Move the definition of boot_enc_retrieve_private_key() to a common file
to avoid code duplication and also endure seamless transition to this new
key handling approach for targets which don't use hardware keys.
Change-Id: I57e54e4332503c11d18762f8291c3cab53df3d20
Signed-off-by: David Vincze <david.vincze@arm.com>
This reverts commit 0fa46270c0.
This breaks:
samples/synchronization/sample.kernel.synchronization on
b_u585i_iot02a/stm32u585xx/ns error
as this TF-M configuration uses its own keys. This change is an API
change that needs to be coordinated with TF-M changes.
Before this revert, compiling this test results in:
.../encrypted.c:447: undefined reference to
`boot_enc_retrieve_private_key`
Signed-off-by: David Brown <david.brown@linaro.org>
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.
This hook helps retrieving private key from trusted
sources like OTP, TPM.
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
These changes fixes a bug that can cause an uninitialized BlockDevice
to be queried for its size. In some cases, this can return unexpected
results (eg: 0). Move setting block device size after its
initialization.
Co-created: @AGlass0fMilk - George Beckstein
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
Add header area size at the start of FLASH parameter in mbed_lib.json
This parameter is not used in MCUboot source code directly but for
example is the argument for imgtool.py sign command which sign
the binary image.
It will be useful to have it in Mbed port settings to use during project
building. For example post build command in cmake which signs image.
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
This commit add option for a user to enable MCUboot logging from project
configuration level.
Now, logging from MCUboot's sources will be printed in the same way as
mbed-os logs.
Co-created by @AGlass0fMilk - George Beckstein
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
The mbed port should be compatible with a new command-line tool
mbed-tools (Mbed CLI 2) which use cmake build system. This allows build
cmake-base applications.
Fix mbed files paths - it's required for the new version of mbed-os
(v6.15)
Signed-off-by: Artur Tynecki <artur.tynecki@mobica.com>
This commit adds a utility class that is available when building an application booted by mcuboot with MCUBOOT_DATA_SHARING enabled.
This utility class, `DataShare`, allows the application to iterate through the shared memory region and get each entry stored there.
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
The commit adds the MCUBOOT_PERUSER_MGMT_GROUP_ENABLED configuration
option to cypress, mbed and mynewt configurations.
The options is used to enable custom, system specific, mcymgr
commands parsing in mcuboot serial recovery.
For the listed platforms it is set as not enabled (0), as neither
of the platforms currently provide supporting callback.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit provides set of getter functions that allow to
access fields of flash_area and flash_sectors objects.
Usage of these function, instead of direct field access, allows
to keep common code intact when internal, system specific,
implementation changes.
The commit contains the implementation of getters for following
ports: cpress, mbed, mynewt, zephyr.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Introduced MCUBOOT_CPU_IDLE() macro.
If a port supports single thread or is bare-metal then might be need
to switch to idle mode explicitly form MCUboot code.
The call allows to enable lower power consumption while waiting for
incoming transmission in serial recovery etc.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This commit introduces changes to allow the Mbed-OS port to disable use of signature verification. Previously this was not possible even though it is a valid mcuboot configuration.
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
This commit also introduces changes that allow users to build for other non-swap type update methods (overwrite only, swap using move, direct xip, or RAM loading). Changes include:
- Adding configuration options relating to XIP
- Updating the Mbed flash map backend to be compatible with XIP updates
- Add default secondary_bd in internal flash for XIP on Mbed OS.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
The internal functions of mcuboot are not consistent in opening/closing flash areas and sometimes nested calls happen to `flash_area_open` and `flash_area_close`. With the previous implementation, a nested call to `flash_area_close` would deinitialize the underlying `BlockDevice`. This could cause subsequent flash operations on an "open" flash area to fail.
This PR adds a simple open counter for each flash area and ensures the underlying `BlockDevice` is initialized and deinitialized appropriately. The `BlockDevice` is only initialized when transitioning from an open count of 0 to 1. The `BlockDevice` is only deinitialized when the open count falls to 0.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
This PR prevents the following build error:
```
./mcuboot/boot/mbed/include/mcuboot_config/mcuboot_logging.h:65:30: error: 'IGNORE' was not declared in this scope
65 | #define MCUBOOT_LOG_ERR(...) IGNORE(__VA_ARGS__)
```
This build error occurs when the bootloader is configured with Mbed's logging library, mbed-trace, disabled or when a logging level other than "MCUBOOT_LOG_LEVEL_DEBUG" is used. Since "bootutil/ignore.h" was not included previously, the "IGNORE(...)" macro was undefined in this scope.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
TinyCrypt uses a modified version of micro-ecc that is also used by the Mbed Cordio BLE stack. When building mcuboot for a target with BLE enabled, this causes multiple-defined symbol errors during linking. Due to the nature of Mbed's current build system, it is difficult to fix this.
Mbed will soon release a more flexible cmake-based build system that will make it possible to exclude these TinyCrypt files from an application build that may also link Cordio BLE sources.
Until then, this commit temporarily disables the use of TinyCrypt with Mbed-OS and excludes its sources from the build to avoid this build error.
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
This PR provides a porting layer implementation and framework for building an mcuboot-based bootloader with Mbed-OS. Some symbols are not provided by the Mbed-OS port within mcuboot, namely:
- The secondary storage device (see below)
- The signing keys
- The encryption keys, if used
Use of this port is demonstrated by the following projects:
- https://github.com/AGlass0fMilk/mbed-mcuboot-demo (a complete mcuboot/Mbed-OS-based bootloader)
- https://github.com/AGlass0fMilk/mbed-mcuboot-blinky (example showing how to make an Mbed-OS application that is bootable by mcuboot)
Memory porting implementation:
The underlying implemenation uses Mbed's BlockDevice API as the storage backend for mcuboot's memory operations. This provides a very flexible way of configuring the location and layout of the secondary flash storage area. To build an mcuboot-based bootloader with Mbed-OS, the user must implement a hook function, mbed::BlockDevice* get_secondary_bd(), to provide the secondary BlockDevice that mcuboot will use.
The signing and encryption keys must also be provided by the user. They can be generated using the existing imgtool utility in the same manner used by Zephyr. There are no automated build steps currently provided by Mbed-OS to sign/encrypt build artifacts.
Known limitations:
The update candidate encryption features have not yet been fully tested. A truly secure implementation will require integration with Mbed's TRNG API in the future to inhibit side-channel attacks on the decryption process.
The TinyCrypt backend is currently only supported for Mbed-OS builds when building with the GCC toolchain. The new cmake-based Mbed-OS build system will fix the underlying issue (file name uniqueness).
Signed-off-by: George Beckstein <becksteing@embeddedplanet.com>
Signed-off-by: Evelyne Donnaes <evelyne.donnaes@arm.com>
Signed-off-by: Lingkai Dong <lingkai.dong@arm.com>
Co-authored-by: Lingkai Dong <lingkai.dong@arm.com>
Co-authored-by: Fabio Utzig <fabio.utzig@nordicsemi.no>