5047f032c9
Returned values are now hardcoded. Indeed, while it is not strictly needed (few return values different from SUCCESS or FAILURE) complexity added by encoding return values might cause the software to be vulnerable to fault attacks. Return type changed from fih_int to fih_ret to make the whole thing much simpler and therefore more robust to fault attacks. In addition, its easier to predict compiler behavior. Affectation of sentive variables has been hardened using macro FIH_SET (affectation + check wether write access has been properly done). FIH_DECLARE() is added to ease the declaration of sentive variables. Equality tests fih_eq() and fih_not_eq() are now macros because inlining produce more complex code (and weaker) than macros. In addition fih_not_eq is modified to be the negation of fih_eq which was not the case until now. when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added in some part of the code. variable image_mask (bootutil_priv.h) is now volatile because a double IF test is made on it. some others parts of the code have been hardenned (eg. loop on images) Signed-off-by: Michael Grand <m.grand@trustngo.tech> |
||
|---|---|---|
| .github/workflows | ||
| boot | ||
| ci | ||
| docs | ||
| ext | ||
| ptest | ||
| samples | ||
| scripts | ||
| sim | ||
| testplan/mynewt | ||
| zephyr | ||
| .gitignore | ||
| .gitmodules | ||
| .mbedignore | ||
| .travis.yml-disabled | ||
| CODE_OF_CONDUCT.md | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
| enc-aes128kw.b64 | ||
| enc-aes256kw.b64 | ||
| enc-ec256-priv.pem | ||
| enc-ec256-pub.pem | ||
| enc-rsa2048-priv.pem | ||
| enc-rsa2048-pub.pem | ||
| enc-x25519-priv.pem | ||
| enc-x25519-pub.pem | ||
| go.mod | ||
| project.yml | ||
| repository.yml | ||
| root-ec-p256-pkcs8.pem | ||
| root-ec-p256.pem | ||
| root-ed25519.pem | ||
| root-rsa-2048.pem | ||
| root-rsa-3072.pem | ||
| west.yml | ||
README.md
MCUboot
This is MCUboot version 1.10.0-dev
MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a common infrastructure for the bootloader and the system flash layout on microcontroller systems, and provides a secure bootloader that enables easy software upgrade.
MCUboot is not dependent on any specific operating system and hardware and relies on hardware porting layers from the operating system it works with. Currently, MCUboot works with the following operating systems and SoCs:
RIOT is supported only as a boot target. We will accept any new port contributed by the community once it is good enough.
MCUboot How-tos
See the following pages for instructions on using MCUboot with different operating systems and SoCs:
There are also instructions for the Simulator.
Roadmap
The issues being planned and worked on are tracked using GitHub issues. To give your input, visit MCUboot GitHub Issues.
Source files
You can find additional documentation on the bootloader in the source files. For more information, use the following links:
- boot/bootutil - The core of the bootloader itself.
- boot/boot_serial - Support for serial upgrade within the bootloader itself.
- boot/zephyr - Port of the bootloader to Zephyr.
- boot/mynewt - Bootloader application for Apache Mynewt.
- boot/nuttx - Bootloader application and port of MCUboot interfaces for Apache NuttX.
- boot/mbed - Port of the bootloader to Mbed OS.
- boot/espressif - Bootloader application and MCUboot port for Espressif SoCs.
- boot/cypress - Bootloader application and MCUboot port for Cypress/Infineon SoCs.
- imgtool - A tool to securely sign firmware images for booting by MCUboot.
- sim - A bootloader simulator for testing and regression.
Joining the project
Developers are welcome!
Use the following links to join or see more about the project: