Commit Graph

1263 Commits

Author SHA1 Message Date
Jamie McCrae ea2410697d boot: bootutil: boot_record: Fix issue with saving image data
Fixes an issue with saving shared boot data when the number of
images is more than 1. This is caused becuase the function is
called once per image but the function itself saves common data
plus data for all images, so prevent saving when it has already
ran once

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit bcffc62c66)
2024-11-15 07:46:11 +00:00
Andrej Butok 03b6482899 boards: mcxn947_qspi: fix mcuboot partition allocation
- Fixes MCUBoot partition allocation for
  frdm_mcxn947_mcxn947_cpu0_qspi
- Assign "zephyr,code-partition" in the
  frdm_mcxn947_mcxn947_cpu0_qspi overlay,
  as app.overlay is ignored if a board overlay is present.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
(cherry picked from commit ab01443605)
2024-11-15 07:45:33 +00:00
Andrej Butok 1c47465cd1 boot: zephyr: use EXTRA_CONF_FILE instead of deprecated OVERLAY_CONFIG
Use EXTRA_CONF_FILE that replaced OVERLAY_CONFIG
since the Zephyr v3.4 release.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
(cherry picked from commit 5c21093af5)
2024-11-04 14:28:55 +00:00
Andrej Butok 8e8ecd916f boot: zephyr: Fix serial recovery for NXP IMX.RT platforms
Serial recovery failed for NXP IMX.RT platforms
unless BOOT_ERASE_PROGRESSIVELY is set.

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
(cherry picked from commit a91a61564a)
2024-11-04 14:28:52 +00:00
Andrej Butok 52c7231add boot: zephyr: Fix Warning 'boot_serial_enter defined but not used'
Fix possible warning "boot_serial_enter defined but not used".

Signed-off-by: Andrej Butok <andrey.butok@nxp.com>
(cherry picked from commit a967c66ed0)
2024-11-04 14:28:50 +00:00
Thomas Altenbach 50b7b9ee2c bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS
For some reason, the calls to mbedtls_aes_free, mbedtls_nist_kw_free and
mbedtls_sha256_free_drop were commented out which means the AES and
SHA-256 contexts were not properly de-initialized after usage when
mbedTLS is used. In the case of AES-KW it seems that might lead to a
memory leak depending on the mbedTLS configuration, but in any case and
independently of the mbedTLS configuration, this leads to the contexts
not be zeroized after usage.

Not zeroizing a context means it stays in RAM an undefined amount of
time, which might enable an attacker to access it and to dump the
sensitive data it contains.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
(cherry picked from commit 5d5f04923f)
2024-11-04 14:28:43 +00:00
Jamie McCrae 809b0e42fe bootutil: Add better mode selection checks
Improves the mode selection checks to prevent selecting multiple
conflicting modes as has been seen in TFM

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 43a49a3b92)
2024-11-04 14:28:38 +00:00
Jamie McCrae 03d1a443dc boot: zephyr: board: Fix nrf54l15pdk Kconfig fragment
Fixes an issue with this file as it was wrongly disabling QSPI
NOR, which the hardware does not support, when it should have been
disabling SPI NOR

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 651775b550)
2024-11-04 14:28:27 +00:00
Mahesh Mahadevan 323eb8d1e7 boot: zephyr: MCXN947 currently only does not support swap mode
Update the configuration to remove swap mode support.
MCXN94x ROM Flash API supports writing of 128byes page.

Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
(cherry picked from commit a3762626f8)
2024-11-04 14:28:24 +00:00
Lluis Campos 0a88733ddd boot_serial: Fix `format` warning
By explicitly casting to unsigned int.

Signed-off-by: Lluis Campos <lluis.campos@northern.tech>
(cherry picked from commit 52e2afc2f8)
2024-11-04 14:28:21 +00:00
Lluis Campos 157547c889 boot_serial: Fix `incompatible-pointer-types` warning
The variable `rc` was declared as int and then implicitly casted to
`size_t` when passed to `base64_decode`, which on 64 bit architectures
is wrong.

Signed-off-by: Lluis Campos <lluis.campos@northern.tech>
(cherry picked from commit dd4d6541c8)
2024-11-04 14:28:18 +00:00
Jamie McCrae 60ac682a12 bootutil: loader: Verify image header before checking image
Changes the order of operations to validate the image header
before checking the image, it does not make sense to check the
image if the header itself is invalid

Note: This PR has been modified from the upstream commit due to
a merge failure from other changes that are not being brought into
Zephyr 3.7

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 2939d30545)
2024-11-04 14:28:09 +00:00
Sylvio Alves 1cd53982e1 boot: main: avoid unused build warning
In case ESP32 SoC is used, *start will get
build warning as it is not used.

Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
(cherry picked from commit 334d2c28f6)
2024-11-04 14:27:56 +00:00
Jamie McCrae 587289d650 bootutil: Fix missing include
Fixes a missing include in the header

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 034f58cbf1)
2024-11-04 14:27:53 +00:00
Jamie McCrae 610b8e2b1b bootutil: Fix swap move max app size calculation
This calculation failed to take into consideration the additional
sector needed for the swap move part of the upgrade process

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit e2e1e945fa)
2024-11-04 14:27:50 +00:00
Jamie McCrae a375a14d87 zephyr: Fix issue with sysbuild if something else is named mcuboot
Fixes an issue which can occur in tests whereby an application
has the name mcuboot but is not mcuboot itself

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 8456464c04)
2024-11-04 14:27:39 +00:00
Fabio Utzig 77b03c7fe7 Fix style issues
Convert tab to spaces; fix opening brace position.

Signed-off-by: Fabio Utzig <utzig@apache.org>
(cherry picked from commit d5e0e89568)
2024-11-04 14:27:31 +00:00
Dominik Ermel 35bf48c5b7 boot: Change boot_enc_load to take slot number instead of image
In all cases where boot_enc_load is called it is known what slot
is addressed, so it is better to just pass the slot number
instead of making the boot_enc_load figure out slot number from
image index and provided flash area object.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 7f9ac97951)
2024-11-04 14:27:23 +00:00
Jamie McCrae 24de0fbc7c boot: zephyr: Fix RAM load chain load address
Fixes showing the wrong address when booting a RAM load image

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
(cherry picked from commit 7fc3ad3d0b)
2024-11-04 14:24:48 +00:00
Dominik Ermel 7566edaf88 boot: Move encryption context invalidation to boot_enc_drop.
The enc_key_data.valid had been set to true when key has been added
to the encryption context, but in case when boot_enc_drop was called,
on the same context, the flag remained true, even though the context
may no longer hold any valid context nor key.
The commit moves the enc_key_data invalidation to enc_key_drop.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 335573520d)
2024-11-04 14:23:56 +00:00
Dominik Ermel 86b1ef198b boot: Rename boot_enc_decrypt to boot_decrypt_key
All of boot_enc_ function follow the same pattern where
they take encryption context as the first parameter, and the
boot_enc_decrypt stands out here as it does not work around
the encryption context, but is rather single-part decryption
function only used for decrypting of the image encryption
key.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 2371c0aa7f)
2024-11-04 14:23:53 +00:00
Hudson C. Dalpra 597a1996d5 boot: boot_serial: change logging to debug level
Update the log level for RX and TX messages from INFO to DEBUG to reduce
clutter in the serial interface logs. This change helps in keeping the
output cleaner and focuses on more critical information by default.

Signed-off-by: Hudson C. Dalpra <hudson@bduncanltd.com>
(cherry picked from commit 4b9d07dc4f)
2024-11-04 14:23:50 +00:00
Dominik Ermel f2971d2014 boot: Add missing boot_enc_init
The boot_enc_set_key in boot_swap_image, when recovering from
reset, has been caled on AES context that has not been
initialized.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 7e3a1cecd7)
2024-11-04 14:23:36 +00:00
Dominik Ermel 071b3b8e0f boot: Remove pointless slot identification
In the boot_image_validate_encrypted there was call to
flash_area_id_to_multi_image_slot, which tries to figure out
slot index from flash area and image index, and the result of the
call was not used for anything as slot index is hardcoded in the
next call to be 1 (secondary).

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
(cherry picked from commit 4da4a72cb1)
2024-11-04 14:23:33 +00:00
Thomas Altenbach 3c2f837528 bootutil: Properly retrieve image headers after interrupted swap-scratch
For swap using scratch, the boot_read_image_header routine, responsible
for reading the image headers, was always looking for the primary and
secondary image's headers at the beginning of respectively the primary
and secondary slots, regardless of the current boot status.

This means if during a swap-scratch upgrade a reset happens after the
sector containing the image header in the primary or secondary slot has
been erased, invalid image headers were read since at that time the
location of the headers has changed.

Currently, this doesn't seem to cause any issue because the swap-scratch
algorithm is implemented in such a way the content of the headers is no
more necessary when the headers are erased. However, to be able to
decrypt the secondary image when copied to the primary slot instead of
when copied to the scratch area, properly reading the secondary image's
header is required even after it has been erased from the secondary
slot.

To that end, the boot_read_image_header is modified to determine from
the boot status the current location of the image headers and to always
read the actual header, no matter the current state of the upgrade
process.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
(cherry picked from commit f515bb1c44)
2024-11-04 14:23:22 +00:00
Jamie McCrae 8980799219 boot: zephyr: Fix build for nrf9160dk
Fixes building MCUboot for this board

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2024-07-10 07:37:43 +01:00
Jamie McCrae 2f5a7f4721 boot: zephyr: Fix build for thingy53
Fixes building MCUboot for this board

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2024-07-10 07:37:43 +01:00
Jamie McCrae c9e4ab8b24 boot: zephyr: Fix build for thingy52
Fixes building MCUboot for this board

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2024-07-10 07:37:43 +01:00
David Brown c06f7bb367 Revert "boot: Add MCUBOOT_HW_KEY support for image encryption"
This reverts commit 0fa46270c0.

This breaks:

    samples/synchronization/sample.kernel.synchronization on
    b_u585i_iot02a/stm32u585xx/ns error

as this TF-M configuration uses its own keys.  This change is an API
change that needs to be coordinated with TF-M changes.

Before this revert, compiling this test results in:

    .../encrypted.c:447: undefined reference to
    `boot_enc_retrieve_private_key`

Signed-off-by: David Brown <david.brown@linaro.org>
2024-07-09 09:19:43 -06:00
David Brown 1d79ef35ee boot: Fix ASN.1 for mbedtls >= 3.1
In Mbed TLS 3.1, the private fields in the ASN.1 structure were made private.
This breaks code that accesses these private macros.

Fix this by changing the ASN.1 specific code to use a new field accessor
`ASN1_CONTEXT_MEMBER` that will be conditionally defined based on the version of
Mbed TLS that is present.

Signed-off-by: David Brown <david.brown@linaro.org>
2024-06-28 10:04:35 -06:00
David Brown 1b1d495338 FIH: Disable FIH labels on Apple targets
The symbols injected here cause some kind of poor interaction with the linker on
MacOS, which results in most of the code becoming hopelessly corrupt.  For now,
just disable these symbols on this target.

Signed-off-by: David Brown <david.brown@linaro.org>
2024-06-26 16:43:56 -06:00
Thomas Altenbach 9ae634f3bf bootutil: Fix signed/unsigned comparison in boot_read_enc_key
When MCUBOOT_SWAP_SAVE_ENCTLV is enabled, a comparison between a signed
and an unsigned integer is made in boot_read_enc_key. This might cause a
warning to be emitted at compile-time.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
2024-06-20 17:54:01 -03:00
Dinesh Kumar K 0fa46270c0 boot: Add MCUBOOT_HW_KEY support for image encryption
Currently encryption supports only private key embed
in mcuboot itself. To support MCUBOOT_HW_KEY for image
encryption boot_retrieve_private_key() hook is added.

This hook helps retrieving private key from trusted
sources like OTP, TPM.

Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
2024-06-12 15:17:54 -06:00
Mahesh Mahadevan 45d379e715 zephyr: boards: Add files needed for NXP FRDM MCXN947 QSPI variant
1. set BOOT_MAX_IMG_SECTORS value for frmd_mcxn947_qspi. W25Q64 flash on the board
   is very large (8MB), so we must increase the number of max sectors when
   targeting this board with MCUboot.
2. Set the zephyr,flash chosen node to point to internal flash as this board
   supports booting from internal flash only.

Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
2024-05-24 06:45:03 +01:00
Jerzy Kasenberg 29f9540db8 mynewt: Igore swap_scratch.c for single application slot
swap_scratch.c requires definition of SLOT1, in single application
slot build it's not needed and file would not be used anyway so
now it is removed from mynewt build

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2024-05-23 18:09:36 +02:00
Marek Matej 898a1ca64a boot: zephyr: add ESP32-C6 support
Update the list of SoCs to support the ESP32-C6.

Signed-off-by: Marek Matej <marek.matej@espressif.com>
2024-05-21 16:52:51 +02:00
Marek Matej 018dc01d48 boot/zephyr: use socs conf
Use socs folder to configure Espressif targets.
Remove all boards confs which was created by copying other boards.

Signed-off-by: Marek Matej <marek.matej@espressif.com>
2024-05-13 04:25:17 -03:00
Tomi Fontanilles d4394c2f9b mbedtls config: fix too early check_config.h includes
check_config.h was included manually by custom configuration files.
This caused compilation errors when updating MbedTLS to 3.6.0
because check_config.h was processed too early, before the whole
configuration is defined, effectively causing configuration check errors.

MbedTLS already takes care of including check_config.h at the right time.
Remove those erroneous manual check_config.h includes.

Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2024-04-25 11:05:54 +02:00
Thomas Altenbach 73315f7b51 bootutil: Fix memory leak in HKDF implementation
The bootutil_hmac_sha256_set_key routine performs some dynamic memory
allocations when mbedTLS is used. To properly free the allocated memory,
bootutil_hmac_sha256_drop must be called before reinitializing the HMAC
context using bootutil_hmac_sha256_init.  However, in the hkdf routine,
the HMAC context was freed only once even though it was initialized
multiple times.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
2024-04-23 11:03:22 -06:00
Mahesh Mahadevan 453096b17d zephyr: arm: Update reading the flash image reset vector
This change uses the flash functions to read the applications
reset vector. This allow flexibility on which flash device the
application is programmed.
For e.g: MCUBoot can be programmed and running from Internal
Flash while Zephyr can be loaded from a different Flash device.
This change is made for ARM platform, it can be extended to
non-ARM platforms as well.

Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
2024-04-23 10:32:09 -06:00
Jamie McCrae 1496129235 boot: zephyr: Add optional MCUboot boot banner
Adds an optional MCUboot boot banner which displays the MCUboot
version and zephyr version

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2024-04-23 11:28:48 +01:00
Alex Tsamakos 7174dd2ba8 boot: zephyr: boards: actinius: enable multithreading in config
Adds config with multithreading enabled for all Actinius boards

Signed-off-by: Alex Tsamakos <alex@actinius.com>
2024-04-23 11:26:34 +01:00
Robert Paananen 556b32a679 boot: Removed unnecessary if-statement
If-statement checks if length is greater than some value right after a check if it is equal to the same value.
This will never be true.

Signed-off-by: Robert Paananen <robert@paananen.nu>
2024-04-18 10:49:14 +01:00
David Brown da2e2ab4e3 boot: Enforce TLV entries to be protected
Only allow TLV entries that are needed for signature verification to be placed
in the unprotected area of the TLV.

Signed-off-by: David Brown <david.brown@linaro.org>
2024-04-18 11:27:15 +02:00
David Brown ea1cdfdeff boot: Add tlv query for protected region
Add a query to the TLV iterator that will indicate if the currently iterated TLV
entry was found in the protected region or not.

Signed-off-by: David Brown <david.brown@linaro.org>
2024-04-18 11:27:15 +02:00
Sylvio Alves 8c0e36c886 boot: zephyr: esp32: rename boards to meet hwmv2
Renames boards to account for hwmv2 changes

Signed-off-by: Sylvio Alves <sylvio.alves@espressif.com>
2024-04-16 18:02:13 -03:00
Jerzy Kasenberg ed6460b815 mynewt: Add single_loader support
There is existing functionality for Zephyr where mcuboot works
with single slot (no swap) and image can be updated via boot_serial.

To have same functionality in mynewet single_loader.c file is copied
from zephyr tree and 2 pkg.yml files are modified to utilize new
file when BOOTUTIL_SINGLE_APPLICATION_SLOT is defined

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2024-04-14 20:17:44 -03:00
Jerzy Kasenberg 23d4f12169 mynewt: Change main to mynewt_main
mynewt system for some time now uses mynewt_main() as
starting point called from startup code.
This changes function name main to mynewt_main but
provides backup main function that will be linked if
pre 1.12 mynewt-core is used with mcuboot

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2024-04-14 20:16:39 -03:00
David Vincze f06bc71180 bootutil/crypto: Builtin ECDSA key support for PSA Crypto backend
Enable the usage of builtin keys in the ECDSA verification module with
the PSA Crypto API based cryptographic backend.
This way parsing and importing the verification keys can also be avoided.

Change-Id: I6ada1ef8ed04a3f12c228ef399e3a7b8ebc7fb5e
Signed-off-by: David Vincze <david.vincze@arm.com>
2024-04-10 12:05:08 -06:00
David Vincze e369784ba4 bootutil: Allow the usage of builtin keys in verification
Introduce a new MCUBOOT_BUILTIN_KEY option to enable the usage of
builtin keys for signature verification. This way the details of the key
handling mechanism are abstracted away from the boot code and this
responsibility is delegated to the given crypto library.
This is an alternative option to the existing MCUBOOT_HW_KEY feature,
however in this case we can entirely rely on key IDs and not only the
code, but also the image metadata does not contain any public key data.

Change-Id: Id01b67951310549b2734730c58bfa7210a2d5236
Signed-off-by: David Vincze <david.vincze@arm.com>
2024-04-10 12:05:08 -06:00