Since boot_read_image_headers only failed when reading headers from
both Slots failed, it could happen that even with a failure reading
Slot 1, this data would still be used by split booting. Now when
reading image headers an extra parameter allows the caller to ask
for failure when any slot read failed.
JIRA: MCUB-56
Signed-off-by: Fabio Utzig <utzig@apache.org>
Assertions that are expected to fail under sim test, are now marked as such
using the macro ASSERT which allows to programmatically switch between normal
assert() behavior and captured assertion.
Assertion changes were moved to more appropriate owners and code duplication
was removed.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The rationale behind this change is that while performing a swap
operation, writes to the status area are not important enough
to abort the operation. If the swap is not interrupted, status
writes are ignored. If the swap is interrupted, failures to write
status area are detected during the next boot and an appropriate
measure is taken.
If MCUBOOT_VALIDATE_SLOT0 is set we ignore the status write fail
and allow slot0 to be validated by its hash/signature. Otherwise,
the old behavior is maintained, which is to abort on any write
failures.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When building in simulator mode, mock assert() to call an simulator
function which will enable other code to check if some path failed.
The assert checking interface, was added to boot_go which now
returns the low-level invocation results as well as the number of
asserts triggered.
Some new added tests check for assert() and expect it to happen. To not
abort tests, assert() was changed under sim env to not call c assert()
and instead just do some internal calculation which could be checked
by the simulator after a bootloader run and assert() catching behavior
was made optional (each test choses the behavior it needs).
Signed-off-by: Fabio Utzig <utzig@apache.org>
When using EC256 for signing, Zephyr now uses the bundled tinycrypt
and mbed-tls ASN1 parser instead of relying on the one provided by
the OS.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This commit removes the pseudo tinycrypt package based on symlinks
by adding a new pkg.yml to ext/tinycrypt and using it directly. It
also uses the new mbed-tls bundled ASN1 parser when EC256 is selected.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This fixes a comparison issue that was previously fixed by doing a
cast. Since tinycrypt and mbed-tls both already use an unsigned for
the size, the mcuboot interface was updated to also use an unsigned
value (size_t to be more precise!).
Signed-off-by: Fabio Utzig <utzig@apache.org>
This enables building ecdsa feature using tinycrypt (mbed still built
for ASN1). The default mbed-tls config was update to use the MCUBOOT_SIGN_*
symbols.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This patch introduced serial bootloader functionality ported
from mynewt targets tree.
For achieving this following changes were applied:
- Modified boot_serial module for using, zephyr-os modules
(crc driver, mbedtls-base64 library) and the zephyr serial adapter module
introduced recently.
- Added service of boot serial recovery mode to main.
- Adapted the input parser to using static buffers.
Default serial-boot-pin configuration was added for nrf52_pca10040
and nrf52840_pca10056 boards.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The library is needed for support mcuboot serial recovery interface.
This library wraps the tinycbor decoder with a attribute based decoder
suitable for decoding a binary version of json.
Origin: apache Mynewt
License: Apache-2.0
URL: https://github.com/apache/mynewt-core/tree/master/encoding/cborattr
commit: bf4b3f6f4cf293fc5a71d7787d5b81555434b6f8
Maintained-by: External
f. cbor_read_mbuf_attrs was removed as it was Mynewt specific.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The library is needed for support mcuboot serial recovery interface.
Tinycbor lib from mynewt is imported because it is already modified for
Add tinycbor library for zephyr
mcuboot serial recovery protocol.
Origin: apache Mynewt
License: Apache-2.0
URL: https://github.com/apache/mynewt-core/tree/master/encoding/tinycbor
commit: bf4b3f6f4cf293fc5a71d7787d5b81555434b6f8
Maintained-by: External
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Serial adapter uses the zephyr UART driver in interrupt mode for
providing communication capabilities needed for the boot serial
recovery mode.
This module provide API similar to mynewt console module.
Serial adapter module can not be compiled along with
the zephyr uart console module so this case is checked.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixes warnings treated as errors when upgrading gcc crate to 0.3.54.
Warnings are due to non-used variables and comparison between signed
and unsigned.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When not validating slot 0, we could be booting into an empty
chip. This means we jump based on garbage data.
Try to make this better by at least checking the magic number. Without
this patch, booting with just the bootloader fails the Zephyr release
tests.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The Zephyr configuration was enabling the memory buffer allocator (but
not using it) without defining enough other features to allow it to
compile (undefined reference to `exit()`).
Disable the memory buffer allocator when just using the ASN.1 library,
and conditionalize the heap itself to avoid using the RAM for that.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of the overly-simplistic allocator in Zephyr, use the still
simplistic allocator in mbed TLS.
On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes
of bss.
Signed-off-by: David Brown <david.brown@linaro.org>
This add a new option to overwrite-only mode that enables copy/erase of
only the amount of sectors that are required to store the source image.
This is enabled by default when overwrite-only mode is used.
MCUB-70
Signed-off-by: Fabio Utzig <utzig@apache.org>
Zephyr now has proper page layout APIs in its flash driver. Use these
to implement flash_area_get_sectors() and flash_area_to_sectors() when
they are available. Leave the existing implementation behind as a
"legacy" version, for flash drivers which lack page layout support.
This lets us obtain all the target support we need for nRF and STM32
targets entirely from the operating system.
There are two cases where OS-level support is still not enough:
- NXP K6x targets still need an SoC family header, because their flash
driver does not yet support CONFIG_FLASH_PAGE_LAYOUT.
- The arduino_101 target needs partition and flash alignment
definitions in its DTS, and a flash driver with page layout support
as well, so its board-specific header must remain for now.
Fixing these is left to future work. Once that is done,
boot/zephyr/targets/ can be removed completely.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Zephyr now provides defines for FLASH_DRIVER_NAME and
FLASH_WRITE_BLOCK_SIZE (which is what we call FLASH_ALIGN) in
the SoC headers for most targets supported by mcuboot. Use that
information when it's available, falling back on MCUBOOT_TARGET_CONFIG
otherwise.
The soc_family_foo.h files remain for FLASH_AREA_IMAGE_SECTOR_SIZE. A
subsequent patch can remove these files when the relevant SoC flash
driver provides a page layout.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This cleanup commit requires a bit more target-specific knowledge
that's a bit harder to read than board-specific headers, but it's
still an improvement over what we have now.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
All of the information we need is in DTS or is the same across all
boards in the SoC family. There's no need for board-specific headers
for these targets.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Commit 4094813 ("zephyr: force mcuboot to fit in the boot partition")
added a DTC overlay file that breaks the build on arduino_101. That
board doesn't have its flash partitions defined in DTS.
Keep things working for now without allowing other issues to creep in
on ARM targets by excluding the chosen node on x86 targets only.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This function is unused in overwrite-only mode. Clang seems to catch
this, whereas gcc does not. Add the proper ifdefs so that the
simulator tests all pass on MacOS.
Signed-off-by: David Brown <david.brown@linaro.org>
Fixes a bug when MCUBOOT_VALIDATE_SLOT0 is enabled which caused the
header in Slot 1 to be used for calculating the bootstrap offset. This
bug is masked when MCUBOOT_OVERWRITE_ONLY is not enabled because both
slots have the same header size (usually!). With MCUBOOT_OVERWRITE_ONLY
Slot 1 was erased and the header size would be read as 0xffff resulting
in a jump to the wrong address.
Signed-off-by: Fabio Utzig <utzig@apache.org>
When building in overwrite-only, there is no status/trailer management.
This commit fixes an issue where there was a write to image_ok/copy_done
where those flags where already set (copied from slot 1) which would
cause a write over non-erased flash.
Signed-off-by: Fabio Utzig <utzig@apache.org>
This removes the dependency on tinycrypt lib provided by mynewt and
switches to the one bundled in mcuboot. Also fixes a bug where tc
was only being used when eliptic curve 256 was selected as sign
algorithm.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add a flag `IMAGE_F_RAM_LOAD` and an associated header field
`ih_load_addr` to indicate that a particular image should be loaded into
RAM instead of being executed directly out of flash. If the flag is not
set, this field will be ignored. If it is set, and this feature is
supported by the bootloader, the image will be loaded into RAM at the
address specified in the new header field.
None of this functionality is implemented at this time. This is merely
to define the header format to avoid having to change the image format
later.
JIRA: MCUB-79
Signed-off-by: David Brown <david.brown@linaro.org>
Disable the Zephyr-provided Tinycrypt, and use our local copy. This
avoids problems with changing version across different Zephyr releases.
Signed-off-by: David Brown <david.brown@linaro.org>
Add the 2 official Nordic Development Kit targets that are missing from
the list in mcuboot, but supported in Zephyr.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The keyhash should be able to have any size up to the maximum allowed
size of 32, but the assert was not allowing images created with newt to
be accepted as valid (newt currently uses only 4 bytes for keyhash).
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: David Brown <david.brown@linaro.org>
When starting a swap upgrade, the total size of data to be swapped is
calculated only at the beginning and saved to the trailer. This avoids
having to use complicated heuristics to find the total swap size, which
might depend on data that was already moved. When resuming a swap, the
size is found in the trailer and used.
Also includes some small comment fixes and refactors.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: David Brown <david.brown@linaro.org>
The local variable 'size' is actually the offset of the end, and not the
size. Rename it to reflect this reality.
Signed-off-by: David Brown <david.brown@linaro.org>
Clarify the name of the TLV field to more fully describe the signature
type.
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
Since we are changing the image header format, there is no reason to
continue to support the old PKCS#1 v1.5 signatures. Remove the
definitions, and conditional complication related to this, and only
support the newer PSS signatures.
Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
Fabio Utzig