Name of the board is changing in the zephyr-rtos:
https://github.com/zephyrproject-rtos/zephyr/pull/23447
This patch aligns the board name used which is required for suppression
of build warnings.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace BUILD_ASSERT_MSG() with BUILD_ASSERT()
after merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This patch is needed as MCUBoot should be able to chain-load any
application, not only these built using zephyr.
Introduced cleanup on ARM core control register.
Might be required as for instance the application assumes
that it starts with thread mode configured as by default, not
according to zephyr-rtos configuration.
MCUBoot disables interrupt before application chain-load used
basepr register. This Patch introduce additional celenup on
NVIC register.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Since commit:
commit a36082664e
Author: David Brown <david.brown@linaro.org>
Date: Thu Dec 12 15:35:31 2019 -0700
ecdsa: Allow ECDSA signatures to be actual length
MCUboot no longer requires ECDSA signatures to be padded to a fixed
length. This change makes imgtool, by default, also no longer add this
padding to images. There is an option `--pad-sig` that can be given to
the sign command to re-instate this padding. This flag will be needed
to make images that will work with older (pre 1.5.0) versions of
MCUboot.
Signed-off-by: David Brown <david.brown@linaro.org>
With support for unpadded ecdsa signatures in place, always generate
unpadded signatures within the sim.
Signed-off-by: David Brown <david.brown@linaro.org>
Add imgtool command line option for confirming (setting image_ok =
0x01) in a padded image.
Fixes: #664
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
This description is needed to explain why MCUBoot won't
revert a recently performed update.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Updating the URL for git repository in README file to reflect merge
of PSoC62 into mcuboot master.
Signed-off-by: Christian Daudt <christian.daudt@cypress.com>
Modified serial_adapter so log are allowed when using USB
CDC ACM serial port emulation.
Added dedicated thread for log processing of the highest application
priority. This allows to transmit all logs without adding k_sleep
anywhere else int the code.
Introduced boot log thread is simpler than the default log threat
which decreases flash footprint by a few dozen bytes.
Added configuration for nrf52840_pca10056 which shows how
to enable looging along with USB - among other, thread log
processing is required.
build command (form zephyr-project root directory)
west build -d build/mcuboot/nrf52840_pca10056 -b nrf52840_pca10056
./bootloader/mcuboot/boot/zephyr/
-- -DDTC_OVERLAY_FILE=./boards/nrf52840_pca10056_big.overlay
-DOVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add Log processing configuration synchronous as default
if multithreading is disabled.
Additionally Kconfig makes MULTITHREADING default
if USB is selected.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
- Add image security counter verification (read security counter value
from the image manifest and compare it against the stored/active
security counter) as an optional part of the image validation process
to prevent the restoration of older, potentially vulnerable images.
- This feature can be enabled with the MCUBOOT_HW_ROLLBACK_PROT option.
- Add security counter interface to MCUBoot. If HW rollback protection
is enabled then the platform must provide a mechanism to store and
read the security counter value in a robust and secure way.
Change-Id: Iee4961c1da5275a98ef17982a65b361370d2a178
Signed-off-by: David Vincze <david.vincze@arm.com>
Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).
The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.
Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>
A recently added `newt` feature allows it to only clone selected git
submodules: https://github.com/apache/mynewt-newt/pull/377. This changes
the MCUBoot repository to remove submodules from the cloning process,
because they are not used by Mynewt.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Updates a few sim dependencies, reducing the amount of crates
required for a build; also gets rid of cases of more than one
version required for some crates. Results in depending on 76
crates instead of 89 before the PR.
Signed-off-by: Fabio Utzig <utzig@apache.org>
The `--erased-val` (or `-R`) option was doing conversion of base 10, so
the only value that was acceptable was 0. Although not passing this
option would result in the default `0xff` being used, this fixes the
issue by allowing Python to auto-detects the base from string.
Signed-off-by: Fabio Utzig <utzig@apache.org>
A patch adding sha-512 to upstream tinycrypt was submitted:
https://github.com/intel/tinycrypt/pull/42
While it is not accepted, add the code under a new ext/tinycrypt-sha512
depedency.
Signed-off-by: Fabio Utzig <utzig@apache.org>
GPIO_DIR_IN has been replaced by GPIO_INPUT, GPIO_PUD_PULL_UP by
GPIO_PULL_UP, and gpio_pin_read() by gpio_pin_get_raw(). Update the
code to use the preferred API if it available. This avoids
deprecation warnings in the build.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
According to our CI:
Redundant 'source "$(ZEPHYR_BASE)/Kconfig.zephyr" in
'boot/zephyr/Kconfig'. Just do 'source "Kconfig.zephyr"'
instead. The $srctree environment variable already points
to the Zephyr root, and all 'source's are relative to it.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Zephyr will soon no longer add the drivers subdirectory of the include
hierarchy to the search path, so references to driver headers must
include the drivers/ prefix.
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Andrzej Puzdrowski