Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.
MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This patch enables psa-crypto-api feature
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
This commit adds simulator support to test the
hw-rollback-protection feature which is using
nv-counters. In the simulator they are stored in Rust
to prevent any race conditions from happening due to
the parallel execution of the tests.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I445fc50615ed1f0c06e5933b16811c24d9d302fc
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The sim platform was sharing a few header
files with the zephyr-rtos port. This patch provides
sim own headers.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The function `flash_area_id_from_image_slot` is used in the RAM_LOAD and
DIRECT_XIP configurations. Define a version for use in the simulator.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of having this struct at a fairly low level in the simulator,
with the filled-in values effectively discarded after each call, pass
the value from higher up in the simulator. This prepares us for being
able to use the resulting data in upcoming tests.
Signed-off-by: David Brown <david.brown@linaro.org>
commit c304a7f84a
(refs/bisect/good-c304a7f84a7e7e345457e23b179fa302b8732fb9)
Author: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Mon Jun 14 16:08:42 2021 +0000
sim: Add flash_area_get_device_id implementation
Adds an implementation for this function in the simulator that just
returns 0. Fix this to return the proper ID so that when tests start
checking for this, it will return the right value.
Signed-off-by: David Brown <david.brown@linaro.org>
Add new feature that allows testing EC256 encrypted images using the
Mbed TLS backend.
Move config-ecdsa.h to config-ec.h because definitions are very similar
between ECDSA and ECDH with Mbed TLS so resort to a single config file.
Add new feature and fix the build; add proper Mbed TLS memory
initialization when enc-ec256-mbedtls is used.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version). Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).
Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking. There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.
This adds the boot changes and simulator support to test this configuration.
Signed-off-by: David Brown <david.brown@linaro.org>
Removes the current `flash_area_read_is_empty` which lacked a bit of
clarity in its naming and error handling, as well as requiring an
extra API in the flash map, and switches to using an internal function
`bootutil_buffer_is_erased`.
Code that was previously using `flash_area_read_is_empty` must now be
updated to do a `flash_area_read` followed by a call to
`bootutil_buffer_is_erased` with the read buffer.
The proposal was previously discussed here:
https://github.com/zephyrproject-rtos/zephyr/pull/28519
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
The simulated alignment functions were returning u8 which would be
invalid for any alignment beyond 128; as a first step in the direction
of allowing larger alignments, make them u16 which should allow for up
to 2**15 aligment size.
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
bootutil already handles ASSERT definition, allowing us to override it
with a custom implementation. Importing assert.h would pull in stdio.h
and a whole bunch of other stuff by TI compiler into the final
firmware.
Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>
Fixup how we fake out devicetree.h, which is now really the flash map
API for what mcuboot is using.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
In zephyr code-base some generic include patches
and defines had been deprecated since a while.
This condition was maintained until zephyr v2.1.0 inclusive.
Recently these deprecated items were removed completely from
the zephyr master branch. Zephyr current SHA of this patch is
e124c1cd34938f02bbe879533c6bd29b5ff53707
This patch switch mcuboot to using most recent items.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
are interesting while debugging bootutil in the simulator. This should
be used for extra verbose prints.
* Also added fflushs after fprints to guarantee that messages are printed
even when assertions are raised.
* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
to the other ports.
* Make DEBUG the default level when building the simulator (one can
still lower verbosity using any other value for RUST_LOG).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Convert this `extern const uint32_t` to a simple define. Provide an
accessor function so that the simulator is able to access the value as
well. This has a minor improvement on the generated code within MCUboot
itself.
Signed-off-by: David Brown <david.brown@linaro.org>
BOOT_MAX_ALIGN is defined as
extern const uint32_t BOOT_MAX_ALIGN;
and is assigned a value in a single file. This causes extra work when
this is used as the size of a local variable in a function.
The value was made a constant in order for the simulator to be able to
access the value. Instead of making it a "real" constant, keep it as a
define, unifying the value of FLASH_MAX_ALIGN and this one, and provide
an accessor function for the test code to be able to access this value.
This causes a minor improvement in the code generated in
`boot_write_status`, but more importantly, eliminates a VLA from the
code, which increases the possible compilers supported by MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
With the recent changes in bootutil, now there is no need to lock the
test threads to run sequentially, so the global lock was removed. The
locking now happens to access resources such as flash, flash params,
simulator context, etc on a per thread basis. Some of the global
variables that were used by the simulator itself (FFI) were made into a
context struct passed in to invoke_go.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Currently to determine which image is being operated on, there is a global
variable called current_image which is used by most macros and APIs to
correctly access the flash areas required by the bootloader. This moves
this variable to the already existing state struct and refactors all
macros and APIs to receive the current image by parameters. To maintain
compatibility some of the macros were not updated and use image 0 when
called.
The definitions of FLASH_AREA_IMAGE_PRIMARY and FLASH_AREA_IMAGE_SECONDARY
for Mynewt compatibility were moved out of bootutil sources to a Mynewt
specific include file.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch introduces the BOOT_IMAGE_NUMBER macro and current_image
variable to support multiple updatable images and the associated
extended flash layout.
The FLASH_AREA_IMAGE_* object-like macros are replaced with
function-like ones and therefore some functions have been updated,
because the labels of a switch statement and the initialization
values of objects with static storage duration have to be constant
expressions.
Change-Id: Ib7b26ec3c94233e52db4f97825ddb6a3e55bb1d3
Signed-off-by: David Vincze <david.vincze@arm.com>
Support non-continuous image flash area ID mapping. It was assumed
that the flash area IDs are subsequent and increasing numbers which
might not be true in all cases.
Change-Id: I0d1285d6fcf1e83a64611c9ad4f65abd002c25d3
Signed-off-by: David Vincze <david.vincze@arm.com>
enc_state table was indexed with assumption that
image flash area are subsequent and increasing numbers.
It might not be true while building zephyr.
Patch introduce flash_area_id_to_image_slot() implementation for
the zephyr port and uses it to assign proper slot number.
This API is already available in MyNewt.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Zephyr flash_map reworks caused that areas id exact number are
assigned dynamically.
This patch i counterpart to
https://github.com/zephyrproject-rtos/zephyr/pull/8837
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.
The ring library was updated to 0.14.1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.
In-place log processing is selected as it is required as MCUBoot is
one thread application.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The previous c/rust ffi functions were hardcoding the values of align
and erased_val before each run through static globals. This adds new sim
flash functions that get the align/erased_val from the sim flash device
that is being run on, allowing that later multiple flash devices can
each use its own params.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `flash_area_*()` functions to call `sim_flash_*()` directly
instead of using `hal_flash_*()` functions that were not part of the
main bootloader anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds new cargo features to allow running tests of encrypted
images with both RSA-OAEP and AES-128-KW.
When installing images on the simulated flash, both a plain and an
encrypted images are created. When encrypted image support is enabled,
verification of images in slot1 match against the encrypted image,
otherwise plain images are used.
PS: Also fixes ImageHeader to match bootutil definition.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This extends the simulator to be able to test the bootloader in devices
which use flash technologies that erase flash at 0 instead of 0xff.
Two MCU devices that have this "property" are the STM32L0x and STM32L1x
lines from ST.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Dinesh Kumar K