wolfBoot icon indicating copy to clipboard operation
wolfBoot copied to clipboard
verified publisher icon wolfSSL

Initial support for LS1028A. Booting into OCRAM app.

Open billphipps opened this issue 2 years ago • 0 comments

Still getting through some problems. Here's what's working:

  1. Booting without TPM into OCRAM-based app. Used NO_XIP=1 to make wolfBoot copy into the load address
  2. Booting with TPM sealing is working, except I haven't gotten the initial key into the TPM yet, so it fails to unseal and verify the signature. TPM access is working fine.
  3. I updated spi_drv_nxp to gate on platform. There are some shenanigans that should be cleaner up as we stabilize the API.

Here's some hacks that I wasn't sure about:

  1. Updated stack size usage test in options.mk because it checks for TPM first (limits to 6k) but with SP-math==0, we really need 7.5k. This needs a systemic update to handle max() of the options.
  2. Ignored DTS stuff for now. Didn't seem to cause an issue.
  3. With TPM enabled, there's a duplication of some functions with wolf crypt/misc.c. I added a guard on WOLFBOOT_TPM.
  4. Skipped getting the DDR working for reals as we are targeting a simple OCRAM app for now.
  5. Updated the wolfTPM submodule to the latest and greatest. This got sealing working.
  6. I snuck the wolfBoot and app into the SPI NOR flash after the RCW and before the uBoot. Simply updated the start address in the RCW to point to wolf boot instead of uBoot. Can easily swap it back to get into uBoot and linux. Likely need this to preload the TPM key...

Here's the list of things that are broke

  1. Measured boot now fails to compile. Likely a simple typo somewhere, but I didn't dig into it too far.
  2. Test app is still likely still running at EL3. This must be pushed down.
  3. MMU tables are likely not correct for anything past 512MB. Need to use the ones from CW
  4. Documentation is still out of date. Prepping slides tomorrow (today) to add pictures of what we are doing and what we should/could do instead.
  5. Still need to clean up the initial startup sequence and get it closer to the fully functions CW version.

Overall, pretty darn close and likely suitable for the customer demo. Glide path seems clear on the technical issues.

billphipps avatar May 11 '23 08:05 billphipps