Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for custom TLVs in manifest header #412

Merged
merged 4 commits into from
Feb 29, 2024
Merged

Added support for custom TLVs in manifest header #412

merged 4 commits into from
Feb 29, 2024

Conversation

danielinux
Copy link
Member

@danielinux danielinux commented Feb 28, 2024
edited
Loading

Added support in sign.c for custom TLVs in the manifest header. Numeric values are supported (valid len: 1, 2, 4 or 8).
[edit: custom length buffers are also supported via --custom-tlv-buffer]

The numbers are stored in little-endian format (according to the current format of the other fields). The TLVs are part of the signed image, so their value is secured against modifications.

The custom fields stored in the TLV can be retrieved at runtime in wolfboot by using wolfBoot_find_header().
Documentation is updated accordingly.

@danielinux danielinux requested a review from dgarske February 28, 2024 19:07
dgarske
dgarske requested changes Feb 29, 2024
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice work! Just a couple minor items.

tools/keytools/sign.c Outdated
tag = (uint16_t)arg2num(argv[i + 1], 2);
len = (uint16_t)arg2num(argv[i + 2], 2);

if ((tag < 0x0030) || (tag > 0xFEFE)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: This still allows a tag of 0xFF which is not valid (HDR_PADDING).

docs/firmware_image.md
This example adds a custom field when the signing tool is used to sign the firmware image:

```bash
./tools/keytools/sign --ed25519 --custom-tlv 0x34 4 0xAABBCCDD test-app/image.bin wolfboot_signing_private_key.der 4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we add this test to one of the GitHub action tests?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done!

@danielinux danielinux removed their assignment Feb 29, 2024
@danielinux danielinux requested a review from dgarske February 29, 2024 16:22
dgarske
dgarske approved these changes Feb 29, 2024
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for adding this feature! Excellent work.

@dgarske dgarske merged commit dff83a8 into wolfSSL:master Feb 29, 2024
79 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgarske dgarske dgarske approved these changes

Assignees

@dgarske dgarske

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@danielinux @dgarske