commit 9ec0f540a9e9ddb1f72d6aa36588e632de15209b
author David Vincze <david.vincze@arm.com> Wed Jul 03 18:09:47 2019 +0200
committer David Vincze <david.vincze@arm.com> Wed Aug 28 16:51:22 2019 +0200
tree a280800a46321c7c89ae7ce952135b8e86de6ab4
parent 7384ee7e555f25060ee56810c83db994c3f6a6fd

Boot: Add support for dependency description

This commit aims to add the ability to specify and add dependency
TLVs to MCUBoot. An image dependency is a security critical data.
Therefore, the dependency TLVs must also be included in the protected
part of the TLV area.

The dependencies between the Secure and Non-secure images can be
specified at build time with the S_IMAGE_MIN_VER and
NS_IMAGE_MIN_VER defines.

Change-Id: I6a5a3e4d02f5a9d363fde3018fb1cba07b940db8
Co-authored-by: Bence Kaposzta <bence.kaposzta@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>

bl2/ext/mcuboot/scripts/imgtool.py

diff --git a/bl2/ext/mcuboot/scripts/imgtool.py b/bl2/ext/mcuboot/scripts/imgtool.py
index 1976f72..3b6e874 100644
--- a/bl2/ext/mcuboot/scripts/imgtool.py
+++ b/bl2/ext/mcuboot/scripts/imgtool.py
@@ -112,7 +112,7 @@
                            pad=pad_size)
     key = keys.load(args.key) if args.key else None
     ram_load_address = macro_parser.evaluate_macro(args.layout, image_load_address_re, 0, 1)
-    img.sign(key, ram_load_address)
+    img.sign(key, ram_load_address, args.dependencies)
 
     if pad_size:
         img.pad_to(pad_size, args.align)
@@ -124,6 +124,30 @@
         'getpub': do_getpub,
         'sign': do_sign, }
 
+
+def get_dependencies(text):
+    if text is not None:
+        versions = []
+        images = re.findall(r"\((\d+)", text)
+        if len(images) == 0:
+            msg = "Image dependency format is invalid: {}".format(text)
+            raise argparse.ArgumentTypeError(msg)
+        raw_versions = re.findall(r",\s*([0-9.+]+)\)", text)
+        if len(images) != len(raw_versions):
+            msg = '''There's a mismatch between the number of dependency images
+            and versions in: {}'''.format(text)
+            raise argparse.ArgumentTypeError(msg)
+        for raw_version in raw_versions:
+            try:
+                versions.append(version.decode_version(raw_version))
+            except ValueError as e:
+                print(e)
+        dependencies = dict()
+        dependencies[image.DEP_IMAGES_KEY] = images
+        dependencies[image.DEP_VERSIONS_KEY] = versions
+        return dependencies
+
+
 def alignment_value(text):
     value = int(text)
     if value not in [1, 2, 4, 8]:
@@ -157,6 +181,9 @@
     sign.add_argument("--align", type=alignment_value, required=True)
     sign.add_argument("-v", "--version", type=version.decode_version,
                       default="0.0.0+0")
+    sign.add_argument("-d", "--dependencies", type=get_dependencies,
+                      required=False, help='''Add dependence on another image,
+                      format: "(<image_ID>,<image_version>), ... "''')
     sign.add_argument("-s", "--security-counter", type=intparse,
                       help='Specify explicitly the security counter value')
     sign.add_argument("-H", "--header-size", type=intparse, required=True)