This padding field is defined as a u8 and a u16. Clarify the marshaling
code to match instead of just looping over bytes.
Signed-off-by: David Brown <david.brown@linaro.org>
This lifetime can be inferred by the compiler, so remove the explicit
one. This makes the code a little easier to read.
Signed-off-by: David Brown <david.brown@linaro.org>
Clippy suggests that having a closure in the condition of an if can be
confusing in regards to code formatting. Move the conditional outside
of the if into a temp variable.
Signed-off-by: David Brown <david.brown@linaro.org>
From a clippy suggestion, replace an index iterator over a slice, and
directly use a mutable iterator over the slice.
Signed-off-by: David Brown <david.brown@linaro.org>
Clippy suggests using a range with `contains` in situations where we
test if a value is within a range.
Signed-off-by: David Brown <david.brown@linaro.org>
Apply clippy suggestions to directly result in values instead of
returning those values at the end of a function. Better matches common
Rust style.
Signed-off-by: David Brown <david.brown@linaro.org>
In rust, if a struct field is initialized with a variable with the same
name as the field, it is redundant to say `field: field` as the
initializer, and just `field` is sufficient. Fix the instances of this
that clippy suggests.
Signed-off-by: David Brown <david.brown@linaro.org>
Cleanup some of the unsafe usage in mcuboot-sys. In one case, add a
safety comment to the function documentation. In the other, move the
unsafe to a narrower scope, reducing the number of instances of unsafe
needed. From clippy suggestions.
Signed-off-by: David Brown <david.brown@linaro.org>
Clippy suggests implementing Default when the `new` function for that
type just initializes the type to default values.
Signed-off-by: David Brown <david.brown@linaro.org>
According to clippy, `&'static` can just be `&` for static definitions,
which always have a static lifetime. Clean this up in the arrays in the
code, as well as generation code in imgtool.
Signed-off-by: David Brown <david.brown@linaro.org>
This incorporates changes both from the dependency changes in simflash,
as well as some minor changes that recent versions of Cargo make.
Signed-off-by: David Brown <david.brown@linaro.org>
The thiserror crate seems to be getting more momentum in the community
than failure. Switch to this for deriving our own error type.
Signed-off-by: David Brown <david.brown@linaro.org>
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version). Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).
Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking. There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.
This adds the boot changes and simulator support to test this configuration.
Signed-off-by: David Brown <david.brown@linaro.org>
Part of code of boot/bootutil/ is re-implemented in zephyr-rtos
repository.
As some code are defined here and there it becomes problem when
need to include it with outstanding feature in a build.
It is possible to mitigate problem using #fdefry - but this was
rather temporary hack.
This patch introduce new module which is common for MCUBoot build
and application build.
Common code were extracted to bootutil_public.c source file and
bootutil_public.h header
MCUboot also select DISABLE_MCUBOOT_BOOTUTIL_LIB_OWN_LOG Kconfig
option, as it must define log configuration on its own for all its
sourcecode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Removes the current `flash_area_read_is_empty` which lacked a bit of
clarity in its naming and error handling, as well as requiring an
extra API in the flash map, and switches to using an internal function
`bootutil_buffer_is_erased`.
Code that was previously using `flash_area_read_is_empty` must now be
updated to do a `flash_area_read` followed by a call to
`bootutil_buffer_is_erased` with the read buffer.
The proposal was previously discussed here:
https://github.com/zephyrproject-rtos/zephyr/pull/28519
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Remove `MCUBOOT_OVERWRITE_ONLY_FAST` from overwrite-only upgrades, to
make it compatible with `large-write` tests after the latest changes
to the fast overwrite code; make it default when bootstrapping.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Add fault attack mitigation measures to code vital for the correct
validation of images.
Change-Id: If6eb1110a8c2966faf105d07ad2e95482a80a8d9
Signed-off-by: Raef Coles <raef.coles@arm.com>
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
- The enc_context needs to initialize.
boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.
- Handle boot_encrypt getting called with size of 0.
- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.
I don't quite like this because it's implicit and will leak memory on
other ports.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
This device allows testing swap move with a primary slot that is one
sector larger than the secondary slot. No scratch was defined. Overwrite
upgrade could easily be made compatible as well, but for now leave it
as a disabled caps.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Upgrade to the latest aes-ctr package, and apply minor fixes due to
trait naming changes in this version.
Signed-off-by: David Brown <david.brown@linaro.org>
Update to the newest version of this crate. There are no API changes
affecting us, so this is just an update of the Cargo.toml file.
Signed-off-by: David Brown <david.brown@linaro.org>
There have been some revamping of the Rand API. The Standard
distribution on floating point numbers will return a value in the
interval [0,1).
Signed-off-by: David Brown <david.brown@linaro.org>
Fixup how we fake out devicetree.h, which is now really the flash map
API for what mcuboot is using.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Now that mbed tls has its own submodules, add `--recursive` to the
sample invocation of submodule update. Without this, building the
simulator produces difficult messages about `sha256.c` missing.
Signed-off-by: David Brown <david.brown@linaro.org>
With support for unpadded ecdsa signatures in place, always generate
unpadded signatures within the sim.
Signed-off-by: David Brown <david.brown@linaro.org>
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add an apache SPDX header and explicit license lines. The date ranges
of the license lines is derived from the git history. Having these
explicitly present will make contributions from other parties easier, as
they will simply be able to add their own copyright line, rather than
having to describe that it only covers modifications.
Signed-off-by: David Brown <david.brown@linaro.org>
David Brown