Updates to use the zephyr docker image version 0.26.4 which
includes the zephyr SDK 0.16.1, and resolves build issues with
recent zephyr changes.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Replaces the auto-generated decoding/encoding files with inline code
for encoding/decoding cbor data structures, this adds the benefit of
allowing the elements to be in any order and reduces code size. To
accommodate this, zcbor_bulk has been imported from Zephyr.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Mynewt used to have copy of nrfx.
Now nrfx is taken from original repository and since some CI
targets want to build for NRF MCUs nrfx repository nees to be
downloaded.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Fix a local variable name typo in parse public key function
for the PSA Crypto abstraction, and at the same time put the
memcmp under ifdefs.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Icadca37e4207ad703a853ea720a053aa2ba76411
This reverts commit 78135ee6eb
as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary.
Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7
Signed-off-by: David Vincze <david.vincze@arm.com>
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.
Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
Switch from toml to tomllib when supported, Python 3.11+, and fallback to
using tomli instead of toml otherwise.
Signed-off-by: Fabio Utzig <utzig@apache.org>
BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE is a universal define
that should be moved into a common area of the header
instead of repeating it for every abstraction that needs it
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I21e7511218d0dafac8b7337715932c6564d7c3a1
Fixes in the ecdsa.h abstraction layer:
* Align indentation of parameters to the opening bracket of the function
* Remove inline in some of the bigger functions of the PSA Crypto abstraction
* Fix the prototype of ecdsa_verify for the PSA Crypto abstraction
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I28e1be83bc1a16fdf8b796f89c002528b1bd7791
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
Extend the ecdsa abstraction layer to support P384 curves
during parsing the public key and the signature.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I05e9b27b1809352a6115184ef16c95dc8b6d2a40
To keep a single ECDSA abstraction to support both existing
modes and PSA Crypto APIs, merge the contents of ecdsa.h
into ecdsa_p256.h
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I08b4a42d87c491badfee3ec4579bd2a23a80602d
The ecdsa abstraction layer header does not have a license header.
Add it in preparation for the merge with ecdsa.h
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ibb906c7f6bb3b50387e4816e1a95b31d3c8b515f
Add a dedicated signature validation module for generic ECDSA signatures,
and a corresponding cryptographic abstraction backend based on PSA Crypto
APIs. This signature verification backend is enabled by defining the
option MCUBOOT_SIGN_ECDSA
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I47da70629da0a5681ec7c4dcceed875a997b071b
Remove those TLVs that are tied to a specific curve and modify the
code to use the new generic ECDSA TLV.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
Add support to the simulator so that
the generic ECDSA TLV can be tested.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
Add backwards compatibility to the imgtool to support
the old curve specific TLVs. Currently only ECDSA256 needs this.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I275894ebc713ea8adcaab4198b036c41233b11e8
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147
Create a new generic ECDSA TLV type that can be used
to store any signatures irrespective of the curve type.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I2aeb885251fd25e23f5430328b8cc64b8cc8d7be
The stm32 defines is somewhat redundant due to the generic watchdog
defines which uses the watchdog0 alias. Therefore they are removed in
this commit.
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
The Zephyr watchdog API defines a setup function. This function needs to
be executed before the watchdog is functional in some cases. This commit
adds MCUBOOT_WATCHDOG_SETUP when using the generic watchdog0 alias
otherwise it is an empty define.
Fixes https://github.com/mcu-tools/mcuboot/issues/1659
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
For bootutil_verify_sig the declaration expects fih_ret
as the return type not fih_int, this has now been fixed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If5943758bebdbf401b1eb387de334fa19a3a7781
When using CDC only and CONFIG_SERIAL is not enabled in Zephyr,
but there is chosen zephyr,mcumgr-uart, the chosen
takes precedence over CDC and directs MCUmgr to that uart.
This causes two issues: first the CDC is ignored if chosen exists,
and makes build fail because drivers are not built.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commit provides boot_set_next function that allows to set next
application slot to boot by flash area object pointer, describing
the slot.
The function also takes active which is supposed to indicate whether
running application is being set for next boot and confirm parameter
that allows to confirm the image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds a bootloader serial recovery entrance mode that will allow
recovering a module if there is no application that can be booted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional entrance method for mcuboot's serial recovery by
using Zephyr's boot mode retention system, this allows for an
application to set the retained data and reboot into the bootloader.
This also adds a selection of how to enter serial recovery mode, it
no longer requires having a GPIO entrance mechanism. Entrance
methods have been added under a new Kconfig menu.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The current ECDSA-P256 implementation code contains
a lot of code that is tied to a specific condition being met.
The aim of this commit is to cleanup the main verification
logic to be unified between crypto backends and move the
conditional code where it is relevant.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I06b050a263b2b88b08708defb6aa1001a08ba2ae