wolfSSL · gojimmypi · Nov 8, 2025 · Nov 9, 2025
diff --git a/include/otp_keystore.h b/include/otp_keystore.h
@@ -30,10 +30,15 @@
 /* Specific includes for supported targets
  * (needed for OTP_SIZE)
  */
-#ifdef TARGET_stm32h7
+#undef NO_FLASH_OTP_KEYSTORE_TARGET
+#if defined(TARGET_stm32h7)
     #include "hal/stm32h7.h"
-#elif defined TARGET_stm32h5
+#elif defined(TARGET_stm32h5)
     #include "hal/stm32h5.h"
+#elif defined(TARGET_sim)
+    #include "hal_host_sim_stub.h"
+#else
+    #define NO_FLASH_OTP_KEYSTORE_TARGET
 #endif
 
 #include "keystore.h"
@@ -47,25 +52,35 @@
     #define KEYSTORE_HDR_PACKED
 #endif
 
-struct KEYSTORE_HDR_PACKED wolfBoot_otp_hdr {
-    char keystore_hdr_magic[8];
-    uint16_t item_count;
-    uint16_t flags;
-    uint32_t version;
-};
-
-static const char KEYSTORE_HDR_MAGIC[8] = "WOLFBOOT";
+#if !defined(OTP_SIZE) || (OTP_SIZE <= 0)
+    /* See TARGET_[device] */
+    #error "WRONG OTP SIZE"
+#endif
 
-#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT)
+#ifndef SIZEOF_KEYSTORE_SLOT
+    #error "SIZEOF_KEYSTORE_SLOT must be defined"
+#endif
 
-#if (OTP_SIZE == 0)
-#error WRONG OTP SIZE
+#if (OTP_HDR_SIZE >= OTP_SIZE)
+    #error "Bad OTP_HDR_SIZE or OTP_SIZE"
 #endif
 
+#define KEYSTORE_MAX_PUBKEYS ((OTP_SIZE - OTP_HDR_SIZE) / SIZEOF_KEYSTORE_SLOT)
+
 #if (KEYSTORE_MAX_PUBKEYS < 1)
     #error "No space for any keystores in OTP with current algorithm"
 #endif
 
-#endif /* FLASH_OTP_KEYSTORE */ 
+struct KEYSTORE_HDR_PACKED wolfBoot_otp_hdr {
+    char keystore_hdr_magic[8];
+    uint16_t item_count;
+    uint16_t flags;
+    uint32_t version;
+};
+
+/* KEYSTORE_HDR_MAGIC = "WOLFBOOT" exactly 8 bytes, no nul terminator */
+static const char KEYSTORE_HDR_MAGIC[8] = { 'W','O','L','F','B','O','O','T' };
+
+#endif /* FLASH_OTP_KEYSTORE */
 
 #endif /* OTP_KEYSTORE_H */
diff --git a/tools/keytools/otp/hal_host_sim_stub.c b/tools/keytools/otp/hal_host_sim_stub.c
@@ -0,0 +1,66 @@
+/* hal_host_sim_stub.c
+ *
+ * Helper for storing/retrieving Trust Anchor to/from OTP flash
+ *
+ *
+ * Copyright (C) 2025 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* hal_host_stub.c - host-only placeholders for HAL used by otp-keystore-primer */
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+//
+//#ifndef HAL_H
+//#define HAL_H
+///* For host builds, redirect hal.h to our sim stub */
+//#include "hal_host_sim_stub.h"
+//#endif
+
+/* Minimal mirror of what primer expects. If these normally come from hal.h/target.h,
+   define the bare minimum here so the host build can link. */
+#ifndef FLASH_OTP_BASE
+#define FLASH_OTP_BASE 0u
+#endif
+
+void hal_init(void)
+{
+    /* No hardware on host. */
+    fprintf(stderr, "[hal_host_stub] hal_init() called\n");
+}
+
+/* Return 0 on success like many wolfBoot HAL funcs. Adjust signature to match your hal.h. */
+int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length)
+{
+    (void)flashAddress;
+    (void)data;
+    (void)length;
+    fprintf(stderr, "[hal_host_stub] hal_flash_otp_write(addr=%lu, len=%lu)\n",
+        (unsigned long)flashAddress, length);
+    return 0;
+}
+
+int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length)
+{
+    (void)flashAddress;
+    (void)length;
+    fprintf(stderr, "[hal_host_stub] hal_flash_otp_set_readonly(addr=%lu, len=%lu)\n",
+        (unsigned long)flashAddress, length);
+    return 0;
+}
diff --git a/tools/keytools/otp/hal_host_sim_stub.h b/tools/keytools/otp/hal_host_sim_stub.h
@@ -0,0 +1,45 @@
+/* hal_host_sim_stub.c
+ *
+ * Helper for storing/retrieving Trust Anchor to/from OTP flash
+ *
+ *
+ * Copyright (C) 2025 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef HAL_HOST_SIM_STUB_H
+#define HAL_HOST_SIM_STUB_H
+
+#include <stdint.h>
+
+#ifndef FLASH_OTP_BASE
+    #define FLASH_OTP_BASE 0u
+#endif
+
+#ifndef OTP_SIZE
+    /* Define a generic max OTP size to appease otp_keystore.h */
+    #define OTP_SIZE 4096
+#endif
+
+/* See actual implementation in [WOLFBOOT_ROOT]/hal; Optionally define your own sim stubs: */
+
+void hal_init(void);
+int hal_flash_otp_write(uint32_t flashAddress, const void* data, uint16_t length);
+int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length);
+
+#endif /* HAL_HOST_SIM_STUB_H */
diff --git a/tools/keytools/otp/otp-keystore-primer.c b/tools/keytools/otp/otp-keystore-primer.c
@@ -27,6 +27,26 @@
 #include "hal.h"
 #include "otp_keystore.h"
 
+#ifdef NO_FLASH_OTP_KEYSTORE_TARGET
+    /* See otp_keystore.h */
+    #ifndef _MSC_VER
+        #warning "No device target defined and no TARGET_sim"
+    #else
+        #pragma message("Warning: No device target defined and no TARGET_sim")
+    #endif
+#endif
+
+#ifdef TARGET_sim
+    #include <stdio.h>
+    #define SIM_PRINTF(...)         \
+       do {                         \
+           printf(__VA_ARGS__);     \
+           fflush(stdout);          \
+       } while (0)
+    #else
+    #define SIM_PRINTF(...) do {} while (0)
+#endif
+
 extern struct keystore_slot PubKeys[];
 
 void main(void)
@@ -37,6 +57,8 @@ void main(void)
     uint32_t tot_len;
 
     hal_init();
+    SIM_PRINTF("[primer] hal_init() done\n");
+    SIM_PRINTF("[primer] detected %d public key(s)\n", n_keys);
 
     memcpy(hdr.keystore_hdr_magic, KEYSTORE_HDR_MAGIC, 8);
     hdr.item_count = n_keys;
@@ -45,13 +67,20 @@ void main(void)
 
     /* Sanity check to avoid writing an empty keystore */
     if (n_keys < 1) {
+#ifdef TARGET_sim
+        SIM_PRINTF("Error: too few keys (%d), refusing to write\n", n_keys);
+        exit(1);
+#else
         while(1)
             ;
+        /* no exit */
+#endif
     }
 
     /* Write the header to the beginning of the OTP memory */
     hal_flash_otp_write(FLASH_OTP_BASE, (uint16_t *)&hdr, sizeof(hdr));
-
+    SIM_PRINTF("[primer] wrote OTP header at 0x%08lX (size %lu)\n",
+                (unsigned long)FLASH_OTP_BASE, (unsigned long)sizeof(hdr));
     for (i = 0; i < n_keys; i++) {
         /* Write each public key to its slot in OTP */
         hal_flash_otp_write(FLASH_OTP_BASE +
@@ -67,8 +96,13 @@ void main(void)
 #endif
     (void)tot_len;
 
+#ifdef TARGET_sim
+    SIM_PRINTF("Done!\n");
+    exit(0);
+#else
     /* Done! */
     while(1)
         ;
-
+    /* no exit */
+#endif
 }