The commit fixes compilation error when attempting to build
support for single application slot with serial recovery enabled.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This patch adds the possibility to boot using ram-load with an
encrypted image. This is enabled when both the flags MCUBOOT_RAM_LOAD
and MCUBOOT_ENC_IMAGES are defined.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Hugo L'Hostis <hugo.lhostis@arm.com>
Signed-off-by: Salome Thirot <salome.thirot@arm.com>
Change-Id: I7756c2c634d90a2e726117d6cfc5650653cf1b51
Use version 0.0.2 of the FIH docker image, which is just a rebuild with
upgraded packages. This should fix the SSL issues cloning the tf-m-tests
repo from the docker run.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When building images for testing they are aligned to a flash write size,
which works fine for flash based comparisons, but since RAM is always
reset to 0, if the flash is erased to 0xff, the final bytes of the
alignment will differ even though they are not relevant (not part of the
image itself).
This commit adds a real image size parameter to the ImageData, so it can
be used by the RAM load to compare only the relevant bits of the image
(ignore the padding), and also updates the RAM test routine to use the
correct image size.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The commit adds check for MULTITHREADING being enabled when USB
DFU is enabled, for Zephyr platform.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Force use of string comparison to avoid issues comparing strings that
include specific characters like `[` and `]`, which are special symbols
and break the bash test.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The mimxrt1020_evk and mimxrt1050_evk_qspi boards have large
slots so we need to increase CONFIG_BOOT_MAX_IMG_SECTORS from
the default.
Signed-off-by: Xabier Marquiegui <xmarquiegui@ainguraiiot.com>
When building mcuboot-sys, the build script currently adds some
duplicate files. When used as a library, this works, because the code
is linked in as a library. However, when mcuboot-sys is tested itself,
all specified files will be brought in, which results in duplicate
symbols for these files.
Fix this by keeping track of all of the files that we've added, and
making sure to add each file once. Additionally, instead of using the
orphaned files in mbedtls-asn1, just always use the verions in the main
mbedtls library. There are some configurations of the code that end up
using both the extracted files and the full mbed TLS. Avoid that
conflict by just always using the full tree.
Signed-off-by: David Brown <david.brown@linaro.org>
When collected together as a workspace, the test framework ends up
running all of the configurations on each project. One configuration
option `large-write` doesn't really mean anything to mcuboot-sys, but
adding support for the feature allows this package to be tested along
with all of the other packages.
Signed-off-by: David Brown <david.brown@linaro.org>
Add workflows to run FIH tests using GH actions. Update scripts to add
parsing of FIH parameters from a env matrix and disable docker caching
when running on GH.
Signed-off-by: Fabio Utzig <utzig@apache.org>
ESP32-C3 target added to the Espressif port, CMakeLists, and
added related files to ESP32-C3 target directory as well.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
ESP32S2 target added to the Espressif port, modified CMakeLists,
and added the bootloader related files to esp32s2 target directory.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Change the log level of TF-M so that the message that the CI is looking
for appears in the output.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Change-Id: I763ccef4aaf6158ed578b230096f595a1e5cbfd9
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
The running test was generating an YAML output with the following line:
```
last_line: ' Description: 'ECDSA signature test of attest token''
```
This string comes from the test with the single quotes, and using single
quotes twice break the YAML format, so this commit changes the string
after last_line to be enclosed in the double quotes.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This reverts commit 34f68ed67c.
Re-enable certificate checking when downloading the Arm toolchain.
Although, this is probably not all that great of a risk, the certificate
issue was transient, and was fixed shortly after it was noticed.
Signed-off-by: David Brown <david.brown@linaro.org>
Change increases BOOT_SERIAL_OUT_MAX. This is necessary to provide
complete image list when multi-image DFU is enabled and four image
slots are occupied.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Instead of having to cd into the 'sim' directory, create a top-level
Cargo.toml file that adds the sim as a workspace.
For the most part, this doesn't change how the simulator works. It is
still possible to run `cargo test ...` within the `sim` directory.
However, the `target` directory will reside at the top-level of the tree
instead of within the sim directory.
One change is that running cargo commands at the top of the tree will
run those commands on all of the packages found within the tree.
Specific packages can be tested by either changing to the directory of
that package, or passing `-p <dir>` to the cargo test command (i.e.
`cargo test -p bootsim`).
The other visible change from this commit is that the 'target' directory
will always be at the top of the tree, rather than in particular
directory where the test is run. Any scripts or tools that expect this
to be in a certainly location, will have to be modified.
Signed-off-by: David Brown <david.brown@linaro.org>
Update the dependencies in the main sim to the latest versions. There
are some minor changes in a few of the packages, and a fairly
significant change to the aes. The aes_ctr crate has been merged into
the aes crate, along with some changes to how it initialized.
Signed-off-by: David Brown <david.brown@linaro.org>
This commit fixes following issue:
One of parameters in comparison using fih_eq() was not of fih_int
type which caused build error when medium or higher FIH mode is enabled.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Disable certificate verification for developer.arm.com to avoid
certificate issues when installing arm embedded tools to build Mynewt.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit adds a utility class that is available when building an application booted by mcuboot with MCUBOOT_DATA_SHARING enabled.
This utility class, `DataShare`, allows the application to iterate through the shared memory region and get each entry stored there.
Signed-off-by: George Beckstein <george.beckstein@gmail.com>
This patch make possible MCUBOOT_BOOTUTIL to integrate the
hook file on their own. This is intended to support hook while
the library is just part of the application.
The hooks file for the MCUboot build is now included in the same manner.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change enables multi-image DFU in Thingy:53 configuration.
The network core cannot access external flash directly. The flash
simulator must be used to provide a memory region that is used to
forward the new firmware to the network core.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
The Travis tests build MCUboot against a specific version of TF-M, which
it no longer works with. Newer versions of TF-M seem to not support the
mps2/an521 target that the tests don't build that way either.
Until these tests can be fixed, just disable all of them. Future
possibilities include fixing the issues between TF-M and MCUboot, or
making these tests able to run within Zephyr.
Signed-off-by: David Brown <david.brown@linaro.org>
The dependency, in Kconfig, blocked usage of the ENABLE_MGMT_PERUSER
with other BOOT_SERIAL_ device options.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Change introduces default configuration of MCUboot for Thingy:53
secure cpuapp. The default configuration also disables image
revert on application core.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
Move CDC ACM UART node from common DTC overlay to
specific overlays, nrf52840_big.overlays and
usb_cdc_acm.overlays.
Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>
Adapt to Zephyr OS changes to get CDC ACM UART device.
Remove RECOVERY_UART_DEV_NAME Kconfig option and
use DEVICE_DT_GET() in serial_adapter.c
Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no>
Example (very basic) hook implementation.
Added case description for test-build with these hooks
and multi-image feature.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Introduced boot_img_install_stat_hook() hook fuinction for fetch
the image's slot installation status.
The image's slot installation status is custom property.
It's detailed definition depends on user implementation. It is only
defined that the status will be set to 0 if this hook not provides
another value.
Inserted available hook for read image header as well.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added hook for: read image header, validate the image and hook
which is called after image was uploaded completely.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added hook which allows to override boot_read_swap_state_by_id()
routine for the primary slot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added hook for read image header.
Added hook which is for inject an image check implementation which can
be used instead of boot_image_check() internal implementation on a primary
slot.
This is usefully especially when primary has to be checked by other entity
on MCUboot's demand.
Added hook which allow to implement image update process
differently.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
If user generate project and the will try to switch signature type
then it is very likely that MBETLS will be enabled simultaneously when
tinycrypt has to be force-selected, which causes kconfig warning on
impossible configuration. Such configuration won't be possible to be
fixed using menuconfig etc.
This patch moves dependency check on !MBEDTLS from kconfig to preprocessor
which makes manual fixing using menuconfig possible.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Dominik Ermel