The mbedtls library is used by the binding crate, so move the submodule
into this directory as well.
Signed-off-by: David Brown <david.brown@linaro.org>
Create a crate `mcuboot-sys` to hold the building and binding of the
mcuboot code. There aren't any substantive code changes here, just
moving the code into a separate crate.
Signed-off-by: David Brown <david.brown@linaro.org>
Using the published debug keypair, generate a signature with it, to add
to the TLV. This verifies that signature verification works as
expected.
Signed-off-by: David Brown <david.brown@linaro.org>
The bitflags crate seems to be better supported, and doesn't have the
problems getting the results back into the enum type.
Signed-off-by: David Brown <david.brown@linaro.org>
Since the signing code will also need a copy of the message, make a
local copy of it in the signature verification code, and compute the
digest all in one shot.
Signed-off-by: David Brown <david.brown@linaro.org>
The ring crate's SHA256 is slightly slower than the one from
rust-crypto, but is much cleaner to use. It also has all of the hashing
operations we need.
This crate is somewhat opinionated, e.g. will not sign messages without
also performing the signature itself. Unfortunately, this means we'll
end up computing signatures of the same data many times, and perhaps
this should be improved, since we're always using the same data.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of stubbing out the image validation code, compile it, and add
the SHA256 TLV to the buffer.
Signed-off-by: David Brown <david.brown@linaro.org>
In preparation for moving the bootutil binding into a separate crate,
move the flash simulator into its own crate. This will allow the
binding to have access to the simulator without creating a circular
dependency.
Signed-off-by: David Brown <david.brown@linaro.org>
Make 'Flash' a trait, and move the current functionality into a type
called 'SimFlash'. The code that runs the simulation only uses the
trait.
Signed-off-by: David Brown <david.brown@linaro.org>
Move the reference to the Flash device up into the Rust code instead of
trying to pass it back and forth to C. This will allow a future change
to use a fat pointer (such as a trait pointer), which ultimately will
allow different kinds of flash devices.
Signed-off-by: David Brown <david.brown@linaro.org>
- Some helper structs added to track state
- Add new trailer checking routine
- Add extra test for upgrade+revert with failure
- Misc improvements
Signed-off-by: Fabio Utzig <utzig@apache.org>
Most of the meat of this is in the Makefile, which is able to build the
bootloader, and two small applications, along with instructions on how
to load these into flash and test that upgrades work.
JIRA: MCUB-62
Signed-off-by: David Brown <david.brown@linaro.org>
This implements changes according to MCUB-14, easing the process
of making external apps parse and read/write the trailer.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Now that the partition table has been added to the device tree for the
frdm_k64f in upstream Zephyr, these symbols become redundant defines.
Remove them to fully use the partitions defined in Zephyr.
Signed-off-by: David Brown <david.brown@linaro.org>
For mynewt flash map only accepts values for slot 0 and 1. This
code was trying to read the image header on the scratch area using
the same interface and was segfaulting when slot0 and slot1 had
similarly sized images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Now that script/imgtool.py contains all of the functionality of these
tools, remove the old tools from the tree. The zep2newt.py was only
able to perform a limited set of signatures. The 'imgtool' requires a
'Go' toolchain, which has been a hinderance to many users.
Please see `doc/imgtool.md` for directions on how to use this new tool
for image signing.
Signed-off-by: David Brown <david.brown@linaro.org>
This error was catched by Coverity and it happens when a fail occurs
opening a flash map handle, which is not checked by the close
routine.
Right now this only affects Zephyr, but extra checking was added
assuming that in a future Mynewt implementation close could actually
be changed to do something.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Re-tab run.c to match the rest of the files in the system. This was
indented using Zephyr conventions (tabs for indent). Re-indent using
spaces, with a 4-space indent level.
Signed-off-by: David Brown <david.brown@linaro.org>
Create a SubmittingPatches.md file similar to the one in Linux. This
includes the Developer Certificate of Origin which clarifies the meaning
of the Signed-off-by trailer in the message.
Patches merged after this, should have Signed-off-by lines.
Signed-off-by: David Brown <david.brown@linaro.org>
Extend the flash emulation in the simulator to verify that the
bootloader explicitly erases flash before writing to it for a second
time.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Implement the new flash sector query API for the simulator. This is
generated from the data for the deprecated API. Once the old API is
removed, the flash simulator can be changed to just return the new data
directly.
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Add reference counting to the flash areas, and a zephyr-only routine
which warns when areas are still open when none should be. Call the
warn routine right before chain-loading.
This prints warnings due to code in loader.c. Future work will be
needed to clean this up.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Use flash_device_base() in the boot code to compute a real address,
given the offset returned by boot_go().
Provide an implementation on mynewt that preserves existing
behavior. If mynewt needs to support devices with nonzero flash base
addresses, this can be migrated to the core OS.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Similarly, it's confusing whether br_flash_id is a flash device ID or
a flash area ID. Make this unambiguous.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The boot response returns a flash offset, not a flash address. This is
causing confusion and leading to crashes on some platforms which don't
have flash at address 0.
Rename the field to make it more clear what its purpose is; future
patches can start fixing up usages.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Add a typedef which lets us use flash_sector or flash_area to contain
the sectors within the boot_data global. When
MCUBOOT_USE_FLASH_AREA_GET_SECTORS is defined, this is struct
flash_sector.
Also add struct boot_loader_state accessors to handle this case, and
make the appropriate changes to where the sectors are allocated to use
the new typedef.
Finally, ensure MCUBOOT_USE_FLASH_AREA_GET_SECTORS is defined in the
Zephyr Makefile, since flash_area_get_sectors() is already provided
there.
This lets mcuboot users convert to the new flash API gradually.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
David Brown