Commit Graph

88 Commits

Author SHA1 Message Date
Fabio Utzig 03cce47291 sim: update dependencies
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-14 06:19:51 -03:00
Fabio Utzig a1c142d168 Add Tinycrypt based SHA-512 for ED25519
Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
David Brown 2ee5f7f7f2 sim: Test software rollback protection
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-23 12:47:05 -07:00
David Brown e2acfaede5 sim: Add explicit copyright and licenses to the sim
Add an apache SPDX header and explicit license lines.  The date ranges
of the license lines is derived from the git history.  Having these
explicitly present will make contributions from other parties easier, as
they will simply be able to add their own copyright line, rather than
having to describe that it only covers modifications.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-22 10:11:13 -07:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
Fabio Utzig 4b4ed98310 sim: enable saving encrypted TLV for ECIES
This changes the simulator to save the encryption TLV itself instead
of the unecrypted AES-128 key when doing the ECIES encryption test,
to add proper test coverage of this configuration option.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 17:08:22 -03:00
Fabio Utzig 4626853d3e sim: fix RSA signature length macro usage
Update RSA-3072 test that was using old Zephyr macros to set size.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00
Fabio Utzig 3fbbdac56a sim: get status area size from bootutil
Add new bootutil function that returns the size of the status area.
The simulator was updated to remove the custom calculation and get
the size directly from bootutil, avoiding breakages the happen when
both are not in sync.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-20 14:57:06 -03:00
Fabio Utzig 272c5eb540 zephyr: sim: add minimized ECIES-P256 key
Remove public key from embedded private encryption key (it was already
ignored before).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-17 16:26:53 -03:00
Andrzej Puzdrowski f1d189c486 zephyr: switch to recent defines and include headers
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.

Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707

This patch switch mcuboot to using most recent items.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-12-12 11:54:44 +01:00
Fabio Utzig 6fa2d40d45 sim: log flash writes/reads/erases at highest level
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig e92df93461 sim: log: add new level targetting simulator
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
  are interesting while debugging bootutil in the simulator. This should
  be used for extra verbose prints.

* Also added fflushs after fprints to guarantee that messages are printed
  even when assertions are raised.

* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
  to the other ports.

* Make DEBUG the default level when building the simulator (one can
  still lower verbosity using any other value for RUST_LOG).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig 031eb7de76 sim: add feature for swap move strategy
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-09 14:21:09 -03:00
Fabio Utzig 90f449ee5c sim: add testing of ECIES-P256 images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 73243918cd sim: add EC256 encryption key
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
David Brown f984b95735 Move mbedtls submodule from sim to ext
Move the external mbedtls submodule out of the sim/mcuboot-sys directory
into the ext directory.  This will allow the same copy of mbed TLS to be
used by other board support packages, instead of having to make a
duplicate clone.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown b748f6fa2a Rename ext/mbedtls to ext/mbedtls-asn1
The ext/mbedtls directory has a copy of the ASN.1 parser from the mbed
TLS library.  To allow a future change to bring the entire mbed TLS
library in as a submodule under ext, rename this to mbedtls-asn1 to make
it clear this is only a subset.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown 2b8a695be1 Convert BOOT_MAGIC_SZ to #define
Convert this `extern const uint32_t` to a simple define.  Provide an
accessor function so that the simulator is able to access the value as
well.  This has a minor improvement on the generated code within MCUboot
itself.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
David Brown e0bb1f956f Change BOOT_MAX_ALIGN to #define
BOOT_MAX_ALIGN is defined as

    extern const uint32_t BOOT_MAX_ALIGN;

and is assigned a value in a single file.  This causes extra work when
this is used as the size of a local variable in a function.

The value was made a constant in order for the simulator to be able to
access the value.  Instead of making it a "real" constant, keep it as a
define, unifying the value of FLASH_MAX_ALIGN and this one, and provide
an accessor function for the test code to be able to access this value.

This causes a minor improvement in the code generated in
`boot_write_status`, but more importantly, eliminates a VLA from the
code, which increases the possible compilers supported by MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
Fabio Utzig 61fd888a7f Add TLV iterator API
This introduces an API which allows for iteration over an image's TLVs
without resorting to low-level implementation details. All previous TLV
low-level handling was updated to comply with this new interface, and it
also makes it easier for external code to handle TLVs.

The API provides two functions:

1) To start a new iterator:

```
int bootutil_tlv_iter_begin(struct image_tlv_iter *it,
                            const struct image_header *hdr,
                            const struct flash_area *fap, uint8_t type,
                            bool prot);
```

2) To iterate over existing TLVs of given type:

```
int bootutil_tlv_iter_next(struct image_tlv_iter *it, uint32_t *off,
                           uint16_t *len, uint8_t *type);
```

A type of IMAGE_TLV_ANY was added to allow for iteration over all TLVs.

Low-level TLV access functions were removed from API, but low-level
structs are still visible in the namespace.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-18 07:38:50 -05:00
David Brown 297029ab72 sim: Add debugging ptable to image dumps
Add a `debug_dump()` method to `Images` to allow the images to be
written to a file.  The dependency test will call this if the
environment variable MCUBOOT_DEBUG_DUMP is set.

In order to make these debug dumps more useful, add a simple partition
table to the beginning of the image (where MCUboot would reside on
target).  This has a simple header, and then entries for each partition,
using the partition ids used within the simulator.  This allows the
image to be more easily used by external tools.

As an example, `scripts/mcubin.bt` is a binary template for the [010
Editor](https://www.sweetscape.com/010editor/), allowing it to decode
and show the details of images from MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-08-15 14:23:37 -05:00
Fabio Utzig 8000e325f1 Remove global test thread locking
With the recent changes in bootutil, now there is no need to lock the
test threads to run sequentially, so the global lock was removed. The
locking now happens to access resources such as flash, flash params,
simulator context, etc on a per thread basis. Some of the global
variables that were used by the simulator itself (FFI) were made into a
context struct passed in to invoke_go.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-07 14:33:36 -03:00
Fabio Utzig b0f0473352 Remove current_image global and macro updates
Currently to determine which image is being operated on, there is a global
variable called current_image which is used by most macros and APIs to
correctly access the flash areas required by the bootloader. This moves
this variable to the already existing state struct and refactors all
macros and APIs to receive the current image by parameters. To maintain
compatibility some of the macros were not updated and use image 0 when
called.

The definitions of FLASH_AREA_IMAGE_PRIMARY and FLASH_AREA_IMAGE_SECONDARY
for Mynewt compatibility were moved out of bootutil sources to a Mynewt
specific include file.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-07 14:33:36 -03:00
David Vincze b75c12a431 Boot: Extend flash layout for multiple images
This patch introduces the BOOT_IMAGE_NUMBER macro and current_image
variable to support multiple updatable images and the associated
extended flash layout.

The FLASH_AREA_IMAGE_* object-like macros are replaced with
function-like ones and therefore some functions have been updated,
because the labels of a switch statement and the initialization
values of objects with static storage duration have to be constant
expressions.

Change-Id: Ib7b26ec3c94233e52db4f97825ddb6a3e55bb1d3
Signed-off-by: David Vincze <david.vincze@arm.com>
2019-07-23 09:11:34 -05:00
David Vincze 6c9b416cd8 sim: Support non-continuous area ID mapping
Support non-continuous image flash area ID mapping. It was assumed
that the flash area IDs are subsequent and increasing numbers which
might not be true in all cases.

Change-Id: I0d1285d6fcf1e83a64611c9ad4f65abd002c25d3
Signed-off-by: David Vincze <david.vincze@arm.com>
2019-07-23 09:11:34 -05:00
Fabio Utzig 9771028579 Add ed25519 verification to sim
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Christopher Collins 2adef70e33 Use same format for scratch and slot trailer
Prior to this change, the scratch image trailer had a different format
from a slot image trailer.  Specifically:

1. The scratch trailer only contained a single set of status entries
   (three bytes); the slot trailer contained `BOOT_STATUS_MAX_ENTRIES`
   sets of status entries.

2. The scratch trailer did not contain the `copy_done` field.

This inconsistency required some extra conditional logic in the trailer
handling code.  It is simpler to just use the same trailer format
everywhere.

This commit removes this inconsistency.  Now, the scratch trailer
structure is identical to that of the slot trailer.

Signed-off-by: Christopher Collins <ccollins@apache.org>
2019-05-31 10:15:08 -07:00
Fabio Utzig 3929743408 Add simulator support for RSA-3072 sigs
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-05-16 14:01:19 -03:00
David Brown 5e6f5e0165 sim: Add multi-image config support to sim
Add support for building with multiple images to the simulator.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
David Brown 06ef06e69c sim: Base slots on number of images used
Construct the ImagesBuilder based on the number of images compiled into
the code.  If the flash device doesn't have enough areas for the test,
the test will be skipped.

Extend the FlashId to include Image2, and Image3.  Remove the unused
ones, so that these can be placed immediately after the scratcharea.
The current simulator code assumes the flash areas are numbered
contiguously, requiring these extraneous partitions to be eliminated.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
David Brown 761015712c sim: Rename `SimFlashMap` to `SimMultiFlash`
The name `SimFlashMap` is a bit misleading, as the Map part is more of
an implementation detail when the type really just represents multiple
flash devices.

This is just a rename, but the names `SimFlashMap` and the value
`flashmap` occur in a lot of places in the image module.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-04-17 11:20:21 +07:00
Andrzej Puzdrowski e575fe9ead image encryption: fix enc_state array indexing for zephyr
enc_state table was indexed with assumption that
image flash area are subsequent and increasing numbers.
It might not be true while building zephyr.

Patch introduce flash_area_id_to_image_slot() implementation for
the zephyr port and uses it to assign proper slot number.
This API is already available in MyNewt.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-03-14 16:10:54 +01:00
David Vincze 2d736ad4c5 Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.

Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2019-03-13 15:40:21 -06:00
Andrzej Puzdrowski 419a47531b zephyr: allow dynamic numeration of flash_areas
Zephyr flash_map reworks caused that areas id exact number are
assigned dynamically.

This patch i counterpart to
https://github.com/zephyrproject-rtos/zephyr/pull/8837

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-02-10 16:08:38 +01:00
Fabio Utzig 05ab014e36 Update sim ecdsa testing to use ring signing
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.

The ring library was updated to 0.14.1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Emanuele Di Santo 9f1933d1a5 boot: zephyr: migrate to new log subystem
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.

In-place log processing is selected as it is required as MCUBoot is
one thread application.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-01-10 19:11:15 +01:00
David Brown 2821564b5d sim: mcuboot-sys: More idiomatic Rust 2018
Apply the changes suggested by

    cargo fix --edition-idioms

and cleanup the results a bit.  Eliminate `macro_use` extern crates.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown 65de6d177d sim: mcuboot-sys: 2018 edition fix
Automatic migration to Rust 2018:

    cargo fix --edition

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown e24244b632 sim: Update a few dependencies for Rust 2018
A few packages have updates that make them more convient to use with
Rust 2018's 'use macro'.  This is convenient as it allows control over
what macros are imported, but without these updates, these packages
require you to know the names of internal macros to import.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
Fabio Utzig b4d20c8c58 Update sim to run ecdsa sig + kw enc
This adds the functionality to build/run testing on images that were
signed using ECDSA and encrypted with KW, using tinycrypt.

Also when it this mode, ecdsa+kw, adds the Mbed-TLS submodule to the
build because the simulator needs to use the Mbed-TLS keywrapping
infrastructure to generate the keys sent to the image.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-03 11:22:05 -02:00
Fabio Utzig d5722f52e5 Update Mbed-TLS submodule to 2.14.1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-03 11:22:05 -02:00
Fabio Utzig 9b97b13a2b Enable bootstrap test in CI
Adds testing a bootstrap with RSA/ECDSA signing and KW encryption.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-27 10:58:50 -02:00
Fabio Utzig 251ef1d98a Add rsa+kw testing support to simulator
Allows simulating images signed with RSA-2048 and encrypted with
AES-128-KW.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-27 10:58:50 -02:00
Fabio Utzig 08fcfe9b63 Enable bootutil logging in simulator
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig afb2bc90c6 Update main simulator routines for multi-flash
This adds an initial device with multiple flash (nrf52840 + SPI flash)
and updates all test routines to use a HashMap of flash devices (added
as type SimFlashMap).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 1c9aea5814 Allow multiple flash devices in bootutil wrapper
A new type `FlashMap` that stores a HashMap of [device_id -> Flash trait]
was added, which enables multi-flash devices to be passed around.

The previously existing static FLASH value that was used to simulate the
raw device, was updated to using a FlashMap which enables bootutil to
interface with more than one flash device.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 1caef137c4 Allow multiple flash device in AreaDesc
AreaDesc was modified to not receive a flash device on its constructor,
and instead a new function `add_flash_sectors` was added that allows it
to receive a flash device and id.

The `add_image` function that populates the areas also now receives a
dev_id that is used internally as fa_device_id.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 73ffc4458d Add align/erased_val params per flash device
The previous c/rust ffi functions were hardcoding the values of align
and erased_val before each run through static globals. This adds new sim
flash functions that get the align/erased_val from the sim flash device
that is being run on, allowing that later multiple flash devices can
each use its own params.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 269d28621d Remove redundant align/erased_val usage
A new align() function was added to SimFlash, and most functions that
were using/receiving align or erased_val parameters that had access to a
Flash trait were cleaned up so that they get the parameters directly
from the Flash device.

This will make it easier to extend for multiple Flash devices since
parameters should depend on the device in use.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00
Fabio Utzig 99dfc78723 Remove usage of hal_flash_* functions
Update `flash_area_*()` functions to call `sim_flash_*()` directly
instead of using `hal_flash_*()` functions that were not part of the
main bootloader anymore.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-18 15:16:11 -02:00