enc_state table was indexed with assumption that
image flash area are subsequent and increasing numbers.
It might not be true while building zephyr.
Patch introduce flash_area_id_to_image_slot() implementation for
the zephyr port and uses it to assign proper slot number.
This API is already available in MyNewt.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.
Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
Zephyr flash_map reworks caused that areas id exact number are
assigned dynamically.
This patch i counterpart to
https://github.com/zephyrproject-rtos/zephyr/pull/8837
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This removes the unsafe Tinycrypt bindings previously used for signing
with ECDSA, and relies on ring native support.
The ring library was updated to 0.14.1.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Remove the final conditional compilation in the simulator. The
simulator is now always built the same way, and bases the tests it runs
on the capability queries made to the MCUboot code. This simplifies the
simulator code a bit, and, importantly, removes the ability to have
mismatches between the configuration as compiled into the MCUboot code
and how the simulator is compiled.
Signed-off-by: David Brown <david.brown@linaro.org>
Turn some more conditional compilation into runtime decisions based on
how the code being tested is compiled.
Signed-off-by: David Brown <david.brown@linaro.org>
Now that we can dynamically query whether mcuboot is built with
encryption support, remove conditional compilation in favor of a dynamic
query.
Signed-off-by: David Brown <david.brown@linaro.org>
Remove some compile-time configuration of the overwrite-only flag.
These will be decided by doing a dynamic query of how the mcuboot code
has been compiled.
Signed-off-by: David Brown <david.brown@linaro.org>
Start refactoring the image code by moving it to a separate module.
This requires some structs and fields be made public. Otherwise, the
code is unchanged.
Signed-off-by: David Brown <david.brown@linaro.org>
Since logging was broken due to incompatibility between log and
env_logger versions, those crates were updated to known to be compatible
versions. Update initialization of env_logger that does not return a
Result<> anymore.
Other crates were updated to remove duplicated versions as much as
possible.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The old log subsystem has been deprecated in Zephyr.
Migrate to the new subsystem to avoid compilation warnings.
In-place log processing is selected as it is required as MCUBoot is
one thread application.
Signed-off-by: Emanuele Di Santo <emdi@nordicsemi.no>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Apply the changes suggested by
cargo fix --edition-idioms
as well as a bit of cleanup of the results. The result should be more
idiomatic Rust 2018 and a good starting point moving forward.
Signed-off-by: David Brown <david.brown@linaro.org>
Automatic migration to Rust 2018. This is the result of running
cargo fix --edition
The resulting code is compatible with both Rust 2015 and 2018. Change
the edition field in the Cargo.toml file as well to begin a more
complete migration.
Signed-off-by: David Brown <david.brown@linaro.org>
Apply the changes suggested by
cargo fix --edition-idioms
and cleanup the results a bit. Eliminate `macro_use` extern crates.
Signed-off-by: David Brown <david.brown@linaro.org>
Apply the changes suggested by
cargo fix --edition-idioms
as well as a bit of cleanup of the results. The result should be more
idiomatic Rust 2018 and a good starting point moving forward.
Signed-off-by: David Brown <david.brown@linaro.org>
Automatic migration to Rust 2018. This is the result of running
cargo fix --edition
The resulting code is compatible with both Rust 2015 and 2018. Change
the edition field in the Cargo.toml file as well to begin a more
complete migration.
Signed-off-by: David Brown <david.brown@linaro.org>
A few packages have updates that make them more convient to use with
Rust 2018's 'use macro'. This is convenient as it allows control over
what macros are imported, but without these updates, these packages
require you to know the names of internal macros to import.
Signed-off-by: David Brown <david.brown@linaro.org>
This adds the functionality to build/run testing on images that were
signed using ECDSA and encrypted with KW, using tinycrypt.
Also when it this mode, ecdsa+kw, adds the Mbed-TLS submodule to the
build because the simulator needs to use the Mbed-TLS keywrapping
infrastructure to generate the keys sent to the image.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an external SPI flash that uses a larger sector size than
the internal flash. Currently this breaks the tests but it's being
added here to trigger a CI fail that will be fixed by adding support
for this feature in a subsequent commit.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an initial device with multiple flash (nrf52840 + SPI flash)
and updates all test routines to use a HashMap of flash devices (added
as type SimFlashMap).
Signed-off-by: Fabio Utzig <utzig@apache.org>
A new type `FlashMap` that stores a HashMap of [device_id -> Flash trait]
was added, which enables multi-flash devices to be passed around.
The previously existing static FLASH value that was used to simulate the
raw device, was updated to using a FlashMap which enables bootutil to
interface with more than one flash device.
Signed-off-by: Fabio Utzig <utzig@apache.org>
AreaDesc was modified to not receive a flash device on its constructor,
and instead a new function `add_flash_sectors` was added that allows it
to receive a flash device and id.
The `add_image` function that populates the areas also now receives a
dev_id that is used internally as fa_device_id.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The previous c/rust ffi functions were hardcoding the values of align
and erased_val before each run through static globals. This adds new sim
flash functions that get the align/erased_val from the sim flash device
that is being run on, allowing that later multiple flash devices can
each use its own params.
Signed-off-by: Fabio Utzig <utzig@apache.org>
A new align() function was added to SimFlash, and most functions that
were using/receiving align or erased_val parameters that had access to a
Flash trait were cleaned up so that they get the parameters directly
from the Flash device.
This will make it easier to extend for multiple Flash devices since
parameters should depend on the device in use.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Update `flash_area_*()` functions to call `sim_flash_*()` directly
instead of using `hal_flash_*()` functions that were not part of the
main bootloader anymore.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds an HDR_SIZE constant to the simulator which allows for easier
testing of images with different header sizes.
Signed-off-by: Fabio Utzig <utzig@apache.org>
TLV types don't need to list KEYHASH because it's already added by any
signature TLV.
Total sizes were missing the KEYHASH amount.
Add a new TLV for images signed with RSA and encrypted with RSA-OAEP.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This adds new cargo features to allow running tests of encrypted
images with both RSA-OAEP and AES-128-KW.
When installing images on the simulated flash, both a plain and an
encrypted images are created. When encrypted image support is enabled,
verification of images in slot1 match against the encrypted image,
otherwise plain images are used.
PS: Also fixes ImageHeader to match bootutil definition.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This extends the simulator to be able to test the bootloader in devices
which use flash technologies that erase flash at 0 instead of 0xff.
Two MCU devices that have this "property" are the STM32L0x and STM32L1x
lines from ST.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This also updates the RSA test to add extra build files for zeroize, and
updates to new calloc/free configuration style.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This updates error-chain to remove a warning on recent rust distros.
`pem` was update to get fairly recent `error-chain` as well.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The hardcoded keys for Zephyr were removed and external references were
added for the built time autogenerated variables. A hardcoded key file
was added specifically for the simulator.
Signed-off-by: Fabio Utzig <utzig@apache.org>
New logging macros were added for all supported platforms, following the
documentation defined in the template config file.
Signed-off-by: Fabio Utzig <utzig@apache.org>
These (currently) trivial files do not add license headers. Go ahead
and add the boilerplate Apache header.
In addition, I've also added an SPDX header. Although this is a first
for the MCUboot project, this will provide a template for adding these
headers to other files.
Fixes#282
Signed-off-by: David Brown <david.brown@linaro.org>
CC: Marti Bolivar <marti@opensourcefoundries.com>
CC: Fabio Utzig <utzig@apache.org>
The patch introduce usage of zephyr flas_map module instead
of mcuboot zephyr-only implementation. Unused flash_area_to_sectors
API of former flash_map was removed as well.
Size of sector-status-update-map entry is now defined thanks to the
minimum write size supported by the flash driver.
For avoid ambiguity former zephyr-only files flash_map.c
were renamed to flash_map_extended.c (its code now implements
only addition to this what zephyr flash_map implements).
flash_map.h header include is now warped by flash_map_backedn.h headre
because implementations and include pathes are diferent in Zephyr and Mynewt.
Usage of hal_flash_align() were replaced by usage flash_area_align().
This provide consistency between MyNewt and Zephyr implementation as
this API is available in both RTOSes.
flash_map.h was moved to the simulator c-support files as now missing in
the boot/zephyr subdirectories.
f. boot_scratch_fa_device_id was removed as unused.
f. boot_img_fa_device_id was and expanded the only use of it
(on loader.c).
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The README file is missing extra information about how to run all the
different test configurations; add this in.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Continue removing platform-specific conditional compilation from
bootutil by adding a new MCUBOOT_HAVE_ASSERT_H configuration option
and associated header file. Right now, that's only used by the
simulator.
That leaves just bootutil_log.h with platform-specific contents, but
since it's meant to be an abstraction layer for logging, we'll let it
stand for now.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Andrzej Puzdrowski