1 (edited by windyMk92 2020-03-29 22:47:37)

Topic: Import error: libwolfssl.so - No such file or directory/ SMT32F7

Hi everyone,

I'm new to this wonderful wolfBoot. I'm very keen on using this with my new project on STM32F7. But every time I tried to build it on window, some weird error occurred. To be honest i'm not so familiar with using Cygwin/Msys2 to build library on window OS.
Last time I tried build it on Ubuntu, everything seem to be good until an error appear:

Traceback (most recent call last):
  File "tools/keytools/keygen.py", line 25, in <module>
    from wolfcrypt import ciphers
  File "/usr/local/lib/python3.6/dist-packages/wolfcrypt/ciphers.py", line 23, in <module>
    from wolfcrypt._ffi import ffi as _ffi
ImportError: libwolfssl.so.24: cannot open shared object file: No such file or directory
Makefile:220: recipe for target 'ed25519.der' failed
make: *** [ed25519.der] Error 1

Ofcourse, it's my mistake. But could you, anyone, please guide me step by step how to build/ make this bootloader on window/ ubuntu OS.
Thank in advance.

Share

Re: Import error: libwolfssl.so - No such file or directory/ SMT32F7

Hi windyMk92,

The error you are seeing is because the wolfSSL library is missing --enable-ed25519. See the instructions for setting up the Python signing tool here:
https://github.com/wolfSSL/wolfBoot/blo … ll-python3

Interestingly we also just merged in a pure C version of the signing tool along with a visual studio project in tools/keytools. See the section here: https://github.com/wolfSSL/wolfBoot/blo … gning-tool

Thanks,
David Garske, wolfSSL

Share

Re: Import error: libwolfssl.so - No such file or directory/ SMT32F7

Hi David,

Thanks for you response. But I believe that I enabled --enable-ed25519.
I also followed the instructions on github and used this command:

rocky92@ubuntu:~/wolfssl$

 ./configure --enable-keygen --enable-rsa --enable-ecc --enable-ed25519 --enable-des3 CFLAGS="-DWOLFSSL_PUBLIC_MP" --enable-all

Here is what I got:

---
Configuration summary for wolfssl version 4.3.0

   * Installation prefix:        /usr/local
   * System type:                pc-linux-gnu
   * Host CPU:                   x86_64
   * C Compiler:                 gcc
   * C Flags:                    -DWOLFSSL_PUBLIC_MP   -Werror -Wno-pragmas -Wall -Wno-strict-aliasing -Wextra -Wunknown-pragmas --param=ssp-buffer-size=1 -Waddress -Warray-bounds -Wbad-function-cast -Wchar-subscripts -Wcomment -Wfloat-equal -Wformat-security -Wformat=2 -Wmaybe-uninitialized -Wmissing-field-initializers -Wmissing-noreturn -Wmissing-prototypes -Wnested-externs -Wnormalized=id -Woverride-init -Wpointer-arith -Wpointer-sign -Wredundant-decls -Wshadow -Wsign-compare -Wstrict-overflow=1 -Wswitch-enum -Wundef -Wunused -Wunused-result -Wunused-variable -Wwrite-strings -fwrapv
   * C++ Compiler:               
   * C++ Flags:                  
   * CPP Flags:                  
   * CCAS Flags:                 -DWOLFSSL_PUBLIC_MP  
   * LIB Flags:                   -pie -z relro -z now -Werror 
   * Debug enabled:              no
   * Coverage enabled:           
   * Warnings as failure:        yes
   * make -j:                    2
   * VCS checkout:               yes

   Features 
   * Single threaded:            no
   * Filesystem:                 yes
   * OpenSSH Build:              yes
   * OpenSSL Extra API:          yes
   * OpenSSL Coexist:            no
   * Old Names:                  no
   * Max Strength Build:         no
   * Distro Build:               no
   * fastmath:                   yes
   * Assembly Allowed:           yes
   * sniffer:                    no
   * snifftest:                  no
   * ARC4:                       yes
   * AES:                        yes
   * AES-NI:                     no
   * AES-CBC:                    yes
   * AES-GCM:                    yes
   * AES-CCM:                    yes
   * AES-CTR:                    yes
   * DES3:                       yes
   * IDEA:                       yes
   * Camellia:                   yes
   * NULL Cipher:                yes
   * MD5:                        yes
   * RIPEMD:                     yes
   * SHA:                        yes
   * SHA-224:                    yes
   * SHA-384:                    yes
   * SHA-512:                    yes
   * SHA3:                       yes
   * SHAKE256:                   yes
   * BLAKE2:                     no
   * CMAC:                       yes
   * keygen:                     yes
   * certgen:                    yes
   * certreq:                    yes
   * certext:                    yes
   * certgencache:               no
   * HC-128:                     yes
   * RABBIT:                     yes
   * CHACHA:                     yes
   * Hash DRBG:                  yes
   * PWDBASED:                   yes
   * scrypt:                     yes
   * wolfCrypt Only:             no
   * HKDF:                       yes
   * X9.63 KDF:                  yes
   * MD4:                        yes
   * PSK:                        yes
   * Poly1305:                   yes
   * LEANPSK:                    no
   * LEANTLS:                    no
   * RSA:                        yes
   * RSA-PSS:                    yes
   * DSA:                        yes
   * DH:                         yes
   * DH Default Parameters:      no
   * ECC:                        yes
   * ECC Custom Curves           yes
   * CURVE25519:                 yes
   * ED25519:                    yes
   * CURVE448:                   yes
   * ED448:                      no
   * FPECC:                      yes
   * ECC_ENCRYPT:                yes
   * ASN:                        yes
   * Anonymous cipher:           no
   * CODING:                     yes
   * MEMORY:                     yes
   * I/O POOL:                   no
   * LIGHTY:                     yes
   * HAPROXY:                    yes
   * STUNNEL:                    yes
   * Apache httpd:               no
   * NGINX:                      yes
   * ASIO:                       yes
   * LIBWEBSOCKETS:              yes
   * Qt                          yes
   * Qt Unit Testing             no
   * SIGNAL:                     no
   * ERROR_STRINGS:              yes
   * DTLS:                       yes
   * SCTP:                       no
   * Indefinite Length:          yes
   * Multicast:                  no
   * Old TLS Versions:           yes
   * SSL version 3.0:            yes
   * TLS v1.0:                   no
   * TLS v1.3:                   yes
   * TLS v1.3 Draft 18:          no
   * TLS v1.3 Draft 22:          no
   * TLS v1.3 Draft 23:          no
   * TLS v1.3 Draft 26:          no
   * TLS v1.3 Draft 28:          no
   * Post-handshake Auth:        no
   * Early Data:                 no
   * Send State in HRR Cookie:   no
   * OCSP:                       yes
   * OCSP Stapling:              yes
   * OCSP Stapling v2:           yes
   * CRL:                        yes
   * CRL-MONITOR:                yes
   * Persistent session cache:   yes
   * Persistent cert    cache:   yes
   * Atomic User Record Layer:   yes
   * Public Key Callbacks:       yes
   * NTRU:                       no
   * QSH:                        no
   * Whitewood netRandom:        no
   * Server Name Indication:     yes
   * ALPN:                       yes
   * Maximum Fragment Length:    yes
   * Trusted CA Indication:      yes
   * Truncated HMAC:             yes
   * Supported Elliptic Curves:  yes
   * FFDHE only in client:       no
   * Session Ticket:             yes
   * Extended Master Secret:     yes
   * Renegotiation Indication:   no
   * Secure Renegotiation:       no
   * Fallback SCSV:              no
   * All TLS Extensions:         yes
   * PKCS#7                      yes
   * wolfSSH                     yes
   * wolfSCEP                    yes
   * Secure Remote Password      yes
   * Small Stack:                no
   * valgrind unit tests:        no
   * LIBZ:                       no
   * Examples:                   yes
   * User Crypto:                no
   * Fast RSA:                   no
   * Single Precision:           no
   * Async Crypto:               no
   * PKCS#11:                    no
   * PKCS#12:                    yes
   * Cavium Nitox:               no
   * Cavium Octeon (Sync):       no
   * Intel Quick Assist:         no
   * ARM ASM:                    no
   * AES Key Wrap:               yes
   * Write duplicate:            no
   * Xilinx Hardware Acc.:       no
   * Inline Code:                yes
   * Linux AF_ALG:               no
   * Linux devcrypto:            no
   * Crypto callbacks:           no


I think I followed all the steps in the instructions for setting the Python signing tool.
https://github.com/wolfSSL/wolfBoot/blo … ll-python3


As far as I understand from following the instructions:
1. Install Python3
2. Install Wolfssl
3. Install wolfcrypt-py (need to be build inside wolfssl, using cd wolfssl to locate the directory)
4. Install wolfBoot
    using make to build the bootloader
5. Implement wolfBoot library into my firmware, then signing it

Am I right?
Thanks a lot.

Share

Re: Import error: libwolfssl.so - No such file or directory/ SMT32F7

Hi windyMk92,

Yes that all looks correct. Depending on your platform you may need to do a "sudo ldconfig" after the "sudo make install". Additionally some platform use "usr" and some use "usr/local", so you might need to adjust things. If you want to force wolfSSL configure to install to a different location use `./configure --prefix=/usr` (for example).

For wolfcrypt-py install using the local wolfCrypt are you using this command `sudo USE_LOCAL_WOLFSSL=/usr/local pip3 install .`?

Are you still getting the same `libwolfssl.so.24: cannot open shared object file: No such file or directory` error?

Thanks,
David Garske, wolfSSL

Share

Re: Import error: libwolfssl.so - No such file or directory/ SMT32F7

Hi David,

Your "sudo ldconfig" do solve my problem and yes, I was using "sudo USE_LOCAL_WOLFSSL=/usr/local pip3 install ."

Here is what I got:

Creating file ed25519.der
Creating file src/ed25519_pub_key.c
    [CC-ARM] src/ed25519_pub_key.o
    [CC-ARM] src/update_flash.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/sha256.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/sha512.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/ed25519.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/ge_low_mem.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/hash.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/wolfmath.o
    [CC-ARM] lib/wolfssl/wolfcrypt/src/fe_low_mem.o
    [LD] wolfboot.elf
    [BIN] wolfboot.bin

    [SIZE]
   text       data        bss        dec        hex    filename
  10536          0         32      10568       2948    wolfboot.elf

make[1]: Entering directory '/home/rocky92/wolfBoot/test-app'
    [CC-ARM] app_stm32f4.o
    [CC-ARM] led.o
    [CC-ARM] system.o
    [CC-ARM] timer.o
    [CC-ARM] startup_arm.o
    [LD] image.elf
    [BIN] image.bin
make[1]: Leaving directory '/home/rocky92/wolfBoot/test-app'
   text       data        bss        dec        hex    filename
   4172          4        296       4472       1178    test-app/image.elf
    [SIGN] test-app/image.bin

python3 tools/keytools/sign.py --ed25519 test-app/image.bin ed25519.der 1
Update type:          Firmware
Input image:          test-app/image.bin
Selected cipher:      ed25519
Public key:           ed25519.der
Output image:         test-app/image_v1_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created.
    [MERGE] factory.bin

Please help me clarify some questions:

1. I see some .bin files here.
    wolfboot.bin is my bootloader, isn't it. If it is, I just need to download it to the beginning of my flash?

2. I need to provided my application firmware to signing it with public key. In this case is image.bin in '/home/rocky92/wolfBoot/test-app' directory
   Can I force wolfBoot using a different directory?

3. Can I modify my public key - ed25519.der? And how?

Thank you.
Tu Nguyen

Share