The sysflash.h defines FLASH_AREA_ macros using FIXED_PARTITION
macros that are provided by flash_map.h, but it does not include
the required header.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This fixes the issue: #1624 by changing the license to Apache-2.
There isn't a need to have these files nordic licensed.
Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Modifies boot_read_swap_size and boot_read_enc_key to use
flash_area object pointer instead of image index.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This changes the default mcuboot configuration for zephyr
applications to clean up before booting the user application. The
reason for this change is that mcuboot may configure protection (e.g.
MPU stack guard) which is then used by the user application during
its startup code prior to cleaning the configuration up, this can
lead to a unbootable application and potentially irrecoverable
module, therefore cleaning up is now being enabled by default.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Verify mode already works for the public halves of RSA and ECDSA keypairs.
This patch corrects an apparent oversight, enabling that functionality
in Ed25519.
Signed-off-by: Ross Younger <crazyscot@gmail.com>
In rework:
- size has been removed from array, as it has been making array
at least of two elements, even if scratch partition not used;
- some variables have been localized and some removed;
- no longer returning rc codes from flash_area_ functions on
failure, just single point of failure-exit - it made no sense
anyway as we can not recover from flash failure;
- flash area pointer is now NULLified on failure, or when
status not found.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit moves static common functions that have duplicate
definitions in bootutil_public.c and bootutil_misc.c to header
file to be included by both files.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
So far the FIH CI job was fetching a WIP change from
TF-M Gerrit to align the MCUboot and TF-M from the FIH
library point of view. This change is replacing to fetch
the final version instead of the WIP change.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Fixes some confusing Kconfig values to have values that make
sense for the underlying SMP transport.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Provide prototype for a new hook boot_reset_request_hook
which is called when device is requested to reboot.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The relative links do not work on the docs website due to the files not
living in the docs/ directory. This updates to link directly to the
GitHub source so that users are not dropped onto a 404 page.
Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
When MCUBOOT_SINGLE_APPLICATION_SLOT is set then the app can
only be overwritten with new image and scratch algorithm
is not used. The configuration logic would default
MCUBOOT_SWAP_USING_SCRATCH to 1 because it was lacking
check for MCUBOOT_SINGLE_APPLICATION_SLOT.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add support for RT595 to MCUBoot. A larger number of max sectors is
required due to the large flash size present on the RT595 EVK.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
This deprecates the flash erase Kconfig for zephyr, if this action
is required then the board should be flashed using west with the
`--erase` argument supplied instead.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fix a swap corruption which occurs on the swap move algorithm when a
reset happens exactly at the point after the last move up, and its
status update. On restart the image headers should be read at the 2nd
sector of the primary slot, but due to lacking initialization it is
read on the first sector, and then fails. This error was masked on the
simulator because of the use of a global variable, which retained its
value on a "reset simulation".
Fixes#1588
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add jobs for testing build ESP32-XX within more features:
Serial Recovery, Multi Image and Multi Boot
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.
Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.
Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.
Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.
when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.
variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.
some others parts of the code have been hardenned (eg. loop on images)
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
This makes it possible to enable timeout (BOOT_SERIAL_WAIT_FOR_DFU) mode
for the serial recovery when using CDC ACM based serial device. This was
runtime tested on nRF52840-Dongle.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.
This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.
Fixes#1529
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add basic flash_sector struct and offset calculation routines. This
fixes the build using swap move, because this data is required to
calculate the maximum image size.
Fixes#1567
Signed-off-by: Fabio Utzig <utzig@apache.org>
packaging >= 22 dropped support for LegacyVersion, which was the usual
result of an invalid version number being parsed. Now it is PEP-440
strict and throws an exception on fails. This fixes the script to work
with both older and newer releases.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fixes a bug when writing to devices which have memory alignment
requirements with data being using directly from a zcbor-response
whereby the alignment of the buffer data does not meet the
requirements of the flash driver.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Nordic had changed its license identifier to new
more accurate id: LicenseRef-Nordic-5-Clause.
Old identifiers should be updated.
Signed-off-by: Dominik Kilian <Dominik.Kilian@nordicsemi.no>
There are 3 levels of buffers and only the first one seems to be
configurable, this fixes that issue.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue whereby rc is a signed variable but is returned as
an unsigned variable in the zcbor functions.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The return value of bootutil_find_key is used as the key_id in the
bootutil_img_validate function, and negative key_id value used in case
of errors. If MCUBOOT_HW_KEY is set, than the key hash is read by
boot_retrieve_public_key_hash function, but the exceptation is only to
return nonzero on failure, so its error code should not be propagated
up to the caller. Instead, bootutil_find_key should return -1 in case
of a platform error.
Change-Id: I8e2bd12a5cf53787e10ae45c2ab556e8a856692d
Signed-off-by: Mark Horvath <mark.horvath@arm.com>
The current specific setting of devicetree overlay files using `set()`
has a couple of built-in flaws.
It keeps readding the overlay file on each subsequent CMake invocation.
The build command (make/ninja), will automatically invoke CMake if there
are any changes to files used as configure time dependencies.
This can easily be seen by manually re-invoking CMake:
```
# First invocation
$ cmake -DBOARD=nrf52840dk_nrf52840 -DDTC_OVERLAY_FILE=custom.dts ..
Loading Zephyr default modules (Zephyr workspace).
-- Application: /projects/github/ncs/bootloader/mcuboot/boot/zephyr
...
-- Found devicetree overlay: custom.dts
-- Found devicetree overlay: bootloader/mcuboot/boot/zephyr/dts.overlay
# Second invocation
$ cmake -DBOARD=nrf52840dk_nrf52840 -DDTC_OVERLAY_FILE=custom.dts ..
Loading Zephyr default modules (Zephyr workspace).
-- Application: /projects/github/ncs/bootloader/mcuboot/boot/zephyr
...
-- Found devicetree overlay: custom.dts
-- Found devicetree overlay: mcuboot/boot/zephyr/dts.overlay
-- Found devicetree overlay: mcuboot/boot/zephyr/dts.overlay
```
Zephyr has built-in support for application specific overlay config
which gets automatically applied when the overlay file is named:
`app.overlay`.
Therefore rename `dts.overlay` to `app.overlay`.
Ref: https://docs.zephyrproject.org/3.2.0/build/dts/howtos.html \
#set-devicetree-overlays
This change further allows users of mcuboot to place their mcuboot
configuration out-of-tree of the sample by using the
`APPLICATION_CONFIG_DIR` setting.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>