Commit Graph

74 Commits

Author SHA1 Message Date
David Vincze 2d736ad4c5 Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.

Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2019-03-13 15:40:21 -06:00
Fabio Utzig 94a9b261da Create CI resources directory
Add a new directory "ci", to easily add new tests with setup/run phases
that don't require direct setup in .travis.yml. This also avoids
polution of scripts/.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-03-12 10:37:49 -03:00
David Brown 5e9078f1e0 Bump version to 1.3.0-rc1
First pre-release for v1.3.0.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-24 10:03:37 -07:00
Fabio Utzig 79df58e695 Allow bootstrap feature on CI
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-12 14:38:18 -07:00
Fabio Utzig 7c00acd737 imgtool save to format of given output filename
Updates imgtool to infer, based on output image filename, which format
should be use for output file. Filenames that end with extension `.hex`
are saved in Intel HEX, otherwise saves a binary image.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-09 06:28:55 -02:00
Fabio Utzig e89841d5ea Add imgtool publishing support
This adds initial support for publishing imgtool to pypi.org.

The main imgtool.py was moved to imgtool package and made into the main
file, and a new imgtool.py that calls into the package, was added allowing
for the old usage behavior to remain functional.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-08 07:29:24 -02:00
Fabio Utzig cd28406e9a Fix image creation without sign/encryption
Generating images with no signature or encryption was broken by commit
06b77b8353

This allows generating images with just sha256 again, and fixes a few
leftovers from the imghash TLV change.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-17 10:51:46 -02:00
Fabio Utzig 71a697a4ea Add minimum size validation for header parameter
Throw exception on values that are less than the minimum acceptable size
of 32 bytes.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-17 09:45:55 -02:00
Fabio Utzig 38609e0c9c Fix typo in signed-off-by check error message
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-11-27 13:47:14 -03:00
Fabio Utzig 0e12f6ce98 Travis speed ups
Because the amount of features that the simulator is testing is growing,
the test time is taking a long time. This distributes simulator's tests
over three travis machines to decrease test time.

Add options to defined tests that run one-by-one in a sequential fashion
by defining them in $SINGLE_FEATURES, and allow defining features that
should run together by providing a string of ',' separated list of
multiple tests in $MULTI_FEATURES.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-11-27 13:47:14 -03:00
Fabio Utzig e3937255d7 Fix imgtool encrypt rebase issue
Avoid passing invalid `encrypt` param to image constructor.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-14 06:00:15 -07:00
Fabio Utzig 06b77b8353 Add imgtool support for encrypted image creation
Adds a new flag to imgtool, -E/--encrypt which accepts a public rsa-2048
key file that will be used to encrypt the image.

The encryption method uses AES-128-CTR to encrypt the image data (ignores
the header and TLVs), using a random key that is itself encrypted using
RSA-2048-OAEP and added to the generated image as a new TLV.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 13:36:13 -03:00
Fabio Utzig 73d8b03312 Remove redundant text in SoB error message
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 12:35:29 -03:00
Fabio Utzig d8f84bcc39 Print missing Signed-off-by line info
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-11 10:06:27 -03:00
Mark Schulte a66c68732e [imgtool] Add big endian support
Add big endian support to imgtool so that it can be used on big endian
targets.

Signed-off-by: Mark Schulte <mschulte@lyft.com>
2018-09-27 13:55:58 -03:00
Mark Schulte 884be206f9 imgtool: Adjust base_addr when injecting header
If adding a header to a .hex file (using the command line
"--pad-header"), the hex file gets shifted by header size. This may
cause hard coded addresses to be off by "header-size", making the
firmware unusable. Instead, adjust the base address by the header
size, so the existing firmware in the hex file is loaded to the
proper addresses.

Signed-off-by: Mark Schulte <mschulte@lyft.com>
2018-07-17 12:04:17 -03:00
Evan Gates 0ccee8741d fix the offset and size regular expressions in assemble.py
Given the example lines:

 #define FLASH_AREA_MCUBOOT_OFFSET_0 0x0
 #define FLASH_AREA_MCUBOOT_OFFSET   FLASH_AREA_MCUBOOT_OFFSET_0

Changing OFFSET_0 to OFFSET(_0)? allows the re to possibly match the
second line where it would have stopped the match before. This combined
with the (0x)? means that the re does match the second line, with the
third group being just the F of FLASH_AREA_IMAGE_1_OFFSET_0. The int()
function fails because F is not a valid number. This commit makes the
matching more precise by 1) matching the 0x when there are hex digits
and without the 0x when there are decimal digits and 2) matching until
the end of the line.

Signed-off-by: Evan Gates <evan@gnarbox.com>
2018-07-10 11:11:52 -03:00
Fabio Utzig 44588eff41 Update `--included-header` parameter
The `--included-header` was "mandatory" when using imgtool with firmware
images generated by the Zephyr build system and it was a source of
issues when it was forgotten. This removes `--included-header` and adds
a new parameter `--pad-header` with inverted semantics, to be used only
when a zeroed header is required to be added to the firmware image.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-22 07:58:14 -03:00
Fabio Utzig dcf0c9b2b7 Allow passing in `--overwrite-only` flag
Overwrite only requires just magic + image_ok + copy_done. This fixes
issues generating images in overwrite only mode when the firmware image
is too big and overflows the swap status area.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-13 10:42:40 -07:00
Fabio Utzig 263d4398fa Add --slot-size to allow size checking without pad
Add the new `--slot-size` and make `--pad` a bool flag, to allow
checking that firmware fits in the slot without overflowing into the
trailer region even when no padding was requested.

Fixes #241

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-07 14:29:33 -03:00
Fabio Utzig 519285faa1 Allow passing max sectors as parameter to imgtool
This adds a new command line flag to allow passing in the max number of
sectors for a swap when the image is padded. It defaults to 128 and
should match the value configured in the bootloader.

Fixes #285

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-05 12:16:45 -03:00
Fabio Utzig 51c112a1bf Add click handling of cli options
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-05 10:58:01 -03:00
Kiril Zyapkov 5d5c446443 Fix regexp matchers for FLASH_AREA_* defines
Zephyr has changed the format of macros used to define flash
area partitions -- they no longer contain the `_0` suffix.

Signed-off-by: Kiril Zyapkov <kiril.zyapkov@gmail.com>
2018-06-01 13:40:23 -03:00
Fabio Utzig aa70dae2ab Add create command to commands dict
`create` as alias to `sign` was defined in the arg parsing, but was not
functional because it was missing the subcommands call dict. This makes
`create` call the `sign` method.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-05-10 08:43:52 -03:00
Fabio Utzig b5b59f16a5 Fix leftovers from image_header v1
This removes the old "TLV size" and "keyId" fields that used to exist
in the old image header format and updates it to use `load_addr`. Also
fixes the name of reserved fields to index from 1.

This fixes #279

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-05-10 08:43:52 -03:00
David Brown 5a18102ce3 imgtool: Add 'create' alias for 'sign'
The imgtool's `sign` command also works without a key, but it doesn't
sign, only appends a hash.  Add a `create` alias to this command so that
this usage makes more sense.

Fixes #240

Signed-off-by: David Brown <david.brown@linaro.org>
2018-04-10 22:06:37 +08:00
Carles Cufi 37d052fff1 imgtool: Add support for Intel Hex images
Some platforms prefer images in the Intel Hex (.hex) format. Implement
support for signing images in this format in imgtool.

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2018-02-01 16:00:21 -07:00
Carles Cufi f242901a85 imgtool: Use a requirements file for dependencies
Instead of relying on distro packages standardize the imgtool
dependencies into a requirements.txt.

Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
2018-02-01 16:00:21 -07:00
David Brown f88d9f95d4 imgtool: Add password support to ECDSA
Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 2c9153a268 imgtool: ECDSA pad signature
Until we fix the padding problem, pad the ecdsa signatures with zeros to
always be 72 bytes long.  Add a 'raw_sign' method so that the unit test
can use the real signature.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown b6e0ae695c fix: Add back ECDSA signature support
Replace the (now broken) ECDSA code with code using the python
'cryptography' library.

Similar to the change to RSA, this changes the format that private keys
are stored, again using PKCS#8.  This supports the stronger password
protection as well.

Again, this code will still support reading the older style of public
keys, but other tools that use keys generated by this change will need
to be updated to work with the new format.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 20462a7179 fix: RSA: Use 32-byte salt with PSS
The verification code requires a fixed 32-byte salt, which seems is what
the old crypto library did.  Use this same value to avoid having to
modify the code.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 1d5bea1cf7 imgtool: Add support for password protected RSA keys
The keygen command allows the `-p` argument which will prompt for a
password, and protect the private key with this password.  When loading
keys, it will prompt for a password if it detects a password protected
key.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 47b77c521a imgtool: Fix signing payload type
The 'cryptography' library is pickier about the data it is asked to
sign.  Get the bytes value out of the bytearray for doing the actual
signature.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 5e7c6dd58a imgtool: Update RSA code
Replace RSA code with one using the python 'cryptography' library.  This
library is much more complete, and will make adding support for password
protected keys, and separate public keys easier.

There is, however, a significant change brought about by this change:
the private keys are stored in PKCS#8 format, instead of the raw format
that was used previously.  This is a more modern format that has a few
advantages, including: supporting stronger password protection, and
allowing the key type to be determined upon read.

This tool will still support reading the old style public keys, but
other tools that use these keys will need to be updated in order to work
with the new format.

This new code has some unit tests to go along with it for some basic
sanity testing of the code.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown d4022576e4 imgtool: Remove PKCS1.5 support
Support for PKCS1.5 has been removed from the bootloader for a while
now, remove it as well from the tool.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown 244547346e imgtool: Move keys to submodule
Move this code into a submodule to prepare to cleanup and enhance the
key management code.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-09 09:41:30 -07:00
David Brown b730e2431a assemble.py: Add explicit license declaration
Although this file is likely implicitly licensed under the Apache 2.0
license because of the LICENSE file for this project, make this explicit
in this file.

Signed-off-by: David Brown <david.brown@linaro.org>
2018-01-04 10:36:25 -07:00
David Brown 1314bf3528 imgtool: Add explicit license declarations
Although these files are likely implicitly licensed under the Apache 2.0
license because of the LICENSE file for this project, make this explicit
in these files.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-12-21 13:31:03 -07:00
Fabio Utzig f0e5419535 Use travis env variable to control check-signed-off-by
Instead of trying to determine current branch using git, just rely
on travis to know if this is a PR and if it is not, don't do
signed-off-by checking.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-06 16:46:58 -07:00
Fabio Utzig efe67ae52d Disable script debugging
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-06 13:46:40 -02:00
Fabio Utzig 5f9fbcc9d0 Only check signed-off-by in PRs
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-06 13:46:40 -02:00
Fabio Utzig 6da40d077b Update to use parent commits
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-05 13:24:03 -02:00
Fabio Utzig 0b56138c8a Besides author also check committer
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-05 13:24:03 -02:00
Fabio Utzig 5101b0f812 Try using tail again
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-05 13:24:03 -02:00
Fabio Utzig 311801775e Fix review issues
- Use git options to remove last commit from list to verify.
- Check each line of a commit for a "Signed-off-by" line.
- Exit with error in the event of no commits in PR!

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-05 13:24:03 -02:00
Fabio Utzig 5b989104a5 Add travis' validation of "Signed-off-by:" line
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-05 13:24:03 -02:00
Fabio Utzig a8f06aaf4d Remove duplicated choices by using existing dict
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-17 20:25:42 -02:00
David Brown cb1bb48bb5 imgtool: Fix ECDSA signatures
Earlier refactoring created a call for get_public_bytes() that was added
to the RSA class, but missed on the ECDSA class.  Add this call so that
ECDSA signatures will work again.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
David Brown 72e7a5176f Change the image header magic
Since we've changed the meaning of several fields in the header, bump
the header to a new magic number.  The fields that are still present are
in the same place, but all of the signature and TLV information is moved
into the TLV itself, which is still immediately after the image.

As of this commit, this defines the new image header/TLV format used for
1.0.

Based on work by Marko Kiiskila <marko@runtime.io>

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00