mcuboot/boot/zephyr/os.c

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

#include <zephyr.h>
#include <string.h>

#include "os/os_heap.h"

#ifdef CONFIG_BOOT_USE_MBEDTLS

#include <mbedtls/platform.h>
#include <mbedtls/memory_buffer_alloc.h>

/*
 * This is the heap for mbed TLS.  The value needed depends on the key
 * size and algorithm used.  For RSA-2048 signing, 6144 bytes seems to be
 * enough. When using RSA-2048-OAEP encryption + RSA-2048 signing, 10240
 * bytes seem to be enough.
 */
#if !defined(CONFIG_BOOT_ENCRYPT_RSA)
#define CRYPTO_HEAP_SIZE 6144
#else
#define CRYPTO_HEAP_SIZE 10240
#endif

static unsigned char mempool[CRYPTO_HEAP_SIZE];

/*
 * Initialize mbedtls to be able to use the local heap.
 */
void os_heap_init(void)
{
    mbedtls_memory_buffer_alloc_init(mempool, sizeof(mempool));
}
#else
void os_heap_init(void)
{
}
#endif
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00			`/*`
			`* Licensed to the Apache Software Foundation (ASF) under one`
			`* or more contributor license agreements. See the NOTICE file`
			`* distributed with this work for additional information`
			`* regarding copyright ownership. The ASF licenses this file`
			`* to you under the Apache License, Version 2.0 (the`
			`* "License"); you may not use this file except in compliance`
			`* with the License. You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing,`
			`* software distributed under the License is distributed on an`
			`* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY`
			`* KIND, either express or implied. See the License for the`
			`* specific language governing permissions and limitations`
			`* under the License.`
			`*/`

			`#include <zephyr.h>`
			`#include <string.h>`

			`#include "os/os_heap.h"`

zephyr: migrate signature type to Kconfig Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's mcuboot_config.h by converting them into the platform-agnostic MCUboot definitions. This requires some changes to the way the release test Makefile is structured, since Kconfig symbols cannot be set from the command line. Instead, use the OVERLAY_CONFIG feature of the Zephyr build system, which allows specifying extra fragments to merge into the final .config. (This is an orthogonal mechanism to setting CONF_FILE; it is used by Zephyr's CI script sanitycheck to add additional fragments, so it's appropriate for use by MCUboot's testing scripts as well.) We additionally need to move to a single prj.conf file due to a dependency issue. We can no longer determine CONF_FILE from the signature type, since that is now determined from the final .config or autoconf.h, which is a build output that depends on CONF_FILE. To move to a single prj.conf: - delete prj-p256.conf and adjust prj.conf to serve both signature types - add a top-level mbedTLS configuration file which dispatches to the right sub-header depending on the key type - as a side effect, have the simulator pick the right config file depending on the case This fixes and cleans up quite a bit of the signature type handling, which had become something of a mess over time. For example, it fixes a bug in ECDSA mode's configuration that wasn't actually selecting config-asn1.h, and forces the simulator to use the same mbedTLS configuration file as builds for real hardware. Finally, we also have to move the mbedTLS vs. TinyCrypt choice into mcuboot_config.h at the same time as well, since CMakeLists.txt was making that decision based on the signature type. Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com> 2018-04-13 01:02:38 +08:00			`#ifdef CONFIG_BOOT_USE_MBEDTLS`
Add Zephyr support for bundled mbed-tls ASN1 parser When using EC256 for signing, Zephyr now uses the bundled tinycrypt and mbed-tls ASN1 parser instead of relying on the one provided by the OS. Signed-off-by: Fabio Utzig <utzig@apache.org> 2017-12-12 18:10:40 +08:00
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00			`#include <mbedtls/platform.h>`
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`#include <mbedtls/memory_buffer_alloc.h>`
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`/*`
			`* This is the heap for mbed TLS. The value needed depends on the key`
Increase Zephyr mempool size for encrypted images For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not enough to allow for the calculations done by RSA-2048-OAEP (encrypted images), so when encrypted image support is enabled, increase it to a value that is known to work. Signed-off-by: Fabio Utzig <utzig@apache.org> 2018-12-17 19:17:15 +08:00			`* size and algorithm used. For RSA-2048 signing, 6144 bytes seems to be`
			`* enough. When using RSA-2048-OAEP encryption + RSA-2048 signing, 10240`
			`* bytes seem to be enough.`
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`*/`
Increase Zephyr mempool size for encrypted images For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not enough to allow for the calculations done by RSA-2048-OAEP (encrypted images), so when encrypted image support is enabled, increase it to a value that is known to work. Signed-off-by: Fabio Utzig <utzig@apache.org> 2018-12-17 19:17:15 +08:00			`#if !defined(CONFIG_BOOT_ENCRYPT_RSA)`
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`#define CRYPTO_HEAP_SIZE 6144`
Increase Zephyr mempool size for encrypted images For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not enough to allow for the calculations done by RSA-2048-OAEP (encrypted images), so when encrypted image support is enabled, increase it to a value that is known to work. Signed-off-by: Fabio Utzig <utzig@apache.org> 2018-12-17 19:17:15 +08:00			`#else`
			`#define CRYPTO_HEAP_SIZE 10240`
			`#endif`
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`static unsigned char mempool[CRYPTO_HEAP_SIZE];`
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00
			`/*`
			`* Initialize mbedtls to be able to use the local heap.`
			`*/`
			`void os_heap_init(void)`
			`{`
Zephyr: Use mbed TLS allocator Instead of the overly-simplistic allocator in Zephyr, use the still simplistic allocator in mbed TLS. On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes of bss. Signed-off-by: David Brown <david.brown@linaro.org> 2017-10-20 06:45:09 +08:00			`mbedtls_memory_buffer_alloc_init(mempool, sizeof(mempool));`
zephyr: Bring in the Zephyr build Add support for building mcuboot as a Zephyr application. This is copied from the iotboot repo with some minor reorganization to work with the mcuboot directory layout. 2017-01-07 02:16:53 +08:00			`}`
Fix ECDSA Zephyr configuration of mbed TLS The Zephyr configuration was enabling the memory buffer allocator (but not using it) without defining enough other features to allow it to compile (undefined reference to `exit()`). Disable the memory buffer allocator when just using the ASN.1 library, and conditionalize the heap itself to avoid using the RAM for that. Signed-off-by: David Brown <david.brown@linaro.org> 2017-11-15 02:38:06 +08:00			`#else`
			`void os_heap_init(void)`
			`{`
			`}`
			`#endif`