diff --git a/arch.mk b/arch.mk index 48c7740984..62fc409f03 100644 --- a/arch.mk +++ b/arch.mk @@ -243,6 +243,10 @@ ifeq ($(ARCH),ARM) LSCRIPT_IN=hal/$(TARGET)-ns.ld endif SPI_TARGET=stm32 + ifneq ($(DEBUG),0) + CFLAGS+=-DPKCS11_SMALL + endif + endif ifeq ($(TARGET),rp2350) diff --git a/hal/stm32_tz.c b/hal/stm32_tz.c index ff6cd5a9eb..0ffcfb2bde 100644 --- a/hal/stm32_tz.c +++ b/hal/stm32_tz.c @@ -294,7 +294,7 @@ void hal_tz_sau_init(void) sau_init_region(1, WOLFBOOT_PARTITION_BOOT_ADDRESS, FLASH_BANK2_BASE - 1, 0); /* Secure: application flash area (second bank) */ - sau_init_region(2, WOLFBOOT_PARTITION_UPDATE_ADDRESS, FLASH_TOP -1, 0); + sau_init_region(2, WOLFBOOT_PARTITION_UPDATE_ADDRESS, FLASH_TOP, 0); /* Secure RAM regions in SRAM1/SRAM2 */ sau_init_region(3, 0x30000000, 0x3004FFFF, 1); diff --git a/hal/stm32h5.c b/hal/stm32h5.c index 14e0f5d6e7..499bb17d8b 100644 --- a/hal/stm32h5.c +++ b/hal/stm32h5.c @@ -25,24 +25,23 @@ #include "hal.h" #include "hal/stm32h5.h" +#include "hal/armv8m_tz.h" #define PLL_SRC_HSE 1 #if TZ_SECURE() + +/* This function assumes that the boot and the update + * partitions are at the same address in the two banks, + * regardless wheather DUALBANK_SWAP is active or not. + */ static int is_flash_nonsecure(uint32_t address) { uint32_t in_bank_offset = address & 0x000FFFFF; -#ifdef DUALBANK_SWAP if (in_bank_offset >= (WOLFBOOT_PARTITION_BOOT_ADDRESS - FLASHMEM_ADDRESS_SPACE)) return 1; else return 0; -#else - if (address >= WOLFBOOT_PARTITION_BOOT_ADDRESS) - return 1; - else - return 0; -#endif } #endif @@ -101,11 +100,9 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len) dst = (uint32_t *)address; #if (TZ_SECURE()) + dst = (uint32_t *)(address | FLASH_SECURE_MMAP_BASE); if (is_flash_nonsecure(address)) { hal_tz_claim_nonsecure_area(address, len); - } else if (((uint32_t)dst & 0x0F000000) == 0x08000000) { - /* Convert into secure address space */ - dst = (uint32_t *)((address & (~FLASHMEM_ADDRESS_SPACE)) | FLASH_SECURE_MMAP_BASE); } #endif while (i < len) { @@ -124,6 +121,7 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len) FLASH_SR |= FLASH_SR_EOP; FLASH_CR &= ~FLASH_CR_PG; i+=8; + DSB(); } #if (TZ_SECURE()) if (is_flash_nonsecure(address)) { @@ -201,7 +199,6 @@ int RAMFUNCTION hal_flash_erase(uint32_t address, int len) base = FLASH_BANK2_BASE; bnksel = 1; } - #if TZ_SECURE() /* When in secure mode, skip erasing non-secure pages: will be erased upon claim */ if (is_flash_nonsecure(address)) { diff --git a/hal/stm32h5.ld b/hal/stm32h5.ld index 447fe10d3a..dca4119bb9 100644 --- a/hal/stm32h5.ld +++ b/hal/stm32h5.ld @@ -1,10 +1,10 @@ MEMORY { - FLASH (rx) : ORIGIN = @WOLFBOOT_ORIGIN@, LENGTH = @BOOTLOADER_PARTITION_SIZE@ - 0x20000 - RAM (rwx) : ORIGIN = 0x30000000, LENGTH = 0x30000 + FLASH (rx) : ORIGIN = @WOLFBOOT_ORIGIN@, LENGTH = @BOOTLOADER_PARTITION_SIZE@ - 0x1C000 + RAM (rwx) : ORIGIN = 0x30000000, LENGTH = 0x20000 RAM_KV (rw): ORIGIN = 0x30020000, LENGTH = 0x10000 RAM_HEAP (rw): ORIGIN = 0x30030000, LENGTH = 0x10000 /* 64KB Heap for wolfcrypt/PKCS11 */ - FLASH_KEYVAULT(rw): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x20000, LENGTH = 0x18000 + FLASH_KEYVAULT(rw): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x24000, LENGTH = 0x14000 FLASH_NSC(rx): ORIGIN = @WOLFBOOT_ORIGIN@ + 0x38000, LENGTH = 0x8000 } @@ -14,8 +14,8 @@ SECTIONS { _start_text = .; KEEP(*(.isr_vector)) - *(.text*) - *(.rodata*) + *(.text*) + *(.rodata*) . = ALIGN(8); _end_text = .; } > FLASH diff --git a/options.mk b/options.mk index cec95d8700..1ffd073a88 100644 --- a/options.mk +++ b/options.mk @@ -769,6 +769,9 @@ ifeq ($(RAM_CODE),1) LSCRIPT_IN=hal/$(TARGET)_chacha_ram.ld endif endif + ifeq ($(ARCH),ARM) + CFLAGS+=-mlong-calls + endif endif # Support external encryption cache diff --git a/src/update_flash.c b/src/update_flash.c index 5ea4baf23d..ef5d8dc7af 100644 --- a/src/update_flash.c +++ b/src/update_flash.c @@ -102,7 +102,7 @@ static void RAMFUNCTION wolfBoot_self_update(struct wolfBoot_image *src) arch_reboot(); } -void wolfBoot_check_self_update(void) +void RAMFUNCTION wolfBoot_check_self_update(void) { uint8_t st; struct wolfBoot_image update; @@ -237,7 +237,7 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, * new swap * @return 0 on success, negative value if no swap needed or on error */ -static int wolfBoot_swap_and_final_erase(int resume) +static int RAMFUNCTION wolfBoot_swap_and_final_erase(int resume) { struct wolfBoot_image boot[1]; struct wolfBoot_image update[1]; diff --git a/test-app/Makefile b/test-app/Makefile index 4e4acab52c..acab9ca938 100644 --- a/test-app/Makefile +++ b/test-app/Makefile @@ -184,15 +184,16 @@ ifeq ($(TARGET),stm32h5) APP_OBJS+=wcs/wolfcrypt_secure.o ifeq ($(WOLFCRYPT_TZ),1) APP_OBJS+=../lib/wolfssl/wolfcrypt/src/logging.o - APP_OBJS+=../lib/wolfssl/wolfcrypt/benchmark/benchmark.o APP_OBJS+=../lib/wolfssl/wolfcrypt/test/test.o + APP_OBJS+=../lib/wolfssl/wolfcrypt/benchmark/benchmark.o endif else LSCRIPT_TEMPLATE=ARM-stm32h5.ld endif CFLAGS+=-DAPP_HAS_SYSTICK - CFLAGS+=-DRAMFUNCTION='__attribute__((used,section(".ramcode")))' + CFLAGS+=-DRAMFUNCTION='__attribute__((used,section(".ramcode"),long_call))' CFLAGS+=-mcpu=cortex-m33 -ffunction-sections -fdata-sections -fno-common + CFLAGS+=-mlong-calls LDFLAGS+=-mcpu=cortex-m33 LDFLAGS+=-Wl,-gc-sections -Wl,-Map=image.map CFLAGS+=-I.. diff --git a/test-app/wcs/user_settings.h b/test-app/wcs/user_settings.h index 9d2799fdbf..fb85bf6f86 100644 --- a/test-app/wcs/user_settings.h +++ b/test-app/wcs/user_settings.h @@ -143,5 +143,7 @@ extern int tolower(int c); #define WOLFSSL_SP_NO_DYN_STACK +struct timespec; +int clock_gettime (unsigned long clock_id, struct timespec *tp); #endif /* !H_USER_SETTINGS_ */ diff --git a/tools/bin-assemble/Makefile b/tools/bin-assemble/Makefile index 2fda41577d..8407c7c205 100644 --- a/tools/bin-assemble/Makefile +++ b/tools/bin-assemble/Makefile @@ -3,7 +3,7 @@ -include ../../options.mk CC=gcc -CFLAGS+=-Wall -g -ggdb +CFLAGS=-Wall -g -ggdb EXE=bin-assemble LIBS=