Removed all compile-time dependency from keytools

Makefile

@@ -85,6 +85,9 @@ ifeq ($(TARGET),ti_hercules)
   LSCRIPT_FLAGS+=--run_linker $(LSCRIPT)
 endif
 
+# Environment variables for sign tool
+SIGN_ENV=IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) WOLFBOOT_SECTOR_SIZE=$(WOLFBOOT_SECTOR_SIZE)
+
 
 MAIN_TARGET=factory.bin
 TARGET_H_TEMPLATE:=include/target.h.in
@@ -218,7 +221,7 @@ $(SECONDARY_PRIVATE_KEY): $(PRIVATE_KEY) keystore.der
 		-g $(SECONDARY_PRIVATE_KEY)) || true
 	$(Q)(test "$(FLASH_OTP_KEYSTORE)" = "1") && (make -C tools/keytools/otp) || true
 
-keytools: include/target.h
+keytools:
 	@echo "Building key tools"
 	@$(MAKE) -C tools/keytools -s clean
 	@$(MAKE) -C tools/keytools -j
@@ -238,10 +241,10 @@ test-app/image_v1_signed.bin: $(BOOT_IMG)
 	@echo "\tSECONDARY_SIGN_OPTIONS=$(SECONDARY_SIGN_OPTIONS)"
 	@echo "\tSECONDARY_PRIVATE_KEY=$(SECONDARY_PRIVATE_KEY)"
 
-	$(Q)(test $(SIGN) = NONE) || IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) \
+	$(Q)(test $(SIGN) = NONE) || $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) \
 		$(SECONDARY_SIGN_OPTIONS) $(BOOT_IMG) $(PRIVATE_KEY) \
 		$(SECONDARY_PRIVATE_KEY) 1 || true
-	$(Q)(test $(SIGN) = NONE) && IMAGE_HEADER_SIZE=$(IMAGE_HEADER_SIZE) "$(SIGN_TOOL)" $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true
+	$(Q)(test $(SIGN) = NONE) && $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_OPTIONS) $(BOOT_IMG) 1 || true
 
 test-app/image.elf: wolfboot.elf
 	$(Q)$(MAKE) -C test-app WOLFBOOT_ROOT="$(WOLFBOOT_ROOT)" image.elf

src/delta.c

@@ -22,11 +22,11 @@
 #include <stdint.h>
 #include <string.h>
 #include <delta.h>
-#include <target.h> /* WOLFBOOT_SECTOR_SIZE */
 
 
 #define ESC 0x7f
 
+
 #if (defined(__IAR_SYSTEMS_ICC__) && (__IAR_SYSTEMS_ICC__ > 8)) || \
     defined(__GNUC__)
 #define BLOCK_HDR_PACKED __attribute__ ((packed))
@@ -169,16 +169,42 @@ int wb_patch(WB_PATCH_CTX *ctx, uint8_t *dst, uint32_t len)
     return dst_off;
 }
 
+#ifndef __WOLFBOOT
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+static uint32_t wolfboot_sector_size = 0;
 
 int wb_diff_init(WB_DIFF_CTX *ctx, uint8_t *src_a, uint32_t len_a, uint8_t *src_b, uint32_t len_b)
 {
+    char *env_sector_size = NULL;
     if (!ctx || (len_a == 0) || (len_b == 0))
         return -1;
     memset(ctx, 0, sizeof(WB_DIFF_CTX));
     ctx->src_a = src_a;
     ctx->src_b = src_b;
     ctx->size_a = len_a;
     ctx->size_b = len_b;
+
+    env_sector_size = getenv("WOLFBOOT_SECTOR_SIZE");
+    if (!env_sector_size) {
+       fprintf(stderr, "Please set the WOLFBOOT_SECTOR_SIZE environment variable in\n"
+               "order to sign a delta update.\n");
+       exit(6);
+    } else {
+        wolfboot_sector_size = atoi(env_sector_size);
+        if (wolfboot_sector_size == 0) {
+            errno = 0;
+            wolfboot_sector_size = strtol(env_sector_size, NULL, 16);
+            if (errno != 0) {
+                fprintf(stderr, "Invalid WOLFBOOT_SECTOR_SIZE value\n");
+                exit(6);
+            }
+        }
+    }
+    printf("WOLFBOOT_SECTOR_SIZE: %d\n", wolfboot_sector_size);
     return 0;
 }
 
@@ -196,7 +222,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
         return -1;
 
     while ((ctx->off_b + BLOCK_HDR_SIZE < ctx->size_b) && (len > p_off + BLOCK_HDR_SIZE)) {
-        uintptr_t page_start = ctx->off_b / WOLFBOOT_SECTOR_SIZE;
+        uintptr_t page_start = ctx->off_b / wolfboot_sector_size;
         uintptr_t pa_start;
         found = 0;
         if (p_off + BLOCK_HDR_SIZE >  len)
@@ -210,14 +236,14 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
          * base for the sectors that have already been updated.
          */
 
-        pa_start = WOLFBOOT_SECTOR_SIZE  * page_start;
+        pa_start = wolfboot_sector_size  * page_start;
         pa = ctx->src_a + pa_start;
         while (((uintptr_t)(pa - ctx->src_a) < (uintptr_t)ctx->size_a) && (p_off < len)) {
             if ((uintptr_t)(ctx->size_a - (pa - ctx->src_a)) < BLOCK_HDR_SIZE)
                 break;
             if ((ctx->size_b - ctx->off_b) < BLOCK_HDR_SIZE)
                 break;
-            if ((WOLFBOOT_SECTOR_SIZE - (ctx->off_b % WOLFBOOT_SECTOR_SIZE)) < BLOCK_HDR_SIZE)
+            if ((wolfboot_sector_size - (ctx->off_b % wolfboot_sector_size)) < BLOCK_HDR_SIZE)
                 break;
             if ((memcmp(pa, (ctx->src_b + ctx->off_b), BLOCK_HDR_SIZE) == 0)) {
                 uintptr_t b_start;
@@ -238,7 +264,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
                         /* Stop matching if the source image size limit is hit. */
                         break;
                     }
-                    if ((b_start / WOLFBOOT_SECTOR_SIZE) < ((ctx->off_b + 1) / WOLFBOOT_SECTOR_SIZE)) {
+                    if ((b_start / wolfboot_sector_size) < ((ctx->off_b + 1) / wolfboot_sector_size)) {
                         /* Stop matching when the sector bound is hit. */
                         break;
                     }
@@ -262,7 +288,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
         }
         if (!found) {
             /* Try matching an earlier section in the resulting image */
-            uintptr_t pb_end = page_start * WOLFBOOT_SECTOR_SIZE;
+            uintptr_t pb_end = page_start * wolfboot_sector_size;
             pb = ctx->src_b;
             while (((uintptr_t)(pb - ctx->src_b) < pb_end) && (p_off < len)) {
                 /* Check image boundary */
@@ -274,7 +300,7 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
                 /* Don't try matching backwards if the distance between the two
                  * blocks is smaller than one sector.
                  */
-                if (WOLFBOOT_SECTOR_SIZE > (page_start * WOLFBOOT_SECTOR_SIZE)
+                if (wolfboot_sector_size > (page_start * wolfboot_sector_size)
                         - (pb - ctx->src_b))
                     break;
 
@@ -338,5 +364,6 @@ int wb_diff(WB_DIFF_CTX *ctx, uint8_t *patch, uint32_t len)
     }
     return (int)p_off;
 }
+#endif /* __WOLFBOOT */
 
 #endif /* DELTA_UPDATES */

tools/efi/compile_efi_linux.sh

@@ -4,6 +4,7 @@ WORK_DIR=/tmp/wolfBoot_efi
 BR_VER=2022.08.3
 BR_DIR=buildroot-$BR_VER
 IMAGE_DIR=$WORK_DIR/output
+. .config
 
 if (test ! -d $WORK_DIR);then
     mkdir -p $WORK_DIR
@@ -17,10 +18,7 @@ fi
 BR2_EXTERNAL=$(pwd)/tools/efi/br_ext_dir make -C $WORK_DIR/$BR_DIR tiny_defconfig O=$IMAGE_DIR
 make -C $WORK_DIR/$BR_DIR O=$IMAGE_DIR
 
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+SIGN_TOOL="./tools/keytools/sign"
 
 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 1
 $SIGN_TOOL --ed25519 $IMAGE_DIR/images/bzImage wolfboot_signing_private_key.der 2

tools/keytools/Makefile

@@ -177,25 +177,11 @@ endif
 
 .PHONY: clean all
 
-all: $(WOLFBOOTDIR)/include/target.h sign keygen
+all: sign keygen
 
 debug: CFLAGS+=$(DEBUG_FLAGS)
 debug: all
 
-# Target.h is required for key tools
-$(WOLFBOOTDIR)/include/target.h: $(WOLFBOOTDIR)/include/target.h.in
-	@cat $(WOLFBOOTDIR)/include/target.h.in | \
-	sed -e "s/@WOLFBOOT_PARTITION_SIZE@/$(WOLFBOOT_PARTITION_SIZE)/g" | \
-	sed -e "s/@WOLFBOOT_SECTOR_SIZE@/$(WOLFBOOT_SECTOR_SIZE)/g" | \
-	sed -e "s/@WOLFBOOT_PARTITION_BOOT_ADDRESS@/$(WOLFBOOT_PARTITION_BOOT_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_PARTITION_UPDATE_ADDRESS@/$(WOLFBOOT_PARTITION_UPDATE_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_PARTITION_SWAP_ADDRESS@/$(WOLFBOOT_PARTITION_SWAP_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_DTS_BOOT_ADDRESS@/$(WOLFBOOT_DTS_BOOT_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_DTS_UPDATE_ADDRESS@/$(WOLFBOOT_DTS_UPDATE_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_LOAD_ADDRESS@/$(WOLFBOOT_LOAD_ADDRESS)/g" | \
-	sed -e "s/@WOLFBOOT_LOAD_DTS_ADDRESS@/$(WOLFBOOT_LOAD_DTS_ADDRESS)/g" \
-		> $@
-
 # build objects
 $(OBJDIR)/%.o: %.c
 	$(Q)$(CC) $(CFLAGS) -c -o $@ $<

tools/keytools/sign.c

@@ -42,9 +42,6 @@
 #include <fcntl.h>
 #include <stddef.h>
 #include <inttypes.h>
-/* target.h is a generated file based on .config (see target.h.in)
- * Provides: WOLFBOOT_SECTOR_SIZE */
-#include <target.h>
 #include <delta.h>
 
 #include "wolfboot/version.h"

tools/scripts/nrf5340/build_flash.sh

@@ -15,6 +15,9 @@
 # Build dela update version 3 and flash to external (also reprograms internal flash)
 # ./tools/scripts/nrf5340/build_flash.sh --delta
 
+#import config for IMAGE_HEADER_SIZE and WOLFBOOT_SECTOR_SIZE
+. config/examples/nrf5340.config
+
 # Defaults
 MAKE_ARGS=" DEBUG_SYMBOLS=1"
 DO_CLEAN=0
@@ -28,6 +31,8 @@ DO_PROGRAM_EXT=0
 DO_DELTA=0
 UPDATE_VERSION=1
 
+SIGN_ENV=IMAGE_HEADER_SIZE=$IMAGE_HEADER_SIZE WOLFBOOT_SECTOR_SIZE=$WOLFBOOT_SECTOR_SIZE
+SIGN_TOOL=tools/keytools/sign
 SIGN_ARGS="--ecc384 --sha384"
 #SIGN_ARGS="--ecc256 --sha256"
 
@@ -161,8 +166,8 @@ fi
 
 if [[ $DO_UPDATE == 1 ]]; then
   # Sign flash update for testing (for network partition using --id 2)
-  tools/keytools/sign $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
-  tools/keytools/sign $SIGN_ARGS        tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
+  $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
+  $SIGN_ENV $SIGN_TOOL $SIGN_ARGS        tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
 
   # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING):
   echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin
@@ -177,8 +182,8 @@ fi
 
 if [[ $DO_DELTA == 1 ]]; then
   # Sign flash update for testing (for network partition using --id 2) delta between v1 and v3
-  tools/keytools/sign $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
-  tools/keytools/sign $SIGN_ARGS        --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
+  $SIGN_ENV $SIGN_TOOL $SIGN_ARGS --id 2 --delta tools/scripts/nrf5340/image_net_v1_signed.bin tools/scripts/nrf5340/image_net.bin wolfboot_signing_private_key.der $UPDATE_VERSION
+  $SIGN_ENV $SIGN_TOOL $SIGN_ARGS        --delta tools/scripts/nrf5340/image_app_v1_signed.bin tools/scripts/nrf5340/image_app.bin wolfboot_signing_private_key.der $UPDATE_VERSION
 
   # Create a bin footer with wolfBoot trailer "BOOT" and "p" (ASCII for 0x70 == IMG_STATE_UPDATING):
   echo -n "pBOOT" > tools/scripts/nrf5340/trigger_magic.bin

tools/scripts/prepare_update.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+. .config
+SIGN_TOOL="./tools/keytools/sign"
 
 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
 SIZE=131067

tools/scripts/prepare_update_l5.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+. ./.config
+SIGN_TOOL="./tools/keytools/sign"
 
 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
 SIZE=129019

tools/scripts/prepare_update_l5_dualbank.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+. .config
+echo IMAGE_HEADER_SIZE= $IMAGE_HEADER_SIZE
+echo WOLFBOOT_SECTOR_SIZE= $WOLFBOOT_SECTOR_SIZE
+SIGN_TOOL="./tools/keytools/sign"
 
 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
 SIZE=229371

tools/scripts/prepare_update_u5.sh

@@ -1,9 +1,6 @@
 #!/bin/bash
-
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+. .config
+SIGN_TOOL="./tools/keytools/sign"
 
 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
 SIZE=131067

tools/scripts/prepare_update_u5_dualbank.sh

@@ -1,9 +1,7 @@
 #!/bin/bash
 
-SIGN_TOOL="python3 ./tools/keytools/sign.py"
-if [ -f "./tools/keytools/sign" ]; then
-    SIGN_TOOL="./tools/keytools/sign"
-fi
+. .config
+SIGN_TOOL="./tools/keytools/sign"
 
 # SIZE is WOLFBOOT_PARTITION_SIZE - 5
 SIZE=229371

tools/test-delta.mk

@@ -26,9 +26,9 @@ test-delta-update: distclean factory.bin test-app/image.bin tools/uart-flash-ser
 	@st-flash erase || st-flash erase
 	@rm -f zero.bin
 	@diff .config config/examples/stm32wb-delta.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta.config to .config to run this test\n\n" && exit 1)
-	$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
+	$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
 		$(PRIVATE_KEY) 7
-	$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
+	$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
 		$(PRIVATE_KEY) 2
 	@st-flash write factory.bin 0x08000000
 	@echo Expecting version '1'
@@ -79,7 +79,7 @@ test-delta-update-ext: distclean factory.bin test-app/image.bin tools/uart-flash
 	@st-flash erase || st-flash erase
 	@rm -f zero.bin
 	@diff .config config/examples/stm32wb-delta-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-ext.config to .config to run this test\n\n" && exit 1)
-	$(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
+	$(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin test-app/image.bin \
 		$(PRIVATE_KEY) 7
 	@(tools/uart-flash-server/ufserver test-app/image_v7_signed_diff.bin $(USBTTY))&
 	@st-flash reset
@@ -121,7 +121,7 @@ test-delta-enc-update-ext: distclean factory.bin test-app/image.bin tools/uart-f
 	   @st-flash erase || st-flash erase
 	   @rm -f zero.bin
 	   @diff .config config/examples/stm32wb-delta-enc-ext.config || (echo "\n\n*** Error: please copy config/examples/stm32wb-delta-enc-ext.config to .config to run this test\n\n" && exit 1)
-	   $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \
+	   $(SIGN_ENV) $(SIGN_TOOL) $(SIGN_ARGS) --delta test-app/image_v1_signed.bin \
 	           $(ENCRYPT_STRING) --encrypt /tmp/enc_key.der \
 	           test-app/image.bin \
 	           $(PRIVATE_KEY) 7