Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.
Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.
Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.
Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.
when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.
variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.
some others parts of the code have been hardenned (eg. loop on images)
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
Decryption buffer was fixed to 1024 which imposes failure
while attempting to decrypt bigger image chunks, which is
expected on memories of bigger erase-block-size.
This patch attempt to get teh proper buffer size basing on
SOC's nv flash node.
fixes#1310
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The "MCUBOOT_LOG_MODULE_(DECLARE|REGISTER)" macros should have a name
coherent with the rest of the logs macors, ie "BOOT_LOG_*". Also,
"bootutil_log.h" should define them as empty when the logs are disabled and
as "MCUBOOT_LOG_MODULE_*" when they are not.
With this change, the mcuboot user doesn't have to define
MCUBOOT_LOG_MODULE_* macros if the logs don't going to be used.
Signed-off-by: Carlos Falgueras García <carlos.falgueras@wslw.es>
The commit changes single loader code that has been accessing
flash_area type object directly, to use the new getter functions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The comment on why first parameter to bootutil_img_validate is allowed
to be NULL, in boot_image_validation of single_loader.c, has been
rewritten.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.
fixes#831
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The change enables usage of single image applications. This can be used
when user does not need multiple boot images and wants to use more flash
are for main application or other purposes.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Jamie McCrae