Add a check for the size of the TLV entry for the boot record.
Although, this is in the protected area, and should be protected by a
signature, check that we don't induce an integer underflow if that entry
is somehow too short.
Signed-off-by: David Brown <david.brown@linaro.org>
Adds an optional callback when the MCUboot status changes which can
allow components to react.
Signed-off-by: Jamie McCrae <jamie.mccrae@lairdconnect.com>
RT1050 and 1060 have large flash chips, so tools like MCUMgr will time
out if the entire flash bank is erased before writing data. Enable
progressive erase for these boards to prevent timeouts.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
LED usage code were simplified thanks to `struct gpio_dt_spec`
and related methods.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
bootloader-led0 alias will be deprecated and replaced by dedicated
mcuboot-led0 alias.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The RAM loading mode wasn't wrapped in Zephyr configs like the other boot modes.
Added a config to enable RAM loading as well as two configs to set
IMAGE_EXECUTABLE_RAM_START and IMAGE_EXECUTABLE_RAM_SIZE, respectively. These
two values default to the values from the chosen node sram in the dts.
Signed-off-by: Johan Öhman <johan.ohman@softube.com>
This fixes a build issue when building mcuboot for zephyr with RSA
image encryption support enabled using mbedtls.
Signed-off-by: Jamie McCrae <jamie.mccrae@lairdconnect.com>
The Cache is an optional configuration of both the ARM Cortex-M7 and
Cortex-M55. Previously, it was just checking that it was just an M7
rather than knowing that the CPU actually was built with the cache.
Signed-off-by: Ryan McClelland <ryanmcclelland@fb.com>
This fixes a build issue when building mcuboot for zephyr with image
encryption support enabled using tinycrypt.
Signed-off-by: Jamie McCrae <jamie.mccrae@lairdconnect.com>
The fix adds a condition that checks if either key or fixed_sig are
`not None` before payload signing and TLV addition.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Entry point call was moved back from main to esp_loader, so it is
called from iram_loader_seg memory region
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.
Made respectively changes for build system and documentation.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Grouped common bootloader init functions among esp32, esp32s2,
esp32c3 and esp32s3 into common files.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Extend sign/create command so it allows to export image's byte string
which is the substrate for the image signature. The new option is
'--vector-to-sign'. It might takes 'payload' or 'digest'.
The exported data might be used to calculate the signature externally.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Extend sign/create command so it now allow to export the image
signature to the file pointed by --sig-out option.
The image signature will be encoded as base64 formatted string.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The sign command was extended so it now allow to provide the signature
as base64 formatted RAW file using --fix-sig along with the relevant
public key --fix-sig-pubkey.
This patch is added for support the case where the party which produces
the image dose not have access to the signing image key but must request
third party for the signature.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Update dependencies that don't require any code changes. This leaves
'aes' and 'cipher' which will require code changes to support newer
versions.
Signed-off-by: David Brown <david.brown@linaro.org>
Change the edition in the various Cargo.toml to 2021. There are no
changes to the code needed for this. This will require Rust 1.56 in
order to build.
Signed-off-by: David Brown <david.brown@linaro.org>
cddl-gen has been renamed to zcbor.
Update regenerate_serial_recovery_cbor.sh and regenerate/recopy all
files.
Remove the submodule in ext/ since it is no longer necessary when
the zcbor package is installed (only needed for regeneration, not
for building).
Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no>
This option was reserved for serial recovery mode, while
it should be available for USB DFU as well.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change disables CONFIG_USB_DEVICE_REMOTE_WAKEUP, because it is not
supported by the MCUboot bootloader source code.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL is going to be deprecated, so
remove its usages from the Zephyr port. Definition checks have been
replaced with DT_HAS_CHOSEN(zephyr_flash_controller), and the macro
itself has been replaced by
DT_LABEL(DT_CHOSEN(zephyr_flash_controller)). Note that the code could
likely be refactored to make use of compile time device references, ie
use DEVICE_DT_GET, but that task has been left for the maintainers.
Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com>
Changes on configuration and flash area organization for supporting
multi image and implementation for booting on different processors
on esp32
Signed-off-by: Almir Okato <almir.okato@espressif.com>
During the workflow a Zephyr repository is checked out (by default
main, but any version can be given when workflow is triggered
manually) and west update is run according to Zephyr's manifest.
However, the MCUboot version is then replaced by checking out
MCUboot main (triggered by push or cron), PR's head (triggered by
a PR to MCUboot) or custom SHA (manual trigger). Next, twister is
called for tests/builds in locations given in the workflow
(test_paths).
Signed-off-by: Maciej Perkowski <Maciej.Perkowski@nordicsemi.no>
CONFIG_LOG_IMMEDIATE was renamed to CONFIG_LOG_MODE_IMMEDIATE.
Change aligns MCUboot code to support new naming convention.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Add instructions on the readme-espressif.md on how to encrypt
data on the host.
Also add configuration and instructions for disabling/switch
UART ROM Download Mode.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
These changes fixes a bug that can cause an uninitialized BlockDevice
to be queried for its size. In some cases, this can return unexpected
results (eg: 0). Move setting block device size after its
initialization.
Co-created: @AGlass0fMilk - George Beckstein
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
Add header area size at the start of FLASH parameter in mbed_lib.json
This parameter is not used in MCUboot source code directly but for
example is the argument for imgtool.py sign command which sign
the binary image.
It will be useful to have it in Mbed port settings to use during project
building. For example post build command in cmake which signs image.
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
This commit add option for a user to enable MCUboot logging from project
configuration level.
Now, logging from MCUboot's sources will be printed in the same way as
mbed-os logs.
Co-created by @AGlass0fMilk - George Beckstein
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
The mbed port should be compatible with a new command-line tool
mbed-tools (Mbed CLI 2) which use cmake build system. This allows build
cmake-base applications.
Fix mbed files paths - it's required for the new version of mbed-os
(v6.15)
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
In case when echo string would be too long to fit into buffer,
there would be no space left for container termination.
Due to lack of error checking such non-terminated container would
be sent out, where error response should be sent out instead.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The buf buffer set to collect total console payload consisting
of total size (two bytes), SMP header (eigth bytes), data payload
(bs_obuf, BOOT_SERIAL_OUT_MAX) and CRC (two bytes), pior to base64
encoding has been set to size of BOOT_SERIAL_OUT_MAX.
This means that if output data len, in bs_obuf, would be longer than
BOOT_SERIAL_OUT_MAX - 8 - 2 - 2, then composing of the output buffer
would overflow.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Decryption buffer was fixed to 1024 which imposes failure
while attempting to decrypt bigger image chunks, which is
expected on memories of bigger erase-block-size.
This patch attempt to get teh proper buffer size basing on
SOC's nv flash node.
fixes#1310
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
esptool and imgtool require additional information that is not clear
to end user.
It also update ESP32 status for Zephyr porting.
Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
David Brown