Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.
MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
The normal simulation test takes several hours to run on most machines. Allow a
few very slow tests to be skipped by setting the environment variable
`MCUBOOT_SKIP_SLOW_TESTS` to some value. For obvious reasons, this shouldn't be
done if these power failure simulation tests are needed.
With this change, on my desktop Linux machine, the test time with the skipping
goes from about 2 hours, to around 5 minutes.
Signed-off-by: David Brown <david.brown@linaro.org>
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm. However, MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I364eefe334e4fe6668b8a3b97991b5dbb0c80104
This commits reverts the changes made to cap values in 75c7c31.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ibbbf66e89d059ef4e4b45218a8a39778c849f21b
Adds new test cases to various ram-load related logic.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3a0ca951b2c720be4e6fe2ed0e5d1830fcfb240c
If ram-load is being used with encryption and
the higher version image is loaded from the primary slot the
verification will fail as the image is always non-encrypted
and will produce an invalid hash. This fix puts encrypted images
into both slots to prevent this issue.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I4ac9f332434a95d140c5572096b8a9161db2d217
This patch enables psa-crypto-api feature
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
If the psa-crypto-api feature is defined, the simulator will
initialize the PSA Crypto API exactly once. It needs also to
enable the test external RNG as the assumption is that the
PSA subsystem is configured to use MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Change-Id: Id02727b8673867ecf1e4fbbdfa3c4b6d6f98f8df
This commit adds simulator support to test the
hw-rollback-protection feature which is using
nv-counters. In the simulator they are stored in Rust
to prevent any race conditions from happening due to
the parallel execution of the tests.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I445fc50615ed1f0c06e5933b16811c24d9d302fc
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.
Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
Remove those TLVs that are tied to a specific curve and modify the
code to use the new generic ECDSA TLV.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
Add support to the simulator so that
the generic ECDSA TLV can be tested.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
MCUBoot dropped P224 curve support as
there is little interest in using it.
The simulator threw an error as P224
was never supported, this was removed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I96011e9b00dbc3a6f7590db365a5f480d85394e1
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Differentiated image trailer size for swap-using-scratch with
max-align-32 feature and without it.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Corrected the maximal image size calculation for
the swap using scratch mode. Previously the vale which
is appropriate for the swap using move mode was used.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The sim platform was sharing a few header
files with the zephyr-rtos port. This patch provides
sim own headers.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Update dependencies that don't require any code changes. This leaves
'aes' and 'cipher' which will require code changes to support newer
versions.
Signed-off-by: David Brown <david.brown@linaro.org>
Change the edition in the various Cargo.toml to 2021. There are no
changes to the code needed for this. This will require Rust 1.56 in
order to build.
Signed-off-by: David Brown <david.brown@linaro.org>
This feature check was done statically instead of dynamically in the
build.rs file. Change this to match the rest. Perhaps we might want to
change all of them to be done at compile time, but that should be done
with all of the features.
Signed-off-by: David Brown <david.brown@linaro.org>
Change the flash layout of the stm32f4 simulated device to include
sectors of different sizes inside both slots; both slots have been
updated to still share the same layout. This layout changes allow for
testing and validation that a swap with scratch is possible even if not
all sectors inside a slot are the same size, as long as they all fit in
scratch.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch prepares the simulator to execute images with a max align
value other than 8 bytes.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The encoding of ECDSA signatures is variable sized. Better support this
by allowing the TLV size estimate to be off by as much as 6, but only in
the case of ECDSA signature.
Signed-off-by: David Brown <david.brown@linaro.org>
Having profile configuration in sub crates generates a warning every
time Cargo is run. Remove these lines, as the top-level Cargo.toml file
defines these values.
Signed-off-by: David Brown <david.brown@linaro.org>
When passed `Largest`, as the image size, compute the largest possible
image for the test.
This currently fails when 'swap-move' is enabled or
'overwrite-only,large-write' is enabled. Allow this by not testing
maximal images in these cases.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of just passing in a numeric value for the image size, create an
enum that can use a given size, or supports a `Largest` size. Largest
is not implemented yet, but this gets the types in place for this.
Signed-off-by: David Brown <david.brown@linaro.org>
In order to generate images that match exact sizes, we need to know the
size of the TLV. We can estimate this size before the payload is added
(since the payload doesn't directly affect the size).
This patch adds the size estimate, and compares it with the actual TLV
size.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of setting a mutable variable and possibly assigning to it, just
set the variable to the result of the conditional.
Signed-off-by: David Brown <david.brown@linaro.org>
This enum ended up with some fields out of order. Fix the order. No
impact to the code, as each enum entry has a specific value, this just
makes the whole enum more consistent.
Signed-off-by: David Brown <david.brown@linaro.org>
When building images for testing they are aligned to a flash write size,
which works fine for flash based comparisons, but since RAM is always
reset to 0, if the flash is erased to 0xff, the final bytes of the
alignment will differ even though they are not relevant (not part of the
image itself).
This commit adds a real image size parameter to the ImageData, so it can
be used by the RAM load to compare only the relevant bits of the image
(ignore the padding), and also updates the RAM test routine to use the
correct image size.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When building mcuboot-sys, the build script currently adds some
duplicate files. When used as a library, this works, because the code
is linked in as a library. However, when mcuboot-sys is tested itself,
all specified files will be brought in, which results in duplicate
symbols for these files.
Fix this by keeping track of all of the files that we've added, and
making sure to add each file once. Additionally, instead of using the
orphaned files in mbedtls-asn1, just always use the verions in the main
mbedtls library. There are some configurations of the code that end up
using both the extracted files and the full mbed TLS. Avoid that
conflict by just always using the full tree.
Signed-off-by: David Brown <david.brown@linaro.org>
When collected together as a workspace, the test framework ends up
running all of the configurations on each project. One configuration
option `large-write` doesn't really mean anything to mcuboot-sys, but
adding support for the feature allows this package to be tested along
with all of the other packages.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of having to cd into the 'sim' directory, create a top-level
Cargo.toml file that adds the sim as a workspace.
For the most part, this doesn't change how the simulator works. It is
still possible to run `cargo test ...` within the `sim` directory.
However, the `target` directory will reside at the top-level of the tree
instead of within the sim directory.
One change is that running cargo commands at the top of the tree will
run those commands on all of the packages found within the tree.
Specific packages can be tested by either changing to the directory of
that package, or passing `-p <dir>` to the cargo test command (i.e.
`cargo test -p bootsim`).
The other visible change from this commit is that the 'target' directory
will always be at the top of the tree, rather than in particular
directory where the test is run. Any scripts or tools that expect this
to be in a certainly location, will have to be modified.
Signed-off-by: David Brown <david.brown@linaro.org>