According to clippy, `&'static` can just be `&` for static definitions,
which always have a static lifetime. Clean this up in the arrays in the
code, as well as generation code in imgtool.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit fixes definition and usage of ZEPHYR_LOG_MODE_MINIMAL
to prevent compilation warnings on possibly non-portable code.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This incorporates changes both from the dependency changes in simflash,
as well as some minor changes that recent versions of Cargo make.
Signed-off-by: David Brown <david.brown@linaro.org>
The thiserror crate seems to be getting more momentum in the community
than failure. Switch to this for deriving our own error type.
Signed-off-by: David Brown <david.brown@linaro.org>
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version). Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).
Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking. There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.
This adds the boot changes and simulator support to test this configuration.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit adds logic that checks if image, that has IMAGE_F_ROM_FIXED
flag set together with proper address in header, has not been mismatched
with slot.
This code will prevent attempting to boot image that has been build for
different ROM address than a slot it currently resides in.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The IMAGE_F_ROM_FIXED, now supported by imgtool and mcumgr, allows to
use image_header.ih_load_addr to store fixed ROM address information.
The address is provided for Direct-XIP mcuboot to be able to verify
if it can boot an image in given slot, by checking if the address
the image has been built for corresponds to slot address.
This flag is not required to be set within image, in which case
the check will not happen, but is highly desired as it allows mcuboot
to detect images that have been mismatched with slot.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit changes banner message to indicate that bootloader has been
built for Direct-XIP mode.
It also removes, in Direct-XIP compiled code, information on jumping
into first slot: that information is not always correct for Direct-XIP
and other messages correctly point slot that will be used.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Since there won't be anymore alpha releases, rollback to latest official
(from master). The next released versions now can be either 1.7.X from
v1.7-branch or X.Y.Zrc1 for the release candidate of next stable
version.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fixes padding hex images when encrypting. The issues stems from binaries
using `bytes` and IntelHex returning `array` where `bytes` cannot be
appended to, so use `.extend()` instead.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Setting LED to initial level before beginning.
Making comment about BOOT_SERIAL_DETECT_DELAY more clear in Kconfig.
Signed-off-by: Jared Wolff <hello@jaredwolff.com>
Part of defines which are needed for bootutil_public.c compilation
were moved to separate file, so the bootutil_public library doesn't
need to include cryptographic libraries headers anymore.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Objective for existence botutil_public.c is to provide common code
for MCUboot itself and for an chain-loaded application. Therefor
it shouldn't depend on MCUboot exclusive functions or so.
This path moves missing part of bootutil_private.h to bootutil_private.c
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add watchdog timer to MCUBootApp plus BlinkyApp to implement additional way of boot/upgrade image operation confirmation.
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Add SPDX headers indicating the Apache-2.0 license to the scripts in the
scripts directory. This can be assumed due to the presence of the
Apache-2.0 LICENSE file at the top of the project.
Fixes#930
Signed-off-by: David Brown <david.brown@linaro.org>
CONFIG_LOG_MINIMAL was replaced by CONFIG_LOG_MODE_MINIMAL since
https://github.com/zephyrproject-rtos/zephyr/pull/31404 PR was
merged.
CONFIG_LOG_MINIMAL is still emitted as legacy property, but
can't be assigned so prj.conf was fixed.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
After the change to support protected TLVs, the `verify` command was not
updated with proper support. Fix it by skipping any protected TLV found,
and fix the size of the hashed/signed region to also include the
protected TLV area.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Addresses issues when running signed-off-by checks on the Zephyr fork
due to GH rebases done on UX rewriting the commit with the primary email
instead of whatever email was used originally.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
To fix a regression caused by f68473814f,
where an older TF-M version was used that didn't support the bootutil
cmake.
Signed-off-by: Raef Coles <raef.coles@arm.com>
Check the environment variable `PTEST_LOG_ALL`, and if it is set, write
the output of all test runs to a log file instead of just the failures.
Failed test are still written to failure-nnnn.log, but successful runs
are written to success-nnnn.log. If the environment variable is not
set, ptest behaves as before, only writing to log files when there is a
failure.
Signed-off-by: David Brown <david.brown@linaro.org>
To help determine where time is being spent in tests, add a 'time'
command to the test invocation script. In addition, split the test
invocation into a separate build and run stage. This can be useful with
another change to ptest that logs all test outputs instead of just
failures.
Signed-off-by: David Brown <david.brown@linaro.org>
Modify the function boot_add_data_to_shared_area from static to global
thereby it can be used in the user interface boot_save_shared_data.
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: Ic6a36eb526a0883a156f832942af3138bde86dd6
Added boot_read_image_ok() to public API as reading image_ok
might be used by the chain-loaded application for checking by
image itself its confirmation state.
Additionally extracted common code for determine a trailer flag to
boot_read_flash() function.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Part of code of boot/bootutil/ is re-implemented in zephyr-rtos
repository.
As some code are defined here and there it becomes problem when
need to include it with outstanding feature in a build.
It is possible to mitigate problem using #fdefry - but this was
rather temporary hack.
This patch introduce new module which is common for MCUBoot build
and application build.
Common code were extracted to bootutil_public.c source file and
bootutil_public.h header
MCUboot also select DISABLE_MCUBOOT_BOOTUTIL_LIB_OWN_LOG Kconfig
option, as it must define log configuration on its own for all its
sourcecode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fix compilation with CONFIG_LOG_MINIMAL enabled by disabling the
custom log handling code.
Fixes e75e33d981
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Update volume maps so local directories in the Travis VM map correctly
to the Docker expected PATH for script running. Misc cleanups.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Update install script to avoid building a docker image and instead pull;
also add proper caching for re-runs.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Update Dockerfile to only build a distro and required tooling, avoiding
adding source repositories, including tfm and mcuboot, so that it can be
reused without the need to rebuild all the time.
This should allow pushing the image under mcuboot/fih-test and
pulling+caching in Travis.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Now that the travis description is empty, ptest no longer runs any
tests. Change it to use the github workflow description. It is still
fairly specific to our particular workflow, and will need to be updated
if the form of what is there changes.
The workflow description is quite a bit simpler, so a bunch of code has
been removed.
Signed-off-by: David Brown <david.brown@linaro.org>
The yaml-rust package version in the lock file does not work with recent
versions of Rust. This is fixed in newer version. Update the lock file
to represent the latest acceptable versions of all of the dependencies.
This change fixes the error at least up to Rust 1.49.
Signed-off-by: David Brown <david.brown@linaro.org>
To avoid problems where the latest master of tf-m-tests is incompatible
with the fixed version used by the FIH test. Bump the version of TF-M
used slightly to a commit that allows the version of tf-m-tests to be
easily overridden.
Signed-off-by: Raef Coles <raef.coles@arm.com>
To a version which uses the new bootutil cmake, allowing the bootutil
files to be moved/renamed without breaking the FIH test.
Signed-off-by: Raef Coles <raef.coles@arm.com>
This commit also introduces changes that allow users to build for other non-swap type update methods (overwrite only, swap using move, direct xip, or RAM loading). Changes include:
- Adding configuration options relating to XIP
- Updating the Mbed flash map backend to be compatible with XIP updates
- Add default secondary_bd in internal flash for XIP on Mbed OS.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
The commit adds support for IMAGE_F_ROM_FIXED flag that allows setting
information on image base address into image_header.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In order to allow other projects to include the bootutil files more
easily. Allows renaming and moving of bootutil files without breaking
external projects' file lists (if they include this cmake file instead
of directly listing the files they use). Prevents an issue where
moving/renaming bootutil files breaks the FIH CI test.
Signed-off-by: Raef Coles <raef.coles@arm.com>
Change-Id: Ic982413c6a26ea2039712437f2d511fbe202e1e4
The internal functions of mcuboot are not consistent in opening/closing flash areas and sometimes nested calls happen to `flash_area_open` and `flash_area_close`. With the previous implementation, a nested call to `flash_area_close` would deinitialize the underlying `BlockDevice`. This could cause subsequent flash operations on an "open" flash area to fail.
This PR adds a simple open counter for each flash area and ensures the underlying `BlockDevice` is initialized and deinitialized appropriately. The `BlockDevice` is only initialized when transitioning from an open count of 0 to 1. The `BlockDevice` is only deinitialized when the open count falls to 0.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
David Brown