aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Vincze <david.vincze@arm.com>2020-01-10 11:19:05 +0100
committerDavid Vincze <david.vincze@linaro.org>2020-06-24 14:27:50 +0200
commitabb527cc7c408750385a81e92412c8293f35a0c0 (patch)
treed31ae26511086982c5812b94057214306b077161
parentf0873cd2598c3aab09bbcbd90e153b8444965bdb (diff)
downloadtrusted-firmware-m-abb527cc7c408750385a81e92412c8293f35a0c0.tar.gz
Build: Enable HW rollback protection with UPSTREAM
Modify the build system (by removing restrictions) to allow HW rollback protection when the 'UPSTREAM' MCUboot repository is selected as MCUboot v1.6.0 (current default bootloader) already includes this feature. Change-Id: I5ee1c347986275e3da18960801b7503e8f3b4768 Signed-off-by: David Vincze <david.vincze@linaro.org>
-rw-r--r--bl2/ext/mcuboot/CMakeLists.txt4
-rw-r--r--bl2/ext/mcuboot/MCUBootConfig.cmake11
-rw-r--r--bl2/ext/mcuboot/bl2_main.c2
-rw-r--r--bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in2
4 files changed, 3 insertions, 16 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index f073e6b60..d1dd17105 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -87,6 +87,7 @@ list(APPEND ALL_SRC_C
"${TFM_ROOT_DIR}/bl2/ext/mcuboot/flash_map_legacy.c"
"${TFM_ROOT_DIR}/bl2/ext/mcuboot/keys.c"
"${TFM_ROOT_DIR}/bl2/src/flash_map.c"
+ "${TFM_ROOT_DIR}/bl2/src/security_cnt.c"
"${MCUBOOT_DIR}/bootutil/src/loader.c"
"${MCUBOOT_DIR}/bootutil/src/bootutil_misc.c"
"${MCUBOOT_DIR}/bootutil/src/image_validate.c"
@@ -97,7 +98,6 @@ list(APPEND ALL_SRC_C
if (MCUBOOT_REPO STREQUAL "TF-M")
list(APPEND ALL_SRC_C
"${TFM_ROOT_DIR}/bl2/src/boot_record.c"
- "${TFM_ROOT_DIR}/bl2/src/security_cnt.c"
)
else()
list(APPEND ALL_SRC_C
@@ -204,7 +204,7 @@ get_property(_log_levels CACHE MCUBOOT_LOG_LEVEL PROPERTY STRINGS)
list(FIND _log_levels ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
if (MCUBOOT_REPO STREQUAL "UPSTREAM")
- set(MCUBOOT_USE_UPSTREAM On)
+ set(MCUBOOT_HW_ROLLBACK_PROT On)
endif()
if(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072")
diff --git a/bl2/ext/mcuboot/MCUBootConfig.cmake b/bl2/ext/mcuboot/MCUBootConfig.cmake
index ef4246e6a..d025ab477 100644
--- a/bl2/ext/mcuboot/MCUBootConfig.cmake
+++ b/bl2/ext/mcuboot/MCUBootConfig.cmake
@@ -71,17 +71,6 @@ if (BL2)
" upstream MCUBoot. Your choice was overriden.")
mcuboot_override_upgrade_strategy("OVERWRITE_ONLY")
endif()
-
- if (DEFINED SECURITY_COUNTER OR
- DEFINED SECURITY_COUNTER_S OR
- DEFINED SECURITY_COUNTER_NS)
- message(WARNING "Ignoring the values of SECURITY_COUNTER and/or SECURITY_COUNTER_* variables as"
- " upstream MCUBoot does not support rollback protection.")
- set(SECURITY_COUNTER "")
- set(SECURITY_COUNTER_S "")
- set(SECURITY_COUNTER_NS "")
- endif()
-
endif()
else() #BL2 is turned off
diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c
index b7dd03ec9..3d4ddae16 100644
--- a/bl2/ext/mcuboot/bl2_main.c
+++ b/bl2/ext/mcuboot/bl2_main.c
@@ -132,14 +132,12 @@ int main(void)
}
#endif /* CRYPTO_HW_ACCELERATOR */
-#ifndef MCUBOOT_USE_UPSTREAM
rc = boot_nv_security_counter_init();
if (rc != 0) {
BOOT_LOG_ERR("Error while initializing the security counter");
while (1)
;
}
-#endif /* !MCUBOOT_USE_UPSTREAM */
rc = boot_go(&rsp);
if (rc != 0) {
diff --git a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
index 3762055f9..4213cfc01 100644
--- a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
+++ b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
@@ -47,7 +47,7 @@ extern "C" {
#cmakedefine MCUBOOT_RAM_LOADING
#cmakedefine MCUBOOT_HW_KEY
-#cmakedefine MCUBOOT_USE_UPSTREAM
+#cmakedefine MCUBOOT_HW_ROLLBACK_PROT
/*
* Cryptographic settings