Boot: Introduce new protected TLV format
Introduce new protected TLV format in MCUBoot as part of a partial
synchronization with the mainstream MCUBoot repository. The hash of the
source commit: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4.
Adapt image.py Python script to the new TLV format.
Change-Id: I760927cea3fbc66536623c1ed6606debb97a2e74
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
index 870420e..e295fa8 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
@@ -20,7 +20,7 @@
/*
* Original code taken from mcuboot project at:
* https://github.com/JuulLabs-OSS/mcuboot
- * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
+ * Git SHA of the original version: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4
* Modifications are Copyright (c) 2019 Arm Limited.
*/
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
index b577e41..5d5e19d 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
@@ -20,7 +20,7 @@
/*
* Original code taken from mcuboot project at:
* https://github.com/JuulLabs-OSS/mcuboot
- * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
+ * Git SHA of the original version: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4
* Modifications are Copyright (c) 2018-2019 Arm Limited.
*/
diff --git a/bl2/ext/mcuboot/bootutil/src/image_rsa.c b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
index 0a05a6a..9aaf403 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_rsa.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_rsa.c
@@ -20,7 +20,7 @@
/*
* Original code taken from mcuboot project at:
* https://github.com/JuulLabs-OSS/mcuboot
- * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
+ * Git SHA of the original version: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4
* Modifications are Copyright (c) 2018-2019 Arm Limited.
*/
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index 83bf50e..3b18010 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c
@@ -20,7 +20,7 @@
/*
* Original code taken from mcuboot project at:
* https://github.com/JuulLabs-OSS/mcuboot
- * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
+ * Git SHA of the original version: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4
* Modifications are Copyright (c) 2018-2019 Arm Limited.
*/
@@ -77,12 +77,8 @@
/* Hash is computed over image header and image itself. */
size = BOOT_TLV_OFF(hdr);
- /* If protected TLVs are present (e.g. security counter TLV) then the
- * TLV info header and these TLVs must be included in the hash calculation.
- */
- if (hdr->ih_protect_tlv_size != 0) {
- size += hdr->ih_protect_tlv_size;
- }
+ /* If protected TLVs are present they are also hashed. */
+ size += hdr->ih_protect_tlv_size;
#ifdef MCUBOOT_RAM_LOADING
bootutil_sha256_update(&sha256_ctx,(void*)(hdr->ih_load_addr), size);
diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c
index c2b1b5f..ab25e43 100644
--- a/bl2/ext/mcuboot/bootutil/src/loader.c
+++ b/bl2/ext/mcuboot/bootutil/src/loader.c
@@ -20,7 +20,7 @@
/*
* Original code taken from mcuboot project at:
* https://github.com/JuulLabs-OSS/mcuboot
- * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
+ * Git SHA of the original version: 510fddb8e06d76e2442b2a4603d3e1cbefe28be4
* Modifications are Copyright (c) 2018-2019 Arm Limited.
*/
@@ -545,6 +545,7 @@
const struct flash_area *fap = NULL;
struct image_tlv_info info;
uint32_t off;
+ uint32_t protect_tlv_size;
int area_id;
int rc;
@@ -566,12 +567,28 @@
goto done;
}
+ protect_tlv_size = boot_img_hdr(state, slot)->ih_protect_tlv_size;
+ if (info.it_magic == IMAGE_TLV_PROT_INFO_MAGIC) {
+ if (protect_tlv_size != info.it_tlv_tot) {
+ rc = BOOT_EBADIMAGE;
+ goto done;
+ }
+
+ if (flash_area_read(fap, off + info.it_tlv_tot, &info, sizeof(info))) {
+ rc = BOOT_EFLASH;
+ goto done;
+ }
+ } else if (protect_tlv_size != 0) {
+ rc = BOOT_EBADIMAGE;
+ goto done;
+ }
+
if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
rc = BOOT_EBADIMAGE;
goto done;
}
- *size = off + info.it_tlv_tot;
+ *size = off + protect_tlv_size + info.it_tlv_tot;
rc = 0;
done:
diff --git a/bl2/ext/mcuboot/bootutil/src/tlv.c b/bl2/ext/mcuboot/bootutil/src/tlv.c
index 5d3d32c..3665e82 100644
--- a/bl2/ext/mcuboot/bootutil/src/tlv.c
+++ b/bl2/ext/mcuboot/bootutil/src/tlv.c
@@ -49,6 +49,19 @@
return -1;
}
+ if (info.it_magic == IMAGE_TLV_PROT_INFO_MAGIC) {
+ if (hdr->ih_protect_tlv_size != info.it_tlv_tot) {
+ return -1;
+ }
+
+ if (LOAD_IMAGE_DATA(hdr, fap, off_ + info.it_tlv_tot,
+ &info, sizeof(info))) {
+ return -1;
+ }
+ } else if (hdr->ih_protect_tlv_size != 0) {
+ return -1;
+ }
+
if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
return -1;
}
@@ -57,10 +70,10 @@
it->fap = fap;
it->type = type;
it->prot = prot;
- off_ += sizeof(info);
- it->tlv_off = off_;
- it->prot_len = off_ + it->hdr->ih_protect_tlv_size;
- it->tlv_end = off_ + info.it_tlv_tot;
+ it->prot_end = off_ + it->hdr->ih_protect_tlv_size;
+ it->tlv_end = off_ + it->hdr->ih_protect_tlv_size + info.it_tlv_tot;
+ // position on first TLV
+ it->tlv_off = off_ + sizeof(info);
return 0;
}
@@ -88,13 +101,17 @@
}
while (it->tlv_off < it->tlv_end) {
+ if (it->hdr->ih_protect_tlv_size > 0 && it->tlv_off == it->prot_end) {
+ it->tlv_off += sizeof(struct image_tlv_info);
+ }
+
rc = LOAD_IMAGE_DATA(it->hdr, it->fap, it->tlv_off, &tlv, sizeof tlv);
if (rc) {
return -1;
}
/* No more TLVs in the protected area */
- if (it->prot && it->tlv_off >= it->prot_len) {
+ if (it->prot && it->tlv_off >= it->prot_end) {
return 1;
}