Commit Graph

41 Commits

Author SHA1 Message Date
Dinesh Kumar K 0fa46270c0 boot: Add MCUBOOT_HW_KEY support for image encryption
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.

This hook helps retrieving private key from trusted
sources like OTP, TPM.

Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
2024-06-12 15:17:54 -06:00
Tomi Fontanilles d4394c2f9b mbedtls config: fix too early check_config.h includes
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.

MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-04-25 11:05:54 +02:00
Roland Mikhel 206b914852 bootutil: Remove P224 curve
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I49fad7ede202de4e3c710bf4aa1df195a310b037
2023-04-11 07:05:38 +02:00
Dominik Ermel 453e8bd7de flash_map_backend: Remove flash_area_id_to_image_slot
The function has not been in use and some ports have not been
implementing it anyway.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:40:21 -07:00
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Gustavo Henrique Nihei 4aa286d2db flash_map: Increase minimum supported write align via flash_area_align
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Francesco Servidio 5bc983276f doc: Fix case in titles
Unified case in titles.
Fixed small grammar issues.

Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
2021-11-03 17:05:40 +01:00
Francesco Servidio 582367cfeb doc: Fixed consistency of Mbed term
Fixed the consistency of the case used for the Mbed term.

Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
2021-10-21 06:45:13 -03:00
Francesco Servidio 4ff0c18693 doc: Fixed consistency of MCUboot
Fixed the consistency of the case used in the term MCUboot.

Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
2021-10-21 06:45:13 -03:00
Roman Okhrimenko a41a850dd5 cypress: use mbedtls 3.0, do not use hw crypto by default
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-08-26 10:18:20 -06:00
Dominik Ermel a09ca5b964 boot: Add MCUBOOT_PERUSER_MGMT_GROUP_ENABLED to platforms
The commit adds the MCUBOOT_PERUSER_MGMT_GROUP_ENABLED configuration
option to cypress, mbed and mynewt configurations.
The options is used to enable custom, system specific, mcymgr
commands parsing in mcuboot serial recovery.
For the listed platforms it is set as not enabled (0), as neither
of the platforms currently provide supporting callback.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-07-13 11:39:35 +02:00
Dominik Ermel dc1b9f0579 boot/ports: Provide getter function for flash area object access
The commit provides set of getter functions that allow to
access fields of flash_area and flash_sectors objects.
Usage of these function, instead of direct field access, allows
to keep common code intact when internal, system specific,
implementation changes.
The commit contains the implementation of getters for following
ports: cpress, mbed, mynewt, zephyr.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-07-06 14:42:53 -06:00
Andrzej Puzdrowski 142b339667 boot: introduce MCUBOOT_CPU_IDLE() for support low power single thread
Introduced MCUBOOT_CPU_IDLE() macro.
If a port supports single thread or is bare-metal then might be need
to switch to idle mode explicitly form MCUboot code.
The call allows to enable lower power consumption while waiting for
incoming transmission in serial recovery etc.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2021-06-17 12:42:21 +02:00
Roman Okhrimenko 579b30c299 cypress: Update docs with new platforms support info
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-03-25 13:47:01 +02:00
Roman Okhrimenko cc557319f5 cypress: Update core-lib, mob-pdl-cat1 submodules revision
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-03-25 13:47:01 +02:00
Roman Okhrimenko 4bc2810cb5 cypress: Rework makefiles, reorganise source, add 062_1M and 062_512k support
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-03-25 13:47:01 +02:00
Bohdan Kovalchuk de51807249 Cypress: add encryption with mbedTLS
Signed-off-by: Bohdan Kovalchuk <bohd@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-03-16 21:38:06 -03:00
Roman Okhrimenko 895300103d cypress: Align cypress mbedtls hw accel implementation with bootutil update
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@infineon.com>
2021-03-12 14:17:28 -07:00
Roman Okhrimenko 0c7aebcfe3 cypress: Add support for watchdog timer update in boot image
Add watchdog timer to MCUBootApp plus BlinkyApp to implement  additional way of boot/upgrade image operation confirmation.

Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2021-02-01 16:39:18 +02:00
Fabio Utzig de1d72d069 doc: fix github urls to use the new org
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-11-10 14:19:19 -03:00
Andrzej Puzdrowski 907476d701 boot: remove direct fih delay rng inclusion
Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.

fixes #831

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-10-07 13:50:16 +02:00
Tamas Ban 4e8d838d36 cypress: Add fault injection mitigation
Add software countermeasures against fault injection attacks.

Change-Id: I35ae95a3387a0231f81782e22728bf8a3f9b6005
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-10-02 07:31:11 -03:00
Roman Okhrimenko 6ea44be64f cypress: update user documentation with disclaimer and additional instructions
This change adds Disclaimer section to Cypress related documentation and adds details about custom hardware configuration flow.

Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-09-30 03:46:36 +03:00
Roman Okhrimenko ff026122e1 Cypress: Disable entering deep sleep if no boot/upgrade images found
Entering deep sleep on CM0 without valid application on CM4 caused pyocd error while programming. This fix disables entering deep sleep mode on CM0 if no valid applications found for boot. Waiting for uart complete tx reworked. Code refactoring

Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-09-30 03:22:53 +03:00
dmiv 8672c8e98a Cypress: Add entering deep sleep in MCUBootApp, code improvements
- improved code in MCUBootApp
- added possibility to enter deep sleep mode after mcuboot app execution
- minor refactoring

Signed-off-by: dmiv <dmiv@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Signed-off-by: Taras Boretskyy <taras.boretskyy@cypress.com>
2020-09-22 18:27:21 +03:00
Bohdan Kovalchuk 8416f35a91 Cypress: fix one more unwanted warning
Signed-off-by: Bohdan Kovalchuk <bohd@cypress.com>
2020-07-16 13:25:22 +03:00
Bohdan Kovalchuk a333a4576b Cypress: fix flash_area_write, warnings, improve make, readme
Signed-off-by: Bohdan Kovalchuk <bohd@cypress.com>
2020-07-14 17:05:57 +03:00
Kostiantyn Tkachov 120efee34f Use cypress cy-mbedtls-acceleration revision w/o HAL
Signed-off-by: Kostiantyn Tkachov <kotk@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-06-05 01:08:36 +03:00
Roman Okhrimenko 2dcc96db52 Fix compilation of cypress code
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-05-29 14:11:57 -03:00
Bohdan Kovalchuk 0324f1b023 Add external memory support for cypress platform
Signed-off-by: Bohdan Kovalchuk <bohd@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-05-29 03:40:28 +03:00
Bohdan Kovalchuk 7725652e30 Add files to eliminate HAL dependency, build/compile pass
Signed-off-by: Bohdan Kovalchuk <bohd@cypress.com>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-04-21 07:55:10 -06:00
David Vincze 03368b8bec boot: Add hardware key support
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.

The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581

Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-04-07 09:20:13 -06:00
Roman Okhrimenko aa7c021eb8 Update user documentation in cypress folder
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-30 13:25:56 -06:00
Roman Okhrimenko 23ca10af0b Delete excess info from makefiles in cypress directory
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-30 13:25:56 -06:00
Roman Okhrimenko 4c1c5b0955 Update Readme file with details on HW crypto acceleration
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Roman Okhrimenko 38aa6c4d23 Add crypto acceleration config file and support in build system
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Roman Okhrimenko 39adbe37ce Add Cypress hardware crypto acceleration dependencies as submodules
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-05 12:32:18 +02:00
Christian Daudt e1960a9c45 Update instructions to point to correct git URL
Updating the URL for git repository in README file to reflect merge
of PSoC62 into mcuboot master.

Signed-off-by: Christian Daudt <christian.daudt@cypress.com>
2020-03-04 21:03:19 -03:00
Roman Okhrimenko 4650f2011b Add debug configurations for ModusToolbox
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko 89ecdac3b8 Add initial implementation of MCUBoot application for Cypress PSOC6 platform
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko e981665aa4 Add cypress dependencies as submodules
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00