5047f032c9
Returned values are now hardcoded. Indeed, while it is not strictly needed (few return values different from SUCCESS or FAILURE) complexity added by encoding return values might cause the software to be vulnerable to fault attacks. Return type changed from fih_int to fih_ret to make the whole thing much simpler and therefore more robust to fault attacks. In addition, its easier to predict compiler behavior. Affectation of sentive variables has been hardened using macro FIH_SET (affectation + check wether write access has been properly done). FIH_DECLARE() is added to ease the declaration of sentive variables. Equality tests fih_eq() and fih_not_eq() are now macros because inlining produce more complex code (and weaker) than macros. In addition fih_not_eq is modified to be the negation of fih_eq which was not the case until now. when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added in some part of the code. variable image_mask (bootutil_priv.h) is now volatile because a double IF test is made on it. some others parts of the code have been hardenned (eg. loop on images) Signed-off-by: Michael Grand <m.grand@trustngo.tech> |
||
|---|---|---|
| .. | ||
| BlinkyApp | ||
| MCUBootApp | ||
| cy_flash_pal | ||
| keys | ||
| libs | ||
| platforms | ||
| .gitignore | ||
| Makefile | ||
| README.md | ||
| common_libs.mk | ||
| host.mk | ||
| platforms.mk | ||
| toolchains.mk | ||
README.md
Port of MCUBoot library for evaluation with Cypress PSoC 6 chips
Disclaimer
Given solution is included in MCUboot repository with purpose to demonstrate basic consepts and features of MCUboot library on Cypress PSoC 6 device. Applications are created per MCUboot library maintainers requirements. Implemetation differs from conventional and recomended by Cypress Semiconductors development flow for PSoC 6 devices. These applications are not recomended as a starting point for development and should not be considered as supported examples for PSoC 6 devices.
Examples provided to use with ModusToolbox® Software Environment are a recommended reference point to start development of MCUboot based bootloaders for PSoC 6 devices.
Refer to Cypress Semiconductors github page to find examples.
- MCUboot-Based Basic Bootloader mtb-example-psoc6-mcuboot-basic
- MCUboot-Based Bootloader with Rollback to Factory App in External Flash mtb-example-anycloud-mcuboot-rollback
Solution description
There are two applications implemented:
- MCUBootApp - PSoC6 MCUboot-based bootloading application;
- BlinkyApp - simple PSoC6 blinking LED application which is a target of BOOT/UPGRADE;
The default flash map for MCUBootApp implemented is next:
- [0x10000000, 0x10018000] - MCUBootApp (bootloader) area;
- [0x10018000, 0x10028000] - primary slot for BlinkyApp;
- [0x10028000, 0x10038000] - secondary slot for BlinkyApp;
- [0x10038000, 0x10039000] - scratch area;
The flash map is defined through sysflash.h and cy_flash_map.c.
It is also possible to place secondary (upgrade) slots in external memory module. In this case primary slot can be doubled in size.
For more details about External Memory usage, please refer to separate guiding document MCUBootApp/ExternalMemory.md.
MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature verification and uses either completely software implementation of cryptographic functions or accelerated by hardware - both based on Mbed TLS Library.
Downloading solution's assets
There is a set assets required:
- MCUBooot Library (root repository)
- PSoC6 Peripheral Drivers Library (PDL)
- Mbed TLS Cryptographic Library
Those are represented as submodules.
To retrieve source code with subsequent submodules pull:
git clone --recursive https://github.com/mcu-tools/mcuboot.git
Submodules can also be updated and initialized separately:
cd mcuboot
git submodule update --init --recursive
Building solution
Root directory for build is boot/cypress.
This folder contains make files infrastructure for building both MCUboot Bootloader and sample BlinkyApp application used for Bootloader demo functionality.
Instructions on how to build and upload MCUBootApp bootloader application and sample user applocation are located in Readme.md files in corresponding folders.
Supported platforms for MCUboot, BlinkyApp:
- PSOC_062_2M
- PSOC_062_1M
- PSOC_062_512K
Build environment troubleshooting
Following CLI / IDE are supported for project build:
- Cygwin on Windows systems
- unix style shells on *nix systems
- Eclipse / ModusToolbox ("makefile project from existing source")
Make - make sure it is added to system's PATH variable and correct path is first in the list;
Python/Python3 - make sure you have correct path referenced in PATH;
Msys2 - to use systems PATH navigate to msys2 folder, open msys2_shell.cmd, uncomment set MSYS2_PATH_TYPE=inherit, restart MSYS2 shell.
This will inherit system's PATH so should find python3.7 installed in regular way as well as imgtool and its dependencies.