Commit Graph

28 Commits

Author SHA1 Message Date
Jerzy Kasenberg e3f895d7ef Add downgrade prevention for swaps
Currently, downgrade prevention was limited to overwrite only
builds (version check) or devices with hardware storage for
security counter.

This extends downgrade prevention to be used when swap update
is selected.
Unlike MCUBOOT_HW_ROLLBACK_PROT option it does not require user
code to provide external way to store security counter.
Security counter from slot 1 image is used for comparison.
With security counter usage it is possible to have limited
software rollback if security counter was not incremented.

It is possible to use image version where strict rule for
image version comparison prevents any downgrades.

Downgrade prevention is also added to mynewt configuration.

If image in slot 1 is marked as pending and downgrade prevention
is in place, image will be deleted to avoid check on next boot.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2022-10-04 08:52:57 -06:00
Jerzy Kasenberg 0676589873 boot: mynewt: Add boot data sharing config
There is code for sharing data between booloader and application.
So far only zephyr had config flags to enable this.

This adds configuration that allows to turn on data sharing code
in mynewt version.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2022-06-13 19:57:20 -03:00
Fabio Utzig 1a9c6d8495 mynewt: remove #error on ec256 with Mbed TLS
Allow building ec256 signature validation on Mynewt using Mbed TLS.
Related to https://github.com/apache/mynewt-artifact/pull/33

Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-11-01 14:43:52 -03:00
Dominik Ermel a09ca5b964 boot: Add MCUBOOT_PERUSER_MGMT_GROUP_ENABLED to platforms
The commit adds the MCUBOOT_PERUSER_MGMT_GROUP_ENABLED configuration
option to cypress, mbed and mynewt configurations.
The options is used to enable custom, system specific, mcymgr
commands parsing in mcuboot serial recovery.
For the listed platforms it is set as not enabled (0), as neither
of the platforms currently provide supporting callback.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2021-07-13 11:39:35 +02:00
Andrzej Puzdrowski 142b339667 boot: introduce MCUBOOT_CPU_IDLE() for support low power single thread
Introduced MCUBOOT_CPU_IDLE() macro.
If a port supports single thread or is bare-metal then might be need
to switch to idle mode explicitly form MCUboot code.
The call allows to enable lower power consumption while waiting for
incoming transmission in serial recovery etc.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2021-06-17 12:42:21 +02:00
Fabio Utzig 92eb07fe3e boot: mynewt: add ECIES-X25519 support
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-04-10 17:56:14 -03:00
Fabio Utzig 6e137818d2 mynewt: add option for saving enckey TLVs in swap status
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-20 14:57:06 -03:00
Fabio Utzig e92df93461 sim: log: add new level targetting simulator
* Adds a new level (BOOT_LOG_SIM) to be used only for messages that
  are interesting while debugging bootutil in the simulator. This should
  be used for extra verbose prints.

* Also added fflushs after fprints to guarantee that messages are printed
  even when assertions are raised.

* For abstraction completeness, add "do nothing" definitions of _LOG_SIM
  to the other ports.

* Make DEBUG the default level when building the simulator (one can
  still lower verbosity using any other value for RUST_LOG).

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-10 16:04:44 -03:00
Fabio Utzig be43ea8977 boot: mynewt: add config for swap without scratch
Add Mynewt option to enable building a bootloader that uses an
alternative swap algorithm, that first moves up all sectors in slot1 and
then directly swaps between slot0 and slot1.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-12-09 14:21:09 -03:00
Fabio Utzig c67dd70423 boot: mynewt: add config for ECIES-P256 encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-11-06 06:55:25 -03:00
Fabio Utzig 61f08a04ae Add basic multi-image support for Mynewt
Allow Mynewt to be used in multi-image builds. Primary and secondary
slots of image 1 are hard-coded to FLASH_AREA_IMAGE_2 and FLASH_AREA_IMAGE_3.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-09-09 10:00:09 -03:00
Fabio Utzig 78cc1261f3 Add Mynewt option to enable the watchdog
For Mynewt, if a watchdog driver is available, it is always used and feed
during a swap operation. Since the swap operation is able to resist resets,
the watchdog can stay disabled to preserve some flash space (watchdog
driver), with the side-effect that a swap might take longer because of
having to resume interrupted operations.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-08-06 14:25:04 -03:00
Fabio Utzig 853657c23d Add watchdog feeding macro
When HW / OS provides an always enabled watchdog, this macro can
optionally be implemented to avoid resets which are expected to
occur under normal conditions when swapping very large images or
running on slower devices.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-07-12 08:06:13 -03:00
Fabio Utzig a1e8e4334d Add Mynewt ed25519 support
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-06-13 19:21:05 -03:00
Fabio Utzig 61f86fd848 Add Mynewt RSA-3072 config
Signed-off-by: Fabio Utzig <utzig@apache.org>
2019-05-16 14:01:19 -03:00
David Vincze 2d736ad4c5 Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.

Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2019-03-13 15:40:21 -06:00
Emanuele Di Santo 9f1933d1a5 boot: zephyr: migrate to new log subystem
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.

In-place log processing is selected as it is required as MCUBoot is
one thread application.

Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2019-01-10 19:11:15 +01:00
Fabio Utzig 338a19f70d Add boostrapping from slot1 support
This adds a new option that allows copying slot0, from the contents
of slot1, if slot0 is found out to be erased and not validated, and
the contents of slot1 are validated.

This mechanism basically enables a device to "bootstrap" from the
contents of an external flash that has a valid image, given that the
only flashed thing in the internal flash is the bootloader.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-12-27 10:58:50 -02:00
Fabio Utzig 0170f26de1 Add Mynewt config for encrypted images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-10-12 13:36:13 -03:00
Marko Kiiskila ce50ab0648 boot_serial; text size reduction.
- Remove dependency to sprintf()
 - Remove dependency to cborattr
 - mynewt: replace console with more direct interface to uart
 - mynewt: settings to reduce included os code

Signed-off-by: Marko Kiiskila <marko@runtime.io>
2018-06-14 23:19:06 +03:00
Fabio Utzig 9a4b9ba1c0 Add per platform mcuboot_logging.h files
New logging macros were added for all supported platforms, following the
documentation defined in the template config file.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-06-04 06:54:39 -03:00
Marti Bolivar f9bfddd685 Move max image sector config to mcuboot_config.h
Take the opportunity to clean up a bit of platform cruft that has
gotten into bootutil by moving it to mcuboot_config.h, and ensuring it
is documented in the template config file.

Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
2018-04-25 18:44:03 -03:00
Fabio Utzig a1fae67d8a Add config for BOOT_MAX_IMG_SECTORS
This still defaults to 128 for compatibility, but allows users to
specify less elements to save space, or more elements for devices that
have massive flash size and/or too small sectors.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2018-04-05 18:15:35 -03:00
Fabio Utzig 13d9e35d52 Add faster copy/erase to overwrite-only mode
This add a new option to overwrite-only mode that enables copy/erase of
only the amount of sectors that are required to store the source image.

This is enabled by default when overwrite-only mode is used.

MCUB-70

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-10-19 09:28:37 -06:00
Fabio Utzig a8e23e26ea Updates mynewt port to use bundled tinycrypt
This removes the dependency on tinycrypt lib provided by mynewt and
switches to the one bundled in mcuboot. Also fixes a bug where tc
was only being used when eliptic curve 256 was selected as sign
algorithm.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-09-11 18:05:45 -03:00
Marko Kiiskila 22a46b2d4a Remove PKCSv1.5 sig format option from RSA
Since we are changing the image header format, there is no reason to
continue to support the old PKCS#1 v1.5 signatures.  Remove the
definitions, and conditional complication related to this, and only
support the newer PSS signatures.

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
Marko Kiiskila 833005e2d0 Mynewt: compile time indicator telling that using new img format.
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
2017-09-06 16:16:58 -06:00
Fabio Utzig ba1fbe607b Fix running newtmgr when building for mcuboot
This enables mynewt to use mcuboot as a remote repository, which is only
required when using newtmgr to manage images. Since mcuboot has slightly
changed the trailer format, newtmgr built against the bundled mynewt
bootloader writes the magic and flags to the wrong location.

To build a mynewt app the wants to run with mcuboot as the bootloader
and requires newtmgr one needs to change the app's pkg.yml dependencies
as follows:

-    - boot/bootutil
+    - "@mcuboot/boot/bootutil"

Signed-off-by: Fabio Utzig <utzig@apache.org>
2017-07-21 15:58:44 -03:00