Commit Graph

65 Commits

Author SHA1 Message Date
David Vincze 2a7565b338 bootutil: Move encryption key function to common file
Move the definition of boot_enc_retrieve_private_key() to a common file
to avoid code duplication and also endure seamless transition to this new
key handling approach for targets which don't use hardware keys.

Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20
Signed-off-by: David Vincze <david.vincze@arm.com>
2024-07-31 16:55:55 +02:00
David Vincze 0e5e1a9fc6 Reapply "boot: Add MCUBOOT_HW_KEY support for image encryption"
This reverts commit c06f7bb367.

Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ic2ab2c4d3981dec3cd3c25a50b5a989000375372
2024-07-31 16:55:55 +02:00
David Brown c06f7bb367 Revert "boot: Add MCUBOOT_HW_KEY support for image encryption"
This reverts commit 0fa46270c0.

This breaks:

    samples/synchronization/sample.kernel.synchronization on
    b_u585i_iot02a/stm32u585xx/ns error

as this TF-M configuration uses its own keys.  This change is an API
change that needs to be coordinated with TF-M changes.

Before this revert, compiling this test results in:

    .../encrypted.c:447: undefined reference to
    `boot_enc_retrieve_private_key`

Signed-off-by: David Brown <david.brown@linaro.org>
2024-07-09 09:19:43 -06:00
Dinesh Kumar K 0fa46270c0 boot: Add MCUBOOT_HW_KEY support for image encryption
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.

This hook helps retrieving private key from trusted
sources like OTP, TPM.

Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
2024-06-12 15:17:54 -06:00
Tomi Fontanilles d4394c2f9b mbedtls config: fix too early check_config.h includes
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.

MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-04-25 11:05:54 +02:00
Roland Mikhel 5899face4d sim: PSA Crypto ECDSA enablement
This commit enables ECDSA signature verification using
PSA Crypto API.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I33f559ecdd59b1ce41c6a2d5f315212300d585e3
2023-09-12 16:29:11 +02:00
Matthew Dalzell 34d5a6915f Tests: Enable psa-crypto-api feature
This patch enables psa-crypto-api feature

Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
2023-06-28 15:24:06 +02:00
Roland Mikhel d6703520d1 sim: Add hw-rollback-protection feature
This commit adds simulator support to test the
hw-rollback-protection feature which is using
nv-counters. In the simulator they are stored in Rust
to prevent any race conditions from happening due to
the parallel execution of the tests.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I445fc50615ed1f0c06e5933b16811c24d9d302fc
2023-06-27 14:42:34 +02:00
Dominik Ermel b1d4e00186 sim: Add flash_area_get_sector
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-03-14 08:13:20 -06:00
Dominik Ermel 453e8bd7de flash_map_backend: Remove flash_area_id_to_image_slot
The function has not been in use and some ports have not been
implementing it anyway.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:40:21 -07:00
Andrzej Puzdrowski 453b0dd790 sim: added flash_area_sector_from_off() API implementation
Added implementation of the above API function.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-06-14 11:25:02 +02:00
Andrzej Puzdrowski cc547a76da sim/mcuboot-sys: provide sim-own porting files
The sim platform was sharing a few header
files with the zephyr-rtos port. This patch provides
sim own headers.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-06-14 11:25:02 +02:00
Andrzej Puzdrowski a914048bee sim/mcuboot-sys: mbedtls configuations
copied configurations form the zephyr port

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-06-14 11:25:02 +02:00
Gustavo Henrique Nihei 7bfd14bbc5 sim: Fit unit tests to larger write align values
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Gustavo Henrique Nihei 4aa286d2db flash_map: Increase minimum supported write align via flash_area_align
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Raef Coles f11de6494c boot: enable partial multi-image booting
Signed-off-by: Raef Coles <raef.coles@arm.com>
2021-11-05 09:38:10 -06:00
David Brown 4b82c671cf sim: Implement function in sim
The function `flash_area_id_from_image_slot` is used in the RAM_LOAD and
DIRECT_XIP configurations.  Define a version for use in the simulator.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-07-19 11:22:13 -06:00
David Brown d216b20883 sim: Pass boot_rsp down from the simulator
Instead of having this struct at a fairly low level in the simulator,
with the filled-in values effectively discarded after each call, pass
the value from higher up in the simulator.  This prepares us for being
able to use the resulting data in upcoming tests.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-07-19 11:22:13 -06:00
David Brown f1ae694fa1 sim: Fix flash_area_get_device_id in sim
commit c304a7f84a
(refs/bisect/good-c304a7f84a7e7e345457e23b179fa302b8732fb9)
Author: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date:   Mon Jun 14 16:08:42 2021 +0000

    sim: Add flash_area_get_device_id implementation

Adds an implementation for this function in the simulator that just
returns 0.  Fix this to return the proper ID so that when tests start
checking for this, it will return the right value.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-07-19 11:22:13 -06:00
Sherry Zhang f4580cb672 Update mbedtls to mbedtls-3.0.0
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: If406625c09949cca7575d234807e49c00cbc2fa7
2021-07-16 09:42:57 +02:00
Dominik Ermel c304a7f84a sim: Add flash_area_get_device_id implementation
With switch to getter functions the implementation of the function
is now required.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-07-06 14:42:53 -06:00
Salome Thirot 6fdbf55756 Sim: Add testcases for AES256 image encryption
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
2021-05-18 07:25:12 -03:00
Fabio Utzig 6c553d6741 sim: add Mbed TLS EC256 encrypted image support
Add new feature that allows testing EC256 encrypted images using the
Mbed TLS backend.

Move config-ecdsa.h to config-ec.h because definitions are very similar
between ECDSA and ECDH with Mbed TLS so resort to a single config file.

Add new feature and fix the build; add proper Mbed TLS memory
initialization when enc-ec256-mbedtls is used.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-05-06 21:05:47 -03:00
David Brown 641af4530c boot: Support Mbed TLS ECDSA for signatures
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version).  Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).

Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking.  There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.

This adds the boot changes and simulator support to test this configuration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-23 10:29:31 -07:00
Fabio Utzig 4b2e55f362 boot: bootutil: drop flash_area_read_is_empty
Removes the current `flash_area_read_is_empty` which lacked a bit of
clarity in its naming and error handling, as well as requiring an
extra API in the flash map, and switches to using an internal function
`bootutil_buffer_is_erased`.

Code that was previously using `flash_area_read_is_empty` must now be
updated to do a `flash_area_read` followed by a call to
`bootutil_buffer_is_erased` with the read buffer.

The proposal was previously discussed here:

https://github.com/zephyrproject-rtos/zephyr/pull/28519

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-08 20:47:56 -03:00
Fabio Utzig 1edb788695 sim: update alignment (aka write_sz) to u16
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.

Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-05 17:11:14 -03:00
Blaž Hrastnik f62ea0c464 bootutil *should not* import assert.h
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.

Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
2020-09-28 09:08:44 -06:00
Kumar Gala 00108fe973 sim: Fixup devicetree.h for changes to mcuboot
Fixup how we fake out devicetree.h, which is now really the flash map
API for what mcuboot is using.

Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-05-15 15:11:56 -06:00
Fabio Utzig 3fc84bf686 keys: Add sample x25519 priv/pub keys
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
Fabio Utzig 272c5eb540 zephyr: sim: add minimized ECIES-P256 key
Remove public key from embedded private encryption key (it was already
ignored before).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-17 16:26:53 -03:00
Andrzej Puzdrowski f1d189c486 zephyr: switch to recent defines and include headers
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.

Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707

This patch switch mcuboot to using most recent items.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-12-12 11:54:44 +01:00
Fabio Utzig 6fa2d40d45 sim: log flash writes/reads/erases at highest level
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig e92df93461 sim: log: add new level targetting simulator
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
  are interesting while debugging bootutil in the simulator. This should
  be used for extra verbose prints.

* Also added fflushs after fprints to guarantee that messages are printed
  even when assertions are raised.

* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
  to the other ports.

* Make DEBUG the default level when building the simulator (one can
  still lower verbosity using any other value for RUST_LOG).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig 73243918cd sim: add EC256 encryption key
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
David Brown 2b8a695be1 Convert BOOT_MAGIC_SZ to #define
Convert this `extern const uint32_t` to a simple define.  Provide an
accessor function so that the simulator is able to access the value as
well.  This has a minor improvement on the generated code within MCUboot
itself.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
David Brown e0bb1f956f Change BOOT_MAX_ALIGN to #define
BOOT_MAX_ALIGN is defined as

    extern const uint32_t BOOT_MAX_ALIGN;

and is assigned a value in a single file.  This causes extra work when
this is used as the size of a local variable in a function.

The value was made a constant in order for the simulator to be able to
access the value.  Instead of making it a "real" constant, keep it as a
define, unifying the value of FLASH_MAX_ALIGN and this one, and provide
an accessor function for the test code to be able to access this value.

This causes a minor improvement in the code generated in
`boot_write_status`, but more importantly, eliminates a VLA from the
code, which increases the possible compilers supported by MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
Fabio Utzig 8000e325f1 Remove global test thread locking
With the recent changes in bootutil, now there is no need to lock the
test threads to run sequentially, so the global lock was removed. The
locking now happens to access resources such as flash, flash params,
simulator context, etc on a per thread basis. Some of the global
variables that were used by the simulator itself (FFI) were made into a
context struct passed in to invoke_go.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-07 14:33:36 -03:00
Fabio Utzig b0f0473352 Remove current_image global and macro updates
Currently to determine which image is being operated on, there is a global
variable called current_image which is used by most macros and APIs to
correctly access the flash areas required by the bootloader. This moves
this variable to the already existing state struct and refactors all
macros and APIs to receive the current image by parameters. To maintain
compatibility some of the macros were not updated and use image 0 when
called.

The definitions of FLASH_AREA_IMAGE_PRIMARY and FLASH_AREA_IMAGE_SECONDARY
for Mynewt compatibility were moved out of bootutil sources to a Mynewt
specific include file.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-07 14:33:36 -03:00
David Vincze b75c12a431 Boot: Extend flash layout for multiple images
This patch introduces the BOOT_IMAGE_NUMBER macro and current_image
variable to support multiple updatable images and the associated
extended flash layout.

The FLASH_AREA_IMAGE_* object-like macros are replaced with
function-like ones and therefore some functions have been updated,
because the labels of a switch statement and the initialization
values of objects with static storage duration have to be constant
expressions.

Change-Id: Ib7b26ec3c94233e52db4f97825ddb6a3e55bb1d3
Signed-off-by: David Vincze <david.vincze@arm.com>
2019-07-23 09:11:34 -05:00
David Vincze 6c9b416cd8 sim: Support non-continuous area ID mapping
Support non-continuous image flash area ID mapping. It was assumed
that the flash area IDs are subsequent and increasing numbers which
might not be true in all cases.

Change-Id: I0d1285d6fcf1e83a64611c9ad4f65abd002c25d3
Signed-off-by: David Vincze <david.vincze@arm.com>
2019-07-23 09:11:34 -05:00
Fabio Utzig 9771028579 Add ed25519 verification to sim
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Fabio Utzig 3929743408 Add simulator support for RSA-3072 sigs
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-05-16 14:01:19 -03:00
David Brown 5e6f5e0165 sim: Add multi-image config support to sim
Add support for building with multiple images to the simulator.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
Andrzej Puzdrowski e575fe9ead image encryption: fix enc_state array indexing for zephyr
enc_state table was indexed with assumption that
image flash area are subsequent and increasing numbers.
It might not be true while building zephyr.

Patch introduce flash_area_id_to_image_slot() implementation for
the zephyr port and uses it to assign proper slot number.
This API is already available in MyNewt.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-03-14 16:10:54 +01:00
Andrzej Puzdrowski 419a47531b zephyr: allow dynamic numeration of flash_areas
Zephyr flash_map reworks caused that areas id exact number are
assigned dynamically.

This patch i counterpart to
https://github.com/zephyrproject-rtos/zephyr/pull/8837

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-02-10 16:08:38 +01:00
Fabio Utzig 05ab014e36 Update sim ecdsa testing to use ring signing
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.

The ring library was updated to 0.14.1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Emanuele Di Santo 9f1933d1a5 boot: zephyr: migrate to new log subystem
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.

In-place log processing is selected as it is required as MCUBoot is
one thread application.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Fabio Utzig 73ffc4458d Add align/erased_val params per flash device
The previous c/rust ffi functions were hardcoding the values of align
and erased_val before each run through static globals. This adds new sim
flash functions that get the align/erased_val from the sim flash device
that is being run on, allowing that later multiple flash devices can
each use its own params.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 99dfc78723 Remove usage of hal_flash_* functions
Update `flash_area_*()` functions to call `sim_flash_*()` directly
instead of using `hal_flash_*()` functions that were not part of the
main bootloader anymore.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00