From 82e4950b595a8e802d17a020860462b11578bd59 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 5 Sep 2025 14:06:45 +0200 Subject: [PATCH 1/3] Added NSC functions to facilitate updates from NS application --- include/wolfboot/wolfboot.h | 26 ++++++++++++++++++++++++++ src/libwolfboot.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 5750244ca9..3f4444ddbc 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -411,6 +411,32 @@ int wolfBoot_set_encrypt_key(const uint8_t *key, const uint8_t *nonce); int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce); int wolfBoot_erase_encrypt_key(void); +#ifndef __WOLFBOOT + +/* Applications can access update success/trigger and flash erase/write + * via non-secure callable, to facilitate updates + */ + +/* Call wolfBoot_success from non-secure application */ +void wolfBoot_nsc_success(void); + +/* Call wolfBoot_update_trigger from non-secure application */ +void wolfBoot_nsc_update_trigger(void); + +/* Erase one or more sectors in the update partition. + * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS) + * - len: size, in bytes + */ +int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len); + +/* Write the content of buffer `buf` and size `len` to the update partition, + * at offset address, from non-secure application + * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS) + * - len: size, in bytes + */ +int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len); +#endif /* !__WOLFBOOT */ + #ifdef __cplusplus } diff --git a/src/libwolfboot.c b/src/libwolfboot.c index d6e4109bf1..9240db3767 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1984,3 +1984,40 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst) } #endif /* MMU */ #endif /* EXT_ENCRYPTED */ + +#if defined(WOLFCRYPT_SECURE_MODE) +__attribute__((cmse_nonsecure_entry)) +void wolfBoot_nsc_success(void) +{ + wolfBoot_success(); +} + +__attribute__((cmse_nonsecure_entry)) +void wolfBoot_nsc_update_trigger(void) +{ + wolfBoot_update_trigger(); +} + +__attribute__((cmse_nonsecure_entry)) +int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len) +{ + if (address > WOLFBOOT_PARTITION_SIZE) + return -1; + if (address + len > WOLFBOOT_PARTITION_SIZE) + return -1; + hal_flash_erase(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, len); + +} + +__attribute__((cmse_nonsecure_entry)) +int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len) +{ + if (address > WOLFBOOT_PARTITION_SIZE) + return -1; + if (address + len > WOLFBOOT_PARTITION_SIZE) + return -1; + hal_flash_write(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, buf, len); +} + +#endif + From d6ba220e55b65fc883841f95d4659d6fb5c46397 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 5 Sep 2025 14:12:57 +0200 Subject: [PATCH 2/3] [rp2350] Added cache in RAM for hal_flash_write --- hal/rp2350.c | 16 +++++++++++++++- src/libwolfboot.c | 4 ++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/hal/rp2350.c b/hal/rp2350.c index c2b4a4d4a0..85052ca69d 100644 --- a/hal/rp2350.c +++ b/hal/rp2350.c @@ -224,7 +224,21 @@ void hal_prepare_boot(void) int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len) { - flash_range_program(address - XIP_BASE, data, len); + uint8_t cache[WOLFBOOT_SECTOR_SIZE]; + uint32_t written = 0; + uint32_t sz; + if (((uintptr_t)data & 0x20000000UL) == 0) { + /* Not in RAM: copy to cache before writing */ + while (written < len) { + sz = WOLFBOOT_SECTOR_SIZE; + if (sz > (len - written)) + sz = len - written; + memcpy(cache, data + written, sz); + flash_range_program(address - XIP_BASE + written, cache, sz); + written += sz; + } + } else + flash_range_program(address - XIP_BASE, data, len); return 0; } diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 9240db3767..d4b4bba084 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -2005,7 +2005,7 @@ int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len) return -1; if (address + len > WOLFBOOT_PARTITION_SIZE) return -1; - hal_flash_erase(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, len); + return hal_flash_erase(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, len); } @@ -2016,7 +2016,7 @@ int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len return -1; if (address + len > WOLFBOOT_PARTITION_SIZE) return -1; - hal_flash_write(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, buf, len); + return hal_flash_write(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, buf, len); } #endif From cd347b5886c75bcf7dfc6f5a448b947c5024b3bc Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Fri, 5 Sep 2025 18:14:04 +0200 Subject: [PATCH 3/3] Fix visibility of new nsc declarations --- include/wolfboot/wolfboot.h | 10 ++++++++-- src/libwolfboot.c | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h index 3f4444ddbc..0f0656c2ef 100644 --- a/include/wolfboot/wolfboot.h +++ b/include/wolfboot/wolfboot.h @@ -411,22 +411,26 @@ int wolfBoot_set_encrypt_key(const uint8_t *key, const uint8_t *nonce); int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce); int wolfBoot_erase_encrypt_key(void); -#ifndef __WOLFBOOT +#if !defined(__WOLFBOOT) && defined(WOLFCRYPT_SECURE_MODE) /* Applications can access update success/trigger and flash erase/write * via non-secure callable, to facilitate updates */ /* Call wolfBoot_success from non-secure application */ + +__attribute__((cmse_nonsecure_entry)) void wolfBoot_nsc_success(void); /* Call wolfBoot_update_trigger from non-secure application */ +__attribute__((cmse_nonsecure_entry)) void wolfBoot_nsc_update_trigger(void); /* Erase one or more sectors in the update partition. * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS) * - len: size, in bytes */ +__attribute__((cmse_nonsecure_entry)) int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len); /* Write the content of buffer `buf` and size `len` to the update partition, @@ -434,8 +438,10 @@ int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len); * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS) * - len: size, in bytes */ +__attribute__((cmse_nonsecure_entry)) int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len); -#endif /* !__WOLFBOOT */ + +#endif /* !__WOLFBOOT && WOLFCRYPT_SECURE_MODE */ #ifdef __cplusplus diff --git a/src/libwolfboot.c b/src/libwolfboot.c index d4b4bba084..fb3a20758e 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1985,7 +1985,7 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst) #endif /* MMU */ #endif /* EXT_ENCRYPTED */ -#if defined(WOLFCRYPT_SECURE_MODE) +#if defined(__WOLFBOOT) && defined(WOLFCRYPT_SECURE_MODE) __attribute__((cmse_nonsecure_entry)) void wolfBoot_nsc_success(void) {