Commit Graph

2180 Commits

Author SHA1 Message Date
Jamie McCrae 05d1194277 docs: release: Add note on firmware loader mode
Adds a note on the new firmware loader operation type

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-28 13:59:00 +00:00
Jamie McCrae 215345f76a zephyr: Add firmware loader MCUboot operation style
Adds a new operation style in which the secondary slot has an
image which is used to update the primary image only.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-28 13:59:00 +00:00
Jamie McCrae 433b8480f7 zephyr: Move IO functions out of main to separate file
Moves IO functions into a separate file to allow reuse

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-28 13:59:00 +00:00
Jamie McCrae 5e6cffbf4a boot: boot_serial: Fix single slot encrypted image list
Fixes an issue whereby MCUboot is configured in single application
slot mode with serial recovery with encryption and an encrypted
image has been loaded, if valid this will have been decrypted, so
should not be treated as encrypted

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-28 09:26:28 +00:00
Andrej Butok 3f0b89d680 boot: zephyr: add support for mimxrt101x_evk
Add default configuration for mimxrt1010_evk and mimxrt1015_evk.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-11-28 09:26:11 +00:00
Jamie McCrae 47b3436255 zephyr: kconfig: Prevent MBEDTLS selection when tinycrypt is used
Prevents an issue which occurs when the MCUboot configuration is
changed which then selects multiple conflicting symbols

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-21 13:30:10 +00:00
Andrej Butok cd82f8bf7a boot: zephyr: add support for lpcxpresso55s28
Add default configuration for lpcxpresso55s28.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-11-21 13:29:34 +00:00
Jamie McCrae 0c0470e294 docs: release: Add notes on Zephyr USB fixes and boot serial echo
Adds 3 notes, 2 for zephyr USB CDC ACM fixes and 1 for a boot
serial echo fix

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 10:25:14 +00:00
Andrej Butok 6c4f7b4c63 doc: imgtool: update align description
Update the --align option values.
Add its description.
Delete [required], as it is optional now.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-11-07 10:22:14 +00:00
Jamie McCrae e9fccef5dd boot_serial: Fix missing response if echo command disabled
Fixes an issue whereby when an echo command is sent in serial
recovery mode, if it is disabled, there would just be no response
at all, which is invalid operation

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 10:22:02 +00:00
Jamie McCrae 013c9e7654 boot: zephyr: board: various: Remove size optimisation
This value is now the default, remove explicitly setting it for
some boards

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 09:08:27 +00:00
Jamie McCrae 0a8bbbf4b7 boot: zephyr: Fix USB configs
Fixes USB configurations so that they build out of the box, this
previously falsely built successfully but would not run

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 07:44:00 +00:00
Jamie McCrae d5c963c549 boot: zephyr: serial_adapter: Add error if main thread not preemptible
Adds a build failure if the main thread priority is not preemptible
and USB CDC ACM serial recovery is used, this is because if this is
the case, USB events will never be able to be processed and serial
recovery cannot ever enumerate

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 07:44:00 +00:00
Jamie McCrae 822b6cb710 boot: zephyr: serial_adapter: Fail if USB CDC enabled with console
This prevents MCUboot from successfully building if console and
serial recovery (USB CDC) are both enabled and they both point to
the same device

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 07:44:00 +00:00
Jamie McCrae 4a1effbc30 zephyr: Remove deprecated ZEPHYR_TRY_MASS_ERASE option
This option was deprecated 8 months ago, remove it.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-01 15:55:46 +00:00
Andrej Butok 2b924da464 samples: zephyr: Use the default MCUBoot PEM key file.
Use the default MCUBoot PEM key file in hello-world project settings.
Without it the application is not verified by MCUBoot.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-11-01 09:53:10 -06:00
Andrej Butok 25b7c7a8e7 imgtool: make "align" command line parameter optional
Align parameter should be optional:
- it has a default value.
- it is not used for non-swap update modes.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-11-01 09:52:55 -06:00
David Brown 301d565560 readme: update for next dev release
Bump version described in README to a development version of the next release.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-11-01 09:51:15 -06:00
Fabio Utzig 304fd41980 mynewt: update to release 2.0.0
Update Mynewt metadata for v2.0.0 release.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: David Brown <david.brown@linaro.org>
2023-10-23 17:36:54 -06:00
David Brown e0bdcdecec Update version files for 2.0.0
Update documentation and version tags for final 2.0.0 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-10-23 17:36:54 -06:00
Almir Okato d3819c90b4 espressif: allow the use of a different toolchain for building
TOOLCHAIN_BIN_DIR can be defined for a different toolchain use.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-10-17 04:41:37 -03:00
Andrej Butok 9b92ee918f boot: zephyr: add support for LPC55Sxx
Add configuration for LPC55Sxx to MCUBoot.
It supports the upgrade only mode.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-10-10 11:10:18 +01:00
Andrej Butok 13767d0b72 bootutil: Disable MCUBOOT_BOOT_MAX_ALIGN assert for non-swap modes
- Assert should be checked only for SWAP update modes.
- Allow platforms with page size >32 Bytes (e.g. LPC) to use
  MCUBoot, at least for non-SWAP update modes.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
2023-10-05 10:25:10 +01:00
David Brown 4fe28b3cf6 Update zephyr version files for 2.0.0-rc1
Update for the rc1 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-09-29 08:19:05 -06:00
David Brown 6a6de4b26a scripts: imgtool: update to 2.0.0-rc1 release
Update the version of imgtool.  This should auto-publish when
released.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-09-29 08:19:05 -06:00
David Brown 62e2b4dead docs: Update release notes for 2.0.0-rc1
Collect release notes, and add a bit about the API change.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-09-29 08:19:05 -06:00
Jamie McCrae bf8cf46b34 docs: release: Add note on panicking if flash device open fails
Adds a note that flash open failing will cause the bootloader to
panic and now prints a verbose error out when this happens

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-28 15:10:46 +01:00
Jamie McCrae 2929a975c7 bootutil: Show error if flash area open fails
Shows an error if a particular flash area fails to open

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-28 15:10:46 +01:00
Jamie McCrae ae2aeedfe8 docs: release: Add note on boot serial extension rework
Adds a note on the reworked boot serial extensions features which
now allows modules to add handlers

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-28 07:35:31 +01:00
Jamie McCrae 268433e0a8 zephyr: Allow user-defined boot serial extensions
This allows for out-of-tree modules to define their own boot serial
functions by using iterable sections.
Note that this also removes the custom img list command, which was
not used in-tree.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-28 07:35:31 +01:00
Jamie McCrae 50f8b5f742 bootutil: Add shared data support for XIP with revert mode
Adds support for sharing the direct-XIP MCUboot mode with revert
to applications using shared data

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-27 18:11:56 +02:00
Jamie McCrae 8d0b35a1e9 bootutil: Add mode for XIP with revert
Adds a new define if bootloader in built in direct-XIP with revert
mode

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-27 18:11:56 +02:00
Jamie McCrae 6c8c76fc37 docs: Add note on addition of zephyr retention shared boot info
Adds a note that Zephyr can now use the retention subsystem to
share information with applications about MCUboot's configuration.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-27 07:49:25 +01:00
Jamie McCrae 4da510137a zephyr: Add shared data support
Adds the ability to share mcuboot configuration with the
application using Zephyr's retention subsystem.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-27 07:49:25 +01:00
Roland Mikhel 9bef51ce4a bootutil/crypto: Do not include import key with PSA
This fixes a build error when PSA Crypto API is being used
as it has no need for bootutil_import_key but it's included
currently since it's allowed to have both Mbed TLS and PSA defined.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If38d3011fc4fa2d317f8be65df9e231d7d57dcbf
2023-09-26 07:55:30 +02:00
Almir Okato db2024eb20 espressif: update secure boot and flash encryption
Adjust secure boot and flash encryption after IDF v5.x updates.
It also allows to enable secure boot on ESP32-C2.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-09-20 09:46:27 -03:00
Jamie McCrae 736234caa5 docs: release: Add note on bs image list fixes
Adds a note on fixes with boot serial image listing

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 10:55:24 +01:00
Jamie McCrae c7aa2c029e boot_serial: Fix issues with single slot mode/encrypted images
Fixes 2 issues, one whereby multiple slots were checked despite
operating in single slot mode, and another whereby decrypted
images would not appear on serial recovery image listing, due
to assuming that the images were still encrypted.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 10:55:24 +01:00
Jamie McCrae 5f30562e0c docs: release: Add note on boot_serial duplicate command fix
Adds a note about a fix for boot_serial duplicate commands

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 09:58:09 +02:00
Jamie McCrae 6ba46c0b82 boot_serial: Fix issue with queued commands
Fixes an issue whereby multiple commands are received and some
are still being processed. This generally arises when a response
takes a long time (e.g. when image decryption is required),
duplicate commands will now send multiple responses but avoids
the bug of future commands being sent to which previous responses
are received.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 09:58:09 +02:00
Roland Mikhel 5c00da4542 ci: Add test cases for ECDSA using PSA Crypto
Add ECDSA verification tests to the CI using the PSA Crypto API

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I904c8929f355ec791ff28ac7c3e0ca3832b2403d
2023-09-12 16:29:11 +02:00
Roland Mikhel fb5507b4a4 sim: Replace hash with SHA384 when P384 is used
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm. However, MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I364eefe334e4fe6668b8a3b97991b5dbb0c80104
2023-09-12 16:29:11 +02:00
Roland Mikhel 03c9ad0781 bootutil: Replace hash with SHA384 when P384 is used
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm, but MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I59230f76f88e0b42ad6383b2c9b71b73f33d7dd7
2023-09-12 16:29:11 +02:00
Roland Mikhel 5899face4d sim: PSA Crypto ECDSA enablement
This commit enables ECDSA signature verification using
PSA Crypto API.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I33f559ecdd59b1ce41c6a2d5f315212300d585e3
2023-09-12 16:29:11 +02:00
Roland Mikhel 274547ce06 bootutil: PSA Crypto ECDSA enablement
This commit enables ECDSA signature verification using
PSA Crypto API.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I51c7aadba03348f335e89d9252e70c09f8787f30
2023-09-12 16:29:11 +02:00
Jamie McCrae 8f8fbf9956 zephyr: Fall back to minimal C library
Changes back to the minimal C library instead of picolibc to
reduce flash usage

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-12 14:16:03 +01:00
Jamie McCrae 5c5222f884 boot_serial: Fix include
Fixes an include which is needed for multiple options by just
always including it, and fixing the path so it can be included.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-12 12:56:39 +02:00
Sylvio Alves b847a33ba2 espressif: use minimal libc as default for ESP32 boards
Make MINIMAL_LIBC as default for MCUboot app build instead
of picolibc. Footprint is lower and no need to
MULTLTHREADING enabled for SoC build.

Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
2023-09-08 11:01:07 -03:00
Benjamin Bigler 480b97f2e2 boot_serial: Fix missing point if using snprintf
Adds missing point in version when snprintf is used

Signed-off-by: Benjamin Bigler <benjamin.bigler@securiton.ch>
2023-09-08 07:40:03 +01:00
Piotr Dymacz 3790f5f055 boot: zephyr: use indication LED also in timeout based recovery
This adds support for indication LED option (MCUBOOT_INDICATION_LED) in
the timeout based recovery. Configured LED will be enabled when entering
the recovery and disabled after selected timeout (if no mcumgr command
was received).

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-09-07 11:37:34 +01:00