Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x86 Stage1: add verification of components #330

Merged
merged 21 commits into from
Aug 10, 2023
Merged

x86 Stage1: add verification of components #330

merged 21 commits into from
Aug 10, 2023

Conversation

danielinux
Copy link
Member

@danielinux danielinux commented Jul 27, 2023
edited
Loading

Verify FSP images + configuration at startup.

  • added wolfboot API "as library" to stage1
  • load FSP_M and FSP_S to RAM. Rebase FSP builds to run from RAM locations
  • sign FSP images after build
  • verify FSP_M and FSP_S images before invoking FSP APIs
  • sign & verify second stage wolfBoot image

@danielinux danielinux marked this pull request as ready for review August 1, 2023 10:33
@danielinux danielinux requested a review from rizlik August 1, 2023 10:33
@danielinux
Copy link
Member Author

@rizlik please test on TGL before merging

rizlik
rizlik requested changes Aug 3, 2023
View reviewed changes
src/boot_x86_fsp.c Outdated Show resolved Hide resolved
hal/x86_fsp_tgl_loader.c Outdated Show resolved Hide resolved
stage1/x86_fsp.mk Outdated Show resolved Hide resolved
stage1/x86_fsp.mk Outdated Show resolved Hide resolved
hal/x86_fsp_tgl_stage1.ld.in Outdated Show resolved Hide resolved
hal/x86_fsp_tgl_stage1.ld.in Show resolved Hide resolved
src/boot_x86_fsp.c Outdated Show resolved Hide resolved
hal/x86_fsp_tgl_stage1.ld.in Outdated Show resolved Hide resolved
src/boot_x86_fsp.c Show resolved Hide resolved
config/examples/kontron_vx3060_s2.config Outdated Show resolved Hide resolved
rizlik
rizlik previously approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@rizlik rizlik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

great work!
Tested successfully on TGL

@rizlik rizlik removed their assignment Aug 10, 2023
dgarske
dgarske requested changes Aug 10, 2023
View reviewed changes
hal/kontron_vx3060_s2_loader.c Outdated Show resolved Hide resolved
src/image.c
@@ -959,6 +959,10 @@ int wolfBoot_verify_integrity(struct wolfBoot_image *img)
{
uint8_t *stored_sha;
uint16_t stored_sha_len;
#ifdef STAGE1_AUTH
/* Override global */
uint8_t digest[WOLFBOOT_SHA_DIGEST_SIZE];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't there already a global with this name? The comment makes it clear you want to use the local here. Can you think of a better way to do this?

@dgarske dgarske assigned danielinux and unassigned dgarske Aug 10, 2023
dgarske
dgarske approved these changes Aug 10, 2023
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving and merging. The digest global override is fine for now...

@dgarske dgarske assigned dgarske and unassigned danielinux Aug 10, 2023
@dgarske dgarske merged commit db032d1 into wolfSSL:master Aug 10, 2023
42 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

@rizlik rizlik rizlik left review comments

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danielinux @dgarske @rizlik