Move the definition of boot_enc_retrieve_private_key() to a common file
to avoid code duplication and also endure seamless transition to this new
key handling approach for targets which don't use hardware keys.
Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20
Signed-off-by: David Vincze <david.vincze@arm.com>
When 'direct-xip' or 'ram-load' features were enabled,
CONFIG_BOOT_SWAP_USING_SCRATCH and MCUBOOT_SWAP_USING_SCRATCH were
defined even though swap using scratch wasn't used. This commit fixes
the issue.
Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
This reverts commit 0fa46270c0.
This breaks:
samples/synchronization/sample.kernel.synchronization on
b_u585i_iot02a/stm32u585xx/ns error
as this TF-M configuration uses its own keys. This change is an API
change that needs to be coordinated with TF-M changes.
Before this revert, compiling this test results in:
.../encrypted.c:447: undefined reference to
`boot_enc_retrieve_private_key`
Signed-off-by: David Brown <david.brown@linaro.org>
Increase the size of the jmpbuf to accomodate other architectures.
Unfortunately, the size of this is not available in the libc crate.
Increase this so encompass any platforms we wish to support, including
aarch64 on both Linux and MacOS.
Increasing an array beyond 32 means there is no default offered, so
implement this manually.
Signed-off-by: David Brown <david.brown@linaro.org>
Many of these extern functions are missing the "C". It doesn't seem to matter on
any of our targets, but this does make the code more correct, and might be a
problem in the future.
Signed-off-by: David Brown <david.brown@linaro.org>
This struct was having addresses taken of fields within it, and then being
returned. It is platform-specific whether this causes a move. It seems to be
working on x86_64, but causes a segfault on aarch64. Box the struct so that it
isn't moved after being initialized.
Signed-off-by: David Brown <david.brown@linaro.org>
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.
MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
This patch enables psa-crypto-api feature
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
If the psa-crypto-api feature is defined, the simulator will
initialize the PSA Crypto API exactly once. It needs also to
enable the test external RNG as the assumption is that the
PSA subsystem is configured to use MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Change-Id: Id02727b8673867ecf1e4fbbdfa3c4b6d6f98f8df
This commit adds simulator support to test the
hw-rollback-protection feature which is using
nv-counters. In the simulator they are stored in Rust
to prevent any race conditions from happening due to
the parallel execution of the tests.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I445fc50615ed1f0c06e5933b16811c24d9d302fc
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The sim platform was sharing a few header
files with the zephyr-rtos port. This patch provides
sim own headers.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change the edition in the various Cargo.toml to 2021. There are no
changes to the code needed for this. This will require Rust 1.56 in
order to build.
Signed-off-by: David Brown <david.brown@linaro.org>
This feature check was done statically instead of dynamically in the
build.rs file. Change this to match the rest. Perhaps we might want to
change all of them to be done at compile time, but that should be done
with all of the features.
Signed-off-by: David Brown <david.brown@linaro.org>
Having profile configuration in sub crates generates a warning every
time Cargo is run. Remove these lines, as the top-level Cargo.toml file
defines these values.
Signed-off-by: David Brown <david.brown@linaro.org>
When building mcuboot-sys, the build script currently adds some
duplicate files. When used as a library, this works, because the code
is linked in as a library. However, when mcuboot-sys is tested itself,
all specified files will be brought in, which results in duplicate
symbols for these files.
Fix this by keeping track of all of the files that we've added, and
making sure to add each file once. Additionally, instead of using the
orphaned files in mbedtls-asn1, just always use the verions in the main
mbedtls library. There are some configurations of the code that end up
using both the extracted files and the full mbed TLS. Avoid that
conflict by just always using the full tree.
Signed-off-by: David Brown <david.brown@linaro.org>
When collected together as a workspace, the test framework ends up
running all of the configurations on each project. One configuration
option `large-write` doesn't really mean anything to mcuboot-sys, but
adding support for the feature allows this package to be tested along
with all of the other packages.
Signed-off-by: David Brown <david.brown@linaro.org>
Combine all of the pieces to be able to test ram loading with multiple
images. We construct a model `RamData` that indicates where each image
should be loaded into RAM. This has to be made early enough to compute
signatures on the images, and then used later to verify that the images
were loaded properly.
Signed-off-by: David Brown <david.brown@linaro.org>
Test the basic configuration for ram loading. Instead of a fixed
address for RAM, the values come dynamically from a thread-local
variable (allowing the tests to run in parallel). The size of the ram
along with the address of the buffer in the test address space are
passed in this way.
This tests the single-image configurations of ram loading. Testing
multi-image will take additional work, as the RAM will need to be large
enough for both images, and the second image will need a meaningful
offset address in RAM.
Signed-off-by: David Brown <david.brown@linaro.org>
Add simulator support for building the direct-xip configuration.
Although this builds, there are no tests that test any of the
functionality, so all current tests trivially pass.
Signed-off-by: David Brown <david.brown@linaro.org>
Allow the sim to test configurations with MCUBOOT_RAM_LOAD defined.
This does not define any tests for this mode.
This adds definitions for simulated RAM offsets to the simulator. This
will define the offset (from `IMAGE_RAM_BASE`) to where the simulated
RAM will be located. For now, just give these somewhat reasonable
values so that we are able to at least compile the RAM_LOADING code in
the simulator.
Signed-off-by: David Brown <david.brown@linaro.org>
The function `flash_area_id_from_image_slot` is used in the RAM_LOAD and
DIRECT_XIP configurations. Define a version for use in the simulator.
Signed-off-by: David Brown <david.brown@linaro.org>
When the bootloader completes, it fills a response structure with
various information. Move this into the BootGoResult and provide an
accessor for it.
Signed-off-by: David Brown <david.brown@linaro.org>
Now that this result is abstracted, take the special case for a sim stop
and make it its own field. This hides the magic number we use to
indicate this to be entirely within mcuboot-sys.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of a tuple of values that is matched, return an abstract type
that has methods for querying the information we need. Abstracting this
will allow us to return additional information without having to change
all of the code that matches against these patterns.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of having this struct at a fairly low level in the simulator,
with the filled-in values effectively discarded after each call, pass
the value from higher up in the simulator. This prepares us for being
able to use the resulting data in upcoming tests.
Signed-off-by: David Brown <david.brown@linaro.org>
commit c304a7f84a
(refs/bisect/good-c304a7f84a7e7e345457e23b179fa302b8732fb9)
Author: Dominik Ermel <dominik.ermel@nordicsemi.no>
Date: Mon Jun 14 16:08:42 2021 +0000
sim: Add flash_area_get_device_id implementation
Adds an implementation for this function in the simulator that just
returns 0. Fix this to return the proper ID so that when tests start
checking for this, it will return the right value.
Signed-off-by: David Brown <david.brown@linaro.org>
Emits either MCUBOOT_SWAP_USING_SCRATCH and
CONFIG_BOOT_SWAP_USING_SCRATCH when swap using scratch
algorithm is expected.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add new feature that allows testing EC256 encrypted images using the
Mbed TLS backend.
Move config-ecdsa.h to config-ec.h because definitions are very similar
between ECDSA and ECDH with Mbed TLS so resort to a single config file.
Add new feature and fix the build; add proper Mbed TLS memory
initialization when enc-ec256-mbedtls is used.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Apply clippy suggestions to directly result in values instead of
returning those values at the end of a function. Better matches common
Rust style.
Signed-off-by: David Brown <david.brown@linaro.org>
Cleanup some of the unsafe usage in mcuboot-sys. In one case, add a
safety comment to the function documentation. In the other, move the
unsafe to a narrower scope, reducing the number of instances of unsafe
needed. From clippy suggestions.
Signed-off-by: David Brown <david.brown@linaro.org>
Clippy suggests implementing Default when the `new` function for that
type just initializes the type to default values.
Signed-off-by: David Brown <david.brown@linaro.org>