[nrf noup] bootutil: loader: fix a hardfault when the external second… #208
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…LER_LABEL As upstream zephyr is phasing out DT_FLASH defines for non-partition usage replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL. Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This reverts commit 8cd5dc5. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
…cros"" This reverts commit 39d1aef. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronize up to mcu-tools/mcuboot@82c5f7 which is same as v1.6.0-rc2 tag. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_ macros. Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Use the new FLASH_AREA_ macros. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixup how we fake out devicetree.h, which is now really the flash map API for what mcuboot is using. Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Update CONFIG_FLOAT to CONFIG_FPU which has been renamed in zephyr. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Convert to use C99 types as we intend to deprecate the zephyr specific integer types. Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
This reverts commit b7254d1. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronize up to: mcu-tools/mcuboot@9b48d08 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronize up to: mcu-tools/mcuboot@33fbef5 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Align the code to the new UART callback signature, see: zephyrproject-rtos/zephyr#26426 Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Synchronize up to: mcu-tools/mcuboot@1cb076c Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronize up to: mcu-tools/mcuboot@5a6e181 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Change whitelist->allow to be compatible with sanitycheck in zephyr. Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fix author email after move to new mailing list. Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Follows up the change added to Zephyr with: zephyrproject-rtos/zephyr#24873 Signed-off-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
Change fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Missing const on pointers to device structures caused compilation warnings when compiling bootloader with serial recovery enabled. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Synchronized up to: https://github.com/JuulLabs-OSS/mcuboot/commit/@296949e Improvements: - hardening against hardware level fault injection and timing attacks - Abstract crypto primitives to simplify porting. - boot: Add ram-load upgrade mode - renamed single-image mode to single-slot mode - kconfig: provide logic for setting key file, simplify prj.conf - imgtool: Print image digest during verify - imgtool: Add possibility to set confirm flag for hex files as well - imgtool: --confirm implies --pad - Added single-slot Zephyr-RTOS test build fixes: - bootutil: fix boostrapping in swap-move - bootutil: fix swap-move brick with padded image_0 - Disable HW stack protection (temporary hack) - reset SPLIM registers before boot - fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. - imgtool: Fix 'custom_tlvs' argument handling - Turn off cache for Cortex M7 before chain-loading.- hardening against hardware level fault injection and timing attacks Conflicts: - took upsteram boot/zephyr/sample.yaml Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronized up to: mcu-tools/mcuboot@c625da4 - Removed the `flash_area_read_is_empty()` port implementation function - Added watchdog feed on nRF dvices. See CONFIG BOOT_WATCHDOG_FEED option. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronized up to: mcu-tools/mcuboot@c74c551 - corected bugfix #830 of upgrade issue in swap-move - changed default for CONFIG_MCUBOOT_CLEANUP_ARM_CODE to n, added MPU register clean-up to this option - bootutil: ecdsa: Fixed CC310 for nRF devices - zephyr: made flash_area_erased_val() weak - serial recovery: allow unaligned last image data chunk Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
merged by GitHub GUI nrfconnect#38 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Synchronized up to: mcu-tools/mcuboot@d2122bc - Added 'revert' support to direct-xip mode. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
merged by GitHub GUI nrfconnect#39 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Merge in upstream MCUboot revision e512181 - allow xip-revert only for xip-mode - boot: Fix LOAD_IMAGE_DATA macro - bootutil: crypto: avoid unuseful memset - ext: tinycrypt: update ctr mode to stream - zephyr: use minimal CBPRINTF implementation - zephyr/Kconfig: Added default pin for serial recovery mode for nRF5340DK - boot: zephyr: Default to LOG_MINIMAL - imgtool: Add support for setting fixed ROM address into image header - boot: zephyr: cleanup NXP MPU configuration before boot - fix nokogiri<=1.11.0.rc4 vulnerability The remaining commits are related to MCUboot CI and tests.
This reverts commit bea230a. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This reverts commit 4bc1017. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This reverts commit 56cd972. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
… into upmerge-20220622-branch Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add Jenkinsfile, .gitlint, and backport workflow files. Signed-off-by: Thomas Stilwell <Thomas.Stilwell@nordicsemi.no> Signed-off-by: Ulrich Myhre <ulrich.solli.myhre@nordicsemi.no> Signed-off-by: Chris Bittner <chris.bittner@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> (cherry picked from commit 624bd7c) (cherry picked from commit 56cd972) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. - We lock mcuboot using fprotect before jumping, to enable the secure boot property of the system. - Call fw_info_ext_api_provide() before booting if EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Vidar Berg <vidar.berg@nordicsemi.no> Signed-off-by: Draus, Sebastian <sebastian.draus@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> (cherry picked from commit 57cc96f) (cherry picked from commit bc4bb3b) (cherry picked from commit 8e98f3a) (cherry picked from commit e7db825) (cherry picked from commit 17f6d04) (cherry picked from commit 0a20703) (cherry picked from commit 4bc1017) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Removes the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> (cherry picked from commit fced550) (cherry picked from commit bea230a) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> (cherry picked from commit 47ce98d) (cherry picked from commit 66c554f) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
- Add network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. - Add support for multi image DFU using partition manager. Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Ole Sæther <ole.saether@nordicsemi.no> (cherry picked from commit 2e5fb98) (cherry picked from commit 6ee25a5) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add prj_minimal.conf, a Kconfig fragment to be used for minimally sized image production. The minimal fragment has been simplified for only external crypto. Move partition sizing into Kconfig to be consistent with the method used by b0. Using this fragment with prj_minimal.conf makes MCUboot < 16kB for all nRF devices (9160 still needs 32kB partition). Ref: NCSDK-6704 Signed-off-by: Stephen Stauts <stephen.stauts@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> (cherry picked from commit c920c9a) (cherry picked from commit 0a22318) (cherry picked from commit f8b974d) (cherry picked from commit b35b55e) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. The bootloader that is factory-programmed on thing91 does not support ECDSA signature type. Hence this commit also sets the signature type to RSA for applications built for Thingy:91. Signed-off-by: Bernt Johan Damslora <bernt.johan.damslora@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Jon Helge Nistad <jon.helge.nistad@nordicsemi.no> Signed-off-by: Balaji Srinivasan <balaji.srinivasan@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> (cherry picked from commit f349f78) (cherry picked from commit 866319a) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. This should be re-worked when the zephyr driver model allows us to deinitialize devices cleanly before jumping to the chain-loaded image. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> (cherry picked from commit 8f24485) (cherry picked from commit 4c52af6) (cherry picked from commit 8e09534) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Seems multi-image dependencies are not supported for multi-image in NCS yet. This is a workaround which reverts some lines to restore previous MCUboot behavior, so that Immutable bootloader + MCUBoot type builds will work. Ref. NCSDK-8681 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 2ce366a) (cherry picked from commit ecc2a19) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
-This sets the provide EXT_API to be at least optional when the external_crypto is being used. Ref: NCSDK-12021 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> (cherry picked from commit 8a8d4b2) (cherry picked from commit 31a950a) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
This commit removes the `CONFIG_DEBUG=y` setting from Zephyr prj.conf to save on flash size. Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> (cherry picked from commit 2f7284d) (cherry picked from commit 8f69de7) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
-This enables the MBEDTLS_PLATFORM_ZEROIZE_ALT definition on Mbed TLS build of the MCUBOOT when the platform library is enabled. If not defined the Mbed TLS will compile the zeroize function and it will cause multiple definition errors. This is a noup because the configuration does not exist outside the sdk-nrf. Ref: NCSDK-13503 Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> (cherry picked from commit 9286609) (cherry picked from commit 894db97) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no> (cherry picked from commit 132a537) (cherry picked from commit 855dfff) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
Add check for netcore addr if NSIB is enabled so netcore updates works Ref. NCSIDB-696 Signed-off-by: Simon Iversen <simon.iversen@nordicsemi.no> (cherry picked from commit 129b631) Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no>
…ary address greater than 1MB hdr->ih_magic is an internal Flash address though the secondary slot is on external Flash. Without this fix, hdr->ih_magic would cause a hardfault if the external address is greater than 1MB. In addition, this fix also moves network_core_update() to nrf53_hooks.c to have a better consistency. Signed-off-by: Kevin Ai <kevin.ai@nordicsemi.no>
mbolivar-nordic
force-pushed
the
main
branch
from
8b3d00a
to
1d535d0
Compare
mbolivar-nordic
force-pushed
the
main
branch
from
2da20eb
to
96fe9dd
Compare
mbolivar-nordic
force-pushed
the
main
branch
from
d97046e
to
e9086ca
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ary address greater than 1MB
hdr->ih_magic is an internal Flash address though the secondary slot is on external Flash. Without
this fix, hdr->ih_magic would cause a hardfault if the external address is greater than 1MB.
In addition, this fix also moves network_core_update() to nrf53_hooks.c to have a better consistency.
This PR works with another PR: nrfconnect/sdk-nrf#8232
Signed-off-by: Kevin Ai kevin.ai@nordicsemi.no