Upstream Zephyr is making a habit of enabling subsystems on any board
that supports them. That's a potential security risk if any of those
allow interference with the running bootloader, and is currently
exceeding mcuboot's flash allowance on some STM32 targets,
e.g. 96b_carbon. Turn off I2C to restore the build for those.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Adds a new zephyr target for the nrf52_blenano2. This is the BLE
Nano 2 board created by Red Bear which contains a NRF52832 MCU.
Signed-off-by: Tyler Baker <tyler.baker@linaro.org>
The hexiwear k64 is very similar to the frdm_k64, as far as mcuboot is
concerned. The partitions are now defined in DTS in Zephyr, and this
target file just needs the device name, sector size, and alignment.
Signed-off-by: David Brown <david.brown@linaro.org>
This flag was added to the RSA config file, but not the ECDSA file. It
is needed to configure the MPU to allow the flash device to be written
to.
Signed-off-by: David Brown <david.brown@linaro.org>
Recent Zephyr trees require this config option to be set in order to be
able to write to the flash device. Without it, targets with an MPU
enabled will abort during startup, usually before even printing a
message to the UART.
Signed-off-by: David Brown <david.brown@linaro.org>
Now that the partition table has been added to the device tree for the
frdm_k64f in upstream Zephyr, these symbols become redundant defines.
Remove them to fully use the partitions defined in Zephyr.
Signed-off-by: David Brown <david.brown@linaro.org>
This error was catched by Coverity and it happens when a fail occurs
opening a flash map handle, which is not checked by the close
routine.
Right now this only affects Zephyr, but extra checking was added
assuming that in a future Mynewt implementation close could actually
be changed to do something.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Add reference counting to the flash areas, and a zephyr-only routine
which warns when areas are still open when none should be. Call the
warn routine right before chain-loading.
This prints warnings due to code in loader.c. Future work will be
needed to clean this up.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Use flash_device_base() in the boot code to compute a real address,
given the offset returned by boot_go().
Provide an implementation on mynewt that preserves existing
behavior. If mynewt needs to support devices with nonzero flash base
addresses, this can be migrated to the core OS.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The boot response returns a flash offset, not a flash address. This is
causing confusion and leading to crashes on some platforms which don't
have flash at address 0.
Rename the field to make it more clear what its purpose is; future
patches can start fixing up usages.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Implement new flash API which allows users to learn the physical base
addresses of flash devices.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The current flash_map.h API treats flash areas and flash sectors
synonymously. This isn't accurate; a flash area comprises one or more
sectors.
To distinguish them, add a new struct flash_sector, and a new
flash_area_get_sectors() which initializes an array of struct
flash_sector instead of struct flash area.
That done, deprecate flash_area_to_sectors().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
This accessor returns the physical base address of a flash device,
given its ID. This will be used to support flash devices with nonzero
base addresses in mcuboot.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Remove most of mynewt specific stuff to a separate port package. This
should make mcuboot less "mynewt'y" and slightly easier to port to.
- Mynewt specific stuff moved to boot/mynewt.
- Sample app moved from apps/boot to boot/mynewt.
- Use MYNEWT_VAL macro only on mynewt port.
- BOOTUTIL_* and MYNEWT_VAL() usage moved to MCUBOOT_ defines.
Add reference counting to the flash areas, and a zephyr-only routine
which warns when areas are still open when none should be. Call the
warn routine right before chain-loading.
This prints warnings due to code in loader.c. Future work will be
needed to clean this up.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Use flash_device_base() in the boot code to compute a real address,
given the offset returned by boot_go().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The boot response returns a flash offset, not a flash address. This is
causing confusion and leading to crashes on some platforms which don't
have flash at address 0.
Rename the field to make it more clear what its purpose is; future
patches can start fixing up usages.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The current flash_map.h API treats flash areas and flash sectors
synonymously. This isn't totally accurate; a flash area comprises one
or more sectors.
To distinguish them, add a new struct flash_sector, and a new
flash_area_get_sectors() which initializes an array of struct
flash_sector instead of struct flash area.
That done, deprecate flash_area_to_sectors().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Expand the data slots to 384K each, leaving the boot and scratch areas
as 128K. This allows more room for code, but will wear the scratch
partition about 3x faster because of the more extensive use of the
partition.
When building with ECDSA P-256 as the signature algorithm, we are still
bringing in SHA256 and some ASN.1 code from mbed TLS. Fix part of this
by wrapping the hash functions with general routines (inline functions)
allowing to select between mbed TLS and Tinycrypt for the
implementation.
Update the Zephyr config files so that the Tinycrypt version is used
when building the ECDSA P-256 signing variant.
There are some problems with how mbed TLS is configured in Zephyr.
First, include the makefile stub in the Makefile that uses these
defines. This makes sure the right definitions get made so that our
custom config gets used for all compiled files, rather than a mixed set.
Also, fix up the wrappers on the custom configs so that each is
different, making it easier to detect if multiple configs are being
included.
Lastly, only include the right header in the image validation. The mbed
TLS includes don't seem to want to allow both RSA and ECDSA to be used
(due to the key size), and including the wrong header results in a
compilation error.
The original Zephyr platform support files use tabs for indentation
(to match the Zephyr project). Since this code is all together, and
will be used as the basis for other platforms, fix this indentation to
match that used by the rest of mynewt.
This change is clean with respect to "git show -b", and only changes
the indentation of the beginning of lines.
This fixes MCUB-39.
On Zephyr targets, flash_area_to_sectors() assumes that the flash
device's sector size is equal to the size of the scratch area.
That breaks swap and rollback when scratch size doesn't divide image
size, since the image flash areas will not be correctly configured.
This is a valid configuration supported by the rest of mcuboot.
The best way to fix this would be to get the flash layout from Zephyr,
but that's not possible yet.
Instead, provide a new FLASH_AREA_IMAGE_SECTOR_SIZE define from
target.h. This must be the sector size for these areas:
- FLASH_AREA_IMAGE_0
- FLASH_AREA_IMAGE_1
- FLASH_AREA_IMAGE_SCRATCH
Other areas on the device may have sizes different than
FLASH_AREA_IMAGE_SECTOR_SIZE.
This won't work on platforms where those areas have nonuniform sector
sizes, but we'll cross that bridge when we come to it. (At that point,
an upstream Zephyr change to the flash API really seems needed.)
Revert to the old/buggy behavior when FLASH_AREA_IMAGE_SECTOR_SIZE
isn't provided, but emit a warning. Additionally, touch up the logging
and error handling while we're here.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The current configuration only allows ~170 updates before we can
expect wear on the flash device (per product spec that the flash
device supports 10,000 erase cycles). Increase the scratch size to
make this better by removing some application space, to allow for
~2500 application updates or rollbacks.
The new configuration is 52 KiB (13 sectors) for scratch, and 208
KiB (52 sectors) for each application image.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
MCUBOOT_TARGET_CONFIG is included in several places now,
not just boot/zephyr/main.c. This seems likely to continue.
Let's avoid trouble and make it a real header file, target.h, that
pulls in MCUBOOT_TARGET_CONFIG. That done, include target.h instead
everywhere MCUBOOT_TARGET_CONFIG is included.
This will make it easier to provide values at an SoC/family level
later. We can expect different Zephyr boards to have the same SoC and
thus likely the same mcuboot flash layout, so this will avoid
duplication.
All supported boards are compile-tested.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The Zephyr log backend already prepends the function, so it's
redundant to do it here.
Also convert a stray SYS_LOG_ERR to BOOT_LOG_ERR().
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Avoid clock related interrupts before jumping into the first image. Safe
to disable as the first application will enable the clock/timer again
once booted.
Signed-off-by: Ricardo Salveti <ricardo.salveti@linaro.org>
We won't need the GPIO, timer, or pinmux drivers for
functioning asa bootloader, and some extra exception
debug info has been disabled.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Commit 7238f51 ("zephyr: add support for x86 booting method")
introduced a backend-specific do_boot() function. On ARM, this casts
to an undefined type 'struct vector_table*'. Fix this by using the
'struct arm_vector_table*' introduced in that patch.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The bootloader is just using Zephyr as a HAL and doesn't require
thread scheduling. Build Zephyr in single-threaded mode and gain
some footprint savings.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Marti Bolivar