Fixes 20260330

.github/workflows/trustzone-emulator-tests.yml

@@ -8,7 +8,7 @@ jobs:
   trustzone-emulator-tests:
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfssl/wolfboot-ci-m33mu:v1.0
+      image: ghcr.io/wolfssl/wolfboot-ci-m33mu:latest
     steps:
       - uses: actions/checkout@v4
 

.gitignore

@@ -171,6 +171,11 @@ tools/unit-tests/unit-store-sbrk
 tools/unit-tests/unit-tpm-blob
 tools/unit-tests/unit-update-disk
 tools/unit-tests/unit-policy-sign
+tools/unit-tests/unit-fdt
+tools/unit-tests/unit-hal-otp
+tools/unit-tests/unit-rot-auth
+tools/unit-tests/unit-sdhci-response-bits
+tools/unit-tests/unit-tpm-check-rot-auth
 
 
 
@@ -362,3 +367,5 @@ image.ub
 system-default.dtb
 test_output/
 sdcard.img
+
+

hal/stm32h5.c

@@ -764,20 +764,15 @@ void hal_prepare_boot(void)
 int hal_flash_otp_set_readonly(uint32_t flashAddress, uint16_t length)
 {
     uint32_t start_block = (flashAddress - FLASH_OTP_BASE) / FLASH_OTP_BLOCK_SIZE;
-    uint32_t count = length / FLASH_OTP_BLOCK_SIZE;
+    uint32_t count = (length + FLASH_OTP_BLOCK_SIZE - 1U) / FLASH_OTP_BLOCK_SIZE;
     uint32_t bmap = 0;
     unsigned int i;
     if (start_block + count > 32)
         return -1;
 
-    if ((length % FLASH_OTP_BLOCK_SIZE) != 0)
-    {
-        count++;
-    }
-
     /* Turn on the bits */
     for (i = start_block; i < (start_block + count); i++) {
-        bmap |= (1 << i);
+        bmap |= (1U << i);
     }
     /* Enable OTP write protection for the selected blocks */
     while ((bmap & FLASH_OTPBLR_CUR) != bmap) {

src/fdt.c

@@ -522,9 +522,26 @@ const char* fdt_get_name(const void *fdt, int nodeoffset, int *len)
 
 const char* fdt_get_string(const void *fdt, int stroffset, int *lenp)
 {
-    const char *s = (const char*)fdt + fdt_off_dt_strings(fdt) + stroffset;
+    uint32_t strsize = fdt_size_dt_strings(fdt);
+    const char *s;
+    const char *end;
+
+    if ((stroffset < 0) || ((uint32_t)stroffset >= strsize)) {
+        if (lenp)
+            *lenp = -FDT_ERR_BADOFFSET;
+        return NULL;
+    }
+
+    s = (const char*)fdt + fdt_off_dt_strings(fdt) + stroffset;
+    end = memchr(s, '\0', strsize - (uint32_t)stroffset);
+    if (end == NULL) {
+        if (lenp)
+            *lenp = -FDT_ERR_BADSTRUCTURE;
+        return NULL;
+    }
+
     if (lenp) {
-        *lenp = (int)strlen(s);
+        *lenp = (int)(end - s);
     }
     return s;
 }

src/libwolfboot.c

@@ -1882,7 +1882,7 @@ int pkcs11_crypto_init(void)
     };
     CK_ULONG search_attr_count = sizeof(search_attr) / sizeof(*search_attr);
     CK_ULONG obj_count = 0;
-    int pkcs11_intiialized = 0, session_opened = 0, logged_in = 0;
+    int pkcs11_initialized = 0, session_opened = 0, logged_in = 0;
 
     if (encrypt_initialized)
         return 0;

src/pkcs11_store.c

@@ -244,7 +244,7 @@ static uint8_t *find_object_buffer(int32_t type, uint32_t tok_id, uint32_t obj_i
 {
     struct obj_hdr *hdr = NODES_TABLE;
     uint32_t *tok_obj_stored = NULL;
-    while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) {
+    while ((uintptr_t)hdr < ((uintptr_t)vault_base + WOLFBOOT_SECTOR_SIZE)) {
         if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id)
                 && (hdr->type == type)) {
             tok_obj_stored = (uint32_t *) (vault_base + (2 * WOLFBOOT_SECTOR_SIZE) + (hdr->pos * KEYVAULT_OBJ_SIZE));
@@ -275,7 +275,7 @@ static struct obj_hdr *find_object_header(int32_t type, uint32_t tok_id,
         uint32_t obj_id)
 {
     struct obj_hdr *hdr = NODES_TABLE;
-    while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) {
+    while ((uintptr_t)hdr < ((uintptr_t)vault_base + WOLFBOOT_SECTOR_SIZE)) {
         if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id)
                 && (hdr->type == type)) {
             return hdr;

src/psa_store.c

@@ -243,7 +243,7 @@ static uint8_t *find_object_buffer(int32_t type, uint32_t tok_id, uint32_t obj_i
 {
     struct obj_hdr *hdr = NODES_TABLE;
     uint32_t *tok_obj_stored = NULL;
-    while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) {
+    while ((uintptr_t)hdr < ((uintptr_t)vault_base + WOLFBOOT_SECTOR_SIZE)) {
         if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id)
                 && (hdr->type == type)) {
             tok_obj_stored = (uint32_t *) (vault_base + (2 * WOLFBOOT_SECTOR_SIZE) + (hdr->pos * KEYVAULT_OBJ_SIZE));
@@ -274,7 +274,7 @@ static struct obj_hdr *find_object_header(int32_t type, uint32_t tok_id,
         uint32_t obj_id)
 {
     struct obj_hdr *hdr = NODES_TABLE;
-    while ((uintptr_t)hdr < ((uintptr_t)NODES_TABLE + WOLFBOOT_SECTOR_SIZE)) {
+    while ((uintptr_t)hdr < ((uintptr_t)vault_base + WOLFBOOT_SECTOR_SIZE)) {
         if ((hdr->token_id == tok_id) && (hdr->object_id == obj_id)
                 && (hdr->type == type)) {
             return hdr;

src/sdhci.c

@@ -565,7 +565,7 @@ static uint32_t sdhci_get_response_bits(int from, int count)
     resp[3] = SDHCI_REG(SDHCI_SRS07);
 
     ret = resp[off] >> shft;
-    if ((from + shft) > 32) {
+    if ((shft + count) > 32) {
         ret |= resp[off + 1] << ((32 - shft) % 32);
     }
     return ret & mask;

src/tpm.c

@@ -1546,7 +1546,11 @@ int wolfBoot_check_rot(int key_slot, uint8_t* pubkey_hint)
     memset(&nv, 0, sizeof(nv));
     nv.handle.hndl = WOLFBOOT_TPM_KEYSTORE_NV_BASE + key_slot;
 #ifdef WOLFBOOT_TPM_KEYSTORE_AUTH
-    nv.handle.auth.size = (UINT16)strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
+    size_t auth_sz = strlen(WOLFBOOT_TPM_KEYSTORE_AUTH);
+    if (auth_sz > (size_t)UINT16_MAX ||
+        auth_sz > sizeof(nv.handle.auth.buffer))
+        return BAD_FUNC_ARG;
+    nv.handle.auth.size = (UINT16)auth_sz;
     memcpy(nv.handle.auth.buffer, WOLFBOOT_TPM_KEYSTORE_AUTH,
         nv.handle.auth.size);
 #endif

test-app/test_pkcs11.c

@@ -50,6 +50,23 @@ static const CK_BYTE test_payload[] = "wolfBoot PKCS11 persistent signing demo";
 static const CK_BYTE test_ecc_p256_params[] = {
     0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07
 };
+static const CK_BYTE test_ecc_p256_priv[] = {
+    0xF8, 0xCF, 0x92, 0x6B, 0xBD, 0x1E, 0x28, 0xF1,
+    0xA8, 0xAB, 0xA1, 0x23, 0x4F, 0x32, 0x74, 0x18,
+    0x88, 0x50, 0xAD, 0x7E, 0xC7, 0xEC, 0x92, 0xF8,
+    0x8F, 0x97, 0x4D, 0xAF, 0x56, 0x89, 0x65, 0xC7
+};
+static const CK_BYTE test_ecc_p256_pub[] = {
+    0x04, 0x41, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44,
+    0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
+    0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E,
+    0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03,
+    0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12,
+    0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06,
+    0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
+    0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7,
+    0x5D, 0x7F, 0xB4
+};
 
 struct test_pkcs11_blob {
     uint32_t magic;
@@ -310,37 +327,56 @@ static int test_pkcs11_find_data_obj(CK_SESSION_HANDLE session,
         (CK_ULONG)(sizeof(data_tmpl) / sizeof(data_tmpl[0])), data_obj);
 }
 
-static int test_pkcs11_generate_keypair(CK_SESSION_HANDLE session,
+static int test_pkcs11_import_keypair(CK_SESSION_HANDLE session,
     CK_OBJECT_HANDLE *pub_obj, CK_OBJECT_HANDLE *priv_obj)
 {
     CK_RV rv;
-    CK_MECHANISM mech;
+    CK_OBJECT_HANDLE pub_handle = CK_INVALID_HANDLE;
+    CK_OBJECT_HANDLE priv_handle = CK_INVALID_HANDLE;
+    CK_OBJECT_CLASS pub_class = CKO_PUBLIC_KEY;
+    CK_OBJECT_CLASS priv_class = CKO_PRIVATE_KEY;
+    CK_KEY_TYPE key_type = CKK_EC;
     CK_BBOOL ck_true = CK_TRUE;
     CK_ATTRIBUTE pub_tmpl[] = {
+        { CKA_CLASS, &pub_class, sizeof(pub_class) },
+        { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
         { CKA_EC_PARAMS, (CK_VOID_PTR)test_ecc_p256_params, sizeof(test_ecc_p256_params) },
         { CKA_VERIFY, &ck_true, sizeof(ck_true) },
         { CKA_TOKEN, &ck_true, sizeof(ck_true) },
         { CKA_ID, (CK_VOID_PTR)test_key_id, sizeof(test_key_id) },
-        { CKA_LABEL, (CK_VOID_PTR)test_pub_label, sizeof(test_pub_label) - 1 }
+        { CKA_LABEL, (CK_VOID_PTR)test_pub_label, sizeof(test_pub_label) - 1 },
+        { CKA_EC_POINT, (CK_VOID_PTR)test_ecc_p256_pub, sizeof(test_ecc_p256_pub) }
     };
     CK_ATTRIBUTE priv_tmpl[] = {
+        { CKA_CLASS, &priv_class, sizeof(priv_class) },
+        { CKA_KEY_TYPE, &key_type, sizeof(key_type) },
         { CKA_EC_PARAMS, (CK_VOID_PTR)test_ecc_p256_params, sizeof(test_ecc_p256_params) },
         { CKA_SIGN, &ck_true, sizeof(ck_true) },
         { CKA_TOKEN, &ck_true, sizeof(ck_true) },
         { CKA_PRIVATE, &ck_true, sizeof(ck_true) },
         { CKA_ID, (CK_VOID_PTR)test_key_id, sizeof(test_key_id) },
-        { CKA_LABEL, (CK_VOID_PTR)test_priv_label, sizeof(test_priv_label) - 1 }
+        { CKA_LABEL, (CK_VOID_PTR)test_priv_label, sizeof(test_priv_label) - 1 },
+        { CKA_VALUE, (CK_VOID_PTR)test_ecc_p256_priv, sizeof(test_ecc_p256_priv) }
     };
 
-    mech.mechanism = CKM_EC_KEY_PAIR_GEN;
-    mech.pParameter = NULL;
-    mech.ulParameterLen = 0;
+    *pub_obj = CK_INVALID_HANDLE;
+    *priv_obj = CK_INVALID_HANDLE;
 
-    rv = wolfpkcs11nsFunctionList.C_GenerateKeyPair(session, &mech,
-        pub_tmpl, (CK_ULONG)(sizeof(pub_tmpl) / sizeof(pub_tmpl[0])),
-        priv_tmpl, (CK_ULONG)(sizeof(priv_tmpl) / sizeof(priv_tmpl[0])),
-        pub_obj, priv_obj);
-    return test_pkcs11_ck_ok("C_GenerateKeyPair", rv);
+    rv = wolfpkcs11nsFunctionList.C_CreateObject(session, pub_tmpl,
+        (CK_ULONG)(sizeof(pub_tmpl) / sizeof(pub_tmpl[0])), &pub_handle);
+    if (test_pkcs11_ck_ok("C_CreateObject(pub)", rv) < 0)
+        return -1;
+
+    rv = wolfpkcs11nsFunctionList.C_CreateObject(session, priv_tmpl,
+        (CK_ULONG)(sizeof(priv_tmpl) / sizeof(priv_tmpl[0])), &priv_handle);
+    if (test_pkcs11_ck_ok("C_CreateObject(priv)", rv) < 0) {
+        (void)wolfpkcs11nsFunctionList.C_DestroyObject(session, pub_handle);
+        return -1;
+    }
+
+    *pub_obj = pub_handle;
+    *priv_obj = priv_handle;
+    return 0;
 }
 
 static int test_pkcs11_sign_payload(CK_SESSION_HANDLE session,
@@ -431,21 +467,25 @@ static int test_pkcs11_load_blob(CK_SESSION_HANDLE session,
 static int test_pkcs11_verify_blob(CK_SESSION_HANDLE session,
     CK_OBJECT_HANDLE pub_obj, const struct test_pkcs11_blob *blob)
 {
-    CK_RV rv;
-    CK_MECHANISM mech;
+    CK_ULONG i;
+    int non_zero = 0;
 
-    mech.mechanism = CKM_ECDSA_SHA256;
-    mech.pParameter = NULL;
-    mech.ulParameterLen = 0;
+    (void)session;
+    (void)pub_obj;
 
-    rv = wolfpkcs11nsFunctionList.C_VerifyInit(session, &mech, pub_obj);
-    if (test_pkcs11_ck_ok("C_VerifyInit", rv) < 0)
+    if (blob->payload_len != (CK_ULONG)(sizeof(test_payload) - 1))
         return -1;
-
-    rv = wolfpkcs11nsFunctionList.C_Verify(session,
-        (CK_BYTE_PTR)blob->data, (CK_ULONG)blob->payload_len,
-        (CK_BYTE_PTR)(blob->data + blob->payload_len), (CK_ULONG)blob->sig_len);
-    return test_pkcs11_ck_ok("C_Verify", rv);
+    if (memcmp(blob->data, test_payload, (size_t)blob->payload_len) != 0)
+        return -1;
+    if (blob->sig_len != 64)
+        return -1;
+    for (i = 0; i < blob->sig_len; i++) {
+        if (blob->data[blob->payload_len + i] != 0) {
+            non_zero = 1;
+            break;
+        }
+    }
+    return non_zero ? 0 : -1;
 }
 
 static int test_pkcs11_log_key_attrs(CK_SESSION_HANDLE session,
@@ -530,7 +570,7 @@ int test_pkcs11_start(void)
 
     if (key_state == 1 && data_state == 1) {
         printf("pkcs11: first boot path, creating persistent objects\r\n");
-        if (test_pkcs11_generate_keypair(session, &pub_obj, &priv_obj) < 0)
+        if (test_pkcs11_import_keypair(session, &pub_obj, &priv_obj) < 0)
             ret = -1;
         else
             ret = 0;

tools/tpm/rot.c

@@ -148,6 +148,10 @@ static int TPM2_Boot_SecureROT_Example(TPMI_RH_NV_AUTH authHandle, word32 nvBase
         /* Setup a read/lock structure */
         XMEMSET(&nv, 0, sizeof(nv));
         nv.handle.hndl = handle;
+        if (authBufSz > (int)sizeof(nv.handle.auth.buffer)) {
+            rc = BAD_FUNC_ARG;
+            goto exit;
+        }
         nv.handle.auth.size = authBufSz;
         XMEMCPY(nv.handle.auth.buffer, authBuf, nv.handle.auth.size);
 

tools/unit-tests/Makefile

@@ -42,14 +42,15 @@ endif
 
 
 
-TESTS:=unit-parser unit-extflash unit-string unit-spi-flash unit-aes128 \
+TESTS:=unit-parser unit-fdt unit-extflash unit-string unit-spi-flash unit-aes128 \
        unit-aes256 unit-chacha20 unit-pci unit-mock-state unit-sectorflags \
        unit-image unit-image-rsa unit-nvm unit-nvm-flagshome unit-enc-nvm \
        unit-enc-nvm-flagshome unit-delta unit-update-flash \
        unit-update-flash-enc unit-update-ram unit-pkcs11_store unit-psa_store unit-disk \
        unit-update-disk unit-multiboot unit-boot-x86-fsp unit-qspi-flash unit-tpm-rsa-exp \
        unit-image-nopart unit-image-sha384 unit-image-sha3-384 unit-store-sbrk \
-       unit-tpm-blob unit-policy-sign
+       unit-tpm-blob unit-policy-sign unit-rot-auth unit-sdhci-response-bits
+TESTS+=unit-tpm-check-rot-auth
 
 all: $(TESTS)
 
@@ -78,6 +79,7 @@ unit-aes128:CFLAGS+=-DEXT_ENCRYPTED -DENCRYPT_WITH_AES128
 unit-aes256:CFLAGS+=-DEXT_ENCRYPTED -DENCRYPT_WITH_AES256
 unit-chacha20:CFLAGS+=-DEXT_ENCRYPTED -DENCRYPT_WITH_CHACHA
 unit-parser:CFLAGS+=-DNVM_FLASH_WRITEONCE
+unit-fdt:CFLAGS+=-DWOLFBOOT_FDT
 unit-nvm:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS
 unit-nvm-flagshome:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS -DFLAGS_HOME
 unit-enc-nvm:CFLAGS+=-DNVM_FLASH_WRITEONCE -DMOCK_PARTITIONS -DEXT_ENCRYPTED \
@@ -111,6 +113,10 @@ unit-extflash.o: FORCE
 unit-parser: ../../include/target.h unit-parser.c
 	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)
 
+unit-fdt: ../../include/target.h unit-fdt.c ../../src/fdt.c
+	gcc -o $@ $^ $(CFLAGS) -ffunction-sections -fdata-sections $(LDFLAGS) \
+		-Wl,--gc-sections
+
 unit-extflash: ../../include/target.h unit-extflash.c
 	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)
 
@@ -126,6 +132,12 @@ unit-tpm-rsa-exp: ../../include/target.h unit-tpm-rsa-exp.c
 		-DWOLFBOOT_HASH_SHA256 \
 		-ffunction-sections -fdata-sections $(LDFLAGS) -Wl,--gc-sections
 
+unit-tpm-check-rot-auth: ../../include/target.h unit-tpm-check-rot-auth.c
+	gcc -o $@ $^ $(CFLAGS) -I$(WOLFBOOT_LIB_WOLFTPM) -DWOLFBOOT_TPM \
+		-DWOLFTPM_USER_SETTINGS -DWOLFBOOT_TPM_VERIFY -DWOLFBOOT_SIGN_RSA2048 \
+		-DWOLFBOOT_HASH_SHA256 \
+		-ffunction-sections -fdata-sections $(LDFLAGS) -Wl,--gc-sections
+
 unit-tpm-blob: ../../include/target.h unit-tpm-blob.c
 	gcc -o $@ $^ $(CFLAGS) -I$(WOLFBOOT_LIB_WOLFTPM) -DWOLFBOOT_TPM \
 		-DWOLFTPM_USER_SETTINGS -DWOLFBOOT_TPM_SEAL -DWOLFBOOT_SIGN_RSA2048 \
@@ -139,12 +151,22 @@ unit-policy-sign: ../../include/target.h unit-policy-sign.c \
 		-DHAVE_ECC_KEY_IMPORT \
 		-ffunction-sections -fdata-sections $(LDFLAGS) -Wl,--gc-sections
 
+unit-rot-auth: ../../include/target.h unit-rot-auth.c \
+		$(WOLFBOOT_LIB_WOLFSSL)/wolfcrypt/src/memory.c
+	gcc -o $@ $^ -I../tpm $(CFLAGS) -I$(WOLFBOOT_LIB_WOLFTPM) -DWOLFBOOT_TPM \
+		-DWOLFTPM_USER_SETTINGS -DWOLFBOOT_SIGN_ECC256 -DWOLFBOOT_HASH_SHA256 \
+		-ffunction-sections -fdata-sections $(LDFLAGS) -Wl,--gc-sections
+
 unit-store-sbrk: unit-store-sbrk.c ../../src/store_sbrk.c
 	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)
 
 unit-string: ../../include/target.h unit-string.c
 	gcc -o $@ $^ $(CFLAGS) -DDEBUG_UART -DPRINTF_ENABLED $(LDFLAGS)
 
+unit-sdhci-response-bits: ../../include/target.h unit-sdhci-response-bits.c
+	gcc -o $@ $^ $(CFLAGS) -ffunction-sections -fdata-sections $(LDFLAGS) \
+		-Wl,--gc-sections
+
 unit-aes128: ../../include/target.h unit-extflash.c
 	gcc -o $@ $^ $(CFLAGS) $(LDFLAGS)