diff --git a/.github/workflows/make-test-swtpm.yml b/.github/workflows/make-test-swtpm.yml index a8a4d679..afe107dc 100644 --- a/.github/workflows/make-test-swtpm.yml +++ b/.github/workflows/make-test-swtpm.yml @@ -183,7 +183,7 @@ jobs: # capture logs on failure - name: Upload failure logs if: failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: wolftpm-test-logs path: | diff --git a/IDE/QNX/README.md b/IDE/QNX/README.md index eef90c6d..4413feba 100644 --- a/IDE/QNX/README.md +++ b/IDE/QNX/README.md @@ -41,9 +41,8 @@ Here is a template: /* Reduce stack use */ #define MAX_COMMAND_SIZE 1024 -#define MAX_RESPONSE_SIZE 1024 -#define WOLFTPM2_MAX_BUFFER 1500 -#define MAX_DIGEST_BUFFER 973 +#define MAX_RESPONSE_SIZE 1350 +#define MAX_DIGEST_BUFFER 896 /* Debugging */ #if 1 @@ -113,7 +112,7 @@ Edit the following QNX BSP files: @@ -442,7 +442,7 @@ static void xzynq_setup(xzynq_spi_t *dev, uint32_t device) spi_debug1("%s: CONFIG_SPI_REG = 0x%x", __func__, dev->ctrl[id]); #endif - + - if(dev->fcs) { + if(dev->fcs || (devlist[id].cfg.mode & SPI_MODE_MAN_CS)) { out32(base + XZYNQ_SPI_CR_OFFSET, dev->ctrl[id] | XZYNQ_SPI_CR_MAN_CS); @@ -122,7 +121,7 @@ Edit the following QNX BSP files: @@ -621,7 +621,7 @@ void *xzynq_xfer(void *hdl, uint32_t device, uint8_t *buf, int *len) reset = 1; } - + - if(!dev->fcs) { + if(!dev->fcs && !(devlist[id].cfg.mode & SPI_MODE_MAN_CS)) { xzynq_spi_slave_select(dev, id, 0); @@ -135,12 +134,12 @@ Edit the following QNX BSP files: @@ -72,6 +73,16 @@ int xzynq_cfg(void *hdl, spi_cfg_t *cfg, int cs) /* Enable ModeFail generation */ ctrl |= XZYNQ_SPI_CR_MFAIL_EN; - + + if (cfg->mode & SPI_MODE_MAN_CS) + ctrl |= XZYNQ_SPI_CR_MAN_CS; /* enable manual CS mode */ + + if (cfg->mode & SPI_MODE_CLEAR_CS) { -+ /* make sure all chip selects are de-asserted */ ++ /* make sure all chip selects are de-asserted */ + /* set all CS bits high to de-assert */ + out32(base + XZYNQ_SPI_CR_OFFSET, + in32(base + XZYNQ_SPI_CR_OFFSET) | XZYNQ_SPI_CR_CS); @@ -156,7 +155,7 @@ Edit the following QNX BSP files: #define SPI_MODE_IDLE_INSERT (1 << 16) +#define SPI_MODE_MAN_CS (1 << 17) /* Manual Chip select */ +#define SPI_MODE_CLEAR_CS (1 << 18) /* Clear all chip selects (used with SPI_MODE_MAN_CS) */ - + #define SPI_MODE_LOCKED (1 << 31) /* The device is locked by another client */ ``` diff --git a/configure.ac b/configure.ac index 803c1d2d..4980ecc4 100644 --- a/configure.ac +++ b/configure.ac @@ -355,7 +355,7 @@ then # Reduces max packet and buffer sizes to 1024 bytes # RSA KeyGen AES response is 1329 MAX_RESPONSE_SIZE - AM_CFLAGS="$AM_CFLAGS -DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1350 -DWOLFTPM2_MAX_BUFFER=1500 -DMAX_DIGEST_BUFFER=973" + AM_CFLAGS="$AM_CFLAGS -DMAX_COMMAND_SIZE=1024 -DMAX_RESPONSE_SIZE=1350 -DMAX_DIGEST_BUFFER=896" # If parameter encryption is not used then maximum session count is one if test "x$ENABLED_WOLFCRYPT" = "xno" diff --git a/examples/endorsement/get_ek_certs.c b/examples/endorsement/get_ek_certs.c index ae9475f8..9d575d75 100644 --- a/examples/endorsement/get_ek_certs.c +++ b/examples/endorsement/get_ek_certs.c @@ -208,12 +208,13 @@ int TPM2_EndorsementCert_Example(void* userCtx, int argc, char *argv[]) WOLFSSL_FILETYPE_PEM); if (rc == WOLFSSL_SUCCESS) { certSz++; - rc = 0; } else { - printf("Warning: Failed to load trusted PEM at index %d\n", i); + printf("Warning: Failed to load trusted PEM at index %d. " + "Error %s (rc %d)\n", i, TPM2_GetRCString(rc), rc); /* not fatal, continue loading trusted certs */ } + rc = 0; /* reset return code */ } printf("Loaded %d trusted certificates\n", certSz); } diff --git a/examples/pkcs7/pkcs7.c b/examples/pkcs7/pkcs7.c index 451252b9..1125d135 100644 --- a/examples/pkcs7/pkcs7.c +++ b/examples/pkcs7/pkcs7.c @@ -62,7 +62,7 @@ #ifdef ENABLE_PKCS7EX_EXAMPLE /* Dummy Function to Get Data */ -#define MY_DATA_CHUNKS WOLFTPM2_MAX_BUFFER +#define MY_DATA_CHUNKS MAX_DIGEST_BUFFER #define MY_DATA_TOTAL (1024 * 1024) + 12 /* odd remainder for test */ static int GetMyData(byte* buffer, word32 bufSz, word32 offset) { diff --git a/src/tpm2_linux.c b/src/tpm2_linux.c index 5c597cd4..6f7e8c1c 100644 --- a/src/tpm2_linux.c +++ b/src/tpm2_linux.c @@ -28,7 +28,6 @@ #ifdef WOLFTPM_LINUX_DEV #include #include -#include /* Needed only for WOLFTPM2_MAX_BUFFER */ #include #include #include @@ -48,11 +47,7 @@ * partial reads. The only way to receive a complete response is to read * the maximum allowed TPM response from the kernel, which is 4K. And most * of the ARM systems use older kernels, such as the RPI that uses v4.12 - * - * The caller knows what the expected outcome of the operation is. Therefore, - * the response size is limited only by the WOLFTPM2_MAX_BUFFER used to limit - * the WOLFTPM2_BUFFER in wolfTPM wrappers */ - + */ /* Talk to a TPM device exposed by the Linux tpm_tis driver */ int TPM2_LINUX_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet) diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index 84bbc28a..d024d7de 100644 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -95,13 +95,9 @@ typedef struct WOLFTPM2_CSR { } WOLFTPM2_CSR; #endif -#ifndef WOLFTPM2_MAX_BUFFER - #define WOLFTPM2_MAX_BUFFER 2048 -#endif - typedef struct WOLFTPM2_BUFFER { int size; - byte buffer[WOLFTPM2_MAX_BUFFER]; + byte buffer[MAX_DIGEST_BUFFER]; } WOLFTPM2_BUFFER; typedef enum WOLFTPM2_MFG {