Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.
fixes#831
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Remove unnecessary includes and create conditionally
the MCUBOOT_FIH_PROFILE_OFF define to avoid redefinition
warnings.
Change-Id: I6a34af2a5e45b81fdedd26bc1fa50ab0b9a05918
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Some Zephyr boards enable HW stack protection by default, which
propagates in mcuboot build. Bootloader works fine with that option, but
the problem arises when we jump to application code. HW stack protection
catches application code during early init, which results in
"unresponsive" application.
Disable HW stack protection, so it doesn't make any harm for application
code.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Fix boostrapping in swap-move that was being skipped due to the having
an erased header in the primary slot which caused an early return
because of the requirement of having to re-read image headers when
"moving" an image during an upgrade.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Remove `MCUBOOT_OVERWRITE_ONLY_FAST` from overwrite-only upgrades, to
make it compatible with `large-write` tests after the latest changes
to the fast overwrite code; make it default when bootstrapping.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Previously when `MCUBOOT_OVERWRITE_ONLY_FAST` was set, the whole amount
of sectors that stored an image were being copied. After this commit
only the exact amount of data used by the image is copied; this avoids
copying some 0xff (or garbage) data between the end of the image and the
end of the last sector storing it.
Extra trailer management was added which suits using the copy upgrade
routine also for bootstrapping.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Add support for the pinnacle_100_dvk board.
The Pinnacle 100 modem slot 1 partition
is located in external QSPI.
Add a board file overlay to enable QSPI flash.
Signed-off-by: Ryan Erickson <ryan.erickson@lairdconnect.com>
nrfxlib need to be cloned manullay.
This patch gives a help message to the user in case it
was missing.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Usage of cc310 by defaults gives poor user
experience out of the box as it requires manual
cloning of nrfxlib repository.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add fault injection hardening profile configuration to Zephyr config.
Default config is to not have any hardening in SW against hardware level
fault injection like clock or power glitching, EM pulse, laser beam, etc.
Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Add fault attack mitigation measures to code vital for the correct
validation of images.
Change-Id: If6eb1110a8c2966faf105d07ad2e95482a80a8d9
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Remove a footnote that is not generating a proper link and add an inline
link to the mbed TLS referece for platform.h. This also fixes a warning
when running through recommonmark==0.6.0 because it is unable to parse the
old syntax.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This change adds Disclaimer section to Cypress related documentation and adds details about custom hardware configuration flow.
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Entering deep sleep on CM0 without valid application on CM4 caused pyocd error while programming. This fix disables entering deep sleep mode on CM0 if no valid applications found for boot. Waiting for uart complete tx reworked. Code refactoring
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
This is the preferred signing type with this HW available.
Add 'ECDSA' to the kconfig name to align with the tinycrypt variant.
Remove superfluous checks on select operations.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Automate process of selecting correct .pem key file.
Zephyr users are familiar with using 'menuconfig' and similar tools
for seeing what options are available, so remove =n choices from
prj.conf which were used to show the available options.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
- The enc_context needs to initialize.
boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.
- Handle boot_encrypt getting called with size of 0.
- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.
I don't quite like this because it's implicit and will leak memory on
other ports.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
Mynewt testing does not need git submodule so avoid cloning them. Remove
MULTI_FEATURE environment variable only used by sim.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This adds a github workflow test that reproduces the same behavior as
the current travis workflow test (for the simulator). Most of the work
is done by support scripts, and it is the list of tests that is
duplicated from the .travis.yaml file.
Signed-off-by: David Brown <david.brown@linaro.org>
- improved code in MCUBootApp
- added possibility to enter deep sleep mode after mcuboot app execution
- minor refactoring
Signed-off-by: dmiv <dmiv@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Signed-off-by: Taras Boretskyy <taras.boretskyy@cypress.com>
When Image.create() is called without the 'custom_tlvs' argument, it
gets its default value (None). It must be checked before performing
any operations on/with it.
Change-Id: I8e0755265f35f9eeb796fe078a6ad8c8d9f2b8da
Signed-off-by: David Vincze <david.vincze@linaro.org>
Optionally extract build artifacts from an archive file instead of
building them. This completes the separation between building the tests
and running them. To use this, do something like:
go run test-compile.go
Arrange to have the mcuboot dir and the test-images.zip on the test
target, and then run:
go run run-tests.go -prebuilt test-images.zip
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of just having the build commands part of the test execution,
separate them into a separate value. This will facilitate having an
option that doesn't actually build the tests, but extracts them from an
archive.
Signed-off-by: David Brown <david.brown@linaro.org>
Create a program that separately compiles the tests and assembles them
into a zip file. This will help when the build environment and the test
environment are not the same machine.
Signed-off-by: David Brown <david.brown@linaro.org>
Move the list of tests to run from the test runner itself into its own
package. The test can be invoked the same way (Go will find the go.mod
at the top of mcuboot), but this will make it easier to separate a test
runner from a test builder.
Signed-off-by: David Brown <david.brown@linaro.org>
This module file tells the Go tools the URL space where this project
lives. This allows code within the project to refer to these files by
URL.
Signed-off-by: David Brown <david.brown@linaro.org>
Added configuration for build in Zephyr-RTOS CI MCUBoot
in CONFIG_SINGLE_APPLICATION_SLOT=y mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The terms "single-image boot" and the "single image application"
of Zephyr are confused. It might be might be understood as one-pair image
dual-bank mode in comparison to multi-image mode.
This patch replaces CONFIG_SINGLE_IMAGE_DFU by
CONFIG_SINGLE_APPLICATION_SLOT name,
which makes this mode name unambiguous.
fixes#800
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fix
This patch introduces the ram-load mode in addition to the other
upgrade modes (swap strategies, overwrite-only, direct-XIP). When
ram-load is enabled with the MCUBOOT_RAM_LOAD option, mcuboot
selects the newest valid image based on the image version numbers from
the image header, thereafter the selected image loaded to the RAM and
executed from there. Load address is extracted from the image header.
Therefore the images must be linked to the RAM memory region.
The ram-load mode is very similar to the direct-XIP mode, main
difference is to load the newest image to the RAM beforehand the
authentication and execution. Similar to direct-XIP mode either
of the primary and the secondary slots can hold the active image.
Ram-load can be useful in case of a bit more powerful SoC, which
is not constrained in terms of internal RAM. It could be that image
is stored in external and therefore untrusted flash. Loading image
to internal (trusted) RAM is essential from the security point
of view the system. Furthermore execution from internal RAM is much
faster than from external flash.
This patch is based on the RAM_LOADING upgrade strategy which was
first introduced in the Trusted Firmware-M project.
Source TF-M version: TF-Mv1.0.
Change-Id: I95f02ff07c1dee51244ac372284f449c2efab362
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Andrzej Puzdrowski