diff --git a/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h b/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h index e925717b42..acb9fdb116 100644 --- a/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h +++ b/boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h @@ -16,7 +16,7 @@ * * For examples, see: * - * boot/zephyr/include/mcuboot_config/mcuboot_config.h + * zephyr/include/mcuboot_config/mcuboot_config.h * boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h */ /* Default maximum number of flash sectors per image slot; change diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 6070cd5827..23761c0466 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -1,6 +1,7 @@ # CMakeLists.txt for building mcuboot as a Zephyr project # # Copyright (c) 2017 Open Source Foundries Limited +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 @@ -44,230 +45,10 @@ endmacro() find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(NONE) -# Path to "boot" subdirectory of repository root. -get_filename_component(BOOT_DIR ${APPLICATION_SOURCE_DIR} DIRECTORY) -# Path to top-level repository root directory. -get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY) -# Path to tinycrypt library source subdirectory of MCUBOOT_DIR. -set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib") -assert_exists(TINYCRYPT_DIR) -set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib") -assert_exists(TINYCRYPT_SHA512_DIR) -# Path to crypto-fiat -set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat") -assert_exists(FIAT_DIR) -# Path to mbed-tls' asn1 parser library. -set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls-asn1") -assert_exists(MBEDTLS_ASN1_DIR) -set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf") - -if(CONFIG_BOOT_USE_NRF_CC310_BL) -set(NRFXLIB_DIR ${ZEPHYR_BASE}/../nrfxlib) -if(NOT EXISTS ${NRFXLIB_DIR}) - message(FATAL_ERROR " - ------------------------------------------------------------------------ - No such file or directory: ${NRFXLIB_DIR} - The current configuration enables nRF CC310 crypto accelerator hardware - with the `CONFIG_BOOT_USE_NRF_CC310_BL` option. Please follow - `ext/nrf/README.md` guide to fix your setup or use tinycrypt instead of - the HW accelerator. - To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. - ------------------------------------------------------------------------") -endif() -# Don't include this if we are using west - add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) -endif() - -zephyr_library_include_directories( - include - targets - ) -if(EXISTS targets/${BOARD}.h) - zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") -endif() - -# Zephyr port-specific sources. -zephyr_library_sources( - main.c - flash_map_extended.c - os.c +target_sources(app PRIVATE keys.c ) -if(DEFINED CONFIG_ENABLE_MGMT_PERUSER) - zephyr_library_sources( - boot_serial_extensions.c - ) -endif() - -if(NOT DEFINED CONFIG_FLASH_PAGE_LAYOUT) - zephyr_library_sources( - flash_map_legacy.c - ) -endif() - -# Generic bootutil sources and includes. -zephyr_library_include_directories(${BOOT_DIR}/bootutil/include) -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/image_validate.c - ${BOOT_DIR}/bootutil/src/tlv.c - ${BOOT_DIR}/bootutil/src/encrypted.c - ${BOOT_DIR}/bootutil/src/image_rsa.c - ${BOOT_DIR}/bootutil/src/image_ec256.c - ${BOOT_DIR}/bootutil/src/image_ed25519.c - ${BOOT_DIR}/bootutil/src/bootutil_misc.c - ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c - ) - -# library which might be common source code for MCUBoot and an application -zephyr_link_libraries(MCUBOOT_BOOTUTIL) - -if(CONFIG_BOOT_FIH_PROFILE_HIGH) -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c - ) -endif() - -if(CONFIG_SINGLE_APPLICATION_SLOT) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/single_loader.c - ) -zephyr_library_include_directories(${BOOT_DIR}/bootutil/src) -else() -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/loader.c - ${BOOT_DIR}/bootutil/src/swap_misc.c - ${BOOT_DIR}/bootutil/src/swap_scratch.c - ${BOOT_DIR}/bootutil/src/swap_move.c - ${BOOT_DIR}/bootutil/src/caps.c - ) -endif() - -if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) - zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include - ) - zephyr_library_sources( - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c - ) - if(CONFIG_BOOT_USE_TINYCRYPT) - # When using ECDSA signatures, pull in our copy of the tinycrypt library. - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ) - zephyr_include_directories(${TINYCRYPT_DIR}/include) - - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/ecc.c - ${TINYCRYPT_DIR}/source/ecc_dsa.c - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ) - elseif(CONFIG_BOOT_USE_NRF_CC310_BL) - zephyr_library_sources(${NRF_DIR}/cc310_glue.c) - zephyr_library_include_directories(${NRF_DIR}) - zephyr_link_libraries(nrfxlib_crypto) - endif() - - # Since here we are not using Zephyr's mbedTLS but rather our own, we need - # to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this - # variable is set by its Kconfig in the Zephyr codebase. - zephyr_library_compile_definitions( - MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h" - ) -elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE) - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ) - - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ) -elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA) - # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file - # is set using Kconfig.) - zephyr_include_directories(include) - if(CONFIG_BOOT_ENCRYPT_RSA) - set_source_files_properties( - ${BOOT_DIR}/bootutil/src/encrypted.c - PROPERTIES - INCLUDE_DIRECTORIES ${ZEPHYR_MBEDTLS_MODULE_DIR}/library - ) - endif() -elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) - if(CONFIG_BOOT_USE_TINYCRYPT) - zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ${TINYCRYPT_SHA512_DIR}/include - ) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ${TINYCRYPT_SHA512_DIR}/source/sha512.c - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c - ) - zephyr_library_compile_definitions( - MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h" - ) - else() - zephyr_include_directories(include) - endif() - - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${FIAT_DIR}/include/ - ) - - zephyr_library_sources( - ${FIAT_DIR}/src/curve25519.c - ) -endif() - -if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/aes_encrypt.c - ${TINYCRYPT_DIR}/source/aes_decrypt.c - ${TINYCRYPT_DIR}/source/ctr_mode.c - ${TINYCRYPT_DIR}/source/hmac.c - ${TINYCRYPT_DIR}/source/ecc_dh.c - ) -endif() - -if(CONFIG_BOOT_ENCRYPT_EC256) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/ecc_dh.c - ) -endif() - -if(CONFIG_MCUBOOT_SERIAL) - zephyr_sources(${BOOT_DIR}/zephyr/serial_adapter.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/boot_serial.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/serial_recovery_cbor.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_decode.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_encode.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_common.c) - - zephyr_sources_ifdef(CONFIG_BOOT_MGMT_ECHO ${BOOT_DIR}/boot_serial/src/serial_recovery_echo.c) - - zephyr_include_directories(${BOOT_DIR}/bootutil/include) - zephyr_include_directories(${BOOT_DIR}/boot_serial/include) - zephyr_include_directories(include) - - zephyr_include_directories_ifdef( - CONFIG_BOOT_ERASE_PROGRESSIVELY - ${BOOT_DIR}/bootutil/src - ) -endif() - if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") # CONF_FILE points to the KConfig configuration files of the bootloader. foreach (filepath ${CONF_FILE}) @@ -288,7 +69,7 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") (EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) else() - set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + set(KEY_FILE ${ZEPHYR_MCUBOOT_MODULE_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) endif() message("MCUBoot bootloader key file: ${KEY_FILE}") @@ -297,7 +78,7 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") OUTPUT ${GENERATED_PUBKEY} COMMAND ${PYTHON_EXECUTABLE} - ${MCUBOOT_DIR}/scripts/imgtool.py + ${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py getpub -k ${KEY_FILE} @@ -306,49 +87,3 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") ) zephyr_library_sources(${GENERATED_PUBKEY}) endif() - -if(CONFIG_BOOT_ENCRYPTION_KEY_FILE AND NOT CONFIG_BOOT_ENCRYPTION_KEY_FILE STREQUAL "") - # CONF_FILE points to the KConfig configuration files of the bootloader. - unset(CONF_DIR) - foreach(filepath ${CONF_FILE}) - file(READ ${filepath} temp_text) - string(FIND "${temp_text}" ${CONFIG_BOOT_ENCRYPTION_KEY_FILE} match) - if(${match} GREATER_EQUAL 0) - if(NOT DEFINED CONF_DIR) - get_filename_component(CONF_DIR ${filepath} DIRECTORY) - else() - message(FATAL_ERROR "Encryption key file defined in multiple conf files") - endif() - endif() - endforeach() - - if(IS_ABSOLUTE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - set(KEY_FILE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - elseif((DEFINED CONF_DIR) AND - (EXISTS ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE})) - set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - else() - set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - endif() - message("MCUBoot bootloader encryption key file: ${KEY_FILE}") - - set(GENERATED_ENCKEY ${ZEPHYR_BINARY_DIR}/autogen-enckey.c) - add_custom_command( - OUTPUT ${GENERATED_ENCKEY} - COMMAND - ${PYTHON_EXECUTABLE} - ${MCUBOOT_DIR}/scripts/imgtool.py - getpriv - -k - ${KEY_FILE} - > ${GENERATED_ENCKEY} - DEPENDS ${KEY_FILE} - ) - zephyr_library_sources(${GENERATED_ENCKEY}) -endif() - -if(CONFIG_MCUBOOT_CLEANUP_ARM_CORE) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/arm_cleanup.c -) -endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 74925856d5..379cd1105b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -1,674 +1,10 @@ # Copyright (c) 2017-2020 Linaro Limited # Copyright (c) 2020 Arm Limited +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 # mainmenu "MCUboot configuration" -comment "MCUboot-specific configuration options" - -# Hidden option to mark a project as MCUboot -config MCUBOOT - default y - bool - select MPU_ALLOW_FLASH_WRITE if ARM_MPU - select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET - select MCUBOOT_BOOTUTIL_LIB - -config BOOT_USE_MBEDTLS - bool - # Hidden option - default n - help - Use mbedTLS for crypto primitives. - -config BOOT_USE_TINYCRYPT - bool - # Hidden option - default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - help - Use TinyCrypt for crypto primitives. - -config BOOT_USE_CC310 - bool - # Hidden option - default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - help - Use cc310 for crypto primitives. - -config BOOT_USE_NRF_CC310_BL - bool - default n - -config NRFXLIB_CRYPTO - bool - default n - -config NRF_CC310_BL - bool - default n - -menu "MCUBoot settings" - -config SINGLE_APPLICATION_SLOT - bool "Single slot bootloader" - default n - help - Single image area is used for application which means that - uploading a new application overwrites the one that previously - occupied the area. - -choice BOOT_SIGNATURE_TYPE - prompt "Signature type" - default BOOT_SIGNATURE_TYPE_RSA - -config BOOT_SIGNATURE_TYPE_NONE - bool "No signature; use only hash check" - select BOOT_USE_TINYCRYPT - -config BOOT_SIGNATURE_TYPE_RSA - bool "RSA signatures" - select BOOT_USE_MBEDTLS - select MBEDTLS - -if BOOT_SIGNATURE_TYPE_RSA -config BOOT_SIGNATURE_TYPE_RSA_LEN - int "RSA signature length" - range 2048 3072 - default 2048 -endif - -config BOOT_SIGNATURE_TYPE_ECDSA_P256 - bool "Elliptic curve digital signatures with curve P-256" - -if BOOT_SIGNATURE_TYPE_ECDSA_P256 -choice BOOT_ECDSA_IMPLEMENTATION - prompt "Ecdsa implementation" - default BOOT_ECDSA_TINYCRYPT - -config BOOT_ECDSA_TINYCRYPT - bool "Use tinycrypt" - select BOOT_USE_TINYCRYPT - -config BOOT_ECDSA_CC310 - bool "Use CC310" - depends on HAS_HW_NRF_CC310 - select BOOT_USE_NRF_CC310_BL - select NRF_CC310_BL - select NRFXLIB_CRYPTO - select BOOT_USE_CC310 -endchoice # Ecdsa implementation -endif - -config BOOT_SIGNATURE_TYPE_ED25519 - bool "Edwards curve digital signatures using ed25519" - -if BOOT_SIGNATURE_TYPE_ED25519 -choice BOOT_ED25519_IMPLEMENTATION - prompt "Ecdsa implementation" - default BOOT_ED25519_TINYCRYPT -config BOOT_ED25519_TINYCRYPT - bool "Use tinycrypt" - select BOOT_USE_TINYCRYPT -config BOOT_ED25519_MBEDTLS - bool "Use mbedTLS" - select BOOT_USE_MBEDTLS - select MBEDTLS -endchoice -endif - -endchoice - -config BOOT_SIGNATURE_KEY_FILE - string "PEM key file" - default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 - default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 - default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 - default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 - default "" - help - You can use either absolute or relative path. - In case relative path is used, the build system assumes that it starts - from the directory where the MCUBoot KConfig configuration file is - located. If the key file is not there, the build system uses relative - path that starts from the MCUBoot repository root directory. - The key file will be parsed by imgtool's getpub command and a .c source - with the public key information will be written in a format expected by - MCUboot. - -config MCUBOOT_CLEANUP_ARM_CORE - bool "Perform core cleanup before chain-load the application" - depends on CPU_CORTEX_M - default y if !ARCH_SUPPORTS_ARCH_HW_INIT - help - This option instructs MCUboot to perform a clean-up of a set of - architecture core HW registers before junping to the application - firmware. The clean-up sets these registers to their warm-reset - values as specified by the architecture. - - By default, this option is enabled only if the architecture does - not have the functionality to perform such a register clean-up - during application firmware boot. - - Zephyr applications on Cortex-M will perform this register clean-up - by default, if they are chain-loadable by MCUboot, so MCUboot does - not need to perform such a cleanup itself. - -config MBEDTLS_CFG_FILE - default "mcuboot-mbedtls-cfg.h" - -config BOOT_HW_KEY - bool "Use HW key for image verification" - default n - help - Use HW key for image verification, otherwise the public key is embedded - in MCUBoot. If enabled the public key is appended to the signed image - and requires the hash of the public key to be provisioned to the device - beforehand. - -config BOOT_VALIDATE_SLOT0 - bool "Validate image in the primary slot on every boot" - default y - help - If y, the bootloader attempts to validate the signature of the - primary slot every boot. This adds the signature check time to - every boot, but can mitigate against some changes that are - able to modify the flash image itself. - -config BOOT_VALIDATE_SLOT0_ONCE - bool "Validate image in the primary slot just once after after upgrade" - depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT - default n - help - If y, the bootloader attempts to validate the signature of the - primary slot only once after an upgrade of the main slot. - It caches the result in the magic area, which makes it an unsecure - method. This option is usefull for lowering the boot up time for - low end devices with as a compromise lowering the security level. - If unsure, leave at the default value. - -config BOOT_PREFER_SWAP_MOVE - bool "Prefer the newer swap move algorithm" - default y if SOC_FAMILY_NRF - default n - help - If y, the BOOT_IMAGE_UPGRADE_MODE will default to using - "move" instead of "scratch". This is a separate bool config - option, because Kconfig doesn't allow defaults to be - overridden in choice options. Most devices should be using - swap move. - -if !SINGLE_APPLICATION_SLOT -choice BOOT_IMAGE_UPGRADE_MODE - prompt "Image upgrade modes" - default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE - default BOOT_SWAP_USING_SCRATCH - -config BOOT_SWAP_USING_SCRATCH - bool "Swap mode that run with the scratch partition" - help - This is the most conservative swap mode but it can work even on - devices with heterogeneous flash page layout. - -config BOOT_UPGRADE_ONLY - bool "Overwrite image updates instead of swapping" - help - If y, overwrite the primary slot with the upgrade image instead - of swapping them. This prevents the fallback recovery, but - uses a much simpler code path. - -config BOOT_SWAP_USING_MOVE - bool "Swap mode that can run without a scratch partition" - help - If y, the swap upgrade is done in two steps, where first every - sector of the primary slot is moved up one sector, then for - each sector X in the secondary slot, it is moved to index X in - the primary slot, then the sector at X+1 in the primary is - moved to index X in the secondary. - This allows a swap upgrade without using a scratch partition, - but is currently limited to all sectors in both slots being of - the same size. - -config BOOT_DIRECT_XIP - bool "Run the latest image directly from its slot" - help - If y, mcuboot selects the newest valid image based on the image version - numbers, thereafter the selected image can run directly from its slot - without having to move/copy it into the primary slot. For this reason the - images must be linked to be executed from the given image slot. Using this - mode results in a simpler code path and smaller code size. - -config BOOT_RAM_LOAD - bool "RAM load" - help - If y, mcuboot selects the newest valid image based on the image version - numbers, thereafter the selected image is copied to RAM and executed from - there. For this reason, the image has to be linked to be executed from RAM. - The address that the image is copied to is specified using the load-addr - argument to the imgtool.py script which writes it to the image header. - -endchoice - -# Workaround for not being able to have commas in macro arguments -DT_CHOSEN_Z_SRAM := zephyr,sram - -if BOOT_RAM_LOAD -config BOOT_IMAGE_EXECUTABLE_RAM_START - hex "Boot image executable ram start" - default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM)) - -config BOOT_IMAGE_EXECUTABLE_RAM_SIZE - int "Boot image executable base size" - default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0) -endif - -config BOOT_DIRECT_XIP_REVERT - bool "Enable the revert mechanism in direct-xip mode" - depends on BOOT_DIRECT_XIP - default n - help - If y, enables the revert mechanism in direct-xip similar to the one in - swap mode. It requires the trailer magic to be added to the signed image. - When a reboot happens without the image being confirmed at runtime, the - bootloader considers the image faulty and erases it. After this it will - attempt to boot the previous image. The images can also be made permanent - (marked as confirmed in advance) just like in swap mode. - -config BOOT_BOOTSTRAP - bool "Bootstrap erased the primary slot from the secondary slot" - default n - help - If y, enables bootstraping support. Bootstrapping allows an erased - primary slot to be initialized from a valid image in the secondary slot. - If unsure, leave at the default value. - -config BOOT_SWAP_SAVE_ENCTLV - bool "Save encrypted key TLVs instead of plaintext keys in swap metadata" - default n - help - If y, instead of saving the encrypted image keys in plaintext in the - swap resume metadata, save the encrypted image TLVs. This should be used - when there is no security mechanism protecting the data in the primary - slot from being dumped. If n is selected (default), the keys are written - after being decrypted from the image TLVs and could be read by an - attacker who has access to the flash contents of the primary slot (eg - JTAG/SWD or primary slot in external flash). - If unsure, leave at the default value. - -config BOOT_ENCRYPT_IMAGE - bool - help - Hidden option used to check if any image encryption is enabled. - -config BOOT_ENCRYPT_RSA - bool "Support for encrypted upgrade images using RSA" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is RSA-OAEP (2048 bits). - -config BOOT_ENCRYPT_EC256 - bool "Support for encrypted upgrade images using ECIES-P256" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is ECIES using primitives - described under "ECIES-P256 encryption" in docs/encrypted_images.md. - -config BOOT_ENCRYPT_X25519 - bool "Support for encrypted upgrade images using ECIES-X25519" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is ECIES using primitives - described under "ECIES-X25519 encryption" in docs/encrypted_images.md. -endif # !SINGLE_APPLICATION_SLOT - -config BOOT_ENCRYPTION_KEY_FILE - string "encryption key file" - depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256 - default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 - default "" - help - You can use either absolute or relative path. - In case relative path is used, the build system assumes that it starts - from the directory where the MCUBoot KConfig configuration file is - located. If the key file is not there, the build system uses relative - path that starts from the MCUBoot repository root directory. - The key file will be parsed by imgtool's getpriv command and a .c source - with the public key information will be written in a format expected by - MCUboot. - -config BOOT_MAX_IMG_SECTORS - int "Maximum number of sectors per image slot" - default 128 - help - This option controls the maximum number of sectors that each of - the two image areas can contain. Smaller values reduce MCUboot's - memory usage; larger values allow it to support larger images. - If unsure, leave at the default value. - -config MEASURED_BOOT - bool "Store the boot state/measurements in shared memory" - default n - help - If enabled, the bootloader will store certain boot measurements such as - the hash of the firmware image in a shared memory area. This data can - be used later by runtime services (e.g. by a device attestation service). - -config BOOT_SHARE_DATA - bool "Save application specific data in shared memory area" - default n - -choice BOOT_FAULT_INJECTION_HARDENING_PROFILE - prompt "Fault injection hardening profile" - default BOOT_FIH_PROFILE_OFF - -config BOOT_FIH_PROFILE_OFF - bool "No hardening against hardware level fault injection" - help - No hardening in SW against hardware level fault injection: power or - clock glitching, etc. - -config BOOT_FIH_PROFILE_LOW - bool "Moderate level hardening against hardware level fault injection" - help - Moderate level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow. - -config BOOT_FIH_PROFILE_MEDIUM - bool "Medium level hardening against hardware level fault injection" - help - Medium level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow, double variables to discover register or memory corruption. - -config BOOT_FIH_PROFILE_HIGH - bool "Maximum level hardening against hardware level fault injection" - select MBEDTLS - help - Maximum level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow, double variables to discover register or memory corruption, random - delays to make code execution less predictable. Random delays requires an - entropy source. - -endchoice - -choice BOOT_USB_DFU - prompt "USB DFU" - default BOOT_USB_DFU_NO - -config BOOT_USB_DFU_NO - prompt "Disabled" - -config BOOT_USB_DFU_WAIT - bool "Wait for a prescribed duration to see if USB DFU is invoked" - select USB_DEVICE_STACK - select USB_DFU_CLASS - select IMG_MANAGER - help - If y, MCUboot waits for a prescribed duration of time to allow - for USB DFU to be invoked. Please note DFU always updates the - slot1 image. - -config BOOT_USB_DFU_GPIO - bool "Use GPIO to detect whether to trigger DFU mode" - select USB_DEVICE_STACK - select USB_DFU_CLASS - select IMG_MANAGER - help - If y, MCUboot uses GPIO to detect whether to invoke USB DFU. - -endchoice - -config BOOT_USB_DFU_WAIT_DELAY_MS - int "USB DFU wait duration" - depends on BOOT_USB_DFU_WAIT - default 12000 - help - Milliseconds to wait for USB DFU to be invoked. - -if BOOT_USB_DFU_GPIO - -config BOOT_USB_DFU_DETECT_PORT - string "GPIO device to trigger USB DFU mode (DEPRECATED)" - default GPIO_0 if SOC_FAMILY_NRF - help - Zephyr GPIO device that contains the pin used to trigger - USB DFU. - -config BOOT_USB_DFU_DETECT_PIN - int "Pin to trigger USB DFU mode (DEPRECATED)" - default 6 if BOARD_NRF9160DK_NRF9160 - default 11 if BOARD_NRF52840DK_NRF52840 - default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPP_NS - default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS - default -1 - help - Pin on the DFU detect port that triggers DFU mode. - -config BOOT_USB_DFU_DETECT_PIN_VAL - int "USB DFU detect pin trigger value (DEPRECATED)" - default 0 - range 0 1 - help - Logic value of the detect pin that triggers USB DFU mode. - -config BOOT_USB_DFU_DETECT_DELAY - int "Serial detect pin detection delay time [ms]" - default 0 - help - Used to prevent the bootloader from loading on button press. - Useful for powering on when using the same button as - the one used to place the device in bootloader mode. - -endif # BOOT_USB_DFU_GPIO - -config ZEPHYR_TRY_MASS_ERASE - bool "Try to mass erase flash when flashing MCUboot image" - default y - help - If y, attempt to configure the Zephyr build system's "flash" - target to mass-erase the flash device before flashing the - MCUboot image. This ensures the scratch and other partitions - are in a consistent state. - - This is not available for all targets. - -config BOOT_USE_BENCH - bool "Enable benchmark code" - default n - help - If y, adds support for simple benchmarking that can record - time intervals between two calls. The time printed depends - on the particular Zephyr target, and is generally ticks of a - specific board-specific timer. - -module = MCUBOOT -module-str = MCUBoot bootloader -source "subsys/logging/Kconfig.template.log_config" - -config MCUBOOT_LOG_THREAD_STACK_SIZE - int "Stack size for the MCUBoot log processing thread" - depends on LOG && !LOG_IMMEDIATE - default 2048 if COVERAGE_GCOV - default 1024 if NO_OPTIMIZATIONS - default 1024 if XTENSA - default 4096 if (X86 && X86_64) - default 4096 if ARM64 - default 768 - help - Set the internal stack size for MCUBoot log processing thread. - -config MCUBOOT_INDICATION_LED - bool "Turns on LED indication when device is in DFU" - default n - help - Device device activates the LED while in bootloader mode. - bootloader-led0 alias must be set in the device's .dts - definitions for this to work. - -rsource "Kconfig.serial_recovery" - -config BOOT_INTR_VEC_RELOC - bool "Relocate the interrupt vector to the application" - default n - depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR - help - Relocate the interrupt vector to the application before it is started. - Select this option if application requires vector relocation, - but it doesn't relocate vector in its reset handler. - -config UPDATEABLE_IMAGE_NUMBER - int "Number of updateable images" - default 1 - range 1 1 if SINGLE_APPLICATION_SLOT - help - Enables support of multi image update. - -choice BOOT_DOWNGRADE_PREVENTION_CHOICE - prompt "Downgrade prevention" - optional - -config MCUBOOT_DOWNGRADE_PREVENTION - bool "SW based downgrade prevention" - depends on !BOOT_DIRECT_XIP - help - Prevent downgrades by enforcing incrementing version numbers. - When this option is set, any upgrade must have greater major version - or greater minor version with equal major version. This mechanism - only protects against some attacks against version downgrades (for - example, a JTAG could be used to write an older version). - -config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER - bool "Use image security counter instead of version number" - depends on MCUBOOT_DOWNGRADE_PREVENTION - depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH) - help - Security counter is used for version eligibility check instead of pure - version. When this option is set, any upgrade must have greater or - equal security counter value. - Because of the acceptance of equal values it allows for software - downgrades to some extent. - -config MCUBOOT_HW_DOWNGRADE_PREVENTION - bool "HW based downgrade prevention" - help - Prevent undesirable/malicious software downgrades. When this option is - set, any upgrade must have greater or equal security counter value. - Because of the acceptance of equal values it allows for software - downgrade to some extent. - -endchoice - -config BOOT_WATCHDOG_FEED - bool "Feed the watchdog while doing swap" - default y if WATCHDOG - default y if SOC_FAMILY_NRF - # for nRF nrfx based implementation is available - imply NRFX_WDT if SOC_FAMILY_NRF - imply NRFX_WDT0 if SOC_FAMILY_NRF - imply NRFX_WDT1 if SOC_FAMILY_NRF - help - Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is - used to feed watchdog while doing time consuming operations. - -config BOOT_IMAGE_ACCESS_HOOKS - bool "Enable hooks for overriding MCUboot's native routines" - help - Allow to provide procedures for override or extend native - MCUboot's routines required for access the image data and the image - update. It is up to the project customization to add required source - files to the build. - -config MCUBOOT_ACTION_HOOKS - bool "Enable hooks for responding to MCUboot status changes" - help - This will call a handler when the MCUboot status changes which allows - for some level of user feedback, for instance to change LED status to - indicate a failure, using the callback: - 'void mcuboot_status_change(mcuboot_status_type_t status)' where - 'mcuboot_status_type_t' is listed in - boot/bootutil/include/bootutil/mcuboot_status.h - -endmenu - -config MCUBOOT_DEVICE_SETTINGS - # Hidden selector for device-specific settings - bool - default y - # CPU options - select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 - # Enable flash page layout if available - select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT - # Enable flash_map module as flash I/O back-end - select FLASH_MAP - -config MCUBOOT_DEVICE_CPU_CORTEX_M0 - # Hidden selector for Cortex-M0 settings - bool - default n - select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP - -comment "Zephyr configuration options" - -# Disabling MULTITHREADING provides a code size advantage, but -# it requires peripheral drivers (particularly a flash driver) -# that works properly with the option enabled. -# -# If you know for sure that your hardware will work, you can default -# it to n here. Otherwise, having it on by default makes the most -# hardware work. -config MULTITHREADING - default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING - default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT - default n if SOC_FAMILY_NRF - default y - -config LOG_PROCESS_THREAD - default n # mcuboot has its own log processing thread - -# override USB device name -config USB_DEVICE_PRODUCT - default "MCUBOOT" - -# use MCUboot's own log configuration -config MCUBOOT_BOOTUTIL_LIB_OWN_LOG - bool - default n - -config MCUBOOT_VERIFY_IMG_ADDRESS - bool "Verify reset address of image in secondary slot" - depends on UPDATEABLE_IMAGE_NUMBER > 1 - depends on !BOOT_ENCRYPT_IMAGE - depends on ARM - default y if BOOT_UPGRADE_ONLY - help - Verify that the reset address in the image located in the secondary slot - is contained within the corresponding primary slot. This is recommended - if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user - incorrectly uploads an update for image 1 to image 0's secondary slot - MCUboot will overwrite image 0's primary slot with this image even - though it will not boot. If swapping is enabled this will be handled - since the image will not confirm itself. If, however, swapping is not - enabled then the only mitigation is serial recovery. This feature can - also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image - linked at the correct address is loaded. - source "Kconfig.zephyr" diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e4c0129437..88966e1f60 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,3 +1,4 @@ +CONFIG_MCUBOOT=y CONFIG_DEBUG=y CONFIG_PM=n diff --git a/docs/PORTING.md b/docs/PORTING.md index 48040960ad..e51a2b7849 100644 --- a/docs/PORTING.md +++ b/docs/PORTING.md @@ -64,7 +64,7 @@ by MCUboot. For example, Mynewt uses MYNEWT_VAL() and Zephyr uses Kconfig; these configuration systems are converted to MCUBOOT_ options in the following files: -- boot/zephyr/include/mcuboot_config/mcuboot_config.h +- zephyr/include/mcuboot_config/mcuboot_config.h - boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h ## Flash Map diff --git a/docs/readme-zephyr.md b/docs/readme-zephyr.md index ea18fe9f48..fdd1ca4dff 100644 --- a/docs/readme-zephyr.md +++ b/docs/readme-zephyr.md @@ -61,7 +61,7 @@ it as usual: In addition to the partitions defined in DTS, some additional information about the flash layout is currently required to build MCUboot itself. All the needed configuration is collected in -`boot/zephyr/include/target.h`. Depending on the board, this information +`zephyr/include/target.h`. Depending on the board, this information may come from board-specific headers, Device Tree, or be configured by MCUboot on a per-SoC family basis. diff --git a/samples/mcuboot_config/mcuboot_config.template.h b/samples/mcuboot_config/mcuboot_config.template.h index 989ec61838..b1bee0fabd 100644 --- a/samples/mcuboot_config/mcuboot_config.template.h +++ b/samples/mcuboot_config/mcuboot_config.template.h @@ -17,7 +17,7 @@ * * For examples, see: * - * boot/zephyr/include/mcuboot_config/mcuboot_config.h + * zephyr/include/mcuboot_config/mcuboot_config.h * boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h */ diff --git a/sim/src/image.rs b/sim/src/image.rs index 568cf0aea9..6ad73d03fc 100644 --- a/sim/src/image.rs +++ b/sim/src/image.rs @@ -141,7 +141,7 @@ impl ImagesBuilder { let mut slots = Vec::with_capacity(num_images); for image in 0..num_images { // This mapping must match that defined in - // `boot/zephyr/include/sysflash/sysflash.h`. + // `zephyr/include/sysflash/sysflash.h`. let id0 = match image { 0 => FlashId::Image0, 1 => FlashId::Image2, diff --git a/west.yml b/west.yml new file mode 100644 index 0000000000..6cd322159c --- /dev/null +++ b/west.yml @@ -0,0 +1,32 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +# The west manifest file for Zephyr ecosystem development. +# +# Usage: +# west init -m https://github.com/mcu-tools/mcuboot +# west update + +manifest: + version: "0.12" + + remotes: + - name: zephyrproject + url-base: https://github.com/zephyrproject-rtos + - name: mcu-tools + url-base: https://github.com/mcu-tools + + defaults: + remote: mcu-tools + + projects: + - name: zephyr + revision: main + remote: zephyrproject + import: + name-blocklist: + - mcuboot + + self: + path: mcuboot diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt new file mode 100644 index 0000000000..c36d4857ee --- /dev/null +++ b/zephyr/CMakeLists.txt @@ -0,0 +1,36 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) + + +# Detect the platform reliably +if(ZEPHYR_BASE) +else() + message(FATAL_ERROR "ZEPHYR_BASE needs to be defined for Zephyr builds") +endif() + +# Verify the module name is set correctly +set(expected_module_name "mcuboot") +if(NOT "${module_name}" STREQUAL ${expected_module_name}) + message(FATAL_ERROR "A module configuration error has occurred. +This module is named '${module_name}' when '${expected_module_name}' \ +is expected. +Verify `module.yml` contains the line 'name: ${expected_module_name}'.") +endif() +unset(expected_module_name) + +#Do not allow in source builds +set(CMAKE_DISABLE_SOURCE_CHANGES ON) +set(CMAKE_DISABLE_IN_SOURCE_BUILD ON) + + +# +# Module options managed through Kconfig and use names CONFIG_* +# + +zephyr_include_directories(include) + +add_subdirectory(subsys) diff --git a/zephyr/Kconfig b/zephyr/Kconfig new file mode 100644 index 0000000000..b6e0dc807b --- /dev/null +++ b/zephyr/Kconfig @@ -0,0 +1,677 @@ +# Copyright (c) 2017-2020 Linaro Limited +# Copyright (c) 2020 Arm Limited +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 +# + + +# Option to build the project with the MCUBoot application +config MCUBOOT + bool "MCUBoot application" + default n + select MPU_ALLOW_FLASH_WRITE if ARM_MPU + select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET + select MCUBOOT_BOOTUTIL_LIB + +config BOOT_USE_MBEDTLS + bool + # Hidden option + default n + help + Use mbedTLS for crypto primitives. + +config BOOT_USE_TINYCRYPT + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + help + Use TinyCrypt for crypto primitives. + +config BOOT_USE_CC310 + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + help + Use cc310 for crypto primitives. + +config BOOT_USE_NRF_CC310_BL + bool + default n + +config NRFXLIB_CRYPTO + bool + default n + +config NRF_CC310_BL + bool + default n + +menu "MCUBoot settings" + +config SINGLE_APPLICATION_SLOT + bool "Single slot bootloader" + default n + help + Single image area is used for application which means that + uploading a new application overwrites the one that previously + occupied the area. + +choice BOOT_SIGNATURE_TYPE + prompt "Signature type" + default BOOT_SIGNATURE_TYPE_RSA + +config BOOT_SIGNATURE_TYPE_NONE + bool "No signature; use only hash check" + select BOOT_USE_TINYCRYPT + +config BOOT_SIGNATURE_TYPE_RSA + bool "RSA signatures" + select BOOT_USE_MBEDTLS + select MBEDTLS + +if BOOT_SIGNATURE_TYPE_RSA +config BOOT_SIGNATURE_TYPE_RSA_LEN + int "RSA signature length" + range 2048 3072 + default 2048 +endif + +config BOOT_SIGNATURE_TYPE_ECDSA_P256 + bool "Elliptic curve digital signatures with curve P-256" + +if BOOT_SIGNATURE_TYPE_ECDSA_P256 +choice BOOT_ECDSA_IMPLEMENTATION + prompt "Ecdsa implementation" + default BOOT_ECDSA_TINYCRYPT + +config BOOT_ECDSA_TINYCRYPT + bool "Use tinycrypt" + select BOOT_USE_TINYCRYPT + +config BOOT_ECDSA_CC310 + bool "Use CC310" + depends on HAS_HW_NRF_CC310 + select BOOT_USE_NRF_CC310_BL + select NRF_CC310_BL + select NRFXLIB_CRYPTO + select BOOT_USE_CC310 +endchoice # Ecdsa implementation +endif + +config BOOT_SIGNATURE_TYPE_ED25519 + bool "Edwards curve digital signatures using ed25519" + +if BOOT_SIGNATURE_TYPE_ED25519 +choice BOOT_ED25519_IMPLEMENTATION + prompt "Ecdsa implementation" + default BOOT_ED25519_TINYCRYPT +config BOOT_ED25519_TINYCRYPT + bool "Use tinycrypt" + select BOOT_USE_TINYCRYPT +config BOOT_ED25519_MBEDTLS + bool "Use mbedTLS" + select BOOT_USE_MBEDTLS + select MBEDTLS +endchoice +endif + +endchoice + +config BOOT_SIGNATURE_KEY_FILE + string "PEM key file" + default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 + default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 + default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 + default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + default "" + help + You can use either absolute or relative path. + In case relative path is used, the build system assumes that it starts + from the directory where the MCUBoot KConfig configuration file is + located. If the key file is not there, the build system uses relative + path that starts from the MCUBoot repository root directory. + The key file will be parsed by imgtool's getpub command and a .c source + with the public key information will be written in a format expected by + MCUboot. + +config MCUBOOT_CLEANUP_ARM_CORE + bool "Perform core cleanup before chain-load the application" + depends on CPU_CORTEX_M + default y if !ARCH_SUPPORTS_ARCH_HW_INIT + help + This option instructs MCUboot to perform a clean-up of a set of + architecture core HW registers before junping to the application + firmware. The clean-up sets these registers to their warm-reset + values as specified by the architecture. + + By default, this option is enabled only if the architecture does + not have the functionality to perform such a register clean-up + during application firmware boot. + + Zephyr applications on Cortex-M will perform this register clean-up + by default, if they are chain-loadable by MCUboot, so MCUboot does + not need to perform such a cleanup itself. + +config MBEDTLS_CFG_FILE + default "mcuboot-mbedtls-cfg.h" + +config BOOT_HW_KEY + bool "Use HW key for image verification" + default n + help + Use HW key for image verification, otherwise the public key is embedded + in MCUBoot. If enabled the public key is appended to the signed image + and requires the hash of the public key to be provisioned to the device + beforehand. + +config BOOT_VALIDATE_SLOT0 + bool "Validate image in the primary slot on every boot" + default y + help + If y, the bootloader attempts to validate the signature of the + primary slot every boot. This adds the signature check time to + every boot, but can mitigate against some changes that are + able to modify the flash image itself. + +config BOOT_VALIDATE_SLOT0_ONCE + bool "Validate image in the primary slot just once after after upgrade" + depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT + default n + help + If y, the bootloader attempts to validate the signature of the + primary slot only once after an upgrade of the main slot. + It caches the result in the magic area, which makes it an unsecure + method. This option is usefull for lowering the boot up time for + low end devices with as a compromise lowering the security level. + If unsure, leave at the default value. + +config BOOT_PREFER_SWAP_MOVE + bool "Prefer the newer swap move algorithm" + default y if SOC_FAMILY_NRF + default n + help + If y, the BOOT_IMAGE_UPGRADE_MODE will default to using + "move" instead of "scratch". This is a separate bool config + option, because Kconfig doesn't allow defaults to be + overridden in choice options. Most devices should be using + swap move. + +if !SINGLE_APPLICATION_SLOT +choice BOOT_IMAGE_UPGRADE_MODE + prompt "Image upgrade modes" + default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE + default BOOT_SWAP_USING_SCRATCH + +config BOOT_SWAP_USING_SCRATCH + bool "Swap mode that run with the scratch partition" + help + This is the most conservative swap mode but it can work even on + devices with heterogeneous flash page layout. + +config BOOT_UPGRADE_ONLY + bool "Overwrite image updates instead of swapping" + help + If y, overwrite the primary slot with the upgrade image instead + of swapping them. This prevents the fallback recovery, but + uses a much simpler code path. + +config BOOT_SWAP_USING_MOVE + bool "Swap mode that can run without a scratch partition" + help + If y, the swap upgrade is done in two steps, where first every + sector of the primary slot is moved up one sector, then for + each sector X in the secondary slot, it is moved to index X in + the primary slot, then the sector at X+1 in the primary is + moved to index X in the secondary. + This allows a swap upgrade without using a scratch partition, + but is currently limited to all sectors in both slots being of + the same size. + +config BOOT_DIRECT_XIP + bool "Run the latest image directly from its slot" + help + If y, mcuboot selects the newest valid image based on the image version + numbers, thereafter the selected image can run directly from its slot + without having to move/copy it into the primary slot. For this reason the + images must be linked to be executed from the given image slot. Using this + mode results in a simpler code path and smaller code size. + +config BOOT_RAM_LOAD + bool "RAM load" + help + If y, mcuboot selects the newest valid image based on the image version + numbers, thereafter the selected image is copied to RAM and executed from + there. For this reason, the image has to be linked to be executed from RAM. + The address that the image is copied to is specified using the load-addr + argument to the imgtool.py script which writes it to the image header. + +endchoice + +# Workaround for not being able to have commas in macro arguments +DT_CHOSEN_Z_SRAM := zephyr,sram + +if BOOT_RAM_LOAD +config BOOT_IMAGE_EXECUTABLE_RAM_START + hex "Boot image executable ram start" + default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM)) + +config BOOT_IMAGE_EXECUTABLE_RAM_SIZE + int "Boot image executable base size" + default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0) +endif + +config BOOT_DIRECT_XIP_REVERT + bool "Enable the revert mechanism in direct-xip mode" + depends on BOOT_DIRECT_XIP + default n + help + If y, enables the revert mechanism in direct-xip similar to the one in + swap mode. It requires the trailer magic to be added to the signed image. + When a reboot happens without the image being confirmed at runtime, the + bootloader considers the image faulty and erases it. After this it will + attempt to boot the previous image. The images can also be made permanent + (marked as confirmed in advance) just like in swap mode. + +config BOOT_BOOTSTRAP + bool "Bootstrap erased the primary slot from the secondary slot" + default n + help + If y, enables bootstraping support. Bootstrapping allows an erased + primary slot to be initialized from a valid image in the secondary slot. + If unsure, leave at the default value. + +config BOOT_SWAP_SAVE_ENCTLV + bool "Save encrypted key TLVs instead of plaintext keys in swap metadata" + default n + help + If y, instead of saving the encrypted image keys in plaintext in the + swap resume metadata, save the encrypted image TLVs. This should be used + when there is no security mechanism protecting the data in the primary + slot from being dumped. If n is selected (default), the keys are written + after being decrypted from the image TLVs and could be read by an + attacker who has access to the flash contents of the primary slot (eg + JTAG/SWD or primary slot in external flash). + If unsure, leave at the default value. + +config BOOT_ENCRYPT_IMAGE + bool + help + Hidden option used to check if any image encryption is enabled. + +config BOOT_ENCRYPT_RSA + bool "Support for encrypted upgrade images using RSA" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is RSA-OAEP (2048 bits). + +config BOOT_ENCRYPT_EC256 + bool "Support for encrypted upgrade images using ECIES-P256" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is ECIES using primitives + described under "ECIES-P256 encryption" in docs/encrypted_images.md. + +config BOOT_ENCRYPT_X25519 + bool "Support for encrypted upgrade images using ECIES-X25519" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is ECIES using primitives + described under "ECIES-X25519 encryption" in docs/encrypted_images.md. +endif # !SINGLE_APPLICATION_SLOT + +config BOOT_ENCRYPTION_KEY_FILE + string "encryption key file" + depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256 + default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 + default "" + help + You can use either absolute or relative path. + In case relative path is used, the build system assumes that it starts + from the directory where the MCUBoot KConfig configuration file is + located. If the key file is not there, the build system uses relative + path that starts from the MCUBoot repository root directory. + The key file will be parsed by imgtool's getpriv command and a .c source + with the public key information will be written in a format expected by + MCUboot. + +config BOOT_MAX_IMG_SECTORS + int "Maximum number of sectors per image slot" + default 128 + help + This option controls the maximum number of sectors that each of + the two image areas can contain. Smaller values reduce MCUboot's + memory usage; larger values allow it to support larger images. + If unsure, leave at the default value. + +config MEASURED_BOOT + bool "Store the boot state/measurements in shared memory" + default n + help + If enabled, the bootloader will store certain boot measurements such as + the hash of the firmware image in a shared memory area. This data can + be used later by runtime services (e.g. by a device attestation service). + +config BOOT_SHARE_DATA + bool "Save application specific data in shared memory area" + default n + +choice BOOT_FAULT_INJECTION_HARDENING_PROFILE + prompt "Fault injection hardening profile" + default BOOT_FIH_PROFILE_OFF + +config BOOT_FIH_PROFILE_OFF + bool "No hardening against hardware level fault injection" + help + No hardening in SW against hardware level fault injection: power or + clock glitching, etc. + +config BOOT_FIH_PROFILE_LOW + bool "Moderate level hardening against hardware level fault injection" + help + Moderate level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow. + +config BOOT_FIH_PROFILE_MEDIUM + bool "Medium level hardening against hardware level fault injection" + help + Medium level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption. + +config BOOT_FIH_PROFILE_HIGH + bool "Maximum level hardening against hardware level fault injection" + select MBEDTLS + help + Maximum level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption, random + delays to make code execution less predictable. Random delays requires an + entropy source. + +endchoice + +choice BOOT_USB_DFU + prompt "USB DFU" + default BOOT_USB_DFU_NO + +config BOOT_USB_DFU_NO + prompt "Disabled" + +config BOOT_USB_DFU_WAIT + bool "Wait for a prescribed duration to see if USB DFU is invoked" + select USB_DEVICE_STACK + select USB_DFU_CLASS + select IMG_MANAGER + help + If y, MCUboot waits for a prescribed duration of time to allow + for USB DFU to be invoked. Please note DFU always updates the + slot1 image. + +config BOOT_USB_DFU_GPIO + bool "Use GPIO to detect whether to trigger DFU mode" + select USB_DEVICE_STACK + select USB_DFU_CLASS + select IMG_MANAGER + help + If y, MCUboot uses GPIO to detect whether to invoke USB DFU. + +endchoice + +config BOOT_USB_DFU_WAIT_DELAY_MS + int "USB DFU wait duration" + depends on BOOT_USB_DFU_WAIT + default 12000 + help + Milliseconds to wait for USB DFU to be invoked. + +if BOOT_USB_DFU_GPIO + +config BOOT_USB_DFU_DETECT_PORT + string "GPIO device to trigger USB DFU mode (DEPRECATED)" + default GPIO_0 if SOC_FAMILY_NRF + help + Zephyr GPIO device that contains the pin used to trigger + USB DFU. + +config BOOT_USB_DFU_DETECT_PIN + int "Pin to trigger USB DFU mode (DEPRECATED)" + default 6 if BOARD_NRF9160DK_NRF9160 + default 11 if BOARD_NRF52840DK_NRF52840 + default 13 if BOARD_NRF52DK_NRF52832 + default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPP_NS + default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS + default -1 + help + Pin on the DFU detect port that triggers DFU mode. + +config BOOT_USB_DFU_DETECT_PIN_VAL + int "USB DFU detect pin trigger value (DEPRECATED)" + default 0 + range 0 1 + help + Logic value of the detect pin that triggers USB DFU mode. + +config BOOT_USB_DFU_DETECT_DELAY + int "Serial detect pin detection delay time [ms]" + default 0 + help + Used to prevent the bootloader from loading on button press. + Useful for powering on when using the same button as + the one used to place the device in bootloader mode. + +endif # BOOT_USB_DFU_GPIO + +config ZEPHYR_TRY_MASS_ERASE + bool "Try to mass erase flash when flashing MCUboot image" + default y + help + If y, attempt to configure the Zephyr build system's "flash" + target to mass-erase the flash device before flashing the + MCUboot image. This ensures the scratch and other partitions + are in a consistent state. + + This is not available for all targets. + +config BOOT_USE_BENCH + bool "Enable benchmark code" + default n + help + If y, adds support for simple benchmarking that can record + time intervals between two calls. The time printed depends + on the particular Zephyr target, and is generally ticks of a + specific board-specific timer. + +if MCUBOOT +module = MCUBOOT +module-str = MCUBoot bootloader +source "subsys/logging/Kconfig.template.log_config" +endif + +config MCUBOOT_LOG_THREAD_STACK_SIZE + int "Stack size for the MCUBoot log processing thread" + depends on LOG && !LOG_IMMEDIATE + default 2048 if COVERAGE_GCOV + default 1024 if NO_OPTIMIZATIONS + default 1024 if XTENSA + default 4096 if (X86 && X86_64) + default 4096 if ARM64 + default 768 + help + Set the internal stack size for MCUBoot log processing thread. + +config MCUBOOT_INDICATION_LED + bool "Turns on LED indication when device is in DFU" + default n + help + Device device activates the LED while in bootloader mode. + bootloader-led0 alias must be set in the device's .dts + definitions for this to work. + +rsource "Kconfig.serial_recovery" + +config BOOT_INTR_VEC_RELOC + bool "Relocate the interrupt vector to the application" + default n + depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR + help + Relocate the interrupt vector to the application before it is started. + Select this option if application requires vector relocation, + but it doesn't relocate vector in its reset handler. + +config UPDATEABLE_IMAGE_NUMBER + int "Number of updateable images" + default 1 + range 1 1 if SINGLE_APPLICATION_SLOT + help + Enables support of multi image update. + +choice BOOT_DOWNGRADE_PREVENTION_CHOICE + prompt "Downgrade prevention" + optional + +config MCUBOOT_DOWNGRADE_PREVENTION + bool "SW based downgrade prevention" + depends on !BOOT_DIRECT_XIP + help + Prevent downgrades by enforcing incrementing version numbers. + When this option is set, any upgrade must have greater major version + or greater minor version with equal major version. This mechanism + only protects against some attacks against version downgrades (for + example, a JTAG could be used to write an older version). + +config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER + bool "Use image security counter instead of version number" + depends on MCUBOOT_DOWNGRADE_PREVENTION + depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH) + help + Security counter is used for version eligibility check instead of pure + version. When this option is set, any upgrade must have greater or + equal security counter value. + Because of the acceptance of equal values it allows for software + downgrades to some extent. + +config MCUBOOT_HW_DOWNGRADE_PREVENTION + bool "HW based downgrade prevention" + help + Prevent undesirable/malicious software downgrades. When this option is + set, any upgrade must have greater or equal security counter value. + Because of the acceptance of equal values it allows for software + downgrade to some extent. + +endchoice + +config BOOT_WATCHDOG_FEED + bool "Feed the watchdog while doing swap" + default y if WATCHDOG + default y if SOC_FAMILY_NRF + # for nRF nrfx based implementation is available + imply NRFX_WDT if SOC_FAMILY_NRF + imply NRFX_WDT0 if SOC_FAMILY_NRF + imply NRFX_WDT1 if SOC_FAMILY_NRF + help + Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is + used to feed watchdog while doing time consuming operations. + +config BOOT_IMAGE_ACCESS_HOOKS + bool "Enable hooks for overriding MCUboot's native routines" + help + Allow to provide procedures for override or extend native + MCUboot's routines required for access the image data and the image + update. It is up to the project customization to add required source + files to the build. + +config MCUBOOT_ACTION_HOOKS + bool "Enable hooks for responding to MCUboot status changes" + help + This will call a handler when the MCUboot status changes which allows + for some level of user feedback, for instance to change LED status to + indicate a failure, using the callback: + 'void mcuboot_status_change(mcuboot_status_type_t status)' where + 'mcuboot_status_type_t' is listed in + boot/bootutil/include/bootutil/mcuboot_status.h + +endmenu + +config MCUBOOT_DEVICE_SETTINGS + # Hidden selector for device-specific settings + bool + default y + # CPU options + select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 + # Enable flash page layout if available + select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT + # Enable flash_map module as flash I/O back-end + select FLASH_MAP + +config MCUBOOT_DEVICE_CPU_CORTEX_M0 + # Hidden selector for Cortex-M0 settings + bool + default n + select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP + +comment "Zephyr configuration options" + +# Disabling MULTITHREADING provides a code size advantage, but +# it requires peripheral drivers (particularly a flash driver) +# that works properly with the option enabled. +# +# If you know for sure that your hardware will work, you can default +# it to n here. Otherwise, having it on by default makes the most +# hardware work. + +if MCUBOOT +config MULTITHREADING + default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING + default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT + default n if SOC_FAMILY_NRF + default y +endif + +config LOG_PROCESS_THREAD + default n # mcuboot has its own log processing thread + +# override USB device name +config USB_DEVICE_PRODUCT + default "MCUBOOT" + +## use MCUboot's own log configuration +#config MCUBOOT_BOOTUTIL_LIB_OWN_LOG +# bool +# default n + +config MCUBOOT_VERIFY_IMG_ADDRESS + bool "Verify reset address of image in secondary slot" + depends on UPDATEABLE_IMAGE_NUMBER > 1 + depends on !BOOT_ENCRYPT_IMAGE + depends on ARM + default y if BOOT_UPGRADE_ONLY + help + Verify that the reset address in the image located in the secondary slot + is contained within the corresponding primary slot. This is recommended + if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user + incorrectly uploads an update for image 1 to image 0's secondary slot + MCUboot will overwrite image 0's primary slot with this image even + though it will not boot. If swapping is enabled this will be handled + since the image will not confirm itself. If, however, swapping is not + enabled then the only mitigation is serial recovery. This feature can + also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image + linked at the correct address is loaded. + +source "modules/Kconfig.mcuboot_bootutil" diff --git a/boot/zephyr/Kconfig.serial_recovery b/zephyr/Kconfig.serial_recovery similarity index 100% rename from boot/zephyr/Kconfig.serial_recovery rename to zephyr/Kconfig.serial_recovery diff --git a/boot/zephyr/include/arm_cleanup.h b/zephyr/include/arm_cleanup.h similarity index 100% rename from boot/zephyr/include/arm_cleanup.h rename to zephyr/include/arm_cleanup.h diff --git a/boot/zephyr/include/config-asn1.h b/zephyr/include/config-asn1.h similarity index 100% rename from boot/zephyr/include/config-asn1.h rename to zephyr/include/config-asn1.h diff --git a/boot/zephyr/include/config-ec.h b/zephyr/include/config-ec.h similarity index 100% rename from boot/zephyr/include/config-ec.h rename to zephyr/include/config-ec.h diff --git a/boot/zephyr/include/config-ed25519.h b/zephyr/include/config-ed25519.h similarity index 100% rename from boot/zephyr/include/config-ed25519.h rename to zephyr/include/config-ed25519.h diff --git a/boot/zephyr/include/config-kw.h b/zephyr/include/config-kw.h similarity index 100% rename from boot/zephyr/include/config-kw.h rename to zephyr/include/config-kw.h diff --git a/boot/zephyr/include/config-rsa-kw.h b/zephyr/include/config-rsa-kw.h similarity index 100% rename from boot/zephyr/include/config-rsa-kw.h rename to zephyr/include/config-rsa-kw.h diff --git a/boot/zephyr/include/config-rsa.h b/zephyr/include/config-rsa.h similarity index 100% rename from boot/zephyr/include/config-rsa.h rename to zephyr/include/config-rsa.h diff --git a/boot/zephyr/include/flash_map_backend/flash_map_backend.h b/zephyr/include/flash_map_backend/flash_map_backend.h similarity index 100% rename from boot/zephyr/include/flash_map_backend/flash_map_backend.h rename to zephyr/include/flash_map_backend/flash_map_backend.h diff --git a/boot/zephyr/include/hal/hal_bsp.h b/zephyr/include/hal/hal_bsp.h similarity index 100% rename from boot/zephyr/include/hal/hal_bsp.h rename to zephyr/include/hal/hal_bsp.h diff --git a/boot/zephyr/include/hal/hal_flash.h b/zephyr/include/hal/hal_flash.h similarity index 100% rename from boot/zephyr/include/hal/hal_flash.h rename to zephyr/include/hal/hal_flash.h diff --git a/boot/zephyr/include/mcuboot-mbedtls-cfg.h b/zephyr/include/mcuboot-mbedtls-cfg.h similarity index 100% rename from boot/zephyr/include/mcuboot-mbedtls-cfg.h rename to zephyr/include/mcuboot-mbedtls-cfg.h diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/zephyr/include/mcuboot_config/mcuboot_config.h similarity index 100% rename from boot/zephyr/include/mcuboot_config/mcuboot_config.h rename to zephyr/include/mcuboot_config/mcuboot_config.h diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_logging.h b/zephyr/include/mcuboot_config/mcuboot_logging.h similarity index 100% rename from boot/zephyr/include/mcuboot_config/mcuboot_logging.h rename to zephyr/include/mcuboot_config/mcuboot_logging.h diff --git a/boot/zephyr/include/os/os.h b/zephyr/include/os/os.h similarity index 100% rename from boot/zephyr/include/os/os.h rename to zephyr/include/os/os.h diff --git a/boot/zephyr/include/os/os_heap.h b/zephyr/include/os/os_heap.h similarity index 100% rename from boot/zephyr/include/os/os_heap.h rename to zephyr/include/os/os_heap.h diff --git a/boot/zephyr/include/os/os_malloc.h b/zephyr/include/os/os_malloc.h similarity index 100% rename from boot/zephyr/include/os/os_malloc.h rename to zephyr/include/os/os_malloc.h diff --git a/boot/zephyr/include/platform-bench.h b/zephyr/include/platform-bench.h similarity index 100% rename from boot/zephyr/include/platform-bench.h rename to zephyr/include/platform-bench.h diff --git a/boot/zephyr/include/serial_adapter/serial_adapter.h b/zephyr/include/serial_adapter/serial_adapter.h similarity index 100% rename from boot/zephyr/include/serial_adapter/serial_adapter.h rename to zephyr/include/serial_adapter/serial_adapter.h diff --git a/boot/zephyr/include/single_loader.h b/zephyr/include/single_loader.h similarity index 100% rename from boot/zephyr/include/single_loader.h rename to zephyr/include/single_loader.h diff --git a/boot/zephyr/include/sysflash/sysflash.h b/zephyr/include/sysflash/sysflash.h similarity index 100% rename from boot/zephyr/include/sysflash/sysflash.h rename to zephyr/include/sysflash/sysflash.h diff --git a/boot/zephyr/include/target.h b/zephyr/include/target.h similarity index 100% rename from boot/zephyr/include/target.h rename to zephyr/include/target.h diff --git a/zephyr/module.yml b/zephyr/module.yml index c4293e3877..68ba030f68 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -1,4 +1,10 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +name: mcuboot samples: - boot/zephyr build: - cmake: ./boot/bootutil/zephyr + kconfig: zephyr/Kconfig + cmake: zephyr diff --git a/zephyr/subsys/CMakeLists.txt b/zephyr/subsys/CMakeLists.txt new file mode 100644 index 0000000000..6bb351fb08 --- /dev/null +++ b/zephyr/subsys/CMakeLists.txt @@ -0,0 +1,9 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) + +add_subdirectory_ifdef(CONFIG_MCUBOOT_BOOTUTIL_LIB mcuboot_util) +add_subdirectory_ifdef(CONFIG_MCUBOOT mcuboot_svc) diff --git a/zephyr/subsys/mcuboot_svc/CMakeLists.txt b/zephyr/subsys/mcuboot_svc/CMakeLists.txt new file mode 100644 index 0000000000..e83798acf9 --- /dev/null +++ b/zephyr/subsys/mcuboot_svc/CMakeLists.txt @@ -0,0 +1,234 @@ +# CMakeLists.txt for building mcuboot as a Zephyr project +# +# Copyright (c) 2017 Open Source Foundries Limited +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +cmake_minimum_required(VERSION 3.13.1) + +# Path to "boot" subdirectory of repository root. +set(BOOT_DIR ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot) +# Path to top-level repository root directory. +set(MCUBOOT_DIR ${ZEPHYR_MCUBOOT_MODULE_DIR}) +# Path to tinycrypt library source subdirectory of MCUBOOT_DIR. +set(TINYCRYPT_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt/lib") +assert_exists(TINYCRYPT_DIR) +set(TINYCRYPT_SHA512_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt-sha512/lib") +assert_exists(TINYCRYPT_SHA512_DIR) +# Path to crypto-fiat +set(FIAT_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/fiat") +assert_exists(FIAT_DIR) +# Path to mbed-tls' asn1 parser library. +set(MBEDTLS_ASN1_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/mbedtls-asn1") +assert_exists(MBEDTLS_ASN1_DIR) +set(NRF_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/nrf") + +if(CONFIG_BOOT_USE_NRF_CC310_BL) +set(NRFXLIB_DIR ${ZEPHYR_NRFXLIB_MODULE_DIR}) +if(NOT EXISTS ${NRFXLIB_DIR}) + message(FATAL_ERROR " + ------------------------------------------------------------------------ + No such file or directory: ${NRFXLIB_DIR} + The current configuration enables nRF CC310 crypto accelerator hardware + with the `CONFIG_BOOT_USE_NRF_CC310_BL` option. Please follow + `ext/nrf/README.md` guide to fix your setup or use tinycrypt instead of + the HW accelerator. + To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. + ------------------------------------------------------------------------") +endif() +# Don't include this if we are using west + add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) +endif() + +zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + targets + ) +if(EXISTS targets/${BOARD}.h) + zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") +endif() + +# Zephyr port-specific sources. +zephyr_library_sources( + main.c + flash_map_extended.c + os.c + ) + +if(DEFINED CONFIG_ENABLE_MGMT_PERUSER) + zephyr_library_sources( + boot_serial_extensions.c + ) +endif() + +if(NOT DEFINED CONFIG_FLASH_PAGE_LAYOUT) + zephyr_library_sources( + flash_map_legacy.c + ) +endif() + +# Generic bootutil sources and includes. +zephyr_library_include_directories(${BOOT_DIR}/bootutil/include) +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/image_validate.c + ${BOOT_DIR}/bootutil/src/tlv.c + ${BOOT_DIR}/bootutil/src/encrypted.c + ${BOOT_DIR}/bootutil/src/image_rsa.c + ${BOOT_DIR}/bootutil/src/image_ec256.c + ${BOOT_DIR}/bootutil/src/image_ed25519.c + ${BOOT_DIR}/bootutil/src/bootutil_misc.c + ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c + ) + +if(CONFIG_BOOT_FIH_PROFILE_HIGH) +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c + ) +endif() + +if(CONFIG_SINGLE_APPLICATION_SLOT) +zephyr_library_sources( + single_loader.c + ) +zephyr_library_include_directories(${BOOT_DIR}/bootutil/src) +else() +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/loader.c + ${BOOT_DIR}/bootutil/src/swap_misc.c + ${BOOT_DIR}/bootutil/src/swap_scratch.c + ${BOOT_DIR}/bootutil/src/swap_move.c + ${BOOT_DIR}/bootutil/src/caps.c + ) +endif() + +if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include + ) + zephyr_library_sources( + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c + ) + if(CONFIG_BOOT_USE_TINYCRYPT) + # When using ECDSA signatures, pull in our copy of the tinycrypt library. + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ) + zephyr_include_directories(${TINYCRYPT_DIR}/include) + + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/ecc.c + ${TINYCRYPT_DIR}/source/ecc_dsa.c + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ) + elseif(CONFIG_BOOT_USE_NRF_CC310_BL) + zephyr_library_sources(${NRF_DIR}/cc310_glue.c) + zephyr_library_include_directories(${NRF_DIR}) + zephyr_link_libraries(nrfxlib_crypto) + endif() + + # Since here we are not using Zephyr's mbedTLS but rather our own, we need + # to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this + # variable is set by its Kconfig in the Zephyr codebase. + zephyr_library_compile_definitions( + MBEDTLS_CONFIG_FILE="${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include/mcuboot-mbedtls-cfg.h" + ) +elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE) + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ) + + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ) +elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA) + # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file + # is set using Kconfig.) + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + if(CONFIG_BOOT_ENCRYPT_RSA) + set_source_files_properties( + ${BOOT_DIR}/bootutil/src/encrypted.c + PROPERTIES + INCLUDE_DIRECTORIES ${ZEPHYR_MBEDTLS_MODULE_DIR}/library + ) + endif() +elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) + if(CONFIG_BOOT_USE_TINYCRYPT) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ${TINYCRYPT_SHA512_DIR}/include + ) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ${TINYCRYPT_SHA512_DIR}/source/sha512.c + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c + ) + zephyr_library_compile_definitions( + MBEDTLS_CONFIG_FILE="${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include/mcuboot-mbedtls-cfg.h" + ) + else() + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + endif() + + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${FIAT_DIR}/include/ + ) + + zephyr_library_sources( + ${FIAT_DIR}/src/curve25519.c + ) +endif() + +if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/aes_encrypt.c + ${TINYCRYPT_DIR}/source/aes_decrypt.c + ${TINYCRYPT_DIR}/source/ctr_mode.c + ${TINYCRYPT_DIR}/source/hmac.c + ${TINYCRYPT_DIR}/source/ecc_dh.c + ) +endif() + +if(CONFIG_BOOT_ENCRYPT_EC256) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/ecc_dh.c + ) +endif() + +if(CONFIG_MCUBOOT_SERIAL) + zephyr_sources(serial_adapter.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/boot_serial.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/serial_recovery_cbor.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_decode.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_encode.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_common.c) + + zephyr_sources_ifdef(CONFIG_BOOT_MGMT_ECHO ${BOOT_DIR}/boot_serial/src/serial_recovery_echo.c) + + zephyr_include_directories(${BOOT_DIR}/bootutil/include) + zephyr_include_directories(${BOOT_DIR}/boot_serial/include) + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + + zephyr_include_directories_ifdef( + CONFIG_BOOT_ERASE_PROGRESSIVELY + ${BOOT_DIR}/bootutil/src + ) +endif() + +if(CONFIG_MCUBOOT_CLEANUP_ARM_CORE) +zephyr_library_sources( + arm_cleanup.c +) +endif() diff --git a/boot/zephyr/arm_cleanup.c b/zephyr/subsys/mcuboot_svc/arm_cleanup.c similarity index 100% rename from boot/zephyr/arm_cleanup.c rename to zephyr/subsys/mcuboot_svc/arm_cleanup.c diff --git a/boot/zephyr/boot_serial_extensions.c b/zephyr/subsys/mcuboot_svc/boot_serial_extensions.c similarity index 100% rename from boot/zephyr/boot_serial_extensions.c rename to zephyr/subsys/mcuboot_svc/boot_serial_extensions.c diff --git a/boot/zephyr/flash_map_extended.c b/zephyr/subsys/mcuboot_svc/flash_map_extended.c similarity index 100% rename from boot/zephyr/flash_map_extended.c rename to zephyr/subsys/mcuboot_svc/flash_map_extended.c diff --git a/boot/zephyr/flash_map_legacy.c b/zephyr/subsys/mcuboot_svc/flash_map_legacy.c similarity index 100% rename from boot/zephyr/flash_map_legacy.c rename to zephyr/subsys/mcuboot_svc/flash_map_legacy.c diff --git a/boot/zephyr/main.c b/zephyr/subsys/mcuboot_svc/main.c similarity index 100% rename from boot/zephyr/main.c rename to zephyr/subsys/mcuboot_svc/main.c diff --git a/boot/zephyr/os.c b/zephyr/subsys/mcuboot_svc/os.c similarity index 100% rename from boot/zephyr/os.c rename to zephyr/subsys/mcuboot_svc/os.c diff --git a/boot/zephyr/serial_adapter.c b/zephyr/subsys/mcuboot_svc/serial_adapter.c similarity index 100% rename from boot/zephyr/serial_adapter.c rename to zephyr/subsys/mcuboot_svc/serial_adapter.c diff --git a/boot/zephyr/single_loader.c b/zephyr/subsys/mcuboot_svc/single_loader.c similarity index 100% rename from boot/zephyr/single_loader.c rename to zephyr/subsys/mcuboot_svc/single_loader.c diff --git a/boot/zephyr/targets/arduino_101.h b/zephyr/subsys/mcuboot_svc/targets/arduino_101.h similarity index 100% rename from boot/zephyr/targets/arduino_101.h rename to zephyr/subsys/mcuboot_svc/targets/arduino_101.h diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/zephyr/subsys/mcuboot_util/CMakeLists.txt similarity index 66% rename from boot/bootutil/zephyr/CMakeLists.txt rename to zephyr/subsys/mcuboot_util/CMakeLists.txt index 72a6a8638f..17bb2da766 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/zephyr/subsys/mcuboot_util/CMakeLists.txt @@ -1,21 +1,21 @@ # Copyright (c) 2020 Nordic Semiconductor ASA +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 -if(CONFIG_MCUBOOT_BOOTUTIL_LIB) zephyr_interface_library_named(MCUBOOT_BOOTUTIL) -target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../ - ../include - ../../zephyr/include +zephyr_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include ) zephyr_library_named(mcuboot_util) zephyr_library_sources( - ../src/bootutil_public.c - ) + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil/src/bootutil_public.c + ) # Sensitivity to the TEST_BOOT_IMAGE_ACCESS_HOOKS define is implemented for # allowing the test-build with the hooks feature enabled. @@ -30,11 +30,10 @@ target_link_libraries(MCUBOOT_BOOTUTIL INTERFACE zephyr_interface) if(CONFIG_BOOT_USE_TINYCRYPT) target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../../../ext/tinycrypt/lib/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt/lib/include ) endif() if(CONFIG_BOOT_USE_MBEDTLS) zephyr_link_libraries(mbedTLS) endif() -endif()