Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.
fixes#831
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Some Zephyr boards enable HW stack protection by default, which
propagates in mcuboot build. Bootloader works fine with that option, but
the problem arises when we jump to application code. HW stack protection
catches application code during early init, which results in
"unresponsive" application.
Disable HW stack protection, so it doesn't make any harm for application
code.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Add support for the pinnacle_100_dvk board.
The Pinnacle 100 modem slot 1 partition
is located in external QSPI.
Add a board file overlay to enable QSPI flash.
Signed-off-by: Ryan Erickson <ryan.erickson@lairdconnect.com>
nrfxlib need to be cloned manullay.
This patch gives a help message to the user in case it
was missing.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Usage of cc310 by defaults gives poor user
experience out of the box as it requires manual
cloning of nrfxlib repository.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add fault injection hardening profile configuration to Zephyr config.
Default config is to not have any hardening in SW against hardware level
fault injection like clock or power glitching, EM pulse, laser beam, etc.
Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This is the preferred signing type with this HW available.
Add 'ECDSA' to the kconfig name to align with the tinycrypt variant.
Remove superfluous checks on select operations.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Automate process of selecting correct .pem key file.
Zephyr users are familiar with using 'menuconfig' and similar tools
for seeing what options are available, so remove =n choices from
prj.conf which were used to show the available options.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Added configuration for build in Zephyr-RTOS CI MCUBoot
in CONFIG_SINGLE_APPLICATION_SLOT=y mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The terms "single-image boot" and the "single image application"
of Zephyr are confused. It might be might be understood as one-pair image
dual-bank mode in comparison to multi-image mode.
This patch replaces CONFIG_SINGLE_IMAGE_DFU by
CONFIG_SINGLE_APPLICATION_SLOT name,
which makes this mode name unambiguous.
fixes#800
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fix
Missing const on pointers to device structures caused compilation
warnings when compiling bootloader with serial recovery enabled.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Change fixes build issue that occurs if CONF_FILE contains multiple
file paths instead of single file path.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add direct-xip mode to Zephyr configuration and make
upgrade mode selection always explicit.
Change-Id: Ia8e788f0b7bc801b6d45fd86f56c17ca6839f9c9
Co-authored-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: David Vincze <david.vincze@linaro.org>
If software IRQ relay is enabled and VTOR is available,
the bootloader will switch from its real vector table
to the relay vector table before chain-loading to the
application.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Signed-off-by: Krzysztof Taborowski <krzysztof.taborowski@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
If CONFIG_BOOT_INTR_VEC_RELOC is set, the mcuboot will
relocate the interrupt vector to the booted application.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
This commit is a followup to the usage of `find_package(Zephyr ...)`.
The zephyr/hello-world sample has been updated to use find_package.
The assemble.py script now takes ZEPHYR_BASE as an argument, so it may
be used from CMakeLists.txt files when ZEPHYR_BASE is not set in
environment, and thus the Makefile sample has been adjusted accordingly.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Fixes mistake in CMakeLits.txt that prevented successful compilation
of single image with serial recovery enabled.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Modifications to Kconfig that add option for selection of single image
DFU and disable incompatible options.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The change enables usage of single image applications. This can be used
when user does not need multiple boot images and wants to use more flash
are for main application or other purposes.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
A few mcuboot option were outside of mcuboot-specific
menu.
This patch moves them into mcuboot menu.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Update CONFIG_FLOAT to CONFIG_FPU which has been renamed in zephyr.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_
macros.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
The bootloader will not verify the cryptographic signature of the image
at boot or prior to upgrade. Image integrity check is retained.
Images would still need to be processed using `imgtool` however no key
should be provided to skip cryptographic signature generation.
Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated
move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
As upstream zephyr is phasing out DT_FLASH defines for non-partition
usage replace DT_FLASH_DEV_NAME with
DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
The STM32L475 needs BOOT_MAX_IMG_SECTORS equal 256 to work properly.
This add a config file to change default value from 128 to 256 once
there isn't a proper way to handle using Device Tree.
fixes zephyrproject-rtos/zephyr/issues/24243
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581
Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
Board was renamed here:
zephyrproject-rtos/zephyr#24049
Patch aligns the name in MCUBoot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Use <arch/arm/aarch32/cortex_m/cmsis.h> include instead of <zephyr.h> to
get access to Cortex-M CMSIS API. zephyr.h provides kernel API, does not
guarantee access to CPU internals.
Fixes: #699 "Building MCUBoot for Zephyr fails on multiple ARM boards"
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.
The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.
[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
USE_DT_CODE_PARTITION")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Zephyr timeout API is changing and will use opaque value (k_timeout_t)
instead of raw values. K_MSEC is used to convert raw milliseconds value
to k_timeout_t.
This change is backward compatible so can be merged independently.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
- Add the cddl_gen repository as a submodule.
- Add a CDDL description file for the serial recovery packets to be
decoded.
- Add generated code files and cddl_gen's CBOR library to CMakeList.txt
for Zephyr.
- Convert boot_serial.c to use the new code.
- Add a bash script to (re)generate code files using cddl_gen.py.
Serial recovery should work exactly as before, but the binary should be
about 1k smaller.
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
Andrzej Puzdrowski