This implements AES key unwrapping following RFC-3394 section 2.2.2
using tinycrypt for AES-128 decryption. It is enabled when ECDSA was
chosen as the signature algorithm.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds a new option that allows copying slot0, from the contents
of slot1, if slot0 is found out to be erased and not validated, and
the contents of slot1 are validated.
This mechanism basically enables a device to "bootstrap" from the
contents of an external flash that has a valid image, given that the
only flashed thing in the internal flash is the bootloader.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove MPU_ALLOW_FLASH_WRITE from prj.conf and put it in
boot/zephyr/Kconfig enabling it only for every ARM_MPU
equipped device.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Make RX buffer size configurable for UART. Allow incoming
interrupts while copying data out of that buffer.
Signed-off-by: Marko Kiiskila <marko@apache.org>
This adds bootutil support for slots on different flash devices
the happen to have different sector sizes.
It consists basically in relaxing the `boot_slots_compatible` to
allow swaps as long as the sectors that are required to fit both
images are able to fit inside scratch and both slot's sectors have
sizes that are multiple of each other.
This is now tested on the simulator and was tested in a Nordic's
pca10056 using slot0 in internal flash, and slot1 in the external
QSPI flash, configured with 4K, 8K and 16K sized sectors (the HW
is 4KB but Mynewt allows emulating multiples of that!)
Signed-off-by: Fabio Utzig <utzig@apache.org>
For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not
enough to allow for the calculations done by RSA-2048-OAEP (encrypted
images), so when encrypted image support is enabled, increase it to a
value that is known to work.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Encrypted images were known to be failing when the header size was larger
than 256 bytes because of incorrect handling of blocks sent to decryption
and hashing routines. An assert was previously added to check the header
and read block sizes matched to avoid incurring into the know error, but
it was incorrectly enabled also for non-encrypted images.
Now the handling of the header, which is not encrypted, is correctly
separated from the handling of the remaining image, when encryption is
used, to avoid ever sending header data into the decryption routines.
Signed-off-by: Fabio Utzig <utzig@apache.org>
zephyrproject-rtos/zephyr#11180: Zephyr target was corrupted as
recently zephyr's device tree started adding DT_ prefix in
generated labels.
This path aligns flash name macro used.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add a hidden MCUBOOT config entry to mark a project as MCUBOOT.
It is useful when other parts of the system need to be aware
that they are, in fact, the bootloader.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
This commit adds a project configuration for the upcoming
nrf52840_pca10059 board.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This commit adds a choice for the device to use for serial recovery.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fixup
This adds a mbedtls config that will enable the simulator to run tests
for the kw based encrypted images.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This allows storing encrypted images in slot1, that are automatically
decrypted when copying to slot0 and re-encrypted when copying from slot0
to slot1.
The encryption works by applying AES-CTR-128 on the image blocks
(excluding the header and TLVs) using a random key. This random key
is itself encrypted using either RSA-OAEP-2048 or AES-KW-128 (AES keywrap
as defined by RFC3394), and appended to the image as newly defined TLVs.
AES-CTR-128 was chosen primarily for having stream cipher proporties,
which basically means that any block being encrypted/decrypted does not
depend on any other previous blocks results.
The TLV adds about 256 bytes to the image in RSA-OAEP-2048 mode, and 24
bytes in AES-KW-128 mode. Resulting sizes for a Mynewt generated mcuboot
(frdm-k64f):
- swap mode and no signing: 12KB
- adding encryption with RSA-OAEP-2048: 28KB
- adding encryption with AES-KW-128: 20KB
Some extra comments:
- AES-KW-128 requires a fairly new mbedtls with nist_kw support.
- An alternative methods which could be added later are ECIES.
- Key-wrapping seems easy enough to implement using just standard
AES-ECB mode that it should be straight-forward to also add support to
tinycrypt.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Implementation of flash_area_read_is_empty introduced recently
uses deprecated hal_flash_read API which caused build failure.
This patch uses zephyr's native flash_area_read() API which
solves the bug.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Mynewt has recently added an encrypted flash layer driver, that runs
transparently on any flash, handling reads and writes, and bypassing
other flash operations to the HW driver. As a result of this change,
checking for erased data cannot be done by read + compare to erased_val
but need to be routed to an empty check on the lower level. To do this
Mynewt added a new flash_map function called "flash_area_read_is_empty"
which checks for erased blocks (and reads/decrypts the data as well).
This commit uses `flash_area_read_is_empty` to determine if magic,
flags and swap status are erased. For Zephyr/sim commits were added
previously that mimic this functionality by simply doing the
read/compare.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This compliments the previous change on `image_ok` and also removes
`flash_area_erased_val` call that is not needed anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
It was impossible to set confirm flag due to incorrect comparison.
In this point of time state->image_ok is already decoded and contains
one of following values:
If BOOT_FLAG_UNSET then we are ok to set a confirm flag.
Signed-off-by: Łukasz Rymanowski <lukasz.rymanowski@codecoup.pl>
This will fix#335 by defining the array size of the magic word and
give it to the relevant functions.
Signed-off-by: Hovland, Sigvart <sigvart.hovland@nordicsemi.no>
For Zephyr assume flash is always erased to 0xff. This allows backward
compatibility of the new flash erased to 0 support.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This extends mcuboot to allow use on devices which don't follow the
typical erased at 0xff. This was tested on some previously supported
devices (erased at 0xff) and STM32L1/L0 which are erased at 0.
Signed-off-by: Fabio Utzig <utzig@apache.org>
MCUboot doesn't need mbedTLS's entropy code (you don't need random
numbers to check a digital signature), but it enables it. This causes
really scary warnings when building entropy.c, since the test entropy
source is enabled:
[113/197] Building C object zephyr/ext/lib/crypto/mbedtls/CMakeFiles/ext__lib__crypto__mbedtls.dir/library/entropy.c.obj
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:31:2: warning: #warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " [-Wcpp]
#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:32:2: warning: #warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " [-Wcpp]
#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES "
^~~~~~~
/home/mbolivar/src/zephyr/ext/lib/crypto/mbedtls/library/entropy.c:33:2: warning: #warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " [-Wcpp]
#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE "
^~~~~~~
Delete the bits of the mbedTLS configuration that compile this
file (along with some testing code we don't care about either) to
clean up the warning. This looks like copy/paste code from the initial
mbedTLS config import into MCUboot.
Signed-off-by: Marti Bolivar <marti@foundries.io>
Various Zephyr boards (I'm looking at you, every-single-nRF-board)
set CONFIG_BT_CTLR=y as well as CONFIG_BT. Make sure it's disabled for
MCUboot's default prj.conf, where it's not needed and has been causing
very verbose Kconfiglib warnings:
warning: BT_CTLR (defined at subsys/bluetooth/controller/Kconfig:10) was assigned the value 'y' but
got the value 'n'. You can check symbol information (including dependencies) in the 'menuconfig'
interface (see the Application Development Primer section of the manual), or in the Kconfig
reference at http://docs.zephyrproject.org/reference/kconfig/CONFIG_BT_CTLR.html (which is updated
regularly from the master branch). See the 'Setting configuration values' section of the Board
Porting Guide as well.
Signed-off-by: Marti Bolivar <marti@foundries.io>
It is possible that while flash was erased progressively
the flash image status page was not erased.
This patch check this case and performs additional eras
if it was required.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This commit adds the option to erase flash pages while receiving
the firmware, opposed to bulk-erasing the whole image area at
the beginning of the DFU process. This is required on some
hardware that has long erase times, to prevent a long wait
and possibly a timeout during DFU.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The UART device ISR in serial_adapter expected the device
to fire an interrupt for each byte that was received.
Although this might have worked for some devices it wouldn't
work for USB. This commit fixed the issue by modifying the ISR
according to the uart.h documentation.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
On Mynewt some flash drivers on very slow devices tickle the watchdog to
avoid possible hangs; those were also trying to tickle the watchdog in
mcuboot when performing an upgrade or serial boot, without initializing
the watchdog, causing an invalid memory write and reset issue.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove the simple pointers and use the "&" operator throughout to
simplify the understanding of the code.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
In order to avoid overwriting an existing allocated buffer that has not
yet been processed by the main loop, switch to a new command buffer
whenever we have received a complete one.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
While building with Zephyr 1.12 for the nucleo_f091rc I got undefined
reference to __set_MSP() during linking. Including soc.h fixes the
problem. Thanks carlesc.
Signed-off-by: Evan Gates <evan@gnarbox.com>
This fixes an issue where the bootloader is activating a timer that is
later not used by the installed target image causing a non handled interrupt
fault.
Signed-off-by: Fabio Utzig <utzig@apache.org>
It was possible that free_queue locks on the self referencing
node.
This patch introduce check for this issue
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
For zephyr it was possible to make buffer overflow while decoding
incoming base64 sting. This patch correct the available
buffer size transferred to base64 decoding function, which mitigate the
issue.
Clean up boot_serial_start function from unwanted
execution constant pointers.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Fabio Utzig