As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_
macros.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
The bootloader will not verify the cryptographic signature of the image
at boot or prior to upgrade. Image integrity check is retained.
Images would still need to be processed using `imgtool` however no key
should be provided to skip cryptographic signature generation.
Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
- If MCUBOOT_SIGN_RSA, MCUBOOT_SIGN_EC, MCUBOOT_SIGN_EC256 are not
defined cryptographic signature check is skipped during validation.
sha256 check is still retained. This reduces the binary size, at the
expense of greatly reduced security. However this can be acceptable
in some scenarios where cryptographic check is not required.
Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
Was 3, but mcumgr sometimes sends 2 ("off" + "data", "len" is not needed
when "off" != 0). Reduce to 1 to avoid the problem, since the code
has other checks to catch this.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
The variable `dec_off` can possibly be uninitialized in this function.
As long as the serial protocol used is formed correctly, the
initialization will always happen. Place an initialization upon
function entry to protect against a case where a malformed protocol is
able to provoke this variable being used before being initialized.
Signed-off-by: David Brown <david.brown@linaro.org>
As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated
move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
As upstream zephyr is phasing out DT_FLASH defines for non-partition
usage replace DT_FLASH_DEV_NAME with
DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
To make contributions easier, place explicit copyrights by the major
contributors, along with an SPDX license identifier. Files that came
from the mynewt project, which was an Apache project will retain the
Apache project license text, although this does not apply to new
contributions, which are being made by individual contributors.
Hopefully, this will keep everyone happy, but allow contributors that
need to add an explicit copyright to have a place they can add that.
Fixes#501
Signed-off-by: David Brown <david.brown@linaro.org>
This macro is part of the C11 standard. Remove the use of a specialized macro
just for Zephyr, and use the standard macro for all platforms. This reduces
dependencies on specific versions of Zephyr.
In addition. The Zephyr-specific code was using toolchain/gcc.h which
would only work with gcc.h, so doesn't actually address any of the
objections. If this ever becomes a problem with Zephyr, we can figure
out a proper way to fix this.
Signed-off-by: David Brown <david.brown@linaro.org>
The STM32L475 needs BOOT_MAX_IMG_SECTORS equal 256 to work properly.
This add a config file to change default value from 128 to 256 once
there isn't a proper way to handle using Device Tree.
fixes zephyrproject-rtos/zephyr/issues/24243
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
- Define new TLV for carrying information for x25519 based encrypted
images.
- Add routines to parse embedded encryption key, generated shared
secret and image decryption key.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581
Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
Board was renamed here:
zephyrproject-rtos/zephyr#24049
Patch aligns the name in MCUBoot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Use <arch/arm/aarch32/cortex_m/cmsis.h> include instead of <zephyr.h> to
get access to Cortex-M CMSIS API. zephyr.h provides kernel API, does not
guarantee access to CPU internals.
Fixes: #699 "Building MCUBoot for Zephyr fails on multiple ARM boards"
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replay of reverted to early committed patch 6d417c9:
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Modify the definition of certain shared data TLV entry header fields to
be aligned with the image TLV's behaviour (the meaning of the tlv_len
field was different) and achieve unified interpretation.
Modify some macro definitions that use bitwise shift operators to
prevent certain errors from occurring due to implementation-defined
behaviour.
Change-Id: Ib736703a391d390a87d629a8ac4e77e1789120a5
Signed-off-by: David Vincze <david.vincze@linaro.org>
Implement the functions declared in boot_record.h and add
each BOOT_RECORD TLV's CBOR encoded binary data (one TLV entry per
image) to a shared data area between the bootloader and the runtime SW.
These data units are stored in a TLV format (in the shared area too) and
contain certain attributes of the given image / SW component such as:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)
Preserving all these image attributes from the boot stage for use by
later runtime services is known as a measured boot. The list of the
shared attributes is based on the recommendations of Arm's Platform
Security Architecture (PSA).
The main purpose of this patch is to create the prerequisites of an
attestation service by providing these measurements.
The boot_record.c and boot_status.h (originally tfm_boot_status.h) files
were copied (with modifications) from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: I37a8e7b10d5bf80a581651ffaf65b3cba45eaff2
Signed-off-by: David Vincze <david.vincze@arm.com>
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.
The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.
[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
USE_DT_CODE_PARTITION")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr timeout API is changing and will use opaque value (k_timeout_t)
instead of raw values. K_MSEC is used to convert raw milliseconds value
to k_timeout_t.
This change is backward compatible so can be merged independently.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Generated serial_recovery_cbor.c and serial_recovery_cbor.h
Copied cbor_decode.c and cbor_decode.h
This commit is the result of running
./regenerate_serial_recovery_cbor.sh "2020 Nordic Semiconductor ASA"
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
- Add the cddl_gen repository as a submodule.
- Add a CDDL description file for the serial recovery packets to be
decoded.
- Add generated code files and cddl_gen's CBOR library to CMakeList.txt
for Zephyr.
- Convert boot_serial.c to use the new code.
- Add a bash script to (re)generate code files using cddl_gen.py.
Serial recovery should work exactly as before, but the binary should be
about 1k smaller.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Name of the board is changing in the zephyr-rtos:
https://github.com/zephyrproject-rtos/zephyr/pull/23447
This patch aligns the board name used which is required for suppression
of build warnings.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.
Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.
MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Updating the URL for git repository in README file to reflect merge
of PSoC62 into mcuboot master.
Signed-off-by: Christian Daudt <christian.daudt@cypress.com>
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.
Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.
Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.
build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
-- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Andrzej Puzdrowski