Update `boot_status_off` to take into consideration that scratch only
has to store status for one swap of sectors, thus requiring much less
flash space than what is required in the primary slot.
This commits does a bit of refactoring on the functions that return
parts of trailer size to make the code clearer.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Change the configs for the Zephyr tests to use move swap, as this is the
code intended for future use.
Signed-off-by: David Brown <david.brown@linaro.org>
Build-time conditional call is not needed anymore since the empty
sys_clock_disable() callback is provided if the platform
doesn't support system clock disable capability.
Reference:
78dc8ce338
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
CONFIG_SYSTEM_CLOCK_DISABLE property was removed from
zephyr codebase. It is not needed anymore since the empty
sys_clock_disable() callback is provided if the platform
doesn't support system clock disable capability.
Reference:
78dc8ce338
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change the flash layout of the stm32f4 simulated device to include
sectors of different sizes inside both slots; both slots have been
updated to still share the same layout. This layout changes allow for
testing and validation that a swap with scratch is possible even if not
all sectors inside a slot are the same size, as long as they all fit in
scratch.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This file has been removed from upstream Zephyr in commit 2b7c61e306a
("cmake: re-work devicetree preprocessing steps").
Get the board name from .config instead; this is a stable place for it
to be found. Load the EDT itself from the pickle file in the build
directory; this has the advantage of fixing the script when out of
tree devicetree bindings are used.
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Updated index.md and readme.md:
- Removed outdated info
- Added info about newly added ports
- Fixed a few style issues.
- Rephrased a few sections.
Signed-off-by: Francesco Domenico Servidio <francesco.servidio@nordicsemi.no>
The mimxrt685_evk board has large slots so we need to increase
CONFIG_BOOT_MAX_IMG_SECTORS from the default.
Signed-off-by: Maureen Helm <maureen.helm@nxp.com>
The nRF53 mcu has moved RESETREAS register
(from POWER to RESET peripheral).
This fix uses nrfx helper to select the proper register.
Signed-off-by: Radoslaw Koppel <radoslaw.koppel@nordicsemi.no>
Removed old external flash configs for Thingy53.
Signed-off-by: Ole Sæther <ole.saether@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Kconfig macro was converted with typo to not a MCUboot's
internal macro switch. It was MCBOOT_ERASE_PROGRESSIVELY instead
of MCUBOOT_ERASE_PROGRESSIVELY.
Bug was introduced in
42c985cead
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Calculation of BOOT_SERIAL_OUT_MAX was based on MCUBOOT_IMAGE_NUMBER
while in other places BOOT_IMAGE_NUMBER is taken into account as
number of images. Let's align the calculation to use same literal value
as others.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Definition is used (and redefined) by boot_serial.c module as well.
Let's allow to use one definition for all.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
`image-trailer-size` should be mentioned instead
of `image-trailer-sectors-size` in the maximal-image-size
evaluation description.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Custom boot_preboot() function can be used to start
DFU in similar way as is already done in zephyr.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
This patch prepares the simulator to execute images with a max align
value other than 8 bytes.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The mimxrt1024_evk board have a large slot so we need
to increase CONFIG_BOOT_MAX_IMG_SECTORS from the default.
Signed-off-by: Mikkel Jakobsen <mikkel.aunsbjerg@prevas.dk>
Added sub-header for point where swap-using-scratch algorithm
is described.
Added note on the maximum image size allowed for this mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Image trailer might consume notable amount of image slot size.
This path adds note for emphasize that fact.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
CONSOLE_HANDLER is not needed for MCUboot configuration for
doing anything. Also not need to disable others CONSOLE's properties
if CONSOLE=n.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixed H2 title in 2nd section
Rephrased the 1st section to remove duplicate content.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
In a multi image context it is possible for a user to upload an image
to the wrong secondary slot. As the same key is used for both images
MCUboot will overwrite image 0 with a variant of image 1.
If direct overwrite is enabled it is not trivial to recover from this.
To mitigate this issue we introduce a check of the reset address within
the vector table.
If the reset address in the new image is not contained within the
primary slot the image is deemed incorrect and is deleted from the
secondary slot
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Updated security.md:
- Fixed small formatting issues
- Fixed a pair of sentences.
- Added mention to hackerone page.
Signed-off-by: Francesco Servidio <francesco.servidio@nordicsemi.no>
The encoding of ECDSA signatures is variable sized. Better support this
by allowing the TLV size estimate to be off by as much as 6, but only in
the case of ECDSA signature.
Signed-off-by: David Brown <david.brown@linaro.org>
Having profile configuration in sub crates generates a warning every
time Cargo is run. Remove these lines, as the top-level Cargo.toml file
defines these values.
Signed-off-by: David Brown <david.brown@linaro.org>
When passed `Largest`, as the image size, compute the largest possible
image for the test.
This currently fails when 'swap-move' is enabled or
'overwrite-only,large-write' is enabled. Allow this by not testing
maximal images in these cases.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of just passing in a numeric value for the image size, create an
enum that can use a given size, or supports a `Largest` size. Largest
is not implemented yet, but this gets the types in place for this.
Signed-off-by: David Brown <david.brown@linaro.org>
In order to generate images that match exact sizes, we need to know the
size of the TLV. We can estimate this size before the payload is added
(since the payload doesn't directly affect the size).
This patch adds the size estimate, and compares it with the actual TLV
size.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of setting a mutable variable and possibly assigning to it, just
set the variable to the result of the conditional.
Signed-off-by: David Brown <david.brown@linaro.org>
This enum ended up with some fields out of order. Fix the order. No
impact to the code, as each enum entry has a specific value, this just
makes the whole enum more consistent.
Signed-off-by: David Brown <david.brown@linaro.org>
Introduced mediate variable for express data chunk offset
from the beginning of the region.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
boot_copy_region() was written so it assumes that the image header
must fit int the intermediary buffer of 1 KB size. A bigger header
will cause a overflow in calculation of size of data chunk to be
decrypted.
This patch allow to use header bigger than that buffer size and
mitigate the limitation described above.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Kristine Jassmann