From 43151fadb3dfe778786dc954c83634a8c6327e14 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:30:30 +0000 Subject: [PATCH 01/19] Revert "[nrf noup] boot: zephyr: Add experimental selection to compression" This reverts commit b836582c3f7dccb16af500023644e38224fdddd8. Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index b681fb5fb..d1bfed375 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -950,10 +950,9 @@ config BOOT_DECOMPRESSION_SUPPORT if BOOT_DECOMPRESSION_SUPPORT menuconfig BOOT_DECOMPRESSION - bool "Decompression [EXPERIMENTAL]" + bool "Decompression" select NRF_COMPRESS_CLEANUP select PM_USE_CONFIG_SRAM_SIZE if SOC_NRF54L15_CPUAPP - select EXPERIMENTAL help If enabled, will include support for compressed images being loaded to the secondary slot which then get decompressed into the primary slot. This mode allows the secondary slot to From f6d017a6cdd9d3d51b2bfbe0b0a515ba6c307e2b Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:31:13 +0000 Subject: [PATCH 02/19] Revert "[nrf noup] boot: zephyr: Kconfig update nrf54l15dk symbol for ED25519" This reverts commit e60dc3fbd7ce52d6fdc5352cf0a98c159c7a95f5. Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index d1bfed375..c6a8cc589 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -202,7 +202,7 @@ config BOOT_SIGNATURE_TYPE_PURE_ALLOW choice BOOT_SIGNATURE_TYPE prompt "Signature type" - default BOOT_SIGNATURE_TYPE_ED25519 if SOC_NRF54L15_CPUAPP + default BOOT_SIGNATURE_TYPE_ED25519 if BOARD_NRF54L15PDK_NRF54L15_CPUAPP default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From db7fcbef78822bf93f0fe762ee2b9e6293e259de Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:32:00 +0000 Subject: [PATCH 03/19] Revert "[nrf noup] Fix KMU breaking non-KMU builds of MCUboot" This reverts commit 352a241bb7e9e35e8175e4004300089edecc0b8b. Signed-off-by: Dominik Ermel --- boot/zephyr/CMakeLists.txt | 2 +- boot/zephyr/Kconfig | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 3a3406465..6562a746b 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -313,7 +313,7 @@ if(CONFIG_MCUBOOT_SERIAL) endif() endif() -if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU AND NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") +if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU OR NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") # CONF_FILE points to the KConfig configuration files of the bootloader. foreach (filepath ${CONF_FILE}) file(READ ${filepath} temp_text) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index c6a8cc589..c00e519b6 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -194,6 +194,7 @@ endchoice # BOOT_IMG_HASH_ALG config BOOT_SIGNATURE_TYPE_PURE_ALLOW bool + depends on NRF_SECURITY help Hidden option set by configurations that allow Pure variant, for example ed25519. The pure variant means that image From 88f5059317db0c2945e7dba70c38c75731a4ee62 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:32:49 +0000 Subject: [PATCH 04/19] Revert "[nrf noup] zephyr: Fix compressed chunk size mismatch" This reverts commit 0a70e4968d1f65118a2b5a17a27ed990c296bb5f. Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index c00e519b6..ed54cebc2 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -962,9 +962,9 @@ menuconfig BOOT_DECOMPRESSION if BOOT_DECOMPRESSION config BOOT_DECOMPRESSION_BUFFER_SIZE - int + int "Write buffer size" range 16 16384 - default NRF_COMPRESS_CHUNK_SIZE + default 4096 help The size of a secondary buffer used for writing decompressed data to the storage device. From a5fe2597f2b6616ba6d4060257183a455b6f607c Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:33:24 +0000 Subject: [PATCH 05/19] Revert "[nrf noup] bootutil: Add support for KMU stored ED25519 signature key" This reverts commit 40543f121d919566e580970c918aa6ae0aba615b. Signed-off-by: Dominik Ermel --- boot/bootutil/src/ed25519_psa.c | 51 ------------------------------ boot/bootutil/src/image_ed25519.c | 19 +++-------- boot/bootutil/src/image_validate.c | 6 ---- boot/zephyr/CMakeLists.txt | 2 +- boot/zephyr/Kconfig | 30 +----------------- 5 files changed, 6 insertions(+), 102 deletions(-) diff --git a/boot/bootutil/src/ed25519_psa.c b/boot/bootutil/src/ed25519_psa.c index 4dbbcb6a4..3d7274307 100644 --- a/boot/bootutil/src/ed25519_psa.c +++ b/boot/bootutil/src/ed25519_psa.c @@ -12,9 +12,6 @@ #include #include -#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU) -#include -#endif BOOT_LOG_MODULE_DECLARE(ed25519_psa); @@ -22,18 +19,6 @@ BOOT_LOG_MODULE_DECLARE(ed25519_psa); #define EDDSA_KEY_LENGTH 32 #define EDDSA_SIGNAGURE_LENGTH 64 -#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU) -/* List of KMU stored key ids available for MCUboot */ -#define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id) -static psa_key_id_t kmu_key_ids[3] = { - MAKE_PSA_KMU_KEY_ID(226), - MAKE_PSA_KMU_KEY_ID(228), - MAKE_PSA_KMU_KEY_ID(230) -}; -#define KMU_KEY_COUNT (sizeof(kmu_key_ids)/sizeof(kmu_key_ids[0])) -#endif - -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], const uint8_t public_key[EDDSA_KEY_LENGTH]) @@ -84,39 +69,3 @@ int ED25519_verify(const uint8_t *message, size_t message_len, return ret; } -#else -int ED25519_verify(const uint8_t *message, size_t message_len, - const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], - const uint8_t public_key[EDDSA_KEY_LENGTH]) -{ - ARG_UNUSED(public_key); - /* Set to any error */ - psa_status_t status = PSA_ERROR_BAD_STATE; - int ret = 0; /* Fail by default */ - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - BOOT_LOG_ERR("PSA crypto init failed %d", status); - return 0; - } - - status = PSA_ERROR_BAD_STATE; - - for (int i = 0; i < KMU_KEY_COUNT; ++i) { - psa_key_id_t kid = kmu_key_ids[i]; - - status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message, - message_len, signature, - EDDSA_SIGNAGURE_LENGTH); - if (status == PSA_SUCCESS) { - ret = 1; - break; - } - - BOOT_LOG_ERR("ED25519 signature verification failed %d", status); - } - - return ret; -} -#endif diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index e6c792a99..40d494bcf 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -25,16 +25,14 @@ #include "bootutil/crypto/sha.h" #define EDDSA_SIGNATURE_LENGTH 64 + +static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; #define NUM_ED25519_BYTES 32 extern int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[EDDSA_SIGNATURE_LENGTH], const uint8_t public_key[NUM_ED25519_BYTES]); -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) - -static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; - /* * Parse the public key used for signing. */ @@ -73,7 +71,6 @@ bootutil_import_key(uint8_t **cp, uint8_t *end) return 0; } -#endif fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, @@ -81,17 +78,14 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, { int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey = NULL; -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) + uint8_t *pubkey; uint8_t *end; -#endif if (hlen != IMAGE_HASH_SIZE || slen != EDDSA_SIGNATURE_LENGTH) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; @@ -100,7 +94,6 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, FIH_SET(fih_rc, FIH_FAILURE); goto out; } -#endif rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey); @@ -122,17 +115,14 @@ bootutil_verify_img(const uint8_t *img, uint32_t size, { int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey = NULL; -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) + uint8_t *pubkey; uint8_t *end; -#endif if (slen != EDDSA_SIGNATURE_LENGTH) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; @@ -141,7 +131,6 @@ bootutil_verify_img(const uint8_t *img, uint32_t size, FIH_SET(fih_rc, FIH_FAILURE); goto out; } -#endif rc = ED25519_verify(img, size, sig, pubkey); diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index f71d1d9a6..c419b9497 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -245,7 +245,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, # define KEY_BUF_SIZE (SIG_BUF_SIZE + 24) #endif /* !MCUBOOT_HW_KEY */ -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) #if !defined(MCUBOOT_HW_KEY) static int bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len) @@ -311,7 +310,6 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len) } #endif /* !MCUBOOT_HW_KEY */ #endif /* !MCUBOOT_BUILTIN_KEY */ -#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ #endif /* EXPECTED_SIG_TLV */ /** @@ -628,7 +626,6 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, break; } #endif /* defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) */ -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) #ifdef EXPECTED_KEY_TLV case EXPECTED_KEY_TLV: { @@ -659,17 +656,14 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, break; } #endif /* EXPECTED_KEY_TLV */ -#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ #ifdef EXPECTED_SIG_TLV case EXPECTED_SIG_TLV: { -#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) /* Ignore this signature if it is out of bounds. */ if (key_id < 0 || key_id >= bootutil_key_cnt) { key_id = -1; continue; } -#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) { rc = -1; goto out; diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6562a746b..e01524221 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -313,7 +313,7 @@ if(CONFIG_MCUBOOT_SERIAL) endif() endif() -if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU OR NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") +if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") # CONF_FILE points to the KConfig configuration files of the bootloader. foreach (filepath ${CONF_FILE}) file(READ ${filepath} temp_text) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index ed54cebc2..408342852 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -194,7 +194,6 @@ endchoice # BOOT_IMG_HASH_ALG config BOOT_SIGNATURE_TYPE_PURE_ALLOW bool - depends on NRF_SECURITY help Hidden option set by configurations that allow Pure variant, for example ed25519. The pure variant means that image @@ -294,7 +293,6 @@ config BOOT_ED25519_MBEDTLS config BOOT_ED25519_PSA bool "Use PSA crypto" - depends on NRF_SECURITY select BOOT_USE_PSA_CRYPTO select BOOT_ED25519_PSA_DEPENDENCIES select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE @@ -304,22 +302,6 @@ endif endchoice -config BOOT_SIGNATURE_USING_KMU - bool "Use KMU stored keys for signature verification" - depends on NRF_SECURITY - depends on CRACEN_LIB_KMU - select PSA_WANT_ALG_GCM - select PSA_WANT_KEY_TYPE_AES - select PSA_WANT_AES_KEY_SIZE_256 - select PSA_WANT_ALG_SP800_108_COUNTER_CMAC - select PSA_WANT_ALG_CMAC - select PSA_WANT_ALG_ECB_NO_PADDING - help - MCUboot will use keys provisioned to the device key management unit for signature - verification instead of compiling in key data from a file. - -if !BOOT_SIGNATURE_USING_KMU - config BOOT_SIGNATURE_KEY_FILE string "PEM key file" default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 @@ -337,8 +319,6 @@ config BOOT_SIGNATURE_KEY_FILE with the public key information will be written in a format expected by MCUboot. -endif - config MCUBOOT_CLEANUP_ARM_CORE bool "Perform core cleanup before chain-load the application" depends on CPU_CORTEX_M @@ -355,18 +335,10 @@ config MCUBOOT_CLEANUP_ARM_CORE start-up code which can cause a module fault and potentially make the module irrecoverable. -# Disable MBEDTLS from being selected if NRF_SECURITY is enabled, and use default NRF_SECURITY -# configuration file for MBEDTLS -config MBEDTLS - depends on !NRF_SECURITY - -config NRF_SECURITY - select MBEDTLS_PROMPTLESS - if MBEDTLS config MBEDTLS_CFG_FILE - default "mcuboot-mbedtls-cfg.h" if !NRF_SECURITY + default "mcuboot-mbedtls-cfg.h" endif From 5eea14b2bec1b0db0fd4735b45ac93566200fc03 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:53:08 +0000 Subject: [PATCH 06/19] Revert "[nrf noup] boot/zephyr/Kconfig: conditionally disable BOOT_MAX_IMG_SECTORS_AUTO" This reverts commit a023c2e50989983cb7ffc1c822e44486d0722efe. Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 408342852..1d44036ec 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -557,7 +557,7 @@ config BOOT_ENCRYPTION_KEY_FILE config BOOT_MAX_IMG_SECTORS_AUTO bool "Calculate maximum sectors automatically" - default y if !PARTITION_MANAGER_ENABLED + default y help If this option is enabled then the maximum number of supported sectors per image will be calculated automatically from the flash erase sizes and size of each partition for From ab96abfe0b6354625e90b0055de54b95834a7681 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:54:19 +0000 Subject: [PATCH 07/19] Revert "[nrf noup] bootutil: PureEdDSA using ED25519" This reverts commit 81988f9d5f9b36f63067d7bd3ddb29e136175836. Signed-off-by: Dominik Ermel --- boot/bootutil/include/bootutil/image.h | 3 - boot/bootutil/src/bootutil_priv.h | 3 - boot/bootutil/src/image_ed25519.c | 37 -------- boot/bootutil/src/image_validate.c | 95 ++----------------- boot/zephyr/Kconfig | 29 +----- .../include/mcuboot_config/mcuboot_config.h | 4 - 6 files changed, 8 insertions(+), 163 deletions(-) diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h index 05e04438b..9ede800a2 100644 --- a/boot/bootutil/include/bootutil/image.h +++ b/boot/bootutil/include/bootutil/image.h @@ -102,9 +102,6 @@ struct flash_area; #define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ #define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */ -#define IMAGE_TLV_SIG_PURE 0x25 /* Indicator that attached signature has been prepared - * over image rather than its digest. - */ #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/ #define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */ diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h index c23f61689..208d189b9 100644 --- a/boot/bootutil/src/bootutil_priv.h +++ b/boot/bootutil/src/bootutil_priv.h @@ -268,9 +268,6 @@ struct boot_loader_state { fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, uint8_t key_id); -fih_ret bootutil_verify_img(const uint8_t *img, uint32_t size, - uint8_t *sig, size_t slen, uint8_t key_id); - fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n); int boot_find_status(int image_index, const struct flash_area **fap); diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index 40d494bcf..447289253 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -109,41 +109,4 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, FIH_RET(fih_rc); } -fih_ret -bootutil_verify_img(const uint8_t *img, uint32_t size, - uint8_t *sig, size_t slen, uint8_t key_id) -{ - int rc; - FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey; - uint8_t *end; - - if (slen != EDDSA_SIGNATURE_LENGTH) { - FIH_SET(fih_rc, FIH_FAILURE); - goto out; - } - - pubkey = (uint8_t *)bootutil_keys[key_id].key; - end = pubkey + *bootutil_keys[key_id].len; - - rc = bootutil_import_key(&pubkey, end); - if (rc) { - FIH_SET(fih_rc, FIH_FAILURE); - goto out; - } - - rc = ED25519_verify(img, size, sig, pubkey); - - if (rc == 0) { - /* if verify returns 0, there was an error. */ - FIH_SET(fih_rc, FIH_FAILURE); - goto out; - } - - FIH_SET(fih_rc, FIH_SUCCESS); -out: - - FIH_RET(fih_rc); -} - #endif /* MCUBOOT_SIGN_ED25519 */ diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index c419b9497..fa1d373d7 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -65,7 +65,6 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); #include "bootutil_priv.h" -#ifndef MCUBOOT_SIGN_PURE /* * Compute SHA hash over the image. * (SHA384 if ECDSA-P384 is being used, @@ -185,7 +184,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, return 0; } -#endif /* * Currently, we only support being able to verify one type of @@ -372,43 +370,6 @@ bootutil_get_img_security_cnt(struct image_header *hdr, return 0; } -#if defined(MCUBOOT_SIGN_PURE) -/* Returns: - * 0 -- found - * 1 -- not found or found but not true - * -1 -- failed for some reason - * - * Value of TLV does not matter, presence decides. - */ -static int bootutil_check_for_pure(const struct image_header *hdr, - const struct flash_area *fap) -{ - struct image_tlv_iter it; - uint32_t off; - uint16_t len; - int32_t rc; - - rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SIG_PURE, false); - if (rc) { - return rc; - } - - /* Search for the TLV */ - rc = bootutil_tlv_iter_next(&it, &off, &len, NULL); - if (rc == 0 && len == 1) { - bool val; - - rc = LOAD_IMAGE_DATA(hdr, fap, off, &val, 1); - if (rc == 0) { - rc = !val; - } - } - - return rc; -} -#endif - - #ifndef ALLOW_ROGUE_TLVS /* * The following list of TLVs are the only entries allowed in the unprotected @@ -425,9 +386,6 @@ static const uint16_t allowed_unprot_tlvs[] = { IMAGE_TLV_ECDSA_SIG, IMAGE_TLV_RSA3072_PSS, IMAGE_TLV_ED25519, -#if defined(MCUBOOT_SIGN_PURE) - IMAGE_TLV_SIG_PURE, -#endif IMAGE_TLV_ENC_RSA2048, IMAGE_TLV_ENC_KW, IMAGE_TLV_ENC_EC256, @@ -450,6 +408,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, uint32_t off; uint16_t len; uint16_t type; + int image_hash_valid = 0; #ifdef EXPECTED_SIG_TLV FIH_DECLARE(valid_signature, FIH_FAILURE); #ifndef MCUBOOT_BUILTIN_KEY @@ -466,10 +425,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, #endif /* EXPECTED_SIG_TLV */ struct image_tlv_iter it; uint8_t buf[SIG_BUF_SIZE]; -#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) - int image_hash_valid = 0; uint8_t hash[IMAGE_HASH_SIZE]; -#endif int rc = 0; FIH_DECLARE(fih_rc, FIH_FAILURE); #ifdef MCUBOOT_HW_ROLLBACK_PROT @@ -540,7 +496,6 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } #endif -#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) rc = bootutil_img_hash(enc_state, image_index, hdr, fap, tmp_buf, tmp_buf_sz, hash, seed, seed_len); if (rc) { @@ -550,15 +505,6 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, if (out_hash) { memcpy(out_hash, hash, IMAGE_HASH_SIZE); } -#endif - -#if defined(MCUBOOT_SIGN_PURE) - /* If Pure type signature is expected then it has to be there */ - rc = bootutil_check_for_pure(hdr, fap); - if (rc != 0) { - goto out; - } -#endif rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false); if (rc) { @@ -602,10 +548,8 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } } #endif - switch(type) { -#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) - case EXPECTED_HASH_TLV: - { + + if (type == EXPECTED_HASH_TLV) { /* Verify the image hash. This must always be present. */ if (len != sizeof(hash)) { rc = -1; @@ -623,12 +567,8 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } image_hash_valid = 1; - break; - } -#endif /* defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) */ #ifdef EXPECTED_KEY_TLV - case EXPECTED_KEY_TLV: - { + } else if (type == EXPECTED_KEY_TLV) { /* * Determine which key we should be checking. */ @@ -653,12 +593,9 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, * The key may not be found, which is acceptable. There * can be multiple signatures, each preceded by a key. */ - break; - } #endif /* EXPECTED_KEY_TLV */ #ifdef EXPECTED_SIG_TLV - case EXPECTED_SIG_TLV: - { + } else if (type == EXPECTED_SIG_TLV) { /* Ignore this signature if it is out of bounds. */ if (key_id < 0 || key_id >= bootutil_key_cnt) { key_id = -1; @@ -672,25 +609,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, if (rc) { goto out; } -#ifndef MCUBOOT_SIGN_PURE FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash), buf, len, key_id); -#else - /* Directly check signature on the image, by using the mapping of - * a device to memory. The pointer is beginning of image in flash, - * so offset of area, the range is header + image + protected tlvs. - */ - FIH_CALL(bootutil_verify_img, valid_signature, (void *)flash_area_get_off(fap), - hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size, - buf, len, key_id); -#endif key_id = -1; - break; - } #endif /* EXPECTED_SIG_TLV */ #ifdef MCUBOOT_HW_ROLLBACK_PROT - case IMAGE_TLV_SEC_CNT: - { + } else if (type == IMAGE_TLV_SEC_CNT) { /* * Verify the image's security counter. * This must always be present. @@ -725,21 +649,14 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, /* The image's security counter has been successfully verified. */ security_counter_valid = fih_rc; - break; - } #endif /* MCUBOOT_HW_ROLLBACK_PROT */ } } -#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) rc = !image_hash_valid; if (rc) { goto out; } -#elif defined(MCUBOOT_SIGN_PURE) - /* This returns true on EQ, rc is err on non-0 */ - rc = FIH_NOT_EQ(valid_signature, FIH_SUCCESS); -#endif #ifdef EXPECTED_SIG_TLV FIH_SET(fih_rc, valid_signature); #endif diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 1d44036ec..f4e678aca 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -192,14 +192,6 @@ config BOOT_IMG_HASH_ALG_SHA512 endchoice # BOOT_IMG_HASH_ALG -config BOOT_SIGNATURE_TYPE_PURE_ALLOW - bool - help - Hidden option set by configurations that allow Pure variant, - for example ed25519. The pure variant means that image - signature is calculated over entire image instead of hash - of an image. - choice BOOT_SIGNATURE_TYPE prompt "Signature type" default BOOT_SIGNATURE_TYPE_ED25519 if BOARD_NRF54L15PDK_NRF54L15_CPUAPP @@ -250,32 +242,15 @@ endif config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" - select BOOT_ENCRYPTION_SUPPORT if !BOOT_SIGNATURE_TYPE_PURE - select BOOT_IMG_HASH_ALG_SHA256_ALLOW if !BOOT_SIGNATURE_TYPE_PURE - # The SHA is used only for key hashing, not for images. + select BOOT_ENCRYPTION_SUPPORT + select BOOT_IMG_HASH_ALG_SHA256_ALLOW select BOOT_IMG_HASH_ALG_SHA512_ALLOW if BOOT_USE_PSA_CRYPTO - select BOOT_SIGNATURE_TYPE_PURE_ALLOW help This is ed25519 signature calculated over SHA512 of SHA256 of application image; that is not completely correct approach as the SHA512 should be rather directly calculated over an image. - Select BOOT_SIGNATURE_TYPE_PURE to have a PureEdDSA calculating image - signature directly on image, rather than hash of the image. if BOOT_SIGNATURE_TYPE_ED25519 - -config BOOT_SIGNATURE_TYPE_PURE - bool "Use Pure signature of image" - depends on BOOT_SIGNATURE_TYPE_PURE_ALLOW - help - The Pure signature is calculated directly over image rather than - hash of an image. - This is more secure signature, specifically if hardware can do the - verification without need to share key. - Note that this requires that all slots for which signature is to be - verified need to be accessible through memory address space that - cryptography can access. - choice BOOT_ED25519_IMPLEMENTATION prompt "Ecdsa implementation" default BOOT_ED25519_TINYCRYPT diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 7896e0939..fbd64b5e7 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -147,10 +147,6 @@ #define MCUBOOT_HASH_STORAGE_DIRECTLY #endif -#ifdef CONFIG_BOOT_SIGNATURE_TYPE_PURE -#define MCUBOOT_SIGN_PURE -#endif - #ifdef CONFIG_BOOT_BOOTSTRAP #define MCUBOOT_BOOTSTRAP 1 #endif From 412ba35120b8639e18787e37e013ce307ec03d65 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:54:52 +0000 Subject: [PATCH 08/19] Revert "[nrf noup] bootutil: Enable hash calculation directly on storage" This reverts commit b4e5a3b2248d35605cf3b3cf9b51898738d443ae. Signed-off-by: Dominik Ermel --- boot/bootutil/src/image_validate.c | 15 +++------------ boot/zephyr/Kconfig | 16 ---------------- .../include/mcuboot_config/mcuboot_config.h | 7 ------- 3 files changed, 3 insertions(+), 35 deletions(-) diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index fa1d373d7..b1a50f126 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -77,15 +77,13 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, uint8_t *seed, int seed_len) { bootutil_sha_context sha_ctx; + uint32_t blk_sz; uint32_t size; uint16_t hdr_size; + uint32_t off; + int rc; uint32_t blk_off; uint32_t tlv_off; -#if !defined(MCUBOOT_HASH_STORAGE_DIRECTLY) - int rc; - uint32_t off; - uint32_t blk_sz; -#endif #if (BOOT_IMAGE_NUMBER == 1) || !defined(MCUBOOT_ENC_IMAGES) || \ defined(MCUBOOT_RAM_LOAD) @@ -128,12 +126,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, /* If protected TLVs are present they are also hashed. */ size += hdr->ih_protect_tlv_size; -#ifdef MCUBOOT_HASH_STORAGE_DIRECTLY - /* No chunk loading, storage is mapped to address space and can - * be directly given to hashing function. - */ - bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size); -#else /* MCUBOOT_HASH_STORAGE_DIRECTLY */ #ifdef MCUBOOT_RAM_LOAD bootutil_sha_update(&sha_ctx, (void*)(IMAGE_RAM_BASE + hdr->ih_load_addr), @@ -178,7 +170,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, bootutil_sha_update(&sha_ctx, tmp_buf, blk_sz); } #endif /* MCUBOOT_RAM_LOAD */ -#endif /* MCUBOOT_HASH_STORAGE_DIRECTLY */ bootutil_sha_finish(&sha_ctx, hash_result); bootutil_sha_drop(&sha_ctx); diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index f4e678aca..2911bab29 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -146,22 +146,6 @@ config BOOT_IMG_HASH_ALG_SHA512_ALLOW help Hidden option set by configurations that allow SHA512 -config BOOT_IMG_HASH_DIRECTLY_ON_STORAGE - bool "Hash calculation functions access storage through address space" - depends on !BOOT_ENCRYPT_IMAGE - help - When possible to map storage device, at least for read operations, - to address space or RAM area, enabling this option allows hash - calculation functions to directly access the storage through that address - space or using its own DMA. This reduces flash read overhead done - by the MCUboot. - Notes: - - not supported when encrypted images are in use, because calculating - SHA requires image to be decrypted first, which is done to RAM. - - currently only supported on internal storage of devices; this - option will not work with devices that use external storage for - either of image slots. - choice BOOT_IMG_HASH_ALG prompt "Selected image hash algorithm" default BOOT_IMG_HASH_ALG_SHA256 if BOOT_IMG_HASH_ALG_SHA256_ALLOW diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index fbd64b5e7..f628f99c4 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -140,13 +140,6 @@ #define MCUBOOT_DECOMPRESS_IMAGES #endif -/* Invoke hashing functions directly on storage. This requires for device - * to be able to map storage to address space or RAM. - */ -#ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE -#define MCUBOOT_HASH_STORAGE_DIRECTLY -#endif - #ifdef CONFIG_BOOT_BOOTSTRAP #define MCUBOOT_BOOTSTRAP 1 #endif From bebc92f7f455fec5e6522def53e1a209cc79f041 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:55:29 +0000 Subject: [PATCH 09/19] Revert "[nrf noup] bootutil: Provide support for SHA512 with ED25519" This reverts commit 10211d4a68351be1a733248e8bee7be000ea41f1. Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 2911bab29..794a7102f 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -80,7 +80,7 @@ config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES config BOOT_ED25519_PSA_DEPENDENCIES bool - select PSA_WANT_ALG_SHA_256 if BOOT_IMG_HASH_ALG_SHA256 + select PSA_WANT_ALG_SHA_256 select PSA_WANT_ALG_SHA_512 select PSA_WANT_ALG_PURE_EDDSA select PSA_WANT_ECC_TWISTED_EDWARDS_255 @@ -228,11 +228,6 @@ config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" select BOOT_ENCRYPTION_SUPPORT select BOOT_IMG_HASH_ALG_SHA256_ALLOW - select BOOT_IMG_HASH_ALG_SHA512_ALLOW if BOOT_USE_PSA_CRYPTO - help - This is ed25519 signature calculated over SHA512 of SHA256 of application - image; that is not completely correct approach as the SHA512 should be - rather directly calculated over an image. if BOOT_SIGNATURE_TYPE_ED25519 choice BOOT_ED25519_IMPLEMENTATION From 435fa189977fd4dfe893a0846bb44ebf415065af Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 21 Nov 2024 12:56:10 +0000 Subject: [PATCH 10/19] Revert "[nrf noup] PSA configuration required changes" This reverts commit 3cdcdb32f254248e6d2cd87dce09597723782562. Signed-off-by: Dominik Ermel --- boot/bootutil/zephyr/CMakeLists.txt | 14 ++--- boot/zephyr/CMakeLists.txt | 39 ++++-------- boot/zephyr/Kconfig | 73 +---------------------- boot/zephyr/include/mcuboot-mbedtls-cfg.h | 2 +- 4 files changed, 16 insertions(+), 112 deletions(-) diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/boot/bootutil/zephyr/CMakeLists.txt index d5364d025..72a6a8638 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/boot/bootutil/zephyr/CMakeLists.txt @@ -29,18 +29,12 @@ zephyr_library_link_libraries(MCUBOOT_BOOTUTIL) target_link_libraries(MCUBOOT_BOOTUTIL INTERFACE zephyr_interface) if(CONFIG_BOOT_USE_TINYCRYPT) - target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../../../ext/tinycrypt/lib/include - ) -endif() - -if(CONFIG_BOOT_USE_PSA_CRYPTO) - target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ${ZEPHYR_MBEDTLS_MODULE_DIR}/include - ) +target_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ../../../ext/tinycrypt/lib/include +) endif() -if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_PSA_CORE_OBERON) +if(CONFIG_BOOT_USE_MBEDTLS) zephyr_link_libraries(mbedTLS) endif() endif() diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index e01524221..293f6bd76 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -51,12 +51,6 @@ if(EXISTS targets/${BOARD}.h) zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") endif() -if(DEFINED CONFIG_MBEDTLS) - zephyr_library_include_directories( - ${ZEPHYR_MBEDTLS_MODULE_DIR}/include - ) -endif() - # Zephyr port-specific sources. zephyr_library_sources( main.c @@ -108,10 +102,6 @@ zephyr_library_sources( ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c ) -if(DEFINED CONFIG_BOOT_ENCRYPT_X25519 AND DEFINED CONFIG_BOOT_ED25519_PSA) - zephyr_library_sources(${BOOT_DIR}/bootutil/src/encrypted_psa.c) -endif() - if(DEFINED CONFIG_MEASURED_BOOT OR DEFINED CONFIG_BOOT_SHARE_DATA) zephyr_library_sources( ${BOOT_DIR}/bootutil/src/boot_record.c @@ -256,28 +246,19 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) ${FIAT_DIR}/include/ ) - if(NOT CONFIG_BOOT_ED25519_PSA) - zephyr_library_sources( - ${FIAT_DIR}/src/curve25519.c - ) - else() - zephyr_library_sources( - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${BOOT_DIR}/bootutil/src/ed25519_psa.c - ) - endif() + zephyr_library_sources( + ${FIAT_DIR}/src/curve25519.c + ) endif() -if(NOT CONFIG_BOOT_ED25519_PSA) - if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/aes_encrypt.c - ${TINYCRYPT_DIR}/source/aes_decrypt.c - ${TINYCRYPT_DIR}/source/ctr_mode.c - ${TINYCRYPT_DIR}/source/hmac.c - ${TINYCRYPT_DIR}/source/ecc_dh.c +if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/aes_encrypt.c + ${TINYCRYPT_DIR}/source/aes_decrypt.c + ${TINYCRYPT_DIR}/source/ctr_mode.c + ${TINYCRYPT_DIR}/source/hmac.c + ${TINYCRYPT_DIR}/source/ecc_dh.c ) - endif() endif() if(CONFIG_BOOT_ENCRYPT_EC256) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 794a7102f..649a8dd1b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -29,10 +29,7 @@ config BOOT_USE_MBEDTLS config BOOT_USE_PSA_CRYPTO bool - default y if NRF_SECURITY - # This is counter intuitive but that is how PSA heap is enabled. - select MBEDTLS_ENABLE_HEAP - select MBEDTLS_PSA_CRYPTO_C + # Hidden option help Hidden option set if using PSA crypt for cryptography functionality @@ -69,58 +66,6 @@ config NRF_CC310_BL bool default n -if BOOT_USE_PSA_CRYPTO - -config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES - bool - default y if BOOT_IMG_HASH_ALG_SHA256 - select PSA_WANT_ALG_SHA_256 - help - Dependencies for hashing with SHA256 - -config BOOT_ED25519_PSA_DEPENDENCIES - bool - select PSA_WANT_ALG_SHA_256 - select PSA_WANT_ALG_SHA_512 - select PSA_WANT_ALG_PURE_EDDSA - select PSA_WANT_ECC_TWISTED_EDWARDS_255 - select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT - help - Dependencies for ed25519 signature - -if BOOT_ENCRYPT_IMAGE - -config BOOT_X25519_PSA_DEPENDENCIES - bool - select PSA_WANT_ALG_ECDH - select PSA_WANT_ALG_HMAC - select PSA_WANT_ALG_HKDF - select PSA_WANT_ALG_CTR - select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT - select PSA_WANT_KEY_TYPE_DERIVE - select PSA_WANT_KEY_TYPE_AES - select PSA_WANT_ECC_MONTGOMERY_255 - help - Dependencies for x25519 shared-random key encryption and AES - encryption. The PSA_WANT_ALG_CTR and PSA_WANT_KEY_TYPE_AES - enable Counter based block cipher and AES key, and algorithm support, - to use with it; the others are used for shared key decryption - and derivation. - -endif # BOOT_ENCRYPT_IMAGE - -if MBEDTLS_ENABLE_HEAP - -config MBEDTLS_HEAP_SIZE - default 2048 if BOOT_USE_PSA_CRYPTO - help - The PSA internals need to be able to allocate memory for operation - and it uses mbedTLS heap for that. - -endif # MBEDTLS_ENABLE_HEAP - -endif # BOOT_USE_PSA_CRYPTO - menu "MCUBoot settings" config SINGLE_APPLICATION_SLOT @@ -178,7 +123,6 @@ endchoice # BOOT_IMG_HASH_ALG choice BOOT_SIGNATURE_TYPE prompt "Signature type" - default BOOT_SIGNATURE_TYPE_ED25519 if BOARD_NRF54L15PDK_NRF54L15_CPUAPP default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE @@ -233,24 +177,13 @@ if BOOT_SIGNATURE_TYPE_ED25519 choice BOOT_ED25519_IMPLEMENTATION prompt "Ecdsa implementation" default BOOT_ED25519_TINYCRYPT - config BOOT_ED25519_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT - depends on !NRF_SECURITY - config BOOT_ED25519_MBEDTLS bool "Use mbedTLS" select BOOT_USE_MBEDTLS select MBEDTLS - depends on !NRF_SECURITY - -config BOOT_ED25519_PSA - bool "Use PSA crypto" - select BOOT_USE_PSA_CRYPTO - select BOOT_ED25519_PSA_DEPENDENCIES - select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE - endchoice endif @@ -289,13 +222,9 @@ config MCUBOOT_CLEANUP_ARM_CORE start-up code which can cause a module fault and potentially make the module irrecoverable. -if MBEDTLS - config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" -endif - config BOOT_HW_KEY bool "Use HW key for image verification" default n diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h index a46fbb09f..2bab537d7 100644 --- a/boot/zephyr/include/mcuboot-mbedtls-cfg.h +++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h @@ -23,7 +23,7 @@ #if defined(CONFIG_BOOT_SIGNATURE_TYPE_RSA) || defined(CONFIG_BOOT_ENCRYPT_RSA) #include "config-rsa.h" -#elif defined(CONFIG_BOOT_USE_PSA_CRYPTO) || defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ +#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ defined(CONFIG_BOOT_ENCRYPT_EC256) || \ (defined(CONFIG_BOOT_ENCRYPT_X25519) && !defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)) #include "config-asn1.h" From 7aaf49ce054cef4380e40f465c8cee8937629bec Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Wed, 20 Nov 2024 17:53:23 +0000 Subject: [PATCH 11/19] [nrf fromtree] zephyr: Add CONFIG_MCUBOOT_CLEANUP_RAM Add Kconfig option to cleanup RAM in MCUboot before passing control to an application. Signed-off-by: Dominik Ermel (cherry picked from commit 39aab3d87eed9073639d27c7dd30b7dc13495433) --- boot/zephyr/Kconfig | 6 ++++++ boot/zephyr/main.c | 27 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 649a8dd1b..1f1af693b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -222,6 +222,12 @@ config MCUBOOT_CLEANUP_ARM_CORE start-up code which can cause a module fault and potentially make the module irrecoverable. +config MCUBOOT_CLEANUP_RAM + bool "Perform RAM cleanup" + depends on CPU_CORTEX_M4 || CPU_CORTEX_M33 + help + Sets contents of memory to 0 before jumping to application. + config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 351ca4c89..fcc2606e2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -271,7 +271,34 @@ static void do_boot(struct boot_rsp *rsp) __set_CONTROL(0x00); /* application will configures core on its own */ __ISB(); #endif +#if CONFIG_MCUBOOT_CLEANUP_RAM + __asm__ volatile ( + /* vt->reset -> r0 */ + " mov r0, %0\n" + /* base to write -> r1 */ + " mov r1, %1\n" + /* size to write -> r2 */ + " mov r2, %2\n" + /* value to write -> r3 */ + " mov r3, %3\n" + "clear:\n" + " str r3, [r1]\n" + " add r1, r1, #4\n" + " sub r2, r2, #4\n" + " cbz r2, out\n" + " b clear\n" + "out:\n" + " dsb\n" + /* jump to reset vector of an app */ + " bx r0\n" + : + : "r" (vt->reset), "i" (CONFIG_SRAM_BASE_ADDRESS), + "i" (CONFIG_SRAM_SIZE * 1024), "i" (0) + : "r0", "r1", "r2", "r3", "memory" + ); +#else ((void (*)(void))vt->reset)(); +#endif } #elif defined(CONFIG_XTENSA) || defined(CONFIG_RISCV) From 70377dfc3172d46938b007f6ec2d2a68b3accaba Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Wed, 24 Jul 2024 17:00:04 +0000 Subject: [PATCH 12/19] [nrf noup] PSA configuration required changes Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel (cherry picked from commit 6400cc8188d3a4c03d9c4ac120bc4a46b1610d12) (cherry picked from commit 3cdcdb32f254248e6d2cd87dce09597723782562) --- boot/bootutil/zephyr/CMakeLists.txt | 14 +++-- boot/zephyr/CMakeLists.txt | 39 ++++++++---- boot/zephyr/Kconfig | 73 ++++++++++++++++++++++- boot/zephyr/include/mcuboot-mbedtls-cfg.h | 2 +- 4 files changed, 112 insertions(+), 16 deletions(-) diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/boot/bootutil/zephyr/CMakeLists.txt index 72a6a8638..d5364d025 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/boot/bootutil/zephyr/CMakeLists.txt @@ -29,12 +29,18 @@ zephyr_library_link_libraries(MCUBOOT_BOOTUTIL) target_link_libraries(MCUBOOT_BOOTUTIL INTERFACE zephyr_interface) if(CONFIG_BOOT_USE_TINYCRYPT) -target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../../../ext/tinycrypt/lib/include -) + target_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ../../../ext/tinycrypt/lib/include + ) +endif() + +if(CONFIG_BOOT_USE_PSA_CRYPTO) + target_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ${ZEPHYR_MBEDTLS_MODULE_DIR}/include + ) endif() -if(CONFIG_BOOT_USE_MBEDTLS) +if(CONFIG_BOOT_USE_MBEDTLS OR CONFIG_BOOT_USE_PSA_CRYPTO AND NOT CONFIG_PSA_CORE_OBERON) zephyr_link_libraries(mbedTLS) endif() endif() diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 293f6bd76..e01524221 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -51,6 +51,12 @@ if(EXISTS targets/${BOARD}.h) zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") endif() +if(DEFINED CONFIG_MBEDTLS) + zephyr_library_include_directories( + ${ZEPHYR_MBEDTLS_MODULE_DIR}/include + ) +endif() + # Zephyr port-specific sources. zephyr_library_sources( main.c @@ -102,6 +108,10 @@ zephyr_library_sources( ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c ) +if(DEFINED CONFIG_BOOT_ENCRYPT_X25519 AND DEFINED CONFIG_BOOT_ED25519_PSA) + zephyr_library_sources(${BOOT_DIR}/bootutil/src/encrypted_psa.c) +endif() + if(DEFINED CONFIG_MEASURED_BOOT OR DEFINED CONFIG_BOOT_SHARE_DATA) zephyr_library_sources( ${BOOT_DIR}/bootutil/src/boot_record.c @@ -246,19 +256,28 @@ elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) ${FIAT_DIR}/include/ ) - zephyr_library_sources( - ${FIAT_DIR}/src/curve25519.c - ) + if(NOT CONFIG_BOOT_ED25519_PSA) + zephyr_library_sources( + ${FIAT_DIR}/src/curve25519.c + ) + else() + zephyr_library_sources( + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${BOOT_DIR}/bootutil/src/ed25519_psa.c + ) + endif() endif() -if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/aes_encrypt.c - ${TINYCRYPT_DIR}/source/aes_decrypt.c - ${TINYCRYPT_DIR}/source/ctr_mode.c - ${TINYCRYPT_DIR}/source/hmac.c - ${TINYCRYPT_DIR}/source/ecc_dh.c +if(NOT CONFIG_BOOT_ED25519_PSA) + if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/aes_encrypt.c + ${TINYCRYPT_DIR}/source/aes_decrypt.c + ${TINYCRYPT_DIR}/source/ctr_mode.c + ${TINYCRYPT_DIR}/source/hmac.c + ${TINYCRYPT_DIR}/source/ecc_dh.c ) + endif() endif() if(CONFIG_BOOT_ENCRYPT_EC256) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 1f1af693b..03b1bb447 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -29,7 +29,10 @@ config BOOT_USE_MBEDTLS config BOOT_USE_PSA_CRYPTO bool - # Hidden option + default y if NRF_SECURITY + # This is counter intuitive but that is how PSA heap is enabled. + select MBEDTLS_ENABLE_HEAP + select MBEDTLS_PSA_CRYPTO_C help Hidden option set if using PSA crypt for cryptography functionality @@ -66,6 +69,58 @@ config NRF_CC310_BL bool default n +if BOOT_USE_PSA_CRYPTO + +config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES + bool + default y if BOOT_IMG_HASH_ALG_SHA256 + select PSA_WANT_ALG_SHA_256 + help + Dependencies for hashing with SHA256 + +config BOOT_ED25519_PSA_DEPENDENCIES + bool + select PSA_WANT_ALG_SHA_256 + select PSA_WANT_ALG_SHA_512 + select PSA_WANT_ALG_PURE_EDDSA + select PSA_WANT_ECC_TWISTED_EDWARDS_255 + select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT + help + Dependencies for ed25519 signature + +if BOOT_ENCRYPT_IMAGE + +config BOOT_X25519_PSA_DEPENDENCIES + bool + select PSA_WANT_ALG_ECDH + select PSA_WANT_ALG_HMAC + select PSA_WANT_ALG_HKDF + select PSA_WANT_ALG_CTR + select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT + select PSA_WANT_KEY_TYPE_DERIVE + select PSA_WANT_KEY_TYPE_AES + select PSA_WANT_ECC_MONTGOMERY_255 + help + Dependencies for x25519 shared-random key encryption and AES + encryption. The PSA_WANT_ALG_CTR and PSA_WANT_KEY_TYPE_AES + enable Counter based block cipher and AES key, and algorithm support, + to use with it; the others are used for shared key decryption + and derivation. + +endif # BOOT_ENCRYPT_IMAGE + +if MBEDTLS_ENABLE_HEAP + +config MBEDTLS_HEAP_SIZE + default 2048 if BOOT_USE_PSA_CRYPTO + help + The PSA internals need to be able to allocate memory for operation + and it uses mbedTLS heap for that. + +endif # MBEDTLS_ENABLE_HEAP + +endif # BOOT_USE_PSA_CRYPTO + menu "MCUBoot settings" config SINGLE_APPLICATION_SLOT @@ -123,6 +178,7 @@ endchoice # BOOT_IMG_HASH_ALG choice BOOT_SIGNATURE_TYPE prompt "Signature type" + default BOOT_SIGNATURE_TYPE_ED25519 if SOC_NRF54L15_CPUAPP default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE @@ -177,13 +233,24 @@ if BOOT_SIGNATURE_TYPE_ED25519 choice BOOT_ED25519_IMPLEMENTATION prompt "Ecdsa implementation" default BOOT_ED25519_TINYCRYPT + config BOOT_ED25519_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT + depends on !NRF_SECURITY + config BOOT_ED25519_MBEDTLS bool "Use mbedTLS" select BOOT_USE_MBEDTLS select MBEDTLS + depends on !NRF_SECURITY + +config BOOT_ED25519_PSA + bool "Use PSA crypto" + select BOOT_USE_PSA_CRYPTO + select BOOT_ED25519_PSA_DEPENDENCIES + select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE + endchoice endif @@ -228,9 +295,13 @@ config MCUBOOT_CLEANUP_RAM help Sets contents of memory to 0 before jumping to application. +if MBEDTLS + config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" +endif + config BOOT_HW_KEY bool "Use HW key for image verification" default n diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/boot/zephyr/include/mcuboot-mbedtls-cfg.h index 2bab537d7..a46fbb09f 100644 --- a/boot/zephyr/include/mcuboot-mbedtls-cfg.h +++ b/boot/zephyr/include/mcuboot-mbedtls-cfg.h @@ -23,7 +23,7 @@ #if defined(CONFIG_BOOT_SIGNATURE_TYPE_RSA) || defined(CONFIG_BOOT_ENCRYPT_RSA) #include "config-rsa.h" -#elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ +#elif defined(CONFIG_BOOT_USE_PSA_CRYPTO) || defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ defined(CONFIG_BOOT_ENCRYPT_EC256) || \ (defined(CONFIG_BOOT_ENCRYPT_X25519) && !defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)) #include "config-asn1.h" From c21a497b69a98fdcbc1d6e952dabbbe3789701c9 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 2 Aug 2024 15:55:13 +0000 Subject: [PATCH 13/19] [nrf noup] bootutil: Provide support for SHA512 with ED25519 Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel (cherry picked from commit ccb95529b3b4fa2ba3c6a0f8d4ffe9b685cc0673) (cherry picked from commit 10211d4a68351be1a733248e8bee7be000ea41f1) --- boot/zephyr/Kconfig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 03b1bb447..9028e9523 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -80,7 +80,7 @@ config BOOT_PSA_IMG_HASH_ALG_SHA256_DEPENDENCIES config BOOT_ED25519_PSA_DEPENDENCIES bool - select PSA_WANT_ALG_SHA_256 + select PSA_WANT_ALG_SHA_256 if BOOT_IMG_HASH_ALG_SHA256 select PSA_WANT_ALG_SHA_512 select PSA_WANT_ALG_PURE_EDDSA select PSA_WANT_ECC_TWISTED_EDWARDS_255 @@ -228,6 +228,11 @@ config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" select BOOT_ENCRYPTION_SUPPORT select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_IMG_HASH_ALG_SHA512_ALLOW if BOOT_USE_PSA_CRYPTO + help + This is ed25519 signature calculated over SHA512 of SHA256 of application + image; that is not completely correct approach as the SHA512 should be + rather directly calculated over an image. if BOOT_SIGNATURE_TYPE_ED25519 choice BOOT_ED25519_IMPLEMENTATION From 6f0fe12836a94e734adbc4c87886e9d37f4ff589 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Thu, 5 Sep 2024 10:53:17 +0000 Subject: [PATCH 14/19] [nrf noup] bootutil: Enable hash calculation directly on storage The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel (cherry picked from commit 258b36998f7a400ae3b38d6d1b01f57722e2004b) (cherry picked from commit b4e5a3b2248d35605cf3b3cf9b51898738d443ae) --- boot/bootutil/src/image_validate.c | 15 ++++++++++++--- boot/zephyr/Kconfig | 16 ++++++++++++++++ .../include/mcuboot_config/mcuboot_config.h | 7 +++++++ 3 files changed, 35 insertions(+), 3 deletions(-) diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index b1a50f126..fa1d373d7 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -77,13 +77,15 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, uint8_t *seed, int seed_len) { bootutil_sha_context sha_ctx; - uint32_t blk_sz; uint32_t size; uint16_t hdr_size; - uint32_t off; - int rc; uint32_t blk_off; uint32_t tlv_off; +#if !defined(MCUBOOT_HASH_STORAGE_DIRECTLY) + int rc; + uint32_t off; + uint32_t blk_sz; +#endif #if (BOOT_IMAGE_NUMBER == 1) || !defined(MCUBOOT_ENC_IMAGES) || \ defined(MCUBOOT_RAM_LOAD) @@ -126,6 +128,12 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, /* If protected TLVs are present they are also hashed. */ size += hdr->ih_protect_tlv_size; +#ifdef MCUBOOT_HASH_STORAGE_DIRECTLY + /* No chunk loading, storage is mapped to address space and can + * be directly given to hashing function. + */ + bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size); +#else /* MCUBOOT_HASH_STORAGE_DIRECTLY */ #ifdef MCUBOOT_RAM_LOAD bootutil_sha_update(&sha_ctx, (void*)(IMAGE_RAM_BASE + hdr->ih_load_addr), @@ -170,6 +178,7 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, bootutil_sha_update(&sha_ctx, tmp_buf, blk_sz); } #endif /* MCUBOOT_RAM_LOAD */ +#endif /* MCUBOOT_HASH_STORAGE_DIRECTLY */ bootutil_sha_finish(&sha_ctx, hash_result); bootutil_sha_drop(&sha_ctx); diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 9028e9523..0b76a5ed6 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -146,6 +146,22 @@ config BOOT_IMG_HASH_ALG_SHA512_ALLOW help Hidden option set by configurations that allow SHA512 +config BOOT_IMG_HASH_DIRECTLY_ON_STORAGE + bool "Hash calculation functions access storage through address space" + depends on !BOOT_ENCRYPT_IMAGE + help + When possible to map storage device, at least for read operations, + to address space or RAM area, enabling this option allows hash + calculation functions to directly access the storage through that address + space or using its own DMA. This reduces flash read overhead done + by the MCUboot. + Notes: + - not supported when encrypted images are in use, because calculating + SHA requires image to be decrypted first, which is done to RAM. + - currently only supported on internal storage of devices; this + option will not work with devices that use external storage for + either of image slots. + choice BOOT_IMG_HASH_ALG prompt "Selected image hash algorithm" default BOOT_IMG_HASH_ALG_SHA256 if BOOT_IMG_HASH_ALG_SHA256_ALLOW diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index f628f99c4..fbd64b5e7 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -140,6 +140,13 @@ #define MCUBOOT_DECOMPRESS_IMAGES #endif +/* Invoke hashing functions directly on storage. This requires for device + * to be able to map storage to address space or RAM. + */ +#ifdef CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE +#define MCUBOOT_HASH_STORAGE_DIRECTLY +#endif + #ifdef CONFIG_BOOT_BOOTSTRAP #define MCUBOOT_BOOTSTRAP 1 #endif From 1daa655c9575fa3e548b022d0858a068e15c8b3e Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 6 Sep 2024 16:16:28 +0000 Subject: [PATCH 15/19] [nrf noup] bootutil: PureEdDSA using ED25519 The commit adds support for PureEdDSA, which validates signature of image rather than hash. This is most secure, available, ED25519 usage in MCUboot, but due to requirement of PureEdDSA to be able to calculate signature at whole message at once, here image, it only works on setups where entire image can be mapped to device address space, so that PSA functions calculating the signature can see the whole image at once. This option is enabled with Kconfig option: CONFIG_BOOT_SIGNATURE_TYPE_PURE when the ED25519 signature type is already selected. Note that the option will enable SHA512 for calculating public key hash. Signed-off-by: Dominik Ermel (cherry picked from commit d1b85af4e5a65a0e98b637c20f230d4bedda8808) (cherry picked from commit 81988f9d5f9b36f63067d7bd3ddb29e136175836) --- boot/bootutil/include/bootutil/image.h | 3 + boot/bootutil/src/bootutil_priv.h | 3 + boot/bootutil/src/image_ed25519.c | 37 ++++++++ boot/bootutil/src/image_validate.c | 95 +++++++++++++++++-- boot/zephyr/Kconfig | 29 +++++- .../include/mcuboot_config/mcuboot_config.h | 4 + 6 files changed, 163 insertions(+), 8 deletions(-) diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h index 9ede800a2..05e04438b 100644 --- a/boot/bootutil/include/bootutil/image.h +++ b/boot/bootutil/include/bootutil/image.h @@ -102,6 +102,9 @@ struct flash_area; #define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */ #define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */ #define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */ +#define IMAGE_TLV_SIG_PURE 0x25 /* Indicator that attached signature has been prepared + * over image rather than its digest. + */ #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */ #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/ #define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */ diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h index 208d189b9..c23f61689 100644 --- a/boot/bootutil/src/bootutil_priv.h +++ b/boot/bootutil/src/bootutil_priv.h @@ -268,6 +268,9 @@ struct boot_loader_state { fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, uint8_t key_id); +fih_ret bootutil_verify_img(const uint8_t *img, uint32_t size, + uint8_t *sig, size_t slen, uint8_t key_id); + fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n); int boot_find_status(int image_index, const struct flash_area **fap); diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index 447289253..40d494bcf 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -109,4 +109,41 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, FIH_RET(fih_rc); } +fih_ret +bootutil_verify_img(const uint8_t *img, uint32_t size, + uint8_t *sig, size_t slen, uint8_t key_id) +{ + int rc; + FIH_DECLARE(fih_rc, FIH_FAILURE); + uint8_t *pubkey; + uint8_t *end; + + if (slen != EDDSA_SIGNATURE_LENGTH) { + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + pubkey = (uint8_t *)bootutil_keys[key_id].key; + end = pubkey + *bootutil_keys[key_id].len; + + rc = bootutil_import_key(&pubkey, end); + if (rc) { + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + rc = ED25519_verify(img, size, sig, pubkey); + + if (rc == 0) { + /* if verify returns 0, there was an error. */ + FIH_SET(fih_rc, FIH_FAILURE); + goto out; + } + + FIH_SET(fih_rc, FIH_SUCCESS); +out: + + FIH_RET(fih_rc); +} + #endif /* MCUBOOT_SIGN_ED25519 */ diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index fa1d373d7..c419b9497 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -65,6 +65,7 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); #include "bootutil_priv.h" +#ifndef MCUBOOT_SIGN_PURE /* * Compute SHA hash over the image. * (SHA384 if ECDSA-P384 is being used, @@ -184,6 +185,7 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, return 0; } +#endif /* * Currently, we only support being able to verify one type of @@ -370,6 +372,43 @@ bootutil_get_img_security_cnt(struct image_header *hdr, return 0; } +#if defined(MCUBOOT_SIGN_PURE) +/* Returns: + * 0 -- found + * 1 -- not found or found but not true + * -1 -- failed for some reason + * + * Value of TLV does not matter, presence decides. + */ +static int bootutil_check_for_pure(const struct image_header *hdr, + const struct flash_area *fap) +{ + struct image_tlv_iter it; + uint32_t off; + uint16_t len; + int32_t rc; + + rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SIG_PURE, false); + if (rc) { + return rc; + } + + /* Search for the TLV */ + rc = bootutil_tlv_iter_next(&it, &off, &len, NULL); + if (rc == 0 && len == 1) { + bool val; + + rc = LOAD_IMAGE_DATA(hdr, fap, off, &val, 1); + if (rc == 0) { + rc = !val; + } + } + + return rc; +} +#endif + + #ifndef ALLOW_ROGUE_TLVS /* * The following list of TLVs are the only entries allowed in the unprotected @@ -386,6 +425,9 @@ static const uint16_t allowed_unprot_tlvs[] = { IMAGE_TLV_ECDSA_SIG, IMAGE_TLV_RSA3072_PSS, IMAGE_TLV_ED25519, +#if defined(MCUBOOT_SIGN_PURE) + IMAGE_TLV_SIG_PURE, +#endif IMAGE_TLV_ENC_RSA2048, IMAGE_TLV_ENC_KW, IMAGE_TLV_ENC_EC256, @@ -408,7 +450,6 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, uint32_t off; uint16_t len; uint16_t type; - int image_hash_valid = 0; #ifdef EXPECTED_SIG_TLV FIH_DECLARE(valid_signature, FIH_FAILURE); #ifndef MCUBOOT_BUILTIN_KEY @@ -425,7 +466,10 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, #endif /* EXPECTED_SIG_TLV */ struct image_tlv_iter it; uint8_t buf[SIG_BUF_SIZE]; +#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) + int image_hash_valid = 0; uint8_t hash[IMAGE_HASH_SIZE]; +#endif int rc = 0; FIH_DECLARE(fih_rc, FIH_FAILURE); #ifdef MCUBOOT_HW_ROLLBACK_PROT @@ -496,6 +540,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } #endif +#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) rc = bootutil_img_hash(enc_state, image_index, hdr, fap, tmp_buf, tmp_buf_sz, hash, seed, seed_len); if (rc) { @@ -505,6 +550,15 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, if (out_hash) { memcpy(out_hash, hash, IMAGE_HASH_SIZE); } +#endif + +#if defined(MCUBOOT_SIGN_PURE) + /* If Pure type signature is expected then it has to be there */ + rc = bootutil_check_for_pure(hdr, fap); + if (rc != 0) { + goto out; + } +#endif rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false); if (rc) { @@ -548,8 +602,10 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } } #endif - - if (type == EXPECTED_HASH_TLV) { + switch(type) { +#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) + case EXPECTED_HASH_TLV: + { /* Verify the image hash. This must always be present. */ if (len != sizeof(hash)) { rc = -1; @@ -567,8 +623,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, } image_hash_valid = 1; + break; + } +#endif /* defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) */ #ifdef EXPECTED_KEY_TLV - } else if (type == EXPECTED_KEY_TLV) { + case EXPECTED_KEY_TLV: + { /* * Determine which key we should be checking. */ @@ -593,9 +653,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, * The key may not be found, which is acceptable. There * can be multiple signatures, each preceded by a key. */ + break; + } #endif /* EXPECTED_KEY_TLV */ #ifdef EXPECTED_SIG_TLV - } else if (type == EXPECTED_SIG_TLV) { + case EXPECTED_SIG_TLV: + { /* Ignore this signature if it is out of bounds. */ if (key_id < 0 || key_id >= bootutil_key_cnt) { key_id = -1; @@ -609,12 +672,25 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, if (rc) { goto out; } +#ifndef MCUBOOT_SIGN_PURE FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash), buf, len, key_id); +#else + /* Directly check signature on the image, by using the mapping of + * a device to memory. The pointer is beginning of image in flash, + * so offset of area, the range is header + image + protected tlvs. + */ + FIH_CALL(bootutil_verify_img, valid_signature, (void *)flash_area_get_off(fap), + hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size, + buf, len, key_id); +#endif key_id = -1; + break; + } #endif /* EXPECTED_SIG_TLV */ #ifdef MCUBOOT_HW_ROLLBACK_PROT - } else if (type == IMAGE_TLV_SEC_CNT) { + case IMAGE_TLV_SEC_CNT: + { /* * Verify the image's security counter. * This must always be present. @@ -649,14 +725,21 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, /* The image's security counter has been successfully verified. */ security_counter_valid = fih_rc; + break; + } #endif /* MCUBOOT_HW_ROLLBACK_PROT */ } } +#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) rc = !image_hash_valid; if (rc) { goto out; } +#elif defined(MCUBOOT_SIGN_PURE) + /* This returns true on EQ, rc is err on non-0 */ + rc = FIH_NOT_EQ(valid_signature, FIH_SUCCESS); +#endif #ifdef EXPECTED_SIG_TLV FIH_SET(fih_rc, valid_signature); #endif diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 0b76a5ed6..3e93a2ac1 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -192,6 +192,14 @@ config BOOT_IMG_HASH_ALG_SHA512 endchoice # BOOT_IMG_HASH_ALG +config BOOT_SIGNATURE_TYPE_PURE_ALLOW + bool + help + Hidden option set by configurations that allow Pure variant, + for example ed25519. The pure variant means that image + signature is calculated over entire image instead of hash + of an image. + choice BOOT_SIGNATURE_TYPE prompt "Signature type" default BOOT_SIGNATURE_TYPE_ED25519 if SOC_NRF54L15_CPUAPP @@ -242,15 +250,32 @@ endif config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" - select BOOT_ENCRYPTION_SUPPORT - select BOOT_IMG_HASH_ALG_SHA256_ALLOW + select BOOT_ENCRYPTION_SUPPORT if !BOOT_SIGNATURE_TYPE_PURE + select BOOT_IMG_HASH_ALG_SHA256_ALLOW if !BOOT_SIGNATURE_TYPE_PURE + # The SHA is used only for key hashing, not for images. select BOOT_IMG_HASH_ALG_SHA512_ALLOW if BOOT_USE_PSA_CRYPTO + select BOOT_SIGNATURE_TYPE_PURE_ALLOW help This is ed25519 signature calculated over SHA512 of SHA256 of application image; that is not completely correct approach as the SHA512 should be rather directly calculated over an image. + Select BOOT_SIGNATURE_TYPE_PURE to have a PureEdDSA calculating image + signature directly on image, rather than hash of the image. if BOOT_SIGNATURE_TYPE_ED25519 + +config BOOT_SIGNATURE_TYPE_PURE + bool "Use Pure signature of image" + depends on BOOT_SIGNATURE_TYPE_PURE_ALLOW + help + The Pure signature is calculated directly over image rather than + hash of an image. + This is more secure signature, specifically if hardware can do the + verification without need to share key. + Note that this requires that all slots for which signature is to be + verified need to be accessible through memory address space that + cryptography can access. + choice BOOT_ED25519_IMPLEMENTATION prompt "Ecdsa implementation" default BOOT_ED25519_TINYCRYPT diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index fbd64b5e7..7896e0939 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -147,6 +147,10 @@ #define MCUBOOT_HASH_STORAGE_DIRECTLY #endif +#ifdef CONFIG_BOOT_SIGNATURE_TYPE_PURE +#define MCUBOOT_SIGN_PURE +#endif + #ifdef CONFIG_BOOT_BOOTSTRAP #define MCUBOOT_BOOTSTRAP 1 #endif From 9bdb275ec8b041d13c49b1c6f5c185703815d8e9 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 19 Sep 2024 14:32:37 +0200 Subject: [PATCH 16/19] [nrf noup] boot/zephyr/Kconfig: conditionally disable BOOT_MAX_IMG_SECTORS_AUTO Automatic calculation are based on DTS data which are no the right source on partition layout in case Partition manager does the partitioning. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Dominik Ermel (cherry picked from commit 12e9928b48a081a74a8b0688e6c310315de12f88) (cherry picked from commit a023c2e50989983cb7ffc1c822e44486d0722efe) --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 3e93a2ac1..532402ba3 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -563,7 +563,7 @@ config BOOT_ENCRYPTION_KEY_FILE config BOOT_MAX_IMG_SECTORS_AUTO bool "Calculate maximum sectors automatically" - default y + default y if !PARTITION_MANAGER_ENABLED help If this option is enabled then the maximum number of supported sectors per image will be calculated automatically from the flash erase sizes and size of each partition for From 3f11138ef03e8a18cdc85a13f7db63e7d3ced923 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 20 Sep 2024 16:34:00 +0000 Subject: [PATCH 17/19] [nrf noup] bootutil: Add support for KMU stored ED25519 signature key The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel (cherry picked from commit 1dbca8ff9cd211b72d96ebda410ba83bea650c6f) (cherry picked from commit 40543f121d919566e580970c918aa6ae0aba615b) --- boot/bootutil/src/ed25519_psa.c | 51 ++++++++++++++++++++++++++++++ boot/bootutil/src/image_ed25519.c | 19 ++++++++--- boot/bootutil/src/image_validate.c | 6 ++++ boot/zephyr/CMakeLists.txt | 2 +- boot/zephyr/Kconfig | 29 ++++++++++++++++- 5 files changed, 101 insertions(+), 6 deletions(-) diff --git a/boot/bootutil/src/ed25519_psa.c b/boot/bootutil/src/ed25519_psa.c index 3d7274307..4dbbcb6a4 100644 --- a/boot/bootutil/src/ed25519_psa.c +++ b/boot/bootutil/src/ed25519_psa.c @@ -12,6 +12,9 @@ #include #include +#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU) +#include +#endif BOOT_LOG_MODULE_DECLARE(ed25519_psa); @@ -19,6 +22,18 @@ BOOT_LOG_MODULE_DECLARE(ed25519_psa); #define EDDSA_KEY_LENGTH 32 #define EDDSA_SIGNAGURE_LENGTH 64 +#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU) +/* List of KMU stored key ids available for MCUboot */ +#define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id) +static psa_key_id_t kmu_key_ids[3] = { + MAKE_PSA_KMU_KEY_ID(226), + MAKE_PSA_KMU_KEY_ID(228), + MAKE_PSA_KMU_KEY_ID(230) +}; +#define KMU_KEY_COUNT (sizeof(kmu_key_ids)/sizeof(kmu_key_ids[0])) +#endif + +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], const uint8_t public_key[EDDSA_KEY_LENGTH]) @@ -69,3 +84,39 @@ int ED25519_verify(const uint8_t *message, size_t message_len, return ret; } +#else +int ED25519_verify(const uint8_t *message, size_t message_len, + const uint8_t signature[EDDSA_SIGNAGURE_LENGTH], + const uint8_t public_key[EDDSA_KEY_LENGTH]) +{ + ARG_UNUSED(public_key); + /* Set to any error */ + psa_status_t status = PSA_ERROR_BAD_STATE; + int ret = 0; /* Fail by default */ + + /* Initialize PSA Crypto */ + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + BOOT_LOG_ERR("PSA crypto init failed %d", status); + return 0; + } + + status = PSA_ERROR_BAD_STATE; + + for (int i = 0; i < KMU_KEY_COUNT; ++i) { + psa_key_id_t kid = kmu_key_ids[i]; + + status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message, + message_len, signature, + EDDSA_SIGNAGURE_LENGTH); + if (status == PSA_SUCCESS) { + ret = 1; + break; + } + + BOOT_LOG_ERR("ED25519 signature verification failed %d", status); + } + + return ret; +} +#endif diff --git a/boot/bootutil/src/image_ed25519.c b/boot/bootutil/src/image_ed25519.c index 40d494bcf..e6c792a99 100644 --- a/boot/bootutil/src/image_ed25519.c +++ b/boot/bootutil/src/image_ed25519.c @@ -25,14 +25,16 @@ #include "bootutil/crypto/sha.h" #define EDDSA_SIGNATURE_LENGTH 64 - -static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; #define NUM_ED25519_BYTES 32 extern int ED25519_verify(const uint8_t *message, size_t message_len, const uint8_t signature[EDDSA_SIGNATURE_LENGTH], const uint8_t public_key[NUM_ED25519_BYTES]); +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) + +static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70"; + /* * Parse the public key used for signing. */ @@ -71,6 +73,7 @@ bootutil_import_key(uint8_t **cp, uint8_t *end) return 0; } +#endif fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, @@ -78,14 +81,17 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, { int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey; + uint8_t *pubkey = NULL; +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) uint8_t *end; +#endif if (hlen != IMAGE_HASH_SIZE || slen != EDDSA_SIGNATURE_LENGTH) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; @@ -94,6 +100,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#endif rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey); @@ -115,14 +122,17 @@ bootutil_verify_img(const uint8_t *img, uint32_t size, { int rc; FIH_DECLARE(fih_rc, FIH_FAILURE); - uint8_t *pubkey; + uint8_t *pubkey = NULL; +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) uint8_t *end; +#endif if (slen != EDDSA_SIGNATURE_LENGTH) { FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) pubkey = (uint8_t *)bootutil_keys[key_id].key; end = pubkey + *bootutil_keys[key_id].len; @@ -131,6 +141,7 @@ bootutil_verify_img(const uint8_t *img, uint32_t size, FIH_SET(fih_rc, FIH_FAILURE); goto out; } +#endif rc = ED25519_verify(img, size, sig, pubkey); diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index c419b9497..f71d1d9a6 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -245,6 +245,7 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index, # define KEY_BUF_SIZE (SIG_BUF_SIZE + 24) #endif /* !MCUBOOT_HW_KEY */ +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) #if !defined(MCUBOOT_HW_KEY) static int bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len) @@ -310,6 +311,7 @@ bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len) } #endif /* !MCUBOOT_HW_KEY */ #endif /* !MCUBOOT_BUILTIN_KEY */ +#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ #endif /* EXPECTED_SIG_TLV */ /** @@ -626,6 +628,7 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, break; } #endif /* defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) */ +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) #ifdef EXPECTED_KEY_TLV case EXPECTED_KEY_TLV: { @@ -656,14 +659,17 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index, break; } #endif /* EXPECTED_KEY_TLV */ +#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ #ifdef EXPECTED_SIG_TLV case EXPECTED_SIG_TLV: { +#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) /* Ignore this signature if it is out of bounds. */ if (key_id < 0 || key_id >= bootutil_key_cnt) { key_id = -1; continue; } +#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */ if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) { rc = -1; goto out; diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index e01524221..3a3406465 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -313,7 +313,7 @@ if(CONFIG_MCUBOOT_SERIAL) endif() endif() -if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") +if(NOT CONFIG_BOOT_SIGNATURE_USING_KMU AND NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") # CONF_FILE points to the KConfig configuration files of the bootloader. foreach (filepath ${CONF_FILE}) file(READ ${filepath} temp_text) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 532402ba3..8adb4cc68 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -293,6 +293,7 @@ config BOOT_ED25519_MBEDTLS config BOOT_ED25519_PSA bool "Use PSA crypto" + depends on NRF_SECURITY select BOOT_USE_PSA_CRYPTO select BOOT_ED25519_PSA_DEPENDENCIES select BOOT_X25519_PSA_DEPENDENCIES if BOOT_ENCRYPT_IMAGE @@ -302,6 +303,22 @@ endif endchoice +config BOOT_SIGNATURE_USING_KMU + bool "Use KMU stored keys for signature verification" + depends on NRF_SECURITY + depends on CRACEN_LIB_KMU + select PSA_WANT_ALG_GCM + select PSA_WANT_KEY_TYPE_AES + select PSA_WANT_AES_KEY_SIZE_256 + select PSA_WANT_ALG_SP800_108_COUNTER_CMAC + select PSA_WANT_ALG_CMAC + select PSA_WANT_ALG_ECB_NO_PADDING + help + MCUboot will use keys provisioned to the device key management unit for signature + verification instead of compiling in key data from a file. + +if !BOOT_SIGNATURE_USING_KMU + config BOOT_SIGNATURE_KEY_FILE string "PEM key file" default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 @@ -319,6 +336,8 @@ config BOOT_SIGNATURE_KEY_FILE with the public key information will be written in a format expected by MCUboot. +endif + config MCUBOOT_CLEANUP_ARM_CORE bool "Perform core cleanup before chain-load the application" depends on CPU_CORTEX_M @@ -341,10 +360,18 @@ config MCUBOOT_CLEANUP_RAM help Sets contents of memory to 0 before jumping to application. +# Disable MBEDTLS from being selected if NRF_SECURITY is enabled, and use default NRF_SECURITY +# configuration file for MBEDTLS +config MBEDTLS + depends on !NRF_SECURITY + +config NRF_SECURITY + select MBEDTLS_PROMPTLESS + if MBEDTLS config MBEDTLS_CFG_FILE - default "mcuboot-mbedtls-cfg.h" + default "mcuboot-mbedtls-cfg.h" if !NRF_SECURITY endif From 186efb3ec332a1bcfcc9421964c965623867efd1 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 25 Oct 2024 11:37:57 +0100 Subject: [PATCH 18/19] [nrf noup] zephyr: Fix compressed chunk size mismatch fixup! [nrf noup] zephyr: Add support for compressed image updates Fixes an issue with a mismatch of the chunk size used when decompressing firmware updates Signed-off-by: Jamie McCrae Signed-off-by: Dominik Ermel (cherry picked from commit 0a70e4968d1f65118a2b5a17a27ed990c296bb5f) --- boot/zephyr/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 8adb4cc68..6b47e8240 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -967,9 +967,9 @@ menuconfig BOOT_DECOMPRESSION if BOOT_DECOMPRESSION config BOOT_DECOMPRESSION_BUFFER_SIZE - int "Write buffer size" + int range 16 16384 - default 4096 + default NRF_COMPRESS_CHUNK_SIZE help The size of a secondary buffer used for writing decompressed data to the storage device. From 69453e422c18934de48199fac7c836bad4f25c27 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Thu, 7 Nov 2024 10:53:06 +0000 Subject: [PATCH 19/19] [nrf noup] boot: zephyr: Add experimental selection to compression Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae (cherry picked from commit b836582c3f7dccb16af500023644e38224fdddd8) Signed-off-by: Dominik Ermel --- boot/zephyr/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 6b47e8240..fd089a661 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -956,9 +956,10 @@ config BOOT_DECOMPRESSION_SUPPORT if BOOT_DECOMPRESSION_SUPPORT menuconfig BOOT_DECOMPRESSION - bool "Decompression" + bool "Decompression [EXPERIMENTAL]" select NRF_COMPRESS_CLEANUP select PM_USE_CONFIG_SRAM_SIZE if SOC_NRF54L15_CPUAPP + select EXPERIMENTAL help If enabled, will include support for compressed images being loaded to the secondary slot which then get decompressed into the primary slot. This mode allows the secondary slot to