TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 3c44607e160bcaf0e45c3db439fe397d1bd0e124
commit3c44607e160bcaf0e45c3db439fe397d1bd0e124[log] [tgz]
authorFabio Utzig <utzig@apache.org>Fri Nov 22 12:48:26 2019 -0300
committerFabio Utzig <utzig@utzig.org>Fri Nov 22 15:15:29 2019 -0300
treee960a918ef4a2efb0b98c88713689ebf0c81c5d9
parente84f0effb3e487499fd5a39acd003cb45b6dd45d [diff]
bootutil: fix enckey issue when reverting

While doing a revert, the image encryption keys might be saved temporarily
in the scratch area; this is required in situations that we need to swap
one of the last sectors of the primary slot. When this happens, and the
device is interrupted just after restarting the revert swap, bootutil will
try to load the encrypted keys from the primary slot, and possibly use them
in reverted order (image in primary uses key of image in secondary and
vice-versa) which was saved in the test upgrade.

This fixes the issue by reverting the order used to check for the swap
metadata, with scratch being checked before the primary slot.

Signed-off-by: Fabio Utzig <utzig@apache.org>
1 file changed
tree: e960a918ef4a2efb0b98c88713689ebf0c81c5d9
  1. boot/
  2. ci/
  3. docs/
  4. ext/
  5. ptest/
  6. samples/
  7. scripts/
  8. sim/
  9. testplan/
  10. .gitignore
  11. .gitmodules
  12. .travis.yml
  13. enc-aes128kw.b64
  14. enc-ec256-priv.pem
  15. enc-ec256-pub.pem
  16. enc-rsa2048-priv.pem
  17. enc-rsa2048-pub.pem
  18. LICENSE
  19. NOTICE
  20. project.yml
  21. README.md
  22. repository.yml
  23. root-ec-p256-pkcs8.pem
  24. root-ec-p256.pem
  25. root-ed25519.pem
  26. root-rsa-2048.pem
  27. root-rsa-3072.pem
  28. version.yml
README.md

mcuboot

Coverity Scan Build Status Build/Test

This is mcuboot, version 1.4.0

MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables easy software upgrade.

MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating system it works with. Currently, mcuboot works with both the Apache Mynewt, and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.

Using MCUboot

Instructions for different operating systems can be found here:

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To participate please visit:

MCUBoot GitHub Issues

Issues were previously tracked on MCUboot JIRA , but it is now deprecated.

Browsing

Information and documentation on the bootloader are stored within the source.

It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • boot/mynewt: Mynewt bootloader app
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome!