Format c code

hw/application_fpga/fw/reset_test/Makefile

@@ -51,8 +51,7 @@ all: reset_test.bin
 tkey-libs:
 	make -C $(LIBDIR)
 
-RESET_TEST_FMTFILES = \
+RESET_TEST_FMTFILES = *.[ch]
-	$(P)/main.c \
 
 RESET_TEST_OBJS = \
 	$(P)/main.o \

hw/application_fpga/fw/testapp/Makefile

@@ -50,9 +50,7 @@ all: testapp.bin
 tkey-libs:
 	make -C $(LIBDIR)
 
-TESTAPP_FMTFILES = \
+TESTAPP_FMTFILES = *.[ch]
-	$(P)/main.c \
-	$(P)/syscall.h
 
 TESTAPP_OBJS = \
 	$(P)/main.o \

hw/application_fpga/fw/testapp/main.c

@@ -138,17 +138,18 @@ int main(void)
 
 	puts(IO_CDC, "\r\nWriting to storage area...");
 
-	uint8_t out_data[14] = { 0, 1, 2, 3, 4, 5, 6, 7, 8,
+	uint8_t out_data[14] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13};
-		9, 10, 11, 12, 13 };
+	if (syscall(TK1_SYSCALL_WRITE_DATA, 0, (uint32_t)out_data,
-	if (syscall(TK1_SYSCALL_WRITE_DATA, 0, (uint32_t)out_data, sizeof(out_data)) != 0) {
+		    sizeof(out_data)) != 0) {
 		failmsg("Failed to write to storage area");
 	}
 	puts(IO_CDC, "done.\r\n");
 
 	puts(IO_CDC, "\r\nReading from storage area...");
 
-	uint8_t in_data[14] = { 0 };
+	uint8_t in_data[14] = {0};
-	if (syscall(TK1_SYSCALL_READ_DATA, 0, (uint32_t)in_data, sizeof(in_data)) != 0) {
+	if (syscall(TK1_SYSCALL_READ_DATA, 0, (uint32_t)in_data,
+		    sizeof(in_data)) != 0) {
 		failmsg("Failed to write to storage area");
 	}
 	if (!memeq(in_data, out_data, sizeof(in_data))) {

hw/application_fpga/fw/testapp/syscall.h

@@ -6,7 +6,6 @@
 #ifndef TKEY_APP_SYSCALL_H
 #define TKEY_APP_SYSCALL_H
 
-int syscall(uint32_t number, uint32_t arg1, uint32_t arg2,
+int syscall(uint32_t number, uint32_t arg1, uint32_t arg2, uint32_t arg3);
-	    uint32_t arg3);
 
 #endif

hw/application_fpga/fw/testfw/Makefile

@@ -1,5 +1,5 @@
 # Uses ../.clang-format
-FMTFILES=main.c
+FMTFILES=*.[ch]
 .PHONY: fmt
 fmt:
 	clang-format --dry-run --ferror-limit=0 $(FMTFILES)

hw/application_fpga/fw/testloadapp/Makefile

@@ -50,8 +50,7 @@ all: testloadapp.bin
 tkey-libs:
 	make -C $(LIBDIR)
 
-TESTLOADAPP_FMTFILES = \
+TESTLOADAPP_FMTFILES = *.[ch]
-	$(P)/main.c
 
 TESTLOADAPP_OBJS = \
 	$(P)/main.o \

hw/application_fpga/fw/testloadapp/blink.h

@@ -2,23 +2,27 @@
 #define BLINK_APP_H
 
 uint8_t blink[] = {
-    0x81, 0x40, 0x01, 0x41, 0x81, 0x41, 0x01, 0x42, 0x81, 0x42, 0x01, 0x43, 0x81, 0x43, 0x01, 0x44,
+    0x81, 0x40, 0x01, 0x41, 0x81, 0x41, 0x01, 0x42, 0x81, 0x42, 0x01, 0x43,
-    0x81, 0x44, 0x01, 0x45, 0x81, 0x45, 0x01, 0x46, 0x81, 0x46, 0x01, 0x47, 0x81, 0x47, 0x01, 0x48,
+    0x81, 0x43, 0x01, 0x44, 0x81, 0x44, 0x01, 0x45, 0x81, 0x45, 0x01, 0x46,
-    0x81, 0x48, 0x01, 0x49, 0x81, 0x49, 0x01, 0x4a, 0x81, 0x4a, 0x01, 0x4b, 0x81, 0x4b, 0x01, 0x4c,
+    0x81, 0x46, 0x01, 0x47, 0x81, 0x47, 0x01, 0x48, 0x81, 0x48, 0x01, 0x49,
-    0x81, 0x4c, 0x01, 0x4d, 0x81, 0x4d, 0x01, 0x4e, 0x81, 0x4e, 0x01, 0x4f, 0x81, 0x4f, 0x37, 0x01,
+    0x81, 0x49, 0x01, 0x4a, 0x81, 0x4a, 0x01, 0x4b, 0x81, 0x4b, 0x01, 0x4c,
-    0x02, 0x40, 0x41, 0x11, 0x17, 0x05, 0x00, 0x00, 0x13, 0x05, 0x45, 0x0c, 0x97, 0x05, 0x00, 0x00,
+    0x81, 0x4c, 0x01, 0x4d, 0x81, 0x4d, 0x01, 0x4e, 0x81, 0x4e, 0x01, 0x4f,
-    0x93, 0x85, 0xc5, 0x0b, 0x63, 0x57, 0xb5, 0x00, 0x23, 0x20, 0x05, 0x00, 0x11, 0x05, 0xe3, 0x4d,
+    0x81, 0x4f, 0x37, 0x01, 0x02, 0x40, 0x41, 0x11, 0x17, 0x05, 0x00, 0x00,
-    0xb5, 0xfe, 0x97, 0x00, 0x00, 0x00, 0xe7, 0x80, 0xa0, 0x00, 0x00, 0x00, 0x41, 0x11, 0x37, 0x05,
+    0x13, 0x05, 0x45, 0x0c, 0x97, 0x05, 0x00, 0x00, 0x93, 0x85, 0xc5, 0x0b,
-    0x00, 0xff, 0x11, 0x48, 0xe1, 0x66, 0x13, 0x86, 0xf6, 0x69, 0x93, 0x86, 0x06, 0x6a, 0x09, 0x47,
+    0x63, 0x57, 0xb5, 0x00, 0x23, 0x20, 0x05, 0x00, 0x11, 0x05, 0xe3, 0x4d,
-    0x85, 0x47, 0x23, 0x22, 0x05, 0x03, 0x02, 0xc2, 0x92, 0x45, 0x63, 0x68, 0xb6, 0x00, 0x92, 0x45,
+    0xb5, 0xfe, 0x97, 0x00, 0x00, 0x00, 0xe7, 0x80, 0xa0, 0x00, 0x00, 0x00,
-    0x85, 0x05, 0x2e, 0xc2, 0x92, 0x45, 0xe3, 0xec, 0xd5, 0xfe, 0x58, 0xd1, 0x02, 0xc4, 0xa2, 0x45,
+    0x41, 0x11, 0x37, 0x05, 0x00, 0xff, 0x11, 0x48, 0xe1, 0x66, 0x13, 0x86,
-    0x63, 0x68, 0xb6, 0x00, 0xa2, 0x45, 0x85, 0x05, 0x2e, 0xc4, 0xa2, 0x45, 0xe3, 0xec, 0xd5, 0xfe,
+    0xf6, 0x69, 0x93, 0x86, 0x06, 0x6a, 0x09, 0x47, 0x85, 0x47, 0x23, 0x22,
-    0x5c, 0xd1, 0x02, 0xc6, 0xb2, 0x45, 0xe3, 0x66, 0xb6, 0xfc, 0xb2, 0x45, 0x85, 0x05, 0x2e, 0xc6,
+    0x05, 0x03, 0x02, 0xc2, 0x92, 0x45, 0x63, 0x68, 0xb6, 0x00, 0x92, 0x45,
-    0xb2, 0x45, 0xe3, 0xec, 0xd5, 0xfe, 0x75, 0xbf, 0x19, 0xca, 0x2a, 0x96, 0xaa, 0x86, 0x03, 0xc7,
+    0x85, 0x05, 0x2e, 0xc2, 0x92, 0x45, 0xe3, 0xec, 0xd5, 0xfe, 0x58, 0xd1,
-    0x05, 0x00, 0x23, 0x80, 0xe6, 0x00, 0x85, 0x06, 0x85, 0x05, 0xe3, 0x9a, 0xc6, 0xfe, 0x82, 0x80,
+    0x02, 0xc4, 0xa2, 0x45, 0x63, 0x68, 0xb6, 0x00, 0xa2, 0x45, 0x85, 0x05,
-    0x11, 0xca, 0x0a, 0x06, 0x2a, 0x96, 0xaa, 0x86, 0x98, 0x41, 0x98, 0xc2, 0x91, 0x06, 0x91, 0x05,
+    0x2e, 0xc4, 0xa2, 0x45, 0xe3, 0xec, 0xd5, 0xfe, 0x5c, 0xd1, 0x02, 0xc6,
-    0xe3, 0x9c, 0xc6, 0xfe, 0x82, 0x80, 0x01, 0xca, 0x2a, 0x96, 0xaa, 0x86, 0x23, 0x80, 0xb6, 0x00,
+    0xb2, 0x45, 0xe3, 0x66, 0xb6, 0xfc, 0xb2, 0x45, 0x85, 0x05, 0x2e, 0xc6,
-    0x85, 0x06, 0xe3, 0x9d, 0xc6, 0xfe, 0x82, 0x80
+    0xb2, 0x45, 0xe3, 0xec, 0xd5, 0xfe, 0x75, 0xbf, 0x19, 0xca, 0x2a, 0x96,
-};
+    0xaa, 0x86, 0x03, 0xc7, 0x05, 0x00, 0x23, 0x80, 0xe6, 0x00, 0x85, 0x06,
+    0x85, 0x05, 0xe3, 0x9a, 0xc6, 0xfe, 0x82, 0x80, 0x11, 0xca, 0x0a, 0x06,
+    0x2a, 0x96, 0xaa, 0x86, 0x98, 0x41, 0x98, 0xc2, 0x91, 0x06, 0x91, 0x05,
+    0xe3, 0x9c, 0xc6, 0xfe, 0x82, 0x80, 0x01, 0xca, 0x2a, 0x96, 0xaa, 0x86,
+    0x23, 0x80, 0xb6, 0x00, 0x85, 0x06, 0xe3, 0x9d, 0xc6, 0xfe, 0x82, 0x80};
 
 #endif

hw/application_fpga/fw/testloadapp/main.c

@@ -1,9 +1,9 @@
 #include <blake2s/blake2s.h>
 #include <monocypher/monocypher-ed25519.h>
 #include <stdint.h>
+#include <tkey/debug.h>
 #include <tkey/lib.h>
 #include <tkey/tk1_mem.h>
-#include <tkey/debug.h>
 
 #include "../testapp/syscall.h"
 #include "../tk1/resetinfo.h"
@@ -33,7 +33,7 @@ int install_app(uint8_t secret_key[64])
 	}
 
 	ret = syscall(TK1_SYSCALL_PRELOAD_STORE, 0, (uint32_t)blink,
-			  sizeof(blink));
+		      sizeof(blink));
 
 	if (ret != 0) {
 		puts(IO_CDC, "couldn't store app, error: 0x");
@@ -99,7 +99,7 @@ int verify(uint8_t pubkey[32])
 	// read signature
 	// read digest
 	ret = syscall(TK1_SYSCALL_PRELOAD_GET_DIGSIG, (uint32_t)app_digest,
-		(uint32_t)app_signature, 0);
+		      (uint32_t)app_signature, 0);
 
 	if (ret != 0) {
 		puts(IO_CDC, "couldn't get digsig, error:");
@@ -124,7 +124,7 @@ int verify(uint8_t pubkey[32])
 	puts(IO_CDC, "Checking signature...\r\n");
 
 	if (crypto_ed25519_check(app_signature, pubkey, app_digest,
-				  sizeof(app_digest)) != 0) {
+				 sizeof(app_digest)) != 0) {
 		puts(IO_CDC, "signature check failed\r\n");
 
 		return -1;

hw/application_fpga/fw/tk1/flash.c

@@ -45,7 +45,8 @@ static bool flash_is_busy(void)
 	uint8_t tx_buf = READ_STATUS_REG_1;
 	uint8_t rx_buf = {0x00};
 
-	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, &rx_buf, sizeof(rx_buf)) == 0);
+	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, &rx_buf,
+			    sizeof(rx_buf)) == 0);
 
 	if (rx_buf & (1 << STATUS_REG_BUSY_BIT)) {
 		return true;
@@ -138,7 +139,8 @@ void flash_read_manufacturer_device_id(uint8_t *device_id)
 	uint8_t tx_buf[4] = {0x00};
 	tx_buf[0] = READ_MANUFACTURER_ID;
 
-	assert(spi_transfer(tx_buf, sizeof(tx_buf), NULL, 0, device_id, 2) == 0);
+	assert(spi_transfer(tx_buf, sizeof(tx_buf), NULL, 0, device_id, 2) ==
+	       0);
 }
 
 void flash_read_jedec_id(uint8_t *jedec_id)
@@ -147,7 +149,8 @@ void flash_read_jedec_id(uint8_t *jedec_id)
 
 	uint8_t tx_buf = READ_JEDEC_ID;
 
-	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, jedec_id, 3) == 0);
+	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, jedec_id, 3) ==
+	       0);
 }
 
 void flash_read_unique_id(uint8_t *unique_id)
@@ -157,7 +160,8 @@ void flash_read_unique_id(uint8_t *unique_id)
 	uint8_t tx_buf[5] = {0x00};
 	tx_buf[0] = READ_UNIQUE_ID;
 
-	assert(spi_transfer(tx_buf, sizeof(tx_buf), NULL, 0, unique_id, 8) == 0);
+	assert(spi_transfer(tx_buf, sizeof(tx_buf), NULL, 0, unique_id, 8) ==
+	       0);
 }
 
 void flash_read_status(uint8_t *status_reg)
@@ -166,10 +170,12 @@ void flash_read_status(uint8_t *status_reg)
 
 	uint8_t tx_buf = READ_STATUS_REG_1;
 
-	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg, 1) == 0);
+	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg, 1) ==
+	       0);
 
 	tx_buf = READ_STATUS_REG_2;
-	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg + 1, 1) == 0);
+	assert(spi_transfer(&tx_buf, sizeof(tx_buf), NULL, 0, status_reg + 1,
+			    1) == 0);
 }
 
 int flash_read_data(uint32_t address, uint8_t *dest_buf, size_t size)

hw/application_fpga/fw/tk1/main.c

@@ -3,23 +3,23 @@
  * SPDX-License-Identifier: GPL-2.0-only
  */
 
+#include <blake2s/blake2s.h>
 #include <stdbool.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <tkey/assert.h>
 #include <tkey/debug.h>
+#include <tkey/led.h>
 #include <tkey/lib.h>
 #include <tkey/tk1_mem.h>
-#include <tkey/led.h>
-#include <blake2s/blake2s.h>
 
+#include "mgmt_app.h"
 #include "partition_table.h"
 #include "preload_app.h"
 #include "proto.h"
-#include "mgmt_app.h"
+#include "resetinfo.h"
 #include "state.h"
 #include "syscall_enable.h"
-#include "resetinfo.h"
 
 // clang-format off
 static volatile uint32_t *uds              = (volatile uint32_t *)TK1_MMIO_UDS_FIRST;
@@ -50,8 +50,9 @@ struct context {
 	uint8_t *loadaddr;  // Where we are currently loading a TKey program
 	bool use_uss;	    // Use USS?
 	uint8_t uss[32];    // User Supplied Secret, if any
-	uint8_t flash_slot;    // App is loaded from flash slot number
+	uint8_t flash_slot; // App is loaded from flash slot number
-	/*@null@*/ volatile uint8_t *ver_digest; // Verify loaded app against this digest
+	/*@null@*/ volatile uint8_t
+	    *ver_digest; // Verify loaded app against this digest
 };
 
 static void print_hw_version(void);
@@ -388,7 +389,7 @@ static int load_flash_app(struct partition_table *part_table,
 
 	*app_size = part_table->pre_app_data[slot].size;
 	if (*app_size > TK1_APP_MAX_SIZE) {
-			return -1;
+		return -1;
 	}
 
 	int digest_err = compute_app_digest(digest);
@@ -546,7 +547,8 @@ int main(void)
 			break;
 
 		case FW_STATE_LOAD_FLASH:
-			if (load_flash_app(&part_table_storage.table, ctx.digest, ctx.flash_slot) < 0) {
+			if (load_flash_app(&part_table_storage.table,
+					   ctx.digest, ctx.flash_slot) < 0) {
 				debug_puts("Couldn't load app from flash\n");
 				state = FW_STATE_FAIL;
 				break;
@@ -556,7 +558,8 @@ int main(void)
 			break;
 
 		case FW_STATE_LOAD_FLASH_MGMT:
-			if (load_flash_app(&part_table_storage.table, ctx.digest, ctx.flash_slot) < 0) {
+			if (load_flash_app(&part_table_storage.table,
+					   ctx.digest, ctx.flash_slot) < 0) {
 				debug_puts("Couldn't load app from flash\n");
 				state = FW_STATE_FAIL;
 				break;
@@ -575,17 +578,19 @@ int main(void)
 
 			if (ctx.ver_digest != NULL) {
 				print_digest(ctx.digest);
-				if (!memeq(ctx.digest, (void*)ctx.ver_digest, sizeof(ctx.digest))) {
+				if (!memeq(ctx.digest, (void *)ctx.ver_digest,
+					   sizeof(ctx.digest))) {
 					debug_puts("Digests do not match\n");
 					state = FW_STATE_FAIL;
 					break;
 				}
 			}
 
-			(void)memset((void*)resetinfo->app_digest, 0, sizeof(resetinfo->app_digest));
+			(void)memset((void *)resetinfo->app_digest, 0,
+				     sizeof(resetinfo->app_digest));
 
 			jump_to_app();
-			break;  // Not reached
+			break; // Not reached
 
 		case FW_STATE_FAIL:
 			// fallthrough

hw/application_fpga/fw/tk1/mgmt_app.c

@@ -1,10 +1,10 @@
 // Copyright (C) 2024 - Tillitis AB
 // SPDX-License-Identifier: GPL-2.0-only
 
-#include <tkey/lib.h>
 #include <stdbool.h>
 #include <stdint.h>
 #include <tkey/io.h>
+#include <tkey/lib.h>
 
 #include "mgmt_app.h"
 
@@ -12,19 +12,21 @@
 //
 // To update this, compute the BLAKE2s digest of the app.bin
 static const uint8_t allowed_app_digest[32] = {
-	0xb6, 0x86, 0x1b, 0x26, 0xef, 0x69, 0x77, 0x12, 0xed, 0x6c, 0xca,
+    0xb6, 0x86, 0x1b, 0x26, 0xef, 0x69, 0x77, 0x12, 0xed, 0x6c, 0xca,
-	0xe8, 0x35, 0xb4, 0x5c, 0x01, 0x07, 0x71, 0xab, 0xce, 0x3f, 0x30,
+    0xe8, 0x35, 0xb4, 0x5c, 0x01, 0x07, 0x71, 0xab, 0xce, 0x3f, 0x30,
-	0x79, 0xda, 0xe6, 0xf9, 0xee, 0x4b, 0xe2, 0x06, 0x95, 0x33,
+    0x79, 0xda, 0xe6, 0xf9, 0xee, 0x4b, 0xe2, 0x06, 0x95, 0x33,
 };
 
 static uint8_t current_app_digest[32];
 
-int mgmt_app_init(uint8_t app_digest[32]) {
+int mgmt_app_init(uint8_t app_digest[32])
+{
 	if (app_digest == NULL) {
 		return -1;
 	}
 
-	memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest, 32);
+	memcpy_s(current_app_digest, sizeof(current_app_digest), app_digest,
+		 32);
 
 	return 0;
 }
@@ -35,6 +37,7 @@ bool mgmt_app_authenticate(void)
 	return memeq(current_app_digest, allowed_app_digest, 32) != 0;
 }
 
-uint8_t *mgmt_app_allowed_digest(void) {
+uint8_t *mgmt_app_allowed_digest(void)
+{
 	return (uint8_t *)allowed_app_digest;
 }

hw/application_fpga/fw/tk1/partition_table.c

@@ -12,25 +12,28 @@
 
 static enum part_status part_status;
 
-enum part_status part_get_status(void) {
+enum part_status part_get_status(void)
+{
 	return part_status;
 }
 
-static void part_digest(struct partition_table *part_table, uint8_t *out_digest, size_t out_len);
+static void part_digest(struct partition_table *part_table, uint8_t *out_digest,
+			size_t out_len);
 
-static void part_digest(struct partition_table *part_table, uint8_t *out_digest, size_t out_len) {
+static void part_digest(struct partition_table *part_table, uint8_t *out_digest,
+			size_t out_len)
+{
 	int blake2err = 0;
 
 	uint8_t key[16] = {
-		0, 0, 0, 0, 0, 0, 0, 0,
+	    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-		0, 0, 0, 0, 0, 0, 0, 0,
 	};
 
 	assert(part_table != NULL);
 	assert(out_digest != NULL);
 
-	blake2err = blake2s(out_digest, out_len,
+	blake2err = blake2s(out_digest, out_len, key, sizeof(key), part_table,
-	key, sizeof(key), part_table, sizeof(struct partition_table));
+			    sizeof(struct partition_table));
 
 	assert(blake2err == 0);
 }
@@ -44,8 +47,8 @@ static void part_digest(struct partition_table *part_table, uint8_t *out_digest,
 int part_table_read(struct partition_table_storage *storage)
 {
 	uint32_t offset[2] = {
-		ADDR_PARTITION_TABLE_0,
+	    ADDR_PARTITION_TABLE_0,
-		ADDR_PARTITION_TABLE_1,
+	    ADDR_PARTITION_TABLE_1,
 	};
 	uint8_t check_digest[PART_DIGEST_SIZE] = {0};
 
@@ -56,14 +59,16 @@ int part_table_read(struct partition_table_storage *storage)
 	flash_release_powerdown();
 	(void)memset(storage, 0x00, sizeof(*storage));
 
-	for (int i = 0; i < 2; i ++) {
+	for (int i = 0; i < 2; i++) {
 		if (flash_read_data(offset[i], (uint8_t *)storage,
 				    sizeof(*storage)) != 0) {
 			return -1;
 		}
-		part_digest(&storage->table, check_digest, sizeof(check_digest));
+		part_digest(&storage->table, check_digest,
+			    sizeof(check_digest));
 
-		if (memeq(check_digest, storage->check_digest, sizeof(check_digest))) {
+		if (memeq(check_digest, storage->check_digest,
+			  sizeof(check_digest))) {
 			if (i == 1) {
 				part_status = PART_SLOT0_INVALID;
 			}
@@ -78,17 +83,18 @@ int part_table_read(struct partition_table_storage *storage)
 int part_table_write(struct partition_table_storage *storage)
 {
 	uint32_t offset[2] = {
-		ADDR_PARTITION_TABLE_0,
+	    ADDR_PARTITION_TABLE_0,
-		ADDR_PARTITION_TABLE_1,
+	    ADDR_PARTITION_TABLE_1,
 	};
 
 	if (storage == NULL) {
 		return -1;
 	}
 
-	part_digest(&storage->table, storage->check_digest, sizeof(storage->check_digest));
+	part_digest(&storage->table, storage->check_digest,
+		    sizeof(storage->check_digest));
 
-	for (int i = 0; i < 2; i ++) {
+	for (int i = 0; i < 2; i++) {
 		flash_sector_erase(offset[i]);
 		if (flash_write_data(offset[i], (uint8_t *)storage,
 				     sizeof(*storage)) != 0) {

hw/application_fpga/fw/tk1/partition_table.h

@@ -41,7 +41,8 @@
 #define ADDR_PRE_LOADED_APP_0 (ADDR_PARTITION_TABLE_0 + SIZE_PARTITION_TABLE)
 #define SIZE_PRE_LOADED_APP 0x20000UL // 128KiB
 
-#define ADDR_STORAGE_AREA (ADDR_PRE_LOADED_APP_0 + (N_PRELOADED_APP * SIZE_PRE_LOADED_APP))
+#define ADDR_STORAGE_AREA                                                      \
+	(ADDR_PRE_LOADED_APP_0 + (N_PRELOADED_APP * SIZE_PRE_LOADED_APP))
 #define SIZE_STORAGE_AREA 0x20000UL // 128KiB
 #define N_STORAGE_AREA 4
 
@@ -70,7 +71,7 @@ enum part_status {
 /*  - 16 bytes random nonce.		*/
 /*  - 16 bytes authentication tag.	*/
 
-struct auth_metadata  {
+struct auth_metadata {
 	uint8_t nonce[16];
 	uint8_t authentication_digest[16];
 } __attribute__((packed));
@@ -84,9 +85,9 @@ struct pre_loaded_app_metadata {
 struct app_storage_area {
 	uint8_t status;
 	struct auth_metadata auth;
-}  __attribute__((packed));
+} __attribute__((packed));
 
-struct table_header  {
+struct table_header {
 	uint8_t version;
 } __attribute__((packed));
 

hw/application_fpga/fw/tk1/preload_app.c

@@ -13,7 +13,8 @@
 #include "partition_table.h"
 #include "preload_app.h"
 
-static uint32_t slot_to_start_address(uint8_t slot) {
+static uint32_t slot_to_start_address(uint8_t slot)
+{
 	return ADDR_PRE_LOADED_APP_0 + slot * SIZE_PRE_LOADED_APP;
 }
 
@@ -36,7 +37,7 @@ int preload_load(struct partition_table *part_table, uint8_t from_slot)
 
 	/* Read from flash, straight into RAM */
 	int ret = flash_read_data(slot_to_start_address(from_slot), loadaddr,
-			          part_table->pre_app_data[from_slot].size);
+				  part_table->pre_app_data[from_slot].size);
 
 	return ret;
 }
@@ -80,9 +81,9 @@ int preload_store(struct partition_table *part_table, uint32_t offset,
 	return flash_write_data(address, data, size);
 }
 
-int preload_store_finalize(struct partition_table_storage *part_table_storage, size_t app_size,
+int preload_store_finalize(struct partition_table_storage *part_table_storage,
-			   uint8_t app_digest[32], uint8_t app_signature[64],
+			   size_t app_size, uint8_t app_digest[32],
-			   uint8_t to_slot)
+			   uint8_t app_signature[64], uint8_t to_slot)
 {
 	struct partition_table *part_table = &part_table_storage->table;
 
@@ -110,11 +111,11 @@ int preload_store_finalize(struct partition_table_storage *part_table_storage, s
 
 	part_table->pre_app_data[to_slot].size = app_size;
 	memcpy_s(part_table->pre_app_data[to_slot].digest,
-		sizeof(part_table->pre_app_data[to_slot].digest),
+		 sizeof(part_table->pre_app_data[to_slot].digest), app_digest,
-		app_digest, 32);
+		 32);
 	memcpy_s(part_table->pre_app_data[to_slot].signature,
-		sizeof(part_table->pre_app_data[to_slot].signature),
+		 sizeof(part_table->pre_app_data[to_slot].signature),
-		app_signature, 64);
+		 app_signature, 64);
 	debug_puts("preload_*_final: size: ");
 	debug_putinthex(app_size);
 	debug_lf();
@@ -126,7 +127,8 @@ int preload_store_finalize(struct partition_table_storage *part_table_storage, s
 	return 0;
 }
 
-int preload_delete(struct partition_table_storage *part_table_storage, uint8_t slot)
+int preload_delete(struct partition_table_storage *part_table_storage,
+		   uint8_t slot)
 {
 	struct partition_table *part_table = &part_table_storage->table;
 
@@ -162,13 +164,18 @@ int preload_delete(struct partition_table_storage *part_table_storage, uint8_t s
 	}
 
 	/* Assumes the area is 64 KiB block aligned */
-	flash_block_64_erase(slot_to_start_address(slot)); // Erase first 64 KB block
+	flash_block_64_erase(
-	flash_block_64_erase(slot_to_start_address(slot) + 0x10000); // Erase first 64 KB block
+	    slot_to_start_address(slot)); // Erase first 64 KB block
+	flash_block_64_erase(slot_to_start_address(slot) +
+			     0x10000); // Erase first 64 KB block
 
 	return 0;
 }
 
-int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32], uint8_t app_signature[64], uint8_t slot) {
+int preload_get_digsig(struct partition_table *part_table,
+		       uint8_t app_digest[32], uint8_t app_signature[64],
+		       uint8_t slot)
+{
 	if (part_table == NULL || app_digest == NULL || app_signature == NULL) {
 		return -5;
 	}
@@ -182,8 +189,10 @@ int preload_get_digsig(struct partition_table *part_table, uint8_t app_digest[32
 		return -3;
 	}
 
-	memcpy_s(app_digest, 32, part_table->pre_app_data[slot].digest, sizeof(part_table->pre_app_data[slot].digest));
+	memcpy_s(app_digest, 32, part_table->pre_app_data[slot].digest,
-	memcpy_s(app_signature, 64, part_table->pre_app_data[slot].signature, sizeof(part_table->pre_app_data[slot].signature));
+		 sizeof(part_table->pre_app_data[slot].digest));
+	memcpy_s(app_signature, 64, part_table->pre_app_data[slot].signature,
+		 sizeof(part_table->pre_app_data[slot].signature));
 
 	return 0;
 }

hw/application_fpga/fw/tk1/resetinfo.h

@@ -6,11 +6,9 @@
 
 #include <stdint.h>
 
-
 #define TK1_MMIO_RESETINFO_BASE 0xd0000f00
 #define TK1_MMIO_RESETINFO_SIZE 0x100
 
-
 enum reset_start {
 	START_DEFAULT = 0, // Probably cold boot
 	START_FLASH0 = 1,
@@ -22,8 +20,8 @@ enum reset_start {
 };
 
 struct reset {
-	uint32_t type;           // Reset type
+	uint32_t type;		    // Reset type
-	uint8_t app_digest[32];  // Program digest
+	uint8_t app_digest[32];	    // Program digest
 	uint8_t next_app_data[220]; // Data to leave around for next app
 };
 

hw/application_fpga/fw/tk1/storage.c

@@ -28,7 +28,8 @@ static int get_first_empty(struct partition_table *part_table)
 	return -1;
 }
 
-static int index_to_address(int index, uint32_t *address) {
+static int index_to_address(int index, uint32_t *address)
+{
 	if (address == NULL) {
 		return -4;
 	}
@@ -93,7 +94,8 @@ int storage_allocate_area(struct partition_table_storage *part_table_storage)
 
 	/* Assumes the area is 64 KiB block aligned */
 	flash_block_64_erase(start_address); // Erase first 64 KB block
-	flash_block_64_erase(start_address + 0x10000); // Erase second 64 KB block
+	flash_block_64_erase(start_address +
+			     0x10000); // Erase second 64 KB block
 
 	/* Write partition table lastly */
 	part_table->app_storage[index].status = 0x01;
@@ -132,7 +134,8 @@ int storage_deallocate_area(struct partition_table_storage *part_table_storage)
 
 	/* Assumes the area is 64 KiB block aligned */
 	flash_block_64_erase(start_address); // Erase first 64 KB block
-	flash_block_64_erase(start_address + 0x10000); // Erase second 64 KB block
+	flash_block_64_erase(start_address +
+			     0x10000); // Erase second 64 KB block
 
 	/* Clear partition table lastly */
 	part_table->app_storage[index].status = 0;
@@ -141,8 +144,8 @@ int storage_deallocate_area(struct partition_table_storage *part_table_storage)
 		     sizeof(part_table->app_storage[index].auth.nonce));
 
 	(void)memset(
-		part_table->app_storage[index].auth.authentication_digest, 0x00,
+	    part_table->app_storage[index].auth.authentication_digest, 0x00,
-		sizeof(part_table->app_storage[index].auth.authentication_digest));
+	    sizeof(part_table->app_storage[index].auth.authentication_digest));
 
 	if (part_table_write(part_table_storage) != 0) {
 		return -5;
@@ -179,8 +182,7 @@ int storage_erase_sector(struct partition_table *part_table, uint32_t offset,
 	}
 
 	/* Cannot erase less than one sector */
-	if (size < 4096 || size > SIZE_STORAGE_AREA ||
+	if (size < 4096 || size > SIZE_STORAGE_AREA || size % 4096 != 0) {
-	    size % 4096 != 0) {
 		return -2;
 	}
 
@@ -225,8 +227,7 @@ int storage_write_data(struct partition_table *part_table, uint32_t offset,
 		return -3;
 	}
 
-	if ((offset + size) > SIZE_STORAGE_AREA ||
+	if ((offset + size) > SIZE_STORAGE_AREA || size > 4096) {
-	    size > 4096) {
 		/* Writing outside of area */
 		return -2;
 	}

hw/application_fpga/fw/tk1/syscall_handler.c

@@ -38,8 +38,10 @@ int32_t syscall_handler(uint32_t number, uint32_t arg1, uint32_t arg2,
 
 		(void)memset((void *)resetinfo, 0, sizeof(*resetinfo));
 		resetinfo->type = userreset->type;
-		memcpy((void *)resetinfo->app_digest, userreset->app_digest, 32);
+		memcpy((void *)resetinfo->app_digest, userreset->app_digest,
-		memcpy((void *)resetinfo->next_app_data, userreset->next_app_data, arg2);
+		       32);
+		memcpy((void *)resetinfo->next_app_data,
+		       userreset->next_app_data, arg2);
 		*system_reset = 1;
 
 		// Should not be reached.
@@ -61,16 +63,16 @@ int32_t syscall_handler(uint32_t number, uint32_t arg1, uint32_t arg2,
 
 		return 0;
 	case TK1_SYSCALL_WRITE_DATA:
-		if (storage_write_data(&part_table_storage.table, arg1, (uint8_t *)arg2,
+		if (storage_write_data(&part_table_storage.table, arg1,
-				       arg3) < 0) {
+				       (uint8_t *)arg2, arg3) < 0) {
 			debug_puts("couldn't write storage area\n");
 			return -1;
 		}
 
 		return 0;
 	case TK1_SYSCALL_READ_DATA:
-		if (storage_read_data(&part_table_storage.table, arg1, (uint8_t *)arg2,
+		if (storage_read_data(&part_table_storage.table, arg1,
-				       arg3) < 0) {
+				      (uint8_t *)arg2, arg3) < 0) {
 			debug_puts("couldn't read storage area\n");
 			return -1;
 		}
@@ -90,17 +92,21 @@ int32_t syscall_handler(uint32_t number, uint32_t arg1, uint32_t arg2,
 		// arg2 data
 		// arg3 size
 		// always using slot 1
-		return preload_store(&part_table_storage.table, arg1, (uint8_t *)arg2, arg3, 1);
+		return preload_store(&part_table_storage.table, arg1,
+				     (uint8_t *)arg2, arg3, 1);
 
 	case TK1_SYSCALL_PRELOAD_STORE_FIN:
 		// arg1 app_size
 		// arg2 app_digest
 		// arg3 app_signature
 		// always using slot 1
-		return preload_store_finalize(&part_table_storage, arg1, (uint8_t *)arg2, (uint8_t *)arg3, 1);
+		return preload_store_finalize(&part_table_storage, arg1,
+					      (uint8_t *)arg2, (uint8_t *)arg3,
+					      1);
 
 	case TK1_SYSCALL_PRELOAD_GET_DIGSIG:
-		return preload_get_digsig(&part_table_storage.table, (uint8_t *)arg1, (uint8_t *)arg2, 1);
+		return preload_get_digsig(&part_table_storage.table,
+					  (uint8_t *)arg1, (uint8_t *)arg2, 1);
 
 	case TK1_SYSCALL_STATUS:
 		return part_get_status();