commit 9ec0f540a9e9ddb1f72d6aa36588e632de15209b
author David Vincze <david.vincze@arm.com> Wed Jul 03 18:09:47 2019 +0200
committer David Vincze <david.vincze@arm.com> Wed Aug 28 16:51:22 2019 +0200
tree a280800a46321c7c89ae7ce952135b8e86de6ab4
parent 7384ee7e555f25060ee56810c83db994c3f6a6fd

Boot: Add support for dependency description

This commit aims to add the ability to specify and add dependency
TLVs to MCUBoot. An image dependency is a security critical data.
Therefore, the dependency TLVs must also be included in the protected
part of the TLV area.

The dependencies between the Secure and Non-secure images can be
specified at build time with the S_IMAGE_MIN_VER and
NS_IMAGE_MIN_VER defines.

Change-Id: I6a5a3e4d02f5a9d363fde3018fb1cba07b940db8
Co-authored-by: Bence Kaposzta <bence.kaposzta@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>

bl2/ext/mcuboot/scripts/imgtool_lib/image.py

diff --git a/bl2/ext/mcuboot/scripts/imgtool_lib/image.py b/bl2/ext/mcuboot/scripts/imgtool_lib/image.py
index ff137a5..b721fa3 100644
--- a/bl2/ext/mcuboot/scripts/imgtool_lib/image.py
+++ b/bl2/ext/mcuboot/scripts/imgtool_lib/image.py
@@ -26,6 +26,8 @@
 TLV_HEADER_SIZE = 4
 PAYLOAD_DIGEST_SIZE = 32  # SHA256 hash
 KEYHASH_SIZE = 32
+DEP_IMAGES_KEY = "images"
+DEP_VERSIONS_KEY = "versions"
 
 # Image header flags.
 IMAGE_F = {
@@ -37,6 +39,7 @@
         'SHA256' : 0x10,
         'RSA2048': 0x20,
         'RSA3072': 0x23,
+        'DEPENDENCY': 0x40,
         'SEC_CNT': 0x50, }
 
 TLV_INFO_SIZE = 4
@@ -112,17 +115,38 @@
             if any(v != 0 and v != b'\000' for v in self.payload[0:self.header_size]):
                 raise Exception("Padding requested, but image does not start with zeros")
 
-    def sign(self, key, ramLoadAddress):
+    def sign(self, key, ramLoadAddress, dependencies=None):
         # Size of the security counter TLV:
         # header ('BBH') + payload ('I') = 8 Bytes
         protected_tlv_size = TLV_INFO_SIZE + 8
 
+        if dependencies is None:
+            dependencies_num = 0
+        else:
+            # Size of a dependency TLV:
+            # header ('BBH') + payload('IBBHI') = 16 Bytes
+            dependencies_num = len(dependencies[DEP_IMAGES_KEY])
+            protected_tlv_size += (dependencies_num * 16)
+
         self.add_header(key, protected_tlv_size, ramLoadAddress)
 
         tlv = TLV()
 
         payload = struct.pack('I', self.security_cnt)
         tlv.add('SEC_CNT', payload)
+
+        if dependencies_num != 0:
+            for i in range(dependencies_num):
+                payload = struct.pack(
+                                '<'+'I'+'BBHI',
+                                int(dependencies[DEP_IMAGES_KEY][i]),
+                                dependencies[DEP_VERSIONS_KEY][i].major,
+                                dependencies[DEP_VERSIONS_KEY][i].minor,
+                                dependencies[DEP_VERSIONS_KEY][i].revision,
+                                dependencies[DEP_VERSIONS_KEY][i].build
+                                )
+                tlv.add('DEPENDENCY', payload)
+
         # Full TLV size needs to be calculated in advance, because the
         # header will be protected as well
         full_size = (TLV_INFO_SIZE + len(tlv.buf) + TLV_HEADER_SIZE
@@ -179,7 +203,7 @@
                 IMAGE_MAGIC,
                 0 if (ramLoadAddress is None) else ramLoadAddress, # LoadAddr
                 self.header_size,
-                protected_tlv_size,  # TLV info header + security counter TLV
+                protected_tlv_size,  # TLV info header + SC TLV (+ DEP. TLVs)
                 len(self.payload) - self.header_size, # ImageSz
                 flags, # Flags
                 self.version.major,