commit db32b2152f8ecdc6aeb877d3b469d142eb441c26
author David Vincze <david.vincze@arm.com> Tue Apr 16 17:43:57 2019 +0200
committer David Vincze <david.vincze@arm.com> Thu May 23 15:08:22 2019 +0200
tree b829f741f6e528e6ec55fada23867d334fc098cd
parent 4653d966e447801dbdd3a72441cfd64d166a4be2

Boot: Add security counter to image manifest

Add command line argument to the imgtool that can be used to add a
security counter TLV to the image manifest. This security counter value
can be used in rollback protection to compare the new image's security
counter against the active image's counter. It can be independent from
the image version, but if it is not specified in the argument list then
the script will generate it from the image version number
(not including the build number).

The value of the security counter is security critical data. Therefore,
this part of the TLV area must be included in the integrity protected
part of the image.

Add security counter to the build system. It can be specified at build
time with "-DSECURITY_COUNTER=<value>", otherwise the generated
security counter value will be added to the signed image.

Change-Id: Ia9773ad7a57fc3a8cc022e1c1df4321e27c912ec
Signed-off-by: David Vincze <david.vincze@arm.com>

bl2/ext/mcuboot/scripts/imgtool.py

diff --git a/bl2/ext/mcuboot/scripts/imgtool.py b/bl2/ext/mcuboot/scripts/imgtool.py
index b984ce2..924fa96 100644
--- a/bl2/ext/mcuboot/scripts/imgtool.py
+++ b/bl2/ext/mcuboot/scripts/imgtool.py
@@ -1,7 +1,7 @@
 #! /usr/bin/env python3
 #
 # Copyright 2017 Linaro Limited
-# Copyright (c) 2018, Arm Limited.
+# Copyright (c) 2018-2019, Arm Limited.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -102,13 +102,24 @@
 def do_sign(args):
     if args.rsa_pkcs1_15:
         keys.sign_rsa_pss = False
+
+    version_num = next_version_number(args,
+                                      version.decode_version("0"),
+                                      "lastVerNum.txt")
+
+    if args.security_counter is None:
+        # Security counter has not been explicitly provided,
+        # generate it from the version number
+        args.security_counter = ((version_num.major << 24)
+                                 + (version_num.minor << 16)
+                                 + version_num.revision)
+
     img = image.Image.load(args.infile,
-            version=next_version_number(args,
-                                        version.decode_version("0"),
-                                        "lastVerNum.txt"),
-            header_size=args.header_size,
-            included_header=args.included_header,
-            pad=args.pad)
+                           version=version_num,
+                           header_size=args.header_size,
+                           security_cnt=args.security_counter,
+                           included_header=args.included_header,
+                           pad=args.pad)
     key = keys.load(args.key) if args.key else None
     img.sign(key, find_load_address(args))
 
@@ -155,6 +166,8 @@
     sign.add_argument("--align", type=alignment_value, required=True)
     sign.add_argument("-v", "--version", type=version.decode_version,
                       default="0.0.0+0")
+    sign.add_argument("-s", "--security-counter", type=intparse,
+                      help='Specify explicitly the security counter value')
     sign.add_argument("-H", "--header-size", type=intparse, required=True)
     sign.add_argument("--included-header", default=False, action='store_true',
                       help='Image has gap for header')
@@ -174,4 +187,4 @@
     subcmds[args.subcmd](args)
 
 if __name__ == '__main__':
-    args()
\ No newline at end of file
+    args()