diff --git a/docs/Signing.md b/docs/Signing.md index cb84444ef..1d34480bf 100644 --- a/docs/Signing.md +++ b/docs/Signing.md @@ -182,7 +182,7 @@ Provides a PCR mask and digest to be signed and included in the header. The sign Provides a value to be set with a custom tag * `--custom-tlv tag len val`: Adds a TLV entry to the manifest header, corresponding - to the type identified by `tag`, with lenght `len` bytes, and assigns the value `val`. + to the type identified by `tag`, with length `len` bytes, and assigns the value `val`. Values can be decimal or hex numbers (prefixed by '0x'). The tag is a 16-bit number. Valid tags are in the range between 0x0030 and 0xFEFE. diff --git a/docs/firmware_image.md b/docs/firmware_image.md index c65ae77fe..fd2e7a793 100644 --- a/docs/firmware_image.md +++ b/docs/firmware_image.md @@ -9,7 +9,7 @@ application. This corresponds to the first partition in the flash memory. Multiple firmware images can be created this way, and stored in two different partitions. The bootloader will take care of moving the selected firmware to the first (BOOT) partition before chain-loading the image. -Due to the presence of an image header, the entry point of the application has a fixed additional offset +Due to the presence of an image header, the entry point of the application has a fixed additional offset of 256B from the beginning of the flash partition. ## Firmware image header @@ -26,7 +26,7 @@ chain-loading the firmware the interrupt continue to work properly after the boo ### Image header: Tags -The **image header** is prepended with a single 4-byte magic number, followed by a 4-byte field indicating the +The **image header** is prepended with a single 4-byte magic number, followed by a 4-byte field indicating the firmware image size (excluding the header). All numbers in the header are stored in Little-endian format. The two fixed fields are followed by one or more tags. Each TAG is structured as follows: @@ -46,7 +46,7 @@ Each **Type** has a different meaning, and integrate information about the firmw - A 'firmware signature' Tag (type: 0x0020, size: 64 Bytes) used to validate the signature stored with the firmware against a known public key - A 'firmware type' Tag (type: 0x0030, size: 2 Bytes) used to identify the type of firmware, and the authentication mechanism in use. -A 'public key hint digest' tag is transmitted in the header (type: 0x10, size:32 Bytes). This tag contains the SHA digest of the public key used +A 'public key hint digest' tag is transmitted in the header (type: 0x10, size:32 Bytes). This tag contains the SHA digest of the public key used by the signing tool. The bootloader may use this field to locate the correct public key in case of multiple keys available. wolfBoot will, in all cases, refuse to boot an image that cannot be verified and authenticated using the built-in digital signature authentication mechanism. @@ -77,17 +77,18 @@ The output image `test-app/image_v4_signed.bin` will contain the custom field wi From the bootloader code, we can then retrieve the value of the custom field using the `wolfBoot_find_header` function: ```c -uint32_t custom_code34_field; -const uint16_t custom_code34_field_size = 4; -const uint16_t custom_code34_tag = 0x34; -int size; - -size = wolfBoot_find_header(0x34, &custom_code34_field, sizeof(custom_code34_value)); -if (size != custom_code34_field_size) { +uint32_t value; +uint8_t* ptr = NULL; +uint16_t tlv = 0x34; +uint8_t* imageHdr = (uint8_t*)WOLFBOOT_PARTITION_BOOT_ADDRESS; /* WOLFBOOT_PARTITION_UPDATE_ADDRESS */ +uint16_t size = wolfBoot_find_header(imageHdr, tlv, &ptr); +if (size != sizeof(uint32_t) || ptr == NULL) { /* Error: the field is not present or has the wrong size */ } -/* From here, the value 0xAABBCCDD is stored in custom_code34_value */ +/* From here, the value 0xAABBCCDD is at ptr */ +memcpy(&value, ptr, size); +printf("TLV 0x%x=0x%x\n", tlv, value); ``` ### Image signing tool diff --git a/tools/keytools/sign.c b/tools/keytools/sign.c index c362871a1..41b51ff62 100644 --- a/tools/keytools/sign.c +++ b/tools/keytools/sign.c @@ -69,7 +69,9 @@ static inline int fp_truncate(FILE *f, size_t len) #define MAX_SRC_SIZE (1 << 24) +#ifndef MAX_CUSTOM_TLVS #define MAX_CUSTOM_TLVS (16) +#endif #include #include @@ -1082,11 +1084,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, if (CMD.custom_tlvs > 0) { uint32_t i; for (i = 0; i < CMD.custom_tlvs; i++) { - if (CMD.custom_tlv[i].len == 8) { - /* This field requires 8-byte alignment */ - while((header_idx % 8) != 4) - header_idx++; - } + /* require 8-byte alignment */ + while ((header_idx % 8) != 0) + header_idx++; + if (CMD.custom_tlv[i].buffer == NULL) { header_append_tag(header, &header_idx, CMD.custom_tlv[i].tag, CMD.custom_tlv[i].len, &CMD.custom_tlv[i].val); @@ -1095,13 +1096,10 @@ static int make_header_ex(int is_diff, uint8_t *pubkey, uint32_t pubkey_sz, CMD.custom_tlv[i].len, CMD.custom_tlv[i].buffer); } } - /* Align for next field */ - while ((header_idx % 4) != 0) - header_idx++; } /* Add padding bytes. Sha-3 val field requires 8-byte alignment */ - while ((header_idx % 8) != 4) + while ((header_idx % 8) != 0) header_idx++; /* Calculate hashes */