Commit Graph

788 Commits

Author SHA1 Message Date
Christopher Collins ae01f153b1 Set pending: don't crash when image slot corrupt
This change affects the "set pending" operation.  That is, the operation
that configures mcuboot to temporarily swap images on the next boot.

PRIOR TO COMMIT:

If the slot 1 trailer contained an invalid 128-bit magic number, an
assertion would fail, causing a crash.

AFTER COMMIT:

If corruption is detected in the slot 1 trailer, the entire image slot
is erased, and the "set pending" operation fails with a `BOOT_EBADIMAGE`
status.

RATIONALE:

mcuboot cannot meaningfully recover from data corruption.  The only
recourse is to erase the bad data so that future upgrades can be
performed.  I was tempted to add a build-time setting to control whether
the image slot gets erased when corruption is detected, but I dont think this
freedom justifies the cost of extra config.  A device with a corrupt
image slot can no longer be upgraded, so the only reason someone would
want to preserve the corrupt data would be for debugging.

Signed-off-by: Christopher Collins <ccollins@apache.org>
2019-01-31 18:13:52 -02:00
Andrzej Puzdrowski e82e3163de zephyr:board: squash nrf51_pca10028 flash footprint
Disable logging and enable size optimizations on
nrf51_pca10028 target in order to fit in boot slot size
for out-off-the-box build.

fixes #411

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-01-30 14:45:38 +01:00
David Brown ef4861d1ae Bump version to 1.3.0-rc2
Second pre-release for v1.3.0.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-29 15:21:41 -07:00
Rajavardhan Gundi 73bb71b0c6 CONFIG_FLASH_BASE_ADDRESS is defined only for memory-mapped Flash
Made FLASH_DEVICE_BASE 0 for non-memory-mapped Flash.

Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
2019-01-28 12:26:08 +01:00
Christopher Collins b17af7f85f repository.yml: Remove invalid stability "rc1"
Newt only allows the following stability strings in a repo version:

    VERSION_STABILITY_NONE   = ""
    VERSION_STABILITY_STABLE = "stable"
    VERSION_STABILITY_DEV    = "dev"
    VERSION_STABILITY_LATEST = "latest"
    VERSION_STABILITY_COMMIT = "commit"

An attempt to update a project that uses mcuboot would choke due to the
invalid stability string "rc1":

    Error: Unknown stability (rc1) in version 1.3.0-rc1

Signed-off-by: Christopher Collins <ccollins@apache.org>
2019-01-24 12:17:58 -08:00
David Brown 5e9078f1e0 Bump version to 1.3.0-rc1
First pre-release for v1.3.0.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-24 10:03:37 -07:00
David Brown b1d15a7195 docs: Release notes for 1.3.0-rc1
Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-24 10:03:37 -07:00
Fabio Utzig ed0ca4356a Fix trailer erase for some devices
Previously it was assumed that the trailer would fit one sector. While
this works for most devices, some which happen to have lots of sectors
end up using lots of space for their swap status area. The same issue
could also happen if sectors are small (less than 2K/4K, for example).

This fixes the issue by checking the trailer size and erasing all
sectors that encompass it.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-23 14:04:47 -07:00
Sebastian Bøe be972176f1 cmake: zephyr: Misc. modernizations of the build scripts
Modernize and simplify the build scripts of the Zephyr
bootloader. Most notably, the new build scripts are targeting the
'zephyr_library_' API instead of the 'target_' API.

In addition to simplifying the build scripts, this permits us to be
automatically compatible with an upcoming change that will break the
'target_' API but not the 'zephyr_library_' API.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2019-01-22 16:09:02 -07:00
Sebastian Bøe 913a385137 boot: zephyr: Detect invalid Kconfig'uration earlier
Instead of detecting an invalid Kconfiguration during CMake
Configure-time we detect it where it belongs, in Kconfig.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2019-01-22 16:09:02 -07:00
Sebastian Bøe b94bda03aa zephyr: boot: Correct how the default board is set
The default board should be set simply by 'set'ing the BOARD. This has
the lowest precedence of all possible inputs.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2019-01-22 16:09:02 -07:00
Sebastian Bøe 90c70e31ad cmake: KCONFIG_ROOT does not need to be set explicitly
The presence of a Kconfig file will be checked by the build system so
it is not necessary to explicitly set KCONFIG_ROOOT.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2019-01-22 16:09:02 -07:00
David Brown 038e299e79 samples/zephyr: Build ECDSA tests with ECDSA key
Set the public key for ECDSA tests to use the ECDSA.  This avoids a link
error with:

    ../app/libapp.a(keys.c.obj):(.rodata.bootutil_keys+0x0): undefined reference to `ecdsa_pub_key'
    ../app/libapp.a(keys.c.obj):(.rodata.bootutil_keys+0x4): undefined reference to `ecdsa_pub_key_len'

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-22 16:08:46 -07:00
David Brown 2bc2685b2a ptest: Start of utility to run tests in parallel
The travis config allows multiple tests to run in parallel.  Run a small
program that does the same thing.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-18 14:01:04 -07:00
Fabio Utzig 432c32c928 Fix ECDSA signature builds in Zephyr
Commit 3ac36ead3 updated the bundled asn1parser, which now consists of
two files. The Zephyr build system was not updated with that commit which
has broken ECDSA signature builds. This adds the new file.

This fixes #397.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 12:33:19 -07:00
Emanuele Di Santo 30a9265bc8 boot: zephyr: select GPIO when MCUBOOT_SERIAL is enabled
Select GPIO when MCUBOOT_SERIAL is enabled.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-18 12:31:24 -07:00
Fabio Utzig 05ab014e36 Update sim ecdsa testing to use ring signing
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.

The ring library was updated to 0.14.1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Fabio Utzig 006994b754 Fix a buffer overflow on EC point load
While loading a new EC point, when it was smaller than the expected
number of bytes, a zero padding was being written beyond the end of the
buffer instead of at the initial position.

While this has been working before, it broke when images were signed using
the ring API.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Fabio Utzig 90abedc752 Add ECDSA-P256 key in PKCS#8 format
The ring crypto library used by the simulator only accepts PEM keys in
PKCS#8 format; this provides a conversion of the original bundled key.

```
$ openssl pkcs8 -topk8 -nocrypt -in ../root-ec-p256.pem -out ../root-ec-p256-pkcs8.pem
```

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-18 09:44:48 -07:00
Ruth Fuchss db1a5f3b6a doc: fix typo in file name
Broken link in design.md since the file name is misspelled.

Signed-off-by: Ruth Fuchss <ruth.fuchss@nordicsemi.no>
2019-01-14 15:00:35 -02:00
Emanuele Di Santo c7514ad7a0 boot: zephyr: pca10059: disable logging by default
The board cannot output logs on the UART because it is used
by MCUBoot's serial recovery for DFU. Remove logging and
the RTT console from project defaults.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-14 10:10:54 +01:00
Christopher Collins fea163c6a4 Fix Mynewt builds; add log stub dependency
A recent change in the Mynewt repo
(b10cbea5ef882e7f91d1c34ffcf2506d3e183003) imposes the LOG API
requirement on the `sys/mfg` package.  To fix broken builds, make the
Mynewt app and test package depend on `sys/log/stub`.

Signed-off-by: Christopher Collins <ccollins@apache.org>
2019-01-12 14:38:41 -07:00
Fabio Utzig 79df58e695 Allow bootstrap feature on CI
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-12 14:38:18 -07:00
David Brown 61a540dd4e sim: Remove cfg on `verify_image`
Remove the final conditional compilation in the simulator.  The
simulator is now always built the same way, and bases the tests it runs
on the capability queries made to the MCUboot code.  This simplifies the
simulator code a bit, and, importantly, removes the ability to have
mismatches between the configuration as compiled into the MCUboot code
and how the simulator is compiled.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown f38bc342f9 sim: Make `find_image` dynamic instead of cfg
Change the `find_image` to use a dynamic query instead of compile time
configuration.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown b8882113e4 sim: change `make_tlv` to dynamic instead of cfg
Use a runtime query of configuration instead of conditional compilation.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown 85904a8057 sim: Remove more cfg around validate-slot-0
Turn some more conditional compilation into runtime decisions based on
how the code being tested is compiled.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown 8d0afa737c boot: bootutil add cap for slot 0 validation
Add a capability to query if MCUboot has been built to verify slot 0.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown 9930a3ec16 sim: Use enc capability
Now that we can dynamically query whether mcuboot is built with
encryption support, remove conditional compilation in favor of a dynamic
query.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown c4a60a3686 boot: bootutil: Add caps for encryption
Add a capability query for the two encryption options.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown 3910ab1f24 sim: eliminate (some) overwrite cfg
Remove some compile-time configuration of the overwrite-only flag.
These will be decided by doing a dynamic query of how the mcuboot code
has been compiled.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
David Brown 5c9e0f1d05 sim: Move 'Image' code to a separate module
Start refactoring the image code by moving it to a separate module.
This requires some structs and fields be made public.  Otherwise, the
code is unchanged.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-12 14:35:54 -07:00
Fabio Utzig 25d7b0fa9f Update simulator dependencies
Since logging was broken due to incompatibility between log and
env_logger versions, those crates were updated to known to be compatible
versions. Update initialization of env_logger that does not return a
Result<> anymore.

Other crates were updated to remove duplicated versions as much as
possible.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-11 10:24:09 -07:00
Emanuele Di Santo 401d7b33d3 zephyr: boot_serial: fix CRC header warning
The crc16.h header has been deprecated in Zephyr.
Update include directive to use the new header.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-11 13:39:22 +01:00
Emanuele Di Santo 9f1933d1a5 boot: zephyr: migrate to new log subystem
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.

In-place log processing is selected as it is required as MCUBoot is
one thread application.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Emanuele Di Santo 2733f515cd boot: bootutil: remove unused BOOT_LOG_LEVEL macros
Remove unnused BOOT_LOG_LEVEL macros.
These are not honored, nor usable since they are supposed to be
defined before including the header in which they are defined.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Emanuele Di Santo 20ba65e151 samples: mcuboot_config: introduce MCUBOOT_LOG_MODULE macros
Introduce MCUBOOT_LOG_MODULE_REGISTER and MCUBOOT_LOG_MODULE_DECLARE.

- MCUBOOT_LOG_MODULE_REGISTER
    Register a new log module and add the current C file to it.

- MCUBOOT_LOG_MODULE_DECLARE
    Add the current C file to an existing log module.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Emanuele Di Santo ccc98aa42d samples: mcuboot_config: simplify log configuration template
- Removed MCUBOOT_LOG_LEVEL macros.
The global log level shall be set using a port's configuration
management system of choice instead e.g Kconfig.

- Removed BOOT_LOG_LEVEL macro, which was not honored by
either Zephyr or mynewt ports.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Emanuele Di Santo 0752d8aee4 boot: bootutil: include mcuboot_logging.h unconditionally
The mcuboot_logging.h header includes the header for the log subystem,
which needs to be included regardless of whether logging is enabled
for logging macros to compile correctly.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Fabio Utzig 7c00acd737 imgtool save to format of given output filename
Updates imgtool to infer, based on output image filename, which format
should be use for output file. Filenames that end with extension `.hex`
are saved in Intel HEX, otherwise saves a binary image.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-09 06:28:55 -02:00
Fabio Utzig e89841d5ea Add imgtool publishing support
This adds initial support for publishing imgtool to pypi.org.

The main imgtool.py was moved to imgtool package and made into the main
file, and a new imgtool.py that calls into the package, was added allowing
for the old usage behavior to remain functional.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-08 07:29:24 -02:00
Emanuele Di Santo a0ed10b5ae zephyr: kconfig: set TEXT_SECTION_OFFSET to zero
Ensure that the offset in .text is zero.
This is necessary to ensure that MCUBoot is linked at
the beginning of the boot partition, as intended.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
2019-01-07 16:29:20 +01:00
Fabio Utzig a32f1af386 Fix overwrite-only under Zephyr
As reported by issue #384, some #ifdefery was wrongly done, which broke
overwrite-only mode under Zephyr.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-01-07 10:59:20 -02:00
Christopher Collins 4b2591285a boot/bootutil: Add missing #include
Mynewt builds require the `mcuboot_config.h` file to translate syscfg
setting names to MCUboot setting names.  This change fixes a build error
that occurs when MCUboot is built with mbedTLS support:

Error: In file included from keys/bootkeys/src/bootkeys.c:2:0:
repos/mcuboot/boot/bootutil/include/bootutil/enc_key.h:29:10: fatal error: tinycrypt/aes.h: No such file or directory
 #include "tinycrypt/aes.h"
          ^~~~~~~~~~~~~~~~~

Signed-off-by: Christopher Collins <ccollins@apache.org>
2019-01-04 14:57:41 -08:00
David Brown 10b5de1392 sim: Idiomize for Rust 2018
Apply the changes suggested by

    cargo fix --edition-idioms

as well as a bit of cleanup of the results.  The result should be more
idiomatic Rust 2018 and a good starting point moving forward.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown 29b0b5ecb1 sim: fixes for 2018
Automatic migration to Rust 2018.  This is the result of running

    cargo fix --edition

The resulting code is compatible with both Rust 2015 and 2018.  Change
the edition field in the Cargo.toml file as well to begin a more
complete migration.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown 2821564b5d sim: mcuboot-sys: More idiomatic Rust 2018
Apply the changes suggested by

    cargo fix --edition-idioms

and cleanup the results a bit.  Eliminate `macro_use` extern crates.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown 65de6d177d sim: mcuboot-sys: 2018 edition fix
Automatic migration to Rust 2018:

    cargo fix --edition

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown ea25c41af3 sim: simflash: Rust 2018 idiom updates
Apply the changes suggested by

    cargo fix --edition-idioms

as well as a bit of cleanup of the results.  The result should be more
idiomatic Rust 2018 and a good starting point moving forward.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00
David Brown afabfcfe70 sim: simflash: Minimal 2018
Automatic migration to Rust 2018.  This is the result of running

    cargo fix --edition

The resulting code is compatible with both Rust 2015 and 2018.  Change
the edition field in the Cargo.toml file as well to begin a more
complete migration.

Signed-off-by: David Brown <david.brown@linaro.org>
2019-01-03 21:39:50 +00:00