Commit Graph

1117 Commits

Author SHA1 Message Date
Fabio Utzig ccc0280dd8 boot: zephyr: tabs -> spaces in CMakeLists.txt
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 42cc29abfe boot: zephyr: add ECIES-P256 configuration
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig c67dd70423 boot: mynewt: add config for ECIES-P256 encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 7a3b2605ac imgtool: add creation of ECIES-P256 encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig b3f058c0ef docs: describe ECIES-P256 encrypted image support
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Iosif Macesanu 2d18f2577b boot: zephyr: boards: add Actinius Icarus board
Add Actinius Icarus board configuration to be able to enter serial
recovery mode

Signed-off-by: Iosif Macesanu <iosif@actinius.com>
2019-11-04 14:37:07 +01:00
Ruth Fuchss 4023d62849 docs: add link to encrypted_images.md and cleanup
Add a link to the topic about encrypted images to the start page.
Clean up the existing links to make the table of contents more
consistent.

Signed-off-by: Ruth Fuchss <ruth.fuchss@nordicsemi.no>
2019-11-01 13:10:41 -03:00
Ruth Fuchss 721cdbc49e docs: add missing heading
Add an H1 heading to encrypted_images.md.

Signed-off-by: Ruth Fuchss <ruth.fuchss@nordicsemi.no>
2019-11-01 13:10:41 -03:00
Fabio Utzig f5556c3eba imgtool: fix header padding value check
Commit 9117fded47 added support for
supplying an `--erased-val`, which defaults to 0xff. When padding a
header, the checks were still validating against 0, which is the
value used for padding by the Zephyr build system. Now when the
user passes `--pad-header` this check is skipped (we already know
the contents).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-31 12:10:31 -03:00
Sam Bristow d0ca0ffc27 Fix up typos
Ran automated checker for common typos [1]. Most of these changes have
no functional change *except* for `./ci/sim_run.sh` where, previously
the `bootstrap` feature wasn't being selected properly.

I didn't touch anything in the `./ext/` folder as anything in there
should probably be fixed in the upstream repo.

[1] https://github.com/codespell-project/codespell

Signed-off-by: Sam Bristow <sam@bristow.nz>
2019-10-30 06:24:10 -03:00
Andy Gross 441e997891 mynewt: Make cflags consistent for if or ifdef usage
This patch changes the cflag entry for MCUBOOT_MYNEWT to make it
consistent when using #if or #ifdef.

Signed-off-by: Andy Gross <andy.gross@juul.com>
2019-10-21 17:22:34 -03:00
Fabio Utzig e47ccd63df mynewt: allow overriding the startup routine
Add a new Mynewt option that allows for overriding the default
`hal_system_start` routine; this allows for startup customizations
required by some BSPs.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-21 17:21:27 -03:00
Fabio Utzig e5ac82797f imgtool: release 1.5.0alpha1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 8828280d5d imgtool: fix typo in flag name
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 2269f47eb4 imgtool: Add complete trailer to HEX images
When generating HEX output, instead of just adding the `magic`, also add
the whole trailer (with erased value). This allows for HEX writing tools
to erase the trailer region, avoiding possible issues when garbage
exists there.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
Fabio Utzig 9117fded47 imgtool: add erased-val cli option
Add `-R`/`--erased-val` CLI option when creating images, which accepts
a value to be used for padding. This is useful when creating images
that run in devices that have flash erased to some value different
from 0xff (like STM32L0x and STM32L1x that have 0s).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-17 20:00:47 -03:00
David Brown f5c5dd0d90 Revert version.yml after release
Needed by the MyNewt build/release process.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-17 15:47:38 -06:00
David Brown ac55554059 Prepare for v1.4.0 release
Update release notes and various version stamps.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-17 15:47:38 -06:00
David Brown d7581779d8 Prepare for release v1.4.0-rc2
Update version stamps as well as the release notes.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 14:50:09 -06:00
David Brown 9bf95afd43 boot: Check overflow/bounds on image header size
Before using the image and header size fields from the image header,
verify that both of these values are sane.  In this case, sanity means
that there is no arithmetic overflow when they are added, and that the
result is within the bounds of the containing flash region.  This is
done in addition to the check of the header's magic number.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:41:01 -06:00
David Brown effb06e367 boot: Add overflow-safe 32 and 16-bit add functions
To facility better checking for integer overflow, add these two
functions to add while checking for overflow.  If the result overflows,
they will return an error, instead of performing the addition.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:41:01 -06:00
Fabio Utzig c7fe3b061e Document imgtool release process
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-15 12:35:01 -03:00
Fabio Utzig edbabcf623 imgtool: allow address adjustment in output hex
Add a new flag `-x` (or `--hex_addr`) which adjusts the memory address
where this file has to be written to. This is useful when generating
upgrade images that will go to the secondary slot, in cases where the
user is not using mcumgr or some other delivery mechanism, and has to
manually adjust the addresses using `objcopy`.

Also when using hex files, image padding now only adds a segment with
the magic at the end instead of filling the whole output with `0xff`.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-15 12:32:33 -03:00
David Brown 1318938006 Upgrade mbedtls submodule to 2.16.3
Upgrade the referenced mbedtls submodule to 2.16.3, the latest stable
release as of this commit.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown f984b95735 Move mbedtls submodule from sim to ext
Move the external mbedtls submodule out of the sim/mcuboot-sys directory
into the ext directory.  This will allow the same copy of mbed TLS to be
used by other board support packages, instead of having to make a
duplicate clone.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
David Brown b748f6fa2a Rename ext/mbedtls to ext/mbedtls-asn1
The ext/mbedtls directory has a copy of the ASN.1 parser from the mbed
TLS library.  To allow a future change to bring the entire mbed TLS
library in as a submodule under ext, rename this to mbedtls-asn1 to make
it clear this is only a subset.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-15 09:29:20 -06:00
Fabio Utzig 1b7777b476 Fix CVE-2019-16892
https://nvd.nist.gov/vuln/detail/CVE-2019-16892

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-15 12:28:34 -03:00
Fabio Utzig ecbea70ba4 Fix overflow in offset variable
In the TLV iterator code a variable is used to save the offset in flash
where the protected TLVs end; this was declared as uint16_t and could
easily overflow so fix it by updating the type to uint32_t.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-15 12:27:00 -03:00
Fabio Utzig f0131cd5b7 imgtool: add mailing list email to setup
Seems like pypi.org is not accepting "None" for email anymore, so this
just adds the mailing list in case someone needs to contact the project.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-12 18:47:05 -03:00
Andrzej Puzdrowski f000480409 zephyr/serial_recovery: fix serial device binding
zephyr changes the way in which it provide name of
serial device used by serial recover.
see: https://github.com/zephyrproject-rtos/zephyr/pull/18752

This path introduce build time configuration of device name
which is set to exact the same device which was set before.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-10-11 12:11:59 +02:00
Vipul Rahane 7138e354c1 apps: update dependencies & syscfgs as per mcumgr
- Changing dependencies and syscfgs as per mcumgr changes

Signed-off-by: Vipul Rahane <vrahane@gmail.com>
2019-10-10 18:03:59 -03:00
David Brown 4d0c5fa488 Release notes for 1.4.0-rc1
Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-08 10:45:14 -07:00
David Brown 37b96e7aab docs: Fix formatting of security document
Markdown considers a block of indented text after a list item to be part
of that list item.  Insert a small piece of text at the top level to
prevent that.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-08 10:45:14 -07:00
David Brown 0d98a9c2b0 docs: Create initial security policy
Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-08 08:56:53 -07:00
Håkon Øye Amundsen 954dd2b8ed kconfig: add option for multi image
To enable multi image support in mcuboot one needs
to set the 'UPDATEABLE_IMAGE_NUMBER' config.
Add this to zephyrs MCUBoot kconfig to allow this.

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2019-10-07 11:39:23 +02:00
David Brown 2b8a695be1 Convert BOOT_MAGIC_SZ to #define
Convert this `extern const uint32_t` to a simple define.  Provide an
accessor function so that the simulator is able to access the value as
well.  This has a minor improvement on the generated code within MCUboot
itself.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
David Brown e0bb1f956f Change BOOT_MAX_ALIGN to #define
BOOT_MAX_ALIGN is defined as

    extern const uint32_t BOOT_MAX_ALIGN;

and is assigned a value in a single file.  This causes extra work when
this is used as the size of a local variable in a function.

The value was made a constant in order for the simulator to be able to
access the value.  Instead of making it a "real" constant, keep it as a
define, unifying the value of FLASH_MAX_ALIGN and this one, and provide
an accessor function for the test code to be able to access this value.

This causes a minor improvement in the code generated in
`boot_write_status`, but more importantly, eliminates a VLA from the
code, which increases the possible compilers supported by MCUboot.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-10-02 10:17:22 -07:00
Fabio Utzig 510fddb8e0 imgtool: update to new protected TLV format
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig 649d80f685 imgtool: fix trailer size calculation
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig 2f6c164f9a sim: fix flash padding to use erased val
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig ea3d3abe5f sim: add protected TLVs to hash calculation
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig e52c08edf0 bootutil: update to new protected TLV format
Implements the validation system where hashing is performed over header
+ payload + protected TLVs.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig fd140ecef2 New protected TLV format proposal
Updates the protected TLV specification to have their own TLV info struct,
to ease hashing without having to skip parts of the image, while adding the
ability to append new non-protected TLVs.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 18:30:05 -03:00
Fabio Utzig ea34f9a77b Fix Mynewt boot_serial unittest
The boot_serial test was failing build because it hadn't been updated to
use new multi-image flash area nomenclature. This fixes the build.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-10-01 17:36:12 -03:00
Fabio Utzig 61fd888a7f Add TLV iterator API
This introduces an API which allows for iteration over an image's TLVs
without resorting to low-level implementation details. All previous TLV
low-level handling was updated to comply with this new interface, and it
also makes it easier for external code to handle TLVs.

The API provides two functions:

1) To start a new iterator:

```
int bootutil_tlv_iter_begin(struct image_tlv_iter *it,
                            const struct image_header *hdr,
                            const struct flash_area *fap, uint8_t type,
                            bool prot);
```

2) To iterate over existing TLVs of given type:

```
int bootutil_tlv_iter_next(struct image_tlv_iter *it, uint32_t *off,
                           uint16_t *len, uint8_t *type);
```

A type of IMAGE_TLV_ANY was added to allow for iteration over all TLVs.

Low-level TLV access functions were removed from API, but low-level
structs are still visible in the namespace.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-18 07:38:50 -05:00
Fabio Utzig 4f0ea747c3 Fix pep-8 (long line)
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Fabio Utzig b916e8dbb0 Fix author_email UNKNOWN in pip show
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Fabio Utzig 25c6a1590a Add versioning to imgtool
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-17 14:03:58 +02:00
Marti Bolivar 99ec383ea1 bootutil_misc: fix printf types in log macros
Upstream PR #547

The recent changes to these are tripping GCC printf-like macro
attribute warnings on my platform. Just cast all the values to ulong
to make everybody's compilers happy.

Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
2019-09-13 15:54:36 -06:00
Fabio Utzig e575b0b8ef Add macro to check if swap_type is an upgrade
This allows refactoring a check that was done in multiple places looking
for the same swap types.

Also fixes an issue where dependency checks would be run if a swap type
had a value that indicates fail.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-12 14:08:35 -03:00