blob: f79ec2f843dd56b17a574c6d877254bad54f6377 [file] [log] [blame] [view]
David Brown37f8afd2017-09-12 10:59:39 -06001# MCUboot Release Notes
2
3- Table of Contents
4{:toc}
5
Fabio Utzig49045cc2018-01-09 15:56:29 -02006## Version 1.1.0
7
8The 1.1.0 release of MCUBoot brings a lot of fixes/updates to its
9inner workings, specially to its testing infrastructure which now
10enables a more thorough quality assurance of many of the available
11options. As expected of the 1.x.x release cycle, no breaking changes
12were made. From the tooling perpective the main addition is
13newt/imgtool support for password protected keys.
14
15### About this release
16
17- serial recovery functionality support under Zephyr
18- simulator: lots of refactors were applied, which result in the
19 simulator now leveraging the Rust testing infrastructure; testing
20 of ecdsa (secp256r1) was added
21- imgtool: removed PKCS1.5 support, added support for password
22 protected keys
23- tinycrypt 0.2.8 and the mbed-tls ASN1 parser are now bundled with
24 mcuboot (eg secp256r1 is now free of external dependencies!)
25- Overwrite-only mode was updated to erase/copy only sectors that
26 actually store firmware
27- A lot of small code and documentation fixes and updates.
28
29### Known issues
30
31None
32
David Brown37f8afd2017-09-12 10:59:39 -060033## Version 1.0.0
34
35The 1.0.0 release of MCUBoot introduces a format change. It is
36important to either use the `imgtool.py` also from this release, or
37pass the `-2` to recent versions of the `newt` tool in order to
38generate image headers with the new format. There should be no
39incompatible format changes throughout the 1.x.y release series.
40
41### About this release
42
43- Header format change. This change was made to move all of the
44 information about signatures out of the header and into the TLV
45 block appended to the image. This allows
46 - The signature to be replaced without changing the image.
47 - Multiple signatures to be applied. This can be used, for example,
48 to sign an image with two algorithms, to support different
49 bootloader configurations based on these image.
50 - The public key is referred to by its SHA1 hash (or a prefix of the
51 hash), instead of an index that has to be maintained with the
52 bootloader.
53 - Allow new types of signatures in the future.
54- Support for PKCS#1 v1.5 signatures has been dropped. All RSA
55 signatures should be made with PSS. The tools have been changed to
56 reflect this.
57- The source for Tinycrypt has been placed in the MCUboot tree. A
58 recent version of Tinycrypt introduced breaking API changes. To
59 allow MCUboot to work across various platforms, we stop using the
60 Tinycrypt bundled with the OS platform, and use our own version. A
61 future release of MCUboot will update the Tinycrypt version.
62- Support for some new targets:
63 - Nordic nRF51 and nRF52832 dev kits
64 - Hexiwear K64
65- Clearer sample applications have been added under `samples`.
66- Test plans for [zephyr](%{ link testplan-zephyr.md %}), and
67 [mynewt]({% link testplan-mynewt.md %}).
68- The simulator is now able to test RSA signatures.
69- There is an unimplemented `load_addr` header for future support for
70 RAM loading in the bootloader.
71- Numerous documentation.
72
73### Known issues
74
75None
76
77## Version 0.9.0
78
79This is the first release of MCUBoot, a secure bootloader for 32-bit MCUs.
80It is designed to be operating system-agnostic and works over any transport -
81wired or wireless. It is also hardware independent, and relies on hardware
82porting layers from the operating system it works with. For the first release,
83we have support for three open source operating systems: Apache Mynewt, Zephyr
84and RIOT.
85
86### About this release
87
88- This release supports building with and running Apache Mynewt and Zephyr
89 targets.
90- RIOT is supported as a running target.
91- Image integrity is provided with SHA256.
92- Image originator authenticity is provided supporting the following
93 signature algorithms:
94 - RSA 2048 and RSA PKCS#1 v1.5 or v2.1
95 - Elliptic curve DSA with secp224r1 and secp256r1
96- Two firmware upgrade algorithms are provided:
97 - An overwrite only which upgrades slot 0 with the image in slot 1.
98 - A swapping upgrade which enables image test, allowing for rollback to a
99 previous known good image.
100- Supports both mbed-TLS and tinycrypt as backend crypto libraries. One of them
101 must be defined and the chosen signing algorithm will require a particular
102 library according to this list:
103 - RSA 2048 needs mbed TLS
104 - ECDSA secp224r1 needs mbed TLS
105 - ECDSA secp256r1 needs tinycrypt as well as the ASN.1 code from mbed TLS
106 (so still needs that present).
107
108### Known issues
109
110- The image header and TLV formats are planned to change with release 1.0:
111 https://runtimeco.atlassian.net/browse/MCUB-66