Commit Graph

1138 Commits

Author SHA1 Message Date
Christian Daudt e1960a9c45 Update instructions to point to correct git URL
Updating the URL for git repository in README file to reflect merge
of PSoC62 into mcuboot master.

Signed-off-by: Christian Daudt <christian.daudt@cypress.com>
2020-03-04 21:03:19 -03:00
Roman Okhrimenko 4650f2011b Add debug configurations for ModusToolbox
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko 89ecdac3b8 Add initial implementation of MCUBoot application for Cypress PSOC6 platform
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Roman Okhrimenko e981665aa4 Add cypress dependencies as submodules
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig e60b12f9c5 sim: fix paths for mbed-cryto
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Fabio Utzig 3cd904a661 Update mbedTLS to 2.19.3
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Roman Okhrimenko <roman.okhrimenko@cypress.com>
2020-03-04 13:47:49 +02:00
Erik Johnson 4906375adc loader: Fixed warning about uninitialized rc variable
Might get past the loop without going in at least once.

Signed-off-by: Erik Johnson <erik.johnson@nimbelink.com>
2020-02-28 09:09:34 -03:00
Andrzej Puzdrowski af14853b7c zephyr: configurable log thread stack size
Introduced Kconfig property for configure log processing
thread stack size.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 8459163f14 zephyr: terminated log processing gently
Added log processing thread gently termination
before chain-load the application.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 3f092bd313 zephyr: allow recovery over usb cdc-acm with logs enabled
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.

Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.

Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.

build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
 -- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 9a4946ce9a zephyr: add default LOG and MULTITHREADING values in kconfig
Add Log processing configuration synchronous as default
if multithreading is disabled.

Additionally Kconfig makes MULTITHREADING default
if USB is selected.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
Andrzej Puzdrowski 5d96bd20a9 zephyr: tabs to spaces in line indentation
Uses spaces instead of tabs.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-27 10:01:25 +01:00
David Vincze c308413760 bootutil: Introduce HW rollback protection
- Add image security counter verification (read security counter value
  from the image manifest and compare it against the stored/active
  security counter) as an optional part of the image validation process
  to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
  is enabled then the platform must provide a mechanism to store and
  read the security counter value in a robust and secure way.

Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-02-25 23:43:12 +01:00
David Vincze 1a7a6905c5 imgtool: Add security counter to image manifest
Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).

The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.

Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>
2020-02-25 23:43:12 +01:00
Fabio Utzig 19df5c44de mynewt: allow newt to bypass submodule cloning
A recently added `newt` feature allows it to only clone selected git
submodules: https://github.com/apache/mynewt-newt/pull/377. This changes
the MCUBoot repository to remove submodules from the cloning process,
because they are not used by Mynewt.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-25 11:37:15 -03:00
Fabio Utzig 3647ded973 docs: update nokogiri to fix CVE-2020-7595
https://nvd.nist.gov/vuln/detail/CVE-2020-7595

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-25 09:26:02 -03:00
Fabio Utzig a1ed50bb11 mynewt: rollback version.yml
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-24 11:09:47 +01:00
Fabio Utzig 310af87f61 Update to v1.5.0
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-19 10:29:01 -03:00
Fabio Utzig 7de8a29672 Preparing for v1.5.0-rc2
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-17 11:22:32 -03:00
Fabio Utzig 03cce47291 sim: update dependencies
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-14 06:19:51 -03:00
Håkon Øye Amundsen 6fc259511a zephyr: add default pin for serial recovery for nrf53
Prior to this the kconfig would fail because of invalid value for an int

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-02-12 11:30:03 +01:00
David Brown a222bf3b17 README: update mailing list
Update the top-level README.md file to refer to the new mailing list.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-02-10 11:13:27 -07:00
Fabio Utzig ef7fbd7012 Preparing for v1.5.0-rc1
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-07 15:30:45 -03:00
Fabio Utzig cb0807355c imgtool: fix passing --erased-val with 0xff value
The `--erased-val` (or `-R`) option was doing conversion of base 10, so
the only value that was acceptable was 0. Although not passing this
option would result in the default `0xff` being used, this fixes the
issue by allowing Python to auto-detects the base from string.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-07 14:19:33 -03:00
Fabio Utzig 970840ccf5 docs: fix mailing list URL
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-06 06:00:28 -03:00
Andrzej Puzdrowski ac1f1fff50 zephyr: enable usb by the application
Since zephyrproject-rtos/zephyr#20375
Need to enable USB by the application.

Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
2020-02-05 12:49:05 +01:00
Fabio Utzig 34e93a507b boot: zephyr: mynewt: sha-512 from tinycrypt
* Mynewt always uses sha-512 from tinycrypt
* Zephyr can choose either tinycrypt or mbedTLS

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
Fabio Utzig a1c142d168 Add Tinycrypt based SHA-512 for ED25519
Add option to build ed25519 with tinycrypt; enable tinycrypt based
sha-512 for ed25519 sim tests.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
Fabio Utzig e4fe4633ff Add sha-512 port of tinycrypt's sha-256
A patch adding sha-512 to upstream tinycrypt was submitted:
https://github.com/intel/tinycrypt/pull/42

While it is not accepted, add the code under a new ext/tinycrypt-sha512
depedency.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-02-04 06:09:01 -03:00
Peter Bigot 36e9029ff0 boot: zephyr: move to non-deprecated GPIO flags
GPIO_DIR_IN has been replaced by GPIO_INPUT, GPIO_PUD_PULL_UP by
GPIO_PULL_UP, and gpio_pin_read() by gpio_pin_get_raw().  Update the
code to use the preferred API if it available.  This avoids
deprecation warnings in the build.

Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
2020-02-03 16:49:14 +01:00
Robert Lubos 1b19d2a198 boot: zephyr: Fix Kconfig inclusion
According to our CI:

Redundant 'source "$(ZEPHYR_BASE)/Kconfig.zephyr" in
'boot/zephyr/Kconfig'. Just do 'source "Kconfig.zephyr"'
instead. The $srctree environment variable already points
to the Zephyr root, and all 'source's are relative to it.

Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2020-02-03 08:51:56 +01:00
Håkon Øye Amundsen 09be783644 zephyr: use move swap instead of scratch for nRF devices
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-01-25 19:40:31 -03:00
Peter Bigot 54c1e3fb6b zephyr: fix driver include paths
Zephyr will soon no longer add the drivers subdirectory of the include
hierarchy to the search path, so references to driver headers must
include the drivers/ prefix.

Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
2020-01-25 10:01:42 -03:00
David Brown 2ee5f7f7f2 sim: Test software rollback protection
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-23 12:47:05 -07:00
David Brown 07e1381d0f Add a capability for querying downgrade prevention
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-23 12:47:05 -07:00
Håkon Øye Amundsen 2d1bac164f add option for rollback protection
Depends on 'MCUBOOT_OVERWRITE_ONLY' option since swap info is not protected
by signature

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-01-23 12:47:05 -07:00
David Brown e2acfaede5 sim: Add explicit copyright and licenses to the sim
Add an apache SPDX header and explicit license lines.  The date ranges
of the license lines is derived from the git history.  Having these
explicitly present will make contributions from other parties easier, as
they will simply be able to add their own copyright line, rather than
having to describe that it only covers modifications.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-22 10:11:13 -07:00
Håkon Øye Amundsen f0e5a842b3 cmake: use zephyr base in relative path
To be more robust in the placement of MCUBoot directory,
use the ZEPHYR_BASE env variable to locate
nrfxlib directory.

Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
2020-01-22 10:09:57 -07:00
Ulf Magnusson e96b6873bd dts: Include devicetree.h instead of generated_dts_board.h
Needed for https://github.com/zephyrproject-rtos/zephyr/pull/20757, to
avoid a warning-turned-error.

Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
2020-01-16 11:41:28 +01:00
Fabio Utzig 1f50892096 imgtool: update a few errors to use click's
Click has better UI for exceptions, so instead of throwing a backtrace,
allow it to print a nicer error message.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-16 06:11:34 -03:00
Fabio Utzig 9a492d5e87 imgtool: add better image overrun checks
This breaks the check() routine into two, one to check the header, one
to check the trailer. The reason is that header checking must be
performed when loading the input binary, while trailer overrun check
must be done after the whole image (with TLVs) is built.

To support the option of saving encrypted TLVs during swap in the
bootloader, a new parameters was added to the create command, to
allow the user to provide a config that matches the bootloader build
option and to do proper image overrun checks.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-16 06:11:34 -03:00
Rajiv Ranganath b976a4c0dc docs/PORTING.md: Update APIs needed for porting MCUboot
Signed-off-by: Rajiv Ranganath <rajiv.ranganath@atihita.com>
2020-01-13 10:09:54 -03:00
David Brown 3dc86c90cb sim: Compute TLV size from actual size
Instead of having lots of magic numbers to try and track the resulting
size of the TLV, just determine the size we end up with after encoding
it.  The only place the size is used is in the header within the TLV
itself.  Make this work by putting a placeholder in the TLV, and then
patching the value back after we know the full size.

In addition to removing a lot of magic numbers from the code, this will
make it easier to handle things that vary in size, such as X.509
certificates.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-09 11:29:40 -07:00
David Brown 2b73ed9440 sim: Always compute protected size
Instead of having a running size that we try to always match the encoded
size of, compute it a bit more dynamically.  The size is still needed
before the contents can be filled in, so this doesn't gain too much, but
will make it easier to compute the rest of the TLV size based on the
actual encoding rather than lots of magic numbers.

Signed-off-by: David Brown <david.brown@linaro.org>
2020-01-09 11:29:40 -07:00
Fabio Utzig dd2b6804d9 boot: zephyr: remove [EXPERIMENTAL] from config option
Swap without scratch has been tested enough and no obvious bugs (or
"show stopper) bugs seem to exist; so remove [EXPERIMENTAL] and make
it "stable".

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 17:08:22 -03:00
Fabio Utzig 4b4ed98310 sim: enable saving encrypted TLV for ECIES
This changes the simulator to save the encryption TLV itself instead
of the unecrypted AES-128 key when doing the ECIES encryption test,
to add proper test coverage of this configuration option.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 17:08:22 -03:00
Fabio Utzig 9e1db9a88f boot: Add free space check for swap without scratch
Add a missing test which ensures that there is enough free sectors to
perform an upgrade when using the move strategy; this basically checks
that the sectors used by the trailer don't overlap the last sector
required for a move up operation.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 17:08:22 -03:00
Fabio Utzig fc9477504e ci: enable enc-ec256 test
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00
Fabio Utzig 4626853d3e sim: fix RSA signature length macro usage
Update RSA-3072 test that was using old Zephyr macros to set size.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00
Fabio Utzig 66b4caac45 sim: allow generation of non-signed + encrypted EC images
Signed-off-by: Fabio Utzig <utzig@apache.org>
2020-01-07 16:03:55 -03:00