Implementation of flash_area_read_is_empty introduced recently
uses deprecated hal_flash_read API which caused build failure.
This patch uses zephyr's native flash_area_read() API which
solves the bug.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Mynewt has recently added an encrypted flash layer driver, that runs
transparently on any flash, handling reads and writes, and bypassing
other flash operations to the HW driver. As a result of this change,
checking for erased data cannot be done by read + compare to erased_val
but need to be routed to an empty check on the lower level. To do this
Mynewt added a new flash_map function called "flash_area_read_is_empty"
which checks for erased blocks (and reads/decrypts the data as well).
This commit uses `flash_area_read_is_empty` to determine if magic,
flags and swap status are erased. For Zephyr/sim commits were added
previously that mimic this functionality by simply doing the
read/compare.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This compliments the previous change on `image_ok` and also removes
`flash_area_erased_val` call that is not needed anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
It was impossible to set confirm flag due to incorrect comparison.
In this point of time state->image_ok is already decoded and contains
one of following values:
If BOOT_FLAG_UNSET then we are ok to set a confirm flag.
Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>
This will fix#335 by defining the array size of the magic word and
give it to the relevant functions.
Signed-off-by: Hovland, Sigvart <sigvart.hovland@nordicsemi.no>
For Zephyr assume flash is always erased to 0xff. This allows backward
compatibility of the new flash erased to 0 support.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This extends mcuboot to allow use on devices which don't follow the
typical erased at 0xff. This was tested on some previously supported
devices (erased at 0xff) and STM32L1/L0 which are erased at 0.
Signed-off-by: Fabio Utzig <utzig@apache.org>
MCUboot doesn't need mbedTLS's entropy code (you don't need random
numbers to check a digital signature), but it enables it. This causes
really scary warnings when building entropy.c, since the test entropy
source is enabled:
[113/197] Building C object zephyr/ext/lib/crypto/mbedtls/CMakeFiles/ext__lib__crypto__mbedtls.dir/library/entropy.c.obj
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:31:2: warning: #warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " [-Wcpp]
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:32:2: warning: #warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " [-Wcpp]
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:33:2: warning: #warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " [-Wcpp]
#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
^~~~~~~
Delete the bits of the mbedTLS configuration that compile this
file (along with some testing code we don't care about either) to
clean up the warning. This looks like copy/paste code from the initial
mbedTLS config import into MCUboot.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Various Zephyr boards (I'm looking at you, every-single-nRF-board)
set CONFIG_BT_CTLR=y as well as CONFIG_BT. Make sure it's disabled for
MCUboot's default prj.conf, where it's not needed and has been causing
very verbose Kconfiglib warnings:
warning: BT_CTLR (defined at subsys/bluetooth/controller/Kconfig:10) was assigned the value 'y' but
got the value 'n'. You can check symbol information (including dependencies) in the 'menuconfig'
interface (see the Application Development Primer section of the manual), or in the Kconfig
reference at http://docs.zephyrproject.org/reference/kconfig/CONFIG_BT_CTLR.html (which is updated
regularly from the master branch). See the 'Setting configuration values' section of the Board
Porting Guide as well.
Signed-off-by: Marti Bolivar <marti@foundries.io>
It is possible that while flash was erased progressively
the flash image status page was not erased.
This patch check this case and performs additional eras
if it was required.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This commit adds the option to erase flash pages while receiving
the firmware, opposed to bulk-erasing the whole image area at
the beginning of the DFU process. This is required on some
hardware that has long erase times, to prevent a long wait
and possibly a timeout during DFU.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The UART device ISR in serial_adapter expected the device
to fire an interrupt for each byte that was received.
Although this might have worked for some devices it wouldn't
work for USB. This commit fixed the issue by modifying the ISR
according to the uart.h documentation.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
On Mynewt some flash drivers on very slow devices tickle the watchdog to
avoid possible hangs; those were also trying to tickle the watchdog in
mcuboot when performing an upgrade or serial boot, without initializing
the watchdog, causing an invalid memory write and reset issue.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove the simple pointers and use the "&" operator throughout to
simplify the understanding of the code.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
In order to avoid overwriting an existing allocated buffer that has not
yet been processed by the main loop, switch to a new command buffer
whenever we have received a complete one.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
While building with Zephyr 1.12 for the nucleo_f091rc I got undefined
reference to __set_MSP() during linking. Including soc.h fixes the
problem. Thanks carlesc.
Signed-off-by: Evan Gates <evan@gnarbox.com>
This fixes an issue where the bootloader is activating a timer that is
later not used by the installed target image causing a non handled interrupt
fault.
Signed-off-by: Fabio Utzig <utzig@apache.org>
It was possible that free_queue locks on the self referencing
node.
This patch introduce check for this issue
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
For zephyr it was possible to make buffer overflow while decoding
incoming base64 sting. This patch correct the available
buffer size transferred to base64 decoding function, which mitigate the
issue.
Clean up boot_serial_start function from unwanted
execution constant pointers.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Due to an issue described here:
https://github.com/zephyrproject-rtos/zephyr/issues/8393
interrupts are not enabled when multithreading is disabled.
Enable interrupts to allow the serial recovery mode UART to receive
characters.
Note: This commit must be reverted once the issue is addressed.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The k_fifo_* primitives are not available when multithreading is
disabled. Use sys_slist_* instead.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Power management requires multithreading and other kernel features that
are disabled in MCUboot, so disable it to avoid interrupts being
confused by power management code wrappers.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
- Remove dependency to sprintf()
- Remove dependency to cborattr
- mynewt: replace console with more direct interface to uart
- mynewt: settings to reduce included os code
Signed-off-by: Marko Kiiskila <marko@runtime.io>
For serial recovery enabled Assertions conditions were improperly
which cause runtime assertion whenever __ASSERT macro was enabled
along with the serial recovery mode running.
This patch fixes the issue.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The swap status area is used to maintain information that allows
recovery when interrupted in the middle of a swap. This area has no
usefulness when doing a overwrite-only upgrade, which always copies the
entire slot.
Signed-off-by: Fabio Utzig <utzig@apache.org>
In order to provide a pleasant out-of-the-box experience to users,
default to the RSA .pem file so that users do not get a cryptic error
when building with the default .conf file in upstream.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The hardcoded keys for Zephyr were removed and external references were
added for the built time autogenerated variables. A hardcoded key file
was added specifically for the simulator.
Signed-off-by: Fabio Utzig <utzig@apache.org>
For both RSA (which uses Zephyr's mbedTLS copy) and ECDSA (which uses
our own for ASN1 parsing) use the common "mcuboot-mbedtls-cfg.h" header
file instead of relying on the default config.h bundled with mbedTLS.
Additionally issue a descriptive error when CONFIG_MBEDTLS is set and we
are building with our own copy.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This removes settings of log level on a per file basis. The log level
should be set by the global config, while per file log configuration can
still be set, don't enforce them.
Signed-off-by: Fabio Utzig <utzig@apache.org>
For Mynewt when no logging (default option) or serial boot was selected,
avoid initializing all serial supporting system. This enables to save
flash space when only basic bootloader functionality is used.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Now bootutil_log.h was converted to use per platform logging primitives
defined according to documentation established on the template file.
Some "null" macros were left to avoid breaking per source logging level
definition when MCUBOOT_HAVE_LOGGING was not defined.
Signed-off-by: Fabio Utzig <utzig@apache.org>
New logging macros were added for all supported platforms, following the
documentation defined in the template config file.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch isolates mcuboot settings under `MCUBoot`
menu in menuconfig view. This improves legibility.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The patch introduce usage of zephyr flas_map module instead
of mcuboot zephyr-only implementation. Unused flash_area_to_sectors
API of former flash_map was removed as well.
Size of sector-status-update-map entry is now defined thanks to the
minimum write size supported by the flash driver.
For avoid ambiguity former zephyr-only files flash_map.c
were renamed to flash_map_extended.c (its code now implements
only addition to this what zephyr flash_map implements).
flash_map.h header include is now warped by flash_map_backedn.h headre
because implementations and include pathes are diferent in Zephyr and Mynewt.
Usage of hal_flash_align() were replaced by usage flash_area_align().
This provide consistency between MyNewt and Zephyr implementation as
this API is available in both RTOSes.
flash_map.h was moved to the simulator c-support files as now missing in
the boot/zephyr subdirectories.
f. boot_scratch_fa_device_id was removed as unused.
f. boot_img_fa_device_id was and expanded the only use of it
(on loader.c).
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This removes the old "TLV size" and "keyId" fields that used to exist
in the old image header format and updates it to use `load_addr`. Also
fixes the name of reserved fields to index from 1.
This fixes#279
Signed-off-by: Fabio Utzig <utzig@apache.org>
The unit tests depend on a few Mynewt packages (`test/testutil` and
`sys/console/stub`). If there is no repo prefix in the dependency
specifier, newt assumes the package is in the local repo (mcuboot)`.
This commit adds the `@apache-mynewt-core/` prefix to these
dependencies.
Signed-off-by: Christopher Collins <ccollins@apache.org>
Continue removing platform-specific conditional compilation from
bootutil by adding a new MCUBOOT_HAVE_ASSERT_H configuration option
and associated header file. Right now, that's only used by the
simulator.
That leaves just bootutil_log.h with platform-specific contents, but
since it's meant to be an abstraction layer for logging, we'll let it
stand for now.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Take the opportunity to clean up a bit of platform cruft that has
gotten into bootutil by moving it to mcuboot_config.h, and ensuring it
is documented in the template config file.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
This allows us to delete all the remaining compiler command line
configuration from CMakeLists.txt.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Andrzej Puzdrowski