Skip to content

Commit

Permalink
add patches, apply them on top of 1.8.0
Browse files Browse the repository at this point in the history 
0009 is used to patch cryptography version used because of: healthchecks/healthchecks#565
  • Loading branch information
@umbynos
umbynos committed Feb 16, 2022
1 parent e767a3b commit 1c38ed8
Show file tree
Hide file tree
Showing 9 changed files with 553 additions and 0 deletions.
296 changes: 296 additions & 0 deletions patches/0001-Imgtool-Updates-to-allow-larger-minimum-flash-write.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,296 @@
From eae1261cd51d42bb934403a64bc4d194b357997d Mon Sep 17 00:00:00 2001
From: Kristine Jassmann <kristine.jassmann@renesas.com>
Date: Wed, 3 Feb 2021 16:56:14 +0000
Subject: [PATCH] Imgtool: Updates to allow larger minimum flash write.

Signed-off-by: Kristine Jassmann <kristine.jassmann@renesas.com>
---
boot/bootutil/include/bootutil/bootutil.h | 40 ++++++++++++++++++++++-
boot/bootutil/include/bootutil/enc_key.h | 4 +++
boot/bootutil/src/bootutil_misc.c | 13 ++++----
boot/bootutil/src/bootutil_priv.h | 14 ++++++--
scripts/imgtool/image.py | 22 +++++++------
scripts/imgtool/main.py | 10 ++++--
6 files changed, 79 insertions(+), 24 deletions(-)

diff --git a/boot/bootutil/include/bootutil/bootutil.h b/boot/bootutil/include/bootutil/bootutil.h
index b45334a..d00a551 100644
--- a/boot/bootutil/include/bootutil/bootutil.h
+++ b/boot/bootutil/include/bootutil/bootutil.h
@@ -36,6 +36,41 @@
extern "C" {
#endif

+/** Attempt to boot the contents of the primary slot. */
+#define BOOT_SWAP_TYPE_NONE 1
+
+/**
+ * Swap to the secondary slot.
+ * Absent a confirm command, revert back on next boot.
+ */
+#define BOOT_SWAP_TYPE_TEST 2
+
+/**
+ * Swap to the secondary slot,
+ * and permanently switch to booting its contents.
+ */
+#define BOOT_SWAP_TYPE_PERM 3
+
+/** Swap back to alternate slot. A confirm changes this state to NONE. */
+#define BOOT_SWAP_TYPE_REVERT 4
+
+/** Swap failed because image to be run is not valid */
+#define BOOT_SWAP_TYPE_FAIL 5
+
+/** Swapping encountered an unrecoverable error */
+#define BOOT_SWAP_TYPE_PANIC 0xff
+
+#define BOOT_MAGIC_SZ 16
+
+#ifdef MCUBOOT_BOOT_MAX_ALIGN
+#define BOOT_MAX_ALIGN MCUBOOT_BOOT_MAX_ALIGN
+#define BOOT_MAGIC_ALIGN_SIZE \
+ ((((BOOT_MAGIC_SZ - 1) / BOOT_MAX_ALIGN) + 1) * BOOT_MAX_ALIGN)
+#else
+#define BOOT_MAX_ALIGN 8
+#define BOOT_MAGIC_ALIGN_SIZE BOOT_MAGIC_SZ
+#endif
+
struct image_header;
/**
* A response object provided by the boot loader code; indicates where to jump
@@ -63,7 +98,10 @@ struct image_trailer {
uint8_t pad2[BOOT_MAX_ALIGN - 1];
uint8_t image_ok;
uint8_t pad3[BOOT_MAX_ALIGN - 1];
- uint8_t magic[16];
+#if BOOT_MAX_ALIGN > BOOT_MAGIC_SZ
+ uint8_t pad4[BOOT_MAGIC_ALIGN_SIZE - BOOT_MAGIC_SZ];
+#endif
+ uint8_t magic[BOOT_MAGIC_SZ];
};

/* you must have pre-allocated all the entries within this structure */
diff --git a/boot/bootutil/include/bootutil/enc_key.h b/boot/bootutil/include/bootutil/enc_key.h
index 779b0d4..eedd24e 100644
--- a/boot/bootutil/include/bootutil/enc_key.h
+++ b/boot/bootutil/include/bootutil/enc_key.h
@@ -33,11 +33,15 @@
#include "bootutil/crypto/aes_ctr.h"
#include "bootutil/image.h"
#include "bootutil/enc_key_public.h"
+#include "bootutil/bootutil.h"

#ifdef __cplusplus
extern "C" {
#endif

+#define BOOT_ENC_KEY_SIZE 16
+#define BOOT_ENC_KEY_ALIGN_SIZE \
+ ((((BOOT_ENC_KEY_SIZE - 1) / BOOT_MAX_ALIGN) + 1) * BOOT_MAX_ALIGN)
#define BOOT_ENC_KEY_SIZE_BITS (BOOT_ENC_KEY_SIZE * 8)

#define BOOT_ENC_TLV_ALIGN_SIZE \
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 19de68b..f0dfbf9 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -111,12 +111,12 @@ boot_trailer_sz(uint32_t min_write_sz)
# if MCUBOOT_SWAP_SAVE_ENCTLV
BOOT_ENC_TLV_ALIGN_SIZE * 2 +
# else
- BOOT_ENC_KEY_SIZE * 2 +
+ BOOT_ENC_KEY_ALIGN_SIZE * 2 +
# endif
#endif
/* swap_type + copy_done + image_ok + swap_size */
BOOT_MAX_ALIGN * 4 +
- BOOT_MAGIC_SZ;
+ BOOT_MAGIC_ALIGN_SIZE;
}

int
@@ -157,7 +157,7 @@ boot_magic_off(const struct flash_area *fap)
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
{
- return boot_magic_off(fap) - BOOT_MAX_ALIGN;
+ return (boot_magic_off(fap) - BOOT_MAX_ALIGN) & ~(BOOT_MAX_ALIGN - 1);
}

static inline uint32_t
@@ -177,10 +177,9 @@ static inline uint32_t
boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
{
#if MCUBOOT_SWAP_SAVE_ENCTLV
- return boot_swap_size_off(fap) - ((slot + 1) *
- ((((BOOT_ENC_TLV_SIZE - 1) / BOOT_MAX_ALIGN) + 1) * BOOT_MAX_ALIGN));
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_TLV_ALIGN_SIZE);
#else
- return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_SIZE);
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_ALIGN_SIZE);
#endif
}
#endif
@@ -229,7 +228,7 @@ boot_find_status(int image_index, const struct flash_area **fap)
return rc;
}

- if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) == 0) {
+ if (BOOT_MAGIC_GOOD == boot_magic_decode(magic)) {
return 0;
}

diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 67be5eb..f80f826 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -109,16 +109,24 @@ struct boot_status {
* | Encryption key 0 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | 0xff padding as needed (BOOT_MAX_ALIGN - 16 EK0 octets) [*] |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encryption key 1 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | 0xff padding as needed (BOOT_MAX_ALIGN - 16 EK1 octets) [*] |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Swap size (4 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Swap info | 0xff padding (7 octets) |
+ * | 0xff padding as needed (BOOT_MAX_ALIGN - 4 Swap Size octets) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Swap info | 0xff padding (BOOT_MAX_ALIGN - 1 octets) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Copy done | 0xff padding (BOOT_MAX_ALIGN - 1 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Copy done | 0xff padding (7 octets) |
+ * | Image OK | 0xff padding (BOOT_MAX_ALIGN - 1 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Image OK | 0xff padding (7 octets) |
+ * | 0xff padding as needed (BOOT_MAX_ALIGN - 16 MAGIC octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | MAGIC (16 octets) |
* | |
diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index 684c6b3..6bfed0d 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py
@@ -43,7 +43,7 @@ IMAGE_HEADER_SIZE = 32
BIN_EXT = "bin"
INTEL_HEX_EXT = "hex"
DEFAULT_MAX_SECTORS = 128
-MAX_ALIGN = 8
+DEFAULT_MAX_ALIGN = 8
DEP_IMAGES_KEY = "images"
DEP_VERSIONS_KEY = "versions"
MAX_SW_TYPE_LENGTH = 12 # Bytes
@@ -135,7 +135,7 @@ class Image():
slot_size=0, max_sectors=DEFAULT_MAX_SECTORS,
overwrite_only=False, endian="little", load_addr=0,
rom_fixed=None, erased_val=None, save_enctlv=False,
- security_counter=None):
+ security_counter=None, max_align=DEFAULT_MAX_ALIGN):

if load_addr and rom_fixed:
raise click.UsageError("Can not set rom_fixed and load_addr at the same time")
@@ -158,6 +158,7 @@ class Image():
self.enckey = None
self.save_enctlv = save_enctlv
self.enctlv_len = 0
+ self.max_align = int(max_align)

if security_counter == 'auto':
# Security counter has not been explicitly provided,
@@ -232,7 +233,7 @@ class Image():
padding = bytearray([self.erased_val] *
(trailer_size - len(boot_magic)))
if self.confirm and not self.overwrite_only:
- padding[-MAX_ALIGN] = 0x01 # image_ok = 0x01
+ padding[-self.max_align] = 0x01 # image_ok = 0x01
padding += boot_magic
h.puts(trailer_addr, bytes(padding))
h.tofile(path, 'hex')
@@ -517,10 +518,11 @@ class Image():
save_enctlv, enctlv_len):
# NOTE: should already be checked by the argument parser
magic_size = 16
+ magic_align_size = (int((magic_size - 1) / self.max_align) + 1) * self.max_align
if overwrite_only:
- return MAX_ALIGN * 2 + magic_size
+ return self.max_align * 2 + magic_align_size
else:
- if write_size not in set([1, 2, 4, 8]):
+ if write_size not in set([1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048, 4096]):
raise click.BadParameter("Invalid alignment: {}".format(
write_size))
m = DEFAULT_MAX_SECTORS if max_sectors is None else max_sectors
@@ -528,12 +530,12 @@ class Image():
if enckey is not None:
if save_enctlv:
# TLV saved by the bootloader is aligned
- keylen = (int((enctlv_len - 1) / MAX_ALIGN) + 1) * MAX_ALIGN
+ keylen = (int((enctlv_len - 1) / self.max_align) + 1) * self.max_align
else:
- keylen = 16
+ keylen = (int((16 - 1) / self.max_align) + 1) * self.max_align
trailer += keylen * 2 # encryption keys
- trailer += MAX_ALIGN * 4 # image_ok/copy_done/swap_info/swap_size
- trailer += magic_size
+ trailer += self.max_align * 4 # image_ok/copy_done/swap_info/swap_size
+ trailer += magic_align_size
return trailer

def pad_to(self, size):
@@ -545,7 +547,7 @@ class Image():
pbytes = bytearray([self.erased_val] * padding)
pbytes += bytearray([self.erased_val] * (tsize - len(boot_magic)))
if self.confirm and not self.overwrite_only:
- pbytes[-MAX_ALIGN] = 0x01 # image_ok = 0x01
+ pbytes[-self.max_align] = 0x01 # image_ok = 0x01
pbytes += boot_magic
self.payload += pbytes

diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index dd6c044..0f21306 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -288,7 +288,8 @@ class BasedIntParamType(click.ParamType):
help='Specify the value of security counter. Use the `auto` '
'keyword to automatically generate it from the image version.')
@click.option('-v', '--version', callback=validate_version, required=True)
-@click.option('--align', type=click.Choice(['1', '2', '4', '8']),
+@click.option('--align', type=click.Choice(['1', '2', '4', '8', '16', '32',
+ '64', '128', '256', '512', '1024', '2048', '4096']),
required=True)
@click.option('--public-key-format', type=click.Choice(['hash', 'full']),
default='hash', help='In what format to add the public key to '
@@ -297,11 +298,14 @@ class BasedIntParamType(click.ParamType):
@click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''')
+@click.option('--max_align', type=click.Choice(['1', '2', '4', '8', '16', '32',
+ '64', '128', '256', '512', '1024', '2048', '4096']),
+ default=8)
def sign(key, public_key_format, align, version, pad_sig, header_size,
pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
load_addr, hex_addr, erased_val, save_enctlv, security_counter,
- boot_record, custom_tlv, rom_fixed):
+ boot_record, custom_tlv, rom_fixed, max_align):

if confirm:
# Confirmed but non-padded images don't make much sense, because
@@ -313,7 +317,7 @@ def sign(key, public_key_format, align, version, pad_sig, header_size,
max_sectors=max_sectors, overwrite_only=overwrite_only,
endian=endian, load_addr=load_addr, rom_fixed=rom_fixed,
erased_val=erased_val, save_enctlv=save_enctlv,
- security_counter=security_counter)
+ security_counter=security_counter, max_align=max_align)
img.load(infile)
key = load_key(key) if key else None
enckey = load_key(encrypt) if encrypt else None
--
2.35.1

52 changes: 52 additions & 0 deletions patches/0002-Imgtool-Fixed-default-and-made-max-align-consistent-.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
From 2a8138e2895085469dbf3c759f1b84f271e98275 Mon Sep 17 00:00:00 2001
From: Kristine Jassmann <kristine.jassmann@renesas.com>
Date: Wed, 24 Feb 2021 01:11:39 +0000
Subject: [PATCH] Imgtool: Fixed default and made max-align consistent
with other options. Adding required sign-off.

Signed-off-by: Kristine Jassmann <kristine.jassmann@renesas.com>
---
scripts/imgtool/image.py | 2 +-
scripts/imgtool/main.py | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index 6bfed0d..89c5e82 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py
@@ -158,7 +158,7 @@ class Image():
self.enckey = None
self.save_enctlv = save_enctlv
self.enctlv_len = 0
- self.max_align = int(max_align)
+ self.max_align = DEFAULT_MAX_ALIGN if max_align is None else int(max_align)

if security_counter == 'auto':
# Security counter has not been explicitly provided,
diff --git a/scripts/imgtool/main.py b/scripts/imgtool/main.py
index 0f21306..49e3db8 100755
--- a/scripts/imgtool/main.py
+++ b/scripts/imgtool/main.py
@@ -291,6 +291,9 @@ class BasedIntParamType(click.ParamType):
@click.option('--align', type=click.Choice(['1', '2', '4', '8', '16', '32',
'64', '128', '256', '512', '1024', '2048', '4096']),
required=True)
+@click.option('--max-align', type=click.Choice(['1', '2', '4', '8', '16', '32',
+ '64', '128', '256', '512', '1024', '2048', '4096']),
+ required=False)
@click.option('--public-key-format', type=click.Choice(['hash', 'full']),
default='hash', help='In what format to add the public key to '
'the image manifest: full key or hash of the key.')
@@ -298,9 +301,6 @@ class BasedIntParamType(click.ParamType):
@click.command(help='''Create a signed or unsigned image\n
INFILE and OUTFILE are parsed as Intel HEX if the params have
.hex extension, otherwise binary format is used''')
-@click.option('--max_align', type=click.Choice(['1', '2', '4', '8', '16', '32',
- '64', '128', '256', '512', '1024', '2048', '4096']),
- default=8)
def sign(key, public_key_format, align, version, pad_sig, header_size,
pad_header, slot_size, pad, confirm, max_sectors, overwrite_only,
endian, encrypt_keylen, encrypt, infile, outfile, dependencies,
--
2.35.1

48 changes: 48 additions & 0 deletions patches/0003-Imgtool-Fix-bug-in-confirm-for-larger-minimum-flash-.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
From 85ae02120e00694f081fb8f0e01c9a356cb5cc1e Mon Sep 17 00:00:00 2001
From: Kristine Jassmann <kristine.jassmann@renesas.com>
Date: Thu, 18 Mar 2021 21:03:36 +0000
Subject: [PATCH] Imgtool: Fix bug in --confirm for larger minimum flash
write.

Signed-off-by: Kristine Jassmann <kristine.jassmann@renesas.com>
---
scripts/imgtool/image.py | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/scripts/imgtool/image.py b/scripts/imgtool/image.py
index 89c5e82..65e194d 100644
--- a/scripts/imgtool/image.py
+++ b/scripts/imgtool/image.py
@@ -232,9 +232,12 @@ class Image():
trailer_addr = (self.base_addr + self.slot_size) - trailer_size
padding = bytearray([self.erased_val] *
(trailer_size - len(boot_magic)))
- if self.confirm and not self.overwrite_only:
- padding[-self.max_align] = 0x01 # image_ok = 0x01
padding += boot_magic
+ if self.confirm and not self.overwrite_only:
+ magic_size = 16
+ magic_align_size = (int((magic_size - 1) / self.max_align) + 1) * self.max_align
+ image_ok_idx = -(magic_align_size + self.max_align)
+ padding[image_ok_idx] = 0x01 # image_ok = 0x01
h.puts(trailer_addr, bytes(padding))
h.tofile(path, 'hex')
else:
@@ -546,9 +549,12 @@ class Image():
padding = size - (len(self.payload) + tsize)
pbytes = bytearray([self.erased_val] * padding)
pbytes += bytearray([self.erased_val] * (tsize - len(boot_magic)))
- if self.confirm and not self.overwrite_only:
- pbytes[-self.max_align] = 0x01 # image_ok = 0x01
pbytes += boot_magic
+ if self.confirm and not self.overwrite_only:
+ magic_size = 16
+ magic_align_size = (int((magic_size - 1) / self.max_align) + 1) * self.max_align
+ image_ok_idx = -(magic_align_size + self.max_align)
+ pbytes[image_ok_idx] = 0x01 # image_ok = 0x01
self.payload += pbytes

@staticmethod
--
2.35.1

0 comments on commit 1c38ed8

Please sign in to comment.