The board cannot output logs on the UART because it is used
by MCUBoot's serial recovery for DFU. Remove logging and
the RTT console from project defaults.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
A recent change in the Mynewt repo
(b10cbea5ef882e7f91d1c34ffcf2506d3e183003) imposes the LOG API
requirement on the `sys/mfg` package. To fix broken builds, make the
Mynewt app and test package depend on `sys/log/stub`.
Signed-off-by: Christopher Collins <ccollins@apache.org>
The crc16.h header has been deprecated in Zephyr.
Update include directive to use the new header.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.
In-place log processing is selected as it is required as MCUBoot is
one thread application.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Remove unnused BOOT_LOG_LEVEL macros.
These are not honored, nor usable since they are supposed to be
defined before including the header in which they are defined.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
The mcuboot_logging.h header includes the header for the log subystem,
which needs to be included regardless of whether logging is enabled
for logging macros to compile correctly.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Ensure that the offset in .text is zero.
This is necessary to ensure that MCUBoot is linked at
the beginning of the boot partition, as intended.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
As reported by issue #384, some #ifdefery was wrongly done, which broke
overwrite-only mode under Zephyr.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Mynewt builds require the `mcuboot_config.h` file to translate syscfg
setting names to MCUboot setting names. This change fixes a build error
that occurs when MCUboot is built with mbedTLS support:
Error: In file included from keys/bootkeys/src/bootkeys.c:2:0:
repos/mcuboot/boot/bootutil/include/bootutil/enc_key.h:29:10: fatal error: tinycrypt/aes.h: No such file or directory
#include "tinycrypt/aes.h"
^~~~~~~~~~~~~~~~~
Signed-off-by: Christopher Collins <ccollins@apache.org>
This implements AES key unwrapping following RFC-3394 section 2.2.2
using tinycrypt for AES-128 decryption. It is enabled when ECDSA was
chosen as the signature algorithm.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds a new option that allows copying slot0, from the contents
of slot1, if slot0 is found out to be erased and not validated, and
the contents of slot1 are validated.
This mechanism basically enables a device to "bootstrap" from the
contents of an external flash that has a valid image, given that the
only flashed thing in the internal flash is the bootloader.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove MPU_ALLOW_FLASH_WRITE from prj.conf and put it in
boot/zephyr/Kconfig enabling it only for every ARM_MPU
equipped device.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Make RX buffer size configurable for UART. Allow incoming
interrupts while copying data out of that buffer.
Signed-off-by: Marko Kiiskila <marko@apache.org>
This adds bootutil support for slots on different flash devices
the happen to have different sector sizes.
It consists basically in relaxing the `boot_slots_compatible` to
allow swaps as long as the sectors that are required to fit both
images are able to fit inside scratch and both slot's sectors have
sizes that are multiple of each other.
This is now tested on the simulator and was tested in a Nordic's
pca10056 using slot0 in internal flash, and slot1 in the external
QSPI flash, configured with 4K, 8K and 16K sized sectors (the HW
is 4KB but Mynewt allows emulating multiples of that!)
Signed-off-by: Fabio Utzig <utzig@apache.org>
For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not
enough to allow for the calculations done by RSA-2048-OAEP (encrypted
images), so when encrypted image support is enabled, increase it to a
value that is known to work.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Encrypted images were known to be failing when the header size was larger
than 256 bytes because of incorrect handling of blocks sent to decryption
and hashing routines. An assert was previously added to check the header
and read block sizes matched to avoid incurring into the know error, but
it was incorrectly enabled also for non-encrypted images.
Now the handling of the header, which is not encrypted, is correctly
separated from the handling of the remaining image, when encryption is
used, to avoid ever sending header data into the decryption routines.
Signed-off-by: Fabio Utzig <utzig@apache.org>
zephyrproject-rtos/zephyr#11180: Zephyr target was corrupted as
recently zephyr's device tree started adding DT_ prefix in
generated labels.
This path aligns flash name macro used.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add a hidden MCUBOOT config entry to mark a project as MCUBOOT.
It is useful when other parts of the system need to be aware
that they are, in fact, the bootloader.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
This commit adds a project configuration for the upcoming
nrf52840_pca10059 board.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This commit adds a choice for the device to use for serial recovery.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fixup
This adds a mbedtls config that will enable the simulator to run tests
for the kw based encrypted images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This allows storing encrypted images in slot1, that are automatically
decrypted when copying to slot0 and re-encrypted when copying from slot0
to slot1.
The encryption works by applying AES-CTR-128 on the image blocks
(excluding the header and TLVs) using a random key. This random key
is itself encrypted using either RSA-OAEP-2048 or AES-KW-128 (AES keywrap
as defined by RFC3394), and appended to the image as newly defined TLVs.
AES-CTR-128 was chosen primarily for having stream cipher proporties,
which basically means that any block being encrypted/decrypted does not
depend on any other previous blocks results.
The TLV adds about 256 bytes to the image in RSA-OAEP-2048 mode, and 24
bytes in AES-KW-128 mode. Resulting sizes for a Mynewt generated mcuboot
(frdm-k64f):
- swap mode and no signing: 12KB
- adding encryption with RSA-OAEP-2048: 28KB
- adding encryption with AES-KW-128: 20KB
Some extra comments:
- AES-KW-128 requires a fairly new mbedtls with nist_kw support.
- An alternative methods which could be added later are ECIES.
- Key-wrapping seems easy enough to implement using just standard
AES-ECB mode that it should be straight-forward to also add support to
tinycrypt.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Implementation of flash_area_read_is_empty introduced recently
uses deprecated hal_flash_read API which caused build failure.
This patch uses zephyr's native flash_area_read() API which
solves the bug.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Mynewt has recently added an encrypted flash layer driver, that runs
transparently on any flash, handling reads and writes, and bypassing
other flash operations to the HW driver. As a result of this change,
checking for erased data cannot be done by read + compare to erased_val
but need to be routed to an empty check on the lower level. To do this
Mynewt added a new flash_map function called "flash_area_read_is_empty"
which checks for erased blocks (and reads/decrypts the data as well).
This commit uses `flash_area_read_is_empty` to determine if magic,
flags and swap status are erased. For Zephyr/sim commits were added
previously that mimic this functionality by simply doing the
read/compare.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This compliments the previous change on `image_ok` and also removes
`flash_area_erased_val` call that is not needed anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
It was impossible to set confirm flag due to incorrect comparison.
In this point of time state->image_ok is already decoded and contains
one of following values:
If BOOT_FLAG_UNSET then we are ok to set a confirm flag.
Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>
This will fix#335 by defining the array size of the magic word and
give it to the relevant functions.
Signed-off-by: Hovland, Sigvart <sigvart.hovland@nordicsemi.no>
For Zephyr assume flash is always erased to 0xff. This allows backward
compatibility of the new flash erased to 0 support.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This extends mcuboot to allow use on devices which don't follow the
typical erased at 0xff. This was tested on some previously supported
devices (erased at 0xff) and STM32L1/L0 which are erased at 0.
Signed-off-by: Fabio Utzig <utzig@apache.org>
MCUboot doesn't need mbedTLS's entropy code (you don't need random
numbers to check a digital signature), but it enables it. This causes
really scary warnings when building entropy.c, since the test entropy
source is enabled:
[113/197] Building C object zephyr/ext/lib/crypto/mbedtls/CMakeFiles/ext__lib__crypto__mbedtls.dir/library/entropy.c.obj
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:31:2: warning: #warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " [-Wcpp]
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:32:2: warning: #warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " [-Wcpp]
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:33:2: warning: #warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " [-Wcpp]
#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
^~~~~~~
Delete the bits of the mbedTLS configuration that compile this
file (along with some testing code we don't care about either) to
clean up the warning. This looks like copy/paste code from the initial
mbedTLS config import into MCUboot.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Various Zephyr boards (I'm looking at you, every-single-nRF-board)
set CONFIG_BT_CTLR=y as well as CONFIG_BT. Make sure it's disabled for
MCUboot's default prj.conf, where it's not needed and has been causing
very verbose Kconfiglib warnings:
warning: BT_CTLR (defined at subsys/bluetooth/controller/Kconfig:10) was assigned the value 'y' but
got the value 'n'. You can check symbol information (including dependencies) in the 'menuconfig'
interface (see the Application Development Primer section of the manual), or in the Kconfig
reference at http://docs.zephyrproject.org/reference/kconfig/CONFIG_BT_CTLR.html (which is updated
regularly from the master branch). See the 'Setting configuration values' section of the Board
Porting Guide as well.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Emanuele Di Santo