The crypto/common.h header checks for MBEDTLS_VERSION_NUMBER
value but it needs to include mbedtls/version.h first
otherwise it won't return a reliable check.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ice12fe26bb24fd98c09c4adfe001b5274cee555c
This fixes the issue: #1624 by changing the license to Apache-2.
There isn't a need to have these files nordic licensed.
Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Nordic had changed its license identifier to new
more accurate id: LicenseRef-Nordic-5-Clause.
Old identifiers should be updated.
Signed-off-by: Dominik Kilian <Dominik.Kilian@nordicsemi.no>
cddl-gen has been renamed to zcbor.
Update regenerate_serial_recovery_cbor.sh and regenerate/recopy all
files.
Remove the submodule in ext/ since it is no longer necessary when
the zcbor package is installed (only needed for regeneration, not
for building).
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
The files are copied from mbedtls-3.0.0 without any modification.
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: I164dbb0caa0600b9002fe4e37941eb10e036ffdf
Add an offset parameter to mode ctr so it can be properly used as a
streaming cipher, like required by the flash encryption algorithm.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add the cddl_gen repository as a submodule.
- Add a CDDL description file for the serial recovery packets to be
decoded.
- Add generated code files and cddl_gen's CBOR library to CMakeList.txt
for Zephyr.
- Convert boot_serial.c to use the new code.
- Add a bash script to (re)generate code files using cddl_gen.py.
Serial recovery should work exactly as before, but the binary should be
about 1k smaller.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
A patch adding sha-512 to upstream tinycrypt was submitted:
https://github.com/intel/tinycrypt/pull/42
While it is not accepted, add the code under a new ext/tinycrypt-sha512
depedency.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Copy paste bug in cc310 glue layer for nRF where disable does not set
the enable register to 0. Thanks to @solsbarry for pointing this out.
Fixes: #586
Signed-off-by: sigvartmh <sigvart.m@gmail.com>
Move the external mbedtls submodule out of the sim/mcuboot-sys directory
into the ext directory. This will allow the same copy of mbed TLS to be
used by other board support packages, instead of having to make a
duplicate clone.
Signed-off-by: David Brown <david.brown@linaro.org>
The ext/mbedtls directory has a copy of the ASN.1 parser from the mbed
TLS library. To allow a future change to bring the entire mbed TLS
library in as a submodule under ext, rename this to mbedtls-asn1 to make
it clear this is only a subset.
Signed-off-by: David Brown <david.brown@linaro.org>
This adds the boringssl version of fiat-crypto. The version bundled here
had most if its non-used code removed, like signing, X25519 curve
operations not required by verification, etc.
Under boringssl tree, fiat can be found in third_party/fiat. The version
included here comes from a boringssl tree where the last commit is
f109f2087349712d3ac717d15fab48e130618110.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add glue layer for using the nrf cc310 to keep the cc310 interface more generic.
Add readme on how to build mcuboot with nrf cc310 support.
Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com>
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This bundles the asn1 parser from mbed-tls into mcuboot, which allows
adding EC crypto (tinycrypt based) functionality for target OSes that
don't bundle mbed-tls.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Disable the Zephyr-provided Tinycrypt, and use our local copy. This
avoids problems with changing version across different Zephyr releases.
Signed-off-by: David Brown <david.brown@linaro.org>
Zephyr 1.9 moves to tinycrypt v0.2.7. This introduces a breaking API
change. This makes things challenging for mcuboot, which would like to
be able to work across multiple platforms.
To help with this, bring in the last working version of Tinycrypt v0.2.6
from https://github.com/01org/tinycrypt. Tinycrypt is released under a
3-clause BSD-style license, with parts under the micro-ecc license,
which is a 2-clause license. Please see ext/tinycrypt/LICENSE for
details.
Signed-off-by: David Brown <david.brown@linaro.org>
Antonio de Angelis