Firmware update example application.

.gitignore

@@ -78,6 +78,7 @@ examples/boot/secure_rot
 examples/boot/secret_seal
 examples/boot/secret_unseal
 examples/firmware/ifx_fw_extract
+examples/firmware/ifx_fw_update
 
 # Generated Cert Files
 certs/ca-*.pem

examples/firmware/README.md

@@ -33,9 +33,11 @@ Data size is 919879
 Writing TPM20_15.23.17664.0_R1.MANIFEST
 Writing TPM20_15.23.17664.0_R1.DATA
 
-# Generate a SHA2-384 hash of the manifest file
-sha384sum -b TPM20_15.23.17664.0_R1.MANIFEST | cut -d ' ' -f 1 | xxd -r -p > TPM20_15.23.17664.0_R1.MANIFESTHASH
+./ifx_fw_update --help
+
+./ifx_fw_update TPM20_15.23.17664.0_R1.MANIFEST TPM20_15.23.17664.0_R1.DATA
 ```
 
+
 There is a TPM vendor command for getting the key group id(s). See `tpm2_ifx_firmware_dumpinfo`.
 

examples/firmware/ifx_fw_update.c

@@ -0,0 +1,177 @@
+/* ifx_fw_update.c
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfTPM.
+ *
+ * wolfTPM is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfTPM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+/* This tool will perform a firmware update on Infineon SLB9672 or SLB9673
+ * TPM 2.0 module */
+
+#ifdef HAVE_CONFIG_H
+    #include <config.h>
+#endif
+
+#include <wolftpm/tpm2_wrap.h>
+
+#ifdef WOLFTPM_FIRMWARE_UPGRADE
+
+#include <examples/firmware/ifx_fw_update.h>
+#include <examples/tpm_test_keys.h>
+#include <hal/tpm_io.h>
+
+/******************************************************************************/
+/* --- BEGIN TPM2.0 Firmware Update tool  -- */
+/******************************************************************************/
+
+static void usage(void)
+{
+    printf("Usage:\n");
+    printf("  ifx_fw_update <manifest_file> <firmware_file>\n");
+}
+
+typedef struct {
+    byte*  manifest_buf;
+    byte*  firmware_buf;
+    size_t manifest_bufSz;
+    size_t firmware_bufSz;
+} fw_info_t;
+
+static int TPM2_IFX_FwData_Cb(uint8_t* data, uint32_t data_req_sz,
+    uint32_t offset, void* cb_ctx)
+{
+    fw_info_t* fwinfo = (fw_info_t*)cb_ctx;
+    if (offset + data_req_sz > (uint32_t)fwinfo->firmware_bufSz) {
+        data_req_sz = (uint32_t)fwinfo->firmware_bufSz - offset;
+    }
+    if (data_req_sz > 0) {
+        XMEMCPY(data, &fwinfo->firmware_buf[offset], data_req_sz);
+    }
+    return data_req_sz;
+}
+
+static int TPM2_IFX_PrintInfo(WOLFTPM2_DEV* dev)
+{
+    int rc;
+    WOLFTPM2_CAPS caps;
+
+    XMEMSET(&caps, 0, sizeof(caps));
+    rc = wolfTPM2_GetCapabilities(dev, &caps);
+    if (rc == TPM_RC_SUCCESS) {
+        printf("Mfg %s (%d), Vendor %s, Fw %u.%u (0x%x), KeyGroup 0x%x\n",
+            caps.mfgStr, caps.mfg, caps.vendorStr, caps.fwVerMajor,
+            caps.fwVerMinor, caps.fwVerVendor, caps.keyGroupId);
+    }
+    return rc;
+}
+
+int TPM2_IFX_Firmware_Update(void* userCtx, int argc, char *argv[])
+{
+    int rc;
+    WOLFTPM2_DEV dev;
+    WOLFTPM2_CAPS caps;
+    const char* manifest_file = NULL;
+    const char* firmware_file = NULL;
+    fw_info_t fwinfo;
+
+    XMEMSET(&fwinfo, 0, sizeof(fwinfo));
+    XMEMSET(&caps, 0, sizeof(caps));
+
+    if (argc >= 2) {
+        if (XSTRCMP(argv[1], "-?") == 0 ||
+            XSTRCMP(argv[1], "-h") == 0 ||
+            XSTRCMP(argv[1], "--help") == 0) {
+            usage();
+            return 0;
+        }
+
+        manifest_file = argv[1];
+        if (argc >= 3) {
+            firmware_file = argv[2];
+        }
+    }
+
+    printf("Infineon Firmware Update Tool\n");
+    printf("\tManifest File: %s\n", manifest_file);
+    printf("\tFirmware File: %s\n", firmware_file);
+
+    rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
+    if (rc != TPM_RC_SUCCESS) {
+        printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
+        goto exit;
+    }
+
+    if (manifest_file == NULL || firmware_file == NULL) {
+        printf("Manifest file or firmware file arguments missing!\n");
+        goto exit;
+    }
+
+    rc = loadFile(manifest_file,
+        &fwinfo.manifest_buf, &fwinfo.manifest_bufSz);
+    if (rc == 0) {
+        rc = loadFile(firmware_file,
+            &fwinfo.firmware_buf, &fwinfo.firmware_bufSz);
+    }
+    if (rc == 0) {
+        TPM2_IFX_PrintInfo(&dev);
+    }
+    if (rc == 0) {
+        rc = wolfTPM2_FirmwareUpgrade(&dev,
+            fwinfo.manifest_buf, (uint32_t)fwinfo.manifest_bufSz,
+            TPM2_IFX_FwData_Cb, &fwinfo);
+    }
+    if (rc == 0) {
+        TPM2_IFX_PrintInfo(&dev);
+    }
+
+exit:
+
+    if (rc != 0) {
+        printf("Infineon firmware update failed 0x%x: %s\n",
+            rc, TPM2_GetRCString(rc));
+    }
+
+    XFREE(fwinfo.firmware_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(fwinfo.manifest_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    wolfTPM2_Cleanup(&dev);
+
+    return rc;
+}
+
+/******************************************************************************/
+/* --- END TPM2.0 Firmware Update tool  -- */
+/******************************************************************************/
+
+#endif /* WOLFTPM_FIRMWARE_UPGRADE */
+
+#ifndef NO_MAIN_DRIVER
+int main(int argc, char *argv[])
+{
+    int rc = -1;
+
+#ifdef WOLFTPM_FIRMWARE_UPGRADE
+    rc = TPM2_IFX_Firmware_Update(NULL, argc, argv);
+#else
+    printf("Support for firmware upgrade not compiled in! "
+        "See --enable-firmware or WOLFTPM_FIRMWARE_UPGRADE\n");
+    (void)argc;
+    (void)argv;
+#endif /* WOLFTPM_FIRMWARE_UPGRADE */
+
+    return rc;
+}
+#endif

examples/firmware/ifx_fw_update.h

@@ -0,0 +1,35 @@
+/* ifx_firmware_update.h
+ *
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfTPM.
+ *
+ * wolfTPM is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfTPM is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _IFX_FIRMWARE_H_
+#define _IFX_FIRMWARE_H_
+
+#ifdef __cplusplus
+    extern "C" {
+#endif
+
+int TPM2_IFX_Firmware_Update(void* userCtx, int argc, char *argv[]);
+
+#ifdef __cplusplus
+    }  /* extern "C" */
+#endif
+
+#endif /* _IFX_FIRMWARE_H_ */

examples/firmware/include.am

@@ -2,5 +2,21 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST += examples/firmware/README.md
-EXTRA_DIST += examples/firmware/ifx_fw_extract.c
 EXTRA_DIST += examples/firmware/Makefile
+
+# Host side tool for extracting the firmware manifest and data
+EXTRA_DIST += examples/firmware/ifx_fw_extract.c
+
+if BUILD_EXAMPLES
+noinst_PROGRAMS += examples/firmware/ifx_fw_update
+noinst_HEADERS  += examples/firmware/ifx_fw_update.h
+examples_firmware_ifx_fw_update_SOURCES      = examples/firmware/ifx_fw_update.c \
+                                               examples/tpm_test_keys.c
+examples_firmware_ifx_fw_update_LDADD        = src/libwolftpm.la $(LIB_STATIC_ADD)
+examples_firmware_ifx_fw_update_DEPENDENCIES = src/libwolftpm.la
+endif
+
+example_firmwaredir = $(exampledir)/firmware
+dist_example_firmware_DATA = examples/firmware/ifx_fw_update.c
+
+DISTCLEANFILES+= examples/firmware/.libs/ifx_fw_update