From 014f42df092f9e026a32db86d49fbd1cb75f94aa Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 8 Apr 2020 12:02:03 -0500 Subject: [PATCH 01/72] zephyr: Replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL As upstream zephyr is phasing out DT_FLASH defines for non-partition usage replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL. Signed-off-by: Kumar Gala --- boot/zephyr/flash_map_extended.c | 2 +- boot/zephyr/include/target.h | 2 +- boot/zephyr/main.c | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/boot/zephyr/flash_map_extended.c b/boot/zephyr/flash_map_extended.c index b2de88494..4723af187 100644 --- a/boot/zephyr/flash_map_extended.c +++ b/boot/zephyr/flash_map_extended.c @@ -17,7 +17,7 @@ MCUBOOT_LOG_MODULE_DECLARE(mcuboot); -#if (!defined(CONFIG_XTENSA) && defined(DT_FLASH_DEV_NAME)) +#if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) #define FLASH_DEVICE_ID SOC_FLASH_0_ID #define FLASH_DEVICE_BASE CONFIG_FLASH_BASE_ADDRESS #elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 57a412b66..794f40f2d 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -28,7 +28,7 @@ /* * Sanity check the target support. */ -#if (!defined(CONFIG_XTENSA) && !defined(DT_FLASH_DEV_NAME)) || \ +#if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 978d517e4..ce628519a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -277,9 +277,10 @@ void main(void) ZEPHYR_BOOT_LOG_START(); -#if (!defined(CONFIG_XTENSA) && defined(DT_FLASH_DEV_NAME)) - if (!flash_device_get_binding(DT_FLASH_DEV_NAME)) { - BOOT_LOG_ERR("Flash device %s not found", DT_FLASH_DEV_NAME); +#if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) + if (!flash_device_get_binding(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", + DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL); while (1) ; } From 8cd5dc5f9fc9582e9e4e52996e23ed5078dabf82 Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 8 Apr 2020 12:06:21 -0500 Subject: [PATCH 02/72] zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL Signed-off-by: Kumar Gala --- boot/zephyr/include/target.h | 6 +++++- boot/zephyr/main.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 794f40f2d..d6f5b74fc 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,11 +25,15 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ +#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) +#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) +#endif + /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ce628519a..c3e4cfef2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); while (1) ; } From 39d1aef28cacde4de2ca3f65fa31ba18925e46ea Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 7 May 2020 12:38:39 +0200 Subject: [PATCH 03/72] Revert "zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros" This reverts commit 8cd5dc5f9fc9582e9e4e52996e23ed5078dabf82. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 +----- boot/zephyr/main.c | 6 +++--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d6f5b74fc..794f40f2d 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,15 +25,11 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ -#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) -#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) -#endif - /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c3e4cfef2..ce628519a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); while (1) ; } From 48b8ef0a9231cd2d16ed4dcb479472c4d33ac708 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 7 May 2020 12:38:48 +0200 Subject: [PATCH 04/72] Revert "Revert "zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros"" This reverts commit 39d1aef28cacde4de2ca3f65fa31ba18925e46ea. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 +++++- boot/zephyr/main.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 794f40f2d..d6f5b74fc 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,11 +25,15 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ +#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) +#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) +#endif + /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ce628519a..c3e4cfef2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); while (1) ; } From b7254d11cd305e321e48368a09795dd01c3856af Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Thu, 7 May 2020 19:31:57 -0500 Subject: [PATCH 05/72] zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA_ As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_ macros. Signed-off-by: Kumar Gala --- boot/zephyr/include/sysflash/sysflash.h | 18 +++++++++--------- boot/zephyr/include/target.h | 10 ++++------ 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index e745ffa19..66dce1d24 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -13,32 +13,32 @@ * running in single image mode. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_0_ID : \ - DT_FLASH_AREA_IMAGE_0_ID) + FLASH_AREA_ID(image_0) : \ + FLASH_AREA_ID(image_0)) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_1_ID : \ - DT_FLASH_AREA_IMAGE_1_ID) + FLASH_AREA_ID(image_1) : \ + FLASH_AREA_ID(image_1)) #elif (MCUBOOT_IMAGE_NUMBER == 2) /* MCUBoot currently supports only up to 2 updateable firmware images. * If the number of the current image is greater than MCUBOOT_IMAGE_NUMBER - 1 * then a dummy value will be assigned to the flash area macros. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_0_ID : \ + FLASH_AREA_ID(image_0) : \ ((x) == 1) ? \ - DT_FLASH_AREA_IMAGE_2_ID : \ + FLASH_AREA_ID(image_2) : \ 255) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_1_ID : \ + FLASH_AREA_ID(image_1) : \ ((x) == 1) ? \ - DT_FLASH_AREA_IMAGE_3_ID : \ + FLASH_AREA_ID(image_3) : \ 255) #else #error "Image slot and flash area mapping is not defined" #endif #if !defined(CONFIG_BOOT_SWAP_USING_MOVE) -#define FLASH_AREA_IMAGE_SCRATCH DT_FLASH_AREA_IMAGE_SCRATCH_ID +#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_ID(image_scratch) #endif #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d6f5b74fc..3cff9f36c 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -20,6 +20,7 @@ * everything we need. */ #include +#include #define FLASH_ALIGN FLASH_WRITE_BLOCK_SIZE @@ -35,12 +36,9 @@ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ - !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ - !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ - !defined(DT_FLASH_AREA_IMAGE_1_OFFSET) || \ - !defined(DT_FLASH_AREA_IMAGE_1_SIZE) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_OFFSET)) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_SIZE)) + !(FLASH_AREA_LABEL_EXISTS(image_0)) || \ + !(FLASH_AREA_LABEL_EXISTS(image_1)) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !(FLASH_AREA_LABEL_EXISTS(image_scratch))) #error "Target support is incomplete; cannot build mcuboot." #endif From 322b11ae3489e04b86ec2188a7de29ca6593178d Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 11 May 2020 14:20:29 +0200 Subject: [PATCH 06/72] zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA for multimage Use the new FLASH_AREA_ macros. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 3cff9f36c..2e0f5fdaf 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -42,10 +42,8 @@ #error "Target support is incomplete; cannot build mcuboot." #endif -#if ((MCUBOOT_IMAGE_NUMBER == 2) && (!defined(FLASH_AREA_IMAGE_2_OFFSET) || \ - !defined(FLASH_AREA_IMAGE_2_SIZE) || \ - !defined(FLASH_AREA_IMAGE_3_OFFSET) || \ - !defined(FLASH_AREA_IMAGE_3_SIZE))) +#if (MCUBOOT_IMAGE_NUMBER == 2) && (!(FLASH_AREA_LABEL_EXISTS(image_2)) || \ + !(FLASH_AREA_LABEL_EXISTS(image_3))) #error "Target support is incomplete; cannot build mcuboot." #endif From 1f181dda41e618e6269024ea6f097c52a68b9d3f Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Mon, 11 May 2020 15:08:19 -0500 Subject: [PATCH 07/72] sim: Fixup devicetree.h for changes to mcuboot Fixup how we fake out devicetree.h, which is now really the flash map API for what mcuboot is using. Signed-off-by: Kumar Gala --- sim/mcuboot-sys/csupport/devicetree.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sim/mcuboot-sys/csupport/devicetree.h b/sim/mcuboot-sys/csupport/devicetree.h index f268640ae..434e4eebf 100644 --- a/sim/mcuboot-sys/csupport/devicetree.h +++ b/sim/mcuboot-sys/csupport/devicetree.h @@ -4,15 +4,17 @@ * SPDX-License-Identifier: Apache-2.0 */ -/* This file mocks zephyr's autogenerated DT output header file */ +/* This file mocks zephyr's flash map / DT macro */ #ifndef __DEVICETREE_H__ #define __DEVICETREE_H__ -#define DT_FLASH_AREA_IMAGE_0_ID 1 -#define DT_FLASH_AREA_IMAGE_1_ID 2 -#define DT_FLASH_AREA_IMAGE_SCRATCH_ID 3 -#define DT_FLASH_AREA_IMAGE_2_ID 4 -#define DT_FLASH_AREA_IMAGE_3_ID 5 +#define FLASH_AREA_ID(x) FLASH_AREA_ID_##x + +#define FLASH_AREA_ID_image_0 1 +#define FLASH_AREA_ID_image_1 2 +#define FLASH_AREA_ID_image_scratch 3 +#define FLASH_AREA_ID_image_2 4 +#define FLASH_AREA_ID_image_3 5 #endif /*__DEVICETREE_H__*/ From e88113bbebe34ff2ccc6627ffae885cfeed6fdfd Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Mon, 11 May 2020 15:33:03 -0500 Subject: [PATCH 08/72] scripts/assemble: Rework to use EDT library to get devicetree data Signed-off-by: Kumar Gala --- scripts/assemble.py | 55 +++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/scripts/assemble.py b/scripts/assemble.py index d8c824b00..e895ee773 100755 --- a/scripts/assemble.py +++ b/scripts/assemble.py @@ -23,6 +23,14 @@ import io import re import os.path +import sys + +ZEPHYR_BASE = os.getenv("ZEPHYR_BASE") +if not ZEPHYR_BASE: + sys.exit("$ZEPHYR_BASE environment variable undefined") + +sys.path.insert(0, os.path.join(ZEPHYR_BASE, "scripts", "dts")) +import edtlib def same_keys(a, b): """Determine if the dicts a and b have the same keys in them""" @@ -38,8 +46,8 @@ def same_keys(a, b): size_re = re.compile(r"^#define DT_FLASH_AREA_([0-9A-Z_]+)_SIZE(_0)?\s+(0x[0-9a-fA-F]+|[0-9]+)$") class Assembly(): - def __init__(self, output, bootdir): - self.find_slots(bootdir) + def __init__(self, output, bootdir, edt): + self.find_slots(edt) try: os.unlink(output) except OSError as e: @@ -47,29 +55,29 @@ def __init__(self, output, bootdir): raise self.output = output - def find_slots(self, bootdir): + def find_slots(self, edt): offsets = {} sizes = {} - with open(os.path.join(bootdir, 'zephyr', 'include', 'generated', 'devicetree_legacy_unfixed.h'), 'r') as fd: - for line in fd: - m = offset_re.match(line) - if m is not None: - offsets[m.group(1)] = int(m.group(3), 0) - m = size_re.match(line) - if m is not None: - sizes[m.group(1)] = int(m.group(3), 0) + + part_nodes = edt.compat2nodes["fixed-partitions"] + for node in part_nodes: + for child in node.children.values(): + if "label" in child.props: + label = child.props["label"].val + offsets[label] = child.regs[0].addr + sizes[label] = child.regs[0].size if not same_keys(offsets, sizes): raise Exception("Inconsistent data in devicetree.h") - # We care about the MCUBOOT, IMAGE_0, and IMAGE_1 partitions. - if 'MCUBOOT' not in offsets: + # We care about the mcuboot, image-0, and image-1 partitions. + if 'mcuboot' not in offsets: raise Exception("Board partition table does not have mcuboot partition") - if 'IMAGE_0' not in offsets: + if 'image-0' not in offsets: raise Exception("Board partition table does not have image-0 partition") - if 'IMAGE_1' not in offsets: + if 'image-1' not in offsets: raise Exception("Board partition table does not have image-1 partition") self.offsets = offsets @@ -103,12 +111,21 @@ def main(): help='Filename to write full image to') args = parser.parse_args() - output = Assembly(args.output, args.bootdir) - output.add_image(os.path.join(args.bootdir, 'zephyr', 'zephyr.bin'), 'MCUBOOT') - output.add_image(args.primary, "IMAGE_0") + # Extract board name from path + board = os.path.split(os.path.split(args.bootdir)[0])[1] + + dts_path = os.path.join(args.bootdir, "zephyr", board + ".dts.pre.tmp") + + edt = edtlib.EDT(dts_path, [os.path.join(ZEPHYR_BASE, "dts", "bindings")], + warn_reg_unit_address_mismatch=False) + + output = Assembly(args.output, args.bootdir, edt) + + output.add_image(os.path.join(args.bootdir, 'zephyr', 'zephyr.bin'), 'mcuboot') + output.add_image(args.primary, "image-0") if args.secondary is not None: - output.add_image(args.secondary, "IMAGE_1") + output.add_image(args.secondary, "image-1") if __name__ == '__main__': main() From f6252674aaef5988222925f1dfc05e68df2da2c6 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Tue, 19 May 2020 17:12:52 +0200 Subject: [PATCH 09/72] kconfig: Update to CONFIG_FLOAT to CONFIG_FPU rename in zephyr Update CONFIG_FLOAT to CONFIG_FPU which has been renamed in zephyr. Signed-off-by: Joakim Andersson --- boot/zephyr/boards/nrf52_minimal_footprint.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/boards/nrf52_minimal_footprint.conf b/boot/zephyr/boards/nrf52_minimal_footprint.conf index 8c24f54cc..afe8c9baf 100644 --- a/boot/zephyr/boards/nrf52_minimal_footprint.conf +++ b/boot/zephyr/boards/nrf52_minimal_footprint.conf @@ -53,7 +53,7 @@ CONFIG_IRQ_OFFLOAD=n # Memory protection CONFIG_MEMORY_PROTECTION=n CONFIG_THREAD_CUSTOM_DATA=n -CONFIG_FLOAT=n +CONFIG_FPU=n # Boot CONFIG_BOOT_BANNER=n From 4bb0f9547f80e1d14cb6591db12030e2dbf891f4 Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Thu, 28 May 2020 12:34:15 +0200 Subject: [PATCH 10/72] cmake: use find_package to locate Zephyr Using find_package to locate Zephyr. Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate code. Whenever an automatic run of CMake happend by the build system / IDE then it was required that ZEPHYR_BASE was defined. Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to cache the base variable and thus allowing subsequent invocation even if ZEPHYR_BASE is not set in the environment. It also removes the risk of strange build results if a user switchs between different Zephyr based project folders and forgetting to reset ZEPHYR_BASE before running ninja / make. Signed-off-by: Torsten Rasmussen --- boot/zephyr/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index c382c528b..b860e97b7 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -39,9 +39,9 @@ macro(app_set_runner_args) endif() endmacro() -# Standard Zephyr application boilerplate: +# find_package(Zephyr) in order to load application boilerplate: # http://docs.zephyrproject.org/application/application.html -include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE) +find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(NONE) # Path to "boot" subdirectory of repository root. From ba7748d0923077488fd8d7864db8d0af0a4b4657 Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 27 May 2020 12:25:41 -0500 Subject: [PATCH 11/72] Convert from Zephyr to C99 types Convert to use C99 types as we intend to deprecate the zephyr specific integer types. Signed-off-by: Kumar Gala --- boot/boot_serial/src/boot_serial.c | 2 +- boot/zephyr/arm_cleanup.c | 4 ++-- boot/zephyr/main.c | 4 ++-- boot/zephyr/serial_adapter.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 44a28fcba..f00c8e885 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -485,7 +485,7 @@ boot_serial_output(void) bs_hdr->nh_group = htons(bs_hdr->nh_group); #ifdef __ZEPHYR__ - crc = crc16((u8_t *)bs_hdr, sizeof(*bs_hdr), CRC_CITT_POLYMINAL, + crc = crc16((uint8_t *)bs_hdr, sizeof(*bs_hdr), CRC_CITT_POLYMINAL, CRC16_INITIAL_CRC, false); crc = crc16(data, len, CRC_CITT_POLYMINAL, crc, true); #else diff --git a/boot/zephyr/arm_cleanup.c b/boot/zephyr/arm_cleanup.c index 647b8b429..a36592685 100644 --- a/boot/zephyr/arm_cleanup.c +++ b/boot/zephyr/arm_cleanup.c @@ -12,11 +12,11 @@ void cleanup_arm_nvic(void) { __disable_irq(); /* Disable NVIC interrupts */ - for (u8_t i = 0; i < ARRAY_SIZE(NVIC->ICER); i++) { + for (uint8_t i = 0; i < ARRAY_SIZE(NVIC->ICER); i++) { NVIC->ICER[i] = 0xFFFFFFFF; } /* Clear pending NVIC interrupts */ - for (u8_t i = 0; i < ARRAY_SIZE(NVIC->ICPR); i++) { + for (uint8_t i = 0; i < ARRAY_SIZE(NVIC->ICPR); i++) { NVIC->ICPR[i] = 0xFFFFFFFF; } } diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c3e4cfef2..1bea3bbda 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -79,7 +79,7 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); static inline bool boot_skip_serial_recovery() { #if NRF_POWER_HAS_RESETREAS - u32_t rr = nrf_power_resetreas_get(NRF_POWER); + uint32_t rr = nrf_power_resetreas_get(NRF_POWER); return !(rr == 0 || (rr & NRF_POWER_RESETREAS_RESETPIN_MASK)); #else @@ -295,7 +295,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL struct device *detect_port; - u32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; + uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); __ASSERT(detect_port, "Error: Bad port for boot serial detection.\n"); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 63dca025a..896ed5231 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -47,7 +47,7 @@ static struct line_input line_bufs[2]; static sys_slist_t avail_queue; static sys_slist_t lines_queue; -static u16_t cur; +static uint16_t cur; static int boot_uart_fifo_getline(char **line); static int boot_uart_fifo_init(void); @@ -118,7 +118,7 @@ static void boot_uart_fifo_callback(struct device *dev) { static struct line_input *cmd; - u8_t byte; + uint8_t byte; int rx; uart_irq_update(uart_dev); @@ -203,7 +203,7 @@ boot_uart_fifo_init(void) } } #endif - u8_t c; + uint8_t c; if (!uart_dev) { return (-1); From 60cc568615e9f34f90677c12bc4264a5dd802303 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 8 Jun 2020 11:36:13 +0200 Subject: [PATCH 12/72] Revert "zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA_" This reverts commit b7254d11cd305e321e48368a09795dd01c3856af. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/sysflash/sysflash.h | 18 +++++++++--------- boot/zephyr/include/target.h | 10 ++++++---- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 66dce1d24..e745ffa19 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -13,32 +13,32 @@ * running in single image mode. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_0) : \ - FLASH_AREA_ID(image_0)) + DT_FLASH_AREA_IMAGE_0_ID : \ + DT_FLASH_AREA_IMAGE_0_ID) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_1) : \ - FLASH_AREA_ID(image_1)) + DT_FLASH_AREA_IMAGE_1_ID : \ + DT_FLASH_AREA_IMAGE_1_ID) #elif (MCUBOOT_IMAGE_NUMBER == 2) /* MCUBoot currently supports only up to 2 updateable firmware images. * If the number of the current image is greater than MCUBOOT_IMAGE_NUMBER - 1 * then a dummy value will be assigned to the flash area macros. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_0) : \ + DT_FLASH_AREA_IMAGE_0_ID : \ ((x) == 1) ? \ - FLASH_AREA_ID(image_2) : \ + DT_FLASH_AREA_IMAGE_2_ID : \ 255) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_1) : \ + DT_FLASH_AREA_IMAGE_1_ID : \ ((x) == 1) ? \ - FLASH_AREA_ID(image_3) : \ + DT_FLASH_AREA_IMAGE_3_ID : \ 255) #else #error "Image slot and flash area mapping is not defined" #endif #if !defined(CONFIG_BOOT_SWAP_USING_MOVE) -#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_ID(image_scratch) +#define FLASH_AREA_IMAGE_SCRATCH DT_FLASH_AREA_IMAGE_SCRATCH_ID #endif #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 2e0f5fdaf..861d25431 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -20,7 +20,6 @@ * everything we need. */ #include -#include #define FLASH_ALIGN FLASH_WRITE_BLOCK_SIZE @@ -36,9 +35,12 @@ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ - !(FLASH_AREA_LABEL_EXISTS(image_0)) || \ - !(FLASH_AREA_LABEL_EXISTS(image_1)) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !(FLASH_AREA_LABEL_EXISTS(image_scratch))) + !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ + !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ + !defined(DT_FLASH_AREA_IMAGE_1_OFFSET) || \ + !defined(DT_FLASH_AREA_IMAGE_1_SIZE) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_OFFSET)) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_SIZE)) #error "Target support is incomplete; cannot build mcuboot." #endif From 9920005e1bedf20d0e2b24d39a44de193fc36691 Mon Sep 17 00:00:00 2001 From: Carles Cufi Date: Mon, 20 Jul 2020 17:43:17 +0200 Subject: [PATCH 13/72] zephyr: serial: Align with new callback signature Align the code to the new UART callback signature, see: https://github.com/zephyrproject-rtos/zephyr/pull/26426 Signed-off-by: Carles Cufi --- boot/zephyr/serial_adapter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 896ed5231..8787780e3 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(struct device *dev) +boot_uart_fifo_callback(struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From 3ab5ab307cbfd1f7d3028dc7461b35c156d3e5ab Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Wed, 26 Aug 2020 18:07:05 -0400 Subject: [PATCH 14/72] sample: inclusive language: whitelist -> allow Change whitelist->allow to be compatible with sanitycheck in zephyr. Signed-off-by: Anas Nashif --- boot/zephyr/sample.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/sample.yaml b/boot/zephyr/sample.yaml index faef68e59..6c41d2820 100644 --- a/boot/zephyr/sample.yaml +++ b/boot/zephyr/sample.yaml @@ -5,16 +5,16 @@ sample: tests: sample.bootloader.mcuboot: tags: bootloader_mcuboot - platform_whitelist: nrf52840dk_nrf52840 frdm_k64f + platform_allow: nrf52840dk_nrf52840 frdm_k64f sample.bootloader.mcuboot.serial_recovery: extra_args: OVERLAY_CONFIG=serial_recovery.conf - platform_whitelist: nrf52840dk_nrf52840 + platform_allow: nrf52840dk_nrf52840 tags: bootloader_mcuboot sample.bootloader.mcuboot.usb_cdc_acm_recovery: tags: bootloader_mcuboot - platform_whitelist: nrf52840dongle_nrf52840 + platform_allow: nrf52840dongle_nrf52840 sample.bootloader.mcuboot.usb_cdc_acm_recovery_log: extra_args: OVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf DTC_OVERLAY_FILE=./boards/nrf52840_big.overlay - platform_whitelist: nrf52840dk_nrf52840 + platform_allow: nrf52840dk_nrf52840 tags: bootloader_mcuboot From f78d1d0fc7105111f04e9e0c83e0b9e9f04d07fe Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Mon, 17 Aug 2020 12:05:52 -0300 Subject: [PATCH 15/72] imgtool: fix package's author email Fix author email after move to new mailing list. Signed-off-by: Fabio Utzig --- scripts/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup.py b/scripts/setup.py index 058d0cb4e..bf35d9ffe 100644 --- a/scripts/setup.py +++ b/scripts/setup.py @@ -5,7 +5,7 @@ name="imgtool", version=imgtool_version, author="The MCUboot committers", - author_email="dev-mcuboot@lists.runtime.co", + author_email="mcuboot@groups.io", description=("MCUboot's image signing and key management"), license="Apache Software License", url="http://github.com/JuulLabs-OSS/mcuboot", From 480421999ec2d8d2a20091e4f3a0393db04de5c4 Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Wed, 2 Sep 2020 11:39:43 -0300 Subject: [PATCH 16/72] zephyr: struct device const-ification Follows up the change added to Zephyr with: https://github.com/zephyrproject-rtos/zephyr/pull/24873 Signed-off-by: Fabio Utzig --- boot/zephyr/flash_map_extended.c | 4 ++-- boot/zephyr/include/flash_map_backend/flash_map_backend.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/flash_map_extended.c b/boot/zephyr/flash_map_extended.c index c77f96cf1..ffa45006a 100644 --- a/boot/zephyr/flash_map_extended.c +++ b/boot/zephyr/flash_map_extended.c @@ -27,9 +27,9 @@ MCUBOOT_LOG_MODULE_DECLARE(mcuboot); #error "FLASH_DEVICE_ID could not be determined" #endif -static struct device *flash_dev; +static const struct device *flash_dev; -struct device *flash_device_get_binding(char *dev_name) +const struct device *flash_device_get_binding(char *dev_name) { if (!flash_dev) { flash_dev = device_get_binding(dev_name); diff --git a/boot/zephyr/include/flash_map_backend/flash_map_backend.h b/boot/zephyr/include/flash_map_backend/flash_map_backend.h index 20dd37914..8b5fd0ca6 100644 --- a/boot/zephyr/include/flash_map_backend/flash_map_backend.h +++ b/boot/zephyr/include/flash_map_backend/flash_map_backend.h @@ -38,7 +38,7 @@ extern "C" { * * Returns the flash device on success, or NULL on failure. */ -struct device *flash_device_get_binding(char *dev_name); +const struct device *flash_device_get_binding(char *dev_name); /* * Retrieve a memory-mapped flash device's base address. From a5d79cf8ccb2c71e68ef32a71d6a2716e831d12e Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Wed, 12 Aug 2020 04:29:12 -0700 Subject: [PATCH 17/72] boot: zephyr: Fix build issue for multiple conf files Change fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. Signed-off-by: Marek Pieta Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/CMakeLists.txt | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index abe931e5e..b660bc74c 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -231,17 +231,30 @@ if(CONFIG_MCUBOOT_SERIAL) ) endif() -# CONF_FILE points to the KConfig configuration file of the bootloader -get_filename_component(CONF_DIR ${CONF_FILE} DIRECTORY) +# CONF_FILE points to the KConfig configuration files of the bootloader. +foreach (filepath ${CONF_FILE}) + file(READ ${filepath} temp_text) + string(FIND "${temp_text}" ${CONFIG_BOOT_SIGNATURE_KEY_FILE} match) + if (${match} GREATER_EQUAL 0) + if (NOT DEFINED CONF_DIR) + get_filename_component(CONF_DIR ${filepath} DIRECTORY) + else() + message(FATAL_ERROR "Signature key file defined in multiple conf files") + endif() + endif() +endforeach() if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - elseif(EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + elseif((DEFINED CONF_DIR) AND + (EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) else() set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) endif() + message("MCUBoot bootloader key file: ${KEY_FILE}") + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} From e8bfc030a541ac0385d2708927a64fb5a9db4648 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 11 Sep 2020 11:31:38 +0000 Subject: [PATCH 18/72] zephyr: Fix serial recovery compilation warnings Missing const on pointers to device structures caused compilation warnings when compiling bootloader with serial recovery enabled. Signed-off-by: Dominik Ermel --- boot/zephyr/main.c | 2 +- boot/zephyr/serial_adapter.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 4050f4c49..48ce6eb75 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -317,7 +317,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL - struct device *detect_port; + struct device const *detect_port; uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 8787780e3..829752289 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -41,7 +41,7 @@ struct line_input { char line[CONFIG_BOOT_MAX_LINE_INPUT_LEN]; }; -static struct device *uart_dev; +static struct device const *uart_dev; static struct line_input line_bufs[2]; static sys_slist_t avail_queue; @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(struct device *dev, void *user_data) +boot_uart_fifo_callback(const struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From 62b78ff2a2148490f91ee9a4b4d7a7ab8bbc4fd4 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Tue, 27 Jul 2021 23:17:05 +0200 Subject: [PATCH 19/72] boot: zephyr: add integration platforms to the allow list The platforms that are listed as integration platforms in the Zephyr boot sample need to be included in the platform allow list, otherwise zephyr CI will throw an error. This commit removes the common list of integration platforms and adds integration platform entries in each test variant, in accordance with the allow-list in each of the variants. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/sample.yaml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/sample.yaml b/boot/zephyr/sample.yaml index d9fb54a1b..35b4f1ef8 100644 --- a/boot/zephyr/sample.yaml +++ b/boot/zephyr/sample.yaml @@ -1,34 +1,42 @@ sample: description: mcuboot test build sample name: mcuboot -common: - integration_platforms: - - nrf52840dk_nrf52840 - - nrf52840dongle_nrf52840 tests: sample.bootloader.mcuboot: tags: bootloader_mcuboot platform_allow: nrf52840dk_nrf52840 frdm_k64f + integration_platforms: + - nrf52840dk_nrf52840 sample.bootloader.mcuboot.serial_recovery: extra_args: OVERLAY_CONFIG=serial_recovery.conf platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 tags: bootloader_mcuboot sample.bootloader.mcuboot.usb_cdc_acm_recovery: tags: bootloader_mcuboot platform_allow: nrf52840dongle_nrf52840 + integration_platforms: + - nrf52840dongle_nrf52840 sample.bootloader.mcuboot.usb_cdc_acm_recovery_log: extra_args: OVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf DTC_OVERLAY_FILE=./boards/nrf52840_big.overlay platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 tags: bootloader_mcuboot sample.bootloader.mcuboot.single_slot: extra_args: OVERLAY_CONFIG=./single_slot.conf DTC_OVERLAY_FILE=./boards/nrf52840_single_slot.overlay platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 tags: bootloader_mcuboot sample.bootloader.mcuboot.qspi_nor_slot: extra_args: DTC_OVERLAY_FILE=./boards/nrf52840dk_qspi_nor_secondary.overlay OVERLAY_CONFIG="./boards/nrf52840dk_qspi_nor.conf;./boards/nrf52840dk_qspi_secondary_boot.conf" platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 tags: bootloader_mcuboot From 35576c623f3b64b2c496889f1959f6beb64e64bc Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Mon, 2 Aug 2021 13:20:09 +0200 Subject: [PATCH 20/72] zephyr: remove Kconfig option CONFIG_USB USB device support configuration is revised, CONFIG_USB option is deprecated. Only USB_DEVICE_STACK option should be used to enable USB device support. Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 5 ++--- boot/zephyr/boards/nrf52840dongle_nrf52840.conf | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index dde97dd8e..bacb127df 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -364,7 +364,7 @@ config BOOT_USB_DFU_NO config BOOT_USB_DFU_WAIT bool "Wait for a prescribed duration to see if USB DFU is invoked" - select USB + select USB_DEVICE_STACK select USB_DFU_CLASS select IMG_MANAGER help @@ -374,7 +374,7 @@ config BOOT_USB_DFU_WAIT config BOOT_USB_DFU_GPIO bool "Use GPIO to detect whether to trigger DFU mode" - select USB + select USB_DEVICE_STACK select USB_DFU_CLASS select IMG_MANAGER help @@ -487,7 +487,6 @@ config BOOT_SERIAL_UART config BOOT_SERIAL_CDC_ACM bool "CDC ACM" - select USB select USB_DEVICE_STACK select USB_CDC_ACM diff --git a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf index ba333d9c1..25dd6529b 100644 --- a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf +++ b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf @@ -24,7 +24,6 @@ CONFIG_BOOT_SERIAL_DETECT_PIN=6 CONFIG_MULTITHREADING=y # USB -CONFIG_USB=y CONFIG_USB_DEVICE_STACK=y CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" CONFIG_USB_CDC_ACM=y From 3c5eb02451081db4b5876760600f638985ce46b0 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 30 Jul 2021 16:01:03 +0200 Subject: [PATCH 21/72] zephyr: get CDC ACM UART device from devicetree Adapt to Zephyr OS changes to get CDC ACM UART device. Remove RECOVERY_UART_DEV_NAME Kconfig option and use DEVICE_DT_GET() in serial_adapter.c Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 13 ----------- .../boards/nrf52840dongle_nrf52840.conf | 1 - boot/zephyr/dts.overlay | 7 ++++++ boot/zephyr/serial_adapter.c | 23 ++++++++++--------- 4 files changed, 19 insertions(+), 25 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index bacb127df..80cfc31ac 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -488,7 +488,6 @@ config BOOT_SERIAL_UART config BOOT_SERIAL_CDC_ACM bool "CDC ACM" select USB_DEVICE_STACK - select USB_CDC_ACM endchoice @@ -539,18 +538,6 @@ config BOOT_SERIAL_DETECT_DELAY Useful for powering on when using the same button as the one used to place the device in bootloader mode. -# Workaround for not being able to have commas in macro arguments -DT_CHOSEN_Z_CONSOLE := zephyr,console - -config RECOVERY_UART_DEV_NAME - string "UART Device Name for Recovery UART" - default "$(dt_chosen_label,$(DT_CHOSEN_Z_CONSOLE))" if HAS_DTS - default "UART_0" - depends on BOOT_SERIAL_UART - help - This option specifies the name of UART device to be used for - serial recovery. - endif # MCUBOOT_SERIAL config BOOT_INTR_VEC_RELOC diff --git a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf index 25dd6529b..f4fbb39de 100644 --- a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf +++ b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf @@ -26,6 +26,5 @@ CONFIG_MULTITHREADING=y # USB CONFIG_USB_DEVICE_STACK=y CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" -CONFIG_USB_CDC_ACM=y CONFIG_USB_COMPOSITE_DEVICE=n CONFIG_USB_MASS_STORAGE=n diff --git a/boot/zephyr/dts.overlay b/boot/zephyr/dts.overlay index 74d3dfbfd..706d95421 100644 --- a/boot/zephyr/dts.overlay +++ b/boot/zephyr/dts.overlay @@ -3,3 +3,10 @@ zephyr,code-partition = &boot_partition; }; }; + +&zephyr_udc0 { + cdc_acm_uart0 { + compatible = "zephyr,cdc-acm-uart"; + label = "CDC_ACM_0"; + }; +}; diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 7923914fa..effde31b3 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -192,27 +192,28 @@ static int boot_uart_fifo_init(void) { #ifdef CONFIG_BOOT_SERIAL_UART - uart_dev = device_get_binding(CONFIG_RECOVERY_UART_DEV_NAME); + uart_dev = DEVICE_DT_GET(DT_CHOSEN(zephyr_console)); #elif CONFIG_BOOT_SERIAL_CDC_ACM - uart_dev = device_get_binding(CONFIG_USB_CDC_ACM_DEVICE_NAME "_0"); - if (uart_dev) { - int rc; - rc = usb_enable(NULL); - if (rc) { - return (-1); - } - } + uart_dev = DEVICE_DT_GET_ONE(zephyr_cdc_acm_uart); #endif - uint8_t c; - if (!uart_dev) { + if (!device_is_ready(uart_dev)) { return (-1); } +#if CONFIG_BOOT_SERIAL_CDC_ACM + int rc = usb_enable(NULL); + if (rc) { + return (-1); + } +#endif + uart_irq_callback_set(uart_dev, boot_uart_fifo_callback); /* Drain the fifo */ if (uart_irq_rx_ready(uart_dev)) { + uint8_t c; + while (uart_fifo_read(uart_dev, &c, 1)) { ; } From ca01db4216c63678768ea78fe04f27cd80b83246 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 20 Aug 2021 18:15:25 +0200 Subject: [PATCH 22/72] zephyr: CDC ACM UART node to specific overlays Move CDC ACM UART node from common DTC overlay to specific overlays, nrf52840_big.overlays and usb_cdc_acm.overlays. Signed-off-by: Johann Fischer --- boot/zephyr/boards/nrf52840_big.overlay | 7 +++++++ boot/zephyr/dts.overlay | 7 ------- boot/zephyr/sample.yaml | 1 + boot/zephyr/usb_cdc_acm.overlay | 6 ++++++ 4 files changed, 14 insertions(+), 7 deletions(-) create mode 100644 boot/zephyr/usb_cdc_acm.overlay diff --git a/boot/zephyr/boards/nrf52840_big.overlay b/boot/zephyr/boards/nrf52840_big.overlay index 094a7a45a..778a1edce 100644 --- a/boot/zephyr/boards/nrf52840_big.overlay +++ b/boot/zephyr/boards/nrf52840_big.overlay @@ -28,3 +28,10 @@ }; }; }; + +&zephyr_udc0 { + cdc_acm_uart0 { + compatible = "zephyr,cdc-acm-uart"; + label = "CDC_ACM_0"; + }; +}; diff --git a/boot/zephyr/dts.overlay b/boot/zephyr/dts.overlay index 706d95421..74d3dfbfd 100644 --- a/boot/zephyr/dts.overlay +++ b/boot/zephyr/dts.overlay @@ -3,10 +3,3 @@ zephyr,code-partition = &boot_partition; }; }; - -&zephyr_udc0 { - cdc_acm_uart0 { - compatible = "zephyr,cdc-acm-uart"; - label = "CDC_ACM_0"; - }; -}; diff --git a/boot/zephyr/sample.yaml b/boot/zephyr/sample.yaml index 35b4f1ef8..326e82c06 100644 --- a/boot/zephyr/sample.yaml +++ b/boot/zephyr/sample.yaml @@ -17,6 +17,7 @@ tests: sample.bootloader.mcuboot.usb_cdc_acm_recovery: tags: bootloader_mcuboot platform_allow: nrf52840dongle_nrf52840 + extra_args: DTC_OVERLAY_FILE=./usb_cdc_acm.overlay integration_platforms: - nrf52840dongle_nrf52840 sample.bootloader.mcuboot.usb_cdc_acm_recovery_log: diff --git a/boot/zephyr/usb_cdc_acm.overlay b/boot/zephyr/usb_cdc_acm.overlay new file mode 100644 index 000000000..09eb8cffe --- /dev/null +++ b/boot/zephyr/usb_cdc_acm.overlay @@ -0,0 +1,6 @@ +&zephyr_udc0 { + cdc_acm_uart0 { + compatible = "zephyr,cdc-acm-uart"; + label = "CDC_ACM_0"; + }; +}; From a1d5aea6e318665453f38440c214ae3af300f34a Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Thu, 15 Jul 2021 14:53:10 +0200 Subject: [PATCH 23/72] boot: bootutil: Fix memory alignment of RAM buffer Change fixes memory alignment of the RAM buffer that is used to temporarily store data during swap. Some FLASH drivers require word-aligned input data buffer. Using unaligned buffer results in FLASH write error. Signed-off-by: Marek Pieta (cherry picked from commit e51ec0707b668d42c6581ba4687d4f9659f7556a) Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/src/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index b0d33295d..398ab2cf4 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -907,7 +907,7 @@ boot_copy_region(struct boot_loader_state *state, uint8_t image_index; #endif - TARGET_STATIC uint8_t buf[1024]; + TARGET_STATIC uint8_t buf[1024] __attribute__((aligned(4))); #if !defined(MCUBOOT_ENC_IMAGES) (void)state; From 26bbc18743cb442d311e98fa0afa79d16f7c8b34 Mon Sep 17 00:00:00 2001 From: Salome Thirot Date: Fri, 23 Jul 2021 11:24:36 +0100 Subject: [PATCH 24/72] boot: Fix IS_ENCRYPTED macro definition The previous definition did not work as setting any type of flag would make IS_ENCRYPTED true. Signed-off-by: Salome Thirot (cherry picked from commit 2386267279d2f693b64e9f71ff90da439a65b0fb) Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/include/bootutil/image.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h index fc94915dc..35146e296 100644 --- a/boot/bootutil/include/bootutil/image.h +++ b/boot/bootutil/include/bootutil/image.h @@ -149,8 +149,8 @@ struct image_tlv { uint16_t it_len; /* Data length (not including TLV header). */ }; -#define IS_ENCRYPTED(hdr) (((hdr)->ih_flags && IMAGE_F_ENCRYPTED_AES128) \ - || ((hdr)->ih_flags && IMAGE_F_ENCRYPTED_AES256)) +#define IS_ENCRYPTED(hdr) (((hdr)->ih_flags & IMAGE_F_ENCRYPTED_AES128) \ + || ((hdr)->ih_flags & IMAGE_F_ENCRYPTED_AES256)) #define MUST_DECRYPT(fap, idx, hdr) \ ((fap)->fa_id == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_ENCRYPTED(hdr)) From 23c9c4304c127c92cb046f911cc0fc86a1863166 Mon Sep 17 00:00:00 2001 From: Carl-Johan Landin Date: Wed, 30 Jun 2021 11:31:34 +0200 Subject: [PATCH 25/72] zephyr: update devicetree py package lib files include path in assembly This PR updates the path to the devicetree python package lib files according to the Zephyr PR zephyrproject-rtos#33746 which moved the devicetree lib files. Old path: ZEPHYR_BASE/scripts/dts/ New path: ZEPHYR_BASE/scripts/dts/python-devicetree/src/devicetree/ Signed-off-by: Carl-Johan Landin (cherry picked from commit f44fd6199c356f808adc0f8f665b6436713da640) Signed-off-by: Andrzej Puzdrowski --- scripts/assemble.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/assemble.py b/scripts/assemble.py index 5ef403fa6..0f39fcc24 100755 --- a/scripts/assemble.py +++ b/scripts/assemble.py @@ -127,14 +127,14 @@ def main(): print('Need to either have ZEPHYR_BASE in environment or pass in -z') sys.exit(1) - sys.path.insert(0, os.path.join(zephyr_base, "scripts", "dts")) - import edtlib + sys.path.insert(0, os.path.join(zephyr_base, "scripts", "dts", "python-devicetree", "src")) + import devicetree.edtlib board = find_board_name(args.bootdir) dts_path = os.path.join(args.bootdir, "zephyr", board + ".dts.pre.tmp") - edt = edtlib.EDT(dts_path, [os.path.join(zephyr_base, "dts", "bindings")], + edt = devicetree.edtlib.EDT(dts_path, [os.path.join(zephyr_base, "dts", "bindings")], warn_reg_unit_address_mismatch=False) output = Assembly(args.output, args.bootdir, edt) From 2282da33530545bf62f168d92000bae670b12309 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Wed, 28 Jul 2021 17:19:02 +0200 Subject: [PATCH 26/72] cbor_encoder: fix str encoding macros Fix structure member assignment in tstrx_put() tstrx_put_term() macro. Signed-off-by: Andrzej Puzdrowski (cherry picked from commit fc1ad8d080e6b6252dc5337273c6195500d7caf0) --- boot/boot_serial/src/cbor_encode.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/boot_serial/src/cbor_encode.h b/boot/boot_serial/src/cbor_encode.h index ca0a8f845..654fc55fe 100644 --- a/boot/boot_serial/src/cbor_encode.h +++ b/boot/boot_serial/src/cbor_encode.h @@ -55,10 +55,10 @@ bool bstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); bool tstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); #define tstrx_put(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, len = (sizeof(string) - 1)}) + tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = (sizeof(string) - 1)}) #define tstrx_put_term(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, len = strlen((const char *)string)}) + tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = strlen((const char *)string)}) /** Encode a LIST header. * From 8812dc89d23c6a93fe3fe356277b155c5e804ddd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Wed, 28 Jul 2021 12:16:06 -0700 Subject: [PATCH 27/72] zephyr: Kconfig: fix board references MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream Zephyr has renamed the 'nonsecure' variants for boards that support TF-M. The rename consistently uses '_ns' or '_NS' (with underscore) as the postfix which distinguishes these variants from their 'secure' versions. This affects Kconfig symbols used by MCUboot, so fix them to keep working with the latest zephyr main branch. Signed-off-by: Martí Bolívar (cherry picked from commit 994816d04a055b39de2d174930271023965e8138) Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 80cfc31ac..de6e2e77b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -403,8 +403,8 @@ config BOOT_USB_DFU_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS - default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPPNS + default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPP_NS + default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS help Pin on the DFU detect port that triggers DFU mode. @@ -517,8 +517,8 @@ config BOOT_SERIAL_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 || BOARD_NRF52833DK_NRF52833 - default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS || \ - BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS + default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPP_NS || \ + BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPP_NS help Pin on the serial detect port that triggers serial recovery mode. From 9ab84e50a798633a7ed2fa4f1d5781516e10234a Mon Sep 17 00:00:00 2001 From: Piotr Mienkowski Date: Sun, 25 Jul 2021 01:45:41 +0200 Subject: [PATCH 28/72] zephyr: do not set defaults for LOG_IMMEDIATE Kconfig LOG_IMMEDIATE Kconfig option has been repurposed and is now a Zephyr's internal, non-visible symbol that should not be used by the end user. The logging mode used by MCUBoot is defined in prj.conf Signed-off-by: Piotr Mienkowski (cherry picked from commit 01c84425b6523f8455c7201a779c43f48a227e4a) Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 4 ---- 1 file changed, 4 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index de6e2e77b..643edd6eb 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -624,10 +624,6 @@ config MULTITHREADING default n if SOC_FAMILY_NRF default y -config LOG_IMMEDIATE - default n if MULTITHREADING - default y - config LOG_PROCESS_THREAD default n # mcuboot has its own log processing thread From f62460044edf4f1fe93d28fa036591769b8bb25c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98yvind=20R=C3=B8nningstad?= Date: Mon, 2 Aug 2021 16:13:44 +0200 Subject: [PATCH 29/72] boot_serial: Update cddl-gen version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To bring in bugfixes. Regenerate code. Signed-off-by: Øyvind Rønningstad (cherry picked from commit 1e63e8f1d986a8d176b53958b45da3b18990812f) Signed-off-by: Andrzej Puzdrowski --- boot/boot_serial/src/cbor_common.c | 2 +- boot/boot_serial/src/cbor_common.h | 2 +- boot/boot_serial/src/cbor_decode.c | 21 ++++++++++++++----- boot/boot_serial/src/cbor_decode.h | 5 +++-- boot/boot_serial/src/cbor_encode.c | 5 ++++- boot/boot_serial/src/cbor_encode.h | 6 +++--- .../src/regenerate_serial_recovery_cbor.sh | 2 +- boot/boot_serial/src/serial_recovery_cbor.c | 14 ++++++------- boot/boot_serial/src/serial_recovery_cbor.h | 4 ++-- .../src/types_serial_recovery_cbor.h | 4 ++-- ext/cddl-gen | 2 +- 11 files changed, 41 insertions(+), 26 deletions(-) diff --git a/boot/boot_serial/src/cbor_common.c b/boot/boot_serial/src/cbor_common.c index 79469d5d3..8a4cd9c70 100644 --- a/boot/boot_serial/src/cbor_common.c +++ b/boot/boot_serial/src/cbor_common.c @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* diff --git a/boot/boot_serial/src/cbor_common.h b/boot/boot_serial/src/cbor_common.h index ce73dd696..e6529083e 100644 --- a/boot/boot_serial/src/cbor_common.h +++ b/boot/boot_serial/src/cbor_common.h @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* diff --git a/boot/boot_serial/src/cbor_decode.c b/boot/boot_serial/src/cbor_decode.c index 74c4cd7e2..970772943 100644 --- a/boot/boot_serial/src/cbor_decode.c +++ b/boot/boot_serial/src/cbor_decode.c @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -126,6 +126,7 @@ static bool value_extract(cbor_state_t *state, static bool int32_decode(cbor_state_t *state, int32_t *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); uint32_t uint_result; int32_t int_result; @@ -155,6 +156,7 @@ static bool int32_decode(cbor_state_t *state, int32_t *result) bool intx32_decode(cbor_state_t *state, int32_t *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != CBOR_MAJOR_TYPE_PINT @@ -197,6 +199,7 @@ static bool uint32_decode(cbor_state_t *state, uint32_t *result) bool uintx32_decode(cbor_state_t *state, uint32_t *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != CBOR_MAJOR_TYPE_PINT) { @@ -233,6 +236,7 @@ bool uintx32_expect_union(cbor_state_t *state, uint32_t result) static bool strx_start_decode(cbor_state_t *state, cbor_string_type_t *result, cbor_major_type_t exp_major_type) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != exp_major_type) { @@ -243,10 +247,10 @@ static bool strx_start_decode(cbor_state_t *state, FAIL(); } - if ((state->payload + result->len) > state->payload_end) { + if (result->len > (state->payload_end - state->payload)) { cbor_print("error: 0x%x > 0x%x\r\n", - (uint32_t)(state->payload + result->len), - (uint32_t)state->payload_end); + (uint32_t)result->len, + (uint32_t)(state->payload_end - state->payload)); FAIL_RESTORE(); } @@ -264,6 +268,7 @@ bool bstrx_cbor_start_decode(cbor_state_t *state, cbor_string_type_t *result) FAIL_RESTORE(); } + /* Overflow is checked in strx_start_decode() */ state->payload_end = result->value + result->len; return true; } @@ -290,6 +295,7 @@ bool strx_decode(cbor_state_t *state, cbor_string_type_t *result, FAIL(); } + /* Overflow is checked in strx_start_decode() */ (state->payload) += result->len; return true; } @@ -338,8 +344,9 @@ bool tstrx_expect(cbor_state_t *state, cbor_string_type_t *result) static bool list_map_start_decode(cbor_state_t *state, cbor_major_type_t exp_major_type) { - uint32_t new_elem_count; + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); + uint32_t new_elem_count; if (major_type != exp_major_type) { FAIL(); @@ -400,6 +407,7 @@ bool map_end_decode(cbor_state_t *state) static bool primx_decode(cbor_state_t *state, uint32_t *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != CBOR_MAJOR_TYPE_PRIM) { @@ -468,6 +476,7 @@ bool boolx_expect(cbor_state_t *state, bool result) bool double_decode(cbor_state_t *state, double *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != CBOR_MAJOR_TYPE_PRIM) { @@ -501,6 +510,7 @@ bool any_decode(cbor_state_t *state, void *result) cbor_assert(result == NULL, "'any' type cannot be returned, only skipped.\n"); + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); uint32_t value; uint32_t num_decode; @@ -545,6 +555,7 @@ bool any_decode(cbor_state_t *state, void *result) bool tag_decode(cbor_state_t *state, uint32_t *result) { + FAIL_IF(state->payload >= state->payload_end); uint8_t major_type = MAJOR_TYPE(*state->payload); if (major_type != CBOR_MAJOR_TYPE_TAG) { diff --git a/boot/boot_serial/src/cbor_decode.h b/boot/boot_serial/src/cbor_decode.h index b0cfaa104..5bdc80016 100644 --- a/boot/boot_serial/src/cbor_decode.h +++ b/boot/boot_serial/src/cbor_decode.h @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -19,7 +19,8 @@ /** The cbor_decode library provides functions for decoding CBOR data elements. * * This library is primarily meant to be called from code generated by - * $CDDL_GEN_BASE/scripts/cddl_gen.py + * $CDDL_GEN_BASE/cddl_gen/cddl_gen.py script, or its equivalent cddl_gen + * command line executable. * * Some details to notice about this library: * - Integers are all 32 bits (uint32_t). This means that CBOR's 64 bit values diff --git a/boot/boot_serial/src/cbor_encode.c b/boot/boot_serial/src/cbor_encode.c index c2e919167..4d187949c 100644 --- a/boot/boot_serial/src/cbor_encode.c +++ b/boot/boot_serial/src/cbor_encode.c @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -239,6 +239,9 @@ static bool strx_encode(cbor_state_t *state, if (!strx_start_encode(state, input, major_type)) { FAIL(); } + if (input->len > (state->payload_end - state->payload)) { + FAIL(); + } if (state->payload_mut != input->value) { memmove(state->payload_mut, input->value, input->len); } diff --git a/boot/boot_serial/src/cbor_encode.h b/boot/boot_serial/src/cbor_encode.h index 654fc55fe..57b450925 100644 --- a/boot/boot_serial/src/cbor_encode.h +++ b/boot/boot_serial/src/cbor_encode.h @@ -1,6 +1,6 @@ /* * This file has been copied from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -55,10 +55,10 @@ bool bstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); bool tstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); #define tstrx_put(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = (sizeof(string) - 1)}) + tstrx_encode(state, &(cbor_string_type_t){.value = string, len = (sizeof(string) - 1)}) #define tstrx_put_term(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = strlen((const char *)string)}) + tstrx_encode(state, &(cbor_string_type_t){.value = string, len = strlen(string)}) /** Encode a LIST header. * diff --git a/boot/boot_serial/src/regenerate_serial_recovery_cbor.sh b/boot/boot_serial/src/regenerate_serial_recovery_cbor.sh index b371e0aaa..08d122005 100755 --- a/boot/boot_serial/src/regenerate_serial_recovery_cbor.sh +++ b/boot/boot_serial/src/regenerate_serial_recovery_cbor.sh @@ -30,7 +30,7 @@ copy_with_copy_notice ../../../ext/cddl-gen/include/cbor_encode.h cbor_encode.h copy_with_copy_notice ../../../ext/cddl-gen/include/cbor_common.h cbor_common.h echo "Generating serial_recovery_cbor.c|h" -python3 ../../../ext/cddl-gen/scripts/cddl_gen.py -c serial_recovery.cddl code -d -t Upload --oc serial_recovery_cbor.c --oh serial_recovery_cbor.h --time-header +python3 ../../../ext/cddl-gen/cddl_gen/cddl_gen.py -c serial_recovery.cddl code -d -t Upload --oc serial_recovery_cbor.c --oh serial_recovery_cbor.h --time-header add_copyright() { echo "$(printf '/* diff --git a/boot/boot_serial/src/serial_recovery_cbor.c b/boot/boot_serial/src/serial_recovery_cbor.c index 4277a7d32..3b4374cd0 100644 --- a/boot/boot_serial/src/serial_recovery_cbor.c +++ b/boot/boot_serial/src/serial_recovery_cbor.c @@ -1,6 +1,6 @@ /* * This file has been generated from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -11,7 +11,7 @@ /* * Generated with cddl_gen.py (https://github.com/NordicSemiconductor/cddl-gen) - * at: 2021-05-10 09:40:43 + * at: 2021-08-02 17:09:42 * Generated with a default_max_qty of 3 */ @@ -34,19 +34,19 @@ static bool decode_Member( cbor_string_type_t tmp_str; bool int_res; - bool tmp_result = (((union_start_code(state) && (int_res = (((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"image", + bool tmp_result = (((union_start_code(state) && (int_res = (((((tstrx_expect(state, ((tmp_str.value = "image", tmp_str.len = sizeof("image") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_image)))) && (((*result)._Member_choice = _Member_image) || 1)) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"data", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "data", tmp_str.len = sizeof("data") - 1, &tmp_str))))) && (bstrx_decode(state, (&(*result)._Member_data)))) && (((*result)._Member_choice = _Member_data) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"len", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "len", tmp_str.len = sizeof("len") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_len)))) && (((*result)._Member_choice = _Member_len) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"off", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "off", tmp_str.len = sizeof("off") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_off)))) && (((*result)._Member_choice = _Member_off) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"sha", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "sha", tmp_str.len = sizeof("sha") - 1, &tmp_str))))) && (bstrx_decode(state, (&(*result)._Member_sha)))) && (((*result)._Member_choice = _Member_sha) || 1)))), union_end_code(state), int_res)))); diff --git a/boot/boot_serial/src/serial_recovery_cbor.h b/boot/boot_serial/src/serial_recovery_cbor.h index bccc443e8..f167d9b5f 100644 --- a/boot/boot_serial/src/serial_recovery_cbor.h +++ b/boot/boot_serial/src/serial_recovery_cbor.h @@ -1,6 +1,6 @@ /* * This file has been generated from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* @@ -11,7 +11,7 @@ /* * Generated with cddl_gen.py (https://github.com/NordicSemiconductor/cddl-gen) - * at: 2021-05-10 09:40:43 + * at: 2021-08-02 17:09:42 * Generated with a default_max_qty of 3 */ diff --git a/boot/boot_serial/src/types_serial_recovery_cbor.h b/boot/boot_serial/src/types_serial_recovery_cbor.h index 01505eba3..885601789 100644 --- a/boot/boot_serial/src/types_serial_recovery_cbor.h +++ b/boot/boot_serial/src/types_serial_recovery_cbor.h @@ -1,11 +1,11 @@ /* * This file has been generated from the cddl-gen submodule. - * Commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 + * Commit 9f77837f9950da1633d22abf6181a830521a6688 */ /* * Generated with cddl_gen.py (https://github.com/NordicSemiconductor/cddl-gen) - * at: 2021-05-10 09:40:43 + * at: 2021-08-02 17:09:42 * Generated with a default_max_qty of 3 */ diff --git a/ext/cddl-gen b/ext/cddl-gen index 8f9358a0b..9f77837f9 160000 --- a/ext/cddl-gen +++ b/ext/cddl-gen @@ -1 +1 @@ -Subproject commit 8f9358a0b4b0e9b0cd579f0988056ef0b60760e4 +Subproject commit 9f77837f9950da1633d22abf6181a830521a6688 From ff5549156fbb35d4cd10ac199a2be45a6955cc18 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98yvind=20R=C3=B8nningstad?= Date: Mon, 2 Aug 2021 16:13:44 +0200 Subject: [PATCH 30/72] boot_serial: Reintroduce change from fc1ad8d MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also, keep casts to make build pass. Signed-off-by: Øyvind Rønningstad (cherry picked from commit 6693067b3ae9c53d8e159b885744058447ff6c3f) Signed-off-by: Andrzej Puzdrowski --- boot/boot_serial/src/cbor_encode.h | 4 ++-- boot/boot_serial/src/serial_recovery_cbor.c | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/boot/boot_serial/src/cbor_encode.h b/boot/boot_serial/src/cbor_encode.h index 57b450925..4c53d4599 100644 --- a/boot/boot_serial/src/cbor_encode.h +++ b/boot/boot_serial/src/cbor_encode.h @@ -55,10 +55,10 @@ bool bstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); bool tstrx_encode(cbor_state_t *state, const cbor_string_type_t *result); #define tstrx_put(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = string, len = (sizeof(string) - 1)}) + tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = (sizeof(string) - 1)}) #define tstrx_put_term(state, string) \ - tstrx_encode(state, &(cbor_string_type_t){.value = string, len = strlen(string)}) + tstrx_encode(state, &(cbor_string_type_t){.value = (const uint8_t *)string, .len = strlen((const char *)string)}) /** Encode a LIST header. * diff --git a/boot/boot_serial/src/serial_recovery_cbor.c b/boot/boot_serial/src/serial_recovery_cbor.c index 3b4374cd0..2561b7067 100644 --- a/boot/boot_serial/src/serial_recovery_cbor.c +++ b/boot/boot_serial/src/serial_recovery_cbor.c @@ -34,19 +34,19 @@ static bool decode_Member( cbor_string_type_t tmp_str; bool int_res; - bool tmp_result = (((union_start_code(state) && (int_res = (((((tstrx_expect(state, ((tmp_str.value = "image", + bool tmp_result = (((union_start_code(state) && (int_res = (((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"image", tmp_str.len = sizeof("image") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_image)))) && (((*result)._Member_choice = _Member_image) || 1)) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "data", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"data", tmp_str.len = sizeof("data") - 1, &tmp_str))))) && (bstrx_decode(state, (&(*result)._Member_data)))) && (((*result)._Member_choice = _Member_data) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "len", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"len", tmp_str.len = sizeof("len") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_len)))) && (((*result)._Member_choice = _Member_len) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "off", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"off", tmp_str.len = sizeof("off") - 1, &tmp_str))))) && (intx32_decode(state, (&(*result)._Member_off)))) && (((*result)._Member_choice = _Member_off) || 1))) - || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = "sha", + || (union_elem_code(state) && ((((tstrx_expect(state, ((tmp_str.value = (const uint8_t *)"sha", tmp_str.len = sizeof("sha") - 1, &tmp_str))))) && (bstrx_decode(state, (&(*result)._Member_sha)))) && (((*result)._Member_choice = _Member_sha) || 1)))), union_end_code(state), int_res)))); From 1e033433a5e47c3310a9b55edd93abbb0726fc99 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Fri, 6 Aug 2021 10:32:49 +0200 Subject: [PATCH 31/72] boot: zephyr: Do not use `irq_lock()` if using arm cleanup `irq_lock()` sets `BASEPRI_MAX` aka. the `BASEPRI` mask to whatever zephyr has configured it to be by the value of `_EXC_IRQ_DEFAULT_PRIO`. However by calling arm_cleanup() we also do the call to `__disable_irq()` setting the PRIMASK to 1. Meaning the only exceptions we can recive is fault exceptions. Masking out more exceptions does not really make sense. Sometimes applications booted by MCUBoot will not expect the `BASEPRI` to be set to something else than 0(No effect). Meaning if they depend on using some exception which now is masked out by `BASEPRI` they will fail. Signed-off-by: Sigvart Hovland (cherry picked from commit e933e586ec179789d98d10821226533586577460) Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index a4f87e970..1ac4342bb 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -183,7 +183,6 @@ static void do_boot(struct boot_rsp *rsp) rsp->br_image_off + rsp->br_hdr->ih_hdr_size); - irq_lock(); #ifdef CONFIG_SYS_CLOCK_EXISTS sys_clock_disable(); #endif @@ -202,6 +201,8 @@ static void do_boot(struct boot_rsp *rsp) #if CONFIG_CPU_HAS_ARM_MPU || CONFIG_CPU_HAS_NXP_MPU z_arm_clear_arm_mpu_config(); +#else + irq_lock(); #endif #if defined(CONFIG_BUILTIN_STACK_GUARD) && \ From 8b668c1527cb68f8a26807021b70a22e3cf2a5b4 Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Wed, 18 Aug 2021 13:52:52 +0200 Subject: [PATCH 32/72] boot_serial: cbor_encode: Fix encoding data length Change fixes encoding data length and adds support for big endian byte ordering. According to specification, data length can be encoded either on 1, 2, 4 or 8 bytes. Signed-off-by: Marek Pieta (cherry picked from commit 4960d12cc1b5c3440848fb20bbc3f8863ba13e2a) Signed-off-by: Andrzej Puzdrowski --- boot/boot_serial/src/cbor_encode.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/boot/boot_serial/src/cbor_encode.c b/boot/boot_serial/src/cbor_encode.c index 4d187949c..d12dc9456 100644 --- a/boot/boot_serial/src/cbor_encode.c +++ b/boot/boot_serial/src/cbor_encode.c @@ -86,12 +86,35 @@ static bool value_encode_len(cbor_state_t *state, cbor_major_type_t major_type, static uint32_t get_result_len(const void *const input, uint32_t max_result_len) { uint8_t *u8_result = (uint8_t *)input; + size_t i; - for (; max_result_len > 0; max_result_len--) { - if (u8_result[max_result_len - 1] != 0) { + for (i = 0; i < max_result_len; i++) { +#ifdef CONFIG_BIG_ENDIAN + size_t idx = i; +#else + size_t idx = max_result_len - 1 - i; +#endif + if (u8_result[idx] != 0) { + break; + } + } + max_result_len -= i; + + /* According to specification result length can be encoded on 1, 2, 4 + * or 8 bytes. + */ + cbor_assert(max_result_len <= 8, "Up to 8 bytes can be used to encode length.\n"); + size_t encode_byte_cnt = 1; + + for (size_t i = 0; i <= 3; i++) { + if (max_result_len <= encode_byte_cnt) { + max_result_len = encode_byte_cnt; break; } + + encode_byte_cnt *= 2; } + if ((max_result_len == 1) && (u8_result[0] <= VALUE_IN_HEADER)) { max_result_len = 0; } From d465ab5f482f3a0a46dd6db26cd7effb4bfb982f Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Fri, 20 Aug 2021 16:33:55 +0200 Subject: [PATCH 33/72] boot: zephyr: Fix misaligned #else for `irq_lock` So in PR #1089 I misaligned the `#else` used for the `irq_lock` as it should be aligned with `CONFIG_MCUBOOT_CLEANUP_ARM_CORE`. So that `irq_lock`is called when we don't call `__disable_irq` from arm core clean up code. Signed-off-by: Sigvart Hovland (cherry picked from commit 9647c46544877b47d9fdfe10eaafed962538c890) Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 1ac4342bb..49c582f11 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -201,8 +201,6 @@ static void do_boot(struct boot_rsp *rsp) #if CONFIG_CPU_HAS_ARM_MPU || CONFIG_CPU_HAS_NXP_MPU z_arm_clear_arm_mpu_config(); -#else - irq_lock(); #endif #if defined(CONFIG_BUILTIN_STACK_GUARD) && \ @@ -214,6 +212,8 @@ static void do_boot(struct boot_rsp *rsp) __set_MSPLIM(0); #endif +#else + irq_lock(); #endif /* CONFIG_MCUBOOT_CLEANUP_ARM_CORE */ #ifdef CONFIG_BOOT_INTR_VEC_RELOC From b549f678aa2392bad7c558619f9a9809af8f65b5 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Fri, 23 Jul 2021 15:22:27 +0200 Subject: [PATCH 34/72] zephyr/Kconfig: fix deadlock on cryptolib selectors If user generate project and the will try to switch signature type then it is very likely that MBETLS will be enabled simultaneously when tinycrypt has to be force-selected, which causes kconfig warning on impossible configuration. Such configuration won't be possible to be fixed using menuconfig etc. This patch moves dependency check on !MBEDTLS from kconfig to preprocessor which makes manual fixing using menuconfig possible. Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 5cf941013f1745bfa45a3cdbd591c3de3c3e7342) Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 2 -- boot/zephyr/include/mcuboot_config/mcuboot_config.h | 8 ++++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 643edd6eb..fb0631c3d 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -30,7 +30,6 @@ config BOOT_USE_TINYCRYPT # When building for ECDSA, we use our own copy of mbedTLS, so the # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros # will collide. - depends on ! MBEDTLS help Use TinyCrypt for crypto primitives. @@ -41,7 +40,6 @@ config BOOT_USE_CC310 # When building for ECDSA, we use our own copy of mbedTLS, so the # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros # will collide. - depends on ! MBEDTLS help Use cc310 for crypto primitives. diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 13a28e68c..843667bfb 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -34,6 +34,14 @@ #define MCUBOOT_SIGN_ED25519 #endif +#if defined(CONFIG_BOOT_USE_TINYCRYPT) +# if defined(CONFIG_MBEDTLS) || defined(CONFIG_BOOT_USE_CC310) +# error "One crypto library implementation allowed at a time." +# endif +#elif defined(CONFIG_MBEDTLS) && defined(CONFIG_BOOT_USE_CC310) +# error "One crypto library implementation allowed at a time." +#endif + #ifdef CONFIG_BOOT_USE_MBEDTLS #define MCUBOOT_USE_MBED_TLS #elif defined(CONFIG_BOOT_USE_TINYCRYPT) From 9233aeff6bc0d631916af3d116ca508153962c30 Mon Sep 17 00:00:00 2001 From: David Brown Date: Fri, 27 Aug 2021 13:15:16 -0600 Subject: [PATCH 35/72] Preps for 1.8.0-rc2 Update version fields for 1.8.0-rc2 release. Signed-off-by: David Brown --- README.md | 2 +- docs/release-notes.md | 4 ++++ repository.yml | 2 +- scripts/imgtool/__init__.py | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 60d6594ff..44df72943 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ [travis]: https://travis-ci.org/mcu-tools/mcuboot [license]: https://github.com/mcu-tools/mcuboot/blob/main/LICENSE -This is mcuboot version 1.8.0-rc1 +This is mcuboot version 1.8.0-rc2 MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on diff --git a/docs/release-notes.md b/docs/release-notes.md index 60171f023..0b3e01cef 100644 --- a/docs/release-notes.md +++ b/docs/release-notes.md @@ -26,6 +26,10 @@ for the NuttX RTOS, and the Espressif ESP32 SDK. - Allow to boot primary image if secondary one is unreachable. - Add AES256 image encryption support. - Add Multiimage boot for direct-xip and ram-load mode. +- Cargo files moved to top level, now `cargo test` can be run from the + top level directory. +- Fault injection tests use updated TF-M. +- Thingy:53 now supports multi-image DFU. ### Security fixes diff --git a/repository.yml b/repository.yml index 2e365ad33..daf3d8715 100644 --- a/repository.yml +++ b/repository.yml @@ -33,7 +33,7 @@ repo.versions: "1.7.0": "v1.7.0" "1.7.1": "v1.7.1" "1.7.2": "v1.7.2" - "1.8.0": "v1.8.0-rc1" + "1.8.0": "v1.8.0-rc2" "0-dev": "0.0.0" # main "0-latest": "1.7.2" # latest stable release diff --git a/scripts/imgtool/__init__.py b/scripts/imgtool/__init__.py index 42e7cc5db..f34144a01 100644 --- a/scripts/imgtool/__init__.py +++ b/scripts/imgtool/__init__.py @@ -14,4 +14,4 @@ # See the License for the specific language governing permissions and # limitations under the License. -imgtool_version = "1.8.0rc1" +imgtool_version = "1.8.0rc2" From 3f06d75e6ba6113c4ce3c6d3051304394db96754 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 10 Jan 2022 10:49:09 +0100 Subject: [PATCH 36/72] zephyr/boot_serial_extension: us BOOT_LOG instead of LOG_ Use MCUboot logging macros instead of zephyr-rtos native. This fixes build failure on MCUBOOT_LOG_MODULE_DECLARE() when LOG is disabled. Signed-off-by: Andrzej Puzdrowski (cherry picked from commit d16598f561c07a486b3c5c40a6c0fd904d80be80) --- boot/zephyr/boot_serial_extensions.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/boot_serial_extensions.c b/boot/zephyr/boot_serial_extensions.c index 49bb4eacc..763dedbfc 100644 --- a/boot/zephyr/boot_serial_extensions.c +++ b/boot/zephyr/boot_serial_extensions.c @@ -19,7 +19,7 @@ #include "bootutil/bootutil_public.h" #include "bootutil/boot_hooks.h" -MCUBOOT_LOG_MODULE_DECLARE(mcuboot); +BOOT_LOG_MODULE_DECLARE(mcuboot); #ifdef CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE static int bs_custom_storage_erase(cbor_state_t *cs) @@ -31,11 +31,11 @@ static int bs_custom_storage_erase(cbor_state_t *cs) rc = flash_area_open(FLASH_AREA_ID(storage), &fa); if (rc < 0) { - LOG_ERR("failed to open flash area"); + BOOT_LOG_ERR("failed to open flash area"); } else { rc = flash_area_erase(fa, 0, FLASH_AREA_SIZE(storage)); if (rc < 0) { - LOG_ERR("failed to erase flash area"); + BOOT_LOG_ERR("failed to erase flash area"); } flash_area_close(fa); } From 1c32a04417b387e57b58510c41a2cc7ad5eff824 Mon Sep 17 00:00:00 2001 From: Carles Cufi Date: Thu, 10 Feb 2022 11:41:57 +0100 Subject: [PATCH 37/72] boot: serial: Adapt to Zephyr's new CRC APIs As part of https://github.com/zephyrproject-rtos/zephyr/pull/42457, Zephyr recently changed its CRC APIs. The commit below adapted the use of mcumgr in-tree, but MCUboot was missing the change: https://github.com/zephyrproject-rtos/zephyr/commit/07c78e515c827c8346a758a5ce04cd56a46ae124 Note that although on other platforms the function called is crc_ccitt(), the CRC16 actually used by MCUboot/mcumgr is: https://reveng.sourceforge.io/crc-catalogue/16.htm#crc.cat.crc-16-xmodem Signed-off-by: Carles Cufi (cherry picked from commit b9192a4c80ec96044442bedbe122e2afd624c4a0) Signed-off-by: Andrzej Puzdrowski --- boot/boot_serial/src/boot_serial.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 89dbc3017..bfe4ec8fe 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -555,9 +555,8 @@ boot_serial_output(void) bs_hdr->nh_group = htons(bs_hdr->nh_group); #ifdef __ZEPHYR__ - crc = crc16((uint8_t *)bs_hdr, sizeof(*bs_hdr), CRC_CITT_POLYMINAL, - CRC16_INITIAL_CRC, false); - crc = crc16(data, len, CRC_CITT_POLYMINAL, crc, true); + crc = crc16_itu_t(CRC16_INITIAL_CRC, (uint8_t *)bs_hdr, sizeof(*bs_hdr)); + crc = crc16_itu_t(crc, data, len); #else crc = crc16_ccitt(CRC16_INITIAL_CRC, bs_hdr, sizeof(*bs_hdr)); crc = crc16_ccitt(crc, data, len); @@ -631,7 +630,7 @@ boot_serial_in_dec(char *in, int inlen, char *out, int *out_off, int maxout) out += sizeof(uint16_t); #ifdef __ZEPHYR__ - crc = crc16(out, len, CRC_CITT_POLYMINAL, CRC16_INITIAL_CRC, true); + crc = crc16_itu_t(CRC16_INITIAL_CRC, out, len); #else crc = crc16_ccitt(CRC16_INITIAL_CRC, out, len); #endif From 2df4d57e050861e08adb04ef691ecd16e40c5c1e Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Mon, 28 Mar 2022 11:29:12 +0200 Subject: [PATCH 38/72] boot: zephyr: Disable CONFIG_USB_DEVICE_REMOTE_WAKEUP Change disables CONFIG_USB_DEVICE_REMOTE_WAKEUP, because it is not supported by the MCUboot bootloader source code. Signed-off-by: Marek Pieta Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/boards/nrf52840dongle_nrf52840.conf | 1 + boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf | 1 + 2 files changed, 2 insertions(+) diff --git a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf index f4fbb39de..a6965bb83 100644 --- a/boot/zephyr/boards/nrf52840dongle_nrf52840.conf +++ b/boot/zephyr/boards/nrf52840dongle_nrf52840.conf @@ -25,6 +25,7 @@ CONFIG_MULTITHREADING=y # USB CONFIG_USB_DEVICE_STACK=y +CONFIG_USB_DEVICE_REMOTE_WAKEUP=n CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" CONFIG_USB_COMPOSITE_DEVICE=n CONFIG_USB_MASS_STORAGE=n diff --git a/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf b/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf index 8e29a8bf5..7910bc66f 100644 --- a/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf +++ b/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf @@ -36,6 +36,7 @@ CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 CONFIG_MULTITHREADING=y # USB +CONFIG_USB_DEVICE_REMOTE_WAKEUP=n CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor ASA" CONFIG_USB_DEVICE_PRODUCT="Bootloader Thingy:53" CONFIG_USB_DEVICE_VID=0x1915 From 30889ae50a3d25449a587a9e4a62b5f6d4d5e8eb Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Fri, 1 Apr 2022 16:51:27 +0200 Subject: [PATCH 39/72] zephyr/Kconfig: fix CONFIG_MCUBOOT_INDICATION_LED usage This option was reserved for serial recovery mode, while it should be available for USB DFU as well. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 347823411..da008ba5f 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -482,6 +482,14 @@ config MCUBOOT_LOG_THREAD_STACK_SIZE help Set the internal stack size for MCUBoot log processing thread. +config MCUBOOT_INDICATION_LED + bool "Turns on LED indication when device is in DFU" + default n + help + Device device activates the LED while in bootloader mode. + bootloader-led0 alias must be set in the device's .dts + definitions for this to work. + menuconfig MCUBOOT_SERIAL bool "MCUboot serial recovery" default n @@ -527,14 +535,6 @@ config MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD Note that 0 is default upload target when no explicit selection is done. -config MCUBOOT_INDICATION_LED - bool "Turns on LED indication when device is in DFU" - default n - help - Device device activates the LED while in bootloader mode. - bootloader-led0 alias must be set in the device's .dts - definitions for this to work. - config BOOT_MAX_LINE_INPUT_LEN int "Maximum command line length" default 512 From ccd490caef91167556e67725dec6799d4d1b37a0 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 3 May 2022 08:28:06 +0100 Subject: [PATCH 40/72] bootutil: zephyr: Fix not including tinycrypt path when needed This fixes a build issue when building mcuboot for zephyr with image encryption support enabled using tinycrypt. Signed-off-by: Jamie McCrae Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/zephyr/CMakeLists.txt | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/boot/bootutil/zephyr/CMakeLists.txt index ea1fc2b19..d66751b40 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/boot/bootutil/zephyr/CMakeLists.txt @@ -42,4 +42,10 @@ endif() zephyr_library_link_libraries(MCUBOOT_BOOTUTIL) target_link_libraries(MCUBOOT_BOOTUTIL INTERFACE zephyr_interface) + +if(CONFIG_BOOT_USE_TINYCRYPT) +target_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ../../../ext/tinycrypt/lib/include +) +endif() endif() From 75958ecff21fca4790da8709b428dd1af5e786e7 Mon Sep 17 00:00:00 2001 From: Ryan McClelland Date: Fri, 20 May 2022 23:53:35 -0700 Subject: [PATCH 41/72] boot: zephyr: add Kconfig for arm cortex-m that implements a cache The Cache is an optional configuration of both the ARM Cortex-M7 and Cortex-M55. Previously, it was just checking that it was just an M7 rather than knowing that the CPU actually was built with the cache. Signed-off-by: Ryan McClelland Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 09a6f40dc..70a4a6f6c 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -196,7 +196,7 @@ static void do_boot(struct boot_rsp *rsp) #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ -#ifdef CONFIG_CPU_CORTEX_M7 +#ifdef CONFIG_CPU_CORTEX_M_HAS_CACHE /* Disable instruction cache and data cache before chain-load the application */ SCB_DisableDCache(); SCB_DisableICache(); From 13296b0a4f7dadc41f6d21216d776827e1d10af5 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 3 May 2022 08:22:08 +0100 Subject: [PATCH 42/72] bootutil: zephyr: Fix not linking with mbedtls when needed This fixes a build issue when building mcuboot for zephyr with RSA image encryption support enabled using mbedtls. Signed-off-by: Jamie McCrae Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/zephyr/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/boot/bootutil/zephyr/CMakeLists.txt index d66751b40..efdbf6013 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/boot/bootutil/zephyr/CMakeLists.txt @@ -48,4 +48,8 @@ target_include_directories(MCUBOOT_BOOTUTIL INTERFACE ../../../ext/tinycrypt/lib/include ) endif() + +if(CONFIG_BOOT_USE_MBEDTLS) + zephyr_link_libraries(mbedTLS) +endif() endif() From df6249a6c87b79118bf25c7c8bdc98f248f52d5a Mon Sep 17 00:00:00 2001 From: Almir Okato Date: Fri, 6 May 2022 14:59:43 -0300 Subject: [PATCH 43/72] espressif:esp32: Move app entry point call back to iram_loader_seg region Entry point call was moved back from main to esp_loader, so it is called from iram_loader_seg memory region Signed-off-by: Almir Okato (cherry picked from commit c4b305863a5d508c3223361d4a20c089a803879f) Signed-off-by: Andrzej Puzdrowski --- boot/espressif/include/esp_loader.h | 5 +++++ boot/espressif/main.c | 12 ++---------- boot/espressif/port/esp32/ld/bootloader.ld | 1 + boot/espressif/port/esp_loader.c | 21 +++++++++++++++++++++ 4 files changed, 29 insertions(+), 10 deletions(-) diff --git a/boot/espressif/include/esp_loader.h b/boot/espressif/include/esp_loader.h index dc5537397..480022c29 100644 --- a/boot/espressif/include/esp_loader.h +++ b/boot/espressif/include/esp_loader.h @@ -6,4 +6,9 @@ #pragma once +void start_cpu0_image(int image_index, int slot, unsigned int hdr_offset); +#ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT +void start_cpu1_image(int image_index, int slot, unsigned int hdr_offset); +#endif + void esp_app_image_load(int image_index, int slot, unsigned int hdr_offset, unsigned int *entry_addr); diff --git a/boot/espressif/main.c b/boot/espressif/main.c index 6fe93a243..028d50619 100644 --- a/boot/espressif/main.c +++ b/boot/espressif/main.c @@ -22,9 +22,6 @@ #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED #include "esp_flash_encrypt.h" #endif -#ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT -#include "app_cpu_start.h" -#endif #include "esp_loader.h" #include "os/os_malloc.h" @@ -41,13 +38,10 @@ extern esp_err_t check_and_generate_secure_boot_keys(void); void do_boot(struct boot_rsp *rsp) { - unsigned int entry_addr; BOOT_LOG_INF("br_image_off = 0x%x", rsp->br_image_off); BOOT_LOG_INF("ih_hdr_size = 0x%x", rsp->br_hdr->ih_hdr_size); int slot = (rsp->br_image_off == CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS) ? PRIMARY_SLOT : SECONDARY_SLOT; - esp_app_image_load(IMAGE_INDEX_0, slot, rsp->br_hdr->ih_hdr_size, &entry_addr); - ((void (*)(void))entry_addr)(); /* Call to application entry address should not return */ - FIH_PANIC; /* It should not get here */ + start_cpu0_image(IMAGE_INDEX_0, slot, rsp->br_hdr->ih_hdr_size); } #ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT @@ -79,15 +73,13 @@ int read_image_header(uint32_t img_index, uint32_t slot, struct image_header *im void do_boot_appcpu(uint32_t img_index, uint32_t slot) { - unsigned int entry_addr; struct image_header img_header; if (read_image_header(img_index, slot, &img_header) != 0) { FIH_PANIC; } - esp_app_image_load(img_index, slot, img_header.ih_hdr_size, &entry_addr); - appcpu_start(entry_addr); + start_cpu1_image(img_index, slot, img_header.ih_hdr_size); } #endif diff --git a/boot/espressif/port/esp32/ld/bootloader.ld b/boot/espressif/port/esp32/ld/bootloader.ld index 9933bd381..c2102294f 100644 --- a/boot/espressif/port/esp32/ld/bootloader.ld +++ b/boot/espressif/port/esp32/ld/bootloader.ld @@ -55,6 +55,7 @@ SECTIONS *libhal.a:esp_efuse_api.*(.literal .text .literal.* .text.*) *libhal.a:esp_efuse_utility.*(.literal .text .literal.* .text.*) *libhal.a:esp_efuse_api_key_esp32.*(.literal .text .literal.* .text.*) + *libhal.a:app_cpu_start.*(.literal .text .literal.* .text.*) *esp_mcuboot.*(.literal .text .literal.* .text.*) *esp_loader.*(.literal .text .literal.* .text.*) *(.fini.literal) diff --git a/boot/espressif/port/esp_loader.c b/boot/espressif/port/esp_loader.c index a0806d30e..4978df656 100644 --- a/boot/espressif/port/esp_loader.c +++ b/boot/espressif/port/esp_loader.c @@ -27,6 +27,10 @@ #include "esp_loader.h" #include "flash_map_backend/flash_map_backend.h" +#ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT +#include "app_cpu_start.h" +#endif + static int load_segment(const struct flash_area *fap, uint32_t data_addr, uint32_t data_len, uint32_t load_addr) { const uint32_t *data = (const uint32_t *)bootloader_mmap((fap->fa_off + data_addr), data_len); @@ -90,3 +94,20 @@ void esp_app_image_load(int image_index, int slot, unsigned int hdr_offset, unsi assert(entry_addr != NULL); *entry_addr = load_header.entry_addr; } + +void start_cpu0_image(int image_index, int slot, unsigned int hdr_offset) +{ + unsigned int entry_addr; + esp_app_image_load(image_index, slot, hdr_offset, &entry_addr); + ((void (*)(void))entry_addr)(); /* Call to application entry address should not return */ + FIH_PANIC; /* It should not get here */ +} + +#ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT +void start_cpu1_image(int image_index, int slot, unsigned int hdr_offset) +{ + unsigned int entry_addr; + esp_app_image_load(image_index, slot, hdr_offset, &entry_addr); + appcpu_start(entry_addr); +} +#endif From 67cb0242af4df8a7ad2cb3738fd7c267acc5192d Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Wed, 22 Jun 2022 16:54:06 +0200 Subject: [PATCH 44/72] Revert "zephyr/Kconfig: fix CONFIG_MCUBOOT_INDICATION_LED usage" This reverts commit 30889ae50a3d25449a587a9e4a62b5f6d4d5e8eb. This prepares clean synchronization by merging mcu-tools/mcuboot Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index da008ba5f..347823411 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -482,14 +482,6 @@ config MCUBOOT_LOG_THREAD_STACK_SIZE help Set the internal stack size for MCUBoot log processing thread. -config MCUBOOT_INDICATION_LED - bool "Turns on LED indication when device is in DFU" - default n - help - Device device activates the LED while in bootloader mode. - bootloader-led0 alias must be set in the device's .dts - definitions for this to work. - menuconfig MCUBOOT_SERIAL bool "MCUboot serial recovery" default n @@ -535,6 +527,14 @@ config MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD Note that 0 is default upload target when no explicit selection is done. +config MCUBOOT_INDICATION_LED + bool "Turns on LED indication when device is in DFU" + default n + help + Device device activates the LED while in bootloader mode. + bootloader-led0 alias must be set in the device's .dts + definitions for this to work. + config BOOT_MAX_LINE_INPUT_LEN int "Maximum command line length" default 512 From 2fcae1c1a05fe3a0892ba3c649f93cf3e1077949 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Fri, 16 Sep 2022 14:38:02 +0200 Subject: [PATCH 45/72] zephyr/sample.yaml Limit allowed build platforms Building sample.bootloader.mcuboot for many platforms is not possible (for instance a qemu). The limit is need as otherwise zephyr-rtos/zephyr CI is failing on any push to main branch or nightly CI run. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/sample.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/sample.yaml b/boot/zephyr/sample.yaml index d8abab581..44ea89a2d 100644 --- a/boot/zephyr/sample.yaml +++ b/boot/zephyr/sample.yaml @@ -5,6 +5,7 @@ sample: tests: sample.bootloader.mcuboot: tags: bootloader_mcuboot + platform_allow: nrf52840dk_nrf52840 frdm_k64f disco_l475_iot1 integration_platforms: - nrf52840dk_nrf52840 - frdm_k64f From 13f63976bca672ee018f9d55f1e31f02f4135b64 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Wed, 28 Sep 2022 15:58:19 +0200 Subject: [PATCH 46/72] zephyr/Kconfig: fixed BOOT_WATCHDOG_FEED default value This property should be enabled by default only when watchdog driver is available. This fixed build with pristine configuration on targets with CONFIG_WATCHDOG=n. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/Kconfig | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 3604964b1..efd4f5507 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -557,7 +557,9 @@ endchoice config BOOT_WATCHDOG_FEED bool "Feed the watchdog while doing swap" - default y + default y if WATCHDOG + default y if SOC_FAMILY_NRF + # for nRF nrfx based implementation is available imply NRFX_WDT if SOC_FAMILY_NRF imply NRFX_WDT0 if SOC_FAMILY_NRF imply NRFX_WDT1 if SOC_FAMILY_NRF From 89673f882a45f52ba1136e201cd4ae1229ba8a43 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Fri, 23 Nov 2018 15:37:52 +0100 Subject: [PATCH 47/72] [nrf noup] ci: add downstream-only NCS customizations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add Jenkinsfile, .gitlint, and backport workflow files. Signed-off-by: Thomas Stilwell Signed-off-by: Ulrich Myhre Signed-off-by: Chris Bittner Signed-off-by: Martí Bolívar Signed-off-by: Andrzej Puzdrowski Signed-off-by: Johann Fischer Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit d0bc9b51d2a36cbc6de5338b78ba183b4386fdd6) --- .github/workflows/backport.yml | 19 ++++++++++++ .gitlint | 57 ++++++++++++++++++++++++++++++++++ Jenkinsfile | 6 ++++ 3 files changed, 82 insertions(+) create mode 100644 .github/workflows/backport.yml create mode 100644 .gitlint create mode 100644 Jenkinsfile diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 000000000..a6f3a2d5d --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,19 @@ +name: Backport +on: + pull_request: + types: + - closed + - labeled + +jobs: + backport: + runs-on: ubuntu-18.04 + name: Backport + steps: + - name: Backport Bot + uses: Gaurav0/backport@v1.0.24 + with: + bot_username: NordicBuilder + bot_token: 151a9b45052f9ee8be5a59963d31ad7b92c3ecb5 + bot_token_key: 67bb1f1f998d546859786a4088917c65415c0ebd + github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.gitlint b/.gitlint new file mode 100644 index 000000000..512813bbb --- /dev/null +++ b/.gitlint @@ -0,0 +1,57 @@ +# All these sections are optional, edit this file as you like. +[general] +ignore=title-trailing-punctuation, T3, title-max-length, T1, body-hard-tab, B3, B1 +# verbosity should be a value between 1 and 3, the commandline -v flags take precedence over this +verbosity = 3 +# By default gitlint will ignore merge commits. Set to 'false' to disable. +ignore-merge-commits=true +# Enable debug mode (prints more output). Disabled by default +debug = false + +# Set the extra-path where gitlint will search for user defined rules +# See http://jorisroovers.github.io/gitlint/user_defined_rules for details +extra-path=../../zephyr/scripts/gitlint + +[title-max-length-no-revert] +line-length=72 + +[body-min-line-count] +min-line-count=1 + +[body-max-line-count] +max-line-count=200 + +[title-starts-with-subsystem] +regex = ^(?!subsys:)(([^:]+):)(\s([^:]+):)*\s(.+)$ + +[title-must-not-contain-word] +# Comma-separated list of words that should not occur in the title. Matching is case +# insensitive. It's fine if the keyword occurs as part of a larger word (so "WIPING" +# will not cause a violation, but "WIP: my title" will. +words=wip + +[title-match-regex] +# python like regex (https://docs.python.org/2/library/re.html) that the +# commit-msg title must be matched to. +# Note that the regex can contradict with other rules if not used correctly +# (e.g. title-must-not-contain-word). +#regex=^US[0-9]* + +[max-line-length-with-exceptions] +# B1 = body-max-line-length +line-length=72 + +[body-min-length] +min-length=3 + +[body-is-missing] +# Whether to ignore this rule on merge commits (which typically only have a title) +# default = True +ignore-merge-commits=false + +[body-changed-file-mention] +# List of files that need to be explicitly mentioned in the body when they are changed +# This is useful for when developers often erroneously edit certain files or git submodules. +# By specifying this rule, developers can only change the file when they explicitly reference +# it in the commit message. +#files=gitlint/rules.py,README.md diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 000000000..8220afe03 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,6 @@ +@Library("CI_LIB") _ + +def pipeline = new ncs.sdk_mcuboot.Main() + +pipeline.run(JOB_NAME) + From f7de93fe96daf9776a7331d2157d33f54e9f526f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Wed, 12 Dec 2018 08:59:47 +0100 Subject: [PATCH 48/72] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. - We lock mcuboot using fprotect before jumping, to enable the secure boot property of the system. - Call fw_info_ext_api_provide() before booting if EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Øyvind Rønningstad Signed-off-by: Sebastian Bøe Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Torsten Rasmussen Signed-off-by: Andrzej Głąbek Signed-off-by: Robert Lubos Signed-off-by: Andrzej Puzdrowski Signed-off-by: Dominik Ermel Signed-off-by: Emil Obalski Signed-off-by: Torsten Rasmussen Signed-off-by: Pawel Dunaj Signed-off-by: Ioannis Glaropoulos Signed-off-by: Johann Fischer Signed-off-by: Vidar Berg Signed-off-by: Draus, Sebastian Signed-off-by: Trond Einar Snekvik Signed-off-by: Jamie McCrae (cherry picked from commit 1f84c4507bc6a04c53df26a776705fc6223e551a) --- boot/bootutil/src/loader.c | 85 +++++++++++++++++++++++-- boot/bootutil/src/swap_move.c | 13 ++++ boot/bootutil/src/swap_scratch.c | 13 ++++ boot/zephyr/CMakeLists.txt | 7 ++ boot/zephyr/Kconfig | 2 + boot/zephyr/include/sysflash/sysflash.h | 47 ++++++++++++++ boot/zephyr/include/target.h | 4 ++ boot/zephyr/main.c | 43 +++++++++++++ boot/zephyr/pm.yml | 74 +++++++++++++++++++++ boot/zephyr/prj.conf | 1 + zephyr/module.yml | 3 +- 11 files changed, 286 insertions(+), 6 deletions(-) create mode 100644 boot/zephyr/pm.yml diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index e59fad78d..b60a3a141 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -108,6 +108,15 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. The primary slot of the second image + * (image 1) will not contain a valid image header until an upgrade + * of mcuboot has happened (filling S1 with the new version). + */ + if (BOOT_CURR_IMG(state) == 1 && i == 0) { + continue; + } +#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -799,7 +808,24 @@ boot_validate_slot(struct boot_loader_state *state, int slot, goto out; } - if (reset_value < pri_fa->fa_off || reset_value> (pri_fa->fa_off + pri_fa->fa_size)) { + uint32_t min_addr, max_addr; + +#ifdef PM_CPUNET_APP_ADDRESS + /* The primary slot for the network core is emulated in RAM. + * Its flash_area hasn't got relevant boundaries. + * Therfore need to override its boundaries for the check. + */ + if (BOOT_CURR_IMG(state) == 1) { + min_addr = PM_CPUNET_APP_ADDRESS; + max_addr = PM_CPUNET_APP_ADDRESS + PM_CPUNET_APP_SIZE; + } else +#endif + { + min_addr = pri_fa->fa_off; + max_addr = pri_fa->fa_off + pri_fa->fa_size; + } + + if (reset_value < min_addr || reset_value> (max_addr)) { BOOT_LOG_ERR("Reset address of image in secondary slot is not in the primary slot"); BOOT_LOG_ERR("Erasing image from secondary slot"); @@ -882,6 +908,42 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other + * B1 slot S0 or S1) share the same secondary slot, we need to check + * whether the update candidate in the secondary slot is intended for + * image 0 or image 1 primary by looking at the address of the reset + * vector. Note that there are good reasons for not using img_num from + * the swap info. + */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; + + if (hdr->ih_magic == IMAGE_MAGIC) { + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + int rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } + } +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -2159,10 +2221,23 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT - FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); - if (fih_not_eq(fih_rc, FIH_SUCCESS)) { - goto out; - } +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. If secure boot is enabled, then mcuboot + * will be stored in either partition S0 or S1. Image 1 primary + * will point to the 'other' Sx partition. Hence, image 1 primary + * does not contain a valid image until mcuboot has been upgraded. + * Note that B0 will perform validation of the active mcuboot image, + * so there is no security lost by skipping this check for image 1 + * primary. + */ + if (BOOT_CURR_IMG(state) == 0) +#endif + { + FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { + goto out; + } + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index 6f3398270..60cb16772 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -211,6 +211,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -247,6 +259,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index f3275c747..d31083115 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -170,6 +170,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -255,6 +267,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6070cd582..8561343b2 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -292,6 +292,13 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") + set_property( + GLOBAL + PROPERTY + KEY_FILE + ${KEY_FILE} + ) + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 74925856d..facd52996 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -8,6 +8,8 @@ mainmenu "MCUboot configuration" comment "MCUboot-specific configuration options" +source "$(ZEPHYR_NRF_MODULE_DIR)/modules/mcuboot/boot/zephyr/Kconfig" + # Hidden option to mark a project as MCUboot config MCUBOOT default y diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 574927873..2495a9810 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,6 +3,51 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ +#if USE_PARTITION_MANAGER +#include +#include + +#ifndef CONFIG_SINGLE_APPLICATION_SLOT + +#if (MCUBOOT_IMAGE_NUMBER == 1) + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID + +#elif (MCUBOOT_IMAGE_NUMBER == 2) + +extern uint32_t _image_1_primary_slot_id[]; + +#define FLASH_AREA_IMAGE_PRIMARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_PRIMARY_ID : \ + (x == 1) ? \ + (uint32_t)_image_1_primary_slot_id : \ + 255 ) + +#define FLASH_AREA_IMAGE_SECONDARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + (x == 1) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + 255 ) +#endif +#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID + +#else /* CONFIG_SINGLE_APPLICATION_SLOT */ + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID +/* NOTE: Scratch parition is not used by single image DFU but some of + * functions in common files reference it, so the definitions has been + * provided to allow compilation of common units. + */ +#define FLASH_AREA_IMAGE_SCRATCH 0 + +#endif /* CONFIG_SINGLE_APPLICATION_SLOT */ + +#else + #include #include @@ -55,4 +100,6 @@ #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ +#endif /* USE_PARTITION_MANAGER */ + #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d4a00c93a..be1653db4 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,6 +8,8 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ +#ifndef USE_PARTITION_MANAGER + #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -44,4 +46,6 @@ #error "Target support is incomplete; cannot build mcuboot." #endif +#endif /* ifndef USE_PARTITION_MANAGER */ + #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 148f06e14..c1473f741 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -42,6 +42,10 @@ #include "bootutil/mcuboot_status.h" #include "flash_map_backend/flash_map_backend.h" +#ifdef CONFIG_FW_INFO +#include +#endif + #ifdef CONFIG_MCUBOOT_SERIAL #include "boot_serial/boot_serial.h" #include "serial_adapter/serial_adapter.h" @@ -102,6 +106,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); * !defined(ZEPHYR_LOG_MODE_MINIMAL) */ +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT +#include +#include +#endif + #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -196,6 +205,19 @@ static void do_boot(struct boot_rsp *rsp) /* Disable the USB to prevent it from firing interrupts */ usb_disable(); #endif + +#if defined(CONFIG_FW_INFO) && !defined(CONFIG_EXT_API_PROVIDE_EXT_API_UNUSED) + bool provided = fw_info_ext_api_provide(fw_info_find((uint32_t)vt), true); + +#ifdef PM_S0_ADDRESS + /* Only fail if the immutable bootloader is present. */ + if (!provided) { + BOOT_LOG_ERR("Failed to provide EXT_APIs\n"); + return; + } +#endif +#endif + #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ @@ -616,7 +638,28 @@ void main(void) mcuboot_status_change(MCUBOOT_STATUS_BOOTABLE_IMAGE_FOUND); +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT + +#ifdef PM_S1_ADDRESS +/* MCUBoot is stored in either S0 or S1, protect both */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) +#define PROTECT_ADDR PM_S0_ADDRESS +#else +/* There is only one instance of MCUBoot */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) +#define PROTECT_ADDR PM_MCUBOOT_ADDRESS +#endif + + rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); + + if (rc != 0) { + BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); + while (1) + ; + } + ZEPHYR_BOOT_LOG_STOP(); + do_boot(&rsp); mcuboot_status_change(MCUBOOT_STATUS_BOOT_FAILED); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml new file mode 100644 index 000000000..dd08096e6 --- /dev/null +++ b/boot/zephyr/pm.yml @@ -0,0 +1,74 @@ +#include + +mcuboot: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT + placement: + before: [mcuboot_primary] + +mcuboot_primary_app: + # All images to be placed in MCUboot's slot 0 should be placed in this + # partition + span: [app] + +mcuboot_primary: + span: [mcuboot_pad, mcuboot_primary_app] + +# Partition for secondary slot is not created if building in single application +# slot configuration. +#if !defined(CONFIG_SINGLE_APPLICATION_SLOT) && !defined(CONFIG_BOOT_DIRECT_XIP) +mcuboot_secondary: + share_size: [mcuboot_primary] +#if defined(CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY) + region: external_flash + placement: + align: {start: 4} +#else + placement: + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} + align_next: CONFIG_FPROTECT_BLOCK_SIZE # Ensure that the next partition does not interfere with this image + after: mcuboot_primary +#endif /* CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY */ + +#endif /* !defined(CONFIG_SINGLE_APPLICATION_SLOT) && !defined(CONFIG_BOOT_DIRECT_XIP) */ + +#if CONFIG_BOOT_DIRECT_XIP + +# Direct XIP is enabled, reserve area for metadata (padding) and name the +# partition so that its clear that it is not the secondary slot, but the direct +# XIP alternative. + +mcuboot_secondary_pad: + share_size: mcuboot_pad + placement: + after: mcuboot_primary + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} + +mcuboot_secondary_app: + share_size: mcuboot_primary_app + placement: + after: mcuboot_secondary_pad + +mcuboot_secondary: + span: [mcuboot_secondary_pad, mcuboot_secondary_app] + +#endif /* CONFIG_BOOT_DIRECT_XIP */ + +#if CONFIG_BOOT_SWAP_USING_SCRATCH +mcuboot_scratch: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH + placement: + after: app + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif /* CONFIG_BOOT_SWAP_USING_SCRATCH */ + +# Padding placed before image to boot. This reserves space for the MCUboot image header +# and it ensures that the boot image gets linked with the correct address offset in flash. +mcuboot_pad: + # MCUboot pad must be placed before the 'spm' partition if that is present. + # If 'spm' partition is not present, it must be placed before the 'app'. + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD + placement: + before: [mcuboot_primary_app] +#ifdef CONFIG_FPROTECT + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e4c012943..ec6ac9fa0 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -22,6 +22,7 @@ CONFIG_BOOT_BOOTSTRAP=n # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y +CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set diff --git a/zephyr/module.yml b/zephyr/module.yml index c4293e387..797b0fa10 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -1,4 +1,5 @@ samples: - boot/zephyr build: - cmake: ./boot/bootutil/zephyr + cmake-ext: True + kconfig-ext: True From d2c6668ad066a89541a2b4618e969de232e369c5 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Tue, 26 Mar 2019 15:42:38 +0100 Subject: [PATCH 49/72] [nrf noup] zephyr: Remove duplication from cmake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland Signed-off-by: Andrzej Puzdrowski Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Håkon Øye Amundsen Signed-off-by: Ioannis Glaropoulos Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit ae87eb51c2de168c9dec81d9fe048a6c9e8f67f1) --- boot/zephyr/CMakeLists.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 8561343b2..8d717c69e 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -74,8 +74,6 @@ if(NOT EXISTS ${NRFXLIB_DIR}) To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. ------------------------------------------------------------------------") endif() -# Don't include this if we are using west - add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) endif() zephyr_library_include_directories( From 192dfe6050ec51a2b0b1b9df8ec1a8ef65fdcdef Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 14 Feb 2019 13:20:34 +0100 Subject: [PATCH 50/72] [nrf noup] boot: bootutil: Add shared crypto for ECDSA and SHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Håkon Øye Amundsen Signed-off-by: Ioannis Glaropoulos Signed-off-by: Trond Einar Snekvik Signed-off-by: Georgios Vasilakis Signed-off-by: Johann Fischer Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 2576bf350ef096d7aec15cb2e06d813e34a8fbec) --- .../include/bootutil/crypto/ecdsa_p256.h | 43 +++++++++++++++++++ .../bootutil/include/bootutil/crypto/sha256.h | 32 ++++++++++++++ boot/bootutil/src/image_ec256.c | 5 ++- boot/zephyr/CMakeLists.txt | 2 + boot/zephyr/external_crypto.conf | 20 +++++++++ .../include/mcuboot_config/mcuboot_config.h | 5 +-- 6 files changed, 103 insertions(+), 4 deletions(-) create mode 100644 boot/zephyr/external_crypto.conf diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h index 6b5b31567..eedb81a44 100644 --- a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h +++ b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h @@ -14,6 +14,7 @@ #if (defined(MCUBOOT_USE_TINYCRYPT) + \ defined(MCUBOOT_USE_CC310) + \ + defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_MBED_TLS)) != 1 #error "One crypto backend must be defined: either CC310, TINYCRYPT, or MBED_TLS" #endif @@ -35,6 +36,11 @@ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8) #endif +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + #include + #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8) +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus extern "C" { #endif @@ -158,6 +164,43 @@ static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, } #endif /* MCUBOOT_USE_MBED_TLS */ +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) +typedef uintptr_t bootutil_ecdsa_p256_context; + +static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx) +{ + (void)ctx; +} + +static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx) +{ + (void)ctx; +} + +static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, + uint8_t *pk, size_t pk_len, + uint8_t *hash, + uint8_t *sig, size_t sig_len) +{ + (void)ctx; + (void)pk_len; + (void)sig_len; + + /* As described on the compact representation in IETF protocols, + * the first byte of the key defines if the ECC points are + * compressed (0x2 or 0x3) or uncompressed (0x4). + * We only support uncompressed keys. + */ + if (pk[0] != 0x04) + return -1; + + pk++; + + return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, + pk, sig); +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus } #endif diff --git a/boot/bootutil/include/bootutil/crypto/sha256.h b/boot/bootutil/include/bootutil/crypto/sha256.h index b45cd6316..c5534e61d 100644 --- a/boot/bootutil/include/bootutil/crypto/sha256.h +++ b/boot/bootutil/include/bootutil/crypto/sha256.h @@ -22,6 +22,7 @@ #if (defined(MCUBOOT_USE_MBED_TLS) + \ defined(MCUBOOT_USE_TINYCRYPT) + \ + defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_CC310)) != 1 #error "One crypto backend must be defined: either CC310, MBED_TLS or TINYCRYPT" #endif @@ -139,6 +140,37 @@ static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx, } #endif /* MCUBOOT_USE_CC310 */ +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + +#include + +typedef bl_sha256_ctx_t bootutil_sha256_context; + +static inline void bootutil_sha256_init(bootutil_sha256_context *ctx) +{ + bl_sha256_init(ctx); +} + +static inline void bootutil_sha256_drop(bootutil_sha256_context *ctx) +{ + (void)ctx; +} + +static inline int bootutil_sha256_update(bootutil_sha256_context *ctx, + const void *data, + uint32_t data_len) +{ + return bl_sha256_update(ctx, data, data_len); +} + +static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx, + uint8_t *output) +{ + bl_sha256_finalize(ctx, output); + return 0; +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus } #endif diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c index 196d59319..542159ef6 100644 --- a/boot/bootutil/src/image_ec256.c +++ b/boot/bootutil/src/image_ec256.c @@ -34,8 +34,11 @@ #if defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_MBED_TLS) #define NUM_ECC_BYTES (256 / 8) #endif +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +#define NUM_ECC_BYTES (256 / 8) +#endif #if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_CC310) || \ - defined(MCUBOOT_USE_MBED_TLS) + defined(MCUBOOT_USE_MBED_TLS) || defined (MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) #include "bootutil/sign_key.h" #include "mbedtls/oid.h" diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 8d717c69e..6b5ccbe35 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -168,6 +168,8 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_ zephyr_library_sources(${NRF_DIR}/cc310_glue.c) zephyr_library_include_directories(${NRF_DIR}) zephyr_link_libraries(nrfxlib_crypto) + elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) + zephyr_include_directories(${BL_CRYPTO_DIR}/../include) endif() # Since here we are not using Zephyr's mbedTLS but rather our own, we need diff --git a/boot/zephyr/external_crypto.conf b/boot/zephyr/external_crypto.conf new file mode 100644 index 000000000..3ed56cc16 --- /dev/null +++ b/boot/zephyr/external_crypto.conf @@ -0,0 +1,20 @@ +# +# Copyright (c) 2021 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +# These configurations should be used when using nrf/samples/bootloader +# as the immutable bootloader (B0), and MCUBoot as the second stage updateable +# bootloader. + +# Set ECDSA as signing mechanism +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y + +# Use crypto backend from B0 +CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y +CONFIG_SECURE_BOOT_CRYPTO=y +CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y +CONFIG_SB_CRYPTO_CLIENT_SHA256=y +CONFIG_BL_SHA256_EXT_API_REQUIRED=y +CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 4dc105fe9..db5d656dc 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -39,9 +39,8 @@ #define MCUBOOT_USE_TINYCRYPT #elif defined(CONFIG_BOOT_USE_CC310) #define MCUBOOT_USE_CC310 -#ifdef CONFIG_BOOT_USE_NRF_CC310_BL -#define MCUBOOT_USE_NRF_CC310_BL -#endif +#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) +#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO #endif /* Zephyr, regardless of C library used, provides snprintf */ From 7abea26499a67222c63329bd6ee3cffe02400321 Mon Sep 17 00:00:00 2001 From: Kamil Piszczek Date: Mon, 14 Nov 2022 14:58:53 +0100 Subject: [PATCH 51/72] [nrf fromtree] boot: zephyr: remove thingy53_nrf5340_cpuapp.conf board configuration Removed the board configuration for Thingy:53 Application Core as it contains references to the Kconfig modules that are not available in the upstream Zephyr. The current configuration is set up to work in the nRF Connect SDK environment and should be moved there. Signed-off-by: Kamil Piszczek (cherry picked from commit b9e47b76ed43209f88c02b945b0ffa9b022e993c) --- .../boards/thingy53_nrf5340_cpuapp.conf | 72 ------------------- 1 file changed, 72 deletions(-) delete mode 100644 boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf diff --git a/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf b/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf deleted file mode 100644 index cde9d45b0..000000000 --- a/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf +++ /dev/null @@ -1,72 +0,0 @@ -CONFIG_SIZE_OPTIMIZATIONS=y - -CONFIG_SYSTEM_CLOCK_NO_WAIT=y -CONFIG_PM=n - -CONFIG_MAIN_STACK_SIZE=10240 -CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" - -CONFIG_BOOT_MAX_IMG_SECTORS=2048 -CONFIG_BOOT_SIGNATURE_TYPE_RSA=y - -# Flash -CONFIG_FLASH=y -CONFIG_BOOT_ERASE_PROGRESSIVELY=y -CONFIG_SOC_FLASH_NRF_EMULATE_ONE_BYTE_WRITE_ACCESS=y -CONFIG_FPROTECT=y - -# Serial -CONFIG_SERIAL=y -CONFIG_UART_LINE_CTRL=y - -# MCUBoot serial -CONFIG_GPIO=y -CONFIG_MCUBOOT_SERIAL=y -CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y -CONFIG_BOOT_SERIAL_CDC_ACM=y - -# Required by QSPI -CONFIG_NORDIC_QSPI_NOR=y -CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 -CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 - -# Required by USB and QSPI -CONFIG_MULTITHREADING=y - -# USB -CONFIG_USB_DEVICE_REMOTE_WAKEUP=n -CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor ASA" -CONFIG_USB_DEVICE_PRODUCT="Bootloader Thingy:53" -CONFIG_USB_DEVICE_VID=0x1915 -CONFIG_USB_DEVICE_PID=0x5300 -CONFIG_USB_CDC_ACM=y - -# Decrease memory footprint -CONFIG_CBPRINTF_NANO=y -CONFIG_TIMESLICING=n -CONFIG_BOOT_BANNER=n -CONFIG_CONSOLE=n -CONFIG_CONSOLE_HANDLER=n -CONFIG_UART_CONSOLE=n -CONFIG_USE_SEGGER_RTT=n -CONFIG_LOG=n -CONFIG_ERRNO=n -CONFIG_PRINTK=n -CONFIG_RESET_ON_FATAL_ERROR=n -CONFIG_SPI=n -CONFIG_I2C=n -CONFIG_UART_NRFX=n - -# The following configurations are required to support simultaneous multi image update -CONFIG_PCD_APP=y -CONFIG_UPDATEABLE_IMAGE_NUMBER=2 -CONFIG_BOOT_UPGRADE_ONLY=y -# The network core cannot access external flash directly. The flash simulator must be used to -# provide a memory region that is used to forward the new firmware to the network core. -CONFIG_FLASH_SIMULATOR=y -CONFIG_FLASH_SIMULATOR_DOUBLE_WRITES=y -CONFIG_FLASH_SIMULATOR_STATS=n - -# Enable custom command to erase settings partition. -CONFIG_ENABLE_MGMT_PERUSER=y -CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE=y From 625c84e33ce748a155adc689e54d81cfab2a44ac Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 27 Aug 2020 14:29:31 +0200 Subject: [PATCH 52/72] [nrf noup] boot: nrf53-specific customizations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. - Add support for multi image DFU using partition manager. - Add check for netcore addr if NSIB is enabled so netcore updates works - boot: zephyr: move thingy53_nrf5340_cpuapp.conf downstream Moved the board configuration for Thingy:53 Application Core to the nRF Connect SDK MCUboot downstream repository. The configuration file contains references to the Kconfig modules that are only available in the nRF Connect SDK. The current configuration is set up to work in the nRF Connect SDK environment and cannot be used upstream. - pm: enable ram flash partition using common flag This patch makes mcuboot_primary_1 ram-flash partition selectable using CONFIG_NRF53_MCUBOOT_PRIMARY_1_RAM_FLASH property. This is needed since CONFIG_NRF53_MULTI_IMAGE_UPDATE become not only configuration which requires that partition. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Emil Obalski Signed-off-by: Håkon Øye Amundsen Signed-off-by: Ioannis Glaropoulos Signed-off-by: Jamie McCrae Signed-off-by: Johann Fischer Signed-off-by: Kamil Piszczek Signed-off-by: Ole Sæther Signed-off-by: Sigvart Hovland Signed-off-by: Simon Iversen Signed-off-by: Torsten Rasmussen Signed-off-by: Trond Einar Snekvik (cherry picked from commit 7c3d7ed725919b5c0cce8688d565dec59957cb9b) (cherry picked from commit 3895554024edc1b518657fcfdc802a8fdf71bd65) (cherry picked from commit 2da20eb0f92974ce1dbcc700a25c43dcddc72b29) (cherry picked from commit 1d535d0ccbf4d213752a58b235e8e46c6a39a6a1) --- boot/bootutil/src/loader.c | 96 ++++++++++++++----- .../boards/thingy53_nrf5340_cpuapp.conf | 72 ++++++++++++++ boot/zephyr/include/sysflash/sysflash.h | 23 +++++ boot/zephyr/main.c | 9 ++ boot/zephyr/pm.yml | 13 +++ 5 files changed, 187 insertions(+), 26 deletions(-) create mode 100644 boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index b60a3a141..4a4593d76 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -48,6 +48,10 @@ #include "bootutil/boot_hooks.h" #include "bootutil/mcuboot_status.h" +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) +#include +#endif + #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -908,7 +912,15 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; -#ifdef PM_S1_ADDRESS + bool upgrade_valid = false; + +#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; + uint32_t vtable_addr = 0; + uint32_t *vtable = 0; + uint32_t reset_addr = 0; /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -916,34 +928,36 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - int rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } - } + vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + vtable = (uint32_t *)(vtable_addr); + reset_addr = vtable[1]; +#ifdef PM_S1_ADDRESS +#ifdef PM_CPUNET_B0N_ADDRESS + if(reset_addr < PM_CPUNET_B0N_ADDRESS) #endif + { + const struct flash_area *primary_fa; + int rc = flash_area_open(flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } + } +#endif /* PM_S1_ADDRESS */ + } +#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -957,7 +971,37 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } + } else { + upgrade_valid = true; + } + +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + /* If the update is valid, and it targets the network core: perform the + * update and indicate to the caller of this function that no update is + * available + */ + if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { + uint32_t fw_size = hdr->ih_img_size; + + BOOT_LOG_INF("Starting network core update"); + int rc = pcd_network_core_update(vtable, fw_size); + + if (rc != 0) { + swap_type = BOOT_SWAP_TYPE_FAIL; + } else { + BOOT_LOG_INF("Done updating network core"); +#if defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SWAP_USING_MOVE) + /* swap_erase_trailer_sectors is undefined if upgrade only + * method is used. There is no need to erase sectors, because + * the image cannot be reverted. + */ + rc = swap_erase_trailer_sectors(state, + secondary_fa); +#endif + swap_type = BOOT_SWAP_TYPE_NONE; + } } +#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf b/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf new file mode 100644 index 000000000..cde9d45b0 --- /dev/null +++ b/boot/zephyr/boards/thingy53_nrf5340_cpuapp.conf @@ -0,0 +1,72 @@ +CONFIG_SIZE_OPTIMIZATIONS=y + +CONFIG_SYSTEM_CLOCK_NO_WAIT=y +CONFIG_PM=n + +CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" + +CONFIG_BOOT_MAX_IMG_SECTORS=2048 +CONFIG_BOOT_SIGNATURE_TYPE_RSA=y + +# Flash +CONFIG_FLASH=y +CONFIG_BOOT_ERASE_PROGRESSIVELY=y +CONFIG_SOC_FLASH_NRF_EMULATE_ONE_BYTE_WRITE_ACCESS=y +CONFIG_FPROTECT=y + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_LINE_CTRL=y + +# MCUBoot serial +CONFIG_GPIO=y +CONFIG_MCUBOOT_SERIAL=y +CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y +CONFIG_BOOT_SERIAL_CDC_ACM=y + +# Required by QSPI +CONFIG_NORDIC_QSPI_NOR=y +CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 +CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 + +# Required by USB and QSPI +CONFIG_MULTITHREADING=y + +# USB +CONFIG_USB_DEVICE_REMOTE_WAKEUP=n +CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor ASA" +CONFIG_USB_DEVICE_PRODUCT="Bootloader Thingy:53" +CONFIG_USB_DEVICE_VID=0x1915 +CONFIG_USB_DEVICE_PID=0x5300 +CONFIG_USB_CDC_ACM=y + +# Decrease memory footprint +CONFIG_CBPRINTF_NANO=y +CONFIG_TIMESLICING=n +CONFIG_BOOT_BANNER=n +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n +CONFIG_USE_SEGGER_RTT=n +CONFIG_LOG=n +CONFIG_ERRNO=n +CONFIG_PRINTK=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_SPI=n +CONFIG_I2C=n +CONFIG_UART_NRFX=n + +# The following configurations are required to support simultaneous multi image update +CONFIG_PCD_APP=y +CONFIG_UPDATEABLE_IMAGE_NUMBER=2 +CONFIG_BOOT_UPGRADE_ONLY=y +# The network core cannot access external flash directly. The flash simulator must be used to +# provide a memory region that is used to forward the new firmware to the network core. +CONFIG_FLASH_SIMULATOR=y +CONFIG_FLASH_SIMULATOR_DOUBLE_WRITES=y +CONFIG_FLASH_SIMULATOR_STATS=n + +# Enable custom command to erase settings partition. +CONFIG_ENABLE_MGMT_PERUSER=y +CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE=y diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 2495a9810..d5c8e2f26 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -16,6 +16,11 @@ #elif (MCUBOOT_IMAGE_NUMBER == 2) +/* If B0 is present then two bootloaders are present, and we must use + * a single secondary slot for both primary slots. + */ +#ifdef PM_B0_ADDRESS + extern uint32_t _image_1_primary_slot_id[]; #define FLASH_AREA_IMAGE_PRIMARY(x) \ @@ -31,6 +36,24 @@ extern uint32_t _image_1_primary_slot_id[]; (x == 1) ? \ PM_MCUBOOT_SECONDARY_ID: \ 255 ) +#else + +#define FLASH_AREA_IMAGE_PRIMARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_PRIMARY_ID : \ + (x == 1) ? \ + PM_MCUBOOT_PRIMARY_1_ID : \ + 255 ) + +#define FLASH_AREA_IMAGE_SECONDARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + (x == 1) ? \ + PM_MCUBOOT_SECONDARY_1_ID: \ + 255 ) + +#endif /* PM_B0_ADDRESS */ + #endif #define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c1473f741..751a50a37 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -64,6 +64,10 @@ const struct boot_uart_funcs boot_funcs = { #include #endif +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) +#include +#endif + /* CONFIG_LOG_MINIMAL is the legacy Kconfig property, * replaced by CONFIG_LOG_MODE_MINIMAL. */ @@ -658,6 +662,11 @@ void main(void) ; } +#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + pcd_lock_ram(); +#endif + ZEPHYR_BOOT_LOG_STOP(); do_boot(&rsp); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index dd08096e6..80ca3d946 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -72,3 +72,16 @@ mcuboot_pad: #ifdef CONFIG_FPROTECT align: {start: CONFIG_FPROTECT_BLOCK_SIZE} #endif + +#if (CONFIG_NRF53_MCUBOOT_PRIMARY_1_RAM_FLASH) +mcuboot_primary_1: + region: ram_flash + size: CONFIG_NRF53_RAM_FLASH_SIZE +#endif /* CONFIG_NRF53_MULTI_IMAGE_UPDATE */ + +#if (CONFIG_NRF53_MULTI_IMAGE_UPDATE) +mcuboot_secondary_1: + region: external_flash + size: CONFIG_NRF53_RAM_FLASH_SIZE + +#endif /* CONFIG_NRF53_MULTI_IMAGE_UPDATE */ From 0701661c8f52c0644a405fc36c0fe96455b7c876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Fri, 3 Sep 2021 14:38:54 -0700 Subject: [PATCH 53/72] [nrf noup] boot: add 'minimal' configuration files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add prj_minimal.conf, a Kconfig fragment to be used for minimally sized image production. The minimal fragment has been simplified for only external crypto. Move partition sizing into Kconfig to be consistent with the method used by b0. Using this fragment with prj_minimal.conf makes MCUboot < 16kB for all nRF devices (9160 still needs 32kB partition). Ref: NCSDK-6704 Signed-off-by: Stephen Stauts Signed-off-by: Martí Bolívar Signed-off-by: Sebastian Bøe Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 6186a438257ae8097e3a1b742aa7fcf52fc5e653) --- .../nrf5340dk_nrf5340_cpuapp_minimal.conf | 13 ++++++ boot/zephyr/prj_minimal.conf | 45 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf create mode 100644 boot/zephyr/prj_minimal.conf diff --git a/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf b/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf new file mode 100644 index 000000000..11dd2ab68 --- /dev/null +++ b/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf @@ -0,0 +1,13 @@ +# +# Copyright (c) 2021 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +# CC3xx is currently not used for nrf53 +CONFIG_HW_CC3XX=n +CONFIG_NRF_CC3XX_PLATFORM=n + +# Required for kernel operation +CONFIG_CLOCK_CONTROL=y +CONFIG_SYS_CLOCK_EXISTS=y diff --git a/boot/zephyr/prj_minimal.conf b/boot/zephyr/prj_minimal.conf new file mode 100644 index 000000000..c1a3a065d --- /dev/null +++ b/boot/zephyr/prj_minimal.conf @@ -0,0 +1,45 @@ +# +# Copyright (c) 2021 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" + +CONFIG_FLASH=y +CONFIG_FPROTECT=y +CONFIG_PM=n + +CONFIG_BOOT_ENCRYPT_EC256=n +CONFIG_BOOT_ENCRYPT_RSA=n +CONFIG_BOOT_ENCRYPT_X25519=n +CONFIG_BOOT_SWAP_SAVE_ENCTLV=n + +CONFIG_BOOT_BOOTSTRAP=n +CONFIG_BOOT_UPGRADE_ONLY=n + +### Minimal Configurations ### +CONFIG_BOOT_USE_MIN_PARTITION_SIZE=y +CONFIG_ASSERT=n +CONFIG_BOOT_BANNER=n +CONFIG_CLOCK_CONTROL=n +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_GPIO=n +CONFIG_KERNEL_MEM_POOL=n +CONFIG_LOG=n +CONFIG_MINIMAL_LIBC_CALLOC=n +CONFIG_MINIMAL_LIBC_MALLOC=n +CONFIG_MINIMAL_LIBC_REALLOCARRAY=n +CONFIG_NCS_SAMPLES_DEFAULTS=n +CONFIG_NO_RUNTIME_CHECKS=y +CONFIG_NRF_RTC_TIMER=n +CONFIG_PRINTK=n +CONFIG_REBOOT=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_SECURE_BOOT_DEBUG=n +CONFIG_SERIAL=n +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_SYS_CLOCK_EXISTS=n +CONFIG_UART_CONSOLE=n From d1f2ef8d7bd84d4524d20807ff2dcd6b76a54aff Mon Sep 17 00:00:00 2001 From: Bernt Johan Damslora Date: Fri, 20 Sep 2019 18:25:41 +0200 Subject: [PATCH 54/72] [nrf noup] boot: zephyr: add support for Thingy:91 Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. The bootloader that is factory-programmed on thing91 does not support ECDSA signature type. Hence this commit also sets the signature type to RSA for applications built for Thingy:91. Signed-off-by: Bernt Johan Damslora Signed-off-by: Sigvart Hovland Signed-off-by: Jon Helge Nistad Signed-off-by: Balaji Srinivasan Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 145fa69ecc23ed84ff9c4b53fe1e84c3780c9a48) --- boot/zephyr/boards/thingy91_nrf52840.conf | 37 +++++++++++++++++++++++ boot/zephyr/boards/thingy91_nrf9160.conf | 16 ++++++++++ 2 files changed, 53 insertions(+) create mode 100644 boot/zephyr/boards/thingy91_nrf52840.conf create mode 100644 boot/zephyr/boards/thingy91_nrf9160.conf diff --git a/boot/zephyr/boards/thingy91_nrf52840.conf b/boot/zephyr/boards/thingy91_nrf52840.conf new file mode 100644 index 000000000..5a415cc62 --- /dev/null +++ b/boot/zephyr/boards/thingy91_nrf52840.conf @@ -0,0 +1,37 @@ +# Disable Zephyr console +CONFIG_LOG=n +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n + +# The build won't fit on the partition allocated for it without size +# optimizations. +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x12000 + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_NRFX=y +CONFIG_UART_INTERRUPT_DRIVEN=y +CONFIG_UART_LINE_CTRL=y + +# MCUboot serial recovery +CONFIG_GPIO=y +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_CDC_ACM=y +CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_1" +CONFIG_BOOT_SERIAL_DETECT_PIN=13 +CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 + +# Required by USB +CONFIG_MULTITHREADING=y + +# USB +CONFIG_USB_DEVICE_STACK=y +CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" +CONFIG_USB_CDC_ACM=y +CONFIG_USB_COMPOSITE_DEVICE=y +CONFIG_USB_MASS_STORAGE=n +CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor" +CONFIG_USB_DEVICE_VID=0x1915 +CONFIG_USB_DEVICE_PID=0x520F diff --git a/boot/zephyr/boards/thingy91_nrf9160.conf b/boot/zephyr/boards/thingy91_nrf9160.conf new file mode 100644 index 000000000..6e671a286 --- /dev/null +++ b/boot/zephyr/boards/thingy91_nrf9160.conf @@ -0,0 +1,16 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n + +# Disable Flash protection +CONFIG_FPROTECT=n + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_0" +CONFIG_BOOT_SERIAL_DETECT_PIN=26 +CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 From 9dac8ad815b22eda104f7771d8b82c88f6cfef48 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 27 Feb 2020 12:48:56 +0100 Subject: [PATCH 55/72] [nrf noup] do_boot: clean peripherals state before boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. This should be re-worked when the zephyr driver model allows us to deinitialize devices cleanly before jumping to the chain-loaded image. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Øyvind Rønningstad Signed-off-by: Martí Bolívar Signed-off-by: Håkon Øye Amundsen Signed-off-by: Ioannis Glaropoulos Signed-off-by: Johann Fischer Signed-off-by: Trond Einar Snekvik Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 4869eb3bf7e3a0d30035e5d0649ed28b5023d613) --- boot/zephyr/CMakeLists.txt | 6 +++ boot/zephyr/include/nrf_cleanup.h | 19 +++++++ boot/zephyr/main.c | 8 ++- boot/zephyr/nrf_cleanup.c | 83 +++++++++++++++++++++++++++++++ 4 files changed, 115 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/include/nrf_cleanup.h create mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6b5ccbe35..48935db90 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -359,3 +359,9 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() + +if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/nrf_cleanup.c +) +endif() diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h new file mode 100644 index 000000000..2b175634e --- /dev/null +++ b/boot/zephyr/include/nrf_cleanup.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#ifndef H_NRF_CLEANUP_ +#define H_NRF_CLEANUP_ + +/** + * Perform cleanup on some peripheral resources used by MCUBoot prior chainload + * the application. + * + * This function disables all RTC instances and UARTE instances. + * It Disables their interrupts signals as well. + */ +void nrf_cleanup_peripheral(void); + +#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 751a50a37..faba8b948 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -115,6 +115,10 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL +#include +#endif + #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -221,7 +225,9 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif - +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL + nrf_cleanup_peripheral(); +#endif #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c new file mode 100644 index 000000000..a8fff30a8 --- /dev/null +++ b/boot/zephyr/nrf_cleanup.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#include +#if defined(NRF_UARTE0) || defined(NRF_UARTE1) + #include +#endif +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) + #include +#endif +#if defined(NRF_PPI) + #include +#endif +#if defined(NRF_DPPIC) + #include +#endif + +#include + +#define NRF_UARTE_SUBSCRIBE_CONF_OFFS offsetof(NRF_UARTE_Type, SUBSCRIBE_STARTRX) +#define NRF_UARTE_SUBSCRIBE_CONF_SIZE (offsetof(NRF_UARTE_Type, EVENTS_CTS) -\ + NRF_UARTE_SUBSCRIBE_CONF_OFFS) + +#define NRF_UARTE_PUBLISH_CONF_OFFS offsetof(NRF_UARTE_Type, PUBLISH_CTS) +#define NRF_UARTE_PUBLISH_CONF_SIZE (offsetof(NRF_UARTE_Type, SHORTS) -\ + NRF_UARTE_PUBLISH_CONF_OFFS) + +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) +static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) +{ + nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); + nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); + nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); +} +#endif + +static void nrf_cleanup_clock(void) +{ + nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); +} + +void nrf_cleanup_peripheral(void) +{ +#if defined(NRF_RTC0) + nrf_cleanup_rtc(NRF_RTC0); +#endif +#if defined(NRF_RTC1) + nrf_cleanup_rtc(NRF_RTC1); +#endif +#if defined(NRF_RTC2) + nrf_cleanup_rtc(NRF_RTC2); +#endif +#if defined(NRF_UARTE0) + nrf_uarte_disable(NRF_UARTE0); + nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); +#if defined(NRF_DPPIC) + /* Clear all SUBSCRIBE configurations. */ + memset((uint8_t *)NRF_UARTE0 + NRF_UARTE_SUBSCRIBE_CONF_OFFS, 0, NRF_UARTE_SUBSCRIBE_CONF_SIZE); + /* Clear all PUBLISH configurations. */ + memset((uint8_t *)NRF_UARTE0 + NRF_UARTE_PUBLISH_CONF_OFFS, 0, NRF_UARTE_PUBLISH_CONF_SIZE); +#endif +#endif +#if defined(NRF_UARTE1) + nrf_uarte_disable(NRF_UARTE1); + nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); +#if defined(NRF_DPPIC) + /* Clear all SUBSCRIBE configurations. */ + memset((uint8_t *)NRF_UARTE1 + NRF_UARTE_SUBSCRIBE_CONF_OFFS, 0, NRF_UARTE_SUBSCRIBE_CONF_SIZE); + /* Clear all PUBLISH configurations. */ + memset((uint8_t *)NRF_UARTE1 + NRF_UARTE_PUBLISH_CONF_OFFS, 0, NRF_UARTE_PUBLISH_CONF_SIZE); +#endif +#endif +#if defined(NRF_PPI) + nrf_ppi_channels_disable_all(NRF_PPI); +#endif +#if defined(NRF_DPPIC) + nrf_dppi_channels_disable_all(NRF_DPPIC); +#endif + nrf_cleanup_clock(); +} From 8f299e8f1bf2511558fe0f33969abc2a449824ad Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Tue, 30 Mar 2021 22:45:17 +0200 Subject: [PATCH 56/72] [nrf noup] bootutil: loader: work-around for multi-image builds Seems multi-image dependencies are not supported for multi-image in NCS yet. This is a workaround which reverts some lines to restore previous MCUboot behavior, so that Immutable bootloader + MCUBoot type builds will work. Ref. NCSDK-8681 Signed-off-by: Sigvart Hovland Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 72ce504ebe3da055e7b99536d50838496bab50a2) --- boot/bootutil/src/loader.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 4a4593d76..7d41d3818 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -1594,7 +1594,7 @@ boot_verify_dependencies(struct boot_loader_state *state) if (rc == 0) { /* All dependencies've been satisfied, continue with next image. */ BOOT_CURR_IMG(state)++; - } else { + } else if (rc == BOOT_EBADIMAGE) { /* Cannot upgrade due to non-met dependencies, so disable all * image upgrades. */ @@ -1603,7 +1603,10 @@ boot_verify_dependencies(struct boot_loader_state *state) BOOT_SWAP_TYPE(state) = BOOT_SWAP_TYPE_NONE; } break; - } + } else { + /* Other error happened, images are inconsistent */ + return rc; + } } return rc; } From 3ab5fbb92f6bcfc8808a0cc160ec30f9b48af3a7 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Mon, 8 Nov 2021 22:58:59 +0100 Subject: [PATCH 57/72] [nrf noup] zephyr: Set at least provide EXT_API -This sets the provide EXT_API to be at least optional when the external_crypto is being used. Ref: NCSDK-12021 Signed-off-by: Georgios Vasilakis Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit ec8b60d67fa4006ffdc377d1e0e011427a31d095) --- boot/zephyr/external_crypto.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/external_crypto.conf b/boot/zephyr/external_crypto.conf index 3ed56cc16..934a19720 100644 --- a/boot/zephyr/external_crypto.conf +++ b/boot/zephyr/external_crypto.conf @@ -18,3 +18,4 @@ CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y CONFIG_SB_CRYPTO_CLIENT_SHA256=y CONFIG_BL_SHA256_EXT_API_REQUIRED=y CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y +CONFIG_EXT_API_PROVIDE_EXT_API_ATLEAST_OPTIONAL=y From c56439c9793a5b700b534bf1f81b85d50efb83a6 Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Fri, 27 Nov 2020 15:30:50 +0100 Subject: [PATCH 58/72] [nrf noup] boot: zephyr: remove CONFIG_DEBUG=y in prj.conf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit removes the `CONFIG_DEBUG=y` setting from Zephyr prj.conf to save on flash size. Signed-off-by: Torsten Rasmussen Signed-off-by: Johann Fischer Signed-off-by: Sebastian Bøe Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 2dc0e40450470686af0d7d27b3caad0fbe4bdcb4) --- boot/zephyr/prj.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index ec6ac9fa0..e14395b80 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,4 +1,3 @@ -CONFIG_DEBUG=y CONFIG_PM=n CONFIG_MAIN_STACK_SIZE=10240 From 542f51fc3361b554109f95350d0cffeef6913ca9 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Fri, 4 Feb 2022 00:16:33 +0100 Subject: [PATCH 59/72] [nrf noup] boot: zephyr: Enable zeroize ALT func -This enables the MBEDTLS_PLATFORM_ZEROIZE_ALT definition on Mbed TLS build of the MCUBOOT when the platform library is enabled. If not defined the Mbed TLS will compile the zeroize function and it will cause multiple definition errors. This is a noup because the configuration does not exist outside the sdk-nrf. Ref: NCSDK-13503 Signed-off-by: Georgios Vasilakis Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit 6dfa1a125623cbcd80264762e77251bf8a7c1fdc) --- boot/zephyr/include/mcuboot-mbedtls-cfg.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h index 02bf0b082..b89c95492 100644 --- a/boot/zephyr/include/mcuboot-mbedtls-cfg.h +++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h @@ -21,6 +21,16 @@ * the simulator build.rs accordingly. */ +/* + * When the CC3XX_PLATFORM library is enabled we need to + * inform the Mbed TLS library to not compile the + * platform_zeroize function, otherwise we will get + * a multiple definitions error. + */ +#if defined(CONFIG_NRF_CC3XX_PLATFORM) +#define MBEDTLS_PLATFORM_ZEROIZE_ALT +#endif + #if defined(CONFIG_BOOT_SIGNATURE_TYPE_RSA) || defined(CONFIG_BOOT_ENCRYPT_RSA) #include "config-rsa.h" #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ From dbcdfae9ae7f8c32bfe59529a2473e611e4aa294 Mon Sep 17 00:00:00 2001 From: Damian Krolik Date: Mon, 21 Mar 2022 13:44:27 +0100 Subject: [PATCH 60/72] [nrf noup] Restore default RTC user channel count The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik Signed-off-by: Torsten Rasmussen Signed-off-by: Jamie McCrae (cherry picked from commit f8d7b0b0c91f8201efa60337133357baec746fed) --- boot/zephyr/prj.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e14395b80..9b8696e3f 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -34,3 +34,4 @@ CONFIG_LOG_MODE_MINIMAL=y # former CONFIG_MODE_MINIMAL CONFIG_LOG_DEFAULT_LEVEL=0 ### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y CONFIG_CBPRINTF_NANO=y +CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT=0 From bf04817597a2c967ed0e686748234bea07fe9644 Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Tue, 13 Sep 2022 12:12:08 +0200 Subject: [PATCH 61/72] [nrf noup] boot: zephyr: Align serial recovery config on Thingy:91 Change removes the legacy configuration. The legacy configuration became problematic, because GPIO DTS nodes no longer support labels that were used to identify nodes in MCUboot. Therefore we need to use GPIO DTS node name with the legacy approach. The GPIO should be configured by board's DTS, which is simpler. Jira: NCSDK-16550 Signed-off-by: Marek Pieta (cherry picked from commit bf00840a090f396ec1554968e19fa0e02c077d38) --- boot/zephyr/boards/thingy91_nrf52840.conf | 3 --- boot/zephyr/boards/thingy91_nrf9160.conf | 3 --- 2 files changed, 6 deletions(-) diff --git a/boot/zephyr/boards/thingy91_nrf52840.conf b/boot/zephyr/boards/thingy91_nrf52840.conf index 5a415cc62..c0d183401 100644 --- a/boot/zephyr/boards/thingy91_nrf52840.conf +++ b/boot/zephyr/boards/thingy91_nrf52840.conf @@ -19,9 +19,6 @@ CONFIG_UART_LINE_CTRL=y CONFIG_GPIO=y CONFIG_MCUBOOT_SERIAL=y CONFIG_BOOT_SERIAL_CDC_ACM=y -CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_1" -CONFIG_BOOT_SERIAL_DETECT_PIN=13 -CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 # Required by USB CONFIG_MULTITHREADING=y diff --git a/boot/zephyr/boards/thingy91_nrf9160.conf b/boot/zephyr/boards/thingy91_nrf9160.conf index 6e671a286..1bf2e424d 100644 --- a/boot/zephyr/boards/thingy91_nrf9160.conf +++ b/boot/zephyr/boards/thingy91_nrf9160.conf @@ -11,6 +11,3 @@ CONFIG_BOOT_MAX_IMG_SECTORS=256 # MCUboot serial recovery CONFIG_MCUBOOT_SERIAL=y -CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_0" -CONFIG_BOOT_SERIAL_DETECT_PIN=26 -CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 From 96fe9dd6c7ab672953d537175c6414e70965c7ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andrzej=20G=C5=82=C4=85bek?= Date: Fri, 30 Sep 2022 18:05:18 +0200 Subject: [PATCH 62/72] [nrf fromtree] ext/nrf/cc310_glue.h: Update Zephyr include path MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add `zephyr/` prefix to ``. Signed-off-by: Andrzej Głąbek (cherry picked from commit 14e45ce9478b8b95a3d41aac6ba92a12569784c4) --- ext/nrf/cc310_glue.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ext/nrf/cc310_glue.h b/ext/nrf/cc310_glue.h index 0979cb7d9..aac41ae63 100644 --- a/ext/nrf/cc310_glue.h +++ b/ext/nrf/cc310_glue.h @@ -10,7 +10,7 @@ #include #include #include -#include +#include #include /* From 11c5149a7dd6c9f7581e971656bae461c135e31a Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 30 Nov 2022 15:44:44 +0000 Subject: [PATCH 63/72] [nrf fromlist] boot_serial: Add unaligned stack buffer writing Fixes a bug when writing to devices which have memory alignment requirements with data being using directly from a zcbor-response whereby the alignment of the buffer data does not meet the requirements of the flash driver. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/1533 Signed-off-by: Jamie McCrae --- boot/boot_serial/src/boot_serial.c | 31 +++++++++++++++++++ boot/zephyr/Kconfig.serial_recovery | 8 +++++ .../include/mcuboot_config/mcuboot_config.h | 4 +++ 3 files changed, 43 insertions(+) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 9a82804ea..3a322cf91 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -508,7 +508,38 @@ bs_upload(char *buf, int len) BOOT_LOG_INF("Writing at 0x%x until 0x%x", curr_off, curr_off + img_chunk_len); /* Write flash aligned chunk, note that img_chunk_len now holds aligned length */ +#if defined(MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE) && MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE > 0 + if (flash_area_align(fap) > 1 && + (((size_t)img_chunk) & (flash_area_align(fap) - 1)) != 0) { + /* Buffer address incompatible with write address, use buffer to write */ + uint8_t write_size = MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE; + uint8_t wbs_aligned[MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE]; + + while (img_chunk_len >= flash_area_align(fap)) { + if (write_size > img_chunk_len) { + write_size = img_chunk_len; + } + + memset(wbs_aligned, flash_area_erased_val(fap), sizeof(wbs_aligned)); + memcpy(wbs_aligned, img_chunk, write_size); + + rc = flash_area_write(fap, curr_off, wbs_aligned, write_size); + + if (rc != 0) { + break; + } + + curr_off += write_size; + img_chunk += write_size; + img_chunk_len -= write_size; + } + } else { + rc = flash_area_write(fap, curr_off, img_chunk, img_chunk_len); + } +#else rc = flash_area_write(fap, curr_off, img_chunk, img_chunk_len); +#endif + if (rc == 0 && rem_bytes) { /* Non-zero rem_bytes means that last chunk needs alignment; the aligned * part, in the img_chunk_len - rem_bytes count bytes, has already been diff --git a/boot/zephyr/Kconfig.serial_recovery b/boot/zephyr/Kconfig.serial_recovery index eabebfaa2..c9781f81a 100644 --- a/boot/zephyr/Kconfig.serial_recovery +++ b/boot/zephyr/Kconfig.serial_recovery @@ -50,6 +50,14 @@ config MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD Note that 0 is default upload target when no explicit selection is done. +config BOOT_SERIAL_UNALIGNED_BUFFER_SIZE + int "Stack buffer for unaligned memory writes" + default 64 + help + Specifies the stack usage for a buffer which is used for unaligned + memory access when data is written to a device with memory alignment + requirements. Set to 0 to disable. + config BOOT_MAX_LINE_INPUT_LEN int "Maximum command line length" default 512 diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index db5d656dc..57e4aae82 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -240,6 +240,10 @@ #define MCUBOOT_MAX_IMG_SECTORS 128 #endif +#ifdef CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE +#define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE +#endif + /* Support 32-byte aligned flash sizes */ #if DT_HAS_CHOSEN(zephyr_flash) #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8 From db3da7f4f3eefffb00d1900c231b84386eb5440e Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Thu, 1 Dec 2022 14:24:37 +0000 Subject: [PATCH 64/72] [nrf fromlist] boot_serial: Allow using a buffer larger than 512 bytes There are 3 levels of buffers and only the first one seems to be configurable, this fixes that issue. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/1536 Signed-off-by: Jamie McCrae --- boot/boot_serial/src/boot_serial.c | 9 ++++++--- boot/zephyr/Kconfig.serial_recovery | 10 ++++++++-- boot/zephyr/include/mcuboot_config/mcuboot_config.h | 4 ++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 3a322cf91..e8662d81e 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -78,7 +78,10 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); -#define BOOT_SERIAL_INPUT_MAX 512 +#ifndef MCUBOOT_SERIAL_MAX_RECEIVE_SIZE +#define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE 512 +#endif + #define BOOT_SERIAL_OUT_MAX (128 * BOOT_IMAGE_NUMBER) #ifdef __ZEPHYR__ @@ -107,8 +110,8 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); #define IMAGES_ITER(x) #endif -static char in_buf[BOOT_SERIAL_INPUT_MAX + 1]; -static char dec_buf[BOOT_SERIAL_INPUT_MAX + 1]; +static char in_buf[MCUBOOT_SERIAL_MAX_RECEIVE_SIZE + 1]; +static char dec_buf[MCUBOOT_SERIAL_MAX_RECEIVE_SIZE + 1]; const struct boot_uart_funcs *boot_uf; static struct nmgr_hdr *bs_hdr; static bool bs_entry; diff --git a/boot/zephyr/Kconfig.serial_recovery b/boot/zephyr/Kconfig.serial_recovery index c9781f81a..7eb243c1e 100644 --- a/boot/zephyr/Kconfig.serial_recovery +++ b/boot/zephyr/Kconfig.serial_recovery @@ -59,10 +59,16 @@ config BOOT_SERIAL_UNALIGNED_BUFFER_SIZE requirements. Set to 0 to disable. config BOOT_MAX_LINE_INPUT_LEN - int "Maximum command line length" + int "Maximum input line length" default 512 help - Maximum length of commands transported over the serial port. + Maximum length of input serial port buffer. + +config BOOT_SERIAL_MAX_RECEIVE_SIZE + int "Maximum command line length" + default 1024 + help + Maximum length of received commands via the serial port. config BOOT_SERIAL_DETECT_PORT string "GPIO device to trigger serial recovery mode (DEPRECATED)" diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 57e4aae82..6b08bd271 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -244,6 +244,10 @@ #define MCUBOOT_SERIAL_UNALIGNED_BUFFER_SIZE CONFIG_BOOT_SERIAL_UNALIGNED_BUFFER_SIZE #endif +#ifdef CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE +#define MCUBOOT_SERIAL_MAX_RECEIVE_SIZE CONFIG_BOOT_SERIAL_MAX_RECEIVE_SIZE +#endif + /* Support 32-byte aligned flash sizes */ #if DT_HAS_CHOSEN(zephyr_flash) #if DT_PROP_OR(DT_CHOSEN(zephyr_flash), write_block_size, 0) > 8 From 78fd7ff9f31d88b9119734965e2afdda0cb9689a Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 2 Dec 2022 09:24:10 +0000 Subject: [PATCH 65/72] [nrf fromlist] boot_serial: Fix rc not being returned as a signed value Fixes an issue whereby rc is a signed variable but is returned as an unsigned variable in the zcbor functions. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/1538 Signed-off-by: Jamie McCrae --- boot/boot_serial/src/boot_serial.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index e8662d81e..3759c8839 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -586,7 +586,7 @@ bs_upload(char *buf, int len) BOOT_LOG_INF("RX: 0x%x", rc); zcbor_map_start_encode(cbor_state, 10); zcbor_tstr_put_lit_cast(cbor_state, "rc"); - zcbor_uint32_put(cbor_state, rc); + zcbor_int32_put(cbor_state, rc); if (rc == 0) { zcbor_tstr_put_lit_cast(cbor_state, "off"); zcbor_uint32_put(cbor_state, curr_off); @@ -612,7 +612,7 @@ bs_rc_rsp(int rc_code) { zcbor_map_start_encode(cbor_state, 10); zcbor_tstr_put_lit_cast(cbor_state, "rc"); - zcbor_uint32_put(cbor_state, rc_code); + zcbor_int32_put(cbor_state, rc_code); zcbor_map_end_encode(cbor_state, 10); boot_serial_output(); } From 20f8d86f787331daa6812a32f12077189cebd31f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Thu, 8 Dec 2022 16:43:56 +0100 Subject: [PATCH 66/72] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fixup! [nrf noup] treewide: add NCS partition manager support The comment correctly states that we should skip the check for image 1, but the code skips validation for all images except image 0. Today it is only supported for two images, 0 and 1, but in the future it is expected that there might be an image 2, so we refactor this code to make it future-proof. Also, the comment was confusing and misleading so it has been re-written. Signed-off-by: Sebastian Bøe --- boot/bootutil/src/loader.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 7d41d3818..a1fe9a5da 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -2269,15 +2269,12 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT #ifdef PM_S1_ADDRESS - /* Patch needed for NCS. If secure boot is enabled, then mcuboot - * will be stored in either partition S0 or S1. Image 1 primary - * will point to the 'other' Sx partition. Hence, image 1 primary - * does not contain a valid image until mcuboot has been upgraded. - * Note that B0 will perform validation of the active mcuboot image, - * so there is no security lost by skipping this check for image 1 - * primary. + /* Patch needed for NCS. Image 1 primary is the currently + * executing MCUBoot image, and is therefore already trusted and + * does not need validation. */ - if (BOOT_CURR_IMG(state) == 0) + bool image_needs_validation = BOOT_CURR_IMG(state) != 1; + if (image_needs_validation) #endif { FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); From 7a3357e0dbc0e1ebde44690e98a4b6df317d3d84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Tue, 13 Dec 2022 11:29:38 +0100 Subject: [PATCH 67/72] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fixup! [nrf noup] treewide: add NCS partition manager support It is more precise to note that it's NSIB that does the validation. Also, this makes the comment more applicable to the fact that we won't be updating the HW counters for this image. Signed-off-by: Sebastian Bøe --- boot/bootutil/src/loader.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index a1fe9a5da..9b12bc01e 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -2269,19 +2269,19 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT #ifdef PM_S1_ADDRESS - /* Patch needed for NCS. Image 1 primary is the currently - * executing MCUBoot image, and is therefore already trusted and - * does not need validation. - */ - bool image_needs_validation = BOOT_CURR_IMG(state) != 1; - if (image_needs_validation) -#endif - { + /* Patch needed for NCS. Image 1 primary is the currently + * executing MCUBoot image, and is therefore already validated by NSIB and + * does not need to also be validated by MCUBoot. + */ + bool image_validated_by_nsib = BOOT_CURR_IMG(state) == 1; + if (!image_validated_by_nsib) +#endif + { FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); if (fih_not_eq(fih_rc, FIH_SUCCESS)) { goto out; } - } + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that From 34b3ac78780f861fb6a6eeffa42e6c7242c4eec9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Tue, 13 Dec 2022 11:30:50 +0100 Subject: [PATCH 68/72] [nrf noup] boot: zephyr: Skip updating sec counters for MCUBOOT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't update security counters for the MCUBoot image as it is NSIB that maintains a counter for this image. Ref: NCSDK-9045 Signed-off-by: Georgios Vasilakis Signed-off-by: Sebastian Bøe --- boot/bootutil/src/loader.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 9b12bc01e..3fa690a21 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -2296,10 +2296,15 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */ +#ifdef PM_S1_ADDRESS + if (!image_validated_by_nsib) +#endif + { rc = boot_update_hw_rollback_protection(state); if (rc != 0) { goto out; } + } rc = boot_add_shared_data(state, BOOT_PRIMARY_SLOT); if (rc != 0) { From 191a94694903761e17de9f70d5a2494a99f29915 Mon Sep 17 00:00:00 2001 From: Dominik Kilian Date: Thu, 15 Dec 2022 15:23:29 +0100 Subject: [PATCH 69/72] [nrf noup] treewide: Fix old Nordic license ID NCS has switch to the new license ID some time ago from LicenseRef-BSD-5-Clause-Nordic to new (more accurate) LicenseRef-Nordic-5-Clause. All source files must be adjusted to the new name. Ref: NCSIDB-717 Signed-off-by: Dominik Kilian --- boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf | 2 +- boot/zephyr/external_crypto.conf | 2 +- boot/zephyr/include/nrf_cleanup.h | 2 +- boot/zephyr/nrf_cleanup.c | 2 +- boot/zephyr/prj_minimal.conf | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf b/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf index 11dd2ab68..dd5468106 100644 --- a/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf +++ b/boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf @@ -1,7 +1,7 @@ # # Copyright (c) 2021 Nordic Semiconductor ASA # -# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # # CC3xx is currently not used for nrf53 diff --git a/boot/zephyr/external_crypto.conf b/boot/zephyr/external_crypto.conf index 934a19720..c362f000a 100644 --- a/boot/zephyr/external_crypto.conf +++ b/boot/zephyr/external_crypto.conf @@ -1,7 +1,7 @@ # # Copyright (c) 2021 Nordic Semiconductor ASA # -# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # # These configurations should be used when using nrf/samples/bootloader diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h index 2b175634e..6b04cedfe 100644 --- a/boot/zephyr/include/nrf_cleanup.h +++ b/boot/zephyr/include/nrf_cleanup.h @@ -1,7 +1,7 @@ /* * Copyright (c) 2020 Nordic Semiconductor ASA * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause */ #ifndef H_NRF_CLEANUP_ diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c index a8fff30a8..5bab26b24 100644 --- a/boot/zephyr/nrf_cleanup.c +++ b/boot/zephyr/nrf_cleanup.c @@ -1,7 +1,7 @@ /* * Copyright (c) 2020 Nordic Semiconductor ASA * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause */ #include diff --git a/boot/zephyr/prj_minimal.conf b/boot/zephyr/prj_minimal.conf index c1a3a065d..719aa7055 100644 --- a/boot/zephyr/prj_minimal.conf +++ b/boot/zephyr/prj_minimal.conf @@ -1,7 +1,7 @@ # # Copyright (c) 2021 Nordic Semiconductor ASA # -# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # CONFIG_MAIN_STACK_SIZE=10240 From 9d2f9b5742c5cabcb87b7f7f22ff5269b13403bf Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Mon, 19 Dec 2022 12:33:17 +0000 Subject: [PATCH 70/72] [nrf fromlist] zephyr: Missing header and definitions in boot_serial ... extensions Moved group definitions to extension source code. Upstream PR: https://github.com/mcu-tools/mcuboot/pull/1551 Signed-off-by: Dominik Ermel --- boot/zephyr/boot_serial_extensions.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/boot_serial_extensions.c b/boot/zephyr/boot_serial_extensions.c index de6e92389..954e40368 100644 --- a/boot/zephyr/boot_serial_extensions.c +++ b/boot/zephyr/boot_serial_extensions.c @@ -1,12 +1,11 @@ /* - * Copyright (c) 2021 Nordic Semiconductor ASA + * Copyright (c) 2021-2022 Nordic Semiconductor ASA * * SPDX-License-Identifier: Apache-2.0 */ #include #include -#include #include #include @@ -21,6 +20,9 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); +#define ZEPHYR_MGMT_GRP_BASIC (MGMT_GROUP_ID_PERUSER - 1) +#define ZEPHYR_MGMT_GRP_BASIC_CMD_ERASE_STORAGE 0 + #ifdef CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE static int bs_custom_storage_erase(zcbor_state_t *cs) { @@ -140,7 +142,7 @@ int bs_peruser_system_specific(const struct nmgr_hdr *hdr, const char *buffer, { int mgmt_rc = MGMT_ERR_ENOTSUP; - if (hdr->nh_group == ZEPHYR_MGMT_GRP_BASE) { + if (hdr->nh_group == ZEPHYR_MGMT_GRP_BASIC) { if (hdr->nh_op == NMGR_OP_WRITE) { #ifdef CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE if (hdr->nh_id == ZEPHYR_MGMT_GRP_BASIC_CMD_ERASE_STORAGE) { From 4f775a87611a084a2f6ad9a8a5034e080ddcc579 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Tue, 13 Dec 2022 16:43:34 +0100 Subject: [PATCH 71/72] [nrf noup] treewide: Update comment to not mention SPM fixup! [nrf noup] treewide: add NCS partition manager support Update comment to not mention the removed SPM secure firmware solution. Signed-off-by: Joakim Andersson --- boot/zephyr/pm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 80ca3d946..125b8813c 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -64,8 +64,8 @@ mcuboot_scratch: # Padding placed before image to boot. This reserves space for the MCUboot image header # and it ensures that the boot image gets linked with the correct address offset in flash. mcuboot_pad: - # MCUboot pad must be placed before the 'spm' partition if that is present. - # If 'spm' partition is not present, it must be placed before the 'app'. + # MCUboot pad must be placed before the primary application partition. + # The primary application partition includes the secure firmware if present. size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] From 7147affd2561de7ac79117a0abce175cc4e4fcf2 Mon Sep 17 00:00:00 2001 From: Farhang Date: Mon, 23 Jan 2023 16:41:47 -0800 Subject: [PATCH 72/72] fix: boot_set_confirmed_multi() ignores set/confirm command if "unset" allow boot_set_confirmed_multi() to set mcuboot magic if "unset" --- boot/bootutil/src/bootutil_public.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/bootutil/src/bootutil_public.c b/boot/bootutil/src/bootutil_public.c index c567892da..04f8d80bf 100644 --- a/boot/bootutil/src/bootutil_public.c +++ b/boot/bootutil/src/bootutil_public.c @@ -618,8 +618,8 @@ boot_set_confirmed_multi(int image_index) break; case BOOT_MAGIC_UNSET: - /* Already confirmed. */ - goto done; + /* Confirm needed; proceed. */ + break; case BOOT_MAGIC_BAD: /* Unexpected state. */