Skip to content

Commit

Permalink
add command sequence to AURIX README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
bigbrett committed Dec 3, 2024
1 parent 8c130a2 commit 04682a0
Showing 1 changed file with 50 additions and 0 deletions.
50 changes: 50 additions & 0 deletions IDE/AURIX/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ This example demonstrates using wolfBoot on the Infineon AURIX TC3xx family of m
- [Load and run the wolfBoot demo in TRACE32](#load-and-run-the-wolfboot-demo-in-trace32)
- [wolfHSM Compatibility](#wolfhsm-compatibility)
- [Building wolfBoot with wolfHSM](#building-wolfboot-with-wolfhsm)
- [Building: Command Sequence](#building-command-sequence)
- [Troubleshooting](#troubleshooting)
- [WSL "bad interpreter" error](#wsl-bad-interpreter-error)
- [Post Quantum: ML-DSA](#post-quantum-ml-dsa)
Expand Down Expand Up @@ -276,6 +277,55 @@ IDE/AURIX/wolfHSM-infineon-tc3xx/
3. Provide the `--hsm` global option to the `wbaurixtool.sh` script when invoking it, so the wolfHSM projects are used instead of the standard wolfBoot projects
4. If using the default build options in [wolfBoot-tc3xx-wolfHSM](./wolfBoot-tc3xx-wolfHSM/), wolfBoot will expect the public key for image verification to be stored at a specific keyId for the wolfBoot client ID. You can use [whnvmtool](https://github.com/wolfSSL/wolfHSM/tree/main/tools/whnvmtool) to generate a loadable NVM image that contains the required keys automatically via `wbaurixtool.sh` through the `nvm` subcommand. This generates an NVM image containing the generated image signing key based on the [wolfBoot-wolfHSM-keys.nvminit](../../tools/scripts/tc3xx/wolfBoot-wolfHSM-keys.nvminit) configuration file, which can then be loaded to the device via a flash programming tool. See the `whnvmtool` documentation and the documentation included in your wolfHSM AURIX release for more details. Note: if you want to use the standard wolfBoot keystore functionality in conjunction with wolfHSM for testing purposes (doesn't require pre-loading keys on the HSM) you can configure wolfBoot to send the keys to the HSM on-the-fly as ephemeral keys. To do this, ensure `WOLFBOOT_USE_WOLFHSM_PUBKEY_ID` is **NOT** defined, and add the `--localkeys` argument to then `./wbaurixtool.sh keygen` command, which invokes the `keygen` tool without the default `--nolocalkeys` option.

## Building: Command Sequence

The following pseudo command sequence shows a brief overview of the commands needed to build wolfBoot on AURIX (optionally with wolfHSM). The signature and hashing algorithms used in the example are ECC 256 and SHA 256 and specified explicitly for clarity. Note that these algorithms are the default, so do not need to be explicitly specified. Optional arguments are shown in square brackets (e.g. if targeting wolfHSM, the `--hsm` option must be provided as a global option to `wbaurixtool.sh`).

```sh
# Navigate to wolfBoot directory
WOLFBOOT_DIR=/path/to/wolfBoot
SCRIPTS_DIR=$WOLFBOOT_DIR/tools/scripts/tc3xx
cd $WOLFBOOT_DIR

# Copy source files to appropriate location as listed in the steps above
# ...

# Start with a clean build
make clean && make keysclean && cd $WOLFBOOT_DIR/tools/keytools && make clean
cd $SCRIPTS_DIR && ./aurixtool.sh clean
# Delete any build artifacts in wolfBoot-tc3xx (or wolfBoot-tc3xx-wolfHSM) and test-app (or test-app-wolfHSM) AURIX Studio projects
# ...

# Make keytools (NOTE: THIS OVERRIDES TARGET.H WITH SIM VALUES)
cd $WOLFBOOT_DIR
make keytools


# Generate target.h
cd $SCRIPTS_DIR
./aurixtool.sh target

# Generate keys, as well as configuration macros and linker script based on the selected signature algorithm
./aurixtool.sh [--hsm] keygen --sign-algo ecc256 --hash-algo sha256 macros lcf

# If using wolfHSM, generate key NVM image
./aurixtool.sh nvm
# Load NVM image hexfile to the device
# ...

# Build wolfHSM AURIX Studio project
# ....

# Build test-app AURIX Studio project
# ....

# Sign test app
./aurixtool.sh [--hsm] sign --sign-algo ecc256 --hash-algo sha256 [--debug]

# Load wolfBoot + app in Lauterbach using tools/scripts/tc3xx/wolfBoot-loadAll-XXX.cmm
# ...
```

## Troubleshooting

### WSL "bad interpreter" error
Expand Down

0 comments on commit 04682a0

Please sign in to comment.