BOOT_STATUS_ASSERT increments the variable if the macro argument
is evaluated as true, which is incorrect behavior compared to the
ASSERT macro.
Signed-off-by: Johann Fischer <j.fischer@phytec.de>
Upstream zephyr will automatically link mbedtls when CONFIG_MBEDTLS is
enabled.
If user chose to use ECDSA_P256 as signature type, will get a compile
error message in file ${ZEPHYR_BASE}/ext/lib/crypto/mbedtls/zephyr_init.c:
fatal error: config-asn1.h: No such file or directory
Fix this by disable CONFIG_MBEDTLS when ECDSA_P256 signature type is
selected.
Signed-off-by: Ding Tao <miyatsu@qq.com>
In 2f8f06aa25
commit 2f8f06aa25e9d5ee4fc9fe217543c872b39e4d05
Author: Hanno Becker <hanno.becker@arm.com>
Date: Fri Sep 29 11:47:26 2017 +0100
Don't always recompute context length in mbedtls_rsa_get_len
mbed TLS begins assuming that the 'len' field of the context has been
set properly. Previously, we relied on this not being true, and various
tests fail for all keys without setting this.
The fix is to simply set the length based on the value we read.
fixes#235.
Signed-off-by: David Brown <david.brown@linaro.org>
The upstream Zephyr project is renaming FLASH_DRIVER_NAME to
FLASH_DEV_NAME as part of some changes related to device tree.
Work around this for now by keeping the MCUboot name the same if
FLASH_DRIVER_NAME is not provided by Zephyr, but FLASH_DEV_NAME is.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
It's recommended practice to mass erase the flash chip before
reflashing mcuboot. Add a configuration option for Zephyr which does
this by default on some Zephyr runner backends which can support
this (pyOCD and dfu-util). Additional runners can be added as needed.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
When the target doesn't have good enough generic support for MCUBoot,
you can specify the flash layout etc on a per-board basis by creating
a header, boot/zephyr/targets/BOARD.h.
The build system tries to pick this up, but isn't doing it
correctly. Fix it.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Since the Kconfig file was moved in 51a0921006 ("zephyr: Move Kconfig
file to boot/zephyr"), the CMakeLists.txt reference to it needs updating.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Since not all ICs default to enabling flash page layout, enable it from
the MCUboot Kconfig options whenever it is available.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Add a new MCUboot device settings option that enables or configures
features that are specific to a particular device.
Additionally enable software vector relay in Cortex-M0 CPUs that do not
have a hardware mechanism to relay or forward interrupts.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Since the Kconfig file is only relevant to Zephyr, move it from the root
folder into boot/zephyr, in order to keep all Zephyr-related files
together.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
When a relative path was used the build would fail when CMake was
invoked with the -B -H flags. Using an absolute path for the
dts.overlay flags fixes#187.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Since boot_read_image_headers only failed when reading headers from
both Slots failed, it could happen that even with a failure reading
Slot 1, this data would still be used by split booting. Now when
reading image headers an extra parameter allows the caller to ask
for failure when any slot read failed.
JIRA: MCUB-56
Signed-off-by: Fabio Utzig <utzig@apache.org>
Assertions that are expected to fail under sim test, are now marked as such
using the macro ASSERT which allows to programmatically switch between normal
assert() behavior and captured assertion.
Assertion changes were moved to more appropriate owners and code duplication
was removed.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The rationale behind this change is that while performing a swap
operation, writes to the status area are not important enough
to abort the operation. If the swap is not interrupted, status
writes are ignored. If the swap is interrupted, failures to write
status area are detected during the next boot and an appropriate
measure is taken.
If MCUBOOT_VALIDATE_SLOT0 is set we ignore the status write fail
and allow slot0 to be validated by its hash/signature. Otherwise,
the old behavior is maintained, which is to abort on any write
failures.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When building in simulator mode, mock assert() to call an simulator
function which will enable other code to check if some path failed.
The assert checking interface, was added to boot_go which now
returns the low-level invocation results as well as the number of
asserts triggered.
Some new added tests check for assert() and expect it to happen. To not
abort tests, assert() was changed under sim env to not call c assert()
and instead just do some internal calculation which could be checked
by the simulator after a bootloader run and assert() catching behavior
was made optional (each test choses the behavior it needs).
Signed-off-by: Fabio Utzig <utzig@apache.org>
When using EC256 for signing, Zephyr now uses the bundled tinycrypt
and mbed-tls ASN1 parser instead of relying on the one provided by
the OS.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This fixes a comparison issue that was previously fixed by doing a
cast. Since tinycrypt and mbed-tls both already use an unsigned for
the size, the mcuboot interface was updated to also use an unsigned
value (size_t to be more precise!).
Signed-off-by: Fabio Utzig <utzig@apache.org>
This enables building ecdsa feature using tinycrypt (mbed still built
for ASN1). The default mbed-tls config was update to use the MCUBOOT_SIGN_*
symbols.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch introduced serial bootloader functionality ported
from mynewt targets tree.
For achieving this following changes were applied:
- Modified boot_serial module for using, zephyr-os modules
(crc driver, mbedtls-base64 library) and the zephyr serial adapter module
introduced recently.
- Added service of boot serial recovery mode to main.
- Adapted the input parser to using static buffers.
Default serial-boot-pin configuration was added for nrf52_pca10040
and nrf52840_pca10056 boards.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The library is needed for support mcuboot serial recovery interface.
This library wraps the tinycbor decoder with a attribute based decoder
suitable for decoding a binary version of json.
Origin: apache Mynewt
License: Apache-2.0
URL: https://github.com/apache/mynewt-core/tree/master/encoding/cborattr
commit: bf4b3f6f4cf293fc5a71d7787d5b81555434b6f8
Maintained-by: External
f. cbor_read_mbuf_attrs was removed as it was Mynewt specific.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The library is needed for support mcuboot serial recovery interface.
Tinycbor lib from mynewt is imported because it is already modified for
Add tinycbor library for zephyr
mcuboot serial recovery protocol.
Origin: apache Mynewt
License: Apache-2.0
URL: https://github.com/apache/mynewt-core/tree/master/encoding/tinycbor
commit: bf4b3f6f4cf293fc5a71d7787d5b81555434b6f8
Maintained-by: External
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Serial adapter uses the zephyr UART driver in interrupt mode for
providing communication capabilities needed for the boot serial
recovery mode.
This module provide API similar to mynewt console module.
Serial adapter module can not be compiled along with
the zephyr uart console module so this case is checked.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixes warnings treated as errors when upgrading gcc crate to 0.3.54.
Warnings are due to non-used variables and comparison between signed
and unsigned.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When not validating slot 0, we could be booting into an empty
chip. This means we jump based on garbage data.
Try to make this better by at least checking the magic number. Without
this patch, booting with just the bootloader fails the Zephyr release
tests.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The Zephyr configuration was enabling the memory buffer allocator (but
not using it) without defining enough other features to allow it to
compile (undefined reference to `exit()`).
Disable the memory buffer allocator when just using the ASN.1 library,
and conditionalize the heap itself to avoid using the RAM for that.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of the overly-simplistic allocator in Zephyr, use the still
simplistic allocator in mbed TLS.
On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes
of bss.
Signed-off-by: David Brown <david.brown@linaro.org>
This add a new option to overwrite-only mode that enables copy/erase of
only the amount of sectors that are required to store the source image.
This is enabled by default when overwrite-only mode is used.
MCUB-70
Signed-off-by: Fabio Utzig <utzig@apache.org>
Zephyr now has proper page layout APIs in its flash driver. Use these
to implement flash_area_get_sectors() and flash_area_to_sectors() when
they are available. Leave the existing implementation behind as a
"legacy" version, for flash drivers which lack page layout support.
This lets us obtain all the target support we need for nRF and STM32
targets entirely from the operating system.
There are two cases where OS-level support is still not enough:
- NXP K6x targets still need an SoC family header, because their flash
driver does not yet support CONFIG_FLASH_PAGE_LAYOUT.
- The arduino_101 target needs partition and flash alignment
definitions in its DTS, and a flash driver with page layout support
as well, so its board-specific header must remain for now.
Fixing these is left to future work. Once that is done,
boot/zephyr/targets/ can be removed completely.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Zephyr now provides defines for FLASH_DRIVER_NAME and
FLASH_WRITE_BLOCK_SIZE (which is what we call FLASH_ALIGN) in
the SoC headers for most targets supported by mcuboot. Use that
information when it's available, falling back on MCUBOOT_TARGET_CONFIG
otherwise.
The soc_family_foo.h files remain for FLASH_AREA_IMAGE_SECTOR_SIZE. A
subsequent patch can remove these files when the relevant SoC flash
driver provides a page layout.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This cleanup commit requires a bit more target-specific knowledge
that's a bit harder to read than board-specific headers, but it's
still an improvement over what we have now.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
All of the information we need is in DTS or is the same across all
boards in the SoC family. There's no need for board-specific headers
for these targets.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Commit 4094813 ("zephyr: force mcuboot to fit in the boot partition")
added a DTC overlay file that breaks the build on arduino_101. That
board doesn't have its flash partitions defined in DTS.
Keep things working for now without allowing other issues to creep in
on ARM targets by excluding the chosen node on x86 targets only.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This function is unused in overwrite-only mode. Clang seems to catch
this, whereas gcc does not. Add the proper ifdefs so that the
simulator tests all pass on MacOS.
Signed-off-by: David Brown <david.brown@linaro.org>
Fabio Utzig