Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
For bootutil_verify_sig the declaration expects fih_ret
as the return type not fih_int, this has now been fixed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If5943758bebdbf401b1eb387de334fa19a3a7781
When using CDC only and CONFIG_SERIAL is not enabled in Zephyr,
but there is chosen zephyr,mcumgr-uart, the chosen
takes precedence over CDC and directs MCUmgr to that uart.
This causes two issues: first the CDC is ignored if chosen exists,
and makes build fail because drivers are not built.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commit provides boot_set_next function that allows to set next
application slot to boot by flash area object pointer, describing
the slot.
The function also takes active which is supposed to indicate whether
running application is being set for next boot and confirm parameter
that allows to confirm the image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds a bootloader serial recovery entrance mode that will allow
recovering a module if there is no application that can be booted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional entrance method for mcuboot's serial recovery by
using Zephyr's boot mode retention system, this allows for an
application to set the retained data and reboot into the bootloader.
This also adds a selection of how to enter serial recovery mode, it
no longer requires having a GPIO entrance mechanism. Entrance
methods have been added under a new Kconfig menu.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The current ECDSA-P256 implementation code contains
a lot of code that is tied to a specific condition being met.
The aim of this commit is to cleanup the main verification
logic to be unified between crypto backends and move the
conditional code where it is relevant.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I06b050a263b2b88b08708defb6aa1001a08ba2ae
Add new 'dumpinfo' command that can parse a signed image and
print all the available information from the header, TLV area and
trailer in the form of a basic "image map".
The --outfile option can be used to write the image information
to an output file in serialised YAML format.
Change-Id: I99e61078946b02eefd4ac2e682583476d53e8d4f
Signed-off-by: David Vincze <david.vincze@arm.com>
MCUBoot dropped P224 curve support as
there is little interest in using it.
The simulator threw an error as P224
was never supported, this was removed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I96011e9b00dbc3a6f7590db365a5f480d85394e1
Imgtool does not provide support for P224
curve, just a placeholder function that
says it's not currently implemented.
This has now been removed as P224 support
had been removed from the boot code too.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I477d8e273085f38f35eaf9a591584f3e937d748d
Added description on serial recovery mode features and
its configuration.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
Added description on what is the serial recovery protocol
in general.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
fix
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The mcumgr packet sent over serial should be fragmented into frames of
up to 127 bytes, including 2-bytes frame start header and 1-byte for
terminating newline [1], resulting in up to 124 bytes for the base64
encoded payload.
Current implementation doesn't fulfill above requirement and transmits
single frames, without considering their length. This change introduces
support for fragmenting as defined in 'SMP over console' specification.
[1] github.com/apache/mynewt-mcumgr/blob/master/transport/smp-console.md
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Add mention of the release note requirements to the SubmittingPatches
file so that developers are more likely to see and comply.
Signed-off-by: David Brown <david.brown@linaro.org>
Add some guidelines for release notes that developers can use to create
release note snippets as features and fixes are implemented. This will
greatly reduce the work needed at release time.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit modifies selection of boot serial UART by first checking
the Zephyr chosen zephyr,uart-mcumgr and then reverting to the
zephyr,console, as a secondary candidate.
In case when both nodes are present and point to the same device,
error will be reported.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
USB DFU depends on MULTITHREADING and STREAM_FLASH, and these
should be explicitly selected.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
__packed may not be available in all environments. In such
case just fallback to __attribute__((__packed__)).
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Currently if max-align > 8, magic_boot only works in little endian
For example :
With max-align = 16 and endian = big, boot_magic starts with 0x10 0x00,
but it should be 0x00 0x10
Signed-off-by: Raphael Dupont <raphael7dup@gmail.com>
Trailer is temporary located in scratch when data of image goes up to last
sector of primary slot. At the end of the swap procedure, the temporary
trailer in scratch must be erased to prevent mcuboot from reading a stale
status from the scratch area. The erase tentative was not correct, this
is fixed.Issue is easily reproduced with an image size of one sector.
Signed-off-by: Stephane Le Roy <stephane.leroy@st.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Adds a packed attribute to the nmgr struct to avoid issues on
architectures that do not support unaligned memory access.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Try a merge commit if no parameters are passed, otherwise accept the
first parameter as the oldest SHA to check.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Removes the old deprecated Kconfig items for configuring GPIO ports
and pins for entering serial recovery/USB DFU mode. These were
deprecated almost a year ago and should not be used as device tree
has long replaced them.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches from using the zcbor files in-tree to using the ones that
are part of the zephyr manifest, this prevents using old and
potentially buggy versions of the zcbor library.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The TLV type field in trailer TLV struct is defined as unsigned 16-bit
(in LE byte order). Currently, due to Python's struct format specified
as 'BBH', the 'imgtool' accepts only single byte for this field.
This results in error when trying to use 16-bit TLV type with option
'--custom-tlv':
struct.error: ubyte format requires 0 <= number <= 255
This changes format to 'HH' which allows using 16-bit TLV types and
while at it, adds also simple range validation for custom TLV type.
As defined in image.h header, the vendor reserved TLVs value should
be from 0x00a0 to 0xfffe range.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Split RELEASE configs to match MINSIZEREL configs and
disable auto cancel upon one of the configs exiting with an error.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I32225ecd1316e0a7067513cfa417e00cdcf660c4
Modify the FIH CI job to fail in case successful boot happens
below a certain treshold. CI should fail if a successful boot
is achieved by bypassing one or two instructions as it would
defeat the purpose of the FIH mechanisms.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If1703d57e3ba87e5fd73d4ba954bfd38ed1c0cc6
Szymon Janc