Boot: integrate MCUBoot with TF-M to act as a BL2 bootloader
Modifications in MCUBoot to be aligned with BL2 requirements in TF-M:
-- OS dependency was removed, no need to copy any OS repo to build it
-- CMSIS serial driver is used
-- flash driver interface is aligned with original version
-- S and NS images are handeled as a single binary blob
-- automatic image concatenation and signing at build time
-- authentication based on SHA256 and RSA-2048 digital signature
-- mbedTLS library is used for cryptographic operation
-- static analyser warnings fixed in some files
Change-Id: I54891762eac8d0df634e954ff19a9505b16f3028
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
diff --git a/bl2/ext/mcuboot/include/bl2_util.h b/bl2/ext/mcuboot/include/bl2_util.h
new file mode 100644
index 0000000..334c2a0
--- /dev/null
+++ b/bl2/ext/mcuboot/include/bl2_util.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2011-2014, Wind River Systems, Inc.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#ifndef __BL2_UTIL_H__
+#define __BL2_UTIL_H__
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+#include <stddef.h>
+
+ /* Evaluates to 0 if cond is true-ish; compile error otherwise */
+#define ZERO_OR_COMPILE_ERROR(cond) ((int) sizeof(char[1 - 2 * !(cond)]) - 1)
+
+ /* Evaluates to 0 if array is an array; compile error if not array (e.g.
+ * pointer)
+ */
+#define IS_ARRAY(array) \
+ ZERO_OR_COMPILE_ERROR(!__builtin_types_compatible_p(__typeof__(array), \
+ __typeof__(&(array)[0])))
+
+#define ARRAY_SIZE(array) \
+ ((unsigned long) (IS_ARRAY(array) + \
+ (sizeof(array) / sizeof((array)[0]))))
+
+#define CONTAINER_OF(ptr, type, field) \
+ ((type *)(((char *)(ptr)) - offsetof(type, field)))
+
+struct device {
+ int device_id;
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BL2_UTIL_H__ */
+
diff --git a/bl2/ext/mcuboot/include/config-boot.h b/bl2/ext/mcuboot/include/config-boot.h
index a81a02f..44dbac1 100644
--- a/bl2/ext/mcuboot/include/config-boot.h
+++ b/bl2/ext/mcuboot/include/config-boot.h
@@ -23,7 +23,7 @@
/*
* Minimal configuration for using TLS in the bootloader
*
- * - RSA or ECDSA signature verification
+ * - RSA signature verification
*/
#ifndef MBEDTLS_CONFIG_BOOT_H
@@ -55,16 +55,6 @@
#define MBEDTLS_TEST_NULL_ENTROPY
#endif
-/* mbed TLS feature support */
-#ifdef CONFIG_BOOT_VERIFY_ECDSA_SIGNATURE
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_ECP_NIST_OPTIM
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#endif
-
#ifdef CONFIG_BOOT_VERIFY_RSA_SIGNATURE
#define MBEDTLS_RSA_C
#define MBEDTLS_PKCS1_V15
diff --git a/bl2/ext/mcuboot/include/flash_map/flash_map.h b/bl2/ext/mcuboot/include/flash_map/flash_map.h
index 506f266..2eba8e2 100644
--- a/bl2/ext/mcuboot/include/flash_map/flash_map.h
+++ b/bl2/ext/mcuboot/include/flash_map/flash_map.h
@@ -17,6 +17,12 @@
* under the License.
*/
+/*
+ Original code taken from mcuboot project at:
+ https://github.com/runtimeco/mcuboot
+ Modifications are Copyright (c) 2018 Arm Limited.
+ */
+
#ifndef H_UTIL_FLASH_MAP_
#define H_UTIL_FLASH_MAP_
@@ -43,6 +49,10 @@
*/
#include <inttypes.h>
+#define FLASH_AREA_IMAGE_0 1
+#define FLASH_AREA_IMAGE_1 2
+#define FLASH_AREA_IMAGE_SCRATCH 3
+
/**
* @brief Structure describing an area on a flash device.
*
@@ -107,23 +117,25 @@
/*
* Start using flash area.
*/
-int flash_area_open(uint8_t id, const struct flash_area **);
+int flash_area_open(uint8_t id, const struct flash_area **area);
-void flash_area_close(const struct flash_area *);
+void flash_area_close(const struct flash_area *area);
/*
* Read/write/erase. Offset is relative from beginning of flash area.
*/
-int flash_area_read(const struct flash_area *, uint32_t off, void *dst,
- uint32_t len);
-int flash_area_write(const struct flash_area *, uint32_t off, const void *src,
- uint32_t len);
-int flash_area_erase(const struct flash_area *, uint32_t off, uint32_t len);
+int flash_area_read(const struct flash_area *area, uint32_t off, void *dst,
+ uint32_t len);
+
+int flash_area_write(const struct flash_area *area, uint32_t off,
+ const void *src, uint32_t len);
+
+int flash_area_erase(const struct flash_area *area, uint32_t off, uint32_t len);
/*
* Alignment restriction for flash writes.
*/
-uint8_t flash_area_align(const struct flash_area *);
+uint8_t flash_area_align(const struct flash_area *area);
/*
* Given flash area ID, return info about sectors within the area.
@@ -140,6 +152,7 @@
int flash_area_id_from_image_slot(int slot);
int flash_area_id_to_image_slot(int area_id);
+void flash_area_warn_on_open(void);
#ifdef __cplusplus
}
diff --git a/bl2/ext/mcuboot/include/target.h b/bl2/ext/mcuboot/include/target.h
index 9ccc032..6f85e5b 100644
--- a/bl2/ext/mcuboot/include/target.h
+++ b/bl2/ext/mcuboot/include/target.h
@@ -7,41 +7,9 @@
#define H_TARGETS_TARGET_
#if defined(MCUBOOT_TARGET_CONFIG)
-/*
- * Target-specific definitions are permitted in legacy cases that
- * don't provide the information via DTS, etc.
- */
#include MCUBOOT_TARGET_CONFIG
#else
-/*
- * Otherwise, the Zephyr SoC header and the DTS provide most
- * everything we need.
- */
-#include <soc.h>
-
-#define FLASH_ALIGN FLASH_WRITE_BLOCK_SIZE
-
-/*
- * TODO: remove soc_family_kinetis.h once its flash driver supports
- * FLASH_PAGE_LAYOUT.
- */
-#if defined(CONFIG_SOC_FAMILY_KINETIS)
-#include "soc_family_kinetis.h"
-#endif
-#endif /* !defined(MCUBOOT_TARGET_CONFIG) */
-
-/*
- * Sanity check the target support.
- */
-#if !defined(FLASH_DRIVER_NAME) || \
- !defined(FLASH_ALIGN) || \
- !defined(FLASH_AREA_IMAGE_0_OFFSET) || \
- !defined(FLASH_AREA_IMAGE_0_SIZE) || \
- !defined(FLASH_AREA_IMAGE_1_OFFSET) || \
- !defined(FLASH_AREA_IMAGE_1_SIZE) || \
- !defined(FLASH_AREA_IMAGE_SCRATCH_OFFSET) || \
- !defined(FLASH_AREA_IMAGE_SCRATCH_SIZE)
-#error "Target support is incomplete; cannot build mcuboot."
+#error "Board is currently not supported by bootloader"
#endif
#endif
diff --git a/bl2/ext/mcuboot/include/util.h b/bl2/ext/mcuboot/include/util.h
deleted file mode 100644
index ba29386..0000000
--- a/bl2/ext/mcuboot/include/util.h
+++ /dev/null
@@ -1,309 +0,0 @@
-/*
- * Copyright (c) 2011-2014, Wind River Systems, Inc.
- *
- * SPDX-License-Identifier: Apache-2.0
- */
-
-/**
- * @file
- * @brief Misc utilities
- *
- * Misc utilities usable by the kernel and application code.
- */
-
-#ifndef _UTIL__H_
-#define _UTIL__H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#ifndef _ASMLANGUAGE
-
-#include <zephyr/types.h>
-
-/* Helper to pass a int as a pointer or vice-versa.
- * Those are available for 32 bits architectures:
- */
-#define POINTER_TO_UINT(x) ((u32_t) (x))
-#define UINT_TO_POINTER(x) ((void *) (x))
-#define POINTER_TO_INT(x) ((s32_t) (x))
-#define INT_TO_POINTER(x) ((void *) (x))
-
-/* Evaluates to 0 if cond is true-ish; compile error otherwise */
-#define ZERO_OR_COMPILE_ERROR(cond) ((int) sizeof(char[1 - 2 * !(cond)]) - 1)
-
-/* Evaluates to 0 if array is an array; compile error if not array (e.g.
- * pointer)
- */
-#define IS_ARRAY(array) \
- ZERO_OR_COMPILE_ERROR( \
- !__builtin_types_compatible_p(__typeof__(array), \
- __typeof__(&(array)[0])))
-
-/* Evaluates to number of elements in an array; compile error if not
- * an array (e.g. pointer)
- */
-#define ARRAY_SIZE(array) \
- ((unsigned long) (IS_ARRAY(array) + \
- (sizeof(array) / sizeof((array)[0]))))
-
-/* Evaluates to 1 if ptr is part of array, 0 otherwise; compile error if
- * "array" argument is not an array (e.g. "ptr" and "array" mixed up)
- */
-#define PART_OF_ARRAY(array, ptr) \
- ((ptr) && ((ptr) >= &array[0] && (ptr) < &array[ARRAY_SIZE(array)]))
-
-#define CONTAINER_OF(ptr, type, field) \
- ((type *)(((char *)(ptr)) - offsetof(type, field)))
-
-/* round "x" up/down to next multiple of "align" (which must be a power of 2) */
-#define ROUND_UP(x, align) \
- (((unsigned long)(x) + ((unsigned long)align - 1)) & \
- ~((unsigned long)align - 1))
-#define ROUND_DOWN(x, align) ((unsigned long)(x) & ~((unsigned long)align - 1))
-
-#define ceiling_fraction(numerator, divider) \
- (((numerator) + ((divider) - 1)) / (divider))
-
-#ifdef INLINED
-#define INLINE inline
-#else
-#define INLINE
-#endif
-
-#ifndef max
-#define max(a, b) (((a) > (b)) ? (a) : (b))
-#endif
-
-#ifndef min
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-#endif
-
-static inline int is_power_of_two(unsigned int x)
-{
- return (x != 0) && !(x & (x - 1));
-}
-
-static inline s64_t arithmetic_shift_right(s64_t value, u8_t shift)
-{
- s64_t sign_ext;
-
- if (shift == 0) {
- return value;
- }
-
- /* extract sign bit */
- sign_ext = (value >> 63) & 1;
-
- /* make all bits of sign_ext be the same as the value's sign bit */
- sign_ext = -sign_ext;
-
- /* shift value and fill opened bit positions with sign bit */
- return (value >> shift) | (sign_ext << (64 - shift));
-}
-
-#endif /* !_ASMLANGUAGE */
-
-/* KB, MB, GB */
-#define KB(x) ((x) << 10)
-#define MB(x) (KB(x) << 10)
-#define GB(x) (MB(x) << 10)
-
-/* KHZ, MHZ */
-#define KHZ(x) ((x) * 1000)
-#define MHZ(x) (KHZ(x) * 1000)
-
-#ifndef BIT
-#define BIT(n) (1UL << (n))
-#endif
-
-#define BIT_MASK(n) (BIT(n) - 1)
-
-/**
- * @brief Check for macro definition in compiler-visible expressions
- *
- * This trick was pioneered in Linux as the config_enabled() macro.
- * The madness has the effect of taking a macro value that may be
- * defined to "1" (e.g. CONFIG_MYFEATURE), or may not be defined at
- * all and turning it into a literal expression that can be used at
- * "runtime". That is, it works similarly to
- * "defined(CONFIG_MYFEATURE)" does except that it is an expansion
- * that can exist in a standard expression and be seen by the compiler
- * and optimizer. Thus much ifdef usage can be replaced with cleaner
- * expressions like:
- *
- * if (IS_ENABLED(CONFIG_MYFEATURE))
- * myfeature_enable();
- *
- * INTERNAL
- * First pass just to expand any existing macros, we need the macro
- * value to be e.g. a literal "1" at expansion time in the next macro,
- * not "(1)", etc... Standard recursive expansion does not work.
- */
-#define IS_ENABLED(config_macro) _IS_ENABLED1(config_macro)
-
-/* Now stick on a "_XXXX" prefix, it will now be "_XXXX1" if config_macro
- * is "1", or just "_XXXX" if it's undefined.
- * ENABLED: _IS_ENABLED2(_XXXX1)
- * DISABLED _IS_ENABLED2(_XXXX)
- */
-#define _IS_ENABLED1(config_macro) _IS_ENABLED2(_XXXX##config_macro)
-
-/* Here's the core trick, we map "_XXXX1" to "_YYYY," (i.e. a string
- * with a trailing comma), so it has the effect of making this a
- * two-argument tuple to the preprocessor only in the case where the
- * value is defined to "1"
- * ENABLED: _YYYY, <--- note comma!
- * DISABLED: _XXXX
- */
-#define _XXXX1 _YYYY,
-
-/* Then we append an extra argument to fool the gcc preprocessor into
- * accepting it as a varargs macro.
- * arg1 arg2 arg3
- * ENABLED: _IS_ENABLED3(_YYYY, 1, 0)
- * DISABLED _IS_ENABLED3(_XXXX 1, 0)
- */
-#define _IS_ENABLED2(one_or_two_args) _IS_ENABLED3(one_or_two_args 1, 0)
-
-/* And our second argument is thus now cooked to be 1 in the case
- * where the value is defined to 1, and 0 if not:
- */
-#define _IS_ENABLED3(ignore_this, val, ...) val
-
-/**
- * Macros for doing code-generation with the preprocessor.
- *
- * Generally it is better to generate code with the preprocessor than
- * to copy-paste code or to generate code with the build system /
- * python script's etc.
- *
- * http://stackoverflow.com/a/12540675
- */
-#define UTIL_EMPTY(...)
-#define UTIL_DEFER(...) __VA_ARGS__ UTIL_EMPTY()
-#define UTIL_OBSTRUCT(...) __VA_ARGS__ UTIL_DEFER(UTIL_EMPTY)()
-#define UTIL_EXPAND(...) __VA_ARGS__
-
-#define UTIL_EVAL(...) UTIL_EVAL1(UTIL_EVAL1(UTIL_EVAL1(__VA_ARGS__)))
-#define UTIL_EVAL1(...) UTIL_EVAL2(UTIL_EVAL2(UTIL_EVAL2(__VA_ARGS__)))
-#define UTIL_EVAL2(...) UTIL_EVAL3(UTIL_EVAL3(UTIL_EVAL3(__VA_ARGS__)))
-#define UTIL_EVAL3(...) UTIL_EVAL4(UTIL_EVAL4(UTIL_EVAL4(__VA_ARGS__)))
-#define UTIL_EVAL4(...) UTIL_EVAL5(UTIL_EVAL5(UTIL_EVAL5(__VA_ARGS__)))
-#define UTIL_EVAL5(...) __VA_ARGS__
-
-#define UTIL_CAT(a, ...) UTIL_PRIMITIVE_CAT(a, __VA_ARGS__)
-#define UTIL_PRIMITIVE_CAT(a, ...) a##__VA_ARGS__
-
-#define UTIL_INC(x) UTIL_PRIMITIVE_CAT(UTIL_INC_, x)
-#define UTIL_INC_0 1
-#define UTIL_INC_1 2
-#define UTIL_INC_2 3
-#define UTIL_INC_3 4
-#define UTIL_INC_4 5
-#define UTIL_INC_5 6
-#define UTIL_INC_6 7
-#define UTIL_INC_7 8
-#define UTIL_INC_8 9
-#define UTIL_INC_9 10
-#define UTIL_INC_10 11
-#define UTIL_INC_11 12
-#define UTIL_INC_12 13
-#define UTIL_INC_13 14
-#define UTIL_INC_14 15
-#define UTIL_INC_15 16
-#define UTIL_INC_16 17
-#define UTIL_INC_17 18
-#define UTIL_INC_18 19
-#define UTIL_INC_19 19
-
-#define UTIL_DEC(x) UTIL_PRIMITIVE_CAT(UTIL_DEC_, x)
-#define UTIL_DEC_0 0
-#define UTIL_DEC_1 0
-#define UTIL_DEC_2 1
-#define UTIL_DEC_3 2
-#define UTIL_DEC_4 3
-#define UTIL_DEC_5 4
-#define UTIL_DEC_6 5
-#define UTIL_DEC_7 6
-#define UTIL_DEC_8 7
-#define UTIL_DEC_9 8
-#define UTIL_DEC_10 9
-#define UTIL_DEC_11 10
-#define UTIL_DEC_12 11
-#define UTIL_DEC_13 12
-#define UTIL_DEC_14 13
-#define UTIL_DEC_15 14
-#define UTIL_DEC_16 15
-#define UTIL_DEC_17 16
-#define UTIL_DEC_18 17
-#define UTIL_DEC_19 18
-
-#define UTIL_CHECK_N(x, n, ...) n
-#define UTIL_CHECK(...) UTIL_CHECK_N(__VA_ARGS__, 0,)
-
-#define UTIL_NOT(x) UTIL_CHECK(UTIL_PRIMITIVE_CAT(UTIL_NOT_, x))
-#define UTIL_NOT_0 ~, 1,
-
-#define UTIL_COMPL(b) UTIL_PRIMITIVE_CAT(UTIL_COMPL_, b)
-#define UTIL_COMPL_0 1
-#define UTIL_COMPL_1 0
-
-#define UTIL_BOOL(x) UTIL_COMPL(UTIL_NOT(x))
-
-#define UTIL_IIF(c) UTIL_PRIMITIVE_CAT(UTIL_IIF_, c)
-#define UTIL_IIF_0(t, ...) __VA_ARGS__
-#define UTIL_IIF_1(t, ...) t
-
-#define UTIL_IF(c) UTIL_IIF(UTIL_BOOL(c))
-
-#define UTIL_EAT(...)
-#define UTIL_EXPAND(...) __VA_ARGS__
-#define UTIL_WHEN(c) UTIL_IF(c)(UTIL_EXPAND, UTIL_EAT)
-
-#define UTIL_REPEAT(count, macro, ...) \
- UTIL_WHEN(count) \
- ( \
- UTIL_OBSTRUCT(UTIL_REPEAT_INDIRECT) () \
- ( \
- UTIL_DEC(count), macro, __VA_ARGS__ \
- ) \
- UTIL_OBSTRUCT(macro) \
- ( \
- UTIL_DEC(count), __VA_ARGS__ \
- ) \
- )
-#define UTIL_REPEAT_INDIRECT() UTIL_REPEAT
-
-/**
- * Generates a sequence of code.
- * Useful for generating code like;
- *
- * NRF_PWM0, NRF_PWM1, NRF_PWM2,
- *
- * @arg LEN: The length of the sequence. Must be defined and less than
- * 20.
- *
- * @arg F(i, F_ARG): A macro function that accepts two arguments.
- * F is called repeatedly, the first argument
- * is the index in the sequence, and the second argument is the third
- * argument given to UTIL_LISTIFY.
- *
- * Example:
- *
- * \#define FOO(i, _) NRF_PWM ## i ,
- * { UTIL_LISTIFY(PWM_COUNT, FOO) }
- * // The above two lines will generate the below:
- * { NRF_PWM0 , NRF_PWM1 , }
- *
- * @note Calling UTIL_LISTIFY with undefined arguments has undefined
- * behaviour.
- */
-#define UTIL_LISTIFY(LEN, F, F_ARG) UTIL_EVAL(UTIL_REPEAT(LEN, F, F_ARG))
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* _UTIL__H_ */