Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.
The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.
[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
USE_DT_CODE_PARTITION")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr timeout API is changing and will use opaque value (k_timeout_t)
instead of raw values. K_MSEC is used to convert raw milliseconds value
to k_timeout_t.
This change is backward compatible so can be merged independently.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
- Add the cddl_gen repository as a submodule.
- Add a CDDL description file for the serial recovery packets to be
decoded.
- Add generated code files and cddl_gen's CBOR library to CMakeList.txt
for Zephyr.
- Convert boot_serial.c to use the new code.
- Add a bash script to (re)generate code files using cddl_gen.py.
Serial recovery should work exactly as before, but the binary should be
about 1k smaller.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Name of the board is changing in the zephyr-rtos:
https://github.com/zephyrproject-rtos/zephyr/pull/23447
This patch aligns the board name used which is required for suppression
of build warnings.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.
Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.
MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.
Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.
Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.
build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
-- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add Log processing configuration synchronous as default
if multithreading is disabled.
Additionally Kconfig makes MULTITHREADING default
if USB is selected.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add image security counter verification (read security counter value
from the image manifest and compare it against the stored/active
security counter) as an optional part of the image validation process
to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
is enabled then the platform must provide a mechanism to store and
read the security counter value in a robust and secure way.
Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
GPIO_DIR_IN has been replaced by GPIO_INPUT, GPIO_PUD_PULL_UP by
GPIO_PULL_UP, and gpio_pin_read() by gpio_pin_get_raw(). Update the
code to use the preferred API if it available. This avoids
deprecation warnings in the build.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
According to our CI:
Redundant 'source "$(ZEPHYR_BASE)/Kconfig.zephyr" in
'boot/zephyr/Kconfig'. Just do 'source "Kconfig.zephyr"'
instead. The $srctree environment variable already points
to the Zephyr root, and all 'source's are relative to it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Zephyr will soon no longer add the drivers subdirectory of the include
hierarchy to the search path, so references to driver headers must
include the drivers/ prefix.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Depends on 'MCUBOOT_OVERWRITE_ONLY' option since swap info is not protected
by signature
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
To be more robust in the placement of MCUBoot directory,
use the ZEPHYR_BASE env variable to locate
nrfxlib directory.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Swap without scratch has been tested enough and no obvious bugs (or
"show stopper) bugs seem to exist; so remove [EXPERIMENTAL] and make
it "stable".
Signed-off-by: Fabio Utzig <utzig@apache.org>
Allow runtime generation of CRT params when not available in the
embedded private key. Also remove parsing/calculation of CRT
parameters when CRT was disabled in the config (mbedTLS does not
use those in this case).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Added sample.yaml which is required for automatic building
mcuboot using zephyr sanitycheck.
Can be run by zephyr sanitycheck locally using
--testcase-root=/path/to/mcuboot/boot/zephyr
to make it detect the sample.yaml added.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This adds a Kconfig feature CONFIG_BOOT_USE_BENCH, which when enabled
will print the simple benchmarking output as log messages.
Signed-off-by: David Brown <david.brown@linaro.org>
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.
Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707
This patch switch mcuboot to using most recent items.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
are interesting while debugging bootutil in the simulator. This should
be used for extra verbose prints.
* Also added fflushs after fprints to guarantee that messages are printed
even when assertions are raised.
* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
to the other ports.
* Make DEBUG the default level when building the simulator (one can
still lower verbosity using any other value for RUST_LOG).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add Zephyr option to enable building a bootloader that uses an
alternative swap algorithm, that first moves up all sectors in slot1 and
then directly swaps between slot0 and slot1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
0e3fa72df4 removed device tree overlay
that is required to flash mcuboot to correct partition and CMake
variable that pointed to it. Restore it.
Do not restore adding "boards/${BOARD}.overlay" to the list since Zephyr
detects this file automatically now - see https://docs.zephyrproject.org/latest/application/index.html#devicetree-overlays
Signed-off-by: Sergey Koziakov <dya.eshshmai@gmail.com>
Don't set the board to qemu_x86 either; that's not right by any means.
Remove dts.overlay and build system logic related to it in
boot/zephyr/CMakeLists.txt. This file was a hack for arduino_101,
which is no longer supported by Zephyr.
Remove all the other DTC_OVERLAY_FILE logic in general while we're
here. Zephyr picks up
${APPLICATION_SOURCE_DIR}/boards/${BOARD}.overlay and uses it as
DTC_OVERLAY_FILE "for free" if DTC_OVERLAY_FILE is unset.
Adjust the minimum CMake version while we're here to account for
Zephyr build system changes.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
Remove this workaround. The Kinetis flash driver has supported
FLASH_PAGE_LAYOUT since at least January 2018.
Signed-off-by: David Brown <david.brown@linaro.org>
Only execute serial recovery if valid pin condition is detected
during power up reset or pin reset on nRF devices with RESETREAS
register. This is to prevent going into serial recovery when
waking up from power off mode with the same pin conditions that
is configured to trigger serial recovery.
Signed-off-by: Jon Helge Nistad <jon.helge.nistad@nordicsemi.no>
Ran automated checker for common typos [1]. Most of these changes have
no functional change *except* for `./ci/sim_run.sh` where, previously
the `bootstrap` feature wasn't being selected properly.
I didn't touch anything in the `./ext/` folder as anything in there
should probably be fixed in the upstream repo.
[1] https://github.com/codespell-project/codespell
Signed-off-by: Sam Bristow <sam@bristow.nz>
The ext/mbedtls directory has a copy of the ASN.1 parser from the mbed
TLS library. To allow a future change to bring the entire mbed TLS
library in as a submodule under ext, rename this to mbedtls-asn1 to make
it clear this is only a subset.
Signed-off-by: David Brown <david.brown@linaro.org>
zephyr changes the way in which it provide name of
serial device used by serial recover.
see: https://github.com/zephyrproject-rtos/zephyr/pull/18752
This path introduce build time configuration of device name
which is set to exact the same device which was set before.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
To enable multi image support in mcuboot one needs
to set the 'UPDATEABLE_IMAGE_NUMBER' config.
Add this to zephyrs MCUBoot kconfig to allow this.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
This introduces an API which allows for iteration over an image's TLVs
without resorting to low-level implementation details. All previous TLV
low-level handling was updated to comply with this new interface, and it
also makes it easier for external code to handle TLVs.
The API provides two functions:
1) To start a new iterator:
```
int bootutil_tlv_iter_begin(struct image_tlv_iter *it,
const struct image_header *hdr,
const struct flash_area *fap, uint8_t type,
bool prot);
```
2) To iterate over existing TLVs of given type:
```
int bootutil_tlv_iter_next(struct image_tlv_iter *it, uint32_t *off,
uint16_t *len, uint8_t *type);
```
A type of IMAGE_TLV_ANY was added to allow for iteration over all TLVs.
Low-level TLV access functions were removed from API, but low-level
structs are still visible in the namespace.
Signed-off-by: Fabio Utzig <utzig@apache.org>
CONFIG_MULTITHREADING is generally assumed to be y by the zephyr
kernel, even though that's not reflected in the Kconfig. For example,
semaphores depend on it being y, but CMake will still build sem.c even
if it's n.
The sensible default for this option is thus y.
However, it's a size advantage to disable it if the platform drivers
are all aware of this option, such as nRF.
Let's re-work our use of this option to keep it disabled when we know
it's safe, but enable it by default so more platforms can be expected
to work out of the box.
Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
Andrzej Puzdrowski