Commit Graph

1171 Commits

Author SHA1 Message Date
Fabio Utzig 165e00e9e0 Update fiat from latest upstream
Update from upstream: 92b7c89e6e8ba82924b57153bea68241cc45f658

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-02 07:00:46 -03:00
Henrik Brix Andersen a40b199761 scripts: assemble.py: switch to using devicetree_legacy_unfixed.h
Switch to using the devicetree_legacy_unfixed.h header for extracting
flash partition information.

Zephyr has switched to using a new gen_defines.py script and a new set
of macros/defines for devicetree code generation for all nodes except
flash partitions, which are still in the legacy format.

Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
2020-03-31 08:47:40 -03:00
Carles Cufi 7e7b4ad199 zephyr: boot_serial: Use K_MSEC() with k_sleep
k_sleep() requires explicit conversion of the unit since it takes an
opaque type starting with:
https://github.com/zephyrproject-rtos/zephyr/pull/23382

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2020-03-30 21:39:29 +02:00
Roman Okhrimenko aa7c021eb8 Update user documentation in cypress folder
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-30 13:25:56 -06:00
Roman Okhrimenko 23ca10af0b Delete excess info from makefiles in cypress directory
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-30 13:25:56 -06:00
Andrzej Puzdrowski fefdea20d2 zephyr:boards nrf52840_pca10056 rename to nrf52840dk_nrf52840
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/

Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-27 15:35:23 -06:00
Andrzej Puzdrowski c757ece80e bootutil: Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
Replay of reverted to early committed patch 6d417c9:

Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-26 15:44:38 -06:00
David Vincze 274c5da955 boot: Unify the interpretation of TLV entry fields
Modify the definition of certain shared data TLV entry header fields to
be aligned with the image TLV's behaviour (the meaning of the tlv_len
field was different) and achieve unified interpretation.

Modify some macro definitions that use bitwise shift operators to
prevent certain errors from occurring due to implementation-defined
behaviour.

Change-Id: Ib736703a391d390a87d629a8ac4e77e1789120a5
Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-03-26 12:23:36 +01:00
David Vincze 63eb4566d0 boot: Add boot status record to shared data area
Implement the functions declared in boot_record.h and add
each BOOT_RECORD TLV's CBOR encoded binary data (one TLV entry per
image) to a shared data area between the bootloader and the runtime SW.
These data units are stored in a TLV format (in the shared area too) and
contain certain attributes of the given image / SW component such as:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)

Preserving all these image attributes from the boot stage for use by
later runtime services is known as a measured boot. The list of the
shared attributes is based on the recommendations of Arm's Platform
Security Architecture (PSA).
The main purpose of this patch is to create the prerequisites of an
attestation service by providing these measurements.

The boot_record.c and boot_status.h (originally tfm_boot_status.h) files
were copied (with modifications) from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.

Change-Id: I37a8e7b10d5bf80a581651ffaf65b3cba45eaff2
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-03-26 12:23:36 +01:00
David Vincze 1cf11b5feb boot: Define interface for data sharing with runtime
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.

The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.

Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-03-26 12:23:36 +01:00
David Vincze 6bfa9e5853 imgtool: release 1.6.0alpha1
Change-Id: I7ae2bff9d16c39f7cc5fee3a08437f0a25e7cddc
Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-03-26 12:23:36 +01:00
David Vincze 71b8f981df imgtool: Add CBOR encoded boot record to TLV area
Add new '--boot-record' option for imgtool to add a new type of TLV to
the image manifest called BOOT_RECORD. This TLV contains CBOR encoded
data with some basic information about the image (SW component) it
belongs to, these are the following:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)

The boot_record.py file and most of the modifications in image.py are
coming from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.

This patch is based on the recommendations of Arm's Platform Security
Architecture (PSA) and its purpose is to support compliance with it.

Change-Id: I379ccc57b48ad2311837cb3fd90f5f9d1c9b5bac
Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-03-26 12:23:36 +01:00
Dominik Ermel 1084100cf4 zephyr: TinyCBOR has been removed from interface libraries
It is no longer needed to add TINYCBOR to list of interface libraries.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-03-25 06:13:05 -03:00
Marcin Niestroj c6be76aed2 zephyr: select USE_DT_CODE_PARTITION after kconfig option change
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.

[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
  USE_DT_CODE_PARTITION")

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
2020-03-24 13:18:44 -06:00
Krzysztof Chruscinski 821214e373 zephyr: Wrap sleep value with K_MSEC
Zephyr timeout API is changing and will use opaque value (k_timeout_t)
instead of raw values. K_MSEC is used to convert raw milliseconds value
to k_timeout_t.

This change is backward compatible so can be merged independently.

Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
2020-03-24 13:16:40 -06:00
Øyvind Rønningstad d071356a73 serial_recovery: Add copied and generated CBOR decoding code files
Generated serial_recovery_cbor.c and serial_recovery_cbor.h
Copied cbor_decode.c and cbor_decode.h

This commit is the result of running
./regenerate_serial_recovery_cbor.sh "2020 Nordic Semiconductor ASA"

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-03-24 13:10:17 -06:00
Øyvind Rønningstad f42a8205e8 serial_recovery: Replace CBOR decoding code with generated code
- Add the cddl_gen repository as a submodule.
 - Add a CDDL description file for the serial recovery packets to be
   decoded.
 - Add generated code files and cddl_gen's CBOR library to CMakeList.txt
   for Zephyr.
 - Convert boot_serial.c to use the new code.
 - Add a bash script to (re)generate code files using cddl_gen.py.

Serial recovery should work exactly as before, but the binary should be
about 1k smaller.

Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
2020-03-24 13:10:17 -06:00
Andrzej Puzdrowski fab12e0524 Revert "bootutil: Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()"
This reverts commit 6d417c9c84.

The patch was merged accidentally too early.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-23 14:23:16 +01:00
Andrzej Puzdrowski 8ecb89bb1c zephyr: board nrf51_pca10028 renamed to nrf51dk_nrf51422
Name of the board is changing in the zephyr-rtos:
https://github.com/zephyrproject-rtos/zephyr/pull/23447

This patch aligns the board name used which is required for suppression
of build warnings.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-19 15:02:56 -06:00
Oleg Zhurakivskyy 6d417c9c84 bootutil: Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2020-03-19 15:01:24 -06:00
Andrzej Puzdrowski 9a605b69f0 zephyr: add cleanup ARM core before boot
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.

Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.

MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-03-19 14:51:50 -06:00
Szymon Janc 05dc5ddbff mynewt: Update latest tags in repository.yml
0-latest and 1-latest should point to latest stable release.

Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2020-03-19 14:42:08 -06:00
David Brown 4878c27c82 imgtool: Remove default padding of ECDSA sigs
Since commit:

    commit a36082664e
    Author: David Brown <david.brown@linaro.org>
    Date:   Thu Dec 12 15:35:31 2019 -0700

        ecdsa: Allow ECDSA signatures to be actual length

MCUboot no longer requires ECDSA signatures to be padded to a fixed
length.  This change makes imgtool, by default, also no longer add this
padding to images.  There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding.  This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-03-18 09:05:21 -06:00
David Brown a4c586421a sim: Remove padding from ecdsa signatures
With support for unpadded ecdsa signatures in place, always generate
unpadded signatures within the sim.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-03-18 09:05:21 -06:00
Barry Solomon 0407553a97 loader: Fix dependency check issue related to swap type
Fix for issue #669

Signed-off-by: Barry Solomon <barry.solomon@dexcom.com>
2020-03-18 12:02:00 -03:00
Anthony Liu 04630cea43 fix #675 ECDSA verification fail when padding is added
Signed-off-by: Anthony Liu <antliu@gmail.com>
2020-03-13 17:52:59 +01:00
Dominik Ermel 470e2f3d5b zephyr: Enabling Zephyr/mynewt-core version of tinycbor
Changes needed due to overwrite of Zephyr fork of Tinycbor with
mynewt-core version.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-03-12 15:00:30 +01:00
Henrik Brix Andersen 0ce958e709 imgtool: add option for confirming a padded image
Add imgtool command line option for confirming (setting image_ok =
0x01) in a padded image.

Fixes: #664

Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
2020-03-11 11:15:36 -03:00
Håkon Øye Amundsen cdf94c2623 docs: secondary slot magic is unset after update
This description is needed to explain why MCUBoot won't
revert a recently performed update.

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-03-10 15:54:18 +01:00
Håkon Øye Amundsen 11d91c34a3 docs: fix incorrect state reference
The TEST is state I and PERM is state II.

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-03-10 15:54:18 +01:00
Roman Okhrimenko 4c1c5b0955 Update Readme file with details on HW crypto acceleration
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Roman Okhrimenko 38aa6c4d23 Add crypto acceleration config file and support in build system
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Roman Okhrimenko 39adbe37ce Add Cypress hardware crypto acceleration dependencies as submodules
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Christian Daudt e1960a9c45 Update instructions to point to correct git URL
Updating the URL for git repository in README file to reflect merge
of PSoC62 into mcuboot master.

Signed-off-by: Christian Daudt <christian.daudt@cypress.com>
2020-03-04 21:03:19 -03:00
Roman Okhrimenko 4650f2011b Add debug configurations for ModusToolbox
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko 89ecdac3b8 Add initial implementation of MCUBoot application for Cypress PSOC6 platform
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko e981665aa4 Add cypress dependencies as submodules
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig e60b12f9c5 sim: fix paths for mbed-cryto
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig 3cd904a661 Update mbedTLS to 2.19.3
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Erik Johnson 4906375adc loader: Fixed warning about uninitialized rc variable
Might get past the loop without going in at least once.

Signed-off-by: Erik Johnson <erik.johnson@nimbelink.com>
2020-02-28 09:09:34 -03:00
Andrzej Puzdrowski af14853b7c zephyr: configurable log thread stack size
Introduced Kconfig property for configure log processing
thread stack size.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 8459163f14 zephyr: terminated log processing gently
Added log processing thread gently termination
before chain-load the application.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 3f092bd313 zephyr: allow recovery over usb cdc-acm with logs enabled
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.

Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.

Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.

build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
 -- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 9a4946ce9a zephyr: add default LOG and MULTITHREADING values in kconfig
Add Log processing configuration synchronous as default
if multithreading is disabled.

Additionally Kconfig makes MULTITHREADING default
if USB is selected.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 5d96bd20a9 zephyr: tabs to spaces in line indentation
Uses spaces instead of tabs.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
David Vincze c308413760 bootutil: Introduce HW rollback protection
- Add image security counter verification (read security counter value
  from the image manifest and compare it against the stored/active
  security counter) as an optional part of the image validation process
  to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
  is enabled then the platform must provide a mechanism to store and
  read the security counter value in a robust and secure way.

Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-02-25 23:43:12 +01:00
David Vincze 1a7a6905c5 imgtool: Add security counter to image manifest
Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).

The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.

Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-02-25 23:43:12 +01:00
Fabio Utzig 19df5c44de mynewt: allow newt to bypass submodule cloning
A recently added `newt` feature allows it to only clone selected git
submodules: https://github.com/apache/mynewt-newt/pull/377. This changes
the MCUBoot repository to remove submodules from the cloning process,
because they are not used by Mynewt.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-25 11:37:15 -03:00
Fabio Utzig 3647ded973 docs: update nokogiri to fix CVE-2020-7595
https://nvd.nist.gov/vuln/detail/CVE-2020-7595

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-25 09:26:02 -03:00
Fabio Utzig a1ed50bb11 mynewt: rollback version.yml
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-24 11:09:47 +01:00