEST] GET_TOKEN_SIZE: dice_rc=%d size=%u\r\n",
+                                dice_rc, (unsigned)token_size_native);
                 status = wolfboot_attest_status(dice_rc);
                 if (status != PSA_SUCCESS) {
                     return status;

test-app/app_stm32h5.c

@@ -632,14 +632,6 @@ static int run_attestation_test(void)
         challenge[i] = (uint8_t)i;
     }
 
-    status = psa_initial_attest_get_token_size(sizeof(challenge), &token_size);
-    if (status != PSA_SUCCESS) {
-        printf("attest: token size query failed (%d)\r\n", status);
-        return -1;
-    }
-    printf("attest: token size is %lu bytes\r\n",
-           (unsigned long)token_size);
-
     status = psa_initial_attest_get_token(challenge, sizeof(challenge),
                                           token, sizeof(token), &token_size);
     if (status != PSA_SUCCESS) {
@@ -790,6 +782,13 @@ static int run_psa_boot_attestation(void)
     }
 
     printf("PSA boot attestation: %s\r\n", ret == 0 ? "success" : "failed");
+
+    if (ret == 0)
+        asm volatile ("bkpt #0x7f");
+    else 
+        asm volatile ("bkpt #0x7e");
+
+
     return ret;
 }
 #endif

tools/keytools/otp/Makefile

@@ -8,6 +8,7 @@ ifeq ($(V),0)
 endif
 
 WOLFBOOT_LIB_WOLFSSL?=../../../lib/wolfssl
+OTP_GEN_DEFS=
 
 TARGET?=none
 ARCH?=ARM
@@ -16,7 +17,7 @@ CFLAGS+=-O0 -ggdb
 CFLAGS+=-I. -I../../../ -I../../../include -I$(WOLFBOOT_LIB_WOLFSSL) \
     -I$(WOLFBOOT_LIB_WOLFSSL)/wolfssl
 CFLAGS+=-I./wcs
-CFLAGS+=-DFLASH_OTP_KEYSTORE -D__FLASH_OTP_PRIMER -DWOLFSSL_USER_SETTINGS
+CFLAGS+=-DFLASH_OTP_KEYSTORE -D__FLASH_OTP_PRIMER -DWOLFSSL_USER_SETTINGS -DWOLFCRYPT_SECURE_MODE
 PRI_KS_OBJS+=startup.o otp-keystore-primer.o ../../../src/keystore.o
 
 ifeq ($(HASH),SHA256)
@@ -35,11 +36,13 @@ ifeq ($(TARGET),stm32h7)
     CFLAGS+=-DTARGET_stm32h7
     CFLAGS+=-mcpu=cortex-m7 -ffunction-sections -fdata-sections -fno-common -ffreestanding -nostartfiles
     PRI_KS_OBJS+=stm32h7.o
+    OTP_GEN_DEFS+=-DTARGET_stm32h7
 endif
 ifeq ($(TARGET),stm32h5)
     CFLAGS+=-DTARGET_stm32h5
     CFLAGS+=-mcpu=cortex-m33 -ffunction-sections -fdata-sections -fno-common -ffreestanding -nostartfiles
-    PRI_KS_OBJS+=stm32h5.o
+    PRI_KS_OBJS+=stm32h5.o stm32_tz.o
+    OTP_GEN_DEFS+=-DTARGET_stm32h5
 endif
 CC=$(CROSS_COMPILE)gcc
 OBJCOPY?=$(CROSS_COMPILE)objcopy
@@ -54,7 +57,7 @@ all: otp-keystore-primer.bin otp-keystore-gen
 otp-keystore-gen: otp-keystore-gen.c
 	gcc -o $@ otp-keystore-gen.c ../../../src/keystore.c -I. -I../../../ \
         -I../../../include -I$(WOLFBOOT_LIB_WOLFSSL) \
-        -I$(WOLFBOOT_LIB_WOLFSSL)/wolfssl -DFLASH_OTP_KEYSTORE
+        -I$(WOLFBOOT_LIB_WOLFSSL)/wolfssl -DFLASH_OTP_KEYSTORE $(OTP_GEN_DEFS)
 
 
 otp-keystore-primer.bin: otp-keystore-primer.elf
@@ -74,6 +77,9 @@ stm32h7.o: ../../../hal/stm32h7.c
 stm32h5.o: ../../../hal/stm32h5.c
 	$(Q)$(CC) $(CFLAGS) -c -o $@ $<
 
+stm32_tz.o: ../../../hal/stm32_tz.c
+	$(Q)$(CC) $(CFLAGS) -c -o $@ $<
+
 
 
 

tools/keytools/otp/otp-keystore-gen.c

@@ -30,8 +30,8 @@
 #include <unistd.h>
 #include <errno.h>
 
-/* Define a generic max OTP size to appease otp_keystore.h */
-#ifndef OTP_SIZE
+/* Define a generic max OTP size to appease otp_keystore.h when no target is set. */
+#if !defined(OTP_SIZE) && !defined(TARGET_stm32h7) && !defined(TARGET_stm32h5)
 #define OTP_SIZE 4096
 #endif
 
@@ -51,6 +51,11 @@ int main(void)
     uint32_t tot_len;
     int ofd;
     int slot_size;
+    uint8_t *otp_buf = NULL;
+    uint8_t uds[OTP_UDS_LEN];
+    size_t offset;
+    int rand_fd;
+    ssize_t rlen;
 
     memcpy(hdr.keystore_hdr_magic, KEYSTORE_HDR_MAGIC, 8);
     hdr.item_count = n_keys;
@@ -68,31 +73,65 @@ int main(void)
     slot_size += KEYSTORE_HDR_SIZE;
     fprintf(stderr, "Slot size: %d\n", slot_size);
     fprintf(stderr, "Number of slots: %d\n", n_keys);
-    fprintf(stderr, "%s size: %d\n", outfile, (slot_size * n_keys) +
-        (int)sizeof(struct wolfBoot_otp_hdr));
+    tot_len = (uint32_t)sizeof(struct wolfBoot_otp_hdr) +
+        (uint32_t)(slot_size * n_keys);
+    fprintf(stderr, "%s keystore size: %u\n", outfile, tot_len);
+    if (tot_len > OTP_UDS_OFFSET) {
+        fprintf(stderr,
+            "Error: keystore size %u exceeds OTP UDS offset %u\n",
+            tot_len, (unsigned)OTP_UDS_OFFSET);
+        exit(1);
+    }
+
+    otp_buf = (uint8_t *)malloc(OTP_SIZE);
+    if (otp_buf == NULL) {
+        fprintf(stderr, "Error: out of memory allocating OTP buffer\n");
+        exit(1);
+    }
+    memset(otp_buf, 0xFF, OTP_SIZE);
+
+    memcpy(otp_buf, &hdr, sizeof(hdr));
 
     ofd = open(outfile, O_WRONLY|O_CREAT|O_TRUNC, 0600);
     if (ofd < 0) {
         perror("opening output file");
+        free(otp_buf);
         exit(2);
     }
 
-    /* Write the header to the beginning of the OTP binary file */
-    if (write(ofd, &hdr, sizeof(hdr)) != sizeof(hdr)) {
-        fprintf(stderr, "Error writing to %s: %s\n", outfile, strerror(errno));
-    }
-
     for (i = 0; i < n_keys; i++) {
         /* Write each public key to its slot in OTP */
-        if (write(ofd, &PubKeys[i],
-                slot_size) < 0) {
-            fprintf(stderr, "Error adding key %d to %s: %s\n", i, outfile,
-                strerror(errno));
-            exit(3);
-        }
+        offset = sizeof(hdr) + (size_t)i * (size_t)slot_size;
+        memcpy(otp_buf + offset, &PubKeys[i], (size_t)slot_size);
+    }
+
+    rand_fd = open("/dev/urandom", O_RDONLY);
+    if (rand_fd < 0) {
+        perror("opening /dev/urandom");
+        close(ofd);
+        free(otp_buf);
+        exit(4);
+    }
+    rlen = read(rand_fd, uds, sizeof(uds));
+    close(rand_fd);
+    if (rlen != (ssize_t)sizeof(uds)) {
+        fprintf(stderr, "Error: failed to read random UDS (%zd)\n", rlen);
+        close(ofd);
+        free(otp_buf);
+        exit(5);
+    }
+
+    memcpy(otp_buf + OTP_UDS_OFFSET, uds, sizeof(uds));
+
+    if (write(ofd, otp_buf, OTP_SIZE) != OTP_SIZE) {
+        fprintf(stderr, "Error writing to %s: %s\n", outfile, strerror(errno));
+        close(ofd);
+        free(otp_buf);
+        exit(3);
     }
     fprintf(stderr, "%s successfully created.\nGoodbye.\n", outfile);
     close(ofd);
+    free(otp_buf);
 
     return 0;
 }

zephyr/src/arm_tee_attest_api.c

@@ -21,6 +21,8 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+#include <stdio.h>
+
 #include "psa/initial_attestation.h"
 #include "psa/client.h"
 #include "psa_manifest/sid.h"
@@ -42,10 +44,14 @@ psa_initial_attest_get_token(const uint8_t *auth_challenge,
         { token_buf, token_buf_size }
     };
 
+    printf("[ATTEST-NS] get_token: chal=%u buf=%u\r\n",
+           (unsigned)challenge_size, (unsigned)token_buf_size);
     status = psa_call(ARM_TEE_ATTESTATION_SERVICE_HANDLE,
                       ARM_TEE_ATTEST_GET_TOKEN,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
+    printf("[ATTEST-NS] get_token: status=%ld len=%u\r\n",
+           (long)status, (unsigned)out_vec[0].len);
 
     if (status == PSA_SUCCESS && token_size != NULL) {
         *token_size = out_vec[0].len;
@@ -78,10 +84,14 @@ psa_initial_attest_get_token_size(size_t challenge_size,
         return PSA_ERROR_INVALID_ARGUMENT;
     }
 
+    printf("[ATTEST-NS] get_token_size: chal=%u\r\n",
+           (unsigned)challenge_size);
     status = psa_call(ARM_TEE_ATTESTATION_SERVICE_HANDLE,
                       ARM_TEE_ATTEST_GET_TOKEN_SIZE,
                       in_vec, IOVEC_LEN(in_vec),
                       out_vec, IOVEC_LEN(out_vec));
+    printf("[ATTEST-NS] get_token_size: status=%ld size=%u\r\n",
+           (long)status, (unsigned)token_size_param);
 
     *token_size = token_size_param;