Boot: integrate MCUBoot with TF-M to act as a BL2 bootloader
Modifications in MCUBoot to be aligned with BL2 requirements in TF-M:
-- OS dependency was removed, no need to copy any OS repo to build it
-- CMSIS serial driver is used
-- flash driver interface is aligned with original version
-- S and NS images are handeled as a single binary blob
-- automatic image concatenation and signing at build time
-- authentication based on SHA256 and RSA-2048 digital signature
-- mbedTLS library is used for cryptographic operation
-- static analyser warnings fixed in some files
Change-Id: I54891762eac8d0df634e954ff19a9505b16f3028
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil_log.h b/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil_log.h
index 643fc99..ba161d4 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil_log.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil_log.h
@@ -23,62 +23,17 @@
extern "C" {
#endif
-/*
- * When building for targets running Zephyr, delegate to its native
- * logging subsystem.
- *
- * In this case:
- *
- * - BOOT_LOG_LEVEL determines SYS_LOG_LEVEL,
- * - BOOT_LOG_ERR() and friends are SYS_LOG_ERR() etc.
- * - SYS_LOG_DOMAIN is unconditionally set to "MCUBOOT"
- */
-#ifdef __ZEPHYR__
-
-#define BOOT_LOG_LEVEL_OFF SYS_LOG_LEVEL_OFF
-#define BOOT_LOG_LEVEL_ERROR SYS_LOG_LEVEL_ERROR
-#define BOOT_LOG_LEVEL_WARNING SYS_LOG_LEVEL_WARNING
-#define BOOT_LOG_LEVEL_INFO SYS_LOG_LEVEL_INFO
-#define BOOT_LOG_LEVEL_DEBUG SYS_LOG_LEVEL_DEBUG
-
-/* Treat BOOT_LOG_LEVEL equivalently to SYS_LOG_LEVEL. */
-#ifndef BOOT_LOG_LEVEL
-#define BOOT_LOG_LEVEL CONFIG_SYS_LOG_DEFAULT_LEVEL
-#elif (BOOT_LOG_LEVEL < CONFIG_SYS_LOG_OVERRIDE_LEVEL)
-#undef BOOT_LOG_LEVEL
-#define BOOT_LOG_LEVEL CONFIG_SYS_LOG_OVERRIDE_LEVEL
-#endif
-
-#define SYS_LOG_LEVEL BOOT_LOG_LEVEL
-
-#undef SYS_LOG_DOMAIN
-#define SYS_LOG_DOMAIN "MCUBOOT"
-
-#define BOOT_LOG_ERR(...) SYS_LOG_ERR(__VA_ARGS__)
-#define BOOT_LOG_WRN(...) SYS_LOG_WRN(__VA_ARGS__)
-#define BOOT_LOG_INF(...) SYS_LOG_INF(__VA_ARGS__)
-#define BOOT_LOG_DBG(...) SYS_LOG_DBG(__VA_ARGS__)
-
-#include <logging/sys_log.h>
-
-/*
- * When built on the simulator, just use printf().
- */
-#elif defined(__BOOTSIM__) /* !defined(__ZEPHYR__) */
-
#include <stdio.h>
-#define BOOT_LOG_LEVEL_OFF 0
-#define BOOT_LOG_LEVEL_ERROR 1
-#define BOOT_LOG_LEVEL_WARNING 2
-#define BOOT_LOG_LEVEL_INFO 3
-#define BOOT_LOG_LEVEL_DEBUG 4
+#define BOOT_LOG_LEVEL_OFF 0
+#define BOOT_LOG_LEVEL_ERROR 1
+#define BOOT_LOG_LEVEL_WARNING 2
+#define BOOT_LOG_LEVEL_INFO 3
+#define BOOT_LOG_LEVEL_DEBUG 4
/*
* The compiled log level determines the maximum level that can be
- * printed. Messages at or below this level can be printed, provided
- * they are also enabled through the Rust logging system, such as by
- * setting RUST_LOG to bootsim::api=info.
+ * printed. Messages at or below this level can be printed.
*/
#ifndef BOOT_LOG_LEVEL
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_INFO
@@ -87,67 +42,33 @@
int sim_log_enabled(int level);
#if BOOT_LOG_LEVEL >= BOOT_LOG_LEVEL_ERROR
-#define BOOT_LOG_ERR(_fmt, ...) \
- do { \
- if (sim_log_enabled(BOOT_LOG_LEVEL_ERROR)) { \
- fprintf(stderr, "[ERR] " _fmt "\n", ##__VA_ARGS__); \
- } \
- } while (0)
+#define BOOT_LOG_ERR(_fmt, ...) \
+ printf("[ERR] " _fmt "\r\n", ##__VA_ARGS__)
#else
#define BOOT_LOG_ERR(...) IGNORE(__VA_ARGS__)
#endif
#if BOOT_LOG_LEVEL >= BOOT_LOG_LEVEL_WARNING
-#define BOOT_LOG_WRN(_fmt, ...) \
- do { \
- if (sim_log_enabled(BOOT_LOG_LEVEL_WARNING)) { \
- fprintf(stderr, "[WRN] " _fmt "\n", ##__VA_ARGS__); \
- } \
- } while (0)
+#define BOOT_LOG_WRN(_fmt, ...) \
+ printf("[WRN] " _fmt "\r\n", ##__VA_ARGS__)
#else
#define BOOT_LOG_WRN(...) IGNORE(__VA_ARGS__)
#endif
#if BOOT_LOG_LEVEL >= BOOT_LOG_LEVEL_INFO
-#define BOOT_LOG_INF(_fmt, ...) \
- do { \
- if (sim_log_enabled(BOOT_LOG_LEVEL_INFO)) { \
- fprintf(stderr, "[INF] " _fmt "\n", ##__VA_ARGS__); \
- } \
- } while (0)
+#define BOOT_LOG_INF(_fmt, ...) \
+ printf("[INF] " _fmt "\r\n", ##__VA_ARGS__)
#else
#define BOOT_LOG_INF(...) IGNORE(__VA_ARGS__)
#endif
#if BOOT_LOG_LEVEL >= BOOT_LOG_LEVEL_DEBUG
-#define BOOT_LOG_DBG(_fmt, ...) \
- do { \
- if (sim_log_enabled(BOOT_LOG_LEVEL_DEBUG)) { \
- fprintf(stderr, "[DBG] " _fmt "\n", ##__VA_ARGS__); \
- } \
- } while (0)
+#define BOOT_LOG_DBG(_fmt, ...) \
+ printf("[DBG] " _fmt "\r\n", ##__VA_ARGS__)
#else
#define BOOT_LOG_DBG(...) IGNORE(__VA_ARGS__)
#endif
-/*
- * In other environments, logging calls are no-ops.
- */
-#else /* !defined(__BOOTSIM__) */
-
-#define BOOT_LOG_LEVEL_OFF 0
-#define BOOT_LOG_LEVEL_ERROR 1
-#define BOOT_LOG_LEVEL_WARNING 2
-#define BOOT_LOG_LEVEL_INFO 3
-#define BOOT_LOG_LEVEL_DEBUG 4
-
-#define BOOT_LOG_ERR(...) IGNORE(__VA_ARGS__)
-#define BOOT_LOG_WRN(...) IGNORE(__VA_ARGS__)
-#define BOOT_LOG_INF(...) IGNORE(__VA_ARGS__)
-#define BOOT_LOG_DBG(...) IGNORE(__VA_ARGS__)
-
-#endif
-
#ifdef __cplusplus
}
#endif
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/caps.h b/bl2/ext/mcuboot/bootutil/include/bootutil/caps.h
index a0c324a..6604e45 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/caps.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/caps.h
@@ -33,8 +33,6 @@
uint32_t bootutil_get_caps(void);
#define BOOTUTIL_CAP_RSA2048 (1<<0)
-#define BOOTUTIL_CAP_ECDSA_P224 (1<<1)
-#define BOOTUTIL_CAP_ECDSA_P256 (1<<2)
#define BOOTUTIL_CAP_SWAP_UPGRADE (1<<3)
#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<4)
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/ignore.h b/bl2/ext/mcuboot/bootutil/include/bootutil/ignore.h
index 46282a0..4cc5430 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/ignore.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/ignore.h
@@ -30,25 +30,25 @@
*/
#define IGN_1(X) ((void)(X))
-#define IGN_2(X, ...) ((void)(X));IGN_1(__VA_ARGS__)
-#define IGN_3(X, ...) ((void)(X));IGN_2(__VA_ARGS__)
-#define IGN_4(X, ...) ((void)(X));IGN_3(__VA_ARGS__)
-#define IGN_5(X, ...) ((void)(X));IGN_4(__VA_ARGS__)
-#define IGN_6(X, ...) ((void)(X));IGN_5(__VA_ARGS__)
-#define IGN_7(X, ...) ((void)(X));IGN_6(__VA_ARGS__)
-#define IGN_8(X, ...) ((void)(X));IGN_7(__VA_ARGS__)
-#define IGN_9(X, ...) ((void)(X));IGN_8(__VA_ARGS__)
-#define IGN_10(X, ...) ((void)(X));IGN_9(__VA_ARGS__)
-#define IGN_11(X, ...) ((void)(X));IGN_10(__VA_ARGS__)
-#define IGN_12(X, ...) ((void)(X));IGN_11(__VA_ARGS__)
-#define IGN_13(X, ...) ((void)(X));IGN_12(__VA_ARGS__)
-#define IGN_14(X, ...) ((void)(X));IGN_13(__VA_ARGS__)
-#define IGN_15(X, ...) ((void)(X));IGN_14(__VA_ARGS__)
-#define IGN_16(X, ...) ((void)(X));IGN_15(__VA_ARGS__)
-#define IGN_17(X, ...) ((void)(X));IGN_16(__VA_ARGS__)
-#define IGN_18(X, ...) ((void)(X));IGN_17(__VA_ARGS__)
-#define IGN_19(X, ...) ((void)(X));IGN_18(__VA_ARGS__)
-#define IGN_20(X, ...) ((void)(X));IGN_19(__VA_ARGS__)
+#define IGN_2(X, ...) ((void)(X)); IGN_1(__VA_ARGS__)
+#define IGN_3(X, ...) ((void)(X)); IGN_2(__VA_ARGS__)
+#define IGN_4(X, ...) ((void)(X)); IGN_3(__VA_ARGS__)
+#define IGN_5(X, ...) ((void)(X)); IGN_4(__VA_ARGS__)
+#define IGN_6(X, ...) ((void)(X)); IGN_5(__VA_ARGS__)
+#define IGN_7(X, ...) ((void)(X)); IGN_6(__VA_ARGS__)
+#define IGN_8(X, ...) ((void)(X)); IGN_7(__VA_ARGS__)
+#define IGN_9(X, ...) ((void)(X)); IGN_8(__VA_ARGS__)
+#define IGN_10(X, ...) ((void)(X)); IGN_9(__VA_ARGS__)
+#define IGN_11(X, ...) ((void)(X)); IGN_10(__VA_ARGS__)
+#define IGN_12(X, ...) ((void)(X)); IGN_11(__VA_ARGS__)
+#define IGN_13(X, ...) ((void)(X)); IGN_12(__VA_ARGS__)
+#define IGN_14(X, ...) ((void)(X)); IGN_13(__VA_ARGS__)
+#define IGN_15(X, ...) ((void)(X)); IGN_14(__VA_ARGS__)
+#define IGN_16(X, ...) ((void)(X)); IGN_15(__VA_ARGS__)
+#define IGN_17(X, ...) ((void)(X)); IGN_16(__VA_ARGS__)
+#define IGN_18(X, ...) ((void)(X)); IGN_17(__VA_ARGS__)
+#define IGN_19(X, ...) ((void)(X)); IGN_18(__VA_ARGS__)
+#define IGN_20(X, ...) ((void)(X)); IGN_19(__VA_ARGS__)
#define GET_MACRO(_1, _2, _3, _4, _5, _6, _7, _8, _9, _10, _11, _12, \
_13, _14, _15, _16, _17, _18, _19, _20, NAME, ...) NAME
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
index 10e7be0..9a4535c 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/image.h
@@ -65,8 +65,6 @@
#define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
-#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */
-#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */
struct image_version {
uint8_t iv_major;
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/sha256.h b/bl2/ext/mcuboot/bootutil/include/bootutil/sha256.h
index cc52b07..8486ece 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/sha256.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/sha256.h
@@ -21,33 +21,13 @@
* This module provides a thin abstraction over some of the crypto
* primitives to make it easier to swap out the used crypto library.
*
- * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
- * MCUBOOT_USE_TINYCRYPT. It is a compile error there is not exactly
- * one of these defined.
+ * At this point, only mbedTLS is supported.
*/
#ifndef __BOOTUTIL_CRYPTO_H_
#define __BOOTUTIL_CRYPTO_H_
-#ifdef MCUBOOT_MYNEWT
-#include "mcuboot_config/mcuboot_config.h"
-#endif
-
-#if defined(MCUBOOT_USE_MBED_TLS) && defined(MCUBOOT_USE_TINYCRYPT)
- #error "Cannot define both MBED_TLS and TINYCRYPT"
-#endif
-
-#if !defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_TINYCRYPT)
- #error "One of MBED_TLS or TINYCRYPT must be defined"
-#endif
-
-#ifdef MCUBOOT_USE_MBED_TLS
- #include <mbedtls/sha256.h>
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-#ifdef MCUBOOT_USE_TINYCRYPT
- #include <tinycrypt/sha256.h>
-#endif /* MCUBOOT_USE_TINYCRYPT */
+#include <mbedtls/sha256.h>
#include <stdint.h>
@@ -55,7 +35,6 @@
extern "C" {
#endif
-#ifdef MCUBOOT_USE_MBED_TLS
typedef mbedtls_sha256_context bootutil_sha256_context;
static inline void bootutil_sha256_init(bootutil_sha256_context *ctx)
@@ -76,28 +55,6 @@
{
mbedtls_sha256_finish(ctx, output);
}
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-#ifdef MCUBOOT_USE_TINYCRYPT
-typedef struct tc_sha256_state_struct bootutil_sha256_context;
-static inline void bootutil_sha256_init(bootutil_sha256_context *ctx)
-{
- tc_sha256_init(ctx);
-}
-
-static inline void bootutil_sha256_update(bootutil_sha256_context *ctx,
- const void *data,
- uint32_t data_len)
-{
- tc_sha256_update(ctx, data, data_len);
-}
-
-static inline void bootutil_sha256_finish(bootutil_sha256_context *ctx,
- uint8_t *output)
-{
- tc_sha256_final(output, ctx);
-}
-#endif /* MCUBOOT_USE_TINYCRYPT */
#ifdef __cplusplus
}
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
index bf4e9b8..494879c 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
@@ -22,11 +22,8 @@
#include <inttypes.h>
#include <stddef.h>
-#include "sysflash/sysflash.h"
-#include "hal/hal_bsp.h"
#include "hal/hal_flash.h"
#include "flash_map/flash_map.h"
-#include "os/os.h"
#include "bootutil/image.h"
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
@@ -43,7 +40,7 @@
0x8079b62c,
};
-const uint32_t BOOT_MAGIC_SZ = sizeof boot_img_magic;
+const uint32_t BOOT_MAGIC_SZ = sizeof(boot_img_magic);
const uint32_t BOOT_MAX_ALIGN = MAX_FLASH_ALIGN;
struct boot_swap_table {
@@ -95,7 +92,7 @@
};
#define BOOT_SWAP_TABLES_COUNT \
- (sizeof boot_swap_tables / sizeof boot_swap_tables[0])
+ (sizeof(boot_swap_tables) / sizeof(boot_swap_tables[0]))
int
boot_magic_code(const uint32_t *magic)
@@ -106,7 +103,7 @@
return BOOT_MAGIC_GOOD;
}
- for (i = 0; i < BOOT_MAGIC_SZ / sizeof *magic; i++) {
+ for (i = 0; i < BOOT_MAGIC_SZ / sizeof(*magic); i++) {
if (magic[i] != 0xffffffff) {
return BOOT_MAGIC_BAD;
}
@@ -217,14 +214,15 @@
if (fap->fa_id != FLASH_AREA_IMAGE_SCRATCH) {
off = boot_copy_done_off(fap);
- rc = flash_area_read(fap, off, &state->copy_done, sizeof state->copy_done);
+ rc = flash_area_read(fap, off, &state->copy_done,
+ sizeof(state->copy_done));
if (rc != 0) {
return BOOT_EFLASH;
}
}
off = boot_image_ok_off(fap);
- rc = flash_area_read(fap, off, &state->image_ok, sizeof state->image_ok);
+ rc = flash_area_read(fap, off, &state->image_ok, sizeof(state->image_ok));
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -310,7 +308,7 @@
}
off = boot_swap_size_off(fap);
- rc = flash_area_read(fap, off, swap_size, sizeof *swap_size);
+ rc = flash_area_read(fap, off, swap_size, sizeof(*swap_size));
if (rc != 0) {
rc = BOOT_EFLASH;
}
@@ -392,11 +390,11 @@
off = boot_swap_size_off(fap);
align = hal_flash_align(fap->fa_device_id);
assert(align <= BOOT_MAX_ALIGN);
- if (align < sizeof swap_size) {
- align = sizeof swap_size;
+ if (align < sizeof(swap_size)) {
+ align = sizeof(swap_size);
}
memset(buf, 0xFF, BOOT_MAX_ALIGN);
- memcpy(buf, (uint8_t *)&swap_size, sizeof swap_size);
+ memcpy(buf, (uint8_t *)&swap_size, sizeof(swap_size));
rc = flash_area_write(fap, off, buf, align);
if (rc != 0) {
@@ -463,7 +461,7 @@
int
boot_set_pending(int permanent)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
struct boot_swap_state state_slot1;
int rc;
@@ -500,14 +498,15 @@
}
/**
- * Marks the image in slot 0 as confirmed. The system will continue booting into the image in slot 0 until told to boot from a different slot.
+ * Marks the image in slot 0 as confirmed. The system will continue booting
+ * into the image in slot 0 until told to boot from a different slot.
*
- * @return 0 on success; nonzero on failure.
+ * @return 0 on success; non-zero on failure.
*/
int
boot_set_confirmed(void)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
struct boot_swap_state state_slot0;
int rc;
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
index c1cf779..4753673 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
@@ -20,7 +20,6 @@
#ifndef H_BOOTUTIL_PRIV_
#define H_BOOTUTIL_PRIV_
-#include "sysflash/sysflash.h"
#include "flash_map/flash_map.h"
#include "bootutil/image.h"
diff --git a/bl2/ext/mcuboot/bootutil/src/caps.c b/bl2/ext/mcuboot/bootutil/src/caps.c
index 61d4f3f..e92e881 100644
--- a/bl2/ext/mcuboot/bootutil/src/caps.c
+++ b/bl2/ext/mcuboot/bootutil/src/caps.c
@@ -23,12 +23,6 @@
#if defined(MCUBOOT_SIGN_RSA)
res |= BOOTUTIL_CAP_RSA2048;
#endif
-#if defined(MCUBOOT_SIGN_EC)
- res |= BOOTUTIL_CAP_ECDSA_P224;
-#endif
-#if defined(MCUBOOT_SIGN_EC256)
- res |= BOOTUTIL_CAP_ECDSA_P256;
-#endif
#if defined(MCUBOOT_OVERWRITE_ONLY)
res |= BOOTUTIL_CAP_OVERWRITE_UPGRADE;
#else
diff --git a/bl2/ext/mcuboot/bootutil/src/image_rsa.c b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
index 88ec784..4a472d5 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_rsa.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
@@ -19,10 +19,6 @@
#include <string.h>
-#ifdef MCUBOOT_MYNEWT
-#include "mcuboot_config/mcuboot_config.h"
-#endif
-
#ifdef MCUBOOT_SIGN_RSA
#include "bootutil/sign_key.h"
#include "bootutil/sha256.h"
@@ -68,11 +64,12 @@
static int
bootutil_parse_rsakey(mbedtls_rsa_context *ctx, uint8_t **p, uint8_t *end)
{
- int rc;
+ int rc, rc2;
size_t len;
- if ((rc = mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+ rc = mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (rc != 0) {
return -1;
}
@@ -80,8 +77,9 @@
return -2;
}
- if ((rc = mbedtls_asn1_get_mpi(p, end, &ctx->N)) != 0 ||
- (rc = mbedtls_asn1_get_mpi(p, end, &ctx->E)) != 0) {
+ rc = mbedtls_asn1_get_mpi(p, end, &ctx->N);
+ rc2 = mbedtls_asn1_get_mpi(p, end, &ctx->E);
+ if ((rc != 0) || (rc2 != 0)) {
return -3;
}
@@ -89,7 +87,8 @@
return -4;
}
- if ((rc = mbedtls_rsa_check_pubkey(ctx)) != 0) {
+ rc = mbedtls_rsa_check_pubkey(ctx);
+ if (rc != 0) {
return -5;
}
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index 5b2b9a0..2dca5bd 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c
@@ -28,16 +28,10 @@
#include "bootutil/sha256.h"
#include "bootutil/sign_key.h"
-#ifdef MCUBOOT_MYNEWT
-#include "mcuboot_config/mcuboot_config.h"
-#endif
-
#ifdef MCUBOOT_SIGN_RSA
#include "mbedtls/rsa.h"
#endif
-#if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
-#include "mbedtls/ecdsa.h"
-#endif
+
#include "mbedtls/asn1.h"
#include "bootutil_priv.h"
@@ -60,7 +54,7 @@
/* in some cases (split image) the hash is seeded with data from
* the loader image */
- if(seed && (seed_len > 0)) {
+ if (seed && (seed_len > 0)) {
bootutil_sha256_update(&sha256_ctx, seed, seed_len);
}
@@ -96,18 +90,6 @@
#if defined(MCUBOOT_SIGN_RSA)
# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
# define EXPECTED_SIG_LEN(x) ((x) == 256) /* 2048 bits */
-# if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
-# error "Multiple signature types not yet supported"
-# endif
-#elif defined(MCUBOOT_SIGN_EC)
-# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
-# define EXPECTED_SIG_LEN(x) ((x) >= 64) /* oids + 2 * 28 bytes */
-# if defined(MCUBOOT_SIGN_EC256)
-# error "Multiple signature types not yet supported"
-# endif
-#elif defined(MCUBOOT_SIGN_EC256)
-# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
-# define EXPECTED_SIG_LEN(x) ((x) >= 72) /* oids + 2 * 32 bytes */
#endif
#ifdef EXPECTED_SIG_TLV
@@ -153,7 +135,7 @@
#endif
struct image_tlv tlv;
uint8_t buf[256];
- uint8_t hash[32];
+ uint8_t hash[32] = {0};
int rc;
rc = bootutil_img_hash(hdr, fap, tmp_buf, tmp_buf_sz, hash,
@@ -185,7 +167,7 @@
* and are able to do.
*/
for (; off < end; off += sizeof(tlv) + tlv.it_len) {
- rc = flash_area_read(fap, off, &tlv, sizeof tlv);
+ rc = flash_area_read(fap, off, &tlv, sizeof(tlv));
if (rc) {
return rc;
}
@@ -198,7 +180,7 @@
if (tlv.it_len != sizeof(hash)) {
return -1;
}
- rc = flash_area_read(fap, off + sizeof(tlv), buf, sizeof hash);
+ rc = flash_area_read(fap, off + sizeof(tlv), buf, sizeof(hash));
if (rc) {
return rc;
}
@@ -215,7 +197,7 @@
if (tlv.it_len > 32) {
return -1;
}
- rc = flash_area_read(fap, off + sizeof tlv, buf, tlv.it_len);
+ rc = flash_area_read(fap, off + sizeof(tlv), buf, tlv.it_len);
if (rc) {
return rc;
}
@@ -237,7 +219,8 @@
if (rc) {
return -1;
}
- rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len, key_id);
+ rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len,
+ key_id);
if (rc == 0) {
valid_signature = 1;
}
diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c
index 30ac131..d091ec5 100644
--- a/bl2/ext/mcuboot/bootutil/src/loader.c
+++ b/bl2/ext/mcuboot/bootutil/src/loader.c
@@ -17,6 +17,12 @@
* under the License.
*/
+/*
+ Original code taken from mcuboot project at:
+ https://github.com/runtimeco/mcuboot
+ Modifications are Copyright (c) 2018 Arm Limited.
+ */
+
/**
* This file provides an interface to the boot loader. Functions defined in
* this file should only be called while the boot loader is running.
@@ -37,10 +43,6 @@
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_INFO
#include "bootutil/bootutil_log.h"
-#ifdef MCUBOOT_MYNEWT
-#include "mcuboot_config/mcuboot_config.h"
-#endif
-
static struct boot_loader_state boot_data;
struct boot_status_table {
@@ -124,7 +126,7 @@
};
#define BOOT_STATUS_TABLES_COUNT \
- (sizeof boot_status_tables / sizeof boot_status_tables[0])
+ (sizeof(boot_status_tables) / sizeof(boot_status_tables[0]))
#define BOOT_LOG_SWAP_STATE(area, state) \
BOOT_LOG_INF("%s: magic=%s, copy_done=0x%x, image_ok=0x%x", \
@@ -136,11 +138,12 @@
(state)->image_ok)
/**
- * Determines where in flash the most recent boot status is stored. The boot
+ * Determines where in flash the most recent boot status is stored. The boot
* status is necessary for completing a swap that was interrupted by a boot
* loader reset.
*
- * @return A BOOT_STATUS_SOURCE_[...] code indicating where * status should be read from.
+ * @return BOOT_STATUS_SOURCE_[...] code indicating where
+ * status should be read from.
*/
static int
boot_status_source(void)
@@ -198,9 +201,9 @@
post_swap_type = boot_swap_type();
switch (post_swap_type) {
- case BOOT_SWAP_TYPE_NONE : return BOOT_SWAP_TYPE_PERM;
- case BOOT_SWAP_TYPE_REVERT : return BOOT_SWAP_TYPE_TEST;
- case BOOT_SWAP_TYPE_PANIC : return BOOT_SWAP_TYPE_PANIC;
+ case BOOT_SWAP_TYPE_NONE: return BOOT_SWAP_TYPE_PERM;
+ case BOOT_SWAP_TYPE_REVERT: return BOOT_SWAP_TYPE_TEST;
+ case BOOT_SWAP_TYPE_PANIC: return BOOT_SWAP_TYPE_PANIC;
}
return BOOT_SWAP_TYPE_FAIL;
@@ -214,7 +217,7 @@
static int
boot_read_image_size(int slot, struct image_header *hdr, uint32_t *size)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
struct image_tlv_info info;
int area_id;
int rc;
@@ -248,7 +251,7 @@
static int
boot_read_image_header(int slot, struct image_header *out_hdr)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
int area_id;
int rc;
@@ -259,7 +262,7 @@
goto done;
}
- rc = flash_area_read(fap, 0, out_hdr, sizeof *out_hdr);
+ rc = flash_area_read(fap, 0, out_hdr, sizeof(*out_hdr));
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
@@ -432,7 +435,7 @@
int area_id;
int rc;
- memset(bs, 0, sizeof *bs);
+ memset(bs, 0, sizeof(*bs));
status_loc = boot_status_source();
switch (status_loc) {
@@ -474,7 +477,7 @@
int
boot_write_status(struct boot_status *bs)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
uint32_t off;
int area_id;
int rc;
@@ -537,35 +540,6 @@
}
static int
-split_image_check(struct image_header *app_hdr,
- const struct flash_area *app_fap,
- struct image_header *loader_hdr,
- const struct flash_area *loader_fap)
-{
- static void *tmpbuf;
- uint8_t loader_hash[32];
-
- if (!tmpbuf) {
- tmpbuf = malloc(BOOT_TMPBUF_SZ);
- if (!tmpbuf) {
- return BOOT_ENOMEM;
- }
- }
-
- if (bootutil_img_validate(loader_hdr, loader_fap, tmpbuf, BOOT_TMPBUF_SZ,
- NULL, 0, loader_hash)) {
- return BOOT_EBADIMAGE;
- }
-
- if (bootutil_img_validate(app_hdr, app_fap, tmpbuf, BOOT_TMPBUF_SZ,
- loader_hash, 32, NULL)) {
- return BOOT_EBADIMAGE;
- }
-
- return 0;
-}
-
-static int
boot_validate_slot(int slot)
{
const struct flash_area *fap;
@@ -682,7 +656,7 @@
static int
boot_erase_sector(int flash_area_id, uint32_t off, uint32_t sz)
{
- const struct flash_area *fap;
+ const struct flash_area *fap = NULL;
int rc;
rc = flash_area_open(flash_area_id, &fap);
@@ -747,8 +721,8 @@
bytes_copied = 0;
while (bytes_copied < sz) {
- if (sz - bytes_copied > sizeof buf) {
- chunk_sz = sizeof buf;
+ if (sz - bytes_copied > sizeof(buf)) {
+ chunk_sz = sizeof(buf);
} else {
chunk_sz = sz - bytes_copied;
}
@@ -1250,6 +1224,7 @@
*/
static boot_sector_t slot0_sectors[BOOT_MAX_IMG_SECTORS];
static boot_sector_t slot1_sectors[BOOT_MAX_IMG_SECTORS];
+
boot_data.imgs[0].sectors = slot0_sectors;
boot_data.imgs[1].sectors = slot1_sectors;
@@ -1289,7 +1264,8 @@
* The following states need image_ok be explicitly set after the
* swap was finished to avoid a new revert.
*/
- if (swap_type == BOOT_SWAP_TYPE_REVERT || swap_type == BOOT_SWAP_TYPE_FAIL) {
+ if (swap_type == BOOT_SWAP_TYPE_REVERT ||
+ swap_type == BOOT_SWAP_TYPE_FAIL) {
#ifndef MCUBOOT_OVERWRITE_ONLY
rc = boot_set_image_ok();
if (rc != 0) {
@@ -1337,7 +1313,8 @@
assert(0);
/* Loop forever... */
- while (1) {}
+ while (1)
+ ;
}
#ifdef MCUBOOT_VALIDATE_SLOT0
@@ -1376,65 +1353,3 @@
}
return rc;
}
-
-int
-split_go(int loader_slot, int split_slot, void **entry)
-{
- boot_sector_t *sectors;
- uintptr_t entry_val;
- int loader_flash_id;
- int split_flash_id;
- int rc;
-
- sectors = malloc(BOOT_MAX_IMG_SECTORS * 2 * sizeof *sectors);
- if (sectors == NULL) {
- return SPLIT_GO_ERR;
- }
- boot_data.imgs[loader_slot].sectors = sectors + 0;
- boot_data.imgs[split_slot].sectors = sectors + BOOT_MAX_IMG_SECTORS;
-
- loader_flash_id = flash_area_id_from_image_slot(loader_slot);
- rc = flash_area_open(loader_flash_id,
- &BOOT_IMG_AREA(&boot_data, split_slot));
- assert(rc == 0);
- split_flash_id = flash_area_id_from_image_slot(split_slot);
- rc = flash_area_open(split_flash_id,
- &BOOT_IMG_AREA(&boot_data, split_slot));
- assert(rc == 0);
-
- /* Determine the sector layout of the image slots and scratch area. */
- rc = boot_read_sectors();
- if (rc != 0) {
- rc = SPLIT_GO_ERR;
- goto done;
- }
-
- rc = boot_read_image_headers();
- if (rc != 0) {
- goto done;
- }
-
- /* Don't check the bootable image flag because we could really call a
- * bootable or non-bootable image. Just validate that the image check
- * passes which is distinct from the normal check.
- */
- rc = split_image_check(boot_img_hdr(&boot_data, split_slot),
- BOOT_IMG_AREA(&boot_data, split_slot),
- boot_img_hdr(&boot_data, loader_slot),
- BOOT_IMG_AREA(&boot_data, loader_slot));
- if (rc != 0) {
- rc = SPLIT_GO_NON_MATCHING;
- goto done;
- }
-
- entry_val = boot_img_slot_off(&boot_data, split_slot) +
- boot_img_hdr(&boot_data, split_slot)->ih_hdr_size;
- *entry = (void *) entry_val;
- rc = SPLIT_GO_OK;
-
-done:
- flash_area_close(BOOT_IMG_AREA(&boot_data, split_slot));
- flash_area_close(BOOT_IMG_AREA(&boot_data, loader_slot));
- free(sectors);
- return rc;
-}