diff options
-rw-r--r-- | bl2/ext/mcuboot/CMakeLists.txt | 4 | ||||
-rw-r--r-- | bl2/ext/mcuboot/MCUBootConfig.cmake | 11 | ||||
-rw-r--r-- | bl2/ext/mcuboot/bl2_main.c | 2 | ||||
-rw-r--r-- | bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in | 2 |
4 files changed, 3 insertions, 16 deletions
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt index f073e6b603..d1dd17105d 100644 --- a/bl2/ext/mcuboot/CMakeLists.txt +++ b/bl2/ext/mcuboot/CMakeLists.txt @@ -87,6 +87,7 @@ list(APPEND ALL_SRC_C "${TFM_ROOT_DIR}/bl2/ext/mcuboot/flash_map_legacy.c" "${TFM_ROOT_DIR}/bl2/ext/mcuboot/keys.c" "${TFM_ROOT_DIR}/bl2/src/flash_map.c" + "${TFM_ROOT_DIR}/bl2/src/security_cnt.c" "${MCUBOOT_DIR}/bootutil/src/loader.c" "${MCUBOOT_DIR}/bootutil/src/bootutil_misc.c" "${MCUBOOT_DIR}/bootutil/src/image_validate.c" @@ -97,7 +98,6 @@ list(APPEND ALL_SRC_C if (MCUBOOT_REPO STREQUAL "TF-M") list(APPEND ALL_SRC_C "${TFM_ROOT_DIR}/bl2/src/boot_record.c" - "${TFM_ROOT_DIR}/bl2/src/security_cnt.c" ) else() list(APPEND ALL_SRC_C @@ -204,7 +204,7 @@ get_property(_log_levels CACHE MCUBOOT_LOG_LEVEL PROPERTY STRINGS) list(FIND _log_levels ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID) if (MCUBOOT_REPO STREQUAL "UPSTREAM") - set(MCUBOOT_USE_UPSTREAM On) + set(MCUBOOT_HW_ROLLBACK_PROT On) endif() if(MCUBOOT_SIGNATURE_TYPE STREQUAL "RSA-3072") diff --git a/bl2/ext/mcuboot/MCUBootConfig.cmake b/bl2/ext/mcuboot/MCUBootConfig.cmake index ef4246e6a0..d025ab4775 100644 --- a/bl2/ext/mcuboot/MCUBootConfig.cmake +++ b/bl2/ext/mcuboot/MCUBootConfig.cmake @@ -71,17 +71,6 @@ if (BL2) " upstream MCUBoot. Your choice was overriden.") mcuboot_override_upgrade_strategy("OVERWRITE_ONLY") endif() - - if (DEFINED SECURITY_COUNTER OR - DEFINED SECURITY_COUNTER_S OR - DEFINED SECURITY_COUNTER_NS) - message(WARNING "Ignoring the values of SECURITY_COUNTER and/or SECURITY_COUNTER_* variables as" - " upstream MCUBoot does not support rollback protection.") - set(SECURITY_COUNTER "") - set(SECURITY_COUNTER_S "") - set(SECURITY_COUNTER_NS "") - endif() - endif() else() #BL2 is turned off diff --git a/bl2/ext/mcuboot/bl2_main.c b/bl2/ext/mcuboot/bl2_main.c index b7dd03ec98..3d4ddae166 100644 --- a/bl2/ext/mcuboot/bl2_main.c +++ b/bl2/ext/mcuboot/bl2_main.c @@ -132,14 +132,12 @@ int main(void) } #endif /* CRYPTO_HW_ACCELERATOR */ -#ifndef MCUBOOT_USE_UPSTREAM rc = boot_nv_security_counter_init(); if (rc != 0) { BOOT_LOG_ERR("Error while initializing the security counter"); while (1) ; } -#endif /* !MCUBOOT_USE_UPSTREAM */ rc = boot_go(&rsp); if (rc != 0) { diff --git a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in index 3762055f98..4213cfc014 100644 --- a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in +++ b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in @@ -47,7 +47,7 @@ extern "C" { #cmakedefine MCUBOOT_RAM_LOADING #cmakedefine MCUBOOT_HW_KEY -#cmakedefine MCUBOOT_USE_UPSTREAM +#cmakedefine MCUBOOT_HW_ROLLBACK_PROT /* * Cryptographic settings |