Update the script for cloning and installing Espressif IDF needed
for building MCUboot Espressif's port on CI.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Remove the ESP-IDF from git submodules to avoid potential
duplicated repo clones on the user system. IDF HAL code is still
a dependency for Espressif port, therefore now the HAL code
reference needs to be passed by parameter when building.
The Espressif port was also updated to work with last v5.1 IDF
code.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
This commit fixes a bug with the getpriv command using
ECDSA keys.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I66c1365a855e97199921ac136a18e26988bce508
In same cases (loging, hash, crypto) main function called
newt tool generated sysinit() function to create
uart device and crypto.
Now user can specify that sysinit should be called for
other cases if needed. This can be useful if some other
package should be included in the build and it has
package initialization function.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
For MCUs with restriction on minimum write size (STM32H7)
unaligned writes resulted in flash write errors preventing
any sort of update.
Now MCUBOOT_BOOT_MAX_ALIGN can be set accordingly to value
that flash driver uses.
For alignment <= 8 default value provided by mcuboot config
is still used.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
For downgrade prevention it's possible to use build number
for grater control.
So far only Zephyr has this option in Kconfig now
option is also available in mynewt.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
This allows user to enable echo for mcumgr command in serial boot.
Code was enabled in zephyr only so far.
Now mynewt build can also have this feature if enabled.
No code changes just option in mynewt build to enable existing
mcuboot feature.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Definition of MCUBOOT_SWAP_USING_MOVE in case swap without scratch area
is configured in NuttX was missing from mcuboot_config.h file.
Also necessary function flash_area_sector_from_off() is defined and
declared in order to support swap without scratch.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
According to the SMP protocol documentation [1], 'image number' value
in 'image upload request' is optional and can be included only in packet
with 'off' (data offset) set to '0' (first packet in upload request).
In one of recent changes (commit 'cb07e888691d'), initialization of the
'img_num' variable was removed which, in extreme case (no image number
provided in upload request), results in use of its uninitialized value
in flash_area_open() call which then might lead to request abort.
This fixes above regression and also makes MCUboot implementation of the
'image upload request' aligned with Zephyr documentation of the protocol
by considering image number only from first (off == 0) 'image upload
request' SMP packet. In addition, 'image number' value is set to '0' if
the request doesn't provide this field.
[1] docs.zephyrproject.org/latest/services/device_mgmt/smp_groups/smp_group_1.html
Fixes: cb07e88869 ("boot_serial: Replace cbor auto-generated code with zcbor functions")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The 'matched' param in zcbor_map_decode_bulk() function is 'pointer to
the counter of matched keys', not length of payload buffer.
Fixes: fac2cabe98 ("boot_serial: Add image state set/get")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Fixes an issue which was introduced in commit
fac2cabe98 which would show all
images, including those with invalid headers in the output of
images being listed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This commits reverts the changes made to cap values in 75c7c31.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ibbbf66e89d059ef4e4b45218a8a39778c849f21b
This commit reverts the changes to the cap values made in 206b914.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ie47c3f253409932b960f4fc12e3b722b000b3093
Adds new test combinations to the CI to
test the ram-load feature more thoroughly.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I56d6f74af55ed078947c092726160b123d36f67f
Adds new test cases to various ram-load related logic.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3a0ca951b2c720be4e6fe2ed0e5d1830fcfb240c
If ram-load is being used with encryption and
the higher version image is loaded from the primary slot the
verification will fail as the image is always non-encrypted
and will produce an invalid hash. This fix puts encrypted images
into both slots to prevent this issue.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I4ac9f332434a95d140c5572096b8a9161db2d217
This patch enables psa-crypto-api feature
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
If the psa-crypto-api feature is defined, the simulator will
initialize the PSA Crypto API exactly once. It needs also to
enable the test external RNG as the assumption is that the
PSA subsystem is configured to use MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Signed-off-by: Matthew Dalzell <matthew.dalzell@arm.com>
Change-Id: Id02727b8673867ecf1e4fbbdfa3c4b6d6f98f8df
This commit adds simulator support to test the
hw-rollback-protection feature which is using
nv-counters. In the simulator they are stored in Rust
to prevent any race conditions from happening due to
the parallel execution of the tests.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I445fc50615ed1f0c06e5933b16811c24d9d302fc
Currently there's a compile error when building MCUboot
with HW_ROLLBACK_PROT due to a comparison
when decoding the security_cnt fih_int value. In the security_cnt.h
it is stated that this value must be between 0 and UINT32_MAX
so this cast would not cause any undefined behaviour.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iee158a31955ff43b73e67a0c08e7a086077b9eb5
Hackerone hasn't turned out to be particularly useful. Fortunately, github now
has a mechanism to directly report security vulnerabilities within the project's
pages. Update the docs to show this as the preferred vulnerability reporting
mechanism.
Signed-off-by: David Brown <david.brown@linaro.org>
Similarly to what has been done for the init function, also
the abort function should return a state in case the caller
needs to implement some error recovery procedure, or even
just for debugging reasons.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I5b8bc8fc2da57cfbc6ddea3f7e95ed7a7ae8e5a9
SHA-256 init functions should return the status of the init
instead of being void. This would allow the callers to implement
proper error recovery, otherwise on error the SHA-256 operation
will enter an undefined behaviour.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I162ceb8e6dc90dc3c6b83c8a85fbd17b41c0b5d6
A couple of typos in comments for the newly added RSA modules
need to be assessed.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ia06529adb81215fad796895d7b412b35717b6d65
image_index should be added to additional prints as noted
during the original PR review.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I2e456f05ee4ccb372aeab564f7f388bc2fd564e5
The crypto/common.h header checks for MBEDTLS_VERSION_NUMBER
value but it needs to include mbedtls/version.h first
otherwise it won't return a reliable check.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ice12fe26bb24fd98c09c4adfe001b5274cee555c
This patch adds a dedicated crypto backend based on PSA Crypto APIs to
implement SHA-256 operations. The enabling of the backend is controlled
by the MCUBOOT_USE_PSA_CRYPTO define.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6065f7fccb483eda54f0190457f33aa89c6a0796
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
Add the image_index to common prints that get repeated in the
print out logging so that it helps differentiate the information
conveyed by the print.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I560b0f76d879e4bd5f82ef65e845fe5c80585c97
Adds a file which contains the current MCUboot code version, which
can be used by Zephyr builds.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a note that both of these functions are now (optionally)
supported in serial recovery mode.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds optional image state set/get functionality to serial recovery
mode which allows for listing image states and marking images to
be tested or as confirmed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a note that the zcbor encoder buffer size has been fixed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Fix usage of zcbor_new_encode_state API, to correctly pass the payload
length. The previous usage was passing a pointer to the end of the
payload, which resulted in the ZCBOR structure being initialized with
an invalid `payload_end` field. On some platforms, this breaks MCUBoot
serial recovery, as the ZCBOR structures required to send response data
are invalid and can no longer be populated with response data.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Updates to use the zephyr docker image version 0.26.4 which
includes the zephyr SDK 0.16.1, and resolves build issues with
recent zephyr changes.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Almir Okato