Add ECDSA verification tests to the CI using the PSA Crypto API
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I904c8929f355ec791ff28ac7c3e0ca3832b2403d
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm. However, MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I364eefe334e4fe6668b8a3b97991b5dbb0c80104
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm, but MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I59230f76f88e0b42ad6383b2c9b71b73f33d7dd7
Fixes an include which is needed for multiple options by just
always including it, and fixing the path so it can be included.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Make MINIMAL_LIBC as default for MCUboot app build instead
of picolibc. Footprint is lower and no need to
MULTLTHREADING enabled for SoC build.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
This adds support for indication LED option (MCUBOOT_INDICATION_LED) in
the timeout based recovery. Configured LED will be enabled when entering
the recovery and disabled after selected timeout (if no mcumgr command
was received).
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
webrick needs to be installed for ruby versions >3, which should ease
local testing for someone running newer versions. This is compatible
with running on ruby 2.7.4, the version used on github pages.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This plugin enables jekyll to display emojis; the version added matches
current on github-pages (https://pages.github.com/versions/)
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fix documentation issues for the rendering of the Espressif README
page. No content is changed with this commit, but formatting and
line breaks are set to approximately 100 columns.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fixes building the bootloader with serial recovery mode and boot
serial extensions enabled due to changes in Zephyr's MCUmgr file
and naming changes.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
CMSIS glue code is now provided by the CMSIS Zephyr module in
<cmsis_core.h>. Header is generic for M/A/R.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The commit moves the flash_area_id_to_image to section compiled
only when not in DirectXIP mode, to prevent warnings about unused
static functions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds DirectXIP version of bootutil boot_set_next
function.
The function is enabled by configuration option:
MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Builds in the default zephyr mode (optimised for size) which
saves about 6KiB of flash on a default nrf52840dk build.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Improves the Kconfig layout for encrypted image support and allows
using key files instead of just using a pre-defined, insecure dummy
key.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Downgrade prevention check moved to secure both TEST
and PERMANENT upgrade modes. Downgrade can still be
performed during REVERT.
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
Adds a note that there is now additional information that can
(optionally) be provided via shared boot information.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This allows the currently executing slot number to be checked by
the external function, which can be used by XIP images to know
which slot is currently being executed from to allow for correct
uploading/positioning of firmware files, and also provides the
maximum size of an upgrade that can be loaded so that applications
can reject images that are too large.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The function was incorrectly identifying partition of secondary slot
of image 0 as belonging to image 1, at the same time failing to
identify partition of primary slot of image 1.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit fixes boot_set_next always passing image 0 to
boot_write_swap_info, instead of the proper image number.
This has been affecting applications that tried to call boot_set_next
in multi-image MCUboot configuration using scratch-swap algorithm.
Fixes#1762
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Updates the zephyr CONFIG_BOOTLOADER_MCUBOOT documentation link to
target the new location.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
Function flash_area_sector_from_off is replaced with newly used
flash_area_get_sector to cope with calls in bootutil_misc.c file.
This is required for CONFIG_MCUBOOT_SWAP_USING_MOVE to work correctly.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
Adds missing fields which were wrongly treated as part of the
operation value, which they were not, and adds a big/little
endian check.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>