Fixes issues whereby encrypted images were not properly listed due
to not treating them as encrypted, also removes a piece of wrong
hack code that would never run as the primary slot cannot be
encrypted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Improves the Kconfig layout for encrypted image support and allows
using key files instead of just using a pre-defined, insecure dummy
key.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Downgrade prevention check moved to secure both TEST
and PERMANENT upgrade modes. Downgrade can still be
performed during REVERT.
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
This allows the currently executing slot number to be checked by
the external function, which can be used by XIP images to know
which slot is currently being executed from to allow for correct
uploading/positioning of firmware files, and also provides the
maximum size of an upgrade that can be loaded so that applications
can reject images that are too large.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The function was incorrectly identifying partition of secondary slot
of image 0 as belonging to image 1, at the same time failing to
identify partition of primary slot of image 1.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit fixes boot_set_next always passing image 0 to
boot_write_swap_info, instead of the proper image number.
This has been affecting applications that tried to call boot_set_next
in multi-image MCUboot configuration using scratch-swap algorithm.
Fixes#1762
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Function flash_area_sector_from_off is replaced with newly used
flash_area_get_sector to cope with calls in bootutil_misc.c file.
This is required for CONFIG_MCUBOOT_SWAP_USING_MOVE to work correctly.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
Adds missing fields which were wrongly treated as part of the
operation value, which they were not, and adds a big/little
endian check.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This is a follow-up on upstream Zephyr split from `esp32` to distinct
esp32_devkitc_wroom and esp32_devkitc_wrover (see [1] and [2]).
[1] https://github.com/zephyrproject-rtos/zephyr/pull/58454
[2] 3776402f40
Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
Typecasting pointer variables to uint32_t
instead of uintptr_t was causing build error
on 64-bit architecture.
This is useful, because I am currently working
on implementing support for 64-bit native target
in Apache Mynewt. There is unit test for boot_serial
and it cannot be compiled without this changes.
Signed-off-by: Michal Gorecki <michal.gorecki@codecoup.pl>
Fixes an issue with missing packed attributes on image.h's
structures which would lead to faults on some devices e.g. ARM
Cortex M0, and adds a define for the SHA256 hash size.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Remove the ESP-IDF from git submodules to avoid potential
duplicated repo clones on the user system. IDF HAL code is still
a dependency for Espressif port, therefore now the HAL code
reference needs to be passed by parameter when building.
The Espressif port was also updated to work with last v5.1 IDF
code.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
In same cases (loging, hash, crypto) main function called
newt tool generated sysinit() function to create
uart device and crypto.
Now user can specify that sysinit should be called for
other cases if needed. This can be useful if some other
package should be included in the build and it has
package initialization function.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
For MCUs with restriction on minimum write size (STM32H7)
unaligned writes resulted in flash write errors preventing
any sort of update.
Now MCUBOOT_BOOT_MAX_ALIGN can be set accordingly to value
that flash driver uses.
For alignment <= 8 default value provided by mcuboot config
is still used.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
For downgrade prevention it's possible to use build number
for grater control.
So far only Zephyr has this option in Kconfig now
option is also available in mynewt.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
This allows user to enable echo for mcumgr command in serial boot.
Code was enabled in zephyr only so far.
Now mynewt build can also have this feature if enabled.
No code changes just option in mynewt build to enable existing
mcuboot feature.
Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Definition of MCUBOOT_SWAP_USING_MOVE in case swap without scratch area
is configured in NuttX was missing from mcuboot_config.h file.
Also necessary function flash_area_sector_from_off() is defined and
declared in order to support swap without scratch.
Signed-off-by: Michal Lenc <michallenc@seznam.cz>
According to the SMP protocol documentation [1], 'image number' value
in 'image upload request' is optional and can be included only in packet
with 'off' (data offset) set to '0' (first packet in upload request).
In one of recent changes (commit 'cb07e888691d'), initialization of the
'img_num' variable was removed which, in extreme case (no image number
provided in upload request), results in use of its uninitialized value
in flash_area_open() call which then might lead to request abort.
This fixes above regression and also makes MCUboot implementation of the
'image upload request' aligned with Zephyr documentation of the protocol
by considering image number only from first (off == 0) 'image upload
request' SMP packet. In addition, 'image number' value is set to '0' if
the request doesn't provide this field.
[1] docs.zephyrproject.org/latest/services/device_mgmt/smp_groups/smp_group_1.html
Fixes: cb07e88869 ("boot_serial: Replace cbor auto-generated code with zcbor functions")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
The 'matched' param in zcbor_map_decode_bulk() function is 'pointer to
the counter of matched keys', not length of payload buffer.
Fixes: fac2cabe98 ("boot_serial: Add image state set/get")
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Fixes an issue which was introduced in commit
fac2cabe98 which would show all
images, including those with invalid headers in the output of
images being listed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This commit reverts the changes to the cap values made in 206b914.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Ie47c3f253409932b960f4fc12e3b722b000b3093
Currently there's a compile error when building MCUboot
with HW_ROLLBACK_PROT due to a comparison
when decoding the security_cnt fih_int value. In the security_cnt.h
it is stated that this value must be between 0 and UINT32_MAX
so this cast would not cause any undefined behaviour.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iee158a31955ff43b73e67a0c08e7a086077b9eb5
Similarly to what has been done for the init function, also
the abort function should return a state in case the caller
needs to implement some error recovery procedure, or even
just for debugging reasons.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I5b8bc8fc2da57cfbc6ddea3f7e95ed7a7ae8e5a9
SHA-256 init functions should return the status of the init
instead of being void. This would allow the callers to implement
proper error recovery, otherwise on error the SHA-256 operation
will enter an undefined behaviour.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I162ceb8e6dc90dc3c6b83c8a85fbd17b41c0b5d6
A couple of typos in comments for the newly added RSA modules
need to be assessed.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ia06529adb81215fad796895d7b412b35717b6d65
image_index should be added to additional prints as noted
during the original PR review.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I2e456f05ee4ccb372aeab564f7f388bc2fd564e5
The crypto/common.h header checks for MBEDTLS_VERSION_NUMBER
value but it needs to include mbedtls/version.h first
otherwise it won't return a reliable check.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ice12fe26bb24fd98c09c4adfe001b5274cee555c
This patch adds a dedicated crypto backend based on PSA Crypto APIs to
implement SHA-256 operations. The enabling of the backend is controlled
by the MCUBOOT_USE_PSA_CRYPTO define.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6065f7fccb483eda54f0190457f33aa89c6a0796
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
Add the image_index to common prints that get repeated in the
print out logging so that it helps differentiate the information
conveyed by the print.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I560b0f76d879e4bd5f82ef65e845fe5c80585c97
Adds a file which contains the current MCUboot code version, which
can be used by Zephyr builds.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds optional image state set/get functionality to serial recovery
mode which allows for listing image states and marking images to
be tested or as confirmed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fix usage of zcbor_new_encode_state API, to correctly pass the payload
length. The previous usage was passing a pointer to the end of the
payload, which resulted in the ZCBOR structure being initialized with
an invalid `payload_end` field. On some platforms, this breaks MCUBoot
serial recovery, as the ZCBOR structures required to send response data
are invalid and can no longer be populated with response data.
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
Jamie McCrae