Currently imgtool --verify fails for hex files with:
Invalid image magic; is this an MCUboot image?
Added support for hex files by converting hex to bin
using IntelHex::tobinstr().
Reusing image.load() needs a bit of rework, maybe a
common load method will be done in the future,
Signed-off-by: Lucian Zala <zala.lucian@gmail.com>
Align parameter should be optional:
- it has a default value.
- it is not used for non-swap update modes.
Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
This commit fixes a bug with the getpriv command using
ECDSA keys.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I66c1365a855e97199921ac136a18e26988bce508
This reverts commit 78135ee6eb
as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary.
Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7
Signed-off-by: David Vincze <david.vincze@arm.com>
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.
Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
Add backwards compatibility to the imgtool to support
the old curve specific TLVs. Currently only ECDSA256 needs this.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I275894ebc713ea8adcaab4198b036c41233b11e8
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
Add new 'dumpinfo' command that can parse a signed image and
print all the available information from the header, TLV area and
trailer in the form of a basic "image map".
The --outfile option can be used to write the image information
to an output file in serialised YAML format.
Change-Id: I99e61078946b02eefd4ac2e682583476d53e8d4f
Signed-off-by: David Vincze <david.vincze@arm.com>
Imgtool does not provide support for P224
curve, just a placeholder function that
says it's not currently implemented.
This has now been removed as P224 support
had been removed from the boot code too.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I477d8e273085f38f35eaf9a591584f3e937d748d
Currently if max-align > 8, magic_boot only works in little endian
For example :
With max-align = 16 and endian = big, boot_magic starts with 0x10 0x00,
but it should be 0x00 0x10
Signed-off-by: Raphael Dupont <raphael7dup@gmail.com>
The TLV type field in trailer TLV struct is defined as unsigned 16-bit
(in LE byte order). Currently, due to Python's struct format specified
as 'BBH', the 'imgtool' accepts only single byte for this field.
This results in error when trying to use 16-bit TLV type with option
'--custom-tlv':
struct.error: ubyte format requires 0 <= number <= 255
This changes format to 'HH' which allows using 16-bit TLV types and
while at it, adds also simple range validation for custom TLV type.
As defined in image.h header, the vendor reserved TLVs value should
be from 0x00a0 to 0xfffe range.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Verify mode already works for the public halves of RSA and ECDSA keypairs.
This patch corrects an apparent oversight, enabling that functionality
in Ed25519.
Signed-off-by: Ross Younger <crazyscot@gmail.com>
A previous change was added to allow the `getpriv` command to dump ec256
keys in both openssl and pkcs8. That PR did not touch other key file
types which resulted in errors using that command with RSA, X25519, etc.
This commit generalizes the passing of the `format` parameter, so each
key type can decide which format it allows a dump to be produced in,
and what default to use.
Fixes#1529
Signed-off-by: Fabio Utzig <utzig@apache.org>
`--vector-to-sign` only exports the image payload, or digest, to be
signed externally; it doesn't require any keys to be provided. This
commit moves the code outside a key required block, after the payload
and digest were already calculated from "image + headers + protected
TLVs".
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fix the remaining PEP8 warnings that appear on image.py, ecdsa.py
or main.py for imgtool.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
This patch improves the existing ECDSA key generation feature
in the imgtool by:
- Fix a bug in the 'minimal' representation of PKCS#8 keys where
the resulting ASN.1 DER encoding is not compliant
- Add the option to export ECDSA private keys in SEC1 format by
providing a command line option -f or --format that can be
'openssl' (for SEC1 format) or 'pkcs8'. This format ends up in
key encodings which are generally smaller than PKCS#8.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Common prints such as the one that happens when an image is signed
are clearer if the source of print is added (i.e. filename), especially
for those build integration flows where imgtool is invoked as part of
a set of operations.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Update a previous PR were PEM exporting was added to the `--lang`
parameter, even though PEM is not a source code language per se.
This PR adds `--encoding/-e` to `getpub` command, for exporting
in formats other than a language source code. `--lang` is left with
a deprecation message, so it could be removed in a future version.
The default behavior of exporting source code in C was preserved.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `getpub` with new `lang` option, "pem", which allows exporting a
public key as a PEM file. This can later be distributed to be used for
encrypting an image, and gets away with having to use openssl for this
step.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The image_ok was written to the wrong offset
when outputting HEX format. This commit fixes that.
Drive-by change: Use actual length of boot magic
instead of assuming it's 16 bytes long.
Signed-off-by: Alexander Mihajlovic <alexander@eub.se>
The fix adds a condition that checks if either key or fixed_sig are
`not None` before payload signing and TLV addition.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Extend sign/create command so it allows to export image's byte string
which is the substrate for the image signature. The new option is
'--vector-to-sign'. It might takes 'payload' or 'digest'.
The exported data might be used to calculate the signature externally.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The sign command was extended so it now allow to provide the signature
as base64 formatted RAW file using --fix-sig along with the relevant
public key --fix-sig-pubkey.
This patch is added for support the case where the party which produces
the image dose not have access to the signing image key but must request
third party for the signature.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
When generating an image with trailer (--pad or --confirm), the
imgtool also adds the erased values into that area. This is not
wanted for flash drivers which use ECC and treat writing erased
values as a real write action, which cannot be overwritten anymore.
See issue #1288
Signed-off-by: Wouter Cappelle <wouter.cappelle@crodeon.com>
The value of `--max-align` parameter passed to imgtool can never be
less than the value of `--align` parameter. At present the default
value of `--max-align` is fixed at 8. This forces user to pass the
parameter even when its value can be safely inferred.
Change the default value of the `--max-align` parameter to the larger
of the two values: `--align` or 8. Consequently, the user is required
to pass the parameter only if the flash alignment of the primary and
secondary slot differ.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
Create an option to generate a clear image with encryption capability
that can be installed on a primary slot. Since image has encryption
capability image can be swapped encrypted in secondary slot
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
The magic value applies to images built with maximum write alignment
values other than 8 bytes, whose trailer region is generated in a
different layout.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The cbor module is unmaintained, with the last release in 2016[1]. The
cbor2 module however is under active development and was last released
just last month[2].
As the APIs are identical, we can import cbor2 and if that fails fall
back to cbor.
[1] https://pypi.org/project/cbor/#history
[2] https://pypi.org/project/cbor2/#historyCloses#1189
Signed-off-by: Ross Burton <ross.burton@arm.com>
Change-Id: Iaf2d0df625a200a5cebf72dec4a89877a26194ea
According to clippy, `&'static` can just be `&` for static definitions,
which always have a static lifetime. Clean this up in the arrays in the
code, as well as generation code in imgtool.
Signed-off-by: David Brown <david.brown@linaro.org>
Since there won't be anymore alpha releases, rollback to latest official
(from master). The next released versions now can be either 1.7.X from
v1.7-branch or X.Y.Zrc1 for the release candidate of next stable
version.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Fixes padding hex images when encrypting. The issues stems from binaries
using `bytes` and IntelHex returning `array` where `bytes` cannot be
appended to, so use `.extend()` instead.
Signed-off-by: Fabio Utzig <utzig@apache.org>