Commit 9117fded47 added support for
supplying an `--erased-val`, which defaults to 0xff. When padding a
header, the checks were still validating against 0, which is the
value used for padding by the Zephyr build system. Now when the
user passes `--pad-header` this check is skipped (we already know
the contents).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Ran automated checker for common typos [1]. Most of these changes have
no functional change *except* for `./ci/sim_run.sh` where, previously
the `bootstrap` feature wasn't being selected properly.
I didn't touch anything in the `./ext/` folder as anything in there
should probably be fixed in the upstream repo.
[1] https://github.com/codespell-project/codespell
Signed-off-by: Sam Bristow <sam@bristow.nz>
When generating HEX output, instead of just adding the `magic`, also add
the whole trailer (with erased value). This allows for HEX writing tools
to erase the trailer region, avoiding possible issues when garbage
exists there.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add `-R`/`--erased-val` CLI option when creating images, which accepts
a value to be used for padding. This is useful when creating images
that run in devices that have flash erased to some value different
from 0xff (like STM32L0x and STM32L1x that have 0s).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add a new flag `-x` (or `--hex_addr`) which adjusts the memory address
where this file has to be written to. This is useful when generating
upgrade images that will go to the secondary slot, in cases where the
user is not using mcumgr or some other delivery mechanism, and has to
manually adjust the addresses using `objcopy`.
Also when using hex files, image padding now only adds a segment with
the magic at the end instead of filling the whole output with `0xff`.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Seems like pypi.org is not accepting "None" for email anymore, so this
just adds the mailing list in case someone needs to contact the project.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Allow the user to set the load_addr field of the header.
This could be useful in multi image situations to help
deduce the image number of an update without having to
look at the swap info.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
This accounts for changes in the Zephyr build which include:
1) Flash areas are prefixed with `DT_`
2) The generated DTS was renamed to generated_dts_board_unfixed.h
3) The build tree has an extra "zephyr" dir.
Fixes#408
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add a `debug_dump()` method to `Images` to allow the images to be
written to a file. The dependency test will call this if the
environment variable MCUBOOT_DEBUG_DUMP is set.
In order to make these debug dumps more useful, add a simple partition
table to the beginning of the image (where MCUboot would reside on
target). This has a simple header, and then entries for each partition,
using the partition ids used within the simulator. This allows the
image to be more easily used by external tools.
As an example, `scripts/mcubin.bt` is a binary template for the [010
Editor](https://www.sweetscape.com/010editor/), allowing it to decode
and show the details of images from MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
This struct currently relies on padding being done by the C compiler.
Although this is generally done the same across targets, this isn't
required, and it is better to make any padding explicit. This also
makes it clear that there is extra space in this structure that can be
used for another purpose.
The python imgtool is also fixed to match. It was using a 32-bit int,
which only worked in the little endian case.
Signed-off-by: David Brown <david.brown@linaro.org>
Since Ed25519 curve primitives are available since cryptography package
version 2.6 need to bump its version.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This adds ed25519 signature support using the "prehash" method. Instead
of using the direct contents of the image and header payloads, a sha256
is generated and signed (SHA256-Ed25519). This allows for compatibility
with already existing tools that use the sha256 hash, like mcumgr, etc.
Signed-off-by: Fabio Utzig <utzig@apache.org>
imgtool verify -k <some-key.(pub|sec)> <img-file>
Allow imgtool to validate that an image has a valid sha256sum and that
it was signed by the supplied key.
NOTE: this does not yet support verifying encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit aims to add the ability to specify and add dependency
TLVs to MCUBOOT. Due to the private nature of this feature, having
dependency TLVs mean that the TLV Info header and these TLVs become
part of the protected area (they are supposed to get signed as well).
Since the TLV Info header containing the whole TLV section's size
becomes protected, this size needs to be calculated in advance to get
proper hash values.
Change-Id: I13277a3b595acc2bb8c5084420f3d61c8d301dc2
Author: Bence Kaposzta <bence.kaposzta@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
If imgtool is used for signing with encryption
it will disallow using public RSA key for
signing.
Signed-off-by: Chris Bittner <chris.bittner@nordicsemi.no>
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.
Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
Add a new directory "ci", to easily add new tests with setup/run phases
that don't require direct setup in .travis.yml. This also avoids
polution of scripts/.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Updates imgtool to infer, based on output image filename, which format
should be use for output file. Filenames that end with extension `.hex`
are saved in Intel HEX, otherwise saves a binary image.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds initial support for publishing imgtool to pypi.org.
The main imgtool.py was moved to imgtool package and made into the main
file, and a new imgtool.py that calls into the package, was added allowing
for the old usage behavior to remain functional.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Generating images with no signature or encryption was broken by commit
06b77b8353
This allows generating images with just sha256 again, and fixes a few
leftovers from the imghash TLV change.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Because the amount of features that the simulator is testing is growing,
the test time is taking a long time. This distributes simulator's tests
over three travis machines to decrease test time.
Add options to defined tests that run one-by-one in a sequential fashion
by defining them in $SINGLE_FEATURES, and allow defining features that
should run together by providing a string of ',' separated list of
multiple tests in $MULTI_FEATURES.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Adds a new flag to imgtool, -E/--encrypt which accepts a public rsa-2048
key file that will be used to encrypt the image.
The encryption method uses AES-128-CTR to encrypt the image data (ignores
the header and TLVs), using a random key that is itself encrypted using
RSA-2048-OAEP and added to the generated image as a new TLV.
Signed-off-by: Fabio Utzig <utzig@apache.org>
If adding a header to a .hex file (using the command line
"--pad-header"), the hex file gets shifted by header size. This may
cause hard coded addresses to be off by "header-size", making the
firmware unusable. Instead, adjust the base address by the header
size, so the existing firmware in the hex file is loaded to the
proper addresses.
Signed-off-by: Mark Schulte <mschulte@lyft.com>
Given the example lines:
#define FLASH_AREA_MCUBOOT_OFFSET_0 0x0
#define FLASH_AREA_MCUBOOT_OFFSET FLASH_AREA_MCUBOOT_OFFSET_0
Changing OFFSET_0 to OFFSET(_0)? allows the re to possibly match the
second line where it would have stopped the match before. This combined
with the (0x)? means that the re does match the second line, with the
third group being just the F of FLASH_AREA_IMAGE_1_OFFSET_0. The int()
function fails because F is not a valid number. This commit makes the
matching more precise by 1) matching the 0x when there are hex digits
and without the 0x when there are decimal digits and 2) matching until
the end of the line.
Signed-off-by: Evan Gates <evan@gnarbox.com>
The `--included-header` was "mandatory" when using imgtool with firmware
images generated by the Zephyr build system and it was a source of
issues when it was forgotten. This removes `--included-header` and adds
a new parameter `--pad-header` with inverted semantics, to be used only
when a zeroed header is required to be added to the firmware image.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Overwrite only requires just magic + image_ok + copy_done. This fixes
issues generating images in overwrite only mode when the firmware image
is too big and overflows the swap status area.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add the new `--slot-size` and make `--pad` a bool flag, to allow
checking that firmware fits in the slot without overflowing into the
trailer region even when no padding was requested.
Fixes#241
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fabio Utzig