Commit Graph

2108 Commits

Author SHA1 Message Date
Roland Mikhel 61962b94f3 bootutil: fix FIH int conversion for security_cnt
Currently there's a compile error when building MCUboot
with HW_ROLLBACK_PROT due to a comparison
when decoding the security_cnt fih_int value. In the security_cnt.h
it is stated that this value must be between 0 and UINT32_MAX
so this cast would not cause any undefined behaviour.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iee158a31955ff43b73e67a0c08e7a086077b9eb5
2023-06-27 14:42:34 +02:00
Dominik Ermel e6e4801ce2 zephyr/boot_serial_extension: Fix zcbor header path
Include directory path is now set by CMake.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-06-21 13:48:05 +02:00
David Brown 2c1c5d145a docs: Update security to use github reporting
Hackerone hasn't turned out to be particularly useful.  Fortunately, github now
has a mechanism to directly report security vulnerabilities within the project's
pages.  Update the docs to show this as the preferred vulnerability reporting
mechanism.

Signed-off-by: David Brown <david.brown@linaro.org>
2023-06-15 08:29:08 -06:00
Antonio de Angelis a5db515161 bootutil/crypto: SHA256 abort function return state
Similarly to what has been done for the init function, also
the abort function should return a state in case the caller
needs to implement some error recovery procedure, or even
just for debugging reasons.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I5b8bc8fc2da57cfbc6ddea3f7e95ed7a7ae8e5a9
2023-06-09 14:35:28 +02:00
Antonio de Angelis 0361ad3d42 bootutil/crypto: SHA256 init functions should return a status
SHA-256 init functions should return the status of the init
instead of being void. This would allow the callers to implement
proper error recovery, otherwise on error the SHA-256 operation
will enter an undefined behaviour.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I162ceb8e6dc90dc3c6b83c8a85fbd17b41c0b5d6
2023-06-09 14:35:28 +02:00
Antonio de Angelis f92a2193f4 bootutil/crypto: Fix minor typos in comments for RSA modules
A couple of typos in comments for the newly added RSA modules
need to be assessed.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ia06529adb81215fad796895d7b412b35717b6d65
2023-06-09 14:35:28 +02:00
Antonio de Angelis 48547008dd bootutil: Add image_index to additional logging messages
image_index should be added to additional prints as noted
during the original PR review.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I2e456f05ee4ccb372aeab564f7f388bc2fd564e5
2023-06-09 14:35:28 +02:00
Antonio de Angelis 2f85b7e994 bootutil/crypto: Fix the common.h header
The crypto/common.h header checks for MBEDTLS_VERSION_NUMBER
value but it needs to include mbedtls/version.h first
otherwise it won't return a reliable check.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ice12fe26bb24fd98c09c4adfe001b5274cee555c
2023-06-09 14:35:28 +02:00
Antonio de Angelis c321a7056b bootutil/crypto: Add a crypto backend for SHA256 based on PSA Crypto APIs
This patch adds a dedicated crypto backend based on PSA Crypto APIs to
implement SHA-256 operations. The enabling of the backend is controlled
by the MCUBOOT_USE_PSA_CRYPTO define.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6065f7fccb483eda54f0190457f33aa89c6a0796
2023-06-09 14:35:28 +02:00
Antonio de Angelis 02bf072d2d bootutil/crypto: Refactor the RSA signature verification and encryption
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
2023-06-09 14:35:28 +02:00
Antonio de Angelis ba5fb1cec4 bootutil: Add image_index to common prints
Add the image_index to common prints that get repeated in the
print out logging so that it helps differentiate the information
conveyed by the print.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I560b0f76d879e4bd5f82ef65e845fe5c80585c97
2023-06-09 14:35:28 +02:00
Jamie McCrae 74c4d1c52f zephyr: Restore default log level of info
The default log level has changed to "default", restore it back
to info.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-06-05 11:04:42 +01:00
Jamie McCrae 8a8a24199a zephyr: single_loader: Fix typo
Fixes a typo with a variable name.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-06-05 09:45:27 +01:00
Jamie McCrae a6aef32619 docs: release: Add note on zephyr release
Adds details on updating the zephyr version file for releases.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:20:28 -06:00
Jamie McCrae d6a7741124 zephyr: Add VERSION file
Adds a file which contains the current MCUboot code version, which
can be used by Zephyr builds.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:20:28 -06:00
Jamie McCrae abb18a31a3 docs: Add note on addition of image state/image set state commands
Adds a note that both of these functions are now (optionally)
supported in serial recovery mode.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:19:20 -06:00
Jamie McCrae fac2cabe98 boot_serial: Add image state set/get
Adds optional image state set/get functionality to serial recovery
mode which allows for listing image states and marking images to
be tested or as confirmed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-25 14:19:20 -06:00
Jamie McCrae 52605e5051 release-notes: Add note on zcbor encoder fix
Adds a note that the zcbor encoder buffer size has been fixed.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
2023-05-25 14:17:20 -06:00
Daniel DeGrasse c393b54246 boot: boot_serial: fix usage of zcbor_new_encode_state API
Fix usage of zcbor_new_encode_state API, to correctly pass the payload
length. The previous usage was passing a pointer to the end of the
payload, which resulted in the ZCBOR structure being initialized with
an invalid `payload_end` field. On some platforms, this breaks MCUBoot
serial recovery, as the ZCBOR structures required to send response data
are invalid and can no longer be populated with response data.

Signed-off-by: Daniel DeGrasse <daniel.degrasse@nxp.com>
2023-05-25 14:17:20 -06:00
Jamie McCrae 9380135afb ci: zephyr: Update Zephyr image and SDK version
Updates to use the zephyr docker image version 0.26.4 which
includes the zephyr SDK 0.16.1, and resolves build issues with
recent zephyr changes.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-23 11:47:03 +01:00
Marcin Niestroj 9ced459b09 boot: zephyr: fix s/junping/jumping/ typo
Fix typo in Kconfig help text by s/junping/jumping/.

Signed-off-by: Marcin Niestroj <m.niestroj@emb.dev>
2023-05-22 07:41:43 +01:00
Jeppe Odgaard 1dbe0cf0a5 boot: zephyr: Use mcuboot-led0 in MCUBOOT_INDICATION_LED help section
bootloader-led0 is deprecated. Replace with mcuboot-led0 in
MCUBOOT_INDICATION_LED help.

Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
2023-05-22 07:41:23 +01:00
Dominik Ermel 256bc37aad bootutil: Fixing memset not beeing called
Memset could have been out optimized by compiler and also
not called in error path.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
2023-05-17 12:18:07 +02:00
Daniel Mangum eb7658e84c zephyr: fix link to Zephyr application docs
Updates a broken link to Zephyr application docs in the hello-world
example.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-05-15 13:47:26 +01:00
Jamie McCrae 0038f3967b boot: zcbor: Move copy script
Moves and updates the copy script to the zcbor folder

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae b388829846 docs: Add not on CDDL code being replaced
Adds a note that the CDDL function code has been replaced with
zcbor function calls.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae cb07e88869 boot_serial: Replace cbor auto-generated code with zcbor functions
Replaces the auto-generated decoding/encoding files with inline code
for encoding/decoding cbor data structures, this adds the benefit of
allowing the elements to be in any order and reduces code size. To
accommodate this, zcbor_bulk has been imported from Zephyr.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-15 10:22:51 +02:00
Jamie McCrae db6ba46244 boot_serial: Unify zcbor include paths
Moves zcbor files to a subdirectory and replaces differing
include path styles to be unified.

Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
2023-05-12 10:33:28 +01:00
Jerzy Kasenberg 7a4b192690 ci: mynewt: Download nrfx from separate repository
Mynewt used to have copy of nrfx.
Now nrfx is taken from original repository and since some CI
targets want to build for NRF MCUs nrfx repository nees to be
downloaded.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2023-05-10 20:49:59 -03:00
Antonio de Angelis 2878eb4e32 bootutil/crypto: Fix local variable name typo for PSA Crypto key parse
Fix a local variable name typo in parse public key function
for the PSA Crypto abstraction, and at the same time put the
memcmp under ifdefs.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Icadca37e4207ad703a853ea720a053aa2ba76411
2023-05-03 08:40:22 +02:00
Keith Packard ec2ac82c32 boot/zephyr: switch main return type to 'int'
Adapt to Zephyr's change requiring main to return int.

Signed-off-by: Keith Packard <keithp@keithp.com>
2023-05-02 15:24:20 +01:00
David Vincze 7f982b0f6f Revert "imgtool: Add backwards compatibility for ECDSA"
This reverts commit 78135ee6eb
as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary.

Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7
Signed-off-by: David Vincze <david.vincze@arm.com>
2023-04-28 11:40:31 +02:00
David Vincze 4395b80976 boot: Restore and extend the usage of 0x22 TLV (ECDSA256)
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.

Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
2023-04-28 11:40:31 +02:00
Marek Matej 6769344276 boot: zephyr: esp32: zephyr port
Add support for ESP32xx targets to build
as Zephyr application.

Signed-off-by: Marek Matej <marek.matej@espressif.com>
2023-04-27 20:30:35 -03:00
Fabio Utzig 86dba4d6c1 ci: update toml dependency
Switch from toml to tomllib when supported, Python 3.11+, and fallback to
using tomli instead of toml otherwise.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2023-04-27 12:35:12 -03:00
Antonio de Angelis 0a1ef37263 bootutil/crypto: Move BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE into common
BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE is a universal define
that should be moved into a common area of the header
instead of repeating it for every abstraction that needs it

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I21e7511218d0dafac8b7337715932c6564d7c3a1
2023-04-26 13:57:53 +02:00
Antonio de Angelis 88e4aed18f bootutil/crypto: Fix review comments on the ecdsa layer
Fixes in the ecdsa.h abstraction layer:
* Align indentation of parameters to the opening bracket of the function
* Remove inline in some of the bigger functions of the PSA Crypto abstraction
* Fix the prototype of ecdsa_verify for the PSA Crypto abstraction

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I28e1be83bc1a16fdf8b796f89c002528b1bd7791
2023-04-26 13:57:53 +02:00
Antonio de Angelis 10529d3032 bootutil/crypto: Have a single ECDSA verification module
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
2023-04-26 13:57:53 +02:00
Antonio de Angelis 966ac81804 bootutil/crypto: Extend ECDSA to support P384 curve
Extend the ecdsa abstraction layer to support P384 curves
during parsing the public key and the signature.

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I05e9b27b1809352a6115184ef16c95dc8b6d2a40
2023-04-26 13:57:53 +02:00
Antonio de Angelis 25390ad58c bootutil/crypto: Have a single ECDSA abstraction file
To keep a single ECDSA abstraction to support both existing
modes and PSA Crypto APIs, merge the contents of ecdsa.h
into ecdsa_p256.h

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I08b4a42d87c491badfee3ec4579bd2a23a80602d
2023-04-26 13:57:53 +02:00
Antonio de Angelis cf36d670c9 bootutil/crypto: Add license disclaimer to ecdsa_p256.h
The ecdsa abstraction layer header does not have a license header.
Add it in preparation for the merge with ecdsa.h

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ibb906c7f6bb3b50387e4816e1a95b31d3c8b515f
2023-04-26 13:57:53 +02:00
Antonio de Angelis 557451d28d bootutil/crypto: Add a generic signature validation module for ECDSA
Add a dedicated signature validation module for generic ECDSA signatures,
and a corresponding cryptographic abstraction backend based on PSA Crypto
APIs. This signature verification backend is enabled by defining the
option MCUBOOT_SIGN_ECDSA

Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I47da70629da0a5681ec7c4dcceed875a997b071b
2023-04-26 13:57:53 +02:00
Roland Mikhel c725cee102 docs: Add release note snippet for ECDSA TLV
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I6837467e985af644f124ae8a9cceb0f68736ec84
2023-04-26 13:27:44 +02:00
Roland Mikhel 30978516d3 sim: Remove curve specific ECDSA TLVs
Remove those TLVs that are tied to a specific curve and modify the
code to use the new generic ECDSA TLV.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
2023-04-26 13:27:44 +02:00
Roland Mikhel 6205c10fea sim: Add generic ECDSA TLV support
Add support to the simulator so that
the generic ECDSA TLV can be tested.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
2023-04-26 13:27:44 +02:00
Roland Mikhel 78135ee6eb imgtool: Add backwards compatibility for ECDSA
Add backwards compatibility to the imgtool to support
the old curve specific TLVs. Currently only ECDSA256 needs this.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I275894ebc713ea8adcaab4198b036c41233b11e8
2023-04-26 13:27:44 +02:00
Roland Mikhel 5704174c12 imgtool: Add generic ECDSA TLV support
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
2023-04-26 13:27:44 +02:00
Roland Mikhel 63d2346da4 bootutil: Remove curve specific ECDSA TLVs
Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147
2023-04-26 13:27:44 +02:00
Roland Mikhel b08e77e0f3 bootutil: Create new generic ECDSA TLV
Create a new generic ECDSA TLV type that can be used
to store any signatures irrespective of the curve type.

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I2aeb885251fd25e23f5430328b8cc64b8cc8d7be
2023-04-26 13:27:44 +02:00
Jeppe Odgaard 1558e7ab0a boot: zephyr: remove stm32 watchdog defines
The stm32 defines is somewhat redundant due to the generic watchdog
defines which uses the watchdog0 alias. Therefore they are removed in
this commit.

Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
2023-04-26 13:15:51 +02:00