Hackerone hasn't turned out to be particularly useful. Fortunately, github now
has a mechanism to directly report security vulnerabilities within the project's
pages. Update the docs to show this as the preferred vulnerability reporting
mechanism.
Signed-off-by: David Brown <david.brown@linaro.org>
Adds a note that both of these functions are now (optionally)
supported in serial recovery mode.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a note that the zcbor encoder buffer size has been fixed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.
Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147
Imgtool does not provide support for P224
curve, just a placeholder function that
says it's not currently implemented.
This has now been removed as P224 support
had been removed from the boot code too.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I477d8e273085f38f35eaf9a591584f3e937d748d
Added description on serial recovery mode features and
its configuration.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
Added description on what is the serial recovery protocol
in general.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
fix
Add mention of the release note requirements to the SubmittingPatches
file so that developers are more likely to see and comply.
Signed-off-by: David Brown <david.brown@linaro.org>
Add some guidelines for release notes that developers can use to create
release note snippets as features and fixes are implemented. This will
greatly reduce the work needed at release time.
Signed-off-by: David Brown <david.brown@linaro.org>
The relative links do not work on the docs website due to the files not
living in the docs/ directory. This updates to link directly to the
GitHub source so that users are not dropped onto a 404 page.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
Public key is handled by the build-system
since a while.
This patch reflect this in the documentation.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Co-authored-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Zephyr-port has switched to use DT node labels instead of
label properties for partition assignment.
Also usage of west is recommended way to work with the project.
Documentation was actualized to reflect these principles.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Co-authored-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Update a previous PR were PEM exporting was added to the `--lang`
parameter, even though PEM is not a source code language per se.
This PR adds `--encoding/-e` to `getpub` command, for exporting
in formats other than a language source code. `--lang` is left with
a deprecation message, so it could be removed in a future version.
The default behavior of exporting source code in C was preserved.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `getpub` with new `lang` option, "pem", which allows exporting a
public key as a PEM file. This can later be distributed to be used for
encrypting an image, and gets away with having to use openssl for this
step.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
espressif: Configure console via bootloader_support functions
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.
Made respectively changes for build system and documentation.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Changes on configuration and flash area organization for supporting
multi image and implementation for booting on different processors
on esp32
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Add instructions on the readme-espressif.md on how to encrypt
data on the host.
Also add configuration and instructions for disabling/switch
UART ROM Download Mode.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
esptool and imgtool require additional information that is not clear
to end user.
It also update ESP32 status for Zephyr porting.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
Fixed spacing after periods.
Rephrased slighly unclear sentences.
Added other very minor fixes.
Signed-off-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Rephrased a few sentences.
Fixed a few typos.
Fixed lists.
Added additional small fixes.
Signed-off-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
Updated index.md and readme.md:
- Removed outdated info
- Added info about newly added ports
- Fixed a few style issues.
- Rephrased a few sections.
Signed-off-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
`image-trailer-size` should be mentioned instead
of `image-trailer-sectors-size` in the maximal-image-size
evaluation description.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added sub-header for point where swap-using-scratch algorithm
is described.
Added note on the maximum image size allowed for this mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Image trailer might consume notable amount of image slot size.
This path adds note for emphasize that fact.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixed H2 title in 2nd section
Rephrased the 1st section to remove duplicate content.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
Updated security.md:
- Fixed small formatting issues
- Fixed a pair of sentences.
- Added mention to hackerone page.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
Removed outdated IRC links from index.md and readme.md.
Slightly reformatted the final links in index.md and readme.md.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
This patch adds the possibility to boot using ram-load with an
encrypted image. This is enabled when both the flags MCUBOOT_RAM_LOAD
and MCUBOOT_ENC_IMAGES are defined.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: I7756c2c634d90a2e726117d6cfc5650653cf1b51
The commit removes requirement that each system should exactly
follow proposed layout of struct flash_area and adds information
of flash_area API being extended by getter function that access
information inside flash_area type objects, allowing systems freedom
in internal implementation of flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
To avoid potential errors caused by misconfiguration make sure the
conditionally compiled snippets of code surrounded by the
MCUBOOT_DIRECT_XIP_REVERT macro are only used when direct-xip mode
is selected.
Change-Id: I6178d8186a7ca05887bc7590f5fa0c8f83f3d731
Signed-off-by: David Vincze <david.vincze@arm.com>
Multiple image boot support is implemented for direct-xip and ram-load
strategies. Dependency checking is also added, and for ram-load more
executable ram regions can be set.
Wrapper functions are intoduced to all boot strategies.
Change-Id: I59b346277dcb2c17cef4800f1e556b4ea9144845
Signed-off-by: Mark Horvath <mark.horvath@arm.com>
Addresses CVE-2021-28834
https://github.com/advisories/GHSA-52p9-v744-mwjj
Also removed the explicit jekyll dependency, which according to the
instructions should be commented out if the github-pages dependency is
used.
Signed-off-by: David Brown <david.brown@linaro.org>
Update the main webpage to contain links to the wiki page docs on the
project charter, and the membership page.
Signed-off-by: David Brown <david.brown@linaro.org>
The internal functions of mcuboot are not consistent in opening/closing flash areas and sometimes nested calls happen to `flash_area_open` and `flash_area_close`. With the previous implementation, a nested call to `flash_area_close` would deinitialize the underlying `BlockDevice`. This could cause subsequent flash operations on an "open" flash area to fail.
This PR adds a simple open counter for each flash area and ensures the underlying `BlockDevice` is initialized and deinitialized appropriately. The `BlockDevice` is only initialized when transitioning from an open count of 0 to 1. The `BlockDevice` is only deinitialized when the open count falls to 0.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
Update version fields for 1.7.0 release.
Added compatibility note for zephyr-rtos.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This PR provides a porting layer implementation and framework for building an mcuboot-based bootloader with Mbed-OS. Some symbols are not provided by the Mbed-OS port within mcuboot, namely:
- The secondary storage device (see below)
- The signing keys
- The encryption keys, if used
Use of this port is demonstrated by the following projects:
- https://github.com/AGlass0fMilk/mbed-mcuboot-demo (a complete mcuboot/Mbed-OS-based bootloader)
- https://github.com/AGlass0fMilk/mbed-mcuboot-blinky (example showing how to make an Mbed-OS application that is bootable by mcuboot)
Memory porting implementation:
The underlying implemenation uses Mbed's BlockDevice API as the storage backend for mcuboot's memory operations. This provides a very flexible way of configuring the location and layout of the secondary flash storage area. To build an mcuboot-based bootloader with Mbed-OS, the user must implement a hook function, mbed::BlockDevice* get_secondary_bd(), to provide the secondary BlockDevice that mcuboot will use.
The signing and encryption keys must also be provided by the user. They can be generated using the existing imgtool utility in the same manner used by Zephyr. There are no automated build steps currently provided by Mbed-OS to sign/encrypt build artifacts.
Known limitations:
The update candidate encryption features have not yet been fully tested. A truly secure implementation will require integration with Mbed's TRNG API in the future to inhibit side-channel attacks on the decryption process.
The TinyCrypt backend is currently only supported for Mbed-OS builds when building with the GCC toolchain. The new cmake-based Mbed-OS build system will fix the underlying issue (file name uniqueness).
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
Signed-off-by: Evelyne Donnaes <evelyne.donnaes@arm.com>
Signed-off-by: Lingkai Dong <lingkai.dong@arm.com>
Co-authored-by: Lingkai Dong <lingkai.dong@arm.com>
Co-authored-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
David Brown