Commit Graph

119 Commits

Author SHA1 Message Date
David Brown 4878c27c82 imgtool: Remove default padding of ECDSA sigs
Since commit:

    commit a36082664e
    Author: David Brown <david.brown@linaro.org>
    Date:   Thu Dec 12 15:35:31 2019 -0700

        ecdsa: Allow ECDSA signatures to be actual length

MCUboot no longer requires ECDSA signatures to be padded to a fixed
length.  This change makes imgtool, by default, also no longer add this
padding to images.  There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding.  This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-03-18 09:05:21 -06:00
Anthony Liu 04630cea43 fix #675 ECDSA verification fail when padding is added
Signed-off-by: Anthony Liu <antliu@gmail.com>
2020-03-13 17:52:59 +01:00
Henrik Brix Andersen 0ce958e709 imgtool: add option for confirming a padded image
Add imgtool command line option for confirming (setting image_ok =
0x01) in a padded image.

Fixes: #664

Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
2020-03-11 11:15:36 -03:00
David Vincze 1a7a6905c5 imgtool: Add security counter to image manifest
Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).

The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.

Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-02-25 23:43:12 +01:00
Fabio Utzig 310af87f61 Update to v1.5.0
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-19 10:29:01 -03:00
Fabio Utzig 7de8a29672 Preparing for v1.5.0-rc2
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-17 11:22:32 -03:00
Fabio Utzig ef7fbd7012 Preparing for v1.5.0-rc1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-07 15:30:45 -03:00
Fabio Utzig cb0807355c imgtool: fix passing --erased-val with 0xff value
The `--erased-val` (or `-R`) option was doing conversion of base 10, so
the only value that was acceptable was 0. Although not passing this
option would result in the default `0xff` being used, this fixes the
issue by allowing Python to auto-detects the base from string.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-07 14:19:33 -03:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
Fabio Utzig 1f50892096 imgtool: update a few errors to use click's
Click has better UI for exceptions, so instead of throwing a backtrace,
allow it to print a nicer error message.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-16 06:11:34 -03:00
Fabio Utzig 9a492d5e87 imgtool: add better image overrun checks
This breaks the check() routine into two, one to check the header, one
to check the trailer. The reason is that header checking must be
performed when loading the input binary, while trailer overrun check
must be done after the whole image (with TLVs) is built.

To support the option of saving encrypted TLVs during swap in the
bootloader, a new parameters was added to the create command, to
allow the user to provide a config that matches the bootloader build
option and to do proper image overrun checks.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-16 06:11:34 -03:00
Rajiv Ranganath ce6fe63817 scripts: Add `imgtool.nix`
Nix environment for working with `imgtool.py`

Signed-off-by: Rajiv Ranganath <rajiv.ranganath@atihita.com>
2019-12-30 19:55:58 -03:00
Fabio Utzig ba9e7921c5 imgtool: release 1.5.0alpha2
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-17 16:26:53 -03:00
Ioannis Konstantelias 78e57c7b6e scripts: imgtool: Add command to dump private keys
This applies a few improvements to a commit previously included in
PR #596:

* Move functions to dump a private key to the private key classes
* Remove language option; always dumps in C format
* Add option to generate a minimal dump. This will remove extra
  parameters that are present in keys generated with the `keygen`
  command.
  For P256 this will remove the public point, which is already
  ignored by the parsing function. The resulting key dump shrinks
  from 138 to 70 bytes.
  For RSA it will remove the DP/DQ/QP parameters which are only
  used with CRT enabled, and if not available, can be calculated at
  runtime. This reduces the size of a key dump from around 1190
  bytes to somewhere close to 800 bytes. A patch to the RSA parsing
  routine will be added in another commit.

Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Ioannis Konstantelias <ikonstadel@gmail.com>
2019-12-17 16:26:53 -03:00
Fabio Utzig 7ca2855b46 imgtool: Add helpers for type in keygen command
Apply a few improvements to the type parameter in the keygen command.
Currently finding out the key types requires passing an invalid value
to display what values are available. Instead add them the help page,
so it shows an output like below:

```
  -t, --type type     One of: rsa-2048, rsa-3072, ecdsa-p256, ecdsa-p224,
                      ed25519  [required]
```

When no type is given in the cli, ask for it:

```
$ ./imgtool.py keygen -k privkey.pem
Type (rsa-2048, rsa-3072, ecdsa-p256, ecdsa-p224, ed25519):
```

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-13 17:32:18 -03:00
Fabio Utzig 7a3b2605ac imgtool: add creation of ECIES-P256 encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig f5556c3eba imgtool: fix header padding value check
Commit 9117fded47 added support for
supplying an `--erased-val`, which defaults to 0xff. When padding a
header, the checks were still validating against 0, which is the
value used for padding by the Zephyr build system. Now when the
user passes `--pad-header` this check is skipped (we already know
the contents).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-31 12:10:31 -03:00
Sam Bristow d0ca0ffc27 Fix up typos
Ran automated checker for common typos [1]. Most of these changes have
no functional change *except* for `./ci/sim_run.sh` where, previously
the `bootstrap` feature wasn't being selected properly.

I didn't touch anything in the `./ext/` folder as anything in there
should probably be fixed in the upstream repo.

[1] https://github.com/codespell-project/codespell

Signed-off-by: Sam Bristow <sam@bristow.nz>
2019-10-30 06:24:10 -03:00
Fabio Utzig e5ac82797f imgtool: release 1.5.0alpha1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 8828280d5d imgtool: fix typo in flag name
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 2269f47eb4 imgtool: Add complete trailer to HEX images
When generating HEX output, instead of just adding the `magic`, also add
the whole trailer (with erased value). This allows for HEX writing tools
to erase the trailer region, avoiding possible issues when garbage
exists there.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 9117fded47 imgtool: add erased-val cli option
Add `-R`/`--erased-val` CLI option when creating images, which accepts
a value to be used for padding. This is useful when creating images
that run in devices that have flash erased to some value different
from 0xff (like STM32L0x and STM32L1x that have 0s).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
David Brown ac55554059 Prepare for v1.4.0 release
Update release notes and various version stamps.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-17 15:47:38 -06:00
David Brown d7581779d8 Prepare for release v1.4.0-rc2
Update version stamps as well as the release notes.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 14:50:09 -06:00
Fabio Utzig edbabcf623 imgtool: allow address adjustment in output hex
Add a new flag `-x` (or `--hex_addr`) which adjusts the memory address
where this file has to be written to. This is useful when generating
upgrade images that will go to the secondary slot, in cases where the
user is not using mcumgr or some other delivery mechanism, and has to
manually adjust the addresses using `objcopy`.

Also when using hex files, image padding now only adds a segment with
the magic at the end instead of filling the whole output with `0xff`.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-15 12:32:33 -03:00
Fabio Utzig f0131cd5b7 imgtool: add mailing list email to setup
Seems like pypi.org is not accepting "None" for email anymore, so this
just adds the mailing list in case someone needs to contact the project.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-12 18:47:05 -03:00
Fabio Utzig 510fddb8e0 imgtool: update to new protected TLV format
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig 649d80f685 imgtool: fix trailer size calculation
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig 4f0ea747c3 Fix pep-8 (long line)
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Fabio Utzig b916e8dbb0 Fix author_email UNKNOWN in pip show
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Fabio Utzig 25c6a1590a Add versioning to imgtool
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Håkon Øye Amundsen df8c8918b7 scripts: allow user to set load_addr
Allow the user to set the load_addr field of the header.
This could be useful in multi image situations to help
deduce the image number of an update without having to
look at the swap info.

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2019-09-06 12:18:07 -03:00
Fabio Utzig 539d7662d1 Fix assemble.py tool for compatibility
This accounts for changes in the Zephyr build which include:

1) Flash areas are prefixed with `DT_`
2) The generated DTS was renamed to generated_dts_board_unfixed.h
3) The build tree has an extra "zephyr" dir.

Fixes #408

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-06 09:31:57 -03:00
David Brown 297029ab72 sim: Add debugging ptable to image dumps
Add a `debug_dump()` method to `Images` to allow the images to be
written to a file.  The dependency test will call this if the
environment variable MCUBOOT_DEBUG_DUMP is set.

In order to make these debug dumps more useful, add a simple partition
table to the beginning of the image (where MCUboot would reside on
target).  This has a simple header, and then entries for each partition,
using the partition ids used within the simulator.  This allows the
image to be more easily used by external tools.

As an example, `scripts/mcubin.bt` is a binary template for the [010
Editor](https://www.sweetscape.com/010editor/), allowing it to decode
and show the details of images from MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-08-15 14:23:37 -05:00
Christian Skubich f13db126bd bugfix imgtool verify()
Signed-off-by: Christian Skubich <christian@skubware.de>
2019-08-09 06:58:18 -03:00
Marek Pieta e955510d13 scripts: Show image version while verifying
Change adds showing image version while verifying.

Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
2019-08-08 12:00:21 -03:00
David Brown bd7925e39e image: use explitic padding on dependency version
This struct currently relies on padding being done by the C compiler.
Although this is generally done the same across targets, this isn't
required, and it is better to make any padding explicit.  This also
makes it clear that there is extra space in this structure that can be
used for another purpose.

The python imgtool is also fixed to match.  It was using a 32-bit int,
which only worked in the little endian case.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-07-31 09:59:38 -05:00
Szymon Janc 7fea84665f Release 1.3.1
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
2019-07-08 08:50:16 -03:00
Fabio Utzig 4bd4c7cfb9 Allow imgtool to generated encrypted ed25519 keys
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-28 08:46:12 -03:00
Andrzej Puzdrowski 9686e702e4 requirements.txt: bump cryptography Py package version
Since Ed25519 curve primitives are available since cryptography package
version 2.6 need to bump its version.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-06-18 14:08:27 +02:00
Fabio Utzig 8101d1fa44 Add ed25519 signing support to imgtool
This adds ed25519 signature support using the "prehash" method. Instead
of using the direct contents of the image and header payloads, a sha256
is generated and signed (SHA256-Ed25519). This allows for compatibility
with already existing tools that use the sha256 hash, like mcumgr, etc.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Fabio Utzig 4a5477ad96 Add new verify command
imgtool verify -k <some-key.(pub|sec)> <img-file>

Allow imgtool to validate that an image has a valid sha256sum and that
it was signed by the supplied key.

NOTE: this does not yet support verifying encrypted images

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-05-29 08:56:12 -03:00
Fabio Utzig 19fd79a496 Add RSA-3072 support to imgtool
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-05-16 14:01:19 -03:00
David Vincze da8c91993d imgtool: Add support for dependency description
This commit aims to add the ability to specify and add dependency
TLVs to MCUBOOT. Due to the private nature of this feature, having
dependency TLVs mean that the TLV Info header and these TLVs become
part of the protected area (they are supposed to get signed as well).
Since the TLV Info header containing the whole TLV section's size
becomes protected, this size needs to be calculated in advance to get
proper hash values.

Change-Id: I13277a3b595acc2bb8c5084420f3d61c8d301dc2
Author: Bence Kaposzta <bence.kaposzta@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
2019-04-11 15:07:54 -03:00
Chris Bittner fda937ab02 imgtool: Discard public RSA if set for signing
If imgtool is used for signing with encryption
it will disallow using public RSA key for
signing.

Signed-off-by: Chris Bittner <chris.bittner@nordicsemi.no>
2019-03-29 08:13:57 -03:00
David Vincze 2d736ad4c5 Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.

Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2019-03-13 15:40:21 -06:00
Fabio Utzig 94a9b261da Create CI resources directory
Add a new directory "ci", to easily add new tests with setup/run phases
that don't require direct setup in .travis.yml. This also avoids
polution of scripts/.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-03-12 10:37:49 -03:00
David Brown 5e9078f1e0 Bump version to 1.3.0-rc1
First pre-release for v1.3.0.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-24 10:03:37 -07:00
Fabio Utzig 79df58e695 Allow bootstrap feature on CI
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-12 14:38:18 -07:00
Fabio Utzig 7c00acd737 imgtool save to format of given output filename
Updates imgtool to infer, based on output image filename, which format
should be use for output file. Filenames that end with extension `.hex`
are saved in Intel HEX, otherwise saves a binary image.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-09 06:28:55 -02:00