This patch improves the existing ECDSA key generation feature
in the imgtool by:
- Fix a bug in the 'minimal' representation of PKCS#8 keys where
the resulting ASN.1 DER encoding is not compliant
- Add the option to export ECDSA private keys in SEC1 format by
providing a command line option -f or --format that can be
'openssl' (for SEC1 format) or 'pkcs8'. This format ends up in
key encodings which are generally smaller than PKCS#8.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Common prints such as the one that happens when an image is signed
are clearer if the source of print is added (i.e. filename), especially
for those build integration flows where imgtool is invoked as part of
a set of operations.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Removed the board configuration for Thingy:53 Application Core as it
contains references to the Kconfig modules that are not available in
the upstream Zephyr. The current configuration is set up to work
in the nRF Connect SDK environment and should be moved there.
Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
With the exception of nrf targets BOOT_SWAP_USING_SCRATCH mode was
still the default algorithm.
Changing the preferred mode in cases where no scratch_partition is
defined will allow successfully building mcuboot for such boards w/o
the need for any board specific overlays.
Signed-off-by: Thomas Stranger <thomas.stranger@outlook.com>
Public key is handled by the build-system
since a while.
This patch reflect this in the documentation.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Co-authored-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Zephyr-port has switched to use DT node labels instead of
label properties for partition assignment.
Also usage of west is recommended way to work with the project.
Documentation was actualized to reflect these principles.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Co-authored-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Differentiated image trailer size for swap-using-scratch with
max-align-32 feature and without it.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Corrected the maximal image size calculation for
the swap using scratch mode. Previously the vale which
is appropriate for the swap using move mode was used.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
It is possible that image in the slot is so big
that MCUboot swap metadata will interfere with
its content during the swap operation.
This patch introduces additional check to the image
validation procedure.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
main.c uses CMSIS functions such as __set_MSP, which require
cmsis.h to be included. Up until now, that file was included
indirectly through other ARM headers. This patch explicitly
includes cmsis.h, for platforms on which those indirect includes
do not work.
Signed-off-by: Yonatan Schachter <yonatan.schachter@gmail.com>
Signed-off-by: David Brown <david.brown@linaro.org>
Downgrade prevention for swap upgrades that was added to
mcuboot is now configurable in zephyr.
It may be using software version number from image in slot 0,
or security counter from the image in slot 0 (for limited downgrade
availability).
Hardware base security counter check remains unchanged.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Currently, downgrade prevention was limited to overwrite only
builds (version check) or devices with hardware storage for
security counter.
This extends downgrade prevention to be used when swap update
is selected.
Unlike MCUBOOT_HW_ROLLBACK_PROT option it does not require user
code to provide external way to store security counter.
Security counter from slot 1 image is used for comparison.
With security counter usage it is possible to have limited
software rollback if security counter was not incremented.
It is possible to use image version where strict rule for
image version comparison prevents any downgrades.
Downgrade prevention is also added to mynewt configuration.
If image in slot 1 is marked as pending and downgrade prevention
is in place, image will be deleted to avoid check on next boot.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Update a previous PR were PEM exporting was added to the `--lang`
parameter, even though PEM is not a source code language per se.
This PR adds `--encoding/-e` to `getpub` command, for exporting
in formats other than a language source code. `--lang` is left with
a deprecation message, so it could be removed in a future version.
The default behavior of exporting source code in C was preserved.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This property should be enabled by default only when watchdog
driver is available.
This fixed build with pristine configuration on targets
with CONFIG_WATCHDOG=n.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The Kconfig system used by Zephyr does not allow the defaults for choice
options to be overridden. To compensate for this, create a new boolean
config option that will determine what the default is for the boot mode.
This allows the kconfig override file for various Zephyr boards to
change the default to swap move.
Signed-off-by: David Brown <david.brown@linaro.org>
Update `getpub` with new `lang` option, "pem", which allows exporting a
public key as a PEM file. This can later be distributed to be used for
encrypting an image, and gets away with having to use openssl for this
step.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Currently the post copy hook is only called from the `copy_region`
function. However when another update method than `BOOT_UPGRADE_ONLY` is
selected this function is not called. This adds post copy hook to the
end of `boot_swap_image` when we know the swap is complete.
Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Building sample.bootloader.mcuboot for many platforms
is not possible (for instance a qemu). The limit is need
as otherwise zephyr-rtos/zephyr CI is failing on any push to
main branch or nightly CI run.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change removes the legacy configuration. The legacy configuration
became problematic, because GPIO DTS nodes no longer support labels
that were used to identify nodes in MCUboot. Therefore we need to
use GPIO DTS node name with the legacy approach.
The GPIO should be configured by board's DTS, which is simpler.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Change introduces default values of CONFIG_BOOT_SERIAL_DETECT_PIN
and CONFIG_BOOT_USB_DFU_DETECT_PIN. This is needed to prevent build
issues caused by uninitialized Kconfig.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Enable tests to be run on frdm_k64f and disco_l475_iot1. The l475 uses
the STM32 IWDG by default, and the k64f can be used for the generic
watchdog path. Both boards also received a config to enable the
watchdog.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Switching from FLASH_AREA_ to FIXED_PARTITION_ macros.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The FLASH_AREA_ macros, which have been using DTS node label property
to identify partitions, have been replaced with FIXED_PARTITION_
macros that use DTS node label to identify partitions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
initialization.
When using nuttx MCUBoot app as a main entry point in
place of nsh_main it is necesary to perform board-specific
driver initialization through boardctl().
Signed-off-by: Andrés Sánchez Pascual <tito97_sp@hotmail.com>
boot: nuttx: main: fix minor errors according
Signed-off-by: Andrés Sánchez Pascual <tito97_sp@hotmail.com>
Since we have support for nRF and STM32 families,
and non-vendor watchdog implementation let's enable
this functionality by default.
Imply NRFX_WDT && NRFX_WDT0 && NRFX_WDT1 only when
SOC_FAMILY_NRF is being used.
Signed-off-by: Bartosz Bilas <bartosz.bilas@hotmail.com>
Return the device pointer if the node identifier
refers to a watchdog node with status “okay”,
otherwise return NULL.
Signed-off-by: Bartosz Bilas <bartosz.bilas@hotmail.com>
Updates the CI workflows to use the Zephyr SDK 0.15.0 for
building and testing Zephyr in the CI.
Fixes:
E: CMake Error at cmake/modules/verify-toolchain.cmake:79 (find_package):
Could not find a configuration file for package "Zephyr-sdk" that is
compatible with requested version "0.15".
The following configuration files were considered but not accepted:
Signed-off-by: Bartosz Bilas <bartosz.bilas@hotmail.com>
Antonio de Angelis