-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Example for Secure Boot solution to store root of trust in NV #276
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dgarske
force-pushed
the
secure_rot
branch
2 times, most recently
from
July 20, 2023 20:44
3a6d7b1
to
1107654
Compare
dgarske
force-pushed
the
secure_rot
branch
3 times, most recently
from
July 28, 2023 18:20
a99b5a2
to
33f9873
Compare
…es authentication and tamper protection. Fixed uses of arg= in examples.
…x build with WOLFTPM_DEBUG_VERBOSE only.
…auth. This is useful from the bootloader to make sure no one can use the platform hierarchy from application.
…uth` session optional.
dgarske
added a commit
to dgarske/wolfBoot
that referenced
this pull request
Aug 7, 2023
* Added TPM SPI wait state support and debug logging. * Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`. * Added parameter encryption support. * Added TPM based root of trust based on wolfSSL/wolfTPM#276 * Removed the TPM hashing feature (not practical). * Fixed RSA with wolfTPM build. * Fixed cleanup wolfTPM objects on make clean.
dgarske
added a commit
to dgarske/wolfBoot
that referenced
this pull request
Aug 7, 2023
* Added TPM SPI wait state support and debug logging. * Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`. * Added parameter encryption support. * Added TPM based root of trust based on wolfSSL/wolfTPM#276 * Removed the TPM hashing feature (not practical). * Fixed RSA with wolfTPM build. * Fixed cleanup wolfTPM objects on make clean.
4 tasks
dgarske
force-pushed
the
secure_rot
branch
4 times, most recently
from
August 8, 2023 22:50
6e3e301
to
7c3e9f1
Compare
… parameter encryption and importing ECC keys with custom seed. Requires wolfSSL/wolfssl#6683
… set session salt.
jpbland1
approved these changes
Aug 10, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed and tested, confirmed that the index is locked by running a second time to see the write fail to overwrite the locked index
dgarske
added a commit
to dgarske/wolfBoot
that referenced
this pull request
Aug 10, 2023
* Added TPM SPI wait state support and debug logging. * Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`. * Added parameter encryption support. * Added TPM based root of trust based on wolfSSL/wolfTPM#276 * Removed the TPM hashing feature (not practical). * Fixed RSA with wolfTPM build. * Fixed cleanup wolfTPM objects on make clean.
dgarske
added a commit
to dgarske/wolfBoot
that referenced
this pull request
Aug 15, 2023
* Added TPM SPI wait state support and debug logging. * Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`. * Added parameter encryption support. * Added TPM based root of trust based on wolfSSL/wolfTPM#276 * Removed the TPM hashing feature (not practical). * Fixed RSA with wolfTPM build. * Fixed cleanup wolfTPM objects on make clean.
danielinux
pushed a commit
to wolfSSL/wolfBoot
that referenced
this pull request
Aug 17, 2023
* Added TPM SPI wait state support and debug logging. * Added platform auth ownership (change platform password to random value before boot). Can be disabled using `WOLFBOOT_TPM_NO_CHG_PLAT_AUTH`. * Added parameter encryption support. * Added TPM based root of trust based on wolfSSL/wolfTPM#276 * Removed the TPM hashing feature (not practical). * Fixed RSA with wolfTPM build. * Fixed cleanup wolfTPM objects on make clean.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
arg=
in exampleswolfTPM2_ChangePlatformAuth
wrapper to help set the platform auth. This is useful from the bootloader to make sure no one can use the platform hierarchy from application.NO_HMAC
.