Commit Graph

15 Commits

Author SHA1 Message Date
Jamie McCrae 212997395e zephyr: firmware/single_loader: Fix compile warning
Fixes an issue of an unused function calling an undefined function

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-12-07 10:43:58 +00:00
Jamie McCrae c9fa60886b boot: boot_serial: Fix issue with encrypted second slot images
Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-08-09 07:45:22 +01:00
Jamie McCrae 8a8a24199a zephyr: single_loader: Fix typo
Fixes a typo with a variable name.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-06-05 09:45:27 +01:00
Dominik Ermel 68dcc0ee10 zephyr: single_loader: Switch to flash_area_get_sector
Use flash_area_get_sector instead of flash_area_sector_from_off.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-03-14 08:13:20 -06:00
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Andrzej Puzdrowski 2b822276cd zephyr/single_loader: make decription working flash
Decryption buffer was fixed to 1024 which imposes failure
while attempting to decrypt bigger image chunks, which is
expected on memories of bigger erase-block-size.

This patch attempt to get teh proper buffer size basing on
SOC's nv flash node.

fixes #1310

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2022-02-24 07:52:32 -07:00
Wouter Cappelle bb7a39d114 Add config option for caching of validation state of an image in primary slot for single loader
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-02-09 13:31:56 -07:00
Wouter Cappelle 7679215d00 single_loader: zephyr: Fix compilation with VALIDATE_PRIMARY_SLOT enabled
Fixes compilation when VALIDATE_PRIMARY_SLOT & SINGLE_APPlICATION_SLOT
are enabled.

Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-01-20 19:54:29 -03:00
Wouter Cappelle 953a76180d Add support for signed images in single loader mode
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
2022-01-13 14:05:30 -07:00
Carlos Falgueras García a4b4b0f0a9 bootutil: Refactor MCUBOOT_LOG_MODULE_(DECLARE|REGISTER) macros
The "MCUBOOT_LOG_MODULE_(DECLARE|REGISTER)" macros should have a name
coherent with the rest of the logs macors, ie "BOOT_LOG_*". Also,
"bootutil_log.h" should define them as empty when the logs are disabled and
as "MCUBOOT_LOG_MODULE_*" when they are not.

With this change, the mcuboot user doesn't have to define
MCUBOOT_LOG_MODULE_* macros if the logs don't going to be used.

Signed-off-by: Carlos Falgueras García <carlos.falgueras@wslw.es>
2021-07-21 11:47:58 +02:00
Dominik Ermel 036d52131b zephyr: Switch single loader to use flash map getters
The commit changes single loader code that has been accessing
flash_area type object directly, to use the new getter functions.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-07-06 14:42:53 -06:00
Dominik Ermel d8db02589f boot/zephyr: Improve badly written comment
The comment on why first parameter to bootutil_img_validate is allowed
to be NULL, in boot_image_validation of single_loader.c, has been
rewritten.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-10-07 14:47:34 +02:00
Andrzej Puzdrowski 907476d701 boot: remove direct fih delay rng inclusion
Direct inclusion of "bootutil/fault_injection_hardening_delay_rng.h"
might cause linking collision as this header belongs to `FIH_ENABLE_DELAY`
mode.
This header is already included by "bootutil/fault_injection_hardening.h"
appropriately.

fixes #831

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-10-07 13:50:16 +02:00
Tamas Ban ee6615def0 boot/zephyr: Add fault injection mitigation
Add software countermeasures against fault injection attacks.

Change-Id: I82f2d6b529ee2bd8d58ec6d5302c01680b4fd483
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
2020-10-02 07:31:11 -03:00
Dominik Ermel 8101c0cd4e boot/zephyr: Allow single image applications
The change enables usage of single image applications. This can be used
when user does not need multiple boot images and wants to use more flash
are for main application or other purposes.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2020-06-04 13:50:34 -06:00