Boot: Extend align value and make it configurable by platform
Since stm/b_u585i_iot02a platform needs 16 bytes align value. Align
value is now configurable up to 32 bytes and default value is fixed
to previous hardcoded settings(1 bytes). Move mcuboot for the support
of alignment larger than 8 bytes.
Change-Id: Id3cce340e10fafe74f17e0aad129bb83dbbe6e8f
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index be93e65..cca2ff3 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -63,6 +63,12 @@
set(MCUBOOT_ALLOWED_LOG_LEVELS OFF ERROR WARNING INFO DEBUG)
list(FIND MCUBOOT_ALLOWED_LOG_LEVELS ${MCUBOOT_LOG_LEVEL} LOG_LEVEL_ID)
+if (MCUBOOT_ALIGN_VAL GREATER 8)
+set (MCUBOOT_BOOT_MAX_ALIGN ${MCUBOOT_ALIGN_VAL})
+else()
+set (MCUBOOT_BOOT_MAX_ALIGN 8)
+endif()
+
configure_file(include/mcuboot_config/mcuboot_config.h.in
${CMAKE_CURRENT_BINARY_DIR}/mcuboot_config/mcuboot_config.h
@ONLY)
@@ -133,7 +139,7 @@
--layout $<TARGET_OBJECTS:signing_layout_s>
-k ${MCUBOOT_KEY_S}
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
- --align 1
+ --align ${MCUBOOT_ALIGN_VAL}
--pad
--pad-header
-H ${BL2_HEADER_SIZE}
@@ -184,7 +190,7 @@
--layout $<TARGET_OBJECTS:signing_layout_ns>
-k ${MCUBOOT_KEY_NS}
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
- --align 1
+ --align ${MCUBOOT_ALIGN_VAL}
--pad
--pad-header
-H ${BL2_HEADER_SIZE}
@@ -234,7 +240,7 @@
--layout $<TARGET_OBJECTS:signing_layout_s>
-k $<IF:$<BOOL:${FORWARD_PROT_MSG}>,${MCUBOOT_KEY_NS},${MCUBOOT_KEY_S}>
--public-key-format $<IF:$<BOOL:${MCUBOOT_HW_KEY}>,full,hash>
- --align 1
+ --align ${MCUBOOT_ALIGN_VAL}
--pad
--pad-header
-H ${BL2_HEADER_SIZE}
diff --git a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
index 882585e..c31600b 100644
--- a/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
+++ b/bl2/ext/mcuboot/include/mcuboot_config/mcuboot_config.h.in
@@ -52,6 +52,8 @@
#cmakedefine MCUBOOT_ENC_IMAGES
#cmakedefine MCUBOOT_ENCRYPT_RSA
+#define MCUBOOT_BOOT_MAX_ALIGN @MCUBOOT_BOOT_MAX_ALIGN@
+
/*
* Cryptographic settings
*/
diff --git a/bl2/ext/mcuboot/mcuboot_default_config.cmake b/bl2/ext/mcuboot/mcuboot_default_config.cmake
index fe705f0..99c3948 100644
--- a/bl2/ext/mcuboot/mcuboot_default_config.cmake
+++ b/bl2/ext/mcuboot/mcuboot_default_config.cmake
@@ -19,12 +19,17 @@
set(MCUBOOT_UPGRADE_STRATEGY "OVERWRITE_ONLY" CACHE STRING "Upgrade strategy for images")
set(BL2_HEADER_SIZE 0x400 CACHE STRING "Header size")
set(BL2_TRAILER_SIZE 0x400 CACHE STRING "Trailer size")
+set(MCUBOOT_ALIGN_VAL 1 CACHE STRING "align option for mcuboot and build image with imgtool [1, 2, 4, 8, 16, 32]")
# Specifying a scope of the accepted values of MCUBOOT_UPGRADE_STRATEGY for
# platforms to choose a specific upgrade strategy for images. These certain
# configurations will be used to facilitate the later validation.
set_property(CACHE MCUBOOT_UPGRADE_STRATEGY PROPERTY STRINGS "OVERWRITE_ONLY;SWAP_USING_SCRATCH;SWAP_USING_MOVE;DIRECT_XIP;RAM_LOAD")
+# Specifying a scope of the accepted values of MCUBOOT_ALIGN_VAL for
+# platforms requiring specific flash alignmnent
+set_property(CACHE MCUBOOT_ALIGN_VAL PROPERTY STRINGS "1;2;4;8;16;32")
+
set(MCUBOOT_DIRECT_XIP_REVERT ON CACHE BOOL "Enable the revert mechanism in direct-xip mode")
set(MCUBOOT_MEASURED_BOOT ON CACHE BOOL "Add boot measurement values to boot status. Used for initial attestation token")
set(MCUBOOT_HW_ROLLBACK_PROT ON CACHE BOOL "Enable security counter validation against non-volatile HW counters")
diff --git a/bl2/ext/mcuboot/scripts/requirements.txt b/bl2/ext/mcuboot/scripts/requirements.txt
index 14bbb18..2e0f829 100644
--- a/bl2/ext/mcuboot/scripts/requirements.txt
+++ b/bl2/ext/mcuboot/scripts/requirements.txt
@@ -2,5 +2,5 @@
pyasn1
pyyaml
cbor>=1.0.0
-imgtool>=1.6.0
-click
\ No newline at end of file
+imgtool>=1.9.0
+click
diff --git a/bl2/ext/mcuboot/scripts/wrapper/wrapper.py b/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
old mode 100755
new mode 100644
index 5cff01b..9b6667c
--- a/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
+++ b/bl2/ext/mcuboot/scripts/wrapper/wrapper.py
@@ -79,7 +79,7 @@
help='Specify the value of encrypt key length. Default 128.')
@click.option('-v', '--version', callback=imgtool.main.validate_version,
required=True)
-@click.option('--align', type=click.Choice(['1', '2', '4', '8']),
+@click.option('--align', type=click.Choice(['1', '2', '4', '8', '16', '32']),
required=True)
@click.option('--public-key-format', type=click.Choice(['hash', 'full']),
default='hash', help='In what format to add the public key to '
@@ -103,6 +103,13 @@
else:
boot_record = "NSPE_SPE"
+ if int(align) <= 8 :
+ #default behaviour for max_align
+ max_align=8
+ else:
+ #max_align must be set to align
+ max_align=align
+
img = imgtool.image.Image(version=imgtool.version.decode_version(version),
header_size=header_size, pad_header=pad_header,
pad=pad, confirm=confirm, align=int(align),
@@ -111,7 +118,8 @@
load_addr=load_addr, rom_fixed=rom_fixed,
erased_val=erased_val,
save_enctlv=save_enctlv,
- security_counter=security_counter)
+ security_counter=security_counter,
+ max_align=max_align)
img.load(infile)
key = imgtool.main.load_key(key) if key else None