Commit Graph

2102 Commits

Author SHA1 Message Date
Jamie McCrae 0b7b7ae655 docs: zephyr: Add note on swap-using-scratch
Adds details on how to use the swap-using-scratch algorithm and
associated risks.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-28 08:18:57 -07:00
INFINEON\DovhalA 94360d5b2f Fix possible array index overflow in loader.c: fill_rsp()
Signed-off-by: INFINEON\DovhalA <Artem.Dovhal@infineon.com>
2023-02-28 08:08:35 -07:00
Dominik Ermel 472d4c7fed bootutil: Pass flash_area to boot_read_swap_size
Modifies boot_read_swap_size and boot_read_enc_key to use
flash_area object pointer instead of image index.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-28 08:06:10 -07:00
Jamie McCrae 9e8eddcecb boot: zephyr: Clean up before chainloading by default
This changes the default mcuboot configuration for zephyr
applications to clean up before booting the user application. The
reason for this change is that mcuboot may configure protection (e.g.
MPU stack guard) which is then used by the user application during
its startup code prior to cleaning the configuration up, this can
lead to a unbootable application and potentially irrecoverable
module, therefore cleaning up is now being enabled by default.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-27 15:20:50 +01:00
Sherry Zhang 120b7182ae FIH: Fix possible static check error caused by FIH_DECLARE
Signed-off-by: Sherry Zhang <sherry.zhang2@arm.com>
Change-Id: I970582777018094d0cbf83d3131a7d5c576035e5
2023-02-27 11:25:33 +01:00
Ross Younger ae9d256cab imgtool: allow verify mode to use public ed25519 keys
Verify mode already works for the public halves of RSA and ECDSA keypairs.
This patch corrects an apparent oversight, enabling that functionality
in Ed25519.

Signed-off-by: Ross Younger <crazyscot@gmail.com>
2023-02-25 09:42:31 -03:00
dependabot[bot] d9e5d2681e build(deps): bump bumpalo from 3.9.1 to 3.12.0
Bumps [bumpalo](https://github.com/fitzgen/bumpalo) from 3.9.1 to 3.12.0.
- [Release notes](https://github.com/fitzgen/bumpalo/releases)
- [Changelog](https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md)
- [Commits](https://github.com/fitzgen/bumpalo/compare/3.9.1...3.12.0)

---
updated-dependencies:
- dependency-name: bumpalo
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-25 09:39:31 -03:00
dependabot[bot] c00f332c41 build(deps): bump nokogiri from 1.13.8 to 1.14.2 in /docs
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.13.8 to 1.14.2.
- [Release notes](https://github.com/sparklemotion/nokogiri/releases)
- [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.13.8...v1.14.2)

---
updated-dependencies:
- dependency-name: nokogiri
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-24 12:04:03 +01:00
dependabot[bot] ccc8f8c855 build(deps): bump activesupport from 6.0.3.6 to 6.0.6.1 in /docs
Bumps [activesupport](https://github.com/rails/rails) from 6.0.3.6 to 6.0.6.1.
- [Release notes](https://github.com/rails/rails/releases)
- [Changelog](https://github.com/rails/rails/blob/v7.0.4.2/activesupport/CHANGELOG.md)
- [Commits](https://github.com/rails/rails/compare/v6.0.3.6...v6.0.6.1)

---
updated-dependencies:
- dependency-name: activesupport
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-23 20:02:05 -03:00
Dominik Ermel 76d2b89b40 ci: Skip sign-off checks for dependabot
Dependabot uses different e-mails for signoff and commit.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-23 08:12:12 -07:00
Dominik Ermel c68a600403 bootutil: Little rework of boot_find_status
In rework:
  - size has been removed from array, as it has been making array
    at least of two elements, even if scratch partition not used;
  - some variables have been localized and some removed;
  - no longer returning rc codes from flash_area_ functions on
    failure, just single point of failure-exit - it made no sense
    anyway as we can not recover from flash failure;
  - flash area pointer is now NULLified on failure, or when
    status not found.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-22 08:51:18 -07:00
Dominik Ermel 23a7a2e61f bootutil: Move duplicate static inline functions to one header
The commit moves static common functions that have duplicate
definitions in bootutil_public.c and bootutil_misc.c to header
file to be included by both files.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-22 08:49:31 -07:00
Tamas Ban 4a34b0fed1 ci: Update TF-M version to be aligned with FIH library changes
So far the FIH CI job was fetching a WIP change from
TF-M Gerrit to align the MCUboot and TF-M from the FIH
library point of view. This change is replacing to fetch
the final version instead of the WIP change.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
2023-02-22 08:14:09 -07:00
Jamie McCrae aee388aefa zephyr: serial_recovery: Fix confusing/wrong Kconfig values
Fixes some confusing Kconfig values to have values that make
sense for the underlying SMP transport.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-17 15:53:57 +01:00
Jamie McCrae cde363926b zephyr: serial_recovery: Make receive buffers configurable
This allows making the number of receive buffers configurable
instead of being fixed at 2.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-17 15:53:57 +01:00
Dominik Ermel 453e8bd7de flash_map_backend: Remove flash_area_id_to_image_slot
The function has not been in use and some ports have not been
implementing it anyway.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:40:21 -07:00
Dominik Ermel b26fc487ee boot/boot_serial: Add boot_reset_request_hook to bs_reset
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:33:34 -07:00
Dominik Ermel ad35e2b227 boot/bootutil: Provide prototype for boot_reset_request_hook
Provide prototype for a new hook boot_reset_request_hook
which is called when device is requested to reboot.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 16:33:34 -07:00
hasheddan 85b4e0bf54 Use full links for Cypress and Sim usage instructions
The relative links do not work on the docs website due to the files not
living in the docs/ directory. This updates to link directly to the
GitHub source so that users are not dropped onto a 404 page.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
2023-02-14 12:29:08 -07:00
Dominik Ermel a4c725109d zephyr: Remove FLASH_AREA_IMAGE_SCRATCH from single app config
Does not have to be set anymore when CONFIG_SINGLE_APPLICATION_SLOT
is set.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 08:42:15 -07:00
Dominik Ermel d546079707 bootutil: Don't default to scratch when single app is used
When MCUBOOT_SINGLE_APPLICATION_SLOT is set then the app can
only be overwritten with new image and scratch algorithm
is not used. The configuration logic would default
MCUBOOT_SWAP_USING_SCRATCH to 1 because it was lacking
check for MCUBOOT_SINGLE_APPLICATION_SLOT.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-02-14 08:42:15 -07:00
Daniel DeGrasse 8e8b5455bc boot: zephyr: add support for RT595
Add support for RT595 to MCUBoot. A larger number of max sectors is
required due to the large flash size present on the RT595 EVK.

Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
2023-02-14 08:33:53 -07:00
Jamie McCrae 9315654d79 zephyr: Disable and deprecate flash erase
This deprecates the flash erase Kconfig for zephyr, if this action
is required then the board should be flashed using west with the
`--erase` argument supplied instead.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-14 10:48:27 +01:00
Jamie McCrae 3618f51e73 Revert "Explicitly set module name in `zephyr/module.yml`"
This reverts commit e82b370ca5.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-13 17:16:21 -07:00
Jamie McCrae c6848adb46 Revert "Add west.yml to make manifest-module."
This reverts commit 900da13865.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-02-13 17:16:21 -07:00
Fabio Utzig 74530753b4 bootutil: fix swap with move reset issue
Fix a swap corruption which occurs on the swap move algorithm when a
reset happens exactly at the point after the last move up, and its
status update. On restart the image headers should be read at the 2nd
sector of the primary slot, but due to lacking initialization it is
read on the first sector, and then fails. This error was masked on the
simulator because of the use of a global variable, which retained its
value on a "reset simulation".

Fixes #1588

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-02-09 20:15:02 -03:00
Almir Okato bfdf934e3a espressif: ci: Add new building jobs configs for Espressif chips
Add jobs for testing build ESP32-XX within more features:
Serial Recovery, Multi Image and Multi Boot

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-02-03 18:05:07 -03:00
Almir Okato 3eb0681273 ci: add single parent commit case on check-signed-off-by script
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-02-03 18:05:07 -03:00
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Almir Okato 78d50b2f07 espressif:ESP32-S3: Fix multiboot APP CPU start
Add missing function for starting the APP CPU when booting the
second image (multi image).

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-01-24 22:56:02 -03:00
Piotr Dymacz 4427e4c977 boot: zephyr: allow timeout based recovery with CDC ACM
This makes it possible to enable timeout (BOOT_SERIAL_WAIT_FOR_DFU) mode
for the serial recovery when using CDC ACM based serial device. This was
runtime tested on nRF52840-Dongle.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2023-01-16 10:37:16 +01:00
Joakim Andersson 90b8f69040 boot: zephyr: Only call sys_clock_disable when supported
Only call sys_clock_disable when the system clock driver support
this feature.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-01-13 16:49:10 +01:00
Fabio Utzig 8f289ba5f9 imgtool: fix getpriv format type for keys
A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.

This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.

Fixes #1529

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-01-10 18:03:21 -03:00
Fabio Utzig 4a748bfefa mynewt: add flash sector requirement for swap move
Add basic flash_sector struct and offset calculation routines. This
fixes the build using swap move, because this data is required to
calculate the maximum image size.

Fixes #1567

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-01-06 17:41:03 -03:00
Fabio Utzig 5a013e321f ci: add Mynewt test target for swap move
Add a new Mynewt build configuration that uses the swap move mode.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-01-06 17:41:03 -03:00
Fabio Utzig 46e554e7c0 ci: Fix compatibility with packaging==22
packaging >= 22 dropped support for LegacyVersion, which was the usual
result of an invalid version number being parsed. Now it is PEP-440
strict and throws an exception on fails. This fixes the script to work
with both older and newer releases.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-01-04 11:22:24 -03:00
Jamie McCrae 9d3fd7f7eb boot_serial: Add unaligned stack buffer writing
Fixes a bug when writing to devices which have memory alignment
requirements with data being using directly from a zcbor-response
whereby the alignment of the buffer data does not meet the
requirements of the flash driver.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-01-03 12:18:54 +01:00
Almir Okato 8724081f90 doc: espressif: Add warning note for Flash Encryption with Serial Recovery usage
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-12-22 09:11:19 -03:00
Jamie McCrae d165e9b2a5 boot: zephyr: boards: nrf52840dk: Fix overlay
Fixes an issue with a node which has been removed from zephyr.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-20 15:25:07 +01:00
Almir Okato 84da51b646 espressif: add downgrade prevention feature
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-12-19 11:02:55 -03:00
Dominik Kilian 421730e846 boot: Update Nordic's license identifier tag
Nordic had changed its license identifier to new
more accurate id: LicenseRef-Nordic-5-Clause.
Old identifiers should be updated.

Signed-off-by: Dominik Kilian <Dominik.Kilian@nordicsemi.no>
2022-12-19 13:04:56 +01:00
Tamas Ban 04efc2e861 docs: fix FIH example command in design.md
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I3ce8177ad6ae8196b7deb4176c4441f41bbc475a
2022-12-16 13:06:11 +01:00
Tamas Ban 166075ef4b ci: fih: update TF-M version to 1.7.0 and adjust test suite
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I1a810bac6e0409ff06af80c8151b8d37a97effdc
2022-12-16 13:06:11 +01:00
Jamie McCrae ad1fb3dde2 boot_serial: Allow using a buffer larger than 512 bytes
There are 3 levels of buffers and only the first one seems to be
configurable, this fixes that issue.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-04 13:20:46 +01:00
Jamie McCrae 0b6d3439bb boot_serial: Fix rc not being returned as a signed value
Fixes an issue whereby rc is a signed variable but is returned as
an unsigned variable in the zcbor functions.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2022-12-02 22:52:48 +01:00
Mark Horvath 7ebf0e8277 bootutil: Fix bootutil_find_key return value
The return value of bootutil_find_key is used as the key_id in the
bootutil_img_validate function, and negative key_id value used in case
of errors. If MCUBOOT_HW_KEY is set, than the key hash is read by
boot_retrieve_public_key_hash function, but the exceptation is only to
return nonzero on failure, so its error code should not be propagated
up to the caller. Instead, bootutil_find_key should return -1 in case
of a platform error.

Change-Id: I8e2bd12a5cf53787e10ae45c2ab556e8a856692d
Signed-off-by: Mark Horvath <mark.horvath@arm.com>
2022-11-25 17:54:03 +01:00
Torsten Rasmussen 82ee5d0bb9 zephyr: fix handling of devicetree overlays in mcuboot
The current specific setting of devicetree overlay files using `set()`
has a couple of built-in flaws.

It keeps readding the overlay file on each subsequent CMake invocation.
The build command (make/ninja), will automatically invoke CMake if there
are any changes to files used as configure time dependencies.

This can easily be seen by manually re-invoking CMake:
```
 # First invocation
$ cmake -DBOARD=nrf52840dk_nrf52840  -DDTC_OVERLAY_FILE=custom.dts ..
Loading Zephyr default modules (Zephyr workspace).
-- Application: /projects/github/ncs/bootloader/mcuboot/boot/zephyr
...
-- Found devicetree overlay: custom.dts
-- Found devicetree overlay: bootloader/mcuboot/boot/zephyr/dts.overlay

 # Second invocation
$ cmake -DBOARD=nrf52840dk_nrf52840  -DDTC_OVERLAY_FILE=custom.dts ..
Loading Zephyr default modules (Zephyr workspace).
-- Application: /projects/github/ncs/bootloader/mcuboot/boot/zephyr
...
-- Found devicetree overlay: custom.dts
-- Found devicetree overlay: mcuboot/boot/zephyr/dts.overlay
-- Found devicetree overlay: mcuboot/boot/zephyr/dts.overlay
```

Zephyr has built-in support for application specific overlay config
which gets automatically applied when the overlay file is named:
`app.overlay`.

Therefore rename `dts.overlay` to `app.overlay`.
Ref: https://docs.zephyrproject.org/3.2.0/build/dts/howtos.html \
  #set-devicetree-overlays

This change further allows users of mcuboot to place their mcuboot
configuration out-of-tree of the sample by using the
`APPLICATION_CONFIG_DIR` setting.

Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
2022-11-24 08:55:20 +01:00
Fabio Utzig 08a716dc4e imgtool: fix --vector-to-sign usage
`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".

Signed-off-by: Fabio Utzig <utzig@apache.org>
2022-11-21 18:50:25 -03:00
Dominik Ermel e009e19bd9 zephyr: Explicitly select CONFIG_CRC for CONFIG_MCUBOOT_SERIAL
The serial recovery depends on CRC from Zephyr, which it should
have been selecting explicitly.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2022-11-21 16:25:34 +01:00
Antonio de Angelis 7ba01c0de7 imgtool: Fix PEP8 warnings on modules in this PR
Fix the remaining PEP8 warnings that appear on image.py, ecdsa.py
or main.py for imgtool.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
2022-11-16 14:02:19 -03:00