Skip to content

Commit

Permalink
Merge pull request #8488 from dgarske/stm32h7s
Browse files Browse the repository at this point in the history 
Support for STM32H7S (tested on NUCLEO-H7S3L8)
  • Loading branch information
@SparkiDev
SparkiDev authored Feb 27, 2025
2 parents a0d6afb + 557abcf commit 0a6a851
Show file tree
Hide file tree
Showing 10 changed files with 259 additions and 54 deletions.
1 change: 1 addition & 0 deletions .wolfssl_known_macro_extras
View file
Original file line number Diff line number Diff line change
Expand Up @@ -460,6 +460,7 @@ STM32H723xx
STM32H725xx
STM32H743xx
STM32H753xx
STM32H7S3xx
STM32L475xx
STM32L4A6xx
STM32L552xx
Expand Down
29 changes: 19 additions & 10 deletions IDE/STM32Cube/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,30 +15,34 @@ You need both the STM32 IDE and the STM32 initialization code generator (STM32Cu
* STM32CubeIDE: Integrated Development Environment for STM32 [https://www.st.com/en/development-tools/stm32cubeide.html](https://www.st.com/en/development-tools/stm32cubeide.html)
* STM32CubeMX: STM32Cube initialization code generator [https://www.st.com/en/development-tools/stm32cubemx.html](https://www.st.com/en/development-tools/stm32cubemx.html)

## STM32 Cube Pack
## STM32 Cube Pack Install

### STM32 Cube Pack Installation
The STM32 Cube packs are integrated into the STM32CubeIDE and STM32CubeMX tools. You will find packs for wolfSSL, wolfSSH, wolfTPM and wolfMQTT.

If you need to manually install a Cube Pack you can do the following:

1. Download [wolfSSL Cube Pack](https://www.wolfssl.com/files/ide/I-CUBE-wolfSSL.pack)
2. Run the STM32CubeMX tool.
3. Under Manage software installations pane on the right, click INSTALL/REMOVE button. This can be also found by clicking "Help" -> "Managed embedded software packages"
4. From Local and choose I-CUBE-wolfSSL.pack.
2. Run the "STM32CubeMX" tool.
3. Under "Manage software installations" pane on the right, click "INSTALL/REMOVE" button. This can be also found by clicking "Help" -> "Managed embedded software packages"
4. From Local and choose "I-CUBE-wolfSSL.pack".
5. Accept the GPLv2 license. Contact wolfSSL at [email protected] for a commercial license and support/maintenance.

### STM32 Cube Pack Usage

1. Create or open a Cube Project based on your hardware. See the sections below for creating a project and finding the example projects.
2. Under Software Packs choose Select Components.
2. Under "Software Packs" choose "Select Components".
3. Find and check all components for the wolfSSL.wolfSSL packs (wolfSSL / Core, wolfCrypt / Core and wolfCrypt / Test). Close
4. Under the “Software Packs” section click on “wolfSSL.wolfSSL” and configure the parameters.
5. For Cortex-M recommend “Math Configuration” -> “Single Precision Cortex-M Math” for the fastest option. If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because r7 is used for debug.
4. Under the "Software Packs" section click on "wolfSSL.wolfSSL" and configure the parameters.
5. For Cortex-M recommend "Math Configuration" -> "Single Precision Cortex-M Math" for the fastest option.
- If seeing `error: r7 cannot be used in 'asm` add `-fomit-frame-pointer` to the CFLAGS. This only happens in debug builds, because `r7` is used for debug.
6. Hit the "Generate Code" button
7. Open the project in STM32CubeIDE
8. The Benchmark example uses float. To enable go to "Project Properties" -> "C/C++ Build" -> "Settings" -> "Tool Settings" -> "MCU Settings" -> Check "Use float with printf".
9. To enable printf make the `main.c` changes below in the [STM32 Printf](#stm32-printf) section.


**Note:** The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
**Notes:**
* The STM32MP13 will likely require you to use DDR RAM, as well as enabling MMU and caches for optimum performance. Please see the `STM32MP13.md` file in `wolfcrypt/src/port/st` for more information on how to do this.
* The STM32H7S only has 64KB of onboard flash. Customers typically use an external SPI NOR flash with XIP. The `Template_XIP_Boot` project is flashed to onboard and it starts up the SPI Flash with XIP and loads the application. To use this you need to make sure the option byte `XSPI2_HSLB` is set to enable XSPIM_P2 high speed support, otherwise the MX_EXTMEM_MANAGER_Init() will timeout and fail.

### Creating your own STM32CubeMX configuration

Expand Down Expand Up @@ -89,6 +93,7 @@ The section for "Hardware platform" may need to be adjusted depending on your pr
* To enable STM32L4 support define `WOLFSSL_STM32L4`.
* To enable STM32L5 support define `WOLFSSL_STM32L5`.
* To enable STM32H7 support define `WOLFSSL_STM32H7`.
* To enable STM32H7S support define `WOLFSSL_STM32H7S`.
* To enable STM32WB support define `WOLFSSL_STM32WB`.
* To enable STM32WL support define `WOLFSSL_STM32WL`.
* To enable STM32U5 support define `WOLFSSL_STM32U5`.
Expand All @@ -110,6 +115,10 @@ To enable the latest Cube HAL support please define `STM32_HAL_V2`.

If you'd like to use the older Standard Peripheral library undefine `WOLFSSL_STM32_CUBEMX`.

## Workarounds

### STM32F7 AES GCM with pack v1.17.0 or older

With STM32 Cube HAL v2 some AES GCM hardware has a limitation for the AAD header, which must be a multiple of 4 bytes. If your HAL does not support `CRYP_HEADERWIDTHUNIT_BYTE` then consider adding `STM32_AESGCM_PARTIAL` if you are getting AES GCM authentication failures. This bug existed in v1.16.0 or later.

The STM32F7 v1.17.0 pack has a bug in the AES GCM code for handling of additional authentication data when not a multiple of 4 bytes. To patch see `stm32f7xx_hal_cryp.c` -> `CRYP_GCMCCM_SetHeaderPhase`:
Expand Down
150 changes: 143 additions & 7 deletions IDE/STM32Cube/STM32_Benchmarks.md
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
# STM Benchmarks

* [STM32H753ZI](#stm32h753zi)
* [STM32WB55](#stm32wb55)
* [STM32WL55](#stm32wl55)
* [STM32F437](#stm32f437)
* [STM32F777](#stm32f777)
* [STM32G071RB](#stm32g071rb)
* [STM32H563ZI](#stm32h563zi)
* [STM32H753ZI](#stm32h753zi)
* [STM32H7S3](#stm32h7s3)
* [STM32L4A6Z](#stm32l4a6z)
* [STM32L562E](#stm32l562e)
* [STM32F777](#stm32f777)
* [STM32U585](#stm32u585)
* [STM32H563ZI](#stm32h563zi)
* [STM32G071RB](#stm32g071rb)

* [STM32WB55](#stm32wb55)
* [STM32WL55](#stm32wl55)

## STM32H753ZI

Expand Down Expand Up @@ -172,6 +172,142 @@ Benchmark Test: Return code 0
```
## STM32H7S3
Supports RNG, PKA ECC P-256, AES-GCM/CCM/CTR/CBC and SHA-1/2 acceleration.
Board: NUCLEO-H7S3L8
CPU: Cortex-M7 at 600 MHz
IDE: STM32CubeIDE
RTOS: Bare-metal
### STM32H7S3 (-Os, HW Crypto (AES/HASH/PKA), WOLF_CONF_MATH=3 (sp_c32.c))
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 2 MiB took 1.004 seconds, 1.897 MiB/s
AES-128-CBC-enc 16 MiB took 1.000 seconds, 15.747 MiB/s
AES-128-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-192-CBC-enc 16 MiB took 1.000 seconds, 15.723 MiB/s
AES-192-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-256-CBC-enc 16 MiB took 1.000 seconds, 15.698 MiB/s
AES-256-CBC-dec 16 MiB took 1.000 seconds, 15.527 MiB/s
AES-128-GCM-enc 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-128-GCM-dec 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-192-GCM-enc 1 MiB took 1.008 seconds, 1.041 MiB/s
AES-192-GCM-dec 1 MiB took 1.012 seconds, 1.037 MiB/s
AES-256-GCM-enc 1 MiB took 1.016 seconds, 1.033 MiB/s
AES-256-GCM-dec 1 MiB took 1.016 seconds, 1.033 MiB/s
AES-128-GCM-enc-no_AAD 1 MiB took 1.004 seconds, 1.046 MiB/s
AES-128-GCM-dec-no_AAD 1 MiB took 1.000 seconds, 1.050 MiB/s
AES-192-GCM-enc-no_AAD 1 MiB took 1.000 seconds, 1.050 MiB/s
AES-192-GCM-dec-no_AAD 1 MiB took 1.019 seconds, 1.054 MiB/s
AES-256-GCM-enc-no_AAD 1 MiB took 1.004 seconds, 1.046 MiB/s
AES-256-GCM-dec-no_AAD 1 MiB took 1.008 seconds, 1.041 MiB/s
GMAC Table 4-bit 2 MiB took 1.000 seconds, 1.716 MiB/s
CHACHA 32 MiB took 1.000 seconds, 31.714 MiB/s
CHA-POLY 15 MiB took 1.000 seconds, 15.308 MiB/s
POLY1305 58 MiB took 1.000 seconds, 57.861 MiB/s
SHA-256 88 MiB took 1.000 seconds, 88.062 MiB/s
HMAC-SHA256 83 MiB took 1.000 seconds, 83.032 MiB/s
RSA 2048 public 352 ops took 1.000 sec, avg 2.841 ms, 352.000 ops/sec
RSA 2048 private 6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
DH 2048 key gen 15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
DH 2048 agree 16 ops took 1.113 sec, avg 69.563 ms, 14.376 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.008 sec, avg 16.800 ms, 59.524 ops/sec
ECDSA [ SECP256R1] 256 sign 106 ops took 1.008 sec, avg 9.509 ms, 105.159 ops/sec
ECDSA [ SECP256R1] 256 verify 100 ops took 1.011 sec, avg 10.110 ms, 98.912 ops/sec
```
### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=6 (sp_int.c))
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 4 MiB took 1.000 seconds, 3.516 MiB/s
AES-128-CBC-enc 425 KiB took 1.027 seconds, 413.827 KiB/s
AES-128-CBC-dec 425 KiB took 1.016 seconds, 418.307 KiB/s
AES-192-CBC-enc 350 KiB took 1.015 seconds, 344.828 KiB/s
AES-192-CBC-dec 350 KiB took 1.020 seconds, 343.137 KiB/s
AES-256-CBC-enc 300 KiB took 1.015 seconds, 295.567 KiB/s
AES-256-CBC-dec 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-128-GCM-enc 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec 375 KiB took 1.062 seconds, 353.107 KiB/s
AES-192-GCM-enc 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc 275 KiB took 1.047 seconds, 262.655 KiB/s
AES-256-GCM-dec 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-128-GCM-enc-no_AAD 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec-no_AAD 375 KiB took 1.062 seconds, 353.107 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-256-GCM-dec-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
GMAC Table 4-bit 8 MiB took 1.000 seconds, 8.456 MiB/s
CHACHA 51 MiB took 1.000 seconds, 50.879 MiB/s
CHA-POLY 27 MiB took 1.000 seconds, 27.100 MiB/s
POLY1305 165 MiB took 1.000 seconds, 164.990 MiB/s
SHA-256 16 MiB took 1.000 seconds, 16.382 MiB/s
HMAC-SHA256 16 MiB took 1.000 seconds, 16.187 MiB/s
RSA 2048 public 358 ops took 1.004 sec, avg 2.804 ms, 356.574 ops/sec
RSA 2048 private 6 ops took 1.004 sec, avg 167.333 ms, 5.976 ops/sec
DH 2048 key gen 15 ops took 1.027 sec, avg 68.467 ms, 14.606 ops/sec
DH 2048 agree 16 ops took 1.094 sec, avg 68.375 ms, 14.625 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.015 sec, avg 16.917 ms, 59.113 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDSA [ SECP256R1] 256 sign 48 ops took 1.008 sec, avg 21.000 ms, 47.619 ops/sec
ECDSA [ SECP256R1] 256 verify 28 ops took 1.019 sec, avg 36.393 ms, 27.478 ops/sec
```
### STM32H7S3 (-Os, No HW Crypto, WOLF_CONF_ARMASM=1, WOLF_CONF_MATH=3 (sp_c32.c))
```
------------------------------------------------------------------------------
wolfSSL version 5.7.6
------------------------------------------------------------------------------
wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each)
RNG 4 MiB took 1.004 seconds, 3.939 MiB/s
AES-128-CBC-enc 425 KiB took 1.028 seconds, 413.424 KiB/s
AES-128-CBC-dec 425 KiB took 1.019 seconds, 417.076 KiB/s
AES-192-CBC-enc 350 KiB took 1.016 seconds, 344.488 KiB/s
AES-192-CBC-dec 350 KiB took 1.016 seconds, 344.488 KiB/s
AES-256-CBC-enc 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-256-CBC-dec 300 KiB took 1.012 seconds, 296.443 KiB/s
AES-128-GCM-enc 375 KiB took 1.066 seconds, 351.782 KiB/s
AES-128-GCM-dec 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-192-GCM-enc 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-192-GCM-dec 300 KiB took 1.003 seconds, 299.103 KiB/s
AES-256-GCM-enc 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-256-GCM-dec 275 KiB took 1.051 seconds, 261.656 KiB/s
AES-128-GCM-enc-no_AAD 375 KiB took 1.067 seconds, 351.453 KiB/s
AES-128-GCM-dec-no_AAD 375 KiB took 1.066 seconds, 351.782 KiB/s
AES-192-GCM-enc-no_AAD 300 KiB took 1.000 seconds, 300.000 KiB/s
AES-192-GCM-dec-no_AAD 300 KiB took 1.004 seconds, 298.805 KiB/s
AES-256-GCM-enc-no_AAD 275 KiB took 1.047 seconds, 262.655 KiB/s
AES-256-GCM-dec-no_AAD 275 KiB took 1.051 seconds, 261.656 KiB/s
GMAC Table 4-bit 8 MiB took 1.000 seconds, 8.439 MiB/s
CHACHA 51 MiB took 1.000 seconds, 51.147 MiB/s
CHA-POLY 28 MiB took 1.000 seconds, 27.588 MiB/s
POLY1305 168 MiB took 1.000 seconds, 168.140 MiB/s
SHA-256 16 MiB took 1.000 seconds, 16.333 MiB/s
HMAC-SHA256 16 MiB took 1.000 seconds, 16.016 MiB/s
RSA 2048 public 360 ops took 1.004 sec, avg 2.789 ms, 358.566 ops/sec
RSA 2048 private 6 ops took 1.008 sec, avg 168.000 ms, 5.952 ops/sec
DH 2048 key gen 15 ops took 1.050 sec, avg 70.000 ms, 14.286 ops/sec
DH 2048 agree 16 ops took 1.098 sec, avg 68.625 ms, 14.572 ops/sec
ECC [ SECP256R1] 256 key gen 60 ops took 1.016 sec, avg 16.933 ms, 59.055 ops/sec
ECDHE [ SECP256R1] 256 agree 60 ops took 1.012 sec, avg 16.867 ms, 59.289 ops/sec
ECDSA [ SECP256R1] 256 sign 48 ops took 1.012 sec, avg 21.083 ms, 47.431 ops/sec
ECDSA [ SECP256R1] 256 verify 28 ops took 1.020 sec, avg 36.429 ms, 27.451 ops/sec
```
## STM32WB55
Supports RNG, ECC P-256, AES-CBC and SHA-256 acceleration.
Expand Down
39 changes: 25 additions & 14 deletions IDE/STM32Cube/default_conf.ftl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,12 @@ extern ${variable.value} ${variable.name};
#undef NO_STM32_CRYPTO
#define STM32_HAL_V2
#define HAL_CONSOLE_UART huart3
#elif defined(STM32H7S3xx)
#define WOLFSSL_STM32H7S
#undef NO_STM32_HASH
#undef NO_STM32_CRYPTO
#define WOLFSSL_STM32_PKA
#define HAL_CONSOLE_UART huart3
#elif defined(STM32H753xx)
#define WOLFSSL_STM32H7
#undef NO_STM32_HASH
Expand Down Expand Up @@ -326,6 +332,10 @@ extern ${variable.value} ${variable.name};
#if defined(WOLF_CONF_DTLS) && WOLF_CONF_DTLS == 1
#define WOLFSSL_DTLS
#endif
#if defined(WOLF_CONF_DTLS13) && WOLF_CONF_DTLS13 == 1
#define WOLFSSL_DTLS13
#define WOLFSSL_SEND_HRR_COOKIE
#endif
#if defined(WOLF_CONF_PSK) && WOLF_CONF_PSK == 0
#define NO_PSK
#endif
Expand Down Expand Up @@ -575,25 +585,25 @@ extern ${variable.value} ${variable.name};
/* NOTE: this is after the hashing section to override the potential SHA3 undef
* above. */
#if defined(WOLF_CONF_KYBER) && WOLF_CONF_KYBER == 1
#undef WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_EXPERIMENTAL_SETTINGS
#undef WOLFSSL_EXPERIMENTAL_SETTINGS
#define WOLFSSL_EXPERIMENTAL_SETTINGS

#undef WOLFSSL_HAVE_KYBER
#define WOLFSSL_HAVE_KYBER
#undef WOLFSSL_HAVE_KYBER
#define WOLFSSL_HAVE_KYBER

#undef WOLFSSL_WC_KYBER
#define WOLFSSL_WC_KYBER
#undef WOLFSSL_WC_KYBER
#define WOLFSSL_WC_KYBER

#undef WOLFSSL_NO_SHAKE128
#undef WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE128
#undef WOLFSSL_NO_SHAKE128
#undef WOLFSSL_SHAKE128
#define WOLFSSL_SHAKE128

#undef WOLFSSL_NO_SHAKE256
#undef WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE256
#undef WOLFSSL_NO_SHAKE256
#undef WOLFSSL_SHAKE256
#define WOLFSSL_SHAKE256

#undef WOLFSSL_SHA3
#define WOLFSSL_SHA3
#undef WOLFSSL_SHA3
#define WOLFSSL_SHA3
#endif /* WOLF_CONF_KYBER */

/* ------------------------------------------------------------------------- */
Expand All @@ -608,6 +618,7 @@ extern ${variable.value} ${variable.name};
#define WOLFSSL_ARMASM_INLINE
#define WOLFSSL_ARMASM_NO_HW_CRYPTO
#define WOLFSSL_ARMASM_NO_NEON
#define WOLFSSL_ARMASM_THUMB2
#define WOLFSSL_ARM_ARCH 7
/* Disable H/W offloading if accelerating S/W crypto */
#undef NO_STM32_HASH
Expand Down
Loading

0 comments on commit 0a6a851

Please sign in to comment.