For Zephyr the default mbedTLS mempool size for RSA-2048 signing was not
enough to allow for the calculations done by RSA-2048-OAEP (encrypted
images), so when encrypted image support is enabled, increase it to a
value that is known to work.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Handle the CONFIG_BOOT_SIGNATURE_TYPE_xxx values in Zephyr's
mcuboot_config.h by converting them into the platform-agnostic MCUboot
definitions.
This requires some changes to the way the release test Makefile is
structured, since Kconfig symbols cannot be set from the command line.
Instead, use the OVERLAY_CONFIG feature of the Zephyr build system,
which allows specifying extra fragments to merge into the final
.config. (This is an orthogonal mechanism to setting CONF_FILE; it is
used by Zephyr's CI script sanitycheck to add additional fragments, so
it's appropriate for use by MCUboot's testing scripts as well.)
We additionally need to move to a single prj.conf file due to a
dependency issue. We can no longer determine CONF_FILE from the
signature type, since that is now determined from the final .config or
autoconf.h, which is a build output that depends on CONF_FILE.
To move to a single prj.conf:
- delete prj-p256.conf and adjust prj.conf to serve both signature types
- add a top-level mbedTLS configuration file which dispatches to
the right sub-header depending on the key type
- as a side effect, have the simulator pick the right config file
depending on the case
This fixes and cleans up quite a bit of the signature type handling,
which had become something of a mess over time. For example, it fixes
a bug in ECDSA mode's configuration that wasn't actually selecting
config-asn1.h, and forces the simulator to use the same mbedTLS
configuration file as builds for real hardware.
Finally, we also have to move the mbedTLS vs. TinyCrypt choice into
mcuboot_config.h at the same time as well, since CMakeLists.txt was
making that decision based on the signature type.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Following warnings were fixed within this patch:
'isspace' macro should take an int value
function 'bs_reset' should return void
redefinition of 'MBEDTLS_CONFIG_FILE' macro while
it is already defined by the zephyr build system.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Upstream zephyr will automatically link mbedtls when CONFIG_MBEDTLS is
enabled.
If user chose to use ECDSA_P256 as signature type, will get a compile
error message in file ${ZEPHYR_BASE}/ext/lib/crypto/mbedtls/zephyr_init.c:
fatal error: config-asn1.h: No such file or directory
Fix this by disable CONFIG_MBEDTLS when ECDSA_P256 signature type is
selected.
Signed-off-by: Ding Tao <miyatsu@qq.com>
When using EC256 for signing, Zephyr now uses the bundled tinycrypt
and mbed-tls ASN1 parser instead of relying on the one provided by
the OS.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The Zephyr configuration was enabling the memory buffer allocator (but
not using it) without defining enough other features to allow it to
compile (undefined reference to `exit()`).
Disable the memory buffer allocator when just using the ASN.1 library,
and conditionalize the heap itself to avoid using the RAM for that.
Signed-off-by: David Brown <david.brown@linaro.org>
Instead of the overly-simplistic allocator in Zephyr, use the still
simplistic allocator in mbed TLS.
On K64f, this saves 848 bytes of text, 44 bytes of data, and 208 bytes
of bss.
Signed-off-by: David Brown <david.brown@linaro.org>
The original Zephyr platform support files use tabs for indentation
(to match the Zephyr project). Since this code is all together, and
will be used as the basis for other platforms, fix this indentation to
match that used by the rest of mynewt.
This change is clean with respect to "git show -b", and only changes
the indentation of the beginning of lines.
The Zephyr build systems makes some assumptions about the directory
layout, and encounters problems if the necessary path contains "../..".
To help this, place the zephyr directory next to the bootutil directory
so that the Makefile can just refer to "../bootutil". This keeps all of
the build artifacts under the proper top-level directory.