Commit Graph

26 Commits

Author SHA1 Message Date
David Brown 5e6f5e0165 sim: Add multi-image config support to sim
Add support for building with multiple images to the simulator.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
David Vincze 2d736ad4c5 Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.

Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2019-03-13 15:40:21 -06:00
Fabio Utzig 05ab014e36 Update sim ecdsa testing to use ring signing
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.

The ring library was updated to 0.14.1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Fabio Utzig 25d7b0fa9f Update simulator dependencies
Since logging was broken due to incompatibility between log and
env_logger versions, those crates were updated to known to be compatible
versions. Update initialization of env_logger that does not return a
Result<> anymore.

Other crates were updated to remove duplicated versions as much as
possible.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-11 10:24:09 -07:00
David Brown 29b0b5ecb1 sim: fixes for 2018
Automatic migration to Rust 2018.  This is the result of running

    cargo fix --edition

The resulting code is compatible with both Rust 2015 and 2018.  Change
the edition field in the Cargo.toml file as well to begin a more
complete migration.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown e24244b632 sim: Update a few dependencies for Rust 2018
A few packages have updates that make them more convient to use with
Rust 2018's 'use macro'.  This is convenient as it allows control over
what macros are imported, but without these updates, these packages
require you to know the names of internal macros to import.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
Fabio Utzig 9b97b13a2b Enable bootstrap test in CI
Adds testing a bootstrap with RSA/ECDSA signing and KW encryption.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-27 10:58:50 -02:00
Fabio Utzig 455cad5aca Move from gcc to cc crate
gcc create has become deprecated: https://crates.io/crates/gcc

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 1e48b914a9 Add encrypted image support on sim
This adds new cargo features to allow running tests of encrypted
images with both RSA-OAEP and AES-128-KW.

When installing images on the simulated flash, both a plain and an
encrypted images are created. When encrypted image support is enabled,
verification of images in slot1 match against the encrypted image,
otherwise plain images are used.

PS: Also fixes ImageHeader to match bootutil definition.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 13:36:13 -03:00
Fabio Utzig c354e4ac5e Update sim dependencies
This updates error-chain to remove a warning on recent rust distros.
`pem` was update to get fairly recent `error-chain` as well.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-07-10 11:11:29 -03:00
Fabio Utzig ebdc969738 Add MCUBOOT_VALIDATE_SLOT0 as feature
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-21 13:36:34 -07:00
Fabio Utzig 8b619bda54 Update ring+gcc crates and declare sig-ecdsa feature
Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-12-13 14:26:08 -07:00
David Brown dd2b118b21 sim: Run main test as a Rust unit test
As a start of doing the testing using Rust/Cargo's test framework, write
a test runner that just runs the existing tests.  They run as they do
now, except that there is an assertion that there were no failures.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-11-07 09:39:45 -07:00
Fabio Utzig 100bb74b54 Enable overwrite-only testing on sim
Adds the feature to enable testing of overwrite-only functionality.
While running with this feature enabled, disable tests that try to
revert and disables trailer verification, since overwrite-only doesn't
rely on status writing.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-09-13 17:14:22 -06:00
David Brown 43cda33c5a Move key_id from header into TLV
Remove the key_id field from the image header.  There are two problems
with this field.  First, it is only an integer offset, and so causes an
unnecessarily tight coupling between the particular keys built into the
bootloader, and the key that is used to sign.  Second, it makes the
key_id part of the image header, which is included in the signature.
This makes it impossible to later sign the image with a different
signature.

Instead of the key-id, add a TLV KEYHASH entry.  This will hold the
SHA256 of the public key that the signature is against.  Each signature
placed in the TLV should be preceeded by this entry to indicate the
public key used.

The signature check will check each signature, and if the KEYHASH is
known and the signature type is supported, it will be checked.  As long
as at least one signature is considered valid, the image will be
considered signed.  This also allows the image to be signed with
multiple signatures to support having different devices with possibly
different keys compiled into the bootloaders.

Based on work by Marko Kiiskila <marko@runtime.io>

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
David Brown 046a0a6224 sim: Upgrade docopt dependency
The docopt package has moved from rustc-serialize to serde.  Move to
this version, upgrading the custom deserialize we use for the alignment
argument.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 19:04:18 -06:00
David Brown ccb2a1dd5e sim: Update most dependencies
Move most dependencies to the latest version at the time of this commit.
docopt is left at the current version as there is an api change in the
newer version.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 19:04:18 -06:00
David Brown 704ac6f570 sim: Conditionalize rsa signature checking
Allow a build with sig-rsa set or not set.  Only add the signature to
the TLV if we are building with the signature checking.
2017-07-12 15:00:57 -06:00
David Brown 6390277f64 sim: Naive move of binding into mcuboot-sys
Create a crate `mcuboot-sys` to hold the building and binding of the
mcuboot code.  There aren't any substantive code changes here, just
moving the code into a separate crate.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 7e701d8ca3 sim: Add RSA signature verification to simulator
Using the published debug keypair, generate a signature with it, to add
to the TLV.  This verifies that signature verification works as
expected.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 1e15859951 sim: Switch to bitflags from enumflags
The bitflags crate seems to be better supported, and doesn't have the
problems getting the results back into the enum type.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 8054ce281a sim: Change to `ring` instead of `rust-crypto`
The ring crate's SHA256 is slightly slower than the one from
rust-crypto, but is much cleaner to use.  It also has all of the hashing
operations we need.

This crate is somewhat opinionated, e.g. will not sign messages without
also performing the signature itself.  Unfortunately, this means we'll
end up computing signatures of the same data many times, and perhaps
this should be improved, since we're always using the same data.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 187dd889dc sim: Validate the SHA256 verification
Instead of stubbing out the image validation code, compile it, and add
the SHA256 TLV to the buffer.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 2cbc4708e9 sim: Move simflash to be its own crate
In preparation for moving the bootutil binding into a separate crate,
move the flash simulator into its own crate.  This will allow the
binding to have access to the simulator without creating a circular
dependency.

Signed-off-by: David Brown <david.brown@linaro.org>
2017-07-12 15:00:57 -06:00
David Brown 4440af8f59 sim: Use logging to control output
Use the Rust logging so that normal messaging isn't overwhelmed by
messages printed.  The default level is 'error' which will only print
full errors (including the failures at the end).

To run with warnings:

   RUST_LOG=warn ./target/release/bootsim ...

This will print warnings, showing the particular failures in mind.
Using 'info' instead of 'warn' will print lots of progress as it runs.
2017-01-09 12:28:10 -07:00
David Brown de7729e6ec sim: Add simulator code
'sim' is a small simulator for the bootloader's update code.  It tests
untimely powerdowns to ensure that the bootloader will recover from a
power loss or reset at any time during the boot.

Note that, as of this commit, there are some failures in the test that
need to be investigated.

Also note that this build script does not output proper dependencies for
source files outside of the simulator directory, and won't rebuild the C
files if they or headers are modified.
2017-01-09 12:28:10 -07:00