diff --git a/Makefile b/Makefile index 7a7006b38e..3fe8cf02d2 100644 --- a/Makefile +++ b/Makefile @@ -119,6 +119,17 @@ ifneq ($(USER_NVM_INIT),) NVM_CONFIG:=$(USER_NVM_INIT) endif +# Eliminates compilation and linkage of the built-in wolfBoot keystore +WOLFHSM_NO_KEYSTORE := +ifeq ($(WOLFHSM_CLIENT),1) + WOLFHSM_NO_KEYSTORE := 1 +endif +ifeq ($(WOLFHSM_SERVER),1) + ifneq ($(CERT_CHAIN_VERIFY),) + WOLFHSM_NO_KEYSTORE := 1 + endif +endif + ifeq ($(SIGN),NONE) PRIVATE_KEY= else @@ -139,6 +150,8 @@ else endif ifeq ($(FLASH_OTP_KEYSTORE),1) OBJS+=./src/flash_otp_keystore.o + else ifeq ($(WOLFHSM_NO_KEYSTORE),1) + CFLAGS+=-DWOLFBOOT_NO_KEYSTORE else OBJS+=./src/keystore.o endif @@ -548,7 +561,7 @@ wolfboot_stage1.bin: wolfboot.elf stage1/loader_stage1.bin $(Q) cp stage1/loader_stage1.bin wolfboot_stage1.bin wolfboot.elf: include/target.h $(LSCRIPT) $(OBJS) $(BINASSEMBLE) FORCE - $(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (grep -q $(SIGN_ALG) src/keystore.c) || \ + $(Q)(test $(SIGN) = NONE) || (test $(FLASH_OTP_KEYSTORE) = 1) || (test "$(WOLFHSM_NO_KEYSTORE)" = "1") || (grep -q $(SIGN_ALG) src/keystore.c) || \ (echo "Key mismatch: please run 'make keysclean' to remove all keys if you want to change algorithm" && false) @echo "\t[LD] $@" @echo $(OBJS) diff --git a/docs/wolfHSM.md b/docs/wolfHSM.md index 6bdc040cac..ed6f2a3997 100644 --- a/docs/wolfHSM.md +++ b/docs/wolfHSM.md @@ -74,16 +74,12 @@ This section describes the configuration options available for wolfHSM integrati This option enables wolfHSM client support in wolfBoot. Without defining this option, support for wolfHSM client mode is not compiled in. +In client mode, wolfBoot always uses HSM-resident public keys for firmware authentication; public keys are never baked into a local `keystore.c`. The key to verify against is referenced either by the reserved key ID defined in the HAL (`hsmKeyIdPubKey`), or, when certificate-chain verification (`WOLFBOOT_CERT_CHAIN_VERIFY`) is enabled, by the leaf key ID resolved from the verified chain. + ### `WOLFBOOT_ENABLE_WOLFHSM_SERVER` This option enables wolfHSM server support in wolfBoot. When defined, wolfBoot includes an embedded wolfHSM server that provides HSM functionality locally within the bootloader. This is mutually exclusive with `WOLFBOOT_ENABLE_WOLFHSM_CLIENT`. -### `WOLFBOOT_USE_WOLFHSM_PUBKEY_ID` - -This option enables use of the reserved wolfHSM public key ID for firmware authentication, and is typically the desired behavior for using wolfHSM. When this option is defined, wolfBoot will use the reserved wolfHSM keyId defined by the HAL (`hsmKeyIdPubKey`). This option is meant to be used in conjunction with the `--nolocalkeys` keygen option, as the key material in the keystore will not be used. - -If this option is not defined, cryptographic operations are still performed on the wolfHSM server, but wolfBoot assumes the key material is present in the keystore and NOT stored on the HSM. This means that wolfBoot will first load keys from the keystore, send the key material to the wolfHSM server at the time of use (cached as ephemeral keys), and finally evict the key from the HSM after usage. This behavior is typically only useful for debugging or testing scenarios, where the keys may not be pre-loaded onto the HSM. The keystore for use in this mode should not be generated with the `--nolocalkeys` option. - ## HAL Implementations In addition to the standard wolfBoot HAL functions, wolfHSM-enabled platforms must also implement or instantiate the following wolfHSM-specific items in the platform HAL: @@ -126,7 +122,7 @@ The wolfBoot simulator supports using wolfHSM with all algorithms mentioned in [ #### wolfHSM Client Mode Build -To build the simulator configured to use wolfHSM client mode, ensure you build with the `WOLFHSM_CLIENT=1` makefile option. This will automatically define `WOLFBOOT_USE_WOLFHSM_PUBKEY_ID`, and requires the public key corresponding to the private key that signed the image to be pre-loaded into the HSM at the keyId specified by `hsmKeyIdPubKey` in the simulator HAL. +To build the simulator configured to use wolfHSM client mode, ensure you build with the `WOLFHSM_CLIENT=1` makefile option. This requires the public key corresponding to the private key that signed the image to be pre-loaded into the HSM at the keyId specified by `hsmKeyIdPubKey` in the simulator HAL. ```sh # Grab the HSM client simulator configuration diff --git a/options.mk b/options.mk index 37f676d797..be01ab0aef 100644 --- a/options.mk +++ b/options.mk @@ -1390,13 +1390,12 @@ ifeq ($(WOLFHSM_CLIENT),1) # HSM out-of-band KEYGEN_OPTIONS += --exportpubkey --der - # Default to using public keys on the HSM - ifneq ($(WOLFHSM_CLIENT_LOCAL_KEYS),1) - KEYGEN_OPTIONS += --nolocalkeys - CFLAGS += -DWOLFBOOT_USE_WOLFHSM_PUBKEY_ID - # big enough for cert chain - CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000 - endif + # wolfHSM clients always use HSM-resident public keys, referenced by key ID or + # authenticated via a certificate chain. Public keys baked into a local + # keystore.c are not supported. + KEYGEN_OPTIONS += --nolocalkeys + # big enough for cert chain + CFLAGS += -DWOLFHSM_CFG_COMM_DATA_LEN=5000 # Ensure wolfHSM is configured to use certificate manager if we are # doing cert chain verification diff --git a/src/image.c b/src/image.c index 3bedbef9ea..9f53839f2f 100644 --- a/src/image.c +++ b/src/image.c @@ -214,10 +214,8 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, int ret, verify_res = 0; ecc_key ecc; mp_int r, s; -#if (!defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ - !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)) || \ - (defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID)) +#if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ + !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) uint8_t* pubkey = keystore_get_buffer(key_slot); int pubkey_sz = keystore_get_size(key_slot); int point_sz = pubkey_sz / 2; @@ -251,7 +249,7 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, uint8_t tmpSigBuf[ECC_MAX_SIG_SIZE] = {0}; size_t tmpSigSz = sizeof(tmpSigBuf); - #if defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) || \ + #if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ (defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) && \ defined(WOLFBOOT_CERT_CHAIN_VERIFY)) (void)key_slot; @@ -281,11 +279,11 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, ret = wh_Client_EccSetKeyId(&ecc, hsmKeyIdPubKey); #endif } - #else + #else /* WOLFBOOT_CERT_CHAIN_VERIFY */ #if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) ret = wh_Client_EccSetKeyId(&ecc, hsmKeyIdPubKey); #endif - #endif /* WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ + #endif /* !WOLFBOOT_CERT_CHAIN_VERIFY */ if (ret != 0) { return; } @@ -299,7 +297,7 @@ static void wolfBoot_verify_signature_ecc(uint8_t key_slot, return; } - #endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ + #endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || (SERVER && CERT_CHAIN) */ /* wc_ecc_verify_hash_ex() doesn't trigger a crypto callback, so we need to use wc_ecc_verify_hash instead. Unfortunately, that requires converting the signature to intermediate DER format first */ @@ -436,10 +434,8 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot, #endif #endif /* WOLFBOOT_SIGN_RSAPSS_ANY */ -#if (!defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ - !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER)) || \ - (defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID)) +#if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ + !defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) uint8_t *pubkey = keystore_get_buffer(key_slot); int pubkey_sz = keystore_get_size(key_slot); @@ -472,7 +468,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot, if (ret != 0) { return; } -#if defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) || \ +#if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ (defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) && \ defined(WOLFBOOT_CERT_CHAIN_VERIFY)) (void)key_slot; @@ -519,7 +515,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot, wc_FreeRsaKey(&rsa); return; } -#endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ +#endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT || (SERVER && CERT_CHAIN) */ XMEMCPY(output, sig, RSA_IMAGE_SIGNATURE_SIZE); #ifdef WOLFBOOT_SIGN_RSAPSS_ANY if (is_pss) { @@ -532,14 +528,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot, RSA_VERIFY_FN(ret, wc_RsaSSL_VerifyInline, output, RSA_IMAGE_SIGNATURE_SIZE, &digest_out, &rsa); } -#if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) - /* evict the key after use, since we aren't using the RSA import API */ - if (WH_ERROR_OK != wh_Client_KeyEvict(&hsmClientCtx, hsmKeyId)) { - wc_FreeRsaKey(&rsa); - return; - } -#elif defined(WOLFBOOT_CERT_CHAIN_VERIFY) +#if defined(WOLFBOOT_CERT_CHAIN_VERIFY) if (g_leafKeyIdValid) { #if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) (void)wh_Client_KeyEvict(&hsmClientCtx, g_certLeafKeyId); @@ -548,7 +537,7 @@ static void wolfBoot_verify_signature_rsa_common(uint8_t key_slot, #endif g_leafKeyIdValid = 0; } -#endif /* !WOLFBOOT_USE_WOLFHSM_PUBKEY_ID */ +#endif /* WOLFBOOT_CERT_CHAIN_VERIFY */ #else /* wolfCrypt software RSA verify */ ret = wc_InitRsaKey_ex(&rsa, NULL, WOLFBOOT_DEVID_PUBKEY); @@ -735,9 +724,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, { int ret = 0; wc_MlDsaKey ml_dsa; -#if !defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT || \ - (defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID)) +#if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) uint8_t * pubkey = NULL; int pub_len = 0; #endif @@ -747,9 +734,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, wolfBoot_printf("info: ML-DSA %d verify_signature: pubkey %d, sig %d\n", ML_DSA_LEVEL, KEYSTORE_PUBKEY_SIZE, ML_DSA_IMAGE_SIGNATURE_SIZE); -#if !defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT || \ - (defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID)) +#if !defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) pubkey = keystore_get_buffer(key_slot); if (pubkey == NULL) { @@ -774,8 +759,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, } } -#if defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && \ - defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) +#if defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) /* Use key slot ID directly with wolfHSM */ #if defined(WOLFBOOT_CERT_CHAIN_VERIFY) /* If using certificate chain verification and we have a verified leaf key @@ -820,8 +804,7 @@ static void wolfBoot_verify_signature_ml_dsa(uint8_t key_slot, ret); } } -#endif /* !defined WOLFBOOT_ENABLE_WOLFHSM_CLIENT && - !defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) */ +#endif /* WOLFBOOT_ENABLE_WOLFHSM_CLIENT */ /* Make sure sig len matches parameters. */ @@ -1076,7 +1059,7 @@ static int image_sha256(struct wolfBoot_image *img, uint8_t *hash) return 0; } -#ifndef WOLFBOOT_NO_SIGN +#if !defined(WOLFBOOT_NO_SIGN) && !defined(WOLFBOOT_NO_KEYSTORE) /** * @brief Calculate the SHA256 hash of the key. @@ -1187,7 +1170,7 @@ static int image_sha384(struct wolfBoot_image *img, uint8_t *hash) return 0; } -#ifndef WOLFBOOT_NO_SIGN +#if !defined(WOLFBOOT_NO_SIGN) && !defined(WOLFBOOT_NO_KEYSTORE) /** * @brief Calculate SHA-384 hash of a public key in the keystore. @@ -1303,7 +1286,7 @@ static int image_sha3_384(struct wolfBoot_image *img, uint8_t *hash) wc_Sha3_384_Free(&sha3_ctx); return 0; } -#ifndef WOLFBOOT_NO_SIGN +#if !defined(WOLFBOOT_NO_SIGN) && !defined(WOLFBOOT_NO_KEYSTORE) /** * @brief Calculate SHA3-384 hash of a public key in the keystore. @@ -2267,10 +2250,14 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) } key_slot = 0; -#elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) && \ - defined(WOLFBOOT_USE_WOLFHSM_PUBKEY_ID) +#elif defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) /* Don't care about the key slot, we are using a fixed wolfHSM keyId */ key_slot = 0; +#elif defined(WOLFBOOT_ENABLE_WOLFHSM_SERVER) && \ + defined(WOLFBOOT_CERT_CHAIN_VERIFY) + /* Don't care about the key slot, we are using the public key from the + * leaf cert */ + key_slot = 0; #else key_slot = keyslot_id_by_sha(pubkey_hint); if (key_slot < 0) { @@ -2298,8 +2285,17 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) return -1; img->sha_hash = digest; } - key_mask = keystore_get_mask(key_slot); image_part = image_type & HDR_IMG_TYPE_PART_MASK; +#ifdef WOLFBOOT_NO_KEYSTORE + /* No local keystore is linked: there is no per-key partition permission + * mask to consult. Key authorization and usage are enforced by the HSM + * (cert-chain root-of-trust plus per-key usage flags), so the wolfBoot + * keystore mask check does not apply here. */ + (void)key_slot; + (void)key_mask; + (void)image_part; +#else + key_mask = keystore_get_mask(key_slot); /* Check if the key permission mask matches the current partition id */ if (((1U << image_part) & key_mask) != (1U << image_part)) { @@ -2307,6 +2303,7 @@ int wolfBoot_verify_authenticity(struct wolfBoot_image *img) } CONFIRM_MASK_VALID(image_part, key_mask); +#endif #if defined(WOLFBOOT_CERT_CHAIN_VERIFY) && \ (defined(WOLFBOOT_ENABLE_WOLFHSM_CLIENT) || \ @@ -2510,7 +2507,8 @@ uint8_t* wolfBoot_peek_image(struct wolfBoot_image *img, uint32_t offset, return p; } -#if !defined(WOLFBOOT_NO_SIGN) && !defined(WOLFBOOT_RENESAS_SCEPROTECT) +#if !defined(WOLFBOOT_NO_SIGN) && !defined(WOLFBOOT_RENESAS_SCEPROTECT) && \ + !defined(WOLFBOOT_NO_KEYSTORE) /* Compare fixed-size key hints without early exit to avoid leaking hash prefix * matches through lookup timing. */