[nrf fromtree] zephyr: Add CONFIG_MCUBOOT_CLEANUP_RAM #380
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ssion" This reverts commit b836582. Signed-off-by: Dominik Ermel <[email protected]>
… ED25519" This reverts commit e60dc3f. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 352a241. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 0a70e49. Signed-off-by: Dominik Ermel <[email protected]>
…ture key" This reverts commit 40543f1. Signed-off-by: Dominik Ermel <[email protected]>
…X_IMG_SECTORS_AUTO" This reverts commit a023c2e. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 81988f9. Signed-off-by: Dominik Ermel <[email protected]>
…age" This reverts commit b4e5a3b. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 10211d4. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 3cdcdb3. Signed-off-by: Dominik Ermel <[email protected]>
de-nordic
force-pushed
the
ram-cleanup
branch
from
76134d6 to
5764b7c
Compare
de-nordic
force-pushed
the
ram-cleanup
branch
from
5764b7c to
31d7941
Compare
nvlsianpu
approved these changes
Nov 25, 2024
Add Kconfig option to cleanup RAM in MCUboot before passing control to an application. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 39aab3d)
Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6400cc8) (cherry picked from commit 3cdcdb3)
Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ccb9552) (cherry picked from commit 10211d4)
The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 258b369) (cherry picked from commit b4e5a3b)
The commit adds support for PureEdDSA, which validates signature of image rather than hash. This is most secure, available, ED25519 usage in MCUboot, but due to requirement of PureEdDSA to be able to calculate signature at whole message at once, here image, it only works on setups where entire image can be mapped to device address space, so that PSA functions calculating the signature can see the whole image at once. This option is enabled with Kconfig option: CONFIG_BOOT_SIGNATURE_TYPE_PURE when the ED25519 signature type is already selected. Note that the option will enable SHA512 for calculating public key hash. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit d1b85af) (cherry picked from commit 81988f9)
…CTORS_AUTO Automatic calculation are based on DTS data which are no the right source on partition layout in case Partition manager does the partitioning. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 12e9928) (cherry picked from commit a023c2e)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 1dbca8f) (cherry picked from commit 40543f1)
fixup! [nrf noup] zephyr: Add support for compressed image updates Fixes an issue with a mismatch of the chunk size used when decompressing firmware updates Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 0a70e49)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit b836582) Signed-off-by: Dominik Ermel <[email protected]>
de-nordic
force-pushed
the
ram-cleanup
branch
from
31d7941 to
69453e4
Compare
de-nordic
changed the title
|
@nordicjm Please review. |
nordicjm
approved these changes
Nov 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add Kconfig option to cleanup RAM in MCUboot before passing control to an application.
Upstream PR #: 2127