Commit Graph

125 Commits

Author SHA1 Message Date
Robert Paananen 556b32a679 boot: Removed unnecessary if-statement
If-statement checks if length is greater than some value right after a check if it is equal to the same value.
This will never be true.

Signed-off-by: Robert Paananen <robert@paananen.nu>
2024-04-18 10:49:14 +01:00
Øyvind Rønningstad 205d7e5b41 boot_serial: Adapt to zcbor 0.8.x
Change one _term to _lit that was missed earlier.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2024-01-30 12:18:51 +00:00
Øyvind Rønningstad 63ddb71d51 boot_serial: Adapt to API changes in zcbor 0.8.0
New arguments in zcbor_new_state are set to NULL/0 because they are
only needed when using the zcbor_unordered_map API.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2024-01-25 08:16:49 +00:00
Jamie McCrae 5e6cffbf4a boot: boot_serial: Fix single slot encrypted image list
Fixes an issue whereby MCUboot is configured in single application
slot mode with serial recovery with encryption and an encrypted
image has been loaded, if valid this will have been decrypted, so
should not be treated as encrypted

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-28 09:26:28 +00:00
Jamie McCrae e9fccef5dd boot_serial: Fix missing response if echo command disabled
Fixes an issue whereby when an echo command is sent in serial
recovery mode, if it is disabled, there would just be no response
at all, which is invalid operation

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-11-07 10:22:02 +00:00
Jamie McCrae c7aa2c029e boot_serial: Fix issues with single slot mode/encrypted images
Fixes 2 issues, one whereby multiple slots were checked despite
operating in single slot mode, and another whereby decrypted
images would not appear on serial recovery image listing, due
to assuming that the images were still encrypted.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 10:55:24 +01:00
Jamie McCrae 6ba46c0b82 boot_serial: Fix issue with queued commands
Fixes an issue whereby multiple commands are received and some
are still being processed. This generally arises when a response
takes a long time (e.g. when image decryption is required),
duplicate commands will now send multiple responses but avoids
the bug of future commands being sent to which previous responses
are received.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-20 09:58:09 +02:00
Jamie McCrae 5c5222f884 boot_serial: Fix include
Fixes an include which is needed for multiple options by just
always including it, and fixing the path so it can be included.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-09-12 12:56:39 +02:00
Benjamin Bigler 480b97f2e2 boot_serial: Fix missing point if using snprintf
Adds missing point in version when snprintf is used

Signed-off-by: Benjamin Bigler <benjamin.bigler@securiton.ch>
2023-09-08 07:40:03 +01:00
Jamie McCrae c9fa60886b boot: boot_serial: Fix issue with encrypted second slot images
Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-08-09 07:45:22 +01:00
Jamie McCrae 61898dad92 boot: boot_serial: Add updated SMP header
Adds missing fields which were wrongly treated as part of the
operation value, which they were not, and adds a big/little
endian check.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-31 08:32:50 +01:00
Michal Gorecki 5404130e20 boot_serial: Fix build for 64-bit architectures
Typecasting pointer variables to uint32_t
instead of uintptr_t was causing build error
on 64-bit architecture.

This is useful, because I am currently working
on implementing support for 64-bit native target
in Apache Mynewt. There is unit test for boot_serial
and it cannot be compiled without this changes.

Signed-off-by: Michal Gorecki <michal.gorecki@codecoup.pl>
2023-07-26 13:16:21 +01:00
Jamie McCrae 9fad4c1f16 boot: boot_serial: Fix wrong cbor type for confirm
Fixes the wrong variable type being used for the confirm element.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-20 17:00:09 +01:00
Jerzy Kasenberg e486b533c1 boot: mynewt: add support for the mcumgr echo command in serial boot mode
This allows user to enable echo for mcumgr command in serial boot.
Code was enabled in zephyr only so far.
Now mynewt build can also have this feature if enabled.

No code changes just option in mynewt build to enable existing
mcuboot feature.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2023-07-17 19:36:07 -03:00
Piotr Dymacz 6a8746d7ac boot_serial: fix image number handle in image upload request
According to the SMP protocol documentation [1], 'image number' value
in 'image upload request' is optional and can be included only in packet
with 'off' (data offset) set to '0' (first packet in upload request).

In one of recent changes (commit 'cb07e888691d'), initialization of the
'img_num' variable was removed which, in extreme case (no image number
provided in upload request), results in use of its uninitialized value
in flash_area_open() call which then might lead to request abort.

This fixes above regression and also makes MCUboot implementation of the
'image upload request' aligned with Zephyr documentation of the protocol
by considering image number only from first (off == 0) 'image upload
request' SMP packet. In addition, 'image number' value is set to '0' if
the request doesn't provide this field.

[1] docs.zephyrproject.org/latest/services/device_mgmt/smp_groups/smp_group_1.html

Fixes: cb07e88869 ("boot_serial: Replace cbor auto-generated code with zcbor functions")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-07-05 16:59:19 -06:00
Piotr Dymacz f2cb55027c boot_serial: fix misuse of 'matched' param from zcbor_map_decode_bulk()
The 'matched' param in zcbor_map_decode_bulk() function is 'pointer to
the counter of matched keys', not length of payload buffer.

Fixes: fac2cabe98 ("boot_serial: Add image state set/get")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-07-05 16:58:09 -06:00
Jamie McCrae 82feb9a4c5 boot_serial: Fix showing images that are not valid
Fixes an issue which was introduced in commit
fac2cabe98 which would show all
images, including those with invalid headers in the output of
images being listed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-07-05 16:57:12 -06:00
Jamie McCrae fac2cabe98 boot_serial: Add image state set/get
Adds optional image state set/get functionality to serial recovery
mode which allows for listing image states and marking images to
be tested or as confirmed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:19:20 -06:00
Daniel DeGrasse c393b54246 boot: boot_serial: fix usage of zcbor_new_encode_state API
Fix usage of zcbor_new_encode_state API, to correctly pass the payload
length. The previous usage was passing a pointer to the end of the
payload, which resulted in the ZCBOR structure being initialized with
an invalid `payload_end` field. On some platforms, this breaks MCUBoot
serial recovery, as the ZCBOR structures required to send response data
are invalid and can no longer be populated with response data.

Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
2023-05-25 14:17:20 -06:00
Jamie McCrae 0038f3967b boot: zcbor: Move copy script
Moves and updates the copy script to the zcbor folder

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae cb07e88869 boot_serial: Replace cbor auto-generated code with zcbor functions
Replaces the auto-generated decoding/encoding files with inline code
for encoding/decoding cbor data structures, this adds the benefit of
allowing the elements to be in any order and reduces code size. To
accommodate this, zcbor_bulk has been imported from Zephyr.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae db6ba46244 boot_serial: Unify zcbor include paths
Moves zcbor files to a subdirectory and replaces differing
include path styles to be unified.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-12 10:33:28 +01:00
Jamie McCrae 393af79ef1 boot_serial: Update zcbor files from zcbor 0.7.0
Updates zcbor files from version 0.7.0, needed for size variable
support.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-26 13:11:56 +02:00
Jamie McCrae f7d8660e85 boot_serial: Fix include paths for zephyr builds
Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-24 11:34:28 +02:00
Jamie McCrae e5c57dd134 boot_serial: Only have build number if non-zero
Only returns the build number in versions responses if the value
is non-zero.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-04-13 19:25:42 +02:00
Jamie McCrae 827118f2e4 boot: serial_recovery: Add image hash support
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-03-23 10:25:38 +01:00
Piotr Dymacz f5e7753b9e boot_serial: support fragmentation for outgoing SMP packets
The mcumgr packet sent over serial should be fragmented into frames of
up to 127 bytes, including 2-bytes frame start header and 1-byte for
terminating newline [1], resulting in up to 124 bytes for the base64
encoded payload.

Current implementation doesn't fulfill above requirement and transmits
single frames, without considering their length. This change introduces
support for fragmenting as defined in 'SMP over console' specification.

[1] github.com/apache/mynewt-mcumgr/blob/master/transport/smp-console.md

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-03-21 15:10:12 +01:00
Szymon Janc 874a0ab4d5 boot_serial: Fix Mynewt tests build
__packed may not be available in all environments. In such
case just fallback to  __attribute__((__packed__)).

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2023-03-17 07:53:19 -03:00
Jamie McCrae e8294b2af5 boot_serial: Add packed to struct
Adds a packed attribute to the nmgr struct to avoid issues on
architectures that do not support unaligned memory access.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-03-15 09:23:04 +01:00
Dominik Ermel 2476988309 boot: Switch to flash_area_get_sector.
Replace flash_area_sector_from_off calls with flash_area_get_sector.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-03-14 08:13:20 -06:00
Dominik Ermel b26fc487ee boot/boot_serial: Add boot_reset_request_hook to bs_reset
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:33:34 -07:00
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Jamie McCrae 9d3fd7f7eb boot_serial: Add unaligned stack buffer writing
Fixes a bug when writing to devices which have memory alignment
requirements with data being using directly from a zcbor-response
whereby the alignment of the buffer data does not meet the
requirements of the flash driver.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-01-03 12:18:54 +01:00
Jamie McCrae ad1fb3dde2 boot_serial: Allow using a buffer larger than 512 bytes
There are 3 levels of buffers and only the first one seems to be
configurable, this fixes that issue.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-04 13:20:46 +01:00
Jamie McCrae 0b6d3439bb boot_serial: Fix rc not being returned as a signed value
Fixes an issue whereby rc is a signed variable but is returned as
an unsigned variable in the zcbor functions.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-02 22:52:48 +01:00
Almir Okato 7d3622ffbb boot_serial: espressif: change CRC call for esp chips general compatibility
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-11-11 11:22:00 -03:00
Gerard Marull-Paretas 4eca54f417 boot: serial: add missing Zephyr kernel.h include
boot_serial.c is using Zephyr Kernel APIs without including kernel.h.

Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
2022-10-06 13:58:42 +02:00
Almir Okato 90be6e6001 boot_serial: adding missing errno.h header
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-09-29 11:37:13 -03:00
Piotr Dymacz 067f30ae96 boot_serial: explain disabled idle state in timeout based recovery
This adds short explanation (in form of a comment) why CPU shouldn't
enter idle state in timeout based serial recovery.

Ref: 3942e9bf8f ("boot_serial: fix serial recovery mode with timeout")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-08-13 16:02:53 +02:00
Piotr Dymacz 3942e9bf8f boot_serial: fix serial recovery mode with timeout
If 'BOOT_SERIAL_WAIT_FOR_DFU' is selected, the CPU shouldn't enter idle
state, waiting for interrupt from the console because we expect booting
if no mcumgr command is received within a configured timeout (with the
'CONFIG_BOOT_SERIAL_WAIT_FOR_DFU_TIMEOUT').

Without this fix, when using 'BOOT_SERIAL_WAIT_FOR_DFU' the boot process
hangs forever, waiting for input from console.

Fixes: e3822f8180 ("boot_serial: zephyr: Add optional timeout to enter serial recovery")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2022-08-12 13:35:51 +02:00
Stephanos Ioannidis 09e2bd70fd boot_serial: Fix incorrect format specifier for off_t
The `BOOT_LOG_INF` function, which uses the format specifiers defined
by the C standard, was incorrectly printing a variable with the type of
`off_t` using the `%x` format specifier, which is intended to be used
with the `int` type.

The `off_t` type, specified by the POSIX standard, is not guaranteed to
be `int`, and it may be defined as `long` or `long long` depending on
the toolchain and the target architecture.

This commit updates the print routine such that it casts the arguments
of the `off_t` type to `intmax_t` and prints them out using the
corresponding `%jx` format specifier.

Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
2022-08-04 09:28:17 +02:00
Fabio Baltieri 888e261a76 boot_serial: add "zephyr/" prefix to __ZEPHYR__ includes
Add relevant "zephyr/" prefixes to allow building with the Zephyr
option CONFIG_LEGACY_INCLUDE_PATH=n.

Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
2022-07-26 19:20:21 +02:00
Almir Okato e8cbc0d0f1 boot_serial: espressif: ESP32 serial recovery mode interface
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.

Signed-off-by: Almir Okato <almir.okato@espressif.com>

espressif: Configure console via bootloader_support functions

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-07-19 11:07:04 -03:00
Szymon Janc 1270880d2f boot_serial: Fix compilation due to danling pointer
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:341:52: error:
     dangling pointer ‘result’ to ‘dummy’ may be used
     [-Werror=dangling-pointer=]
  341 |         state->payload_end = result->value + result->len;
      |                                              ~~~~~~^~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:325:37: note: ‘dummy’
     declared here
  325 |                 struct zcbor_string dummy = {};
      |                                     ^~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:341:36: error:
     dangling pointer ‘result’ to ‘dummy’ may be used
     [-Werror=dangling-pointer=]
  341 |         state->payload_end = result->value + result->len;
      |                              ~~~~~~^~~~~~~
repos/mcuboot/boot/boot_serial/src/zcbor_decode.c:325:37: note: ‘dummy’
     declared here
  325 |                 struct zcbor_string dummy = {};
      |                                     ^~~~~
cc1: all warnings being treated as errors

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2022-06-27 14:28:45 -06:00
Szymon Janc 1cd3196400 boot_serial: Fix Mynewt tests compilation
repos/mcuboot/boot/boot_serial/test/src/testcases/
    boot_serial_upload_bigger_image.c: In function
     ‘TEST_CASE_boot_serial_upload_bigger_image’:
repos/mcuboot/boot/boot_serial/test/src/testcases/
    boot_serial_upload_bigger_image.c:91:42: error:
     ‘Value8Bit’ undeclared (first use in this function)
91 | buf[payload_off + len - 2] = Value8Bit;
| ^~~~~~~~~

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2022-06-27 14:26:39 -06:00
Dominik Ermel 7d2f0bf425 boot_serial: Refactoring writes
The commit reduces write logic.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-23 09:40:56 +02:00
Dominik Ermel bcc17b4575 boot_serial: Refactoring of erase logic
The progressive erase and non-progressive erase code has been
refactored; some additional comments have been added to logic.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-23 09:40:56 +02:00
Dominik Ermel 2f2b31cb90 boot_serial: Remove unneeded carriage return at the end of frame
The correct end of SMP frame, over console, is single '\n'.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-22 14:35:42 +02:00
Dominik Ermel 5bd8744e89 boot_serial: Refactoring variables used in image upload
Types of a few variables have been changed to more align with
what they represent; variables have been renamed to make their
purpose more clear.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-22 14:25:09 +02:00
Dominik Ermel d49cfc14c3 boot_serial: zephyr: Use snprintf to format version string
Move formatting of version string to use snprintf, which Zephyr
provides, instead defining utility function for that purpose.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-06-09 15:43:50 +02:00