Fixes 20260414

.gitignore

@@ -114,6 +114,7 @@ include/target.h
 .wolfboot-offset
 .wolfboot-partition-size
 .bootloader-partition-size
+NVChip
 MPLabX/wolfBoot-SAME51.X/.generated_files/
 test-dummy-ca/**
 
@@ -181,6 +182,12 @@ tools/unit-tests/unit-policy-create
 tools/unit-tests/unit-sign-encrypted-output
 tools/unit-tests/unit-update-flash-delta
 tools/unit-tests/unit-update-flash-self-update
+tools/unit-tests/unit-loader-tpm-init
+tools/unit-tests/unit-update-ram-nofixed
+tools/unit-tests/unit-max-space
+tools/unit-tests/unit-sdhci-disk-unaligned
+
+
 
 
 
@@ -373,4 +380,3 @@ system-default.dtb
 test_output/
 sdcard.img
 
-

config/examples/hifive1.config

@@ -14,7 +14,7 @@ V?=0
 SPMATH?=1
 RAM_CODE?=1
 DUALBANK_SWAP?=0
-WOLFBOOT_PARTITION_SIZE?=0x80000
+WOLFBOOT_PARTITION_SIZE?=0x40000
 WOLFBOOT_SECTOR_SIZE?=0x1000
 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x20020000
 WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x20060000

hal/library.c

@@ -83,6 +83,12 @@ void hal_prepare_boot(void)
     return;
 }
 
+void WEAKFUNCTION wolfBoot_panic(void)
+{
+    wolfBoot_printf("wolfBoot: PANIC!\n");
+    exit('P');
+}
+
 int do_boot(uint32_t* v)
 {
     wolfBoot_printf("booting %p"
@@ -143,6 +149,13 @@ int wolfBoot_start(void)
 
     wolfBoot_printf("Firmware Valid\n");
 
+#ifndef WOLFBOOT_SKIP_BOOT_VERIFY
+    if ((os_image.hdr_ok != 1U) || (os_image.sha_ok != 1U) ||
+        (os_image.signature_ok != 1U)) {
+        wolfBoot_panic();
+    }
+    PART_SANITY_CHECK(&os_image);
+#endif
     do_boot((uint32_t*)os_image.fw_base);
 
  exit:

hal/stm32h5.c

@@ -246,6 +246,14 @@ static int buffer_is_all_value(const uint8_t *buf, size_t len, uint8_t value)
     return 1;
 }
 
+static NOINLINEFUNCTION void hal_secret_zeroize(void *ptr, size_t len)
+{
+    volatile uint8_t *p = (volatile uint8_t *)ptr;
+    while (len-- > 0U) {
+        *p++ = 0U;
+    }
+}
+
 int hal_uds_derive_key(uint8_t *out, size_t out_len)
 {
 #if defined(FLASH_OTP_KEYSTORE)
@@ -272,9 +280,11 @@ int hal_uds_derive_key(uint8_t *out, size_t out_len)
                 copy_len = out_len;
             }
             memcpy(out, uds, copy_len);
+            hal_secret_zeroize(uds, sizeof(uds));
             return 0;
         }
     }
+    hal_secret_zeroize(uds, sizeof(uds));
 #endif
 
 #ifdef WOLFBOOT_UDS_UID_FALLBACK_FORTEST

include/MPLAB/target.h

@@ -90,6 +90,41 @@
 #define WOLFBOOT_DTS_BOOT_ADDRESS             
 #define WOLFBOOT_DTS_UPDATE_ADDRESS           
 
+#if !defined(WOLFBOOT_PART_USE_ARCH_OFFSET) && !defined(PULL_LINKER_DEFINES)
+    /*
+     * Only compare partitions that share the same internal flash address
+     * space. External partitions and runtime/linker-provided addresses are
+     * validated elsewhere.
+     */
+    #if !defined(PART_BOOT_EXT) && !defined(PART_UPDATE_EXT) && \
+        (WOLFBOOT_PARTITION_UPDATE_ADDRESS != 0) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE) > \
+         WOLFBOOT_PARTITION_UPDATE_ADDRESS) && \
+        (WOLFBOOT_PARTITION_BOOT_ADDRESS < \
+         (WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE))
+        #error "Boot and update partitions overlap"
+    #endif
+
+    #if !defined(PART_BOOT_EXT) && !defined(PART_SWAP_EXT) && \
+        (WOLFBOOT_PARTITION_SWAP_ADDRESS != 0) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + WOLFBOOT_PARTITION_SIZE) > \
+         WOLFBOOT_PARTITION_SWAP_ADDRESS) && \
+        (WOLFBOOT_PARTITION_BOOT_ADDRESS < \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + WOLFBOOT_SECTOR_SIZE))
+        #error "Boot and swap partitions overlap"
+    #endif
+
+    #if !defined(PART_UPDATE_EXT) && !defined(PART_SWAP_EXT) && \
+        (WOLFBOOT_PARTITION_UPDATE_ADDRESS != 0) && \
+        (WOLFBOOT_PARTITION_SWAP_ADDRESS != 0) && \
+        ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + WOLFBOOT_PARTITION_SIZE) > \
+         WOLFBOOT_PARTITION_SWAP_ADDRESS) && \
+        (WOLFBOOT_PARTITION_UPDATE_ADDRESS < \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + WOLFBOOT_SECTOR_SIZE))
+        #error "Update and swap partitions overlap"
+    #endif
+#endif
+
 #endif /* WOLFBOOT_FIXED_PARTITIONS */
 
 /* Load address in RAM for staged OS (update_ram only) */

include/image.h

@@ -1395,7 +1395,7 @@ static inline int wb_flash_write_verify_word(struct wolfBoot_image *img,
 #ifndef EXT_ENCRYPTED
 #define WOLFBOOT_MAX_SPACE (WOLFBOOT_PARTITION_SIZE - \
     (TRAILER_SKIP + sizeof(uint32_t) + \
-    (WOLFBOOT_PARTITION_SIZE + 1 / (WOLFBOOT_SECTOR_SIZE * 8))))
+    ((WOLFBOOT_PARTITION_SIZE + 1) / (WOLFBOOT_SECTOR_SIZE * 8))))
 #else
 #define WOLFBOOT_MAX_SPACE (WOLFBOOT_PARTITION_SIZE - ENCRYPT_TMP_SECRET_OFFSET)
 #endif

include/target.h.in

@@ -110,6 +110,42 @@
 #define WOLFBOOT_DTS_BOOT_ADDRESS             @WOLFBOOT_DTS_BOOT_ADDRESS@
 #define WOLFBOOT_DTS_UPDATE_ADDRESS           @WOLFBOOT_DTS_UPDATE_ADDRESS@
 
+#if defined(WOLFBOOT_FIXED_PARTITIONS) && \
+    !defined(WOLFBOOT_PART_USE_ARCH_OFFSET) && !defined(PULL_LINKER_DEFINES)
+    /*
+     * Only compare partitions that share the same internal flash address
+     * space. External partitions and runtime/linker-provided addresses are
+     * validated elsewhere.
+     */
+    #if !defined(PART_BOOT_EXT) && !defined(PART_UPDATE_EXT) && \
+        ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0) != 0) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + 0 + WOLFBOOT_PARTITION_SIZE + 0) > \
+         (WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0)) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + 0) < \
+         (WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0 + WOLFBOOT_PARTITION_SIZE + 0))
+        #error "Boot and update partitions overlap"
+    #endif
+
+    #if !defined(PART_BOOT_EXT) && !defined(PART_SWAP_EXT) && \
+        ((WOLFBOOT_PARTITION_SWAP_ADDRESS + 0) != 0) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + 0 + WOLFBOOT_PARTITION_SIZE + 0) > \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + 0)) && \
+        ((WOLFBOOT_PARTITION_BOOT_ADDRESS + 0) < \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + 0 + WOLFBOOT_SECTOR_SIZE))
+        #error "Boot and swap partitions overlap"
+    #endif
+
+    #if !defined(PART_UPDATE_EXT) && !defined(PART_SWAP_EXT) && \
+        ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0) != 0) && \
+        ((WOLFBOOT_PARTITION_SWAP_ADDRESS + 0) != 0) && \
+        ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0 + WOLFBOOT_PARTITION_SIZE + 0) > \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + 0)) && \
+        ((WOLFBOOT_PARTITION_UPDATE_ADDRESS + 0) < \
+         (WOLFBOOT_PARTITION_SWAP_ADDRESS + 0 + WOLFBOOT_SECTOR_SIZE))
+        #error "Update and swap partitions overlap"
+    #endif
+#endif
+
 #endif /* WOLFBOOT_FIXED_PARTITIONS */
 
 #if !defined(WOLFBOOT_NO_LOAD_ADDRESS)

src/delta.c

@@ -185,7 +185,6 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len)
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <limits.h>     /* INT_MAX */
 #include <inttypes.h>   /* PRIu32  */
 
 static uint32_t wolfboot_sector_size = 0;
@@ -233,9 +232,10 @@ int wb_diff_get_sector_size(void)
         fprintf(stderr, "WOLFBOOT_SECTOR_SIZE cannot be 0\n");
         exit(6);
     }
-    if (sec_sz > (uint32_t)INT_MAX) {
-        fprintf(stderr, "WOLFBOOT_SECTOR_SIZE (%" PRIu32 ") exceeds INT_MAX (%d)\n",
-            sec_sz, INT_MAX);
+    if (sec_sz > 0xFFFFU) {
+        fprintf(stderr,
+            "WOLFBOOT_SECTOR_SIZE (%" PRIu32 ") exceeds delta encoding limit (65535)\n",
+            sec_sz);
         exit(6);
     }
     return (int)sec_sz;

src/dice/dice.c

@@ -35,7 +35,6 @@
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/sha256.h>
 #include <wolfssl/wolfcrypt/integer.h>
-#include <wolfssl/wolfcrypt/memory.h>
 
 #if defined(WOLFBOOT_HASH_SHA384)
 #include <wolfssl/wolfcrypt/sha512.h>
@@ -68,6 +67,14 @@
 #define WOLFBOOT_DICE_ERR_HW -3
 #define WOLFBOOT_DICE_ERR_CRYPTO -4
 
+static NOINLINEFUNCTION void wolfboot_dice_zeroize(void *ptr, size_t len)
+{
+    volatile uint8_t *p = (volatile uint8_t *)ptr;
+    while (len-- > 0U) {
+        *p++ = 0U;
+    }
+}
+
 #define COSE_LABEL_ALG 1
 #define COSE_ALG_ES256 (-7)
 
@@ -621,7 +628,7 @@ static int wolfboot_dice_derive_attestation_key(ecc_key *key,
         goto cleanup;
     }
     /* CDI is no longer needed once the seed has been derived. */
-    wc_ForceZero(cdi, sizeof(cdi));
+    wolfboot_dice_zeroize(cdi, sizeof(cdi));
 
     if (wolfboot_dice_hkdf(seed, sizeof(seed),
                            (const uint8_t *)"WOLFBOOT-IAK", 12,
@@ -630,7 +637,7 @@ static int wolfboot_dice_derive_attestation_key(ecc_key *key,
         goto cleanup;
     }
     /* Seed is no longer needed once the private key material is derived. */
-    wc_ForceZero(seed, sizeof(seed));
+    wolfboot_dice_zeroize(seed, sizeof(seed));
 
     if (wolfboot_dice_fixup_priv(priv, sizeof(priv)) != 0) {
         goto cleanup;
@@ -644,9 +651,9 @@ static int wolfboot_dice_derive_attestation_key(ecc_key *key,
     ret = 0;
 
 cleanup:
-    wc_ForceZero(priv, sizeof(priv));
-    wc_ForceZero(seed, sizeof(seed));
-    wc_ForceZero(cdi, sizeof(cdi));
+    wolfboot_dice_zeroize(priv, sizeof(priv));
+    wolfboot_dice_zeroize(seed, sizeof(seed));
+    wolfboot_dice_zeroize(cdi, sizeof(cdi));
     return ret;
 }
 
@@ -660,24 +667,32 @@ static int wolfboot_attest_get_private_key(ecc_key *key,
     {
         uint8_t priv[WOLFBOOT_DICE_KEY_LEN];
         size_t priv_len = sizeof(priv);
+        int ret = -1;
 
         if (hal_attestation_get_iak_private_key(priv, &priv_len) != 0) {
-            return -1;
+            goto cleanup;
         }
         if (priv_len != WOLFBOOT_DICE_KEY_LEN) {
-            return -1;
+            goto cleanup;
         }
         if (wc_ecc_import_private_key_ex(priv, (word32)priv_len, NULL, 0,
                                          key, ECC_SECP256R1) != 0) {
-            return -1;
+            goto cleanup;
         }
-        return 0;
+        ret = 0;
+
+cleanup:
+        wolfboot_dice_zeroize(priv, sizeof(priv));
+        return ret;
     }
 #else
-    if (hal_uds_derive_key(uds, uds_len) != 0) {
-        return -1;
+    int ret = -1;
+
+    if (hal_uds_derive_key(uds, uds_len) == 0) {
+        ret = wolfboot_dice_derive_attestation_key(key, uds, uds_len, claims);
     }
-    return wolfboot_dice_derive_attestation_key(key, uds, uds_len, claims);
+    wolfboot_dice_zeroize(uds, sizeof(uds));
+    return ret;
 #endif
 }
 
@@ -801,7 +816,10 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
 {
     ecc_key key;
     WC_RNG rng;
-    int ret;
+    int ret = WOLFBOOT_DICE_ERR_CRYPTO;
+    int wc_ret;
+    int key_inited = 0;
+    int rng_inited = 0;
     uint8_t hash[SHA256_DIGEST_SIZE];
     uint8_t der_sig[128];
     word32 der_sig_len = sizeof(der_sig);
@@ -815,16 +833,18 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
     }
 
     wc_ecc_init(&key);
+    key_inited = 1;
     if (wolfboot_attest_get_private_key(&key, claims) != 0) {
-        wc_ecc_free(&key);
-        return WOLFBOOT_DICE_ERR_HW;
+        ret = WOLFBOOT_DICE_ERR_HW;
+        goto cleanup;
     }
 
     (void)wc_ecc_set_deterministic(&key, 1);
     if (wc_InitRng(&rng) != 0) {
-        wc_ecc_free(&key);
-        return WOLFBOOT_DICE_ERR_HW;
+        ret = WOLFBOOT_DICE_ERR_HW;
+        goto cleanup;
     }
+    rng_inited = 1;
 
     {
         wc_Sha256 sha;
@@ -833,26 +853,35 @@ static int wolfboot_dice_sign_tbs(const uint8_t *tbs,
         wc_Sha256Final(&sha, hash);
     }
 
-    ret = wc_ecc_sign_hash(hash, sizeof(hash), der_sig, &der_sig_len, &rng, &key);
-    wc_FreeRng(&rng);
-    if (ret != 0) {
-        wc_ecc_free(&key);
-        return WOLFBOOT_DICE_ERR_CRYPTO;
+    wc_ret = wc_ecc_sign_hash(hash, sizeof(hash), der_sig, &der_sig_len, &rng, &key);
+    if (wc_ret != 0) {
+        ret = WOLFBOOT_DICE_ERR_CRYPTO;
+        goto cleanup;
     }
 
-    ret = wc_ecc_sig_to_rs(der_sig, der_sig_len, r, &r_len, s, &s_len);
-    if (ret != 0 || r_len > sizeof(r) || s_len > sizeof(s)) {
-        wc_ecc_free(&key);
-        return WOLFBOOT_DICE_ERR_CRYPTO;
+    wc_ret = wc_ecc_sig_to_rs(der_sig, der_sig_len, r, &r_len, s, &s_len);
+    if (wc_ret != 0 || r_len > sizeof(r) || s_len > sizeof(s)) {
+        ret = WOLFBOOT_DICE_ERR_CRYPTO;
+        goto cleanup;
     }
 
     XMEMSET(sig, 0, WOLFBOOT_DICE_SIG_LEN);
     XMEMCPY(sig + (sizeof(r) - r_len), r, r_len);
     XMEMCPY(sig + sizeof(r) + (sizeof(s) - s_len), s, s_len);
     *sig_len = WOLFBOOT_DICE_SIG_LEN;
+    ret = WOLFBOOT_DICE_SUCCESS;
 
-    wc_ecc_free(&key);
-    return WOLFBOOT_DICE_SUCCESS;
+cleanup:
+    if (rng_inited) {
+        wc_FreeRng(&rng);
+    }
+    if (key_inited) {
+        wc_ecc_free(&key);
+        wolfboot_dice_zeroize(&key, sizeof(key));
+    }
+    wolfboot_dice_zeroize(hash, sizeof(hash));
+    wolfboot_dice_zeroize(der_sig, sizeof(der_sig));
+    return ret;
 }
 
 static int wolfboot_dice_build_token(uint8_t *token_buf,