Upmerge 2024.12.20 #393
Open
Upmerge 2024.12.20 #393
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CMake's message function was mistakenly called with ERROR but the correct correct argument to use is FATAL_ERROR. Signed-off-by: Torsten Rasmussen <[email protected]>
adds TLV and Kconfig to decouple verification from other options. Signed-off-by: Mateusz Michalek <[email protected]> Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Rajeev Piyare <[email protected]>
- Clean NXP board configurations, after enabling BOOT_MAX_IMG_SECTORS_AUTO. - Fix BOOT_MAX_IMG_SECTORS warnings. - Fix BOOT_ERASE_PROGRESSIVELY warnings. Signed-off-by: Andrej Butok <[email protected]>
Allow disabling feeding the watchdog on nrf devices directly using the nrfx_wdt functions. The imply on NRFX_WDT cannot be disabled since NRFX_WDT is a promptless symbol and cannot be assigned in a config fragment. Not even deleting the wdt0 node in a devicetree overlay works since the configuration takes predence and ends in a #error without any nrfx_wdt instances. To fix this create new Kconfig option with prompt and change the imply to this option. That way the option can be assigned to off by the user. This is needed to support the use case of an external watchdog controlled using the zephyr watchdog API instead of the wdt peripheral. Signed-off-by: Joakim Andersson <[email protected]>
Remove broken target config header feature.
This has been broken for more than 6 years, and seeing as nobody noticed
it should be ok to remove it.
Broken because if(EXISTS path-to-file-or-directory) uses relative path.
From cmake documentation:
"Behavior is well-defined only for explicit full paths".
Secondly ${BOARD}.h does not account for changes introduced in hwmv2
where BOARD_QUALIFIER maybe should be handled as well.
Also, who will put their board config files here?
Signed-off-by: Joakim Andersson <[email protected]>
Prints a debug log message if the device has a write block size for a flash device in DTS that is not the same as what the flash driver reports at run-time, this can be used to see if there is a faulty configuration as these compile-time values are used for various calculations Signed-off-by: Jamie McCrae <[email protected]>
Adds write block size checking functionality and includes a zephyr implementation, this will not throw an error or prevent upgrade but will emit a debug log with a discrepency message Signed-off-by: Jamie McCrae <[email protected]>
Adds notes on these new features Signed-off-by: Jamie McCrae <[email protected]>
Fixes an issue when either of these modes is used with serial recovery slot info enabled Signed-off-by: Jamie McCrae <[email protected]>
Fixes an issue with 2 uses of slot numbers wrongly using the number of updateable images, for listing and slot info commands Signed-off-by: Jamie McCrae <[email protected]>
Adds a note about this fix Signed-off-by: Jamie McCrae <[email protected]>
Fixes an issue whereby static buffers were changed into pointers, whereby they are then assumed to be the size of a pointer rather than the size of the actual buffers Signed-off-by: Jamie McCrae <[email protected]>
The adds support for hashing image with SHA512, to allow SHA512-ED25519-SHA512 signature. To support above --sha parameter has been added that can take value: auto, 256, 384, 512 to select sha, where auto brings the default behaviour, or current, behaviour. The sha provided here is tested against key so not all combinations are supported. Signed-off-by: Dominik Ermel <[email protected]>
To be able to implement encryption with API that requires different calls for encryption and encryption, the boot_encrypt needs to be replaced with encryption/decryption specific functions. Signed-off-by: Dominik Ermel <[email protected]>
The commit adds SIG_PURE TLV that should be used as TLV indicating that the signature attached to image has been calculated over entire image, rather than digest of image. This is generic flag as the "pure" usage may be applied to, potentially, any signature algorithm. Signed-off-by: Dominik Ermel <[email protected]>
Adds LZMA2 compression to imgtool. Python lzma library is unable to compress with proper parameters while using "ALONE" container, therefore 2 header bytes are calculated and added to payload by imgtool. Signed-off-by: Mateusz Michalek <[email protected]>
Fixes the "return type of 'main' is not 'int'" warning. Signed-off-by: Andrej Butok <[email protected]>
Fix possible warning "boot_serial_enter defined but not used". Signed-off-by: Andrej Butok <[email protected]>
Serial recovery failed for NXP IMX.RT platforms unless BOOT_ERASE_PROGRESSIVELY is set. Signed-off-by: Andrej Butok <[email protected]>
Enable the MCUBoot when building with sysbuild. Signed-off-by: Andrej Butok <[email protected]>
Use EXTRA_CONF_FILE that replaced OVERLAY_CONFIG since the Zephyr v3.4 release. Signed-off-by: Andrej Butok <[email protected]>
The SHA512_ALLOW Kconfig has been added to allow signature algorithms to select which SHA they support. Unfortunately it has been given dependency on PSA crypto, which now is problematic because if signature algorithm wants to indicate that it allows SHA512 it immediately becomes dependent on PSA crypto. The commit removes the dependency. Signed-off-by: Dominik Ermel <[email protected]>
The use of SHA-512 was only available with PSA. This commit adds support for SHA-512 when using mbedTLS. Signed-off-by: Thomas Altenbach <[email protected]>
When Ed25519 signatures are used, the bootutil_verify_sig responsible for verifying a signature was expecting as argument the SHA-256 digest of the firmware image. This commit slightly modifies this routine to make possible to use Ed25519 with SHA-512 digests. Signed-off-by: Thomas Altenbach <[email protected]>
Adds ARM thumb filter to imgtool's LZMA2 compression. Signed-off-by: Mateusz Michalek <[email protected]>
Fixes an issue with compressed update support whereby it would wrong continue to check all sector sizes and error due to the sector sizes of the secondary slot being 0 until overflow Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Toon Stegen <[email protected]>
fixing broken encryption caused by shift in function parameters. Signed-off-by: Mateusz Michalek <[email protected]>
RAM loading code is currently under bootutil/loader.c, and it's not accessible for different loaders, such as the single loaders. Future patches will make use of the RAM loading code outside the bootutil/loader.c context, and this patch prepares for that by making it standalone on boot/bootutil/src/ram_load.c Signed-off-by: Ederson de Souza <[email protected]> Signed-off-by: Tom Burdick <[email protected]>
As this is MCUboot updating itself, it should reboot the device so NSIB will chainload the update MCUboot Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit f07918d)
Fixes an issues with wrongly checking the network core reset address Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit e870594)
FPROTECT is not suppored for nrf54l15dk. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 9321e7f)
Adds support for LZMA-compressed firmware updates Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 474a922)
* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 049e896)
The commit provides implementation of image verification with ed25519 and encryption/decryption support where random key is encrypted using x25519. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 2c3c181)
Adds support for ARM thumb filter usage for compressed firmware updates Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 390c468)
This has been overriding logic that selects nrf-config.h when CONFIG_NRF_SECURITY=y. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ea00c04)
Previously PCD memory was locked as read-only, non-secure in MCUboot. Given that TF-M also needs write to PCD to communicate with b0n, the memory is left unlocked and locked to read-only, non-secure in TF-M. Signed-off-by: Markus Lassila <[email protected]> (cherry picked from commit ad56ff5)
Adds support for image IDs that are assigned by sysbuild, which allows for dynamically supporting different configurations without needing dummy images to support different modes. Also fixes multiple deficiencies with the previous code where things were not properly accounted for e.g. using the swap algorithm including all swap status parts when updating s0/s1 MCUboot image which could overwrite and corrupt the image data in the other slot Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 43d4739)
Adds a check that will also check the s0/s1 package version of the currently running MCUboot against a MCUboot update image to ensure that an older version of MCUboot isn't loaded to the opposite slot Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 63e53ed)
Update the configuration files for the Thingy:91 X targets to the ones used in production. Signed-off-by: Maximilian Deubel <[email protected]> (cherry picked from commit 78211ab)
Enable backporting of PRs. Signed-off-by: Carles Cufi <[email protected]> (cherry picked from commit 7058149)
Moved configs from nrf54l15pdk. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit bd64752)
Log module has been declared but never registered. This commit fixes that by just registering the module. Signed-off-by: Maciej Baczmanski <[email protected]> Co-authored-by: Marek Pieta <[email protected]> (cherry picked from commit c882964)
Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 00f35bb)
Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 5a6676c)
The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit b2ad117)
The commit adds support for PureEdDSA, which validates signature of image rather than hash. This is most secure, available, ED25519 usage in MCUboot, but due to requirement of PureEdDSA to be able to calculate signature at whole message at once, here image, it only works on setups where entire image can be mapped to device address space, so that PSA functions calculating the signature can see the whole image at once. This option is enabled with Kconfig option: CONFIG_BOOT_SIGNATURE_TYPE_PURE when the ED25519 signature type is already selected. Note that the option will enable SHA512 for calculating public key hash. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 1a2f5f6)
…CTORS_AUTO Automatic calculation are based on DTS data which are no the right source on partition layout in case Partition manager does the partitioning. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit d09c5a0)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6e0c2b8)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ff3c31f)
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before NCSDK-30743 Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 12e5ee1)
…sion fixup! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key This adds the additional code required so that the compression feature can be used with keys that reside in the KMU Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 0343424)
Adds additional conditions that lets the direct upload option to be selected on nRF5340 to allow for uploading network core updates directly to the network core with the flash simulator Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit b82206c)
Configured CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 Which ensure the fastest bulk RRAM write operations. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 0a910b6)
Removes stray child/parent references Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 99d4ae9)
MCUboot uses SOC_FLASH_0_ID and SPI_FLASH_0_ID to distinguish between internal and external boot device. These IDs are provided by sysflash.h, but the pm_sysflash.h overrides entire file, and was lacking that definitions. Signed-off-by: Dominik Ermel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.