Added support for custom-tlv-string

[notronrj]

Added the ability to create a custom-tlv using an ASCII string to the keytools/sign tool.

Example usage:

sign --custom-tlv-string 0x0030 "0.99.910(6)" --no-sign --sha256 ${projectBaseDir}/release/zephyr.bin 6

This will create a custom TLV tag as if you'd used --custom-tlv-buffer 0x0030 302E39392E393130283629 Tag: 0030 Len: 11 Val: 302E39392E393130283629

The above invocation of the sign tool generates the following header in the binary:

Showing that the two commands are equivalent see the following:

Invocation: sign --custom-tlv-string 0x0030 "0.99.910(6)" --custom-tlv-buffer 0x0031 302E39392E393130283629 --no-sign --sha256 ${projectBaseDir}/release/zephyr.bin 6

Custom TLVS: 2
TLV 0
----
Tag: 0030 Len: 11 Val: 302E39392E393130283629
-----
TLV 1
----
Tag: 0031 Len: 11 Val: 302E39392E393130283629
-----

And the resulting header in the binary:

Note: This PR came out of a support ticket at https://wolfssl.zendesk.com/hc/en-us/requests/17637

[dgarske]

Contributor agreement approved. @danielinux over to you.

[notronrj]

Looks good to me. I was able to test using ./tools/keytools/sign --custom-tlv-string 0x0030 "0.99.910(6)" --no-sign --sha256 test-app/image.bin 6. It would be nice to have documentation added to docs/Signing.md. It would also be nice to have a test case added to .github/workflows/test-custom-tlv-simulator.yml. Over to @danielinux to finalize.

I updated the documentation. I hope you don't mind.

[dgarske]

Looks good to me. I was able to test using ./tools/keytools/sign --custom-tlv-string 0x0030 "0.99.910(6)" --no-sign --sha256 test-app/image.bin 6. It would be nice to have documentation added to docs/Signing.md. It would also be nice to have a test case added to .github/workflows/test-custom-tlv-simulator.yml. Over to @danielinux to finalize.

I updated the documentation. I hope you don't mind.

Thank you so much!

[danielinux]

@notronrj this looks good! Thanks for taking the time to update the doc as well!

I think we should also add a non-regression test to the github workflow:

--- a/.github/workflows/test-keytools.yml
+++ b/.github/workflows/test-keytools.yml
@@ -264,3 +264,8 @@ jobs:
           ./tools/keytools/sign --ecc256 --sha256 --custom-tlv-buffer 0x46 48656C6C6F20776F726C64 test-app/image.elf wolfboot_signing_private_key.der 3
           grep "Hello world" test-app/image_v3_signed.bin

+      - name: Sign app with custom string TLV included
+        run: |
+          ./tools/keytools/sign --ecc256 --sha256 --custom-tlv-string 0x46 "Hello world" test-app/image.elf wolfboot_signing_private_key.der 3
+          grep "Hello world" test-app/image_v3_signed.bin
+

[edit: updated patch to include Tag]

[danielinux]

@notronrj could you please add a commit with the added test in the github workflow ?

[notronrj]

@danielinux taking care of that now.

I'm having an issue pushing the github workflow commit. See below.

The error is: ! [remote rejected] custom-tlv-string -> custom-tlv-string (refusing to allow a Personal Access Token to create or update workflow .github/workflows/test-keytools.yml without workflow scope) error: failed to push some refs to 'https://github.com/notronrj/wolfBoot.git'

tact@zephyr:~/development/wolfBoot$ git log commit ec8e537ee424f755c857964df29d533f6fdb1677 (HEAD -> custom-tlv-string) Author: Jim Norton jnorton@transact-tech.com Date: Thu Apr 4 10:34:31 2024 -0400

Added custom-tlv-string non-regression test to github workflows

What am I missing?

Thank you.

[notronrj]

@danielinux I fixed my git workflow issue. My personal access token didn't have workflow set. See, you learn something new everyday!

[notronrj]

@dgarske @danielinux Non-regression tests seem to be hung?

[notronrj]

Thank you all for accepting the PR.

[danielinux]

Thank you!