Adds a note that flash open failing will cause the bootloader to
panic and now prints a verbose error out when this happens
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a note on the reworked boot serial extensions features which
now allows modules to add handlers
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This allows for out-of-tree modules to define their own boot serial
functions by using iterable sections.
Note that this also removes the custom img list command, which was
not used in-tree.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds support for sharing the direct-XIP MCUboot mode with revert
to applications using shared data
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a note that Zephyr can now use the retention subsystem to
share information with applications about MCUboot's configuration.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds the ability to share mcuboot configuration with the
application using Zephyr's retention subsystem.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This fixes a build error when PSA Crypto API is being used
as it has no need for bootutil_import_key but it's included
currently since it's allowed to have both Mbed TLS and PSA defined.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If38d3011fc4fa2d317f8be65df9e231d7d57dcbf
Adjust secure boot and flash encryption after IDF v5.x updates.
It also allows to enable secure boot on ESP32-C2.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Fixes 2 issues, one whereby multiple slots were checked despite
operating in single slot mode, and another whereby decrypted
images would not appear on serial recovery image listing, due
to assuming that the images were still encrypted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue whereby multiple commands are received and some
are still being processed. This generally arises when a response
takes a long time (e.g. when image decryption is required),
duplicate commands will now send multiple responses but avoids
the bug of future commands being sent to which previous responses
are received.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Add ECDSA verification tests to the CI using the PSA Crypto API
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I904c8929f355ec791ff28ac7c3e0ca3832b2403d
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm. However, MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I364eefe334e4fe6668b8a3b97991b5dbb0c80104
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm, but MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I59230f76f88e0b42ad6383b2c9b71b73f33d7dd7
Fixes an include which is needed for multiple options by just
always including it, and fixing the path so it can be included.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Make MINIMAL_LIBC as default for MCUboot app build instead
of picolibc. Footprint is lower and no need to
MULTLTHREADING enabled for SoC build.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
This adds support for indication LED option (MCUBOOT_INDICATION_LED) in
the timeout based recovery. Configured LED will be enabled when entering
the recovery and disabled after selected timeout (if no mcumgr command
was received).
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
webrick needs to be installed for ruby versions >3, which should ease
local testing for someone running newer versions. This is compatible
with running on ruby 2.7.4, the version used on github pages.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This plugin enables jekyll to display emojis; the version added matches
current on github-pages (https://pages.github.com/versions/)
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fix documentation issues for the rendering of the Espressif README
page. No content is changed with this commit, but formatting and
line breaks are set to approximately 100 columns.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fixes building the bootloader with serial recovery mode and boot
serial extensions enabled due to changes in Zephyr's MCUmgr file
and naming changes.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
CMSIS glue code is now provided by the CMSIS Zephyr module in
<cmsis_core.h>. Header is generic for M/A/R.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The commit moves the flash_area_id_to_image to section compiled
only when not in DirectXIP mode, to prevent warnings about unused
static functions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds DirectXIP version of bootutil boot_set_next
function.
The function is enabled by configuration option:
MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Builds in the default zephyr mode (optimised for size) which
saves about 6KiB of flash on a default nrf52840dk build.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Improves the Kconfig layout for encrypted image support and allows
using key files instead of just using a pre-defined, insecure dummy
key.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>