Added description on serial recovery mode features and
its configuration.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
Added description on what is the serial recovery protocol
in general.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
fix
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The mcumgr packet sent over serial should be fragmented into frames of
up to 127 bytes, including 2-bytes frame start header and 1-byte for
terminating newline [1], resulting in up to 124 bytes for the base64
encoded payload.
Current implementation doesn't fulfill above requirement and transmits
single frames, without considering their length. This change introduces
support for fragmenting as defined in 'SMP over console' specification.
[1] github.com/apache/mynewt-mcumgr/blob/master/transport/smp-console.md
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Add mention of the release note requirements to the SubmittingPatches
file so that developers are more likely to see and comply.
Signed-off-by: David Brown <david.brown@linaro.org>
Add some guidelines for release notes that developers can use to create
release note snippets as features and fixes are implemented. This will
greatly reduce the work needed at release time.
Signed-off-by: David Brown <david.brown@linaro.org>
The commit modifies selection of boot serial UART by first checking
the Zephyr chosen zephyr,uart-mcumgr and then reverting to the
zephyr,console, as a secondary candidate.
In case when both nodes are present and point to the same device,
error will be reported.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
USB DFU depends on MULTITHREADING and STREAM_FLASH, and these
should be explicitly selected.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
__packed may not be available in all environments. In such
case just fallback to __attribute__((__packed__)).
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Currently if max-align > 8, magic_boot only works in little endian
For example :
With max-align = 16 and endian = big, boot_magic starts with 0x10 0x00,
but it should be 0x00 0x10
Signed-off-by: Raphael Dupont <raphael7dup@gmail.com>
Trailer is temporary located in scratch when data of image goes up to last
sector of primary slot. At the end of the swap procedure, the temporary
trailer in scratch must be erased to prevent mcuboot from reading a stale
status from the scratch area. The erase tentative was not correct, this
is fixed.Issue is easily reproduced with an image size of one sector.
Signed-off-by: Stephane Le Roy <stephane.leroy@st.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Adds a packed attribute to the nmgr struct to avoid issues on
architectures that do not support unaligned memory access.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Try a merge commit if no parameters are passed, otherwise accept the
first parameter as the oldest SHA to check.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Removes the old deprecated Kconfig items for configuring GPIO ports
and pins for entering serial recovery/USB DFU mode. These were
deprecated almost a year ago and should not be used as device tree
has long replaced them.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches from using the zcbor files in-tree to using the ones that
are part of the zephyr manifest, this prevents using old and
potentially buggy versions of the zcbor library.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The TLV type field in trailer TLV struct is defined as unsigned 16-bit
(in LE byte order). Currently, due to Python's struct format specified
as 'BBH', the 'imgtool' accepts only single byte for this field.
This results in error when trying to use 16-bit TLV type with option
'--custom-tlv':
struct.error: ubyte format requires 0 <= number <= 255
This changes format to 'HH' which allows using 16-bit TLV types and
while at it, adds also simple range validation for custom TLV type.
As defined in image.h header, the vendor reserved TLVs value should
be from 0x00a0 to 0xfffe range.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Split RELEASE configs to match MINSIZEREL configs and
disable auto cancel upon one of the configs exiting with an error.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I32225ecd1316e0a7067513cfa417e00cdcf660c4
Modify the FIH CI job to fail in case successful boot happens
below a certain treshold. CI should fail if a successful boot
is achieved by bypassing one or two instructions as it would
defeat the purpose of the FIH mechanisms.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If1703d57e3ba87e5fd73d4ba954bfd38ed1c0cc6
The sysflash.h defines FLASH_AREA_ macros using FIXED_PARTITION
macros that are provided by flash_map.h, but it does not include
the required header.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This fixes the issue: #1624 by changing the license to Apache-2.
There isn't a need to have these files nordic licensed.
Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
Modifies boot_read_swap_size and boot_read_enc_key to use
flash_area object pointer instead of image index.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This changes the default mcuboot configuration for zephyr
applications to clean up before booting the user application. The
reason for this change is that mcuboot may configure protection (e.g.
MPU stack guard) which is then used by the user application during
its startup code prior to cleaning the configuration up, this can
lead to a unbootable application and potentially irrecoverable
module, therefore cleaning up is now being enabled by default.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Verify mode already works for the public halves of RSA and ECDSA keypairs.
This patch corrects an apparent oversight, enabling that functionality
in Ed25519.
Signed-off-by: Ross Younger <crazyscot@gmail.com>
In rework:
- size has been removed from array, as it has been making array
at least of two elements, even if scratch partition not used;
- some variables have been localized and some removed;
- no longer returning rc codes from flash_area_ functions on
failure, just single point of failure-exit - it made no sense
anyway as we can not recover from flash failure;
- flash area pointer is now NULLified on failure, or when
status not found.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit moves static common functions that have duplicate
definitions in bootutil_public.c and bootutil_misc.c to header
file to be included by both files.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
So far the FIH CI job was fetching a WIP change from
TF-M Gerrit to align the MCUboot and TF-M from the FIH
library point of view. This change is replacing to fetch
the final version instead of the WIP change.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Fixes some confusing Kconfig values to have values that make
sense for the underlying SMP transport.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Provide prototype for a new hook boot_reset_request_hook
which is called when device is requested to reboot.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
David Brown