Commit Graph

191 Commits

Author SHA1 Message Date
David Brown 23d28832f0 Update to version 1.10.0
Signed-off-by: David Brown <david.brown@linaro.org>
2023-04-06 07:38:04 -06:00
David Brown 569b1d6393 Update to version 1.10.0-rc1
Signed-off-by: David Brown <david.brown@linaro.org>
2023-03-20 14:02:12 -06:00
Raphael Dupont 16f3de5660 imgtool: fix boot_magic when -e big and max-align > 8
Currently if max-align > 8, magic_boot only works in little endian

For example :
With max-align = 16 and endian = big, boot_magic starts with 0x10 0x00,
but it should be 0x00 0x10

Signed-off-by: Raphael Dupont <raphael7dup@gmail.com>
2023-03-16 10:03:24 -03:00
Piotr Dymacz e026c3679b imgtool: sign: allow using 16-bit custom TLVs from valid range
The TLV type field in trailer TLV struct is defined as unsigned 16-bit
(in LE byte order). Currently, due to Python's struct format specified
as 'BBH', the 'imgtool' accepts only single byte for this field.

This results in error when trying to use 16-bit TLV type with option
'--custom-tlv':

  struct.error: ubyte format requires 0 <= number <= 255

This changes format to 'HH' which allows using 16-bit TLV types and
while at it, adds also simple range validation for custom TLV type.
As defined in image.h header, the vendor reserved TLVs value should
be from 0x00a0 to 0xfffe range.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-03-10 17:30:38 -03:00
Ross Younger ae9d256cab imgtool: allow verify mode to use public ed25519 keys
Verify mode already works for the public halves of RSA and ECDSA keypairs.
This patch corrects an apparent oversight, enabling that functionality
in Ed25519.

Signed-off-by: Ross Younger <crazyscot@gmail.com>
2023-02-25 09:42:31 -03:00
Fabio Utzig 8f289ba5f9 imgtool: fix getpriv format type for keys
A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.

This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.

Fixes #1529

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-01-10 18:03:21 -03:00
Fabio Utzig 08a716dc4e imgtool: fix --vector-to-sign usage
`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".

Signed-off-by: Fabio Utzig <utzig@apache.org>
2022-11-21 18:50:25 -03:00
Antonio de Angelis 7ba01c0de7 imgtool: Fix PEP8 warnings on modules in this PR
Fix the remaining PEP8 warnings that appear on image.py, ecdsa.py
or main.py for imgtool.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
2022-11-16 14:02:19 -03:00
Antonio de Angelis c6e7e9be7a imgtool: Improve ECDSA key generation
This patch improves the existing ECDSA key generation feature
in the imgtool by:
 - Fix a bug in the 'minimal' representation of PKCS#8 keys where
   the resulting ASN.1 DER encoding is not compliant
 - Add the option to export ECDSA private keys in SEC1 format by
   providing a command line option -f or --format that can be
   'openssl' (for SEC1 format) or 'pkcs8'. This format ends up in
   key encodings which are generally smaller than PKCS#8.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
2022-11-16 14:02:19 -03:00
Antonio de Angelis 284b8fe3dd imgtool: Add filename to some common prints
Common prints such as the one that happens when an image is signed
are clearer if the source of print is added (i.e. filename), especially
for those build integration flows where imgtool is invoked as part of
a set of operations.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
2022-11-16 14:02:19 -03:00
Fabio Utzig 4e2cdfe82f imgtool: change getpub exporting format parameter
Update a previous PR were PEM exporting was added to the `--lang`
parameter, even though PEM is not a source code language per se.

This PR adds `--encoding/-e` to `getpub` command, for exporting
in formats other than a language source code. `--lang` is left with
a deprecation message, so it could be removed in a future version.
The default behavior of exporting source code in C was preserved.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2022-09-29 19:31:02 -03:00
Fabio Utzig 6f286779a6 imgtool: add option to export public PEM
Update `getpub` with new `lang` option, "pem", which allows exporting a
public key as a PEM file. This can later be distributed to be used for
encrypting an image, and gets away with having to use openssl for this
step.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2022-09-22 11:34:43 -06:00
Alexander Mihajlovic f4df58f347 imgtool: Fix output of confirmed image in HEX format
The image_ok was written to the wrong offset
when outputting HEX format. This commit fixes that.

Drive-by change: Use actual length of boot magic
instead of assuming it's 16 bytes long.

Signed-off-by: Alexander Mihajlovic <alexander@eub.se>
2022-08-22 10:56:12 +02:00
iysheng 6093cbb3dd scripts: Fix some sentences to suit print display
Signed-off-by: iysheng <iysheng@163.com>
2022-05-30 08:13:55 +02:00
Almir Okato 3eb50263b7 imgtool: Fix imgtool sign command without key
The fix adds a condition that checks if either key or fixed_sig are
`not None` before payload signing and TLV addition.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-05-18 09:51:53 -03:00
Andrzej Puzdrowski dfce0be6a1 imgtool: export data vector to be signed
Extend sign/create command so it allows to export image's byte string
which is the substrate for the image signature. The new option is
'--vector-to-sign'. It might takes 'payload' or 'digest'.
The exported data might be used to calculate the signature externally.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-04-18 16:31:15 -06:00
Andrzej Puzdrowski f72e3741d6 imgtool: image signature export
Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-04-18 16:31:15 -06:00
Andrzej Puzdrowski 160303c202 imgtool: Added support for providing the signature by 3rd party
The sign command was extended so it now allow to provide the signature
as base64 formatted RAW file using --fix-sig along with the relevant
public key --fix-sig-pubkey.

This patch is added for support the case where the party which produces
the image dose not have access to the signing image key but must request
third party for the signature.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-04-18 16:31:15 -06:00
David Brown c657cbea75 Update to version 1.9.0
Bump version information for 1.9.0 release

Signed-off-by: David Brown <david.brown@linaro.org>
2022-03-02 14:29:33 -07:00
David Brown ee366953fe Update to 1.9.0-rc2
Bump the version number in the readme, and imgtool for the 1.9.0-rc2
release.

Signed-off-by: David Brown <david.brown@linaro.org>
2022-02-10 12:21:07 -07:00
Wouter Cappelle c028d45057 imgtool: skip erased values in trailer generation
When generating an image with trailer (--pad or --confirm), the
imgtool also adds the erased values into that area. This is not
wanted for flash drivers which use ECC and treat writing erased
values as a real write action, which cannot be overwritten anymore.
See issue #1288

Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-02-09 13:35:01 -07:00
Piotr Mienkowski b6d5cf3589 imgtool: change --max-align default value
The value of `--max-align` parameter passed to imgtool can never be
less than the value of `--align` parameter. At present the default
value of `--max-align` is fixed at 8. This forces user to pass the
parameter even when its value can be safely inferred.

Change the default value of the `--max-align` parameter to the larger
of the two values: `--align` or 8. Consequently, the user is required
to pass the parameter only if the flash alignment of the primary and
secondary slot differ.

Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
2022-02-07 15:58:40 -07:00
David Brown d484b827a9 Bump versioning information to 1.9.0-rc1
Signed-off-by: David Brown <david.brown@linaro.org>
2022-01-21 14:01:05 -07:00
Michel Jaouen d09aa6b4f9 imgtool: Add clear image generation with encryption capability
Create an option to generate a clear image with encryption capability
that can be installed on a primary slot. Since image has encryption
capability image can be swapped encrypted in secondary slot

Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
2022-01-14 09:30:57 -03:00
Gustavo Henrique Nihei cf120baa65 bootutil: Define new magic for the updated image trailer layout
The magic value applies to images built with maximum write alignment
values other than 8 bytes, whose trailer region is generated in a
different layout.

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Kristine Jassmann 73c38c6fde bootutil: Allow larger minimum flash write
[kristine.jassmann@renesas.com: Allow larger minimum flash write]
[michael.thomas@renesas.com: Add changes for 1.8]
[michael.thomas@renesas.com: Add magic alignment fix]
[gustavo.nihei@espressif.com: bootutil: Address issues from PR 949]

Co-authored-by: Kristine Jassmann <kristine.jassmann@renesas.com>
Co-authored-by: Michael Thomas <michael.thomas@renesas.com>
Co-authored-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Signed-off-by: Kristine Jassmann <kristine.jassmann@renesas.com>
Signed-off-by: Michael Thomas <michael.thomas@renesas.com>
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Martí Bolívar caa1f6bbd9 assemble.py: don't read BOARD.dts.pre.tmp
This file has been removed from upstream Zephyr in commit 2b7c61e306a
("cmake: re-work devicetree preprocessing steps").

Get the board name from .config instead; this is a stable place for it
to be found. Load the EDT itself from the pickle file in the build
directory; this has the advantage of fixing the script when out of
tree devicetree bindings are used.

Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
2021-12-08 14:18:18 -07:00
Ross Burton a6df132b68 imgtool: prefer cbor2 over cbor
The cbor module is unmaintained, with the last release in 2016[1]. The
cbor2 module however is under active development and was last released
just last month[2].

As the APIs are identical, we can import cbor2 and if that fails fall
back to cbor.

[1] https://pypi.org/project/cbor/#history
[2] https://pypi.org/project/cbor2/#history

Closes #1189

Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: Iaf2d0df625a200a5cebf72dec4a89877a26194ea
2021-11-03 14:19:31 +01:00
David Brown 29099e1d17 Preps for 1.8.0
Update version fields for 1.8.0 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-10-13 10:03:58 -06:00
David Brown 0779f4f4d2 Preps for 1.8.0-rc2
Update version fields for 1.8.0-rc2 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-09-29 15:31:32 -06:00
David Brown ae35510b58 Preps for 1.8.0-rc1
Update version fields for 1.8.0-rc1 release.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-08-31 09:09:22 -06:00
Carl-Johan Landin f44fd6199c zephyr: update devicetree py package lib files include path in assembly
This PR updates the path to the devicetree python package lib files according to the Zephyr PR
zephyrproject-rtos#33746 which moved the devicetree lib files.

Old path: ZEPHYR_BASE/scripts/dts/
New path: ZEPHYR_BASE/scripts/dts/python-devicetree/src/devicetree/

Signed-off-by: Carl-Johan Landin <carl-johan.landin@endian.se>
2021-07-26 10:19:14 +02:00
Salome Thirot 0f64197aff boot: Add AES256 support for image encryption
Support only works when using mbedtls as the cryptographic library.

Signed-off-by: Salome Thirot <salome.thirot@arm.com>
2021-05-18 07:25:12 -03:00
David Brown 1997f539f7 sim: Remove extraneous static
According to clippy, `&'static` can just be `&` for static definitions,
which always have a static lifetime.  Clean this up in the arrays in the
code, as well as generation code in imgtool.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-11 07:25:43 -07:00
Fabio Utzig 8a5e49876e imgtool: rollback to 1.7.0 release
Since there won't be anymore alpha releases, rollback to latest official
(from master). The next released versions now can be either 1.7.X from
v1.7-branch or X.Y.Zrc1 for the release candidate of next stable
version.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-02-12 09:28:47 -03:00
Fabio Utzig d62631af57 imgtool: fix encrypting hex images
Fixes padding hex images when encrypting. The issues stems from binaries
using `bytes` and IntelHex returning `array` where `bytes` cannot be
appended to, so use `.extend()` instead.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-02-11 12:41:39 +01:00
David Brown 79c4fcf403 scripts: Add SPDX headers
Add SPDX headers indicating the Apache-2.0 license to the scripts in the
scripts directory.  This can be assumed due to the presence of the
Apache-2.0 LICENSE file at the top of the project.

Fixes #930

Signed-off-by: David Brown <david.brown@linaro.org>
2021-01-28 09:36:55 +01:00
Fabio Utzig d12a8da287 imgtool: fix validation with protected TLVs
After the change to support protected TLVs, the `verify` command was not
updated with proper support. Fix it by skipping any protected TLV found,
and fix the size of the hashed/signed region to also include the
protected TLV area.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2021-01-25 16:49:05 -03:00
Dominik Ermel 50820b1611 mgtool: Add support for setting fixed ROM address into image header
The commit adds support for IMAGE_F_ROM_FIXED flag that allows setting
information on image base address into image_header.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-12-16 18:06:33 +01:00
Andrzej Puzdrowski a8e12dae38 Preps for 1.7.0 release
Update version fields for 1.7.0 release.
Added compatibility note for zephyr-rtos.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-11-25 16:26:11 +01:00
Andrzej Puzdrowski e75966105a Preps for 1.7.0-rc2
Update version fields for 1.7.0-rc2 release.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-11-12 11:14:28 +01:00
Fabio Utzig de1d72d069 doc: fix github urls to use the new org
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-11-10 14:19:19 -03:00
Andrzej Puzdrowski 69344636be Preps for 1.7.0-rc1
Update version fields for 1.7.0-rc1 release.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-10-30 17:56:02 +01:00
Roman Okhrimenko 42b32394d6 imgtool: Add possibility to set confirm flag for hex files as well
Fix imgtool does not take into account value of confirm flag, when signing .hex images

Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-09-18 20:30:14 +03:00
David Vincze b2a1a48561 imgtool: Fix 'custom_tlvs' argument handling
When Image.create() is called without the 'custom_tlvs' argument, it
gets its default value (None). It must be checked before performing
any operations on/with it.

Change-Id: I8e0755265f35f9eeb796fe078a6ad8c8d9f2b8da
Signed-off-by: David Vincze <david.vincze@linaro.org>
2020-09-18 14:45:13 +02:00
Tamas Ban 67e3fff047 docs: Revert the moving of design.md
This commit fix the issue reported in #803:
https://github.com/JuulLabs-OSS/mcuboot/issues/803

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-09-18 10:51:22 +02:00
Tamas Ban fe03109ab1 boot: Add ram-load upgrade mode
This patch introduces the ram-load mode in addition to the other
upgrade modes (swap strategies, overwrite-only, direct-XIP). When
ram-load is enabled with the MCUBOOT_RAM_LOAD option, mcuboot
selects the newest valid image based on the image version numbers from
the image header, thereafter the selected image loaded to the RAM and
executed from there. Load address is extracted from the image header.
Therefore the images must be linked to the RAM memory region.
The ram-load mode is very similar to the direct-XIP mode, main
difference is to load the newest image to the RAM beforehand the
authentication and execution. Similar to direct-XIP mode either
of the primary and the secondary slots can hold the active image.

Ram-load can be useful in case of a bit more powerful SoC, which
is not constrained in terms of internal RAM. It could be that image
is stored in external and therefore untrusted flash. Loading image
to internal (trusted) RAM is essential from the security point
of view the system. Furthermore execution from internal RAM is much
faster than from external flash.

This patch is based on the RAM_LOADING upgrade strategy which was
first introduced in the Trusted Firmware-M project.
Source TF-M version: TF-Mv1.0.

Change-Id: I95f02ff07c1dee51244ac372284f449c2efab362
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2020-09-16 11:06:30 +02:00
Casper Meijn 2a01f3f341 imgtool: Print image digest during verify
In an effort to create a script to do firmware based on an URL, I could
not easily retrieve the image digest. `newtmgr` needs the hash when
marking a image for testing.

Signed-off-by: Casper Meijn <casper@meijn.net>
2020-09-09 07:34:01 -03:00
Martí Bolívar 009a150422 imgtool: --confirm implies --pad
As discussed in
https://github.com/zephyrproject-rtos/zephyr/pull/28026, when
generating confirmed images, it makes sense to pad them.

Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
2020-09-08 07:26:30 -03:00
Fabio Utzig 37dec81940 imgtool: fix package's author email
Fix author email after move to new mailing list.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-08-18 08:04:58 -03:00