Updated benchmark scripts to run on rpi + stm32h563

.github/workflows/trustzone-emulator-tests.yml

@@ -54,7 +54,7 @@ jobs:
           make clean distclean
           cp config/examples/stm32h5-tz-psa.config .config
           make
-          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 300
+          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 600
 
       - name: Clean and build test with DICE attestation + OTP (stm32h5)
         run: |
@@ -64,4 +64,4 @@ jobs:
           make -C tools/keytools/otp TARGET=stm32h5 otp-keystore-primer.bin otp-keystore-gen
           ./tools/keytools/otp/otp-keystore-gen
           m33mu tools/keytools/otp/otp-keystore-primer.bin --persist --timeout 10 || true
-          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 300 --persist
+          m33mu wolfboot.bin test-app/image_v1_signed.bin:0x60000 --uart-stdout --expect-bkpt 0x7f --timeout 600 --persist

config/examples/stm32h5-no-tz.config

@@ -0,0 +1,34 @@
+ARCH?=ARM
+TZEN?=0
+TARGET?=stm32h5
+SIGN?=ECC256
+HASH?=SHA256
+DEBUG?=0
+VTOR?=1
+CORTEX_M0?=0
+CORTEX_M33?=1
+NO_ASM?=0
+NO_MPU=1
+EXT_FLASH?=0
+SPI_FLASH?=0
+ALLOW_DOWNGRADE?=0
+NVM_FLASH_WRITEONCE?=1
+WOLFBOOT_VERSION?=1
+V?=0
+SPMATH?=1
+RAM_CODE?=0
+DUALBANK_SWAP?=0
+WOLFBOOT_PARTITION_SIZE?=0xA0000
+#Double sector size to fit header in ML-DSA-87
+WOLFBOOT_SECTOR_SIZE?=0x4000
+WOLFBOOT_KEYVAULT_ADDRESS?=0x0C040000
+WOLFBOOT_KEYVAULT_SIZE?=0x1C000
+WOLFBOOT_NSC_ADDRESS?=0x0C05C000
+WOLFBOOT_NSC_SIZE?=0x4000
+WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08060000
+WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x08100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x081A0000
+FLAGS_HOME=0
+DISABLE_BACKUP=0
+IMAGE_HEADER_SIZE?=1024
+ARMORED=1

hal/stm32_tz.c

@@ -311,7 +311,7 @@ void hal_tz_sau_init(void)
             WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE - 1, 0);
 
     /* Non-secure RAM region */
-    sau_init_region(2, 0x20050000, 0x2008FFFF, 0);
+    sau_init_region(2, 0x20050000, 0x2009FFFF, 0);
 
     /* Non-secure: internal peripherals */
     sau_init_region(3, 0x40000000, 0x4FFFFFFF, 0);

include/image.h

@@ -444,6 +444,7 @@ static void __attribute__((noinline)) wolfBoot_image_clear_signature_ok(
         asm volatile("bne hnope"); \
         /* Repeat memcmp call */ \
         compare_res = XMEMCMP(digest, img->sha_hash, WOLFBOOT_SHA_DIGEST_SIZE); \
+        compare_res; \
         /* Redundant checks that ensure the function actually returned 0 */ \
         asm volatile("cmp r0, #0":::"cc"); \
         asm volatile("cmp r0, #0":::"cc"); \

include/loader.h

@@ -32,19 +32,19 @@ extern "C" {
 #define ED25519_IMAGE_SIGNATURE_SIZE (64)
 #define ED448_IMAGE_SIGNATURE_SIZE (114)
 
-#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SECONDARY_SIGN_ECC256)
+#if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFBOOT_SIGN_SECONDARY_ECC256)
 #define ECC_IMAGE_SIGNATURE_SIZE (64)
-#elif defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SECONDARY_SIGN_ECC384)
+#elif defined(WOLFBOOT_SIGN_ECC384) || defined(WOLFBOOT_SIGN_SECONDARY_ECC384)
 #define ECC_IMAGE_SIGNATURE_SIZE (96)
-#elif defined(WOLFBOOT_SIGN_ECC521) || defined(WOLFBOOT_SECONDARY_SIGN_ECC521)
+#elif defined(WOLFBOOT_SIGN_ECC521) || defined(WOLFBOOT_SIGN_SECONDARY_ECC521)
 #define ECC_IMAGE_SIGNATURE_SIZE (132)
 #endif
 
-#if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SECONDARY_SIGN_RSA2048)
+#if defined(WOLFBOOT_SIGN_RSA2048) || defined(WOLFBOOT_SIGN_SECONDARY_RSA2048)
 #define RSA_IMAGE_SIGNATURE_SIZE (256)
-#elif defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SECONDARY_SIGN_RSA3072)
+#elif defined(WOLFBOOT_SIGN_RSA3072) || defined(WOLFBOOT_SIGN_SECONDARY_RSA3072)
 #define RSA_IMAGE_SIGNATURE_SIZE (384)
-#elif defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SECONDARY_SIGN_RSA4096)
+#elif defined(WOLFBOOT_SIGN_RSA4096) || defined(WOLFBOOT_SIGN_SECONDARY_RSA4096)
 #define RSA_IMAGE_SIGNATURE_SIZE (512)
 #endif
 

options.mk

@@ -1,11 +1,21 @@
 WOLFCRYPT_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.o
 USE_GCC?=1
+WOLFBOOT_TEST_FILLER?=0
+WOLFBOOT_TIME_TEST?=0
 
 # Support for Built-in ROT into OTP flash memory
 ifeq ($(FLASH_OTP_KEYSTORE),1)
     CFLAGS+=-D"FLASH_OTP_KEYSTORE"
 endif
 
+ifeq ($(WOLFBOOT_TEST_FILLER),1)
+    CFLAGS+=-D"WOLFBOOT_TEST_FILLER"
+endif
+
+ifeq ($(WOLFBOOT_TIME_TEST),1)
+    CFLAGS+=-D"WOLFBOOT_TIME_TEST"
+endif
+
 # Support for TPM signature verification
 ifeq ($(WOLFBOOT_TPM_VERIFY),1)
   WOLFTPM:=1
@@ -200,7 +210,7 @@ ifeq ($(SIGN),ECC521)
       ifneq ($(SPMATH),1)
         STACK_USAGE=11256
       else
-        STACK_USAGE=8288
+        STACK_USAGE=8480
       endif
     endif
   endif

src/dice/dice.c

@@ -491,7 +491,7 @@ static int wolfboot_dice_fixup_priv(uint8_t *priv, size_t priv_len)
         ret = mp_mod(&k, &order, &mod);
     }
     if (ret == MP_OKAY && mp_iszero(&mod) == MP_YES) {
-        ret = mp_set_int(&mod, 1);
+        ret = mp_set(&mod, 1);
     }
     if (ret == MP_OKAY) {
         XMEMSET(priv, 0, priv_len);

src/image.c

@@ -2183,6 +2183,7 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
     if (SIG_OK(img)) {
         uint8_t *stored_secondary_signature;
         uint16_t stored_secondary_signature_size;
+        uint16_t expected_secondary_signature_size = 0;
         /* Invalidate the signature_ok flag */
         wolfBoot_image_clear_signature_ok(img);
         /* Load the pubkey hint for the secondary key */
@@ -2199,6 +2200,37 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img)
             CONFIRM_MASK_VALID(image_part, key_mask);
             stored_secondary_signature_size = get_header(img,
                     HDR_SECONDARY_SIGNATURE, &stored_secondary_signature);
+            if (stored_secondary_signature_size == 0 ||
+                    stored_secondary_signature == NULL) {
+                return -1;
+            }
+#if defined(WOLFBOOT_SIGN_SECONDARY_ED25519)
+            expected_secondary_signature_size = ED25519_IMAGE_SIGNATURE_SIZE;
+#elif defined(WOLFBOOT_SIGN_SECONDARY_ED448)
+            expected_secondary_signature_size = ED448_IMAGE_SIGNATURE_SIZE;
+#elif defined (WOLFBOOT_SIGN_SECONDARY_RSA2048) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_RSA3072) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_RSA4096) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_RSA2048ENC) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_RSA3072ENC) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_RSA4096ENC)
+            expected_secondary_signature_size = RSA_IMAGE_SIGNATURE_SIZE;
+#elif defined (WOLFBOOT_SIGN_SECONDARY_ECC256) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_ECC384) || \
+      defined (WOLFBOOT_SIGN_SECONDARY_ECC521)
+            expected_secondary_signature_size = ECC_IMAGE_SIGNATURE_SIZE;
+#elif defined(WOLFBOOT_SIGN_SECONDARY_LMS)
+            expected_secondary_signature_size = LMS_IMAGE_SIGNATURE_SIZE;
+#elif defined(WOLFBOOT_SIGN_SECONDARY_XMSS)
+            expected_secondary_signature_size = XMSS_IMAGE_SIGNATURE_SIZE;
+#elif defined(WOLFBOOT_SIGN_SECONDARY_ML_DSA)
+            expected_secondary_signature_size = ML_DSA_IMAGE_SIGNATURE_SIZE;
+#endif
+            if (expected_secondary_signature_size == 0 ||
+                    stored_secondary_signature_size !=
+                    expected_secondary_signature_size) {
+                return -1;
+            }
             wolfBoot_printf("Verification of hybrid signature\n");
             wolfBoot_verify_signature_secondary(key_slot, img,
                     stored_secondary_signature);

test-app/ARM-stm32h5-ns.ld

@@ -1,7 +1,7 @@
 MEMORY
 {
     FLASH (rx) : ORIGIN = @WOLFBOOT_TEST_APP_ADDRESS@, LENGTH = @WOLFBOOT_TEST_APP_SIZE@
-    RAM (rwx) : ORIGIN = 0x20050000, LENGTH = 0x40000
+    RAM (rwx) : ORIGIN = 0x20050000, LENGTH = 0x50000
 }
 
 SECTIONS

test-app/ARM-stm32h5.ld

@@ -1,7 +1,7 @@
 MEMORY
 {
     FLASH (rx) : ORIGIN = @WOLFBOOT_TEST_APP_ADDRESS@, LENGTH = @WOLFBOOT_TEST_APP_SIZE@
-    RAM (rwx) : ORIGIN = 0x30000000, LENGTH = 64K /* Run in lowmem */
+    RAM (rwx) : ORIGIN = 0x30000000, LENGTH = 256K
 }
 
 SECTIONS

test-app/Makefile

@@ -289,10 +289,12 @@ ifeq ($(TARGET),stm32h5)
   LDFLAGS+=-Wl,-gc-sections -Wl,-Map=image.map
   CFLAGS+=-I..
   APP_OBJS+=../hal/uart/uart_drv_$(UART_TARGET).o
-  ifeq ($(FLASH_OTP_KEYSTORE),1)
-    APP_OBJS+=../src/flash_otp_keystore.o
-  else
-    APP_OBJS+=../src/keystore.o
+  ifneq ($(SIGN),NONE)
+    ifeq ($(FLASH_OTP_KEYSTORE),1)
+      APP_OBJS+=../src/flash_otp_keystore.o
+    else
+      APP_OBJS+=../src/keystore.o
+    endif
   endif
 endif
 
@@ -330,7 +332,9 @@ endif
 ifeq ($(TARGET),va416x0)
   APP_OBJS+=$(SDK_OBJS)
   LSCRIPT_TEMPLATE=ARM-va416x0.ld
-  APP_OBJS+=../src/keystore.o
+  ifneq ($(SIGN),NONE)
+    APP_OBJS+=../src/keystore.o
+  endif
 endif
 
 ifeq ($(TARGET),sim)

test-app/app_stm32h5.c

@@ -31,7 +31,9 @@
 #include "hal/stm32h5.h"
 #include "uart_drv.h"
 #include "wolfboot/wolfboot.h"
+#ifndef WOLFBOOT_NO_SIGN
 #include "keystore.h"
+#endif
 #include "target.h"
 
 #ifdef WOLFBOOT_TPM
@@ -76,9 +78,20 @@ static int uart_poll(void);
 #define LED_BOOT_PIN  (4) /* PG4 - Nucleo - Red Led */
 #define LED_USR_PIN   (0) /* PB0 - Nucleo - Green Led */
 #define LED_EXTRA_PIN (4) /* PF4 - Nucleo - Orange Led */
+#define BOOT_TIME_PIN (13) /* PA13 - scope trigger */
+
+#ifdef WOLFBOOT_TEST_FILLER
+#define FILLER_SIZE (64 * 1024)
+static volatile uint8_t filler_data[FILLER_SIZE] = { 0x01, 0x02, 0x03 };
+#endif
 
 #define NVIC_USART3_IRQN (60)
 
+#ifndef GPIOA_MODER
+#define GPIOA_MODER (*(volatile uint32_t *)(GPIOA_BASE + 0x00))
+#define GPIOA_PUPDR (*(volatile uint32_t *)(GPIOA_BASE + 0x0C))
+#define GPIOA_BSRR  (*(volatile uint32_t *)(GPIOA_BASE + 0x18))
+#endif
 
 /* SysTick */
 static uint32_t cpu_freq = 250000000;
@@ -119,6 +132,21 @@ static void boot_led_on(void)
     GPIOG_BSRR |= (1 << (pin));
 }
 
+void boot_time_pin_on_early(void)
+{
+    uint32_t reg;
+    uint32_t pin = BOOT_TIME_PIN;
+
+    RCC_AHB2ENR_CLOCK_ER |= GPIOA_AHB2ENR1_CLOCK_ER;
+    /* Delay after an RCC peripheral clock enabling */
+    reg = RCC_AHB2ENR_CLOCK_ER;
+
+    reg = GPIOA_MODER & ~(0x03 << (pin * 2));
+    GPIOA_MODER = reg | (1 << (pin * 2));
+    GPIOA_PUPDR &= ~(0x03 << (pin * 2));
+    GPIOA_BSRR = (1 << (pin));
+}
+
 static void boot_led_off(void)
 {
     GPIOG_BSRR |= (1 << (LED_BOOT_PIN + 16));
@@ -542,6 +570,7 @@ static int cmd_info(const char *args)
         printf("No image in update partition.\r\n");
     }
 
+#ifndef WOLFBOOT_NO_SIGN
     printf("\r\n");
     printf("Bootloader OTP keystore information\r\n");
     printf("====================================\r\n");
@@ -559,6 +588,10 @@ static int cmd_info(const char *args)
         printf("  ====================================\r\n  ");
         print_hex(keybuf, size, 0);
     }
+#else
+    printf("\r\n");
+    printf("Signing disabled (SIGN=NONE)\r\n");
+#endif
     return 0;
 }
 
@@ -1295,6 +1328,10 @@ void main(void)
     /* Turn on boot LED */
     boot_led_on();
 
+#ifdef WOLFBOOT_TEST_FILLER
+    filler_data[FILLER_SIZE - 1] = 0xAA;
+#endif
+
     /* Enable SysTick */
     systick_enable();
 

test-app/app_stm32h7.c

@@ -363,8 +363,10 @@ void uart_print(const char *s)
     }
 }
 
-#define FILLER_SIZE (100 * 1024)
+#ifdef WOLFBOOT_TEST_FILLER
+#define FILLER_SIZE (64 * 1024)
 static volatile uint8_t filler_data[FILLER_SIZE] = { 0x01, 0x02, 0x03 };
+#endif
 
 void main(void)
 {
@@ -377,7 +379,9 @@ void main(void)
     if (FIRMWARE_A)
         ld3_write(LED_INIT);
 
+#ifdef WOLFBOOT_TEST_FILLER
     filler_data[FILLER_SIZE - 1] = 0xAA;
+#endif
     /* LED Indicator of successful UART initialization. SUCCESS = ON, FAIL = OFF */
     if (uart_setup(115200) < 0)
         ld2_write(LED_OFF);

test-app/emu-test-apps/mcxw71/target.ld.in

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x000FFF00
-    RAM   (rwx) : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x0001C000
+    RAM   (rwx) : ORIGIN = 0x20010000,    LENGTH = 0x00006000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);

test-app/emu-test-apps/nrf5340/target.ld.in

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x000FFF00
-    RAM   (rwx) : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x00080000
+    RAM   (rwx) : ORIGIN = 0x20000000,    LENGTH = 0x00080000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);

test-app/emu-test-apps/stm32h563/target.ld.in

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x001FFF00
-    RAM   (rwx) : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x000A0000
+    RAM   (rwx) : ORIGIN = 0x20050000,    LENGTH = 0x00050000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);

test-app/emu-test-apps/stm32h563/target_v8.ld

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = 0x8060100, LENGTH = 0x001FFF00
-    RAM   (rwx) : ORIGIN = 0x8060100, LENGTH = 0x000A0000
+    RAM   (rwx) : ORIGIN = 0x20050000, LENGTH = 0x00050000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);

test-app/emu-test-apps/stm32l552/target.ld.in

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x0007FF00
-    RAM   (rwx) : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x00040000
+    RAM   (rwx) : ORIGIN = 0x20020000,    LENGTH = 0x00020000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);

test-app/emu-test-apps/stm32u585/target.ld.in

@@ -23,7 +23,7 @@
 MEMORY
 {
     FLASH (rx)  : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x001FFF00
-    RAM   (rwx) : ORIGIN = @FLASH_ORIGIN@, LENGTH = 0x000C0000
+    RAM   (rwx) : ORIGIN = 0x20020000,    LENGTH = 0x00020000
 }
 
 _estack = ORIGIN(RAM) + LENGTH(RAM);