Skip to content

Vorago demo #683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dgarske wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Vorago demo #683

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
d0fe98b
Fixes for portability
dgarske Feb 9, 2026
bc4494f
Add option to enable wolfCrypt test/benchmark to test-app
dgarske Feb 10, 2026
a2d630f
Add some checking if partition size is too large
dgarske Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ endif

# Environment variables for sign tool
SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) \
WOLFBOOT_PARTITION_SIZE=$(WOLFBOOT_PARTITION_SIZE) \
WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE) \
ML_DSA_LEVEL=$(ML_DSA_LEVEL) \
IMAGE_SIGNATURE_SIZE=$(IMAGE_SIGNATURE_SIZE) \
Expand Down
16 changes: 11 additions & 5 deletions config/examples/vorago_va416x0.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ DUALBANK_SWAP?=0
PKA?=0
ENCRYPT=0
WOLFTPM?=0
OPTIMIZATION_LEVEL=1
OPTIMIZATION_LEVEL=s

# Optionally allow downgrade to older valid version in update partition
ALLOW_DOWNGRADE?=0
Expand All @@ -45,11 +45,11 @@ NO_ARM_ASM?=0
# Optional: Use smaller SHA512
#CFLAGS_EXTRA+=-DUSE_SLOW_SHA512

# 38KB boot, 108KB partitions, 2KB swap
# Optimized: 46KB wolfboot, 104KB partitions, 2KB swap
WOLFBOOT_SECTOR_SIZE?=0x800
WOLFBOOT_PARTITION_SIZE?=0x1B000
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x9800
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x24800
WOLFBOOT_PARTITION_SIZE?=0x1A000
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0xB800
WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x25800
WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x3F800

# ML-DSA 5: 36KB boot, 96KB partitions, 12KB swap
Expand Down Expand Up @@ -81,3 +81,9 @@ WOLFBOOT_RESTORE_CLOCK?=1
# Optional debugging
#CFLAGS_EXTRA+=-DDEBUG_EXT_FLASH
#CFLAGS_EXTRA+=-DTEST_EXT_FLASH

# Optional: Enable wolfCrypt test and benchmark in test-app
# Uncomment to enable
# Note: Requires ~80-160KB additional flash and ~10-20KB RAM
#WOLFCRYPT_TEST?=1
#WOLFCRYPT_BENCHMARK?=1
97 changes: 80 additions & 17 deletions include/user_settings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,8 @@ extern int tolower(int c);
defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
defined(WOLFCRYPT_SECURE_MODE)

defined(WOLFCRYPT_SECURE_MODE) || \
defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)

# define HAVE_ECC
# define ECC_TIMING_RESISTANT
Expand All @@ -118,6 +118,7 @@ extern int tolower(int c);

/* Some ECC options are disabled to reduce size */
# if !defined(WOLFCRYPT_SECURE_MODE) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
# if !defined(WOLFBOOT_TPM)
Expand All @@ -138,6 +139,7 @@ extern int tolower(int c);
# endif
# else
# define HAVE_ECC_SIGN
# define HAVE_ECC_VERIFY
#ifndef PKCS11_SMALL
# define HAVE_ECC_CDH
#endif
Expand All @@ -147,6 +149,7 @@ extern int tolower(int c);
# define WOLFSSL_HAVE_SP_ECC
# define WOLFSSL_KEY_GEN
# define HAVE_ECC_KEY_EXPORT
# define HAVE_ECC_KEY_IMPORT
# endif

/* SP MATH */
Expand All @@ -160,15 +163,18 @@ extern int tolower(int c);

/* Curve */
# if defined(WOLFBOOT_SIGN_ECC256) || defined(WOLFCRYPT_SECURE_MODE) || \
defined(WOLFBOOT_SIGN_SECONDARY_ECC256)
defined(WOLFBOOT_SIGN_SECONDARY_ECC256) || \
defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
# define HAVE_ECC256
# endif
# if defined(WOLFBOOT_SIGN_ECC384) || \
defined(WOLFBOOT_SIGN_SECONDARY_ECC384) || \
defined(WOLFCRYPT_SECURE_MODE)
defined(WOLFCRYPT_SECURE_MODE) || \
defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
# define HAVE_ECC384
# define WOLFSSL_SP_384
# endif
/* ECC521 only enabled if specifically requested (not for tests - too large) */
# if defined(WOLFBOOT_SIGN_ECC521) || \
defined(WOLFBOOT_SIGN_SECONDARY_ECC521) || \
defined(WOLFCRYPT_SECURE_MODE)
Expand Down Expand Up @@ -219,6 +225,7 @@ extern int tolower(int c);
# define RSA_LOW_MEM
# define WC_ASN_HASH_SHA256
# if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
# define WOLFSSL_RSA_VERIFY_INLINE
Expand Down Expand Up @@ -305,15 +312,17 @@ extern int tolower(int c);
#ifdef WOLFBOOT_HASH_SHA3_384
# define WOLFSSL_SHA3
# if defined(NO_RSA) && !defined(WOLFBOOT_TPM) && \
!defined(WOLFCRYPT_SECURE_MODE)
!defined(WOLFCRYPT_SECURE_MODE) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
# define NO_SHA256
# endif
#endif

#ifdef WOLFBOOT_HASH_SHA384
# define WOLFSSL_SHA384
# if defined(NO_RSA) && !defined(WOLFBOOT_TPM) && \
!defined(WOLFCRYPT_SECURE_MODE)
!defined(WOLFCRYPT_SECURE_MODE) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
# define NO_SHA256
# endif
#ifndef WOLFSSL_SHA512
Expand Down Expand Up @@ -410,7 +419,8 @@ extern int tolower(int c);

#if (defined(WOLFBOOT_TPM_SEAL) && defined(WOLFBOOT_ATA_DISK_LOCK)) || \
defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \
defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) || \
defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
# define WOLFSSL_BASE64_ENCODE
#else
# define NO_CODING
Expand Down Expand Up @@ -464,7 +474,8 @@ extern int tolower(int c);
#endif
#endif

#if !defined(WOLFCRYPT_SECURE_MODE) && !defined(WOLFBOOT_TPM_PARMENC)
#if !defined(WOLFCRYPT_SECURE_MODE) && !defined(WOLFBOOT_TPM_PARMENC) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
#if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
defined(WOLFBOOT_SIGN_ML_DSA)) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
Expand All @@ -473,8 +484,16 @@ extern int tolower(int c);
#define WC_NO_HASHDRBG
#define NO_AES_CBC
#else
#define HAVE_HASHDRBG
#define WOLFSSL_AES_CFB
#if defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
/* Use custom RNG for tests (saves ~7KB vs HASHDRBG) */
#define WC_NO_HASHDRBG
#define CUSTOM_RAND_GENERATE_SEED my_rng_seed_gen
#define CUSTOM_RAND_GENERATE_BLOCK my_rng_seed_gen
extern int my_rng_seed_gen(unsigned char* output, unsigned int sz);
#else
#define HAVE_HASHDRBG
#define WOLFSSL_AES_CFB
#endif
#endif


Expand All @@ -485,11 +504,15 @@ extern int tolower(int c);

#if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE)
# define NO_HMAC
#if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
defined(WOLFBOOT_SIGN_ML_DSA)) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
#define WC_NO_RNG
#endif

#if !defined(WOLFBOOT_TPM) && !defined(WOLFCRYPT_SECURE_MODE) && \
!defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
# if !(defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
defined(WOLFBOOT_SIGN_ML_DSA)) && \
!defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)
# define WC_NO_RNG
# endif
# define WC_NO_HASHDRBG
# define NO_DEV_RANDOM
# if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \
Expand Down Expand Up @@ -534,9 +557,49 @@ extern int tolower(int c);
#define NO_CHECK_PRIVATE_KEY
#define NO_KDF

#define BENCH_EMBEDDED
#define NO_CRYPT_TEST
#define NO_CRYPT_BENCHMARK
/* wolfCrypt Test/Benchmark Configuration */
#ifdef WOLFCRYPT_TEST
/* Skip extended tests to save memory */
#define NO_CRYPT_TEST_EXTENDED
/* Use smaller certificate buffers */
#define USE_CERT_BUFFERS_256
/* Override default NO_CRYPT_TEST */
#undef NO_CRYPT_TEST
#else
#define NO_CRYPT_TEST
#endif

#ifdef WOLFCRYPT_BENCHMARK
/* Embedded benchmark mode */
#ifndef BENCH_EMBEDDED
#define BENCH_EMBEDDED
#endif
/* Override default NO_CRYPT_BENCHMARK */
#undef NO_CRYPT_BENCHMARK
#else
#define NO_CRYPT_BENCHMARK
#endif

/* Common optimizations when test/benchmark enabled */
#if defined(WOLFCRYPT_TEST) || defined(WOLFCRYPT_BENCHMARK)
#define NO_WRITE_TEMP_FILES

/* Enable malloc for test/benchmark (they need dynamic allocation) */
#undef NO_WOLFSSL_MEMORY
#undef WOLFSSL_NO_MALLOC

/* Enable SP math digit operations */
#define WOLFSSL_SP_MUL_D

/* User time functions provided */
#define WOLFSSL_USER_CURRTIME
#define XTIME my_time
extern unsigned long my_time(unsigned long* timer);
#endif

#if !defined(WOLFCRYPT_TEST) && !defined(WOLFCRYPT_BENCHMARK)
#define BENCH_EMBEDDED
#endif

#if defined(WOLFCRYPT_TZ_PSA)
#undef NO_CMAC
Expand Down
8 changes: 5 additions & 3 deletions src/update_flash.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -639,11 +639,13 @@ static int wolfBoot_delta_update(struct wolfBoot_image *boot,
# endif
#endif

/* Reserve space for two sectors in case of NVM_FLASH_WRITEONCE, for redundancy */
/* Max firmware size: partition must hold header + fw + trailer sector(s) */
#ifndef NVM_FLASH_WRITEONCE
#define MAX_UPDATE_SIZE (size_t)((WOLFBOOT_PARTITION_SIZE - WOLFBOOT_SECTOR_SIZE))
#define MAX_UPDATE_SIZE (size_t)((WOLFBOOT_PARTITION_SIZE - \
IMAGE_HEADER_SIZE - WOLFBOOT_SECTOR_SIZE))
#else
#define MAX_UPDATE_SIZE (size_t)((WOLFBOOT_PARTITION_SIZE - (2 *WOLFBOOT_SECTOR_SIZE)))
#define MAX_UPDATE_SIZE (size_t)((WOLFBOOT_PARTITION_SIZE - \
IMAGE_HEADER_SIZE - (2 * WOLFBOOT_SECTOR_SIZE)))
#endif

static int wolfBoot_get_total_size(struct wolfBoot_image* boot,
Expand Down
4 changes: 2 additions & 2 deletions test-app/ARM-va416x0.ld
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
_Min_Heap_Size = 0x00002000; /* required amount of heap */
_Min_Stack_Size = 0x00002000; /* required amount of stack */
_Min_Heap_Size = 0x00003000; /* required amount of heap */
_Min_Stack_Size = 0x00003000; /* required amount of stack */

/* Memory areas */
MEMORY
Expand Down
65 changes: 65 additions & 0 deletions test-app/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,68 @@ ifeq ($(DEBUG_UART),1)
APP_OBJS+=../src/string.o
endif

# wolfCrypt Test and Benchmark Support
WOLFCRYPT_SUPPORT=0

ifeq ($(WOLFCRYPT_TEST),1)
CFLAGS+=-DWOLFCRYPT_TEST
WOLFCRYPT_SUPPORT=1
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/test/test.o
endif

ifeq ($(WOLFCRYPT_BENCHMARK),1)
CFLAGS+=-DWOLFCRYPT_BENCHMARK
WOLFCRYPT_SUPPORT=1
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/benchmark/benchmark.o
endif

ifeq ($(WOLFCRYPT_SUPPORT),1)
# Add support infrastructure
APP_OBJS+=wolfcrypt_support.o
APP_OBJS+=syscalls.o

# Add wolfCrypt core implementation files
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hash.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wc_port.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/logging.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/misc.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/wolfmath.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/memory.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/asn.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/coding.o

# Add SHA implementations (needed for test/benchmark)
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha256.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sha512.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/hmac.o

# Add RNG support (needed for ECC signing and tests)
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/random.o

# Add ECC support (needed by test suite)
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/ecc.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_int.o

# Add SP math implementations for ARM Cortex-M
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_cortexm.o
APP_OBJS+=$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/sp_c32.o

ifneq ($(NO_ARM_ASM),1)
APP_OBJS+= \
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-aes-asm_c.o \
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.o \
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.o \
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.o \
$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.o

CFLAGS+=-DWOLFSSL_ARMASM -DWOLFSSL_ARMASM_NO_HW_CRYPTO -DWOLFSSL_ARMASM_INLINE \
-DWOLFSSL_ARMASM_NO_NEON -DWOLFSSL_ARMASM_THUMB2
endif

CFLAGS+=-DWOLFSSL_USER_SETTINGS
CFLAGS+=-I"$(WOLFBOOT_LIB_WOLFSSL)"
endif

ifeq ($(TZEN),1)
CFLAGS+=-DNONSECURE_APP
CFLAGS+=-I./
Expand Down Expand Up @@ -331,6 +393,9 @@ ifeq ($(TARGET),va416x0)
APP_OBJS+=$(SDK_OBJS)
LSCRIPT_TEMPLATE=ARM-va416x0.ld
APP_OBJS+=../src/keystore.o
# Reduce size: newlib-nano (small printf/snprintf, no float) and section GC
LDFLAGS+=--specs=nano.specs --specs=nosys.specs
CFLAGS+=-ffunction-sections -fdata-sections
endif

ifeq ($(TARGET),sim)
Expand Down
28 changes: 28 additions & 0 deletions test-app/app_va416x0.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,19 @@

#include "../hal/va416x0.h"

/* wolfCrypt test/benchmark support */
#ifdef WOLFCRYPT_TEST
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/test/test.h>
int wolfcrypt_test(void *args);
#endif

#ifdef WOLFCRYPT_BENCHMARK
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfcrypt/benchmark/benchmark.h>
int benchmark_test(void *args);
#endif

/* Vorago HAL includes */
#include "va416xx_hal.h"
#include "va416xx_hal_clkgen.h"
Expand Down Expand Up @@ -151,6 +164,21 @@ void main(void)

print_info();

#ifdef WOLFCRYPT_TEST
wolfBoot_printf("\r\nRunning wolfCrypt tests...\r\n");
wolfCrypt_Init();
wolfcrypt_test(NULL);
wolfCrypt_Cleanup();
wolfBoot_printf("Tests complete.\r\n\r\n");
#endif

#ifdef WOLFCRYPT_BENCHMARK
wolfBoot_printf("Running wolfCrypt benchmarks...\r\n");
wolfCrypt_Init();
benchmark_test(NULL);
wolfCrypt_Cleanup();
wolfBoot_printf("Benchmarks complete.\r\n\r\n");
#endif

if (app_version > 1) {
/* Turn on update LED */
Expand Down
Loading