Enables BOOT_ERASE_PROGRESSIVELY for Nordic nRF boards.
This fixes issue where mcumgr upload command would result in
device being deleted, but no new image being uploaded
due to timeout while waiting for erase operation.
This avoids a delay of several seconds during firmware upload.
Signed-off-by: Bernt Johan Damslora <bernt.johan.damslora@nordicsemi.no>
Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
This to correctly set the kconfig default value.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no>
Usage of cc310 by defaults gives poor user
experience out of the box as it requires manual
cloning of nrfxlib repository.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add fault injection hardening profile configuration to Zephyr config.
Default config is to not have any hardening in SW against hardware level
fault injection like clock or power glitching, EM pulse, laser beam, etc.
Change-Id: I67d22d257ead83e1e288de0ee7621aac32bf50eb
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
This is the preferred signing type with this HW available.
Add 'ECDSA' to the kconfig name to align with the tinycrypt variant.
Remove superfluous checks on select operations.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Automate process of selecting correct .pem key file.
Zephyr users are familiar with using 'menuconfig' and similar tools
for seeing what options are available, so remove =n choices from
prj.conf which were used to show the available options.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
The terms "single-image boot" and the "single image application"
of Zephyr are confused. It might be might be understood as one-pair image
dual-bank mode in comparison to multi-image mode.
This patch replaces CONFIG_SINGLE_IMAGE_DFU by
CONFIG_SINGLE_APPLICATION_SLOT name,
which makes this mode name unambiguous.
fixes#800
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fix
Add direct-xip mode to Zephyr configuration and make
upgrade mode selection always explicit.
Change-Id: Ia8e788f0b7bc801b6d45fd86f56c17ca6839f9c9
Co-authored-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: David Vincze <david.vincze@linaro.org>
If CONFIG_BOOT_INTR_VEC_RELOC is set, the mcuboot will
relocate the interrupt vector to the booted application.
Signed-off-by: Rafał Kuźnia <rafal.kuznia@nordicsemi.no>
Modifications to Kconfig that add option for selection of single image
DFU and disable incompatible options.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
A few mcuboot option were outside of mcuboot-specific
menu.
This patch moves them into mcuboot menu.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add Kconfig option `CONFIG_BOOT_SIGNATURE_TYPE_NONE`. When y,
The bootloader will not verify the cryptographic signature of the image
at boot or prior to upgrade. Image integrity check is retained.
Images would still need to be processed using `imgtool` however no key
should be provided to skip cryptographic signature generation.
Signed-off-by: Arvin Farahmand <arvinf@ip-logix.com>
This change enables the public key (used for image authentication) to
be removed from MCUboot and be appended to the image instead. In this
case the key or its hash must be provisioned to the device and MCUboot
must be able to retrieve the key-hash from the hardware to compare it
with the calculated hash of the public key from the image manifest in
order to verify its validity before image authentication.
The source of this change:
https://review.trustedfirmware.org/c/trusted-firmware-m/+/1581
Change-Id: I36fe699732e0e4c113eaed331c22e707c722ed6e
Signed-off-by: David Vincze <david.vincze@linaro.org>
Board was renamed here:
https://github.com/zephyrproject-rtos/zephyr/pull/23524/
Patch aligns the name in MCUBoot and decouples one of nrf52840 dedicated
overlay from exact board name.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Define interface for sharing boot status (certain attributes of the
authenticated images) and adding arbitrary data in TLV encoded format
to a shared data area between the bootloader and runtime SW.
The boot_record.h file was copied (with minor modifications) from the
Trusted Firmware-M project (https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.
Change-Id: Ia25bac27e9f1ce7faa5043c5a0455c804a24701e
Signed-off-by: David Vincze <david.vincze@arm.com>
Zephyr commit [1] has changed kconfig option name. Update kconfig
selection to the new one.
[1] 90b9eb3a9e93 ("kconfig: Rename USE_CODE_PARTITION to
USE_DT_CODE_PARTITION")
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.
Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.
MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.
Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.
Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.
build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
-- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add Log processing configuration synchronous as default
if multithreading is disabled.
Additionally Kconfig makes MULTITHREADING default
if USB is selected.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add image security counter verification (read security counter value
from the image manifest and compare it against the stored/active
security counter) as an optional part of the image validation process
to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
is enabled then the platform must provide a mechanism to store and
read the security counter value in a robust and secure way.
Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
According to our CI:
Redundant 'source "$(ZEPHYR_BASE)/Kconfig.zephyr" in
'boot/zephyr/Kconfig'. Just do 'source "Kconfig.zephyr"'
instead. The $srctree environment variable already points
to the Zephyr root, and all 'source's are relative to it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Depends on 'MCUBOOT_OVERWRITE_ONLY' option since swap info is not protected
by signature
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Swap without scratch has been tested enough and no obvious bugs (or
"show stopper) bugs seem to exist; so remove [EXPERIMENTAL] and make
it "stable".
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds a Kconfig feature CONFIG_BOOT_USE_BENCH, which when enabled
will print the simple benchmarking output as log messages.
Signed-off-by: David Brown <david.brown@linaro.org>
Add Zephyr option to enable building a bootloader that uses an
alternative swap algorithm, that first moves up all sectors in slot1 and
then directly swaps between slot0 and slot1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Ran automated checker for common typos [1]. Most of these changes have
no functional change *except* for `./ci/sim_run.sh` where, previously
the `bootstrap` feature wasn't being selected properly.
I didn't touch anything in the `./ext/` folder as anything in there
should probably be fixed in the upstream repo.
[1] https://github.com/codespell-project/codespell
Signed-off-by: Sam Bristow <sam@bristow.nz>
zephyr changes the way in which it provide name of
serial device used by serial recover.
see: https://github.com/zephyrproject-rtos/zephyr/pull/18752
This path introduce build time configuration of device name
which is set to exact the same device which was set before.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
To enable multi image support in mcuboot one needs
to set the 'UPDATEABLE_IMAGE_NUMBER' config.
Add this to zephyrs MCUBoot kconfig to allow this.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
CONFIG_MULTITHREADING is generally assumed to be y by the zephyr
kernel, even though that's not reflected in the Kconfig. For example,
semaphores depend on it being y, but CMake will still build sem.c even
if it's n.
The sensible default for this option is thus y.
However, it's a size advantage to disable it if the platform drivers
are all aware of this option, such as nRF.
Let's re-work our use of this option to keep it disabled when we know
it's safe, but enable it by default so more platforms can be expected
to work out of the box.
Signed-off-by: Marti Bolivar <marti.bolivar@nordicsemi.no>
This commit removes the non-standard BOOT_HAVE_LOGGING Kconfig option.
Instead the standard LOG / MCUBOOT_LOG_LEVEL can be used to control
logging.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
It is no longer necessary to override TEXT_SECTION_OFFSET when
BOARD_HAS_NRF5_BOOTLOADER. The nrf52840_pca10059 board no longer
overrides TEXT_SECTION_OFFSET but sets the correct FLASH_LOAD_OFFSET
instead, automatically.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Adds `CC310` define which wraps the generic CC310 interface adds
includes for using `NRF_CC310_BL` to CMakeLists. This requires `nrfxlib`
to be located outside of the mcuboot folder by 1 directory level. Also
add the Kconfig defines needed for this to build while trying to make it
generic enough to be used by other vendors that have implemented
`CC310`.
Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com>
Select the code partition as the target for link into.
This patch together with
https://github.com/zephyrproject-rtos/zephyr/pull/14620
fixes the issue which was imposed while zephyr moves
DTC before Kconfig processing in its build process.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.
Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
This Kconfig parameter makes MCUboot wait for a prescribed duration
of time to allow for USB DFU to be invoked.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Rather than use LOG_DEFAULT_LEVEL to control MCUBOOT's log output,
let's create an MCUBOOT specific log level setting.
Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
Commit 1d9e5ee1 ("logging: Refactoring 'in place' mode to reduce memory
footprint") changed the resource restrained version of LOGGER from
LOG_INPLACE_PROCESS to LOG_IMMEDIATE.
Signed-off-by: Michael Scott <mike@foundries.io>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Instead of detecting an invalid Kconfiguration during CMake
Configure-time we detect it where it belongs, in Kconfig.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.
In-place log processing is selected as it is required as MCUBoot is
one thread application.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Ensure that the offset in .text is zero.
This is necessary to ensure that MCUBoot is linked at
the beginning of the boot partition, as intended.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Remove MPU_ALLOW_FLASH_WRITE from prj.conf and put it in
boot/zephyr/Kconfig enabling it only for every ARM_MPU
equipped device.
Signed-off-by: Rajavardhan Gundi <rajavardhan.gundi@intel.com>
Add a hidden MCUBOOT config entry to mark a project as MCUBOOT.
It is useful when other parts of the system need to be aware
that they are, in fact, the bootloader.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
This commit adds a choice for the device to use for serial recovery.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
fixup
This commit adds the option to erase flash pages while receiving
the firmware, opposed to bulk-erasing the whole image area at
the beginning of the DFU process. This is required on some
hardware that has long erase times, to prevent a long wait
and possibly a timeout during DFU.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
New logging macros were added for all supported platforms, following the
documentation defined in the template config file.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch isolates mcuboot settings under `MCUBoot`
menu in menuconfig view. This improves legibility.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The patch introduce usage of zephyr flas_map module instead
of mcuboot zephyr-only implementation. Unused flash_area_to_sectors
API of former flash_map was removed as well.
Size of sector-status-update-map entry is now defined thanks to the
minimum write size supported by the flash driver.
For avoid ambiguity former zephyr-only files flash_map.c
were renamed to flash_map_extended.c (its code now implements
only addition to this what zephyr flash_map implements).
flash_map.h header include is now warped by flash_map_backedn.h headre
because implementations and include pathes are diferent in Zephyr and Mynewt.
Usage of hal_flash_align() were replaced by usage flash_area_align().
This provide consistency between MyNewt and Zephyr implementation as
this API is available in both RTOSes.
flash_map.h was moved to the simulator c-support files as now missing in
the boot/zephyr subdirectories.
f. boot_scratch_fa_device_id was removed as unused.
f. boot_img_fa_device_id was and expanded the only use of it
(on loader.c).
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.
This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.
Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)
We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.
To move to a single prj.conf:
- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
depending on the case
This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.
Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The Zephyr CMakeLists.txt contains some configuration options that are
outside of Kconfig.
The standard way to configure Zephyr builds is with Kconfig, so it
would be better if MCUboot did not have a parallel configuration
mechanism.
Add equivalent Kconfig options to those which are defined in
CMakeLists.txt. Subsequent patches will use them.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The kconfig file is a bit disorderly. Clean it up. There are no
changes in this commit which affect the bootloader's behavior.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Zephyr's SOC_FAMILY_NRF5 keyword was changed to SOC_FAMILY_NRF to
align with zephyr code-base.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Zephyr has build-in tinycbor code of version which doesn't
require newlib-c by default. Also the cborattr module is now
taken form the zephyr code.
This patch decrease flash consumption by 10 KB for serial recovery build.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This still defaults to 128 for compatibility, but allows users to
specify less elements to save space, or more elements for devices that
have massive flash size and/or too small sectors.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Since not all ICs default to enabling flash page layout, enable it from
the MCUboot Kconfig options whenever it is available.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Add a new MCUboot device settings option that enables or configures
features that are specific to a particular device.
Additionally enable software vector relay in Cortex-M0 CPUs that do not
have a hardware mechanism to relay or forward interrupts.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Since the Kconfig file is only relevant to Zephyr, move it from the root
folder into boot/zephyr, in order to keep all Zephyr-related files
together.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Bernt Johan Damslora