Although MCUboot has used PKCS#1 v2.1 (PSS) for some time now, the mbed
TLS config file was calling out v1.5. This compiled because MCUboot
implements its own specialized version of the signature check, and only
needs the underlying primitives from mbed TLS. (The general code in
mbed TLS is quite a bit larger).
To make it clear that we are always using PSS, change the mbed TLS
configuration to call this out explicitly.
Signed-off-by: David Brown <david.brown@linaro.org>
The upstream Zephyr project is renaming FLASH_DRIVER_NAME to
FLASH_DEV_NAME as part of some changes related to device tree.
Work around this for now by keeping the MCUboot name the same if
FLASH_DRIVER_NAME is not provided by Zephyr, but FLASH_DEV_NAME is.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
This enables building ecdsa feature using tinycrypt (mbed still built
for ASN1). The default mbed-tls config was update to use the MCUBOOT_SIGN_*
symbols.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch introduced serial bootloader functionality ported
from mynewt targets tree.
For achieving this following changes were applied:
- Modified boot_serial module for using, zephyr-os modules
(crc driver, mbedtls-base64 library) and the zephyr serial adapter module
introduced recently.
- Added service of boot serial recovery mode to main.
- Adapted the input parser to using static buffers.
Default serial-boot-pin configuration was added for nrf52_pca10040
and nrf52840_pca10056 boards.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Serial adapter uses the zephyr UART driver in interrupt mode for
providing communication capabilities needed for the boot serial
recovery mode.
This module provide API similar to mynewt console module.
Serial adapter module can not be compiled along with
the zephyr uart console module so this case is checked.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The Zephyr configuration was enabling the memory buffer allocator (but
not using it) without defining enough other features to allow it to
compile (undefined reference to `exit()`).
Disable the memory buffer allocator when just using the ASN.1 library,
and conditionalize the heap itself to avoid using the RAM for that.
Signed-off-by: David Brown <david.brown@linaro.org>
Zephyr now has proper page layout APIs in its flash driver. Use these
to implement flash_area_get_sectors() and flash_area_to_sectors() when
they are available. Leave the existing implementation behind as a
"legacy" version, for flash drivers which lack page layout support.
This lets us obtain all the target support we need for nRF and STM32
targets entirely from the operating system.
There are two cases where OS-level support is still not enough:
- NXP K6x targets still need an SoC family header, because their flash
driver does not yet support CONFIG_FLASH_PAGE_LAYOUT.
- The arduino_101 target needs partition and flash alignment
definitions in its DTS, and a flash driver with page layout support
as well, so its board-specific header must remain for now.
Fixing these is left to future work. Once that is done,
boot/zephyr/targets/ can be removed completely.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Zephyr now provides defines for FLASH_DRIVER_NAME and
FLASH_WRITE_BLOCK_SIZE (which is what we call FLASH_ALIGN) in
the SoC headers for most targets supported by mcuboot. Use that
information when it's available, falling back on MCUBOOT_TARGET_CONFIG
otherwise.
The soc_family_foo.h files remain for FLASH_AREA_IMAGE_SECTOR_SIZE. A
subsequent patch can remove these files when the relevant SoC flash
driver provides a page layout.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This cleanup commit requires a bit more target-specific knowledge
that's a bit harder to read than board-specific headers, but it's
still an improvement over what we have now.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
All of the information we need is in DTS or is the same across all
boards in the SoC family. There's no need for board-specific headers
for these targets.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The current flash_map.h API treats flash areas and flash sectors
synonymously. This isn't accurate; a flash area comprises one or more
sectors.
To distinguish them, add a new struct flash_sector, and a new
flash_area_get_sectors() which initializes an array of struct
flash_sector instead of struct flash area.
That done, deprecate flash_area_to_sectors().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This accessor returns the physical base address of a flash device,
given its ID. This will be used to support flash devices with nonzero
base addresses in mcuboot.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Remove most of mynewt specific stuff to a separate port package. This
should make mcuboot less "mynewt'y" and slightly easier to port to.
- Mynewt specific stuff moved to boot/mynewt.
- Sample app moved from apps/boot to boot/mynewt.
- Use MYNEWT_VAL macro only on mynewt port.
- BOOTUTIL_* and MYNEWT_VAL() usage moved to MCUBOOT_ defines.
The current flash_map.h API treats flash areas and flash sectors
synonymously. This isn't totally accurate; a flash area comprises one
or more sectors.
To distinguish them, add a new struct flash_sector, and a new
flash_area_get_sectors() which initializes an array of struct
flash_sector instead of struct flash area.
That done, deprecate flash_area_to_sectors().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
When building with ECDSA P-256 as the signature algorithm, we are still
bringing in SHA256 and some ASN.1 code from mbed TLS. Fix part of this
by wrapping the hash functions with general routines (inline functions)
allowing to select between mbed TLS and Tinycrypt for the
implementation.
Update the Zephyr config files so that the Tinycrypt version is used
when building the ECDSA P-256 signing variant.
There are some problems with how mbed TLS is configured in Zephyr.
First, include the makefile stub in the Makefile that uses these
defines. This makes sure the right definitions get made so that our
custom config gets used for all compiled files, rather than a mixed set.
Also, fix up the wrappers on the custom configs so that each is
different, making it easier to detect if multiple configs are being
included.
Lastly, only include the right header in the image validation. The mbed
TLS includes don't seem to want to allow both RSA and ECDSA to be used
(due to the key size), and including the wrong header results in a
compilation error.
This fixes MCUB-39.
On Zephyr targets, flash_area_to_sectors() assumes that the flash
device's sector size is equal to the size of the scratch area.
That breaks swap and rollback when scratch size doesn't divide image
size, since the image flash areas will not be correctly configured.
This is a valid configuration supported by the rest of mcuboot.
The best way to fix this would be to get the flash layout from Zephyr,
but that's not possible yet.
Instead, provide a new FLASH_AREA_IMAGE_SECTOR_SIZE define from
target.h. This must be the sector size for these areas:
- FLASH_AREA_IMAGE_0
- FLASH_AREA_IMAGE_1
- FLASH_AREA_IMAGE_SCRATCH
Other areas on the device may have sizes different than
FLASH_AREA_IMAGE_SECTOR_SIZE.
This won't work on platforms where those areas have nonuniform sector
sizes, but we'll cross that bridge when we come to it. (At that point,
an upstream Zephyr change to the flash API really seems needed.)
Revert to the old/buggy behavior when FLASH_AREA_IMAGE_SECTOR_SIZE
isn't provided, but emit a warning. Additionally, touch up the logging
and error handling while we're here.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
MCUBOOT_TARGET_CONFIG is included in several places now,
not just boot/zephyr/main.c. This seems likely to continue.
Let's avoid trouble and make it a real header file, target.h, that
pulls in MCUBOOT_TARGET_CONFIG. That done, include target.h instead
everywhere MCUBOOT_TARGET_CONFIG is included.
This will make it easier to provide values at an SoC/family level
later. We can expect different Zephyr boards to have the same SoC and
thus likely the same mcuboot flash layout, so this will avoid
duplication.
All supported boards are compile-tested.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The following declarations are undefined and unused in both simulator
and zephyr builds (96b_nitrogen, 96b_carbon, frdm_k64f):
- flash_map
- flash-map_entries
- flash_map_init()
Delete them.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Make it clear in the top-level Makefile how to configure mcuboot for
Zephyr for a particular signing algorithm. Currently supported, are the
RSA signatures, and ECDSA with the P-256 curve. These configuration
lines will select the code built in the bootloader, as well as which
public key gets included with the image.
This also adds a demo public key for the P-256 signatures.
Rather than commit our specific mbedtls config file into the Zephyr
tree, include it here, and add a path early in the make process so that
it will get picked up when building the library.
The Zephyr build systems makes some assumptions about the directory
layout, and encounters problems if the necessary path contains "../..".
To help this, place the zephyr directory next to the bootutil directory
so that the Makefile can just refer to "../bootutil". This keeps all of
the build artifacts under the proper top-level directory.
David Brown