diff --git a/config/examples/stm32h5-dualbank.config b/config/examples/stm32h5-dualbank.config index f99c065175..ebd4e55dc0 100644 --- a/config/examples/stm32h5-dualbank.config +++ b/config/examples/stm32h5-dualbank.config @@ -25,3 +25,4 @@ WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x8140000 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0xFFFFFFFF FLAGS_HOME=0 DISABLE_BACKUP=0 +IMAGE_HEADER_SIZE?=1024 diff --git a/config/examples/stm32h5-tz-dualbank-otp.config b/config/examples/stm32h5-tz-dualbank-otp.config index 0b881c67b1..5f7cd1c228 100644 --- a/config/examples/stm32h5-tz-dualbank-otp.config +++ b/config/examples/stm32h5-tz-dualbank-otp.config @@ -28,4 +28,5 @@ DISABLE_BACKUP=0 FLASH_OTP_KEYSTORE=1 WOLFCRYPT_TZ=1 WOLFCRYPT_TZ_PKCS11=1 -ARMORED=1 \ No newline at end of file +ARMORED=1 +IMAGE_HEADER_SIZE?=1024 diff --git a/config/examples/stm32h5-tz.config b/config/examples/stm32h5-tz.config index 500a5d5469..a446942adb 100644 --- a/config/examples/stm32h5-tz.config +++ b/config/examples/stm32h5-tz.config @@ -27,3 +27,4 @@ FLAGS_HOME=0 DISABLE_BACKUP=0 WOLFCRYPT_TZ=1 WOLFCRYPT_TZ_PKCS11=1 +IMAGE_HEADER_SIZE?=1024 diff --git a/config/examples/stm32h5.config b/config/examples/stm32h5.config index 489d29cec5..ab141fe6b6 100644 --- a/config/examples/stm32h5.config +++ b/config/examples/stm32h5.config @@ -25,3 +25,4 @@ WOLFBOOT_PARTITION_UPDATE_ADDRESS?=0x8140000 WOLFBOOT_PARTITION_SWAP_ADDRESS?=0x08010000 FLAGS_HOME=0 DISABLE_BACKUP=0 +IMAGE_HEADER_SIZE?=1024 diff --git a/docs/STM32-TZ.md b/docs/STM32-TZ.md index 9cb62adce9..9e969e9ee5 100644 --- a/docs/STM32-TZ.md +++ b/docs/STM32-TZ.md @@ -27,6 +27,34 @@ non-secure domain can access wolfCrypt through a standard PKCS11 interface and use the crypto library with pre-provisioned keys that are never exposed to the non-secure domain. +### Image header size + +The `IMAGE_HEADER_SIZE` option has to be carefully tuned to accommodate for the +interrupt vector table alignment requirements. According to the [ARM Cortex-M33 +documentation](https://developer.arm.com/documentation/100235/0004/the-cortex-m33-processor/exception-model/vector-table): + +> The silicon vendor must configure the required alignment of the vector +> tables, which depends on the number of interrupts implemented. The minimum +> alignment is 32 words, enough for up to 16 interrupts. For more interrupts, +> adjust the alignment by rounding up to the next power of two. For example, if +> you require 21 interrupts, the alignment must be on a 64-word boundary +> because the required table size is 37 words, and the next power of two is 64. + +For example, all the STM32H5 series boards have at least 146 interrupt +channels; since the next power of two is 256, they require an alignment of 1024 +bytes (256×4). As a result, in this case `IMAGE_HEADER_SIZE` must be set to +`1024` or a multiple of it. + +This detail is already taken care of in the configuration files provided in +`config/examples`. + +In addition to this, when using the signing tool standalone the appropriate +image header size must be supplied as an environment variable. For example: + +``` +IMAGE_HEADER_SIZE=1024 ./tools/keytools/sign --sha256 --ecc256 myapp.bin wolfboot_signing_private_key.der 1 +``` + ### Example using STM32L552 - Copy the example configuration for STM32-L5 with support for wolfCrypt in diff --git a/src/boot_arm.c b/src/boot_arm.c index 100f1e6219..a1f2790e42 100644 --- a/src/boot_arm.c +++ b/src/boot_arm.c @@ -416,8 +416,7 @@ void isr_empty(void) #ifdef TZEN #include "hal.h" -//#define VTOR (*(volatile uint32_t *)(0xE002ED08)) -#define VTOR (*(volatile uint32_t *)(0xE000ED08)) +#define VTOR (*(volatile uint32_t *)(0xE002ED08)) #else #define VTOR (*(volatile uint32_t *)(0xE000ED08)) #endif