From 52950500717127efce9aced324e4304be79a9a37 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 19 Jul 2024 09:31:16 +0200 Subject: [PATCH 1/6] Updated submodules (wolfSSL 5.7.2) --- lib/wolfPKCS11 | 2 +- lib/wolfTPM | 2 +- lib/wolfssl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/wolfPKCS11 b/lib/wolfPKCS11 index b94a98742..a1ddeba8a 160000 --- a/lib/wolfPKCS11 +++ b/lib/wolfPKCS11 @@ -1 +1 @@ -Subproject commit b94a9874204274a0d33c6f8d4b26a18c2bc3b8c0 +Subproject commit a1ddeba8ae03eb5d177dc17b0300af27c6cdb693 diff --git a/lib/wolfTPM b/lib/wolfTPM index 6a5316f17..fb7e321ac 160000 --- a/lib/wolfTPM +++ b/lib/wolfTPM @@ -1 +1 @@ -Subproject commit 6a5316f17f861d43d4cfb4a9bd61f1729904ab4d +Subproject commit fb7e321ac0f5c4a29cea273ed84c9ef60b6c0a4d diff --git a/lib/wolfssl b/lib/wolfssl index 33817747c..00e42151c 160000 --- a/lib/wolfssl +++ b/lib/wolfssl @@ -1 +1 @@ -Subproject commit 33817747c4ac071da06bb4b473a0128e9a6812d6 +Subproject commit 00e42151ca061463ba6a95adb2290f678cbca472 From eb57d0a100b0e3a6a7146e64d75950b62bccbbd8 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 19 Jul 2024 09:44:09 +0200 Subject: [PATCH 2/6] Update compiler used for footprint tests --- .github/workflows/footprint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/footprint.yml b/.github/workflows/footprint.yml index b489fdcee..333377fc8 100644 --- a/.github/workflows/footprint.yml +++ b/.github/workflows/footprint.yml @@ -8,7 +8,7 @@ on: jobs: footprint_test: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v2 From c748f4c8097d84188b641d637fc3975e8e329745 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 19 Jul 2024 10:02:50 +0200 Subject: [PATCH 3/6] Updated footprint test limits - Optimized test (don't rebuild keytools / regenerate keys if testing the same algo) - Updated two overshot limits - Reduced limits due to compiler change - Added footprint test for LMS and XMSS --- tools/test.mk | 40 ++++++++++++++++++++++++---------------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/tools/test.mk b/tools/test.mk index 043fe7532..ffb1f2ecd 100644 --- a/tools/test.mk +++ b/tools/test.mk @@ -983,29 +983,37 @@ test-all: clean test-size-all: - make test-size SIGN=NONE LIMIT=4913 + make test-size SIGN=NONE LIMIT=4816 make keysclean - make test-size SIGN=ED25519 LIMIT=11529 + make test-size SIGN=ED25519 LIMIT=11396 make keysclean - make test-size SIGN=ECC256 LIMIT=17857 + make test-size SIGN=ECC256 LIMIT=17936 + make clean + make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13480 make keysclean - make test-size SIGN=ECC256 NO_ASM=1 LIMIT=13593 + make test-size SIGN=RSA2048 LIMIT=11124 + make clean + make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11696 make keysclean - make test-size SIGN=RSA2048 LIMIT=11217 + make test-size SIGN=RSA4096 LIMIT=11408 + make clean + make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=11984 make keysclean - make test-size SIGN=RSA2048 NO_ASM=1 LIMIT=11797 + make test-size SIGN=ECC384 LIMIT=17504 + make clean + make test-size SIGN=ECC384 NO_ASM=1 LIMIT=14872 make keysclean - make test-size SIGN=RSA4096 LIMIT=11497 + make test-size SIGN=ED448 LIMIT=13408 make keysclean - make test-size SIGN=RSA4096 NO_ASM=1 LIMIT=12093 + make test-size SIGN=RSA3072 LIMIT=11264 + make clean + make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11804 make keysclean - make test-size SIGN=ECC384 LIMIT=17309 + make test-size SIGN=LMS LMS_LEVELS=2 LMS_HEIGHT=5 LMS_WINTERNITZ=8 \ + WOLFBOOT_SMALL_STACK=0 IMAGE_SIGNATURE_SIZE=2644 \ + IMAGE_HEADER_SIZE?=5288 LIMIT=7424 make keysclean - make test-size SIGN=ECC384 NO_ASM=1 LIMIT=15013 - make keysclean - make test-size SIGN=ED448 LIMIT=13645 - make keysclean - make test-size SIGN=RSA3072 LIMIT=11353 - make keysclean - make test-size SIGN=RSA3072 NO_ASM=1 LIMIT=11905 + make test-size SIGN=XMSS XMSS_PARAMS='XMSS-SHA2_10_256' \ + IMAGE_SIGNATURE_SIZE=2500 IMAGE_HEADER_SIZE?=4096 \ + LIMIT=8220 make keysclean From 04a6ec66a6afa3d26c8589935aea5a725c427660 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 19 Jul 2024 10:10:12 +0200 Subject: [PATCH 4/6] Fix ferror(NULL) in xmss_common.h --- tools/xmss/xmss_common.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tools/xmss/xmss_common.h b/tools/xmss/xmss_common.h index f599091f3..5c31ea020 100644 --- a/tools/xmss/xmss_common.h +++ b/tools/xmss/xmss_common.h @@ -48,8 +48,7 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co /* Create the file if it didn't exist. */ file = fopen(filename, "w+"); if (!file) { - fprintf(stderr, "error: fopen(%s, \"w+\") failed: %d\n", filename, - ferror(file)); + fprintf(stderr, "error: fopen(%s, \"w+\") failed.\n", filename); return WC_XMSS_RC_WRITE_FAIL; } } @@ -72,8 +71,7 @@ static enum wc_XmssRc xmss_write_key(const byte * priv, word32 privSz, void * co * storage correctly. */ file = fopen(filename, "r+"); if (!file) { - fprintf(stderr, "error: fopen(%s, \"r+\") failed: %d\n", filename, - ferror(file)); + fprintf(stderr, "error: fopen(%s, \"r+\") failed.\n", filename); return WC_XMSS_RC_WRITE_FAIL; } From 421bd83913d46c730571a1cb9ec6ead46f8a3a86 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 19 Jul 2024 12:53:41 +0200 Subject: [PATCH 5/6] Update wolfBoot version to 2.2.0 --- include/wolfboot/version.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/wolfboot/version.h b/include/wolfboot/version.h index b9252a34a..61391c7a0 100644 --- a/include/wolfboot/version.h +++ b/include/wolfboot/version.h @@ -29,8 +29,8 @@ extern "C" { #endif -#define LIBWOLFBOOT_VERSION_STRING "2.1.0" -#define LIBWOLFBOOT_VERSION_HEX 0x02010000 +#define LIBWOLFBOOT_VERSION_STRING "2.2.0" +#define LIBWOLFBOOT_VERSION_HEX 0x02020000 #ifndef WOLFBOOT_VERSION #define WOLFBOOT_VERSION LIBWOLFBOOT_VERSION_HEX From 51fe05cf9c41f18ec6be46ca664d17b45aacaba3 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Mon, 22 Jul 2024 12:56:16 +0200 Subject: [PATCH 6/6] v 2.2.0: Added to ChangeLog in README.md --- README.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/README.md b/README.md index f3c00a9a7..4345fa7e7 100644 --- a/README.md +++ b/README.md @@ -588,3 +588,37 @@ Use `make keysclean` to delete keys and regenerate. * wolfSSL v5.7.0 * wolfPKCS11 v1.3.0 * wolfTPM v3.2.0 + +### V 2.2.0 - (2024-07-22) + * New hardware targets + * Add STM32H5 port with support for Dual-bank, OTP, TrustZone-M + * Add native support for Renesas RX family, using gcc toolchain + * Improvements to supported targets + * NXP i.MX-RT: + * New flash geometry configurations + * Support for LPUART4 + * Add port for RT1061 + * Disable DCACHE upon flash access + * Support for building with HAB + * STM32: + * Refactoring of TrustZone-M support + * OTP driver for STM32H5/H7 + * Full firmware update demo on STM32H5 + * Add support for QSPI in STM32U5 + * Renesas RZ: + * Add support for RSIP + * x86-64 (FSP): + * Improve x86-64 specific code, add features + * Clean-up and re-arrange scripts for qemu demo + * Post-quantum crypto + * LMS and XMSS support now using native wolfCrypt implementation + * Tools improvements + * Keystore: now supports .der ECC key via `--der` + * Add `otp_primer` firmware, to provision keystores in OTP + * Add `otp_gen` tool to provide a pre-assembled keystore to flash into OTP + * Bug fixes + * Fix regression in x86-EFI builds + * Fix setting `VTOR_NS` when staging a non-secure app/os from TrustZone + * Fix delta updates: patches with invalid base versions were not discarded + * Fix potential array bound overflow in `NVM_FLASH_WRITEONCE` mode + * Fix dereferencing type-punned pointer in flash update