Avoid jumping into an image while still having encryption keys stored in
RAM, which could then be recovered by the app.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add new bootutil function that returns the size of the status area.
The simulator was updated to remove the custom calculation and get
the size directly from bootutil, avoiding breakages the happen when
both are not in sync.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When using swap withouth scratch, if a revert operation is detected there
is a fixup that needs to be done to avoid losing metadata. This fixup
copied metadata from the primary slot to the secondary slot temporarily.
Previously it was also copying the encrypted image keys but this is not
required since a fixup is only run when starting a new swap where the
keys were loaded directly from the images. This also avoids that a
secondary slot in external flash would leak keys (according to our
threat model).
Signed-off-by: Fabio Utzig <utzig@apache.org>
ECDSA signatures are variable length. They are also encoded as ASN.1.
The ASN.1 parser we use is given the length, and will return a decoding
error if the signature block is not sufficiently long. Instead of
requiring the signature block be padded to the longest possible length a
signature can be, allow them to be their natural length.
This allows image signing tools to be able to generate signatures that
don't have this padding. Along with removing the pad removal code from
the EC224 code, this will allow this code to correctly validate all
signatures, not just 255 out of 256.
Signed-off-by: David Brown <david.brown@linaro.org>
Start with some documentation on ECDSA signatures, and the problems with
the current padding approach. Present a plan to support correctly
formatted ECDSA signatures, and how to handle the transition both in the
C code, as well as the tooling that signs images.
Signed-off-by: David Brown <david.brown@linaro.org>
This applies a few improvements to a commit previously included in
PR #596:
* Move functions to dump a private key to the private key classes
* Remove language option; always dumps in C format
* Add option to generate a minimal dump. This will remove extra
parameters that are present in keys generated with the `keygen`
command.
For P256 this will remove the public point, which is already
ignored by the parsing function. The resulting key dump shrinks
from 138 to 70 bytes.
For RSA it will remove the DP/DQ/QP parameters which are only
used with CRT enabled, and if not available, can be calculated at
runtime. This reduces the size of a key dump from around 1190
bytes to somewhere close to 800 bytes. A patch to the RSA parsing
routine will be added in another commit.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Ioannis Konstantelias <ikonstadel@gmail.com>
Allow runtime generation of CRT params when not available in the
embedded private key. Also remove parsing/calculation of CRT
parameters when CRT was disabled in the config (mbedTLS does not
use those in this case).
Signed-off-by: Fabio Utzig <utzig@apache.org>
module.yaml added as required for Zephyr's integration as a module.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Added sample.yaml which is required for automatic building
mcuboot using zephyr sanitycheck.
Can be run by zephyr sanitycheck locally using
--testcase-root=/path/to/mcuboot/boot/zephyr
to make it detect the sample.yaml added.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Apply a few improvements to the type parameter in the keygen command.
Currently finding out the key types requires passing an invalid value
to display what values are available. Instead add them the help page,
so it shows an output like below:
```
-t, --type type One of: rsa-2048, rsa-3072, ecdsa-p256, ecdsa-p224,
ed25519 [required]
```
When no type is given in the cli, ask for it:
```
$ ./imgtool.py keygen -k privkey.pem
Type (rsa-2048, rsa-3072, ecdsa-p256, ecdsa-p224, ed25519):
```
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds a Kconfig feature CONFIG_BOOT_USE_BENCH, which when enabled
will print the simple benchmarking output as log messages.
Signed-off-by: David Brown <david.brown@linaro.org>
Add a `bootutil/bench.h` file that defines two calls
`boot_bench_start()` and `boot_bench_stop()` along with a type for the
state. These calls can be placed around blocks of code, and with a
properly defined implementation, will print simple performance
information about these operations.
This change merely adds the includes, and the empty implementations that
are used if the bencharking feature is not enabled.
Signed-off-by: David Brown <david.brown@linaro.org>
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.
Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707
This patch switch mcuboot to using most recent items.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
There are a few error messages printed by the boot code. In a normal
platform, these are real errors, and really should print a message.
However, in the simulator, we intentionally create these scenarios, and
these errors only serve to distract from the rest of the test output.
Conditionalize the error prints based on whether we are running in the
simulator.
Signed-off-by: David Brown <david.brown@linaro.org>
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
are interesting while debugging bootutil in the simulator. This should
be used for extra verbose prints.
* Also added fflushs after fprints to guarantee that messages are printed
even when assertions are raised.
* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
to the other ports.
* Make DEBUG the default level when building the simulator (one can
still lower verbosity using any other value for RUST_LOG).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fix an issue where an upgrade could fail to execute.
This happened randomly in the "perm_with_fails" test in the simulator;
for it to happen the first reset had to occur just after writing the
metadata to mark the start of a new upgrade, but before any swap happened;
if followed by a new reset happening at a point where the metadata was
erased and rewritten, it would result in an upgrade failure. The images
would still be valid though although in their original slots.
The fix stores the detected boot status source in the state. When
metadata was found in the primary slot we assume a swap has already
started (even though no sector swap has happened) and avoid
erasing/rewriting it.
Signed-off-by: Fabio Utzig <utzig@apache.org>
For some reason, the ECDSA signature generation code attempted to adjust
the length of the ASN.1 of the actual signature. It wasn't doing this
right, and was creating ASN.1 expecting many more entries than were
present. The half-run parser in the tinycrypt ECDSA signature check
didn't care about this, but mbed TLS's signature check does care.
The intent of the padding was to be able to predict the size of the TLV
before writing it out. Keep the padding for now, even though there is
no simple way of knowing how many pad bytes to remove (just removing
them will remove extra if there is a zero in the last byte of the
signature.
A future change will eliminate the padding, as it should no longer be
needed.
Signed-off-by: David Brown <david.brown@linaro.org>
Add Zephyr option to enable building a bootloader that uses an
alternative swap algorithm, that first moves up all sectors in slot1 and
then directly swaps between slot0 and slot1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add Mynewt option to enable building a bootloader that uses an
alternative swap algorithm, that first moves up all sectors in slot1 and
then directly swaps between slot0 and slot1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `make_device` to return a slice of unsupported caps for a test.
This allows skipping tests in devices that are known to be non working
under some build configuration.
The device constructor was updated to return a `Result`, so that the
specific reason for skipping can be returned as a `String`.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add cap for swap using move and rename old swap upgrade cap to swap
using scratch. Update sim to allow swapping tests to also run using
move.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This implements a swap upgrade that does not use a scratch area. It
works by first moving all sectors in the primary slot up one position,
and then looping on moving sector of index X of the secondary slot to
index X of the primary slot, followed by moving sector X+1 of the
primary slot to X on the secondary slot, for each sector X.
The idea behind this implementation was initially suggested by Jehudi
Maes (@Laczen) and implemented on his own bootloader (ZEPboot).
Signed-off-by: Fabio Utzig <utzig@apache.org>
This moves the functionality that is unique to a scratch based swap
upgrade into a separate file. Later other upgrade strategies can be
added by reimplementing those functions.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Currently, the tests that appear to be testing for invalid signatures
are actually just testing that images aren't used if the entire TLV
block is missing. Fix this by being more subtle about our corruptions.
If there is no signature, corrupt that data being used to generate the
hash. Otherwise, modify the data before it goes into the signature, but
generate a valid SHA256 in the TLV. This way, we exercise the signature
itself being corrupt.
Signed-off-by: David Brown <david.brown@linaro.org>
Previous changes have used 16-bit writes for calculated lengths, but are
using a pair of 8-bit writes for hard-coded values. Change these to
also use 16-bit writes for consistency, and clarity.
Signed-off-by: David Brown <david.brown@linaro.org>
Change the type of the TLV tag from an 8-bit unsigned value (followed by
8 bits of padding) to a 16-bit value. Because we are storing the tag as
little endian, the encoding will end up the same, but this will later
allow us to add more tags.
Signed-off-by: David Brown <david.brown@linaro.org>
The current TLV tag is an unsigned 8-bit integer, that is stored with 8
bits of padding. As the TLV tag is defined to be little endian
(although the code doesn't properly handle this), we can use the 8 bits
of padding as the upper 8-bits, treating the TLV tag as a 16 bit value,
and all existing tags will operate as they did before.
Change the types used throughout the code to represent the TLV to a
`uint16_t`. Change the ANY tag type to `0xffff` instead of `0xff`.
This value is never stored, but will avoid conflicts with any future
allocated tags.
Signed-off-by: David Brown <david.brown@linaro.org>
Remove a redundant chip erase from run-tests.go. The '-e chip' should
tell pyocd to perform a chip erase. There seem to be some combinations
of daplink and pyocd that if an invalid image is loaded into the device,
it can no longer be flashed by pyocd. Performing the chip erase as a
separate command easily gets it into this state. It can be recovered by
using the DAP filesystem to write the image.
Signed-off-by: David Brown <david.brown@linaro.org>
0e3fa72df4 removed device tree overlay
that is required to flash mcuboot to correct partition and CMake
variable that pointed to it. Restore it.
Do not restore adding "boards/${BOARD}.overlay" to the list since Zephyr
detects this file automatically now - see https://docs.zephyrproject.org/latest/application/index.html#devicetree-overlays
Signed-off-by: Sergey Koziakov <dya.eshshmai@gmail.com>
These were added during development to make sure conditional compilation
was working. Now, they just cause excess messages to be printed.
Remove them.
Signed-off-by: David Brown <david.brown@linaro.org>
When pages are built from the markdown sources, the html anchors for
titles are automatically added, but no links are inserted in the pages.
This makes it harder to send URLs to sections; one has to browse the
page source to get the correct link. This fixes the issue by adding
links directly to the generated pages.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Don't set the board to qemu_x86 either; that's not right by any means.
Remove dts.overlay and build system logic related to it in
boot/zephyr/CMakeLists.txt. This file was a hack for arduino_101,
which is no longer supported by Zephyr.
Remove all the other DTC_OVERLAY_FILE logic in general while we're
here. Zephyr picks up
${APPLICATION_SOURCE_DIR}/boards/${BOARD}.overlay and uses it as
DTC_OVERLAY_FILE "for free" if DTC_OVERLAY_FILE is unset.
Adjust the minimum CMake version while we're here to account for
Zephyr build system changes.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
Remove this workaround. The Kinetis flash driver has supported
FLASH_PAGE_LAYOUT since at least January 2018.
Signed-off-by: David Brown <david.brown@linaro.org>
URL anchors are already generated automatically by the GH markdown
processor, but they are not visible. This adds the proper links to the
page.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Only execute serial recovery if valid pin condition is detected
during power up reset or pin reset on nRF devices with RESETREAS
register. This is to prevent going into serial recovery when
waking up from power off mode with the same pin conditions that
is configured to trigger serial recovery.
Signed-off-by: Jon Helge Nistad <jon.helge.nistad@nordicsemi.no>
While doing a revert, the image encryption keys might be saved temporarily
in the scratch area; this is required in situations that we need to swap
one of the last sectors of the primary slot. When this happens, and the
device is interrupted just after restarting the revert swap, bootutil will
try to load the encrypted keys from the primary slot, and possibly use them
in reverted order (image in primary uses key of image in secondary and
vice-versa) which was saved in the test upgrade.
This fixes the issue by reverting the order used to check for the swap
metadata, with scratch being checked before the primary slot.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Removes the hard-coded image encryption keys, and updates with keys
generated randomly before use. This tests the correct behavior of
how ephemeral keys should be used when generating new images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fabio Utzig