Calculation of BOOT_SERIAL_OUT_MAX was based on MCUBOOT_IMAGE_NUMBER
while in other places BOOT_IMAGE_NUMBER is taken into account as
number of images. Let's align the calculation to use same literal value
as others.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Definition is used (and redefined) by boot_serial.c module as well.
Let's allow to use one definition for all.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
`image-trailer-size` should be mentioned instead
of `image-trailer-sectors-size` in the maximal-image-size
evaluation description.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Custom boot_preboot() function can be used to start
DFU in similar way as is already done in zephyr.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
This patch prepares the simulator to execute images with a max align
value other than 8 bytes.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The mimxrt1024_evk board have a large slot so we need
to increase CONFIG_BOOT_MAX_IMG_SECTORS from the default.
Signed-off-by: Mikkel Jakobsen <mikkel.aunsbjerg@prevas.dk>
Added sub-header for point where swap-using-scratch algorithm
is described.
Added note on the maximum image size allowed for this mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Image trailer might consume notable amount of image slot size.
This path adds note for emphasize that fact.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
CONSOLE_HANDLER is not needed for MCUboot configuration for
doing anything. Also not need to disable others CONSOLE's properties
if CONSOLE=n.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixed H2 title in 2nd section
Rephrased the 1st section to remove duplicate content.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
In a multi image context it is possible for a user to upload an image
to the wrong secondary slot. As the same key is used for both images
MCUboot will overwrite image 0 with a variant of image 1.
If direct overwrite is enabled it is not trivial to recover from this.
To mitigate this issue we introduce a check of the reset address within
the vector table.
If the reset address in the new image is not contained within the
primary slot the image is deemed incorrect and is deleted from the
secondary slot
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Updated security.md:
- Fixed small formatting issues
- Fixed a pair of sentences.
- Added mention to hackerone page.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
The encoding of ECDSA signatures is variable sized. Better support this
by allowing the TLV size estimate to be off by as much as 6, but only in
the case of ECDSA signature.
Signed-off-by: David Brown <david.brown@linaro.org>
Having profile configuration in sub crates generates a warning every
time Cargo is run. Remove these lines, as the top-level Cargo.toml file
defines these values.
Signed-off-by: David Brown <david.brown@linaro.org>
When passed `Largest`, as the image size, compute the largest possible
image for the test.
This currently fails when 'swap-move' is enabled or
'overwrite-only,large-write' is enabled. Allow this by not testing
maximal images in these cases.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of just passing in a numeric value for the image size, create an
enum that can use a given size, or supports a `Largest` size. Largest
is not implemented yet, but this gets the types in place for this.
Signed-off-by: David Brown <david.brown@linaro.org>
In order to generate images that match exact sizes, we need to know the
size of the TLV. We can estimate this size before the payload is added
(since the payload doesn't directly affect the size).
This patch adds the size estimate, and compares it with the actual TLV
size.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of setting a mutable variable and possibly assigning to it, just
set the variable to the result of the conditional.
Signed-off-by: David Brown <david.brown@linaro.org>
This enum ended up with some fields out of order. Fix the order. No
impact to the code, as each enum entry has a specific value, this just
makes the whole enum more consistent.
Signed-off-by: David Brown <david.brown@linaro.org>
Introduced mediate variable for express data chunk offset
from the beginning of the region.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
boot_copy_region() was written so it assumes that the image header
must fit int the intermediary buffer of 1 KB size. A bigger header
will cause a overflow in calculation of size of data chunk to be
decrypted.
This patch allow to use header bigger than that buffer size and
mitigate the limitation described above.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Also refined the include directives, by removing unused headers and
making the usage of brackets and quotes a bit more coherent,
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Write operations are always expected to be aligned according to the port
configuration.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The cbor module is unmaintained, with the last release in 2016[1]. The
cbor2 module however is under active development and was last released
just last month[2].
As the APIs are identical, we can import cbor2 and if that fails fall
back to cbor.
[1] https://pypi.org/project/cbor/#history
[2] https://pypi.org/project/cbor2/#historyCloses#1189
Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: Iaf2d0df625a200a5cebf72dec4a89877a26194ea
The commit fixes issue where failed flash_area_open in
boot_write_status would result in flash_area_close call on
uninitialized flash_area object.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The error path of boot_read_image_header could invoke
flash_area_close on uninitialized flash_area object.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Andrzej Puzdrowski