This implements AES key unwrapping following RFC-3394 section 2.2.2
using tinycrypt for AES-128 decryption. It is enabled when ECDSA was
chosen as the signature algorithm.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds the functionality to build/run testing on images that were
signed using ECDSA and encrypted with KW, using tinycrypt.
Also when it this mode, ecdsa+kw, adds the Mbed-TLS submodule to the
build because the simulator needs to use the Mbed-TLS keywrapping
infrastructure to generate the keys sent to the image.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds a new option that allows copying slot0, from the contents
of slot1, if slot0 is found out to be erased and not validated, and
the contents of slot1 are validated.
This mechanism basically enables a device to "bootstrap" from the
contents of an external flash that has a valid image, given that the
only flashed thing in the internal flash is the bootloader.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove MPU_ALLOW_FLASH_WRITE from prj.conf and put it in
boot/zephyr/Kconfig enabling it only for every ARM_MPU
equipped device.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Make RX buffer size configurable for UART. Allow incoming
interrupts while copying data out of that buffer.
Signed-off-by: Marko Kiiskila <marko@apache.org>
This adds bootutil support for slots on different flash devices
the happen to have different sector sizes.
It consists basically in relaxing the `boot_slots_compatible` to
allow swaps as long as the sectors that are required to fit both
images are able to fit inside scratch and both slot's sectors have
sizes that are multiple of each other.
This is now tested on the simulator and was tested in a Nordic's
pca10056 using slot0 in internal flash, and slot1 in the external
QSPI flash, configured with 4K, 8K and 16K sized sectors (the HW
is 4KB but Mynewt allows emulating multiples of that!)
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an external SPI flash that uses a larger sector size than
the internal flash. Currently this breaks the tests but it's being
added here to trigger a CI fail that will be fixed by adding support
for this feature in a subsequent commit.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an initial device with multiple flash (nrf52840 + SPI flash)
and updates all test routines to use a HashMap of flash devices (added
as type SimFlashMap).
Signed-off-by: Fabio Utzig <utzig@apache.org>
A new type `FlashMap` that stores a HashMap of [device_id -> Flash trait]
was added, which enables multi-flash devices to be passed around.
The previously existing static FLASH value that was used to simulate the
raw device, was updated to using a FlashMap which enables bootutil to
interface with more than one flash device.
Signed-off-by: Fabio Utzig <utzig@apache.org>
AreaDesc was modified to not receive a flash device on its constructor,
and instead a new function `add_flash_sectors` was added that allows it
to receive a flash device and id.
The `add_image` function that populates the areas also now receives a
dev_id that is used internally as fa_device_id.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The previous c/rust ffi functions were hardcoding the values of align
and erased_val before each run through static globals. This adds new sim
flash functions that get the align/erased_val from the sim flash device
that is being run on, allowing that later multiple flash devices can
each use its own params.
Signed-off-by: Fabio Utzig <utzig@apache.org>
A new align() function was added to SimFlash, and most functions that
were using/receiving align or erased_val parameters that had access to a
Flash trait were cleaned up so that they get the parameters directly
from the Flash device.
This will make it easier to extend for multiple Flash devices since
parameters should depend on the device in use.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `flash_area_*()` functions to call `sim_flash_*()` directly
instead of using `hal_flash_*()` functions that were not part of the
main bootloader anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not
enough to allow for the calculations done by RSA-2048-OAEP (encrypted
images), so when encrypted image support is enabled, increase it to a
value that is known to work.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Encrypted images were known to be failing when the header size was larger
than 256 bytes because of incorrect handling of blocks sent to decryption
and hashing routines. An assert was previously added to check the header
and read block sizes matched to avoid incurring into the know error, but
it was incorrectly enabled also for non-encrypted images.
Now the handling of the header, which is not encrypted, is correctly
separated from the handling of the remaining image, when encryption is
used, to avoid ever sending header data into the decryption routines.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an HDR_SIZE constant to the simulator which allows for easier
testing of images with different header sizes.
Signed-off-by: Fabio Utzig <utzig@apache.org>
TLV types don't need to list KEYHASH because it's already added by any
signature TLV.
Total sizes were missing the KEYHASH amount.
Add a new TLV for images signed with RSA and encrypted with RSA-OAEP.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Generating images with no signature or encryption was broken by commit
06b77b8353
This allows generating images with just sha256 again, and fixes a few
leftovers from the imghash TLV change.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Because the amount of features that the simulator is testing is growing,
the test time is taking a long time. This distributes simulator's tests
over three travis machines to decrease test time.
Add options to defined tests that run one-by-one in a sequential fashion
by defining them in $SINGLE_FEATURES, and allow defining features that
should run together by providing a string of ',' separated list of
multiple tests in $MULTI_FEATURES.
Signed-off-by: Fabio Utzig <utzig@apache.org>
zephyrproject-rtos/zephyr#11180: Zephyr target was corrupted as
recently zephyr's device tree started adding DT_ prefix in
generated labels.
This path aligns flash name macro used.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add a hidden MCUBOOT config entry to mark a project as MCUBOOT.
It is useful when other parts of the system need to be aware
that they are, in fact, the bootloader.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
This commit adds a project configuration for the upcoming
nrf52840_pca10059 board.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fabio Utzig