- Update documentation of 'HW based downgrade prevention'
- Add description for the following features:
MCUBOOT_MEASURED_BOOT
MCUBOOT_DATA_SHARING
MCUBOOT_HW_KEY
Change-Id: If7247e906de3028d44cdd9d14a5004661fb955af
Signed-off-by: David Vincze <david.vincze@linaro.org>
This macro is part of the C11 standard. Remove the use of a specialized macro
just for Zephyr, and use the standard macro for all platforms. This reduces
dependencies on specific versions of Zephyr.
In addition. The Zephyr-specific code was using toolchain/gcc.h which
would only work with gcc.h, so doesn't actually address any of the
objections. If this ever becomes a problem with Zephyr, we can figure
out a proper way to fix this.
Signed-off-by: David Brown <david.brown@linaro.org>
With the merge of https://github.com/apache/mynewt-newt/pull/365 `newt`
does not use `version.yml` files anymore, so remove the file and
references to updating it in the release process.
Testing a MCUBoot release now depends on `newt` `master` or `> 1.7.0`
(to be released).
Signed-off-by: Fabio Utzig <utzig@apache.org>
The STM32L475 needs BOOT_MAX_IMG_SECTORS equal 256 to work properly.
This add a config file to change default value from 128 to 256 once
there isn't a proper way to handle using Device Tree.
fixes zephyrproject-rtos/zephyr/issues/24243
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
Set the RAM_LOAD flag in the image header when a load address was passed
to the imgtool script, indicating that the image should be loaded into
RAM and run from there.
Change-Id: Id9d2c179d7fa1ff7d15cf671c09c61b5b78c88a8
Signed-off-by: David Vincze <david.vincze@linaro.org>
- Define new TLV for carrying information for x25519 based encrypted
images.
- Add routines to parse embedded encryption key, generated shared
secret and image decryption key.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581
Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
The --public-key-format option can be used to distinguish where
the public key is stored for image authentication. It can be embedded
in MCUboot or by selecting 'full' it can be in the image manifest.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1579
Change-Id: If658dff8147cfce2f27bfc0209ecf0d6d9cb2a73
Signed-off-by: David Vincze <david.vincze@linaro.org>
Board was renamed here:
zephyrproject-rtos/zephyr#24049
Patch aligns the name in MCUBoot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Use <arch/arm/aarch32/cortex_m/cmsis.h> include instead of <zephyr.h> to
get access to Cortex-M CMSIS API. zephyr.h provides kernel API, does not
guarantee access to CPU internals.
Fixes: #699 "Building MCUBoot for Zephyr fails on multiple ARM boards"
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Switch to using the devicetree_legacy_unfixed.h header for extracting
flash partition information.
Zephyr has switched to using a new gen_defines.py script and a new set
of macros/defines for devicetree code generation for all nodes except
flash partitions, which are still in the legacy format.
Signed-off-by: Henrik Brix Andersen <henrik@brixandersen.dk>
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replay of reverted to early committed patch 6d417c9:
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Modify the definition of certain shared data TLV entry header fields to
be aligned with the image TLV's behaviour (the meaning of the tlv_len
field was different) and achieve unified interpretation.
Modify some macro definitions that use bitwise shift operators to
prevent certain errors from occurring due to implementation-defined
behaviour.
Change-Id: Ib736703a391d390a87d629a8ac4e77e1789120a5
Signed-off-by: David Vincze <david.vincze@linaro.org>
Implement the functions declared in boot_record.h and add
each BOOT_RECORD TLV's CBOR encoded binary data (one TLV entry per
image) to a shared data area between the bootloader and the runtime SW.
These data units are stored in a TLV format (in the shared area too) and
contain certain attributes of the given image / SW component such as:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)
Preserving all these image attributes from the boot stage for use by
later runtime services is known as a measured boot. The list of the
shared attributes is based on the recommendations of Arm's Platform
Security Architecture (PSA).
The main purpose of this patch is to create the prerequisites of an
attestation service by providing these measurements.
The boot_record.c and boot_status.h (originally tfm_boot_status.h) files
were copied (with modifications) from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: I37a8e7b10d5bf80a581651ffaf65b3cba45eaff2
Signed-off-by: David Vincze <david.vincze@arm.com>
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.
The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
Add new '--boot-record' option for imgtool to add a new type of TLV to
the image manifest called BOOT_RECORD. This TLV contains CBOR encoded
data with some basic information about the image (SW component) it
belongs to, these are the following:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)
The boot_record.py file and most of the modifications in image.py are
coming from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
This patch is based on the recommendations of Arm's Platform Security
Architecture (PSA) and its purpose is to support compliance with it.
Change-Id: I379ccc57b48ad2311837cb3fd90f5f9d1c9b5bac
Signed-off-by: David Vincze <david.vincze@linaro.org>
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.
[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
USE_DT_CODE_PARTITION")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr timeout API is changing and will use opaque value (k_timeout_t)
instead of raw values. K_MSEC is used to convert raw milliseconds value
to k_timeout_t.
This change is backward compatible so can be merged independently.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Generated serial_recovery_cbor.c and serial_recovery_cbor.h
Copied cbor_decode.c and cbor_decode.h
This commit is the result of running
./regenerate_serial_recovery_cbor.sh "2020 Nordic Semiconductor ASA"
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
- Add the cddl_gen repository as a submodule.
- Add a CDDL description file for the serial recovery packets to be
decoded.
- Add generated code files and cddl_gen's CBOR library to CMakeList.txt
for Zephyr.
- Convert boot_serial.c to use the new code.
- Add a bash script to (re)generate code files using cddl_gen.py.
Serial recovery should work exactly as before, but the binary should be
about 1k smaller.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Name of the board is changing in the zephyr-rtos:
https://github.com/zephyrproject-rtos/zephyr/pull/23447
This patch aligns the board name used which is required for suppression
of build warnings.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.
Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.
MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Since commit:
commit a36082664e
Author: David Brown <david.brown@linaro.org>
Date: Thu Dec 12 15:35:31 2019 -0700
ecdsa: Allow ECDSA signatures to be actual length
MCUboot no longer requires ECDSA signatures to be padded to a fixed
length. This change makes imgtool, by default, also no longer add this
padding to images. There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding. This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
With support for unpadded ecdsa signatures in place, always generate
unpadded signatures within the sim.
Signed-off-by: David Brown <david.brown@linaro.org>
David Vincze