From 6c318381be524b6689c8830acc969376755b5df2 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Sat, 8 Nov 2025 12:11:09 -0800 Subject: [PATCH 1/2] Improve otp_keystore checks, add explicit TARGET_sim check --- include/otp_keystore.h | 42 ++++++++++------ tools/keytools/otp/hal_host_sim_stub.c | 66 ++++++++++++++++++++++++++ tools/keytools/otp/hal_host_sim_stub.h | 45 ++++++++++++++++++ 3 files changed, 139 insertions(+), 14 deletions(-) create mode 100644 tools/keytools/otp/hal_host_sim_stub.c create mode 100644 tools/keytools/otp/hal_host_sim_stub.h diff --git a/include/otp_keystore.h b/include/otp_keystore.h index d14970a369..df1b6fb8a0 100644 --- a/include/otp_keystore.h +++ b/include/otp_keystore.h @@ -30,10 +30,14 @@ /* Specific includes for supported targets * (needed for OTP_SIZE) */ -#ifdef TARGET_stm32h7 +#if defined(TARGET_stm32h7) #include "hal/stm32h7.h" -#elif defined TARGET_stm32h5 +#elif defined(TARGET_stm32h5) #include "hal/stm32h5.h" +#elif defined(TARGET_sim) + #include "hal_host_sim_stub.h" +#else + #error "Define a target" #endif #include "keystore.h" @@ -47,25 +51,35 @@ #define KEYSTORE_HDR_PACKED #endif -struct KEYSTORE_HDR_PACKED wolfBoot_otp_hdr { - char keystore_hdr_magic[8]; - uint16_t item_count; - uint16_t flags; - uint32_t version; -}; - -static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT"; +#if !defined(OTP_SIZE) || (OTP_SIZE <= 0) + /* See TARGET_[device] */ + #error "WRONG OTP SIZE" +#endif -#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT) +#ifndef SIZEOF_KEYSTORE_SLOT + #error "SIZEOF_KEYSTORE_SLOT must be defined" +#endif -#if (OTP_SIZE == 0) -#error WRONG OTP SIZE +#if (OTP_HDR_SIZE >= OTP_SIZE) + #error "Bad OTP_HDR_SIZE or OTP_SIZE" #endif +#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT) + #if (KEYSTORE_MAX_PUBKEYS < 1) #error "No space for any keystores in OTP with current algorithm" #endif -#endif /* FLASH_OTP_KEYSTORE */ +struct KEYSTORE_HDR_PACKED wolfBoot_otp_hdr { + char keystore_hdr_magic[8]; + uint16_t item_count; + uint16_t flags; + uint32_t version; +}; + +/* KEYSTORE_HDR_MAGIC = "WOLFBOOT" exactly 8 bytes, no nul terminator */ +static const char KEYSTORE_HDR_MAGIC[8] = { 'W','O','L','F','B','O','O','T' }; + +#endif /* FLASH_OTP_KEYSTORE */ #endif /* OTP_KEYSTORE_H */ diff --git a/tools/keytools/otp/hal_host_sim_stub.c b/tools/keytools/otp/hal_host_sim_stub.c new file mode 100644 index 0000000000..e758438468 --- /dev/null +++ b/tools/keytools/otp/hal_host_sim_stub.c @@ -0,0 +1,66 @@ +/* hal_host_sim_stub.c + * + * Helper for storing/retrieving Trust Anchor to/from OTP flash + * + * + * Copyright (C) 2025 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* hal_host_stub.c - host-only placeholders for HAL used by otp-keystore-primer */ +#include +#include +#include +// +//#ifndef HAL_H +//#define HAL_H +///* For host builds, redirect hal.h to our sim stub */ +//#include "hal_host_sim_stub.h" +//#endif + +/* Minimal mirror of what primer expects. If these normally come from hal.h/target.h, + define the bare minimum here so the host build can link. */ +#ifndef FLASH_OTP_BASE +#define FLASH_OTP_BASE 0u +#endif + +void hal_init(void) +{ + /* No hardware on host. */ + fprintf(stderr, "[hal_host_stub] hal_init() called\n"); +} + +/* Return 0 on success like many wolfBoot HAL funcs. Adjust signature to match your hal.h. */ +int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length) +{ + (void)flashAddress; + (void)data; + (void)length; + fprintf(stderr, "[hal_host_stub] hal_flash_otp_write(addr=%lu, len=%lu)\n", + (unsigned long)flashAddress, length); + return 0; +} + +int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length) +{ + (void)flashAddress; + (void)length; + fprintf(stderr, "[hal_host_stub] hal_flash_otp_set_readonly(addr=%lu, len=%lu)\n", + (unsigned long)flashAddress, length); + return 0; +} diff --git a/tools/keytools/otp/hal_host_sim_stub.h b/tools/keytools/otp/hal_host_sim_stub.h new file mode 100644 index 0000000000..25d8b5e581 --- /dev/null +++ b/tools/keytools/otp/hal_host_sim_stub.h @@ -0,0 +1,45 @@ +/* hal_host_sim_stub.f + * + * Helper for storing/retrieving Trust Anchor to/from OTP flash + * + * + * Copyright (C) 2025 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef HAL_HOST_SIM_STUB_H +#define HAL_HOST_SIM_STUB_H + +#include + +#ifndef FLASH_OTP_BASE + #define FLASH_OTP_BASE 0u +#endif + +#ifndef OTP_SIZE + /* Define a generic max OTP size to appease otp_keystore.h */ + #define OTP_SIZE 4096 +#endif + +/* See actual implementation in [WOLFBOOT_ROOT]/hal; Optionally define your own sim stubs: */ + +void hal_init(void); +int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length); +int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length); + +#endif /* HAL_HOST_SIM_STUB_H */ From f797140f1ec5b69298b33760c1e1a407ce7ebe52 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Sun, 9 Nov 2025 09:12:39 -0800 Subject: [PATCH 2/2] Flash OTP missing target is warning, not error. Add TARGET_sim support --- include/otp_keystore.h | 3 +- tools/keytools/otp/hal_host_sim_stub.h | 2 +- tools/keytools/otp/otp-keystore-primer.c | 38 ++++++++++++++++++++++-- 3 files changed, 39 insertions(+), 4 deletions(-) diff --git a/include/otp_keystore.h b/include/otp_keystore.h index df1b6fb8a0..be8df135f6 100644 --- a/include/otp_keystore.h +++ b/include/otp_keystore.h @@ -30,6 +30,7 @@ /* Specific includes for supported targets * (needed for OTP_SIZE) */ +#undef NO_FLASH_OTP_KEYSTORE_TARGET #if defined(TARGET_stm32h7) #include "hal/stm32h7.h" #elif defined(TARGET_stm32h5) @@ -37,7 +38,7 @@ #elif defined(TARGET_sim) #include "hal_host_sim_stub.h" #else - #error "Define a target" + #define NO_FLASH_OTP_KEYSTORE_TARGET #endif #include "keystore.h" diff --git a/tools/keytools/otp/hal_host_sim_stub.h b/tools/keytools/otp/hal_host_sim_stub.h index 25d8b5e581..f560cd8dc9 100644 --- a/tools/keytools/otp/hal_host_sim_stub.h +++ b/tools/keytools/otp/hal_host_sim_stub.h @@ -1,4 +1,4 @@ -/* hal_host_sim_stub.f +/* hal_host_sim_stub.c * * Helper for storing/retrieving Trust Anchor to/from OTP flash * diff --git a/tools/keytools/otp/otp-keystore-primer.c b/tools/keytools/otp/otp-keystore-primer.c index 86fda4e1c3..c67755c85b 100644 --- a/tools/keytools/otp/otp-keystore-primer.c +++ b/tools/keytools/otp/otp-keystore-primer.c @@ -27,6 +27,26 @@ #include "hal.h" #include "otp_keystore.h" +#ifdef NO_FLASH_OTP_KEYSTORE_TARGET + /* See otp_keystore.h */ + #ifndef _MSC_VER + #warning "No device target defined and no TARGET_sim" + #else + #pragma message("Warning: No device target defined and no TARGET_sim") + #endif +#endif + +#ifdef TARGET_sim + #include + #define SIM_PRINTF(...) \ + do { \ + printf(__VA_ARGS__); \ + fflush(stdout); \ + } while (0) + #else + #define SIM_PRINTF(...) do {} while (0) +#endif + extern struct keystore_slot PubKeys[]; void main(void) @@ -37,6 +57,8 @@ void main(void) uint32_t tot_len; hal_init(); + SIM_PRINTF("[primer] hal_init() done\n"); + SIM_PRINTF("[primer] detected %d public key(s)\n", n_keys); memcpy(hdr.keystore_hdr_magic, KEYSTORE_HDR_MAGIC, 8); hdr.item_count = n_keys; @@ -45,13 +67,20 @@ void main(void) /* Sanity check to avoid writing an empty keystore */ if (n_keys < 1) { +#ifdef TARGET_sim + SIM_PRINTF("Error: too few keys (%d), refusing to write\n", n_keys); + exit(1); +#else while(1) ; + /* no exit */ +#endif } /* Write the header to the beginning of the OTP memory */ hal_flash_otp_write(FLASH_OTP_BASE, (uint16_t *)&hdr, sizeof(hdr)); - + SIM_PRINTF("[primer] wrote OTP header at 0x%08lX (size %lu)\n", + (unsigned long)FLASH_OTP_BASE, (unsigned long)sizeof(hdr)); for (i = 0; i < n_keys; i++) { /* Write each public key to its slot in OTP */ hal_flash_otp_write(FLASH_OTP_BASE + @@ -67,8 +96,13 @@ void main(void) #endif (void)tot_len; +#ifdef TARGET_sim + SIM_PRINTF("Done!\n"); + exit(0); +#else /* Done! */ while(1) ; - + /* no exit */ +#endif }