Zephyr has introduced an option to perform the cleanup
of ARM core HW registers during early boot, when the
firmware is chain-loaded by MCUboot. Therefore, MCUboot
does not need to perform the same cleanup before jumping
to the application image. The patch relies on the fact
that building MCUboot with Zephyr implies loading also
a Zephyr-based application firmware. If this is not the
case, the application developer needs to enable the
MCUBOOT_CLEANUP_ARM_CODE Kconfig option manually, in the
project configuration.
Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no>
The IAR toolchain does not handle the "%=" template. Emulate it with
a combination of __LINE__ and __COUNTER__
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
This contains fixes for CC310 for nRF devices using the nrfxlib.
Removed some const for compilation warnings and added `NUM_ECC_BYTES`
define.
Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com>
The function was made week so zephyr-rtos implementation
will be used if available.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
For some configurations, eg CONFIG_BOOT_DIRECT_XIP=y, fih_rc might
never be initialized; initialize and fix warning.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The last data packet might be non aligned to multiple of
the flash write-block-size. This cause that the `image upload`
mcumgr command mighty fail if the device flash driver doesn't
support one-byte write-block-size.
This patch complements the last write operation to aligned chunk
so it meet the requirements.
Added check for ensure than received data chunk doesn't
cross expected image size.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Some design.md content is causing build errors when they are included
in a .rst based documentation tree in Sphinx.
Adjust the format to make it work in both systems.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Enables BOOT_ERASE_PROGRESSIVELY for Nordic nRF boards.
This fixes issue where mcumgr upload command would result in
device being deleted, but no new image being uploaded
due to timeout while waiting for erase operation.
This avoids a delay of several seconds during firmware upload.
Signed-off-by: Bernt Johan Damslora <bernt.johan.damslora@nordicsemi.no>
Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
This to correctly set the kconfig default value.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
This fixes soft-bricks that we have seen as a result
of the bootloader being interrupted by the watchdog.
Signed-off-by: Emil Hammarstrom <emil.hammarstrom@assaabloy.com>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Removes the current `flash_area_read_is_empty` which lacked a bit of
clarity in its naming and error handling, as well as requiring an
extra API in the flash map, and switches to using an internal function
`bootutil_buffer_is_erased`.
Code that was previously using `flash_area_read_is_empty` must now be
updated to do a `flash_area_read` followed by a call to
`bootutil_buffer_is_erased` with the read buffer.
The proposal was previously discussed here:
https://github.com/zephyrproject-rtos/zephyr/pull/28519
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
When the image in the primary slot is padded, the boot source is
considered the primary slot; this results in skipping the typical
initialization of the trailer, which ends up bricking the device. As
it is fine to always initialize the trailer in the primary slot when
starting a new upgrade the extra check was removed.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The comment on why first parameter to bootutil_img_validate is allowed
to be NULL, in boot_image_validation of single_loader.c, has been
rewritten.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.
fixes#831
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Remove unnecessary includes and create conditionally
the MCUBOOT_FIH_PROFILE_OFF define to avoid redefinition
warnings.
Change-Id: I6a34af2a5e45b81fdedd26bc1fa50ab0b9a05918
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Some Zephyr boards enable HW stack protection by default, which
propagates in mcuboot build. Bootloader works fine with that option, but
the problem arises when we jump to application code. HW stack protection
catches application code during early init, which results in
"unresponsive" application.
Disable HW stack protection, so it doesn't make any harm for application
code.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Fix boostrapping in swap-move that was being skipped due to the having
an erased header in the primary slot which caused an early return
because of the requirement of having to re-read image headers when
"moving" an image during an upgrade.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Remove `MCUBOOT_OVERWRITE_ONLY_FAST` from overwrite-only upgrades, to
make it compatible with `large-write` tests after the latest changes
to the fast overwrite code; make it default when bootstrapping.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Previously when `MCUBOOT_OVERWRITE_ONLY_FAST` was set, the whole amount
of sectors that stored an image were being copied. After this commit
only the exact amount of data used by the image is copied; this avoids
copying some 0xff (or garbage) data between the end of the image and the
end of the last sector storing it.
Extra trailer management was added which suits using the copy upgrade
routine also for bootstrapping.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Add support for the pinnacle_100_dvk board.
The Pinnacle 100 modem slot 1 partition
is located in external QSPI.
Add a board file overlay to enable QSPI flash.
Signed-off-by: Ryan Erickson <ryan.erickson@lairdconnect.com>
nrfxlib need to be cloned manullay.
This patch gives a help message to the user in case it
was missing.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Usage of cc310 by defaults gives poor user
experience out of the box as it requires manual
cloning of nrfxlib repository.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add fault injection hardening profile configuration to Zephyr config.
Default config is to not have any hardening in SW against hardware level
fault injection like clock or power glitching, EM pulse, laser beam, etc.
Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Add fault attack mitigation measures to code vital for the correct
validation of images.
Change-Id: If6eb1110a8c2966faf105d07ad2e95482a80a8d9
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Remove a footnote that is not generating a proper link and add an inline
link to the mbed TLS referece for platform.h. This also fixes a warning
when running through recommonmark==0.6.0 because it is unable to parse the
old syntax.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This change adds Disclaimer section to Cypress related documentation and adds details about custom hardware configuration flow.
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
Entering deep sleep on CM0 without valid application on CM4 caused pyocd error while programming. This fix disables entering deep sleep mode on CM0 if no valid applications found for boot. Waiting for uart complete tx reworked. Code refactoring
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
This is the preferred signing type with this HW available.
Add 'ECDSA' to the kconfig name to align with the tinycrypt variant.
Remove superfluous checks on select operations.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Automate process of selecting correct .pem key file.
Zephyr users are familiar with using 'menuconfig' and similar tools
for seeing what options are available, so remove =n choices from
prj.conf which were used to show the available options.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
- The enc_context needs to initialize.
boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.
- Handle boot_encrypt getting called with size of 0.
- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.
I don't quite like this because it's implicit and will leak memory on
other ports.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
Ioannis Glaropoulos