The ecdsa abstraction layer header does not have a license header.
Add it in preparation for the merge with ecdsa.h
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ibb906c7f6bb3b50387e4816e1a95b31d3c8b515f
Add a dedicated signature validation module for generic ECDSA signatures,
and a corresponding cryptographic abstraction backend based on PSA Crypto
APIs. This signature verification backend is enabled by defining the
option MCUBOOT_SIGN_ECDSA
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I47da70629da0a5681ec7c4dcceed875a997b071b
Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147
Create a new generic ECDSA TLV type that can be used
to store any signatures irrespective of the curve type.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I2aeb885251fd25e23f5430328b8cc64b8cc8d7be
The stm32 defines is somewhat redundant due to the generic watchdog
defines which uses the watchdog0 alias. Therefore they are removed in
this commit.
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
The Zephyr watchdog API defines a setup function. This function needs to
be executed before the watchdog is functional in some cases. This commit
adds MCUBOOT_WATCHDOG_SETUP when using the generic watchdog0 alias
otherwise it is an empty define.
Fixes https://github.com/mcu-tools/mcuboot/issues/1659
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
For bootutil_verify_sig the declaration expects fih_ret
as the return type not fih_int, this has now been fixed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If5943758bebdbf401b1eb387de334fa19a3a7781
When using CDC only and CONFIG_SERIAL is not enabled in Zephyr,
but there is chosen zephyr,mcumgr-uart, the chosen
takes precedence over CDC and directs MCUmgr to that uart.
This causes two issues: first the CDC is ignored if chosen exists,
and makes build fail because drivers are not built.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commit provides boot_set_next function that allows to set next
application slot to boot by flash area object pointer, describing
the slot.
The function also takes active which is supposed to indicate whether
running application is being set for next boot and confirm parameter
that allows to confirm the image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds a bootloader serial recovery entrance mode that will allow
recovering a module if there is no application that can be booted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional entrance method for mcuboot's serial recovery by
using Zephyr's boot mode retention system, this allows for an
application to set the retained data and reboot into the bootloader.
This also adds a selection of how to enter serial recovery mode, it
no longer requires having a GPIO entrance mechanism. Entrance
methods have been added under a new Kconfig menu.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The current ECDSA-P256 implementation code contains
a lot of code that is tied to a specific condition being met.
The aim of this commit is to cleanup the main verification
logic to be unified between crypto backends and move the
conditional code where it is relevant.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I06b050a263b2b88b08708defb6aa1001a08ba2ae
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The mcumgr packet sent over serial should be fragmented into frames of
up to 127 bytes, including 2-bytes frame start header and 1-byte for
terminating newline [1], resulting in up to 124 bytes for the base64
encoded payload.
Current implementation doesn't fulfill above requirement and transmits
single frames, without considering their length. This change introduces
support for fragmenting as defined in 'SMP over console' specification.
[1] github.com/apache/mynewt-mcumgr/blob/master/transport/smp-console.md
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The commit modifies selection of boot serial UART by first checking
the Zephyr chosen zephyr,uart-mcumgr and then reverting to the
zephyr,console, as a secondary candidate.
In case when both nodes are present and point to the same device,
error will be reported.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
USB DFU depends on MULTITHREADING and STREAM_FLASH, and these
should be explicitly selected.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
__packed may not be available in all environments. In such
case just fallback to __attribute__((__packed__)).
Signed-off-by: Szymon Janc <szymon.janc@codecoup.pl>
Trailer is temporary located in scratch when data of image goes up to last
sector of primary slot. At the end of the swap procedure, the temporary
trailer in scratch must be erased to prevent mcuboot from reading a stale
status from the scratch area. The erase tentative was not correct, this
is fixed.Issue is easily reproduced with an image size of one sector.
Signed-off-by: Stephane Le Roy <stephane.leroy@st.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Adds a packed attribute to the nmgr struct to avoid issues on
architectures that do not support unaligned memory access.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Removes the old deprecated Kconfig items for configuring GPIO ports
and pins for entering serial recovery/USB DFU mode. These were
deprecated almost a year ago and should not be used as device tree
has long replaced them.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches from using the zcbor files in-tree to using the ones that
are part of the zephyr manifest, this prevents using old and
potentially buggy versions of the zcbor library.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The sysflash.h defines FLASH_AREA_ macros using FIXED_PARTITION
macros that are provided by flash_map.h, but it does not include
the required header.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Modifies boot_read_swap_size and boot_read_enc_key to use
flash_area object pointer instead of image index.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This changes the default mcuboot configuration for zephyr
applications to clean up before booting the user application. The
reason for this change is that mcuboot may configure protection (e.g.
MPU stack guard) which is then used by the user application during
its startup code prior to cleaning the configuration up, this can
lead to a unbootable application and potentially irrecoverable
module, therefore cleaning up is now being enabled by default.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
In rework:
- size has been removed from array, as it has been making array
at least of two elements, even if scratch partition not used;
- some variables have been localized and some removed;
- no longer returning rc codes from flash_area_ functions on
failure, just single point of failure-exit - it made no sense
anyway as we can not recover from flash failure;
- flash area pointer is now NULLified on failure, or when
status not found.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit moves static common functions that have duplicate
definitions in bootutil_public.c and bootutil_misc.c to header
file to be included by both files.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes some confusing Kconfig values to have values that make
sense for the underlying SMP transport.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
When hooks are enabled then boot_reset_request_hook will be
called to check whether it is allowed to reset a device.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Provide prototype for a new hook boot_reset_request_hook
which is called when device is requested to reboot.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
When MCUBOOT_SINGLE_APPLICATION_SLOT is set then the app can
only be overwritten with new image and scratch algorithm
is not used. The configuration logic would default
MCUBOOT_SWAP_USING_SCRATCH to 1 because it was lacking
check for MCUBOOT_SINGLE_APPLICATION_SLOT.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Antonio de Angelis