Commit Graph

23 Commits

Author SHA1 Message Date
Fabio Utzig a1fae67d8a Add config for BOOT_MAX_IMG_SECTORS
This still defaults to 128 for compatibility, but allows users to
specify less elements to save space, or more elements for devices that
have massive flash size and/or too small sectors.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-04-05 18:15:35 -03:00
Fabio Utzig 1d46c944ed Always enable uart, use blocking mode
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-03-29 16:33:25 -03:00
Christopher Collins db974f2fc2 Mynewt app: Remove .OVERWITE suffix from pkg.deps
The boot loader app needs all the base dependencies, whether or not
`BOOT_SERIAL` is enabled.  Therefore, it makes sense for the serial boot
loader to add to, rather than replace, the dependency list.

This bug in the pkg.yml file went unnoticed ealier because of an issue
in newt: it used to effectively ignore the `.OVERWRITE` suffix when it
was applied to `pkg.deps`.

Signed-off-by: Christopher Collins <ccollins@apache.org>
2018-02-23 20:50:37 -03:00
Fabio Utzig 9f7c3d2096 Initialize "uart" only when boot_serial is enabled
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-02-22 15:51:39 -07:00
Andrzej Kaczmarek c49099c284 Make boot serial work on Mynewt
Signed-off-by: Andrzej Kaczmarek <andrzej.kaczmarek@codecoup.pl>
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-02-22 15:51:39 -07:00
Fabio Utzig 1a2e41ae44 Fix serial boot functionality for Mynewt
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-02-22 15:51:39 -07:00
Fabio Utzig ac18eec773 Add Mynewt support for bundled tinycrypt + mbedtls
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:32:59 -07:00
Fabio Utzig 13d9e35d52 Add faster copy/erase to overwrite-only mode
This add a new option to overwrite-only mode that enables copy/erase of
only the amount of sectors that are required to store the source image.

This is enabled by default when overwrite-only mode is used.

MCUB-70

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-19 09:28:37 -06:00
Fabio Utzig 3efe6b6206 Add tinycrypt 0.2.8
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-10 14:34:17 -03:00
Fabio Utzig a8e23e26ea Updates mynewt port to use bundled tinycrypt
This removes the dependency on tinycrypt lib provided by mynewt and
switches to the one bundled in mcuboot. Also fixes a bug where tc
was only being used when eliptic curve 256 was selected as sign
algorithm.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-09-11 18:05:45 -03:00
Marko Kiiskila 22a46b2d4a Remove PKCSv1.5 sig format option from RSA
Since we are changing the image header format, there is no reason to
continue to support the old PKCS#1 v1.5 signatures.  Remove the
definitions, and conditional complication related to this, and only
support the newer PSS signatures.

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
Marko Kiiskila 833005e2d0 Mynewt: compile time indicator telling that using new img format.
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
Fabio Utzig ba1fbe607b Fix running newtmgr when building for mcuboot
This enables mynewt to use mcuboot as a remote repository, which is only
required when using newtmgr to manage images. Since mcuboot has slightly
changed the trailer format, newtmgr built against the bundled mynewt
bootloader writes the magic and flags to the wrong location.

To build a mynewt app the wants to run with mcuboot as the bootloader
and requires newtmgr one needs to change the app's pkg.yml dependencies
as follows:

-    - boot/bootutil
+    - "@mcuboot/boot/bootutil"

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-07-21 15:58:44 -03:00
Fabio Utzig d0116731a9 Remove incubator references from mynewt dev email
Also use a single email for all packages.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-07-21 12:06:44 -06:00
Fabio Utzig b00d648841 Fix syntax error
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-06-28 08:44:31 -06:00
Fabio Utzig 0f22991880 Add PKCS#1 1.15 config option
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-06-28 08:44:31 -06:00
Fabio Utzig a7b19707c3 Fix syntax error
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-06-28 08:44:31 -06:00
Fabio Utzig 424d9a4f44 Merge pull request #66 from mbolivar/flash-map-updates
Flash map updates, redux
2017-06-19 15:10:59 -03:00
Marti Bolivar eb9408051e Use flash_device_base() when booting.
Use flash_device_base() in the boot code to compute a real address,
given the offset returned by boot_go().

Provide an implementation on mynewt that preserves existing
behavior. If mynewt needs to support devices with nonzero flash base
addresses, this can be migrated to the core OS.

Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
2017-06-15 13:24:15 -04:00
Marti Bolivar 88f48d9140 Rename br_image_addr to br_image_off.
The boot response returns a flash offset, not a flash address. This is
causing confusion and leading to crashes on some platforms which don't
have flash at address 0.

Rename the field to make it more clear what its purpose is; future
patches can start fixing up usages.

Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
2017-06-15 13:24:15 -04:00
David Brown f4e904d4be rsa: Add support for RSA-PSS
The PKCS#1 standards, which define RSA signatures, are currently at
version 2.2.  Starting in v2.1, the standard defines a new signature
method RSA-PSS, which has a stronger security proof than the signature
method used in earlier versions.  The standard recommends that RSA-PSS
be used in new designs, instead of the older algorithm.

This patch implements RSA-PSS verification for a specific set of
parameters:

    - RSA-2048
    - SHA256 for both the message digest and the internal hash
    - 32-byte salt
    - 2047 bit message

Although RSA-PSS supports other parameters, due to size constraints,
this verificatino code only supports these specific parameters, and
signatures with other parameters will be considered invalid.

To encourage the use of the more secure algorithm, the default build
configuration is RSA-PSS.  BOOTUTIL_RSA_PKCS1_15 needs to be defined in
order to support the older signature algorithm.
2017-06-13 16:02:48 -04:00
Fabio Utzig 3488eef598 Fix some leftovers after mynewt move (PR #52)
- caps.c was now updated (missed this one!).
- *_OVERWRITE_ONLY flag was now also updated.
2017-06-12 10:25:43 -03:00
Fabio Utzig 19356bf45f Make mcuboot less mynewt style
Remove most of mynewt specific stuff to a separate port package. This
should make mcuboot less "mynewt'y" and slightly easier to port to.

- Mynewt specific stuff moved to boot/mynewt.
- Sample app moved from apps/boot to boot/mynewt.
- Use MYNEWT_VAL macro only on mynewt port.
- BOOTUTIL_* and MYNEWT_VAL() usage moved to MCUBOOT_ defines.
2017-06-02 10:55:27 -07:00