From 42068ca1046f02f45a8eeb86d2fe343655cebcb8 Mon Sep 17 00:00:00 2001 From: Xiang Xiao Date: Sun, 13 Nov 2022 21:17:02 +0800 Subject: [PATCH 1/4] Refactor Kconfig into project/module parts - Add prompt to MCUBOOT Kconfig and default 'n' - Add prompt to MCUBOOT_APP Kconfig and default 'n' - Add prompt to MCUBOOT_DEVICE_SETTINGS_ Kconfig and default 'n'. These device settings rules need to not be applied for the psa_crypto build. - Add boot/zephyr/Kconfig reference to module.yml - Relocate module Kconfig into mcuboot/zephyr/ - Relocate module-level Kconfig declarations into the module's zephyr/ subdirectory so that it is visible for external build configurations. Removed sourcing of Kconfig.zephyr - Restore sourcing of Kconfig.zephyr to stripped boot/zephyr/Kconfig. The MCUBOOT Kconfig seems to control the inclusion of MCUboot application code in the Zephyr build.. Because this name matches the module and an alternate name was used to include MCUboot's bootutil package the name usage is a bit unorthodox. An ortodox and scalable pattern is for a Kconfig matching the module name to control the exposure of the module itself (e.g., the public headers). The first step in this transition is to make MCUBOOT public and default to 'n'. Defaulting to 'n' will prevent this module with interfering with other existing builds. Incremental verification: 1. (Pass) west build -p always -b nrf52840dk_nrf52840 mcuboot/boot/zephyr/ 2. (Pass) ./zephyr/scripts/twister --testsuite-root mcuboot/boot/zephyr/ 3. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/tfm_integration/psa_crypto/ 4. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/tests/subsys/dfu/ 5. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/subsys/mgmt/mcumgr/smp_svr/ Signed-off-by: Xiang Xiao Signed-off-by: Gregory Shue --- boot/zephyr/Kconfig | 666 +---------------- boot/zephyr/prj.conf | 7 + zephyr/Kconfig | 676 ++++++++++++++++++ .../zephyr => zephyr}/Kconfig.serial_recovery | 0 zephyr/module.yml | 6 + 5 files changed, 690 insertions(+), 665 deletions(-) create mode 100644 zephyr/Kconfig rename {boot/zephyr => zephyr}/Kconfig.serial_recovery (100%) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index e89a0b6025..379cd1105b 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -1,674 +1,10 @@ # Copyright (c) 2017-2020 Linaro Limited # Copyright (c) 2020 Arm Limited +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 # mainmenu "MCUboot configuration" -comment "MCUboot-specific configuration options" - -# Hidden option to mark a project as MCUboot -config MCUBOOT - default y - bool - select MPU_ALLOW_FLASH_WRITE if ARM_MPU - select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET - select MCUBOOT_BOOTUTIL_LIB - -config BOOT_USE_MBEDTLS - bool - # Hidden option - default n - help - Use mbedTLS for crypto primitives. - -config BOOT_USE_TINYCRYPT - bool - # Hidden option - default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - help - Use TinyCrypt for crypto primitives. - -config BOOT_USE_CC310 - bool - # Hidden option - default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - help - Use cc310 for crypto primitives. - -config BOOT_USE_NRF_CC310_BL - bool - default n - -config NRFXLIB_CRYPTO - bool - default n - -config NRF_CC310_BL - bool - default n - -menu "MCUBoot settings" - -config SINGLE_APPLICATION_SLOT - bool "Single slot bootloader" - default n - help - Single image area is used for application which means that - uploading a new application overwrites the one that previously - occupied the area. - -choice BOOT_SIGNATURE_TYPE - prompt "Signature type" - default BOOT_SIGNATURE_TYPE_RSA - -config BOOT_SIGNATURE_TYPE_NONE - bool "No signature; use only hash check" - select BOOT_USE_TINYCRYPT - -config BOOT_SIGNATURE_TYPE_RSA - bool "RSA signatures" - select BOOT_USE_MBEDTLS - select MBEDTLS - -if BOOT_SIGNATURE_TYPE_RSA -config BOOT_SIGNATURE_TYPE_RSA_LEN - int "RSA signature length" - range 2048 3072 - default 2048 -endif - -config BOOT_SIGNATURE_TYPE_ECDSA_P256 - bool "Elliptic curve digital signatures with curve P-256" - -if BOOT_SIGNATURE_TYPE_ECDSA_P256 -choice BOOT_ECDSA_IMPLEMENTATION - prompt "Ecdsa implementation" - default BOOT_ECDSA_TINYCRYPT - -config BOOT_ECDSA_TINYCRYPT - bool "Use tinycrypt" - select BOOT_USE_TINYCRYPT - -config BOOT_ECDSA_CC310 - bool "Use CC310" - depends on HAS_HW_NRF_CC310 - select BOOT_USE_NRF_CC310_BL - select NRF_CC310_BL - select NRFXLIB_CRYPTO - select BOOT_USE_CC310 -endchoice # Ecdsa implementation -endif - -config BOOT_SIGNATURE_TYPE_ED25519 - bool "Edwards curve digital signatures using ed25519" - -if BOOT_SIGNATURE_TYPE_ED25519 -choice BOOT_ED25519_IMPLEMENTATION - prompt "Ecdsa implementation" - default BOOT_ED25519_TINYCRYPT -config BOOT_ED25519_TINYCRYPT - bool "Use tinycrypt" - select BOOT_USE_TINYCRYPT -config BOOT_ED25519_MBEDTLS - bool "Use mbedTLS" - select BOOT_USE_MBEDTLS - select MBEDTLS -endchoice -endif - -endchoice - -config BOOT_SIGNATURE_KEY_FILE - string "PEM key file" - default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 - default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 - default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 - default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 - default "" - help - You can use either absolute or relative path. - In case relative path is used, the build system assumes that it starts - from the directory where the MCUBoot KConfig configuration file is - located. If the key file is not there, the build system uses relative - path that starts from the MCUBoot repository root directory. - The key file will be parsed by imgtool's getpub command and a .c source - with the public key information will be written in a format expected by - MCUboot. - -config MCUBOOT_CLEANUP_ARM_CORE - bool "Perform core cleanup before chain-load the application" - depends on CPU_CORTEX_M - default y if !ARCH_SUPPORTS_ARCH_HW_INIT - help - This option instructs MCUboot to perform a clean-up of a set of - architecture core HW registers before junping to the application - firmware. The clean-up sets these registers to their warm-reset - values as specified by the architecture. - - By default, this option is enabled only if the architecture does - not have the functionality to perform such a register clean-up - during application firmware boot. - - Zephyr applications on Cortex-M will perform this register clean-up - by default, if they are chain-loadable by MCUboot, so MCUboot does - not need to perform such a cleanup itself. - -config MBEDTLS_CFG_FILE - default "mcuboot-mbedtls-cfg.h" - -config BOOT_HW_KEY - bool "Use HW key for image verification" - default n - help - Use HW key for image verification, otherwise the public key is embedded - in MCUBoot. If enabled the public key is appended to the signed image - and requires the hash of the public key to be provisioned to the device - beforehand. - -config BOOT_VALIDATE_SLOT0 - bool "Validate image in the primary slot on every boot" - default y - help - If y, the bootloader attempts to validate the signature of the - primary slot every boot. This adds the signature check time to - every boot, but can mitigate against some changes that are - able to modify the flash image itself. - -config BOOT_VALIDATE_SLOT0_ONCE - bool "Validate image in the primary slot just once after after upgrade" - depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT - default n - help - If y, the bootloader attempts to validate the signature of the - primary slot only once after an upgrade of the main slot. - It caches the result in the magic area, which makes it an unsecure - method. This option is usefull for lowering the boot up time for - low end devices with as a compromise lowering the security level. - If unsure, leave at the default value. - -config BOOT_PREFER_SWAP_MOVE - bool "Prefer the newer swap move algorithm" - default y if SOC_FAMILY_NRF - default y if !$(dt_nodelabel_enabled,scratch_partition) - help - If y, the BOOT_IMAGE_UPGRADE_MODE will default to using - "move" instead of "scratch". This is a separate bool config - option, because Kconfig doesn't allow defaults to be - overridden in choice options. Most devices should be using - swap move. - -if !SINGLE_APPLICATION_SLOT -choice BOOT_IMAGE_UPGRADE_MODE - prompt "Image upgrade modes" - default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE - default BOOT_SWAP_USING_SCRATCH - -config BOOT_SWAP_USING_SCRATCH - bool "Swap mode that run with the scratch partition" - help - This is the most conservative swap mode but it can work even on - devices with heterogeneous flash page layout. - -config BOOT_UPGRADE_ONLY - bool "Overwrite image updates instead of swapping" - help - If y, overwrite the primary slot with the upgrade image instead - of swapping them. This prevents the fallback recovery, but - uses a much simpler code path. - -config BOOT_SWAP_USING_MOVE - bool "Swap mode that can run without a scratch partition" - help - If y, the swap upgrade is done in two steps, where first every - sector of the primary slot is moved up one sector, then for - each sector X in the secondary slot, it is moved to index X in - the primary slot, then the sector at X+1 in the primary is - moved to index X in the secondary. - This allows a swap upgrade without using a scratch partition, - but is currently limited to all sectors in both slots being of - the same size. - -config BOOT_DIRECT_XIP - bool "Run the latest image directly from its slot" - help - If y, mcuboot selects the newest valid image based on the image version - numbers, thereafter the selected image can run directly from its slot - without having to move/copy it into the primary slot. For this reason the - images must be linked to be executed from the given image slot. Using this - mode results in a simpler code path and smaller code size. - -config BOOT_RAM_LOAD - bool "RAM load" - help - If y, mcuboot selects the newest valid image based on the image version - numbers, thereafter the selected image is copied to RAM and executed from - there. For this reason, the image has to be linked to be executed from RAM. - The address that the image is copied to is specified using the load-addr - argument to the imgtool.py script which writes it to the image header. - -endchoice - -# Workaround for not being able to have commas in macro arguments -DT_CHOSEN_Z_SRAM := zephyr,sram - -if BOOT_RAM_LOAD -config BOOT_IMAGE_EXECUTABLE_RAM_START - hex "Boot image executable ram start" - default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM)) - -config BOOT_IMAGE_EXECUTABLE_RAM_SIZE - int "Boot image executable base size" - default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0) -endif - -config BOOT_DIRECT_XIP_REVERT - bool "Enable the revert mechanism in direct-xip mode" - depends on BOOT_DIRECT_XIP - default n - help - If y, enables the revert mechanism in direct-xip similar to the one in - swap mode. It requires the trailer magic to be added to the signed image. - When a reboot happens without the image being confirmed at runtime, the - bootloader considers the image faulty and erases it. After this it will - attempt to boot the previous image. The images can also be made permanent - (marked as confirmed in advance) just like in swap mode. - -config BOOT_BOOTSTRAP - bool "Bootstrap erased the primary slot from the secondary slot" - default n - help - If y, enables bootstraping support. Bootstrapping allows an erased - primary slot to be initialized from a valid image in the secondary slot. - If unsure, leave at the default value. - -config BOOT_SWAP_SAVE_ENCTLV - bool "Save encrypted key TLVs instead of plaintext keys in swap metadata" - default n - help - If y, instead of saving the encrypted image keys in plaintext in the - swap resume metadata, save the encrypted image TLVs. This should be used - when there is no security mechanism protecting the data in the primary - slot from being dumped. If n is selected (default), the keys are written - after being decrypted from the image TLVs and could be read by an - attacker who has access to the flash contents of the primary slot (eg - JTAG/SWD or primary slot in external flash). - If unsure, leave at the default value. - -config BOOT_ENCRYPT_IMAGE - bool - help - Hidden option used to check if any image encryption is enabled. - -config BOOT_ENCRYPT_RSA - bool "Support for encrypted upgrade images using RSA" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is RSA-OAEP (2048 bits). - -config BOOT_ENCRYPT_EC256 - bool "Support for encrypted upgrade images using ECIES-P256" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is ECIES using primitives - described under "ECIES-P256 encryption" in docs/encrypted_images.md. - -config BOOT_ENCRYPT_X25519 - bool "Support for encrypted upgrade images using ECIES-X25519" - select BOOT_ENCRYPT_IMAGE - help - If y, images in the secondary slot can be encrypted and are decrypted - on the fly when upgrading to the primary slot, as well as encrypted - back when swapping from the primary slot to the secondary slot. The - encryption mechanism used in this case is ECIES using primitives - described under "ECIES-X25519 encryption" in docs/encrypted_images.md. -endif # !SINGLE_APPLICATION_SLOT - -config BOOT_ENCRYPTION_KEY_FILE - string "encryption key file" - depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256 - default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 - default "" - help - You can use either absolute or relative path. - In case relative path is used, the build system assumes that it starts - from the directory where the MCUBoot KConfig configuration file is - located. If the key file is not there, the build system uses relative - path that starts from the MCUBoot repository root directory. - The key file will be parsed by imgtool's getpriv command and a .c source - with the public key information will be written in a format expected by - MCUboot. - -config BOOT_MAX_IMG_SECTORS - int "Maximum number of sectors per image slot" - default 128 - help - This option controls the maximum number of sectors that each of - the two image areas can contain. Smaller values reduce MCUboot's - memory usage; larger values allow it to support larger images. - If unsure, leave at the default value. - -config MEASURED_BOOT - bool "Store the boot state/measurements in shared memory" - default n - help - If enabled, the bootloader will store certain boot measurements such as - the hash of the firmware image in a shared memory area. This data can - be used later by runtime services (e.g. by a device attestation service). - -config BOOT_SHARE_DATA - bool "Save application specific data in shared memory area" - default n - -choice BOOT_FAULT_INJECTION_HARDENING_PROFILE - prompt "Fault injection hardening profile" - default BOOT_FIH_PROFILE_OFF - -config BOOT_FIH_PROFILE_OFF - bool "No hardening against hardware level fault injection" - help - No hardening in SW against hardware level fault injection: power or - clock glitching, etc. - -config BOOT_FIH_PROFILE_LOW - bool "Moderate level hardening against hardware level fault injection" - help - Moderate level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow. - -config BOOT_FIH_PROFILE_MEDIUM - bool "Medium level hardening against hardware level fault injection" - help - Medium level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow, double variables to discover register or memory corruption. - -config BOOT_FIH_PROFILE_HIGH - bool "Maximum level hardening against hardware level fault injection" - select MBEDTLS - help - Maximum level hardening: Long global fail loop to avoid break out, - control flow integrity check to discover discrepancy in expected code - flow, double variables to discover register or memory corruption, random - delays to make code execution less predictable. Random delays requires an - entropy source. - -endchoice - -choice BOOT_USB_DFU - prompt "USB DFU" - default BOOT_USB_DFU_NO - -config BOOT_USB_DFU_NO - prompt "Disabled" - -config BOOT_USB_DFU_WAIT - bool "Wait for a prescribed duration to see if USB DFU is invoked" - select USB_DEVICE_STACK - select USB_DFU_CLASS - select IMG_MANAGER - help - If y, MCUboot waits for a prescribed duration of time to allow - for USB DFU to be invoked. Please note DFU always updates the - slot1 image. - -config BOOT_USB_DFU_GPIO - bool "Use GPIO to detect whether to trigger DFU mode" - select USB_DEVICE_STACK - select USB_DFU_CLASS - select IMG_MANAGER - help - If y, MCUboot uses GPIO to detect whether to invoke USB DFU. - -endchoice - -config BOOT_USB_DFU_WAIT_DELAY_MS - int "USB DFU wait duration" - depends on BOOT_USB_DFU_WAIT - default 12000 - help - Milliseconds to wait for USB DFU to be invoked. - -if BOOT_USB_DFU_GPIO - -config BOOT_USB_DFU_DETECT_PORT - string "GPIO device to trigger USB DFU mode (DEPRECATED)" - default GPIO_0 if SOC_FAMILY_NRF - help - Zephyr GPIO device that contains the pin used to trigger - USB DFU. - -config BOOT_USB_DFU_DETECT_PIN - int "Pin to trigger USB DFU mode (DEPRECATED)" - default 6 if BOARD_NRF9160DK_NRF9160 - default 11 if BOARD_NRF52840DK_NRF52840 - default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPP_NS - default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS - default -1 - help - Pin on the DFU detect port that triggers DFU mode. - -config BOOT_USB_DFU_DETECT_PIN_VAL - int "USB DFU detect pin trigger value (DEPRECATED)" - default 0 - range 0 1 - help - Logic value of the detect pin that triggers USB DFU mode. - -config BOOT_USB_DFU_DETECT_DELAY - int "Serial detect pin detection delay time [ms]" - default 0 - help - Used to prevent the bootloader from loading on button press. - Useful for powering on when using the same button as - the one used to place the device in bootloader mode. - -endif # BOOT_USB_DFU_GPIO - -config ZEPHYR_TRY_MASS_ERASE - bool "Try to mass erase flash when flashing MCUboot image" - default y - help - If y, attempt to configure the Zephyr build system's "flash" - target to mass-erase the flash device before flashing the - MCUboot image. This ensures the scratch and other partitions - are in a consistent state. - - This is not available for all targets. - -config BOOT_USE_BENCH - bool "Enable benchmark code" - default n - help - If y, adds support for simple benchmarking that can record - time intervals between two calls. The time printed depends - on the particular Zephyr target, and is generally ticks of a - specific board-specific timer. - -module = MCUBOOT -module-str = MCUBoot bootloader -source "subsys/logging/Kconfig.template.log_config" - -config MCUBOOT_LOG_THREAD_STACK_SIZE - int "Stack size for the MCUBoot log processing thread" - depends on LOG && !LOG_IMMEDIATE - default 2048 if COVERAGE_GCOV - default 1024 if NO_OPTIMIZATIONS - default 1024 if XTENSA - default 4096 if (X86 && X86_64) - default 4096 if ARM64 - default 768 - help - Set the internal stack size for MCUBoot log processing thread. - -config MCUBOOT_INDICATION_LED - bool "Turns on LED indication when device is in DFU" - default n - help - Device device activates the LED while in bootloader mode. - bootloader-led0 alias must be set in the device's .dts - definitions for this to work. - -rsource "Kconfig.serial_recovery" - -config BOOT_INTR_VEC_RELOC - bool "Relocate the interrupt vector to the application" - default n - depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR - help - Relocate the interrupt vector to the application before it is started. - Select this option if application requires vector relocation, - but it doesn't relocate vector in its reset handler. - -config UPDATEABLE_IMAGE_NUMBER - int "Number of updateable images" - default 1 - range 1 1 if SINGLE_APPLICATION_SLOT - help - Enables support of multi image update. - -choice BOOT_DOWNGRADE_PREVENTION_CHOICE - prompt "Downgrade prevention" - optional - -config MCUBOOT_DOWNGRADE_PREVENTION - bool "SW based downgrade prevention" - depends on !BOOT_DIRECT_XIP - help - Prevent downgrades by enforcing incrementing version numbers. - When this option is set, any upgrade must have greater major version - or greater minor version with equal major version. This mechanism - only protects against some attacks against version downgrades (for - example, a JTAG could be used to write an older version). - -config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER - bool "Use image security counter instead of version number" - depends on MCUBOOT_DOWNGRADE_PREVENTION - depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH) - help - Security counter is used for version eligibility check instead of pure - version. When this option is set, any upgrade must have greater or - equal security counter value. - Because of the acceptance of equal values it allows for software - downgrades to some extent. - -config MCUBOOT_HW_DOWNGRADE_PREVENTION - bool "HW based downgrade prevention" - help - Prevent undesirable/malicious software downgrades. When this option is - set, any upgrade must have greater or equal security counter value. - Because of the acceptance of equal values it allows for software - downgrade to some extent. - -endchoice - -config BOOT_WATCHDOG_FEED - bool "Feed the watchdog while doing swap" - default y if WATCHDOG - default y if SOC_FAMILY_NRF - # for nRF nrfx based implementation is available - imply NRFX_WDT if SOC_FAMILY_NRF - imply NRFX_WDT0 if SOC_FAMILY_NRF - imply NRFX_WDT1 if SOC_FAMILY_NRF - help - Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is - used to feed watchdog while doing time consuming operations. - -config BOOT_IMAGE_ACCESS_HOOKS - bool "Enable hooks for overriding MCUboot's native routines" - help - Allow to provide procedures for override or extend native - MCUboot's routines required for access the image data and the image - update. It is up to the project customization to add required source - files to the build. - -config MCUBOOT_ACTION_HOOKS - bool "Enable hooks for responding to MCUboot status changes" - help - This will call a handler when the MCUboot status changes which allows - for some level of user feedback, for instance to change LED status to - indicate a failure, using the callback: - 'void mcuboot_status_change(mcuboot_status_type_t status)' where - 'mcuboot_status_type_t' is listed in - boot/bootutil/include/bootutil/mcuboot_status.h - -endmenu - -config MCUBOOT_DEVICE_SETTINGS - # Hidden selector for device-specific settings - bool - default y - # CPU options - select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 - # Enable flash page layout if available - select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT - # Enable flash_map module as flash I/O back-end - select FLASH_MAP - -config MCUBOOT_DEVICE_CPU_CORTEX_M0 - # Hidden selector for Cortex-M0 settings - bool - default n - select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP - -comment "Zephyr configuration options" - -# Disabling MULTITHREADING provides a code size advantage, but -# it requires peripheral drivers (particularly a flash driver) -# that works properly with the option enabled. -# -# If you know for sure that your hardware will work, you can default -# it to n here. Otherwise, having it on by default makes the most -# hardware work. -config MULTITHREADING - default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING - default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT - default n if SOC_FAMILY_NRF - default y - -config LOG_PROCESS_THREAD - default n # mcuboot has its own log processing thread - -# override USB device name -config USB_DEVICE_PRODUCT - default "MCUBOOT" - -# use MCUboot's own log configuration -config MCUBOOT_BOOTUTIL_LIB_OWN_LOG - bool - default n - -config MCUBOOT_VERIFY_IMG_ADDRESS - bool "Verify reset address of image in secondary slot" - depends on UPDATEABLE_IMAGE_NUMBER > 1 - depends on !BOOT_ENCRYPT_IMAGE - depends on ARM - default y if BOOT_UPGRADE_ONLY - help - Verify that the reset address in the image located in the secondary slot - is contained within the corresponding primary slot. This is recommended - if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user - incorrectly uploads an update for image 1 to image 0's secondary slot - MCUboot will overwrite image 0's primary slot with this image even - though it will not boot. If swapping is enabled this will be handled - since the image will not confirm itself. If, however, swapping is not - enabled then the only mitigation is serial recovery. This feature can - also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image - linked at the correct address is loaded. - source "Kconfig.zephyr" diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e4c0129437..13dd6b4c86 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,7 +1,13 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_MCUBOOT_APP=y CONFIG_DEBUG=y CONFIG_PM=n CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_CUSTOM_MBEDTLS_CFG_FILE=y CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" CONFIG_BOOT_SWAP_SAVE_ENCTLV=n @@ -34,3 +40,4 @@ CONFIG_LOG_MODE_MINIMAL=y # former CONFIG_MODE_MINIMAL CONFIG_LOG_DEFAULT_LEVEL=0 ### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y CONFIG_CBPRINTF_NANO=y +CONFIG_MCUBOOT_DEVICE_SETTINGS=y diff --git a/zephyr/Kconfig b/zephyr/Kconfig new file mode 100644 index 0000000000..dadc4892e1 --- /dev/null +++ b/zephyr/Kconfig @@ -0,0 +1,676 @@ +# Copyright (c) 2017-2020 Linaro Limited +# Copyright (c) 2020 Arm Limited +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 +# + +comment "MCUboot-specific configuration options" + +# Option to build the project with the MCUBoot application +config MCUBOOT_APP + bool "MCUBoot application" + select MPU_ALLOW_FLASH_WRITE if ARM_MPU + select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET + select MCUBOOT_BOOTUTIL_LIB + select MCUBOOT + +config MCUBOOT_BOOTUTIL_LIB_OWN_LOG + default n if MCUBOOT_APP + +config BOOT_USE_MBEDTLS + bool + # Hidden option + default n + help + Use mbedTLS for crypto primitives. + +config BOOT_USE_TINYCRYPT + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + help + Use TinyCrypt for crypto primitives. + +config BOOT_USE_CC310 + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + help + Use cc310 for crypto primitives. + +config BOOT_USE_NRF_CC310_BL + bool + default n + +config NRFXLIB_CRYPTO + bool + default n + +config NRF_CC310_BL + bool + default n + +menu "MCUBoot settings" + +config SINGLE_APPLICATION_SLOT + bool "Single slot bootloader" + default n + help + Single image area is used for application which means that + uploading a new application overwrites the one that previously + occupied the area. + +choice BOOT_SIGNATURE_TYPE + prompt "Signature type" + default BOOT_SIGNATURE_TYPE_RSA + +config BOOT_SIGNATURE_TYPE_NONE + bool "No signature; use only hash check" + select BOOT_USE_TINYCRYPT + +config BOOT_SIGNATURE_TYPE_RSA + bool "RSA signatures" + select BOOT_USE_MBEDTLS + select MBEDTLS + +if BOOT_SIGNATURE_TYPE_RSA +config BOOT_SIGNATURE_TYPE_RSA_LEN + int "RSA signature length" + range 2048 3072 + default 2048 +endif + +config BOOT_SIGNATURE_TYPE_ECDSA_P256 + bool "Elliptic curve digital signatures with curve P-256" + +if BOOT_SIGNATURE_TYPE_ECDSA_P256 +choice BOOT_ECDSA_IMPLEMENTATION + prompt "Ecdsa implementation" + default BOOT_ECDSA_TINYCRYPT + +config BOOT_ECDSA_TINYCRYPT + bool "Use tinycrypt" + select BOOT_USE_TINYCRYPT + +config BOOT_ECDSA_CC310 + bool "Use CC310" + depends on HAS_HW_NRF_CC310 + select BOOT_USE_NRF_CC310_BL + select NRF_CC310_BL + select NRFXLIB_CRYPTO + select BOOT_USE_CC310 +endchoice # Ecdsa implementation +endif + +config BOOT_SIGNATURE_TYPE_ED25519 + bool "Edwards curve digital signatures using ed25519" + +if BOOT_SIGNATURE_TYPE_ED25519 +choice BOOT_ED25519_IMPLEMENTATION + prompt "Ecdsa implementation" + default BOOT_ED25519_TINYCRYPT +config BOOT_ED25519_TINYCRYPT + bool "Use tinycrypt" + select BOOT_USE_TINYCRYPT +config BOOT_ED25519_MBEDTLS + bool "Use mbedTLS" + select BOOT_USE_MBEDTLS + select MBEDTLS +endchoice +endif + +endchoice + +config BOOT_SIGNATURE_KEY_FILE + string "PEM key file" + default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 + default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 + default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 + default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + default "" + help + You can use either absolute or relative path. + In case relative path is used, the build system assumes that it starts + from the directory where the MCUBoot KConfig configuration file is + located. If the key file is not there, the build system uses relative + path that starts from the MCUBoot repository root directory. + The key file will be parsed by imgtool's getpub command and a .c source + with the public key information will be written in a format expected by + MCUboot. + +config MCUBOOT_CLEANUP_ARM_CORE + bool "Perform core cleanup before chain-load the application" + depends on CPU_CORTEX_M + default y if !ARCH_SUPPORTS_ARCH_HW_INIT + help + This option instructs MCUboot to perform a clean-up of a set of + architecture core HW registers before junping to the application + firmware. The clean-up sets these registers to their warm-reset + values as specified by the architecture. + + By default, this option is enabled only if the architecture does + not have the functionality to perform such a register clean-up + during application firmware boot. + + Zephyr applications on Cortex-M will perform this register clean-up + by default, if they are chain-loadable by MCUboot, so MCUboot does + not need to perform such a cleanup itself. + +config MBEDTLS_CFG_FILE + default "mcuboot-mbedtls-cfg.h" if MCUBOOT_APP + +config BOOT_HW_KEY + bool "Use HW key for image verification" + default n + help + Use HW key for image verification, otherwise the public key is embedded + in MCUBoot. If enabled the public key is appended to the signed image + and requires the hash of the public key to be provisioned to the device + beforehand. + +config BOOT_VALIDATE_SLOT0 + bool "Validate image in the primary slot on every boot" + default y + help + If y, the bootloader attempts to validate the signature of the + primary slot every boot. This adds the signature check time to + every boot, but can mitigate against some changes that are + able to modify the flash image itself. + +config BOOT_VALIDATE_SLOT0_ONCE + bool "Validate image in the primary slot just once after after upgrade" + depends on !BOOT_VALIDATE_SLOT0 && SINGLE_APPLICATION_SLOT + default n + help + If y, the bootloader attempts to validate the signature of the + primary slot only once after an upgrade of the main slot. + It caches the result in the magic area, which makes it an unsecure + method. This option is usefull for lowering the boot up time for + low end devices with as a compromise lowering the security level. + If unsure, leave at the default value. + +config BOOT_PREFER_SWAP_MOVE + bool "Prefer the newer swap move algorithm" + default y if SOC_FAMILY_NRF + default y if !$(dt_nodelabel_enabled,scratch_partition) + help + If y, the BOOT_IMAGE_UPGRADE_MODE will default to using + "move" instead of "scratch". This is a separate bool config + option, because Kconfig doesn't allow defaults to be + overridden in choice options. Most devices should be using + swap move. + +if !SINGLE_APPLICATION_SLOT +choice BOOT_IMAGE_UPGRADE_MODE + prompt "Image upgrade modes" + default BOOT_SWAP_USING_MOVE if BOOT_PREFER_SWAP_MOVE + default BOOT_SWAP_USING_SCRATCH + +config BOOT_SWAP_USING_SCRATCH + bool "Swap mode that run with the scratch partition" + help + This is the most conservative swap mode but it can work even on + devices with heterogeneous flash page layout. + +config BOOT_UPGRADE_ONLY + bool "Overwrite image updates instead of swapping" + help + If y, overwrite the primary slot with the upgrade image instead + of swapping them. This prevents the fallback recovery, but + uses a much simpler code path. + +config BOOT_SWAP_USING_MOVE + bool "Swap mode that can run without a scratch partition" + help + If y, the swap upgrade is done in two steps, where first every + sector of the primary slot is moved up one sector, then for + each sector X in the secondary slot, it is moved to index X in + the primary slot, then the sector at X+1 in the primary is + moved to index X in the secondary. + This allows a swap upgrade without using a scratch partition, + but is currently limited to all sectors in both slots being of + the same size. + +config BOOT_DIRECT_XIP + bool "Run the latest image directly from its slot" + help + If y, mcuboot selects the newest valid image based on the image version + numbers, thereafter the selected image can run directly from its slot + without having to move/copy it into the primary slot. For this reason the + images must be linked to be executed from the given image slot. Using this + mode results in a simpler code path and smaller code size. + +config BOOT_RAM_LOAD + bool "RAM load" + help + If y, mcuboot selects the newest valid image based on the image version + numbers, thereafter the selected image is copied to RAM and executed from + there. For this reason, the image has to be linked to be executed from RAM. + The address that the image is copied to is specified using the load-addr + argument to the imgtool.py script which writes it to the image header. + +endchoice + +# Workaround for not being able to have commas in macro arguments +DT_CHOSEN_Z_SRAM := zephyr,sram + +if BOOT_RAM_LOAD +config BOOT_IMAGE_EXECUTABLE_RAM_START + hex "Boot image executable ram start" + default $(dt_chosen_reg_addr_hex,$(DT_CHOSEN_Z_SRAM)) + +config BOOT_IMAGE_EXECUTABLE_RAM_SIZE + int "Boot image executable base size" + default $(dt_chosen_reg_size_int,$(DT_CHOSEN_Z_SRAM),0) +endif + +config BOOT_DIRECT_XIP_REVERT + bool "Enable the revert mechanism in direct-xip mode" + depends on BOOT_DIRECT_XIP + default n + help + If y, enables the revert mechanism in direct-xip similar to the one in + swap mode. It requires the trailer magic to be added to the signed image. + When a reboot happens without the image being confirmed at runtime, the + bootloader considers the image faulty and erases it. After this it will + attempt to boot the previous image. The images can also be made permanent + (marked as confirmed in advance) just like in swap mode. + +config BOOT_BOOTSTRAP + bool "Bootstrap erased the primary slot from the secondary slot" + default n + help + If y, enables bootstraping support. Bootstrapping allows an erased + primary slot to be initialized from a valid image in the secondary slot. + If unsure, leave at the default value. + +config BOOT_SWAP_SAVE_ENCTLV + bool "Save encrypted key TLVs instead of plaintext keys in swap metadata" + default n + help + If y, instead of saving the encrypted image keys in plaintext in the + swap resume metadata, save the encrypted image TLVs. This should be used + when there is no security mechanism protecting the data in the primary + slot from being dumped. If n is selected (default), the keys are written + after being decrypted from the image TLVs and could be read by an + attacker who has access to the flash contents of the primary slot (eg + JTAG/SWD or primary slot in external flash). + If unsure, leave at the default value. + +config BOOT_ENCRYPT_IMAGE + bool + help + Hidden option used to check if any image encryption is enabled. + +config BOOT_ENCRYPT_RSA + bool "Support for encrypted upgrade images using RSA" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is RSA-OAEP (2048 bits). + +config BOOT_ENCRYPT_EC256 + bool "Support for encrypted upgrade images using ECIES-P256" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is ECIES using primitives + described under "ECIES-P256 encryption" in docs/encrypted_images.md. + +config BOOT_ENCRYPT_X25519 + bool "Support for encrypted upgrade images using ECIES-X25519" + select BOOT_ENCRYPT_IMAGE + help + If y, images in the secondary slot can be encrypted and are decrypted + on the fly when upgrading to the primary slot, as well as encrypted + back when swapping from the primary slot to the secondary slot. The + encryption mechanism used in this case is ECIES using primitives + described under "ECIES-X25519 encryption" in docs/encrypted_images.md. +endif # !SINGLE_APPLICATION_SLOT + +config BOOT_ENCRYPTION_KEY_FILE + string "encryption key file" + depends on BOOT_ENCRYPT_EC256 || BOOT_SERIAL_ENCRYPT_EC256 + default "enc-ec256-priv.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 + default "" + help + You can use either absolute or relative path. + In case relative path is used, the build system assumes that it starts + from the directory where the MCUBoot KConfig configuration file is + located. If the key file is not there, the build system uses relative + path that starts from the MCUBoot repository root directory. + The key file will be parsed by imgtool's getpriv command and a .c source + with the public key information will be written in a format expected by + MCUboot. + +config BOOT_MAX_IMG_SECTORS + int "Maximum number of sectors per image slot" + default 128 + help + This option controls the maximum number of sectors that each of + the two image areas can contain. Smaller values reduce MCUboot's + memory usage; larger values allow it to support larger images. + If unsure, leave at the default value. + +config MEASURED_BOOT + bool "Store the boot state/measurements in shared memory" + default n + help + If enabled, the bootloader will store certain boot measurements such as + the hash of the firmware image in a shared memory area. This data can + be used later by runtime services (e.g. by a device attestation service). + +config BOOT_SHARE_DATA + bool "Save application specific data in shared memory area" + default n + +choice BOOT_FAULT_INJECTION_HARDENING_PROFILE + prompt "Fault injection hardening profile" + default BOOT_FIH_PROFILE_OFF + +config BOOT_FIH_PROFILE_OFF + bool "No hardening against hardware level fault injection" + help + No hardening in SW against hardware level fault injection: power or + clock glitching, etc. + +config BOOT_FIH_PROFILE_LOW + bool "Moderate level hardening against hardware level fault injection" + help + Moderate level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow. + +config BOOT_FIH_PROFILE_MEDIUM + bool "Medium level hardening against hardware level fault injection" + help + Medium level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption. + +config BOOT_FIH_PROFILE_HIGH + bool "Maximum level hardening against hardware level fault injection" + select MBEDTLS + help + Maximum level hardening: Long global fail loop to avoid break out, + control flow integrity check to discover discrepancy in expected code + flow, double variables to discover register or memory corruption, random + delays to make code execution less predictable. Random delays requires an + entropy source. + +endchoice + +choice BOOT_USB_DFU + prompt "USB DFU" + default BOOT_USB_DFU_NO + +config BOOT_USB_DFU_NO + prompt "Disabled" + +config BOOT_USB_DFU_WAIT + bool "Wait for a prescribed duration to see if USB DFU is invoked" + select USB_DEVICE_STACK + select USB_DFU_CLASS + select IMG_MANAGER + help + If y, MCUboot waits for a prescribed duration of time to allow + for USB DFU to be invoked. Please note DFU always updates the + slot1 image. + +config BOOT_USB_DFU_GPIO + bool "Use GPIO to detect whether to trigger DFU mode" + select USB_DEVICE_STACK + select USB_DFU_CLASS + select IMG_MANAGER + help + If y, MCUboot uses GPIO to detect whether to invoke USB DFU. + +endchoice + +config BOOT_USB_DFU_WAIT_DELAY_MS + int "USB DFU wait duration" + depends on BOOT_USB_DFU_WAIT + default 12000 + help + Milliseconds to wait for USB DFU to be invoked. + +if BOOT_USB_DFU_GPIO + +config BOOT_USB_DFU_DETECT_PORT + string "GPIO device to trigger USB DFU mode (DEPRECATED)" + default GPIO_0 if SOC_FAMILY_NRF + help + Zephyr GPIO device that contains the pin used to trigger + USB DFU. + +config BOOT_USB_DFU_DETECT_PIN + int "Pin to trigger USB DFU mode (DEPRECATED)" + default 6 if BOARD_NRF9160DK_NRF9160 + default 11 if BOARD_NRF52840DK_NRF52840 + default 13 if BOARD_NRF52DK_NRF52832 + default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPP_NS + default 43 if BOARD_BL5340_DVK_CPUAPP || BOARD_BL5340_DVK_CPUAPP_NS + default -1 + help + Pin on the DFU detect port that triggers DFU mode. + +config BOOT_USB_DFU_DETECT_PIN_VAL + int "USB DFU detect pin trigger value (DEPRECATED)" + default 0 + range 0 1 + help + Logic value of the detect pin that triggers USB DFU mode. + +config BOOT_USB_DFU_DETECT_DELAY + int "Serial detect pin detection delay time [ms]" + default 0 + help + Used to prevent the bootloader from loading on button press. + Useful for powering on when using the same button as + the one used to place the device in bootloader mode. + +endif # BOOT_USB_DFU_GPIO + +config ZEPHYR_TRY_MASS_ERASE + bool "Try to mass erase flash when flashing MCUboot image" + default y + help + If y, attempt to configure the Zephyr build system's "flash" + target to mass-erase the flash device before flashing the + MCUboot image. This ensures the scratch and other partitions + are in a consistent state. + + This is not available for all targets. + +config BOOT_USE_BENCH + bool "Enable benchmark code" + default n + help + If y, adds support for simple benchmarking that can record + time intervals between two calls. The time printed depends + on the particular Zephyr target, and is generally ticks of a + specific board-specific timer. + +if MCUBOOT_APP +module = MCUBOOT +module-str = MCUBoot bootloader +source "subsys/logging/Kconfig.template.log_config" +endif + +config MCUBOOT_LOG_THREAD_STACK_SIZE + int "Stack size for the MCUBoot log processing thread" + depends on LOG && !LOG_IMMEDIATE + default 2048 if COVERAGE_GCOV + default 1024 if NO_OPTIMIZATIONS + default 1024 if XTENSA + default 4096 if (X86 && X86_64) + default 4096 if ARM64 + default 768 + help + Set the internal stack size for MCUBoot log processing thread. + +config MCUBOOT_INDICATION_LED + bool "Turns on LED indication when device is in DFU" + default n + help + Device device activates the LED while in bootloader mode. + bootloader-led0 alias must be set in the device's .dts + definitions for this to work. + +rsource "Kconfig.serial_recovery" + +config BOOT_INTR_VEC_RELOC + bool "Relocate the interrupt vector to the application" + default n + depends on SW_VECTOR_RELAY || CPU_CORTEX_M_HAS_VTOR + help + Relocate the interrupt vector to the application before it is started. + Select this option if application requires vector relocation, + but it doesn't relocate vector in its reset handler. + +config UPDATEABLE_IMAGE_NUMBER + int "Number of updateable images" + default 1 + range 1 1 if SINGLE_APPLICATION_SLOT + help + Enables support of multi image update. + +choice BOOT_DOWNGRADE_PREVENTION_CHOICE + prompt "Downgrade prevention" + optional + +config MCUBOOT_DOWNGRADE_PREVENTION + bool "SW based downgrade prevention" + depends on !BOOT_DIRECT_XIP + help + Prevent downgrades by enforcing incrementing version numbers. + When this option is set, any upgrade must have greater major version + or greater minor version with equal major version. This mechanism + only protects against some attacks against version downgrades (for + example, a JTAG could be used to write an older version). + +config MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER + bool "Use image security counter instead of version number" + depends on MCUBOOT_DOWNGRADE_PREVENTION + depends on (BOOT_SWAP_USING_MOVE || BOOT_SWAP_USING_SCRATCH) + help + Security counter is used for version eligibility check instead of pure + version. When this option is set, any upgrade must have greater or + equal security counter value. + Because of the acceptance of equal values it allows for software + downgrades to some extent. + +config MCUBOOT_HW_DOWNGRADE_PREVENTION + bool "HW based downgrade prevention" + help + Prevent undesirable/malicious software downgrades. When this option is + set, any upgrade must have greater or equal security counter value. + Because of the acceptance of equal values it allows for software + downgrade to some extent. + +endchoice + +config BOOT_WATCHDOG_FEED + bool "Feed the watchdog while doing swap" + default y if WATCHDOG + default y if SOC_FAMILY_NRF + # for nRF nrfx based implementation is available + imply NRFX_WDT if SOC_FAMILY_NRF + imply NRFX_WDT0 if SOC_FAMILY_NRF + imply NRFX_WDT1 if SOC_FAMILY_NRF + help + Enables implementation of MCUBOOT_WATCHDOG_FEED() macro which is + used to feed watchdog while doing time consuming operations. + +config BOOT_IMAGE_ACCESS_HOOKS + bool "Enable hooks for overriding MCUboot's native routines" + help + Allow to provide procedures for override or extend native + MCUboot's routines required for access the image data and the image + update. It is up to the project customization to add required source + files to the build. + +config MCUBOOT_ACTION_HOOKS + bool "Enable hooks for responding to MCUboot status changes" + help + This will call a handler when the MCUboot status changes which allows + for some level of user feedback, for instance to change LED status to + indicate a failure, using the callback: + 'void mcuboot_status_change(mcuboot_status_type_t status)' where + 'mcuboot_status_type_t' is listed in + boot/bootutil/include/bootutil/mcuboot_status.h + +endmenu + +config MCUBOOT_DEVICE_SETTINGS + # Hidden selector for device-specific settings + bool "Non-hidden selector for device-specific settings" + default n + # CPU options + select MCUBOOT_DEVICE_CPU_CORTEX_M0 if CPU_CORTEX_M0 + # Enable flash page layout if available + select FLASH_PAGE_LAYOUT if FLASH_HAS_PAGE_LAYOUT + # Enable flash_map module as flash I/O back-end + select FLASH_MAP + +config MCUBOOT_DEVICE_CPU_CORTEX_M0 + # Hidden selector for Cortex-M0 settings + bool + default n + select SW_VECTOR_RELAY if !CPU_CORTEX_M0_HAS_VECTOR_TABLE_REMAP + +comment "Zephyr configuration options" + +# Disabling MULTITHREADING provides a code size advantage, but +# it requires peripheral drivers (particularly a flash driver) +# that works properly with the option enabled. +# +# If you know for sure that your hardware will work, you can default +# it to n here. Otherwise, having it on by default makes the most +# hardware work. + +if MCUBOOT_APP +config MULTITHREADING + default y if BOOT_SERIAL_CDC_ACM #usb driver requires MULTITHREADING + default y if BOOT_USB_DFU_GPIO || BOOT_USB_DFU_WAIT + default n if SOC_FAMILY_NRF + default y +endif + +config LOG_PROCESS_THREAD + default n # mcuboot has its own log processing thread + +# override USB device name +config USB_DEVICE_PRODUCT + default "MCUBOOT" + +config MCUBOOT_VERIFY_IMG_ADDRESS + bool "Verify reset address of image in secondary slot" + depends on UPDATEABLE_IMAGE_NUMBER > 1 + depends on !BOOT_ENCRYPT_IMAGE + depends on ARM + default y if BOOT_UPGRADE_ONLY + help + Verify that the reset address in the image located in the secondary slot + is contained within the corresponding primary slot. This is recommended + if swapping is not used (that is, BOOT_UPGRADE_ONLY is set). If a user + incorrectly uploads an update for image 1 to image 0's secondary slot + MCUboot will overwrite image 0's primary slot with this image even + though it will not boot. If swapping is enabled this will be handled + since the image will not confirm itself. If, however, swapping is not + enabled then the only mitigation is serial recovery. This feature can + also be useful when BOOT_DIRECT_XIP is enabled, to ensure that the image + linked at the correct address is loaded. + +source "modules/Kconfig.mcuboot_bootutil" diff --git a/boot/zephyr/Kconfig.serial_recovery b/zephyr/Kconfig.serial_recovery similarity index 100% rename from boot/zephyr/Kconfig.serial_recovery rename to zephyr/Kconfig.serial_recovery diff --git a/zephyr/module.yml b/zephyr/module.yml index 3a14210070..8bc0dcdcec 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -1,5 +1,11 @@ +# Copyright (c) 2019-2021 Nordic Semiconductor ASA +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + name: mcuboot samples: - boot/zephyr build: cmake: ./boot/bootutil/zephyr + kconfig: ./zephyr/Kconfig From 81be8fd40b2d8143612153998cdbe45c7cee5fd1 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Tue, 11 Oct 2022 16:38:44 -0700 Subject: [PATCH 2/4] Refactor boot/zephyr/CMakeLists.txt for includes The Zephyr build system expects CMakeLists.txt to be only in directories beneath the module-level CMakeLists.txt. The solution most consistent with Zephyr led to putting the subsystem-specific build logic within the `zephyr/` subdirectory. This also led to relocating the `boot/bootutil/zephyr/CMakelists.txt`. It also led to adding an explicit `name:` setting in `module.yml` to ensure files can consistently reference the module independent of where the module is mounted. Created a module-level CMakeLists.txt for extending the include paths to find "mcuboot-mbedtls-cfg.h" within the boot/zephyr component. Incremental verification: 1. (Pass) west build -p always -b nrf52840dk_nrf52840 mcuboot/boot/zephyr/ 2. (Pass) ./zephyr/scripts/twister --testsuite-root mcuboot/boot/zephyr/ 3. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/tfm_integration/psa_crypto/ 4. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/tests/subsys/dfu/ 5. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/subsys/mgmt/mcumgr/smp_svr/ Signed-off-by: Gregory Shue Fixes --- boot/zephyr/CMakeLists.txt | 273 +----------------- zephyr/CMakeLists.txt | 38 +++ zephyr/module.yml | 2 +- zephyr/subsys/CMakeLists.txt | 9 + zephyr/subsys/mcuboot_app/CMakeLists.txt | 234 +++++++++++++++ .../subsys/mcuboot_util}/CMakeLists.txt | 14 +- 6 files changed, 294 insertions(+), 276 deletions(-) create mode 100644 zephyr/CMakeLists.txt create mode 100644 zephyr/subsys/CMakeLists.txt create mode 100644 zephyr/subsys/mcuboot_app/CMakeLists.txt rename {boot/bootutil/zephyr => zephyr/subsys/mcuboot_util}/CMakeLists.txt (67%) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 925d869074..0a16835469 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -1,6 +1,7 @@ # CMakeLists.txt for building mcuboot as a Zephyr project # # Copyright (c) 2017 Open Source Foundries Limited +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 @@ -31,230 +32,10 @@ endmacro() find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(NONE) -# Path to "boot" subdirectory of repository root. -get_filename_component(BOOT_DIR ${APPLICATION_SOURCE_DIR} DIRECTORY) -# Path to top-level repository root directory. -get_filename_component(MCUBOOT_DIR ${BOOT_DIR} DIRECTORY) -# Path to tinycrypt library source subdirectory of MCUBOOT_DIR. -set(TINYCRYPT_DIR "${MCUBOOT_DIR}/ext/tinycrypt/lib") -assert_exists(TINYCRYPT_DIR) -set(TINYCRYPT_SHA512_DIR "${MCUBOOT_DIR}/ext/tinycrypt-sha512/lib") -assert_exists(TINYCRYPT_SHA512_DIR) -# Path to crypto-fiat -set(FIAT_DIR "${MCUBOOT_DIR}/ext/fiat") -assert_exists(FIAT_DIR) -# Path to mbed-tls' asn1 parser library. -set(MBEDTLS_ASN1_DIR "${MCUBOOT_DIR}/ext/mbedtls-asn1") -assert_exists(MBEDTLS_ASN1_DIR) -set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf") - -if(CONFIG_BOOT_USE_NRF_CC310_BL) -set(NRFXLIB_DIR ${ZEPHYR_BASE}/../nrfxlib) -if(NOT EXISTS ${NRFXLIB_DIR}) - message(FATAL_ERROR " - ------------------------------------------------------------------------ - No such file or directory: ${NRFXLIB_DIR} - The current configuration enables nRF CC310 crypto accelerator hardware - with the `CONFIG_BOOT_USE_NRF_CC310_BL` option. Please follow - `ext/nrf/README.md` guide to fix your setup or use tinycrypt instead of - the HW accelerator. - To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. - ------------------------------------------------------------------------") -endif() -# Don't include this if we are using west - add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) -endif() - -zephyr_library_include_directories( - include - targets - ) -if(EXISTS targets/${BOARD}.h) - zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") -endif() - -# Zephyr port-specific sources. -zephyr_library_sources( - main.c - flash_map_extended.c - os.c +target_sources(app PRIVATE keys.c ) -if(DEFINED CONFIG_ENABLE_MGMT_PERUSER) - zephyr_library_sources( - boot_serial_extensions.c - ) -endif() - -if(NOT DEFINED CONFIG_FLASH_PAGE_LAYOUT) - zephyr_library_sources( - flash_map_legacy.c - ) -endif() - -# Generic bootutil sources and includes. -zephyr_library_include_directories(${BOOT_DIR}/bootutil/include) -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/image_validate.c - ${BOOT_DIR}/bootutil/src/tlv.c - ${BOOT_DIR}/bootutil/src/encrypted.c - ${BOOT_DIR}/bootutil/src/image_rsa.c - ${BOOT_DIR}/bootutil/src/image_ec256.c - ${BOOT_DIR}/bootutil/src/image_ed25519.c - ${BOOT_DIR}/bootutil/src/bootutil_misc.c - ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c - ) - -# library which might be common source code for MCUBoot and an application -zephyr_link_libraries(MCUBOOT_BOOTUTIL) - -if(CONFIG_BOOT_FIH_PROFILE_HIGH) -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c - ) -endif() - -if(CONFIG_SINGLE_APPLICATION_SLOT) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/single_loader.c - ) -zephyr_library_include_directories(${BOOT_DIR}/bootutil/src) -else() -zephyr_library_sources( - ${BOOT_DIR}/bootutil/src/loader.c - ${BOOT_DIR}/bootutil/src/swap_misc.c - ${BOOT_DIR}/bootutil/src/swap_scratch.c - ${BOOT_DIR}/bootutil/src/swap_move.c - ${BOOT_DIR}/bootutil/src/caps.c - ) -endif() - -if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) - zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include - ) - zephyr_library_sources( - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c - ) - if(CONFIG_BOOT_USE_TINYCRYPT) - # When using ECDSA signatures, pull in our copy of the tinycrypt library. - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ) - zephyr_include_directories(${TINYCRYPT_DIR}/include) - - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/ecc.c - ${TINYCRYPT_DIR}/source/ecc_dsa.c - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ) - elseif(CONFIG_BOOT_USE_NRF_CC310_BL) - zephyr_library_sources(${NRF_DIR}/cc310_glue.c) - zephyr_library_include_directories(${NRF_DIR}) - zephyr_link_libraries(nrfxlib_crypto) - endif() - - # Since here we are not using Zephyr's mbedTLS but rather our own, we need - # to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this - # variable is set by its Kconfig in the Zephyr codebase. - zephyr_library_compile_definitions( - MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h" - ) -elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE) - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ) - - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ) -elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA) - # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file - # is set using Kconfig.) - zephyr_include_directories(include) - if(CONFIG_BOOT_ENCRYPT_RSA) - set_source_files_properties( - ${BOOT_DIR}/bootutil/src/encrypted.c - PROPERTIES - INCLUDE_DIRECTORIES ${ZEPHYR_MBEDTLS_MODULE_DIR}/library - ) - endif() -elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) - if(CONFIG_BOOT_USE_TINYCRYPT) - zephyr_library_include_directories( - ${MBEDTLS_ASN1_DIR}/include - ${BOOT_DIR}/zephyr/include - ${TINYCRYPT_DIR}/include - ${TINYCRYPT_SHA512_DIR}/include - ) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/sha256.c - ${TINYCRYPT_DIR}/source/utils.c - ${TINYCRYPT_SHA512_DIR}/source/sha512.c - # Additionally pull in just the ASN.1 parser from mbedTLS. - ${MBEDTLS_ASN1_DIR}/src/asn1parse.c - ${MBEDTLS_ASN1_DIR}/src/platform_util.c - ) - zephyr_library_compile_definitions( - MBEDTLS_CONFIG_FILE="${CMAKE_CURRENT_LIST_DIR}/include/mcuboot-mbedtls-cfg.h" - ) - else() - zephyr_include_directories(include) - endif() - - zephyr_library_include_directories( - ${BOOT_DIR}/zephyr/include - ${FIAT_DIR}/include/ - ) - - zephyr_library_sources( - ${FIAT_DIR}/src/curve25519.c - ) -endif() - -if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/aes_encrypt.c - ${TINYCRYPT_DIR}/source/aes_decrypt.c - ${TINYCRYPT_DIR}/source/ctr_mode.c - ${TINYCRYPT_DIR}/source/hmac.c - ${TINYCRYPT_DIR}/source/ecc_dh.c - ) -endif() - -if(CONFIG_BOOT_ENCRYPT_EC256) - zephyr_library_sources( - ${TINYCRYPT_DIR}/source/ecc_dh.c - ) -endif() - -if(CONFIG_MCUBOOT_SERIAL) - zephyr_sources(${BOOT_DIR}/zephyr/serial_adapter.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/boot_serial.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/serial_recovery_cbor.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_decode.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_encode.c) - zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_common.c) - - zephyr_sources_ifdef(CONFIG_BOOT_MGMT_ECHO ${BOOT_DIR}/boot_serial/src/serial_recovery_echo.c) - - zephyr_include_directories(${BOOT_DIR}/bootutil/include) - zephyr_include_directories(${BOOT_DIR}/boot_serial/include) - zephyr_include_directories(include) - - zephyr_include_directories_ifdef( - CONFIG_BOOT_ERASE_PROGRESSIVELY - ${BOOT_DIR}/bootutil/src - ) -endif() - if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") # CONF_FILE points to the KConfig configuration files of the bootloader. foreach (filepath ${CONF_FILE}) @@ -275,7 +56,7 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") (EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) else() - set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + set(KEY_FILE ${ZEPHYR_MCUBOOT_MODULE_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) endif() message("MCUBoot bootloader key file: ${KEY_FILE}") @@ -284,7 +65,7 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") OUTPUT ${GENERATED_PUBKEY} COMMAND ${PYTHON_EXECUTABLE} - ${MCUBOOT_DIR}/scripts/imgtool.py + ${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py getpub -k ${KEY_FILE} @@ -293,49 +74,3 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") ) zephyr_library_sources(${GENERATED_PUBKEY}) endif() - -if(CONFIG_BOOT_ENCRYPTION_KEY_FILE AND NOT CONFIG_BOOT_ENCRYPTION_KEY_FILE STREQUAL "") - # CONF_FILE points to the KConfig configuration files of the bootloader. - unset(CONF_DIR) - foreach(filepath ${CONF_FILE}) - file(READ ${filepath} temp_text) - string(FIND "${temp_text}" ${CONFIG_BOOT_ENCRYPTION_KEY_FILE} match) - if(${match} GREATER_EQUAL 0) - if(NOT DEFINED CONF_DIR) - get_filename_component(CONF_DIR ${filepath} DIRECTORY) - else() - message(FATAL_ERROR "Encryption key file defined in multiple conf files") - endif() - endif() - endforeach() - - if(IS_ABSOLUTE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - set(KEY_FILE ${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - elseif((DEFINED CONF_DIR) AND - (EXISTS ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE})) - set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - else() - set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_ENCRYPTION_KEY_FILE}) - endif() - message("MCUBoot bootloader encryption key file: ${KEY_FILE}") - - set(GENERATED_ENCKEY ${ZEPHYR_BINARY_DIR}/autogen-enckey.c) - add_custom_command( - OUTPUT ${GENERATED_ENCKEY} - COMMAND - ${PYTHON_EXECUTABLE} - ${MCUBOOT_DIR}/scripts/imgtool.py - getpriv - -k - ${KEY_FILE} - > ${GENERATED_ENCKEY} - DEPENDS ${KEY_FILE} - ) - zephyr_library_sources(${GENERATED_ENCKEY}) -endif() - -if(CONFIG_MCUBOOT_CLEANUP_ARM_CORE) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/arm_cleanup.c -) -endif() diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt new file mode 100644 index 0000000000..9cb70c5bbd --- /dev/null +++ b/zephyr/CMakeLists.txt @@ -0,0 +1,38 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) + + +# Detect the platform reliably +if(NOT ZEPHYR_BASE) + message(FATAL_ERROR "ZEPHYR_BASE needs to be defined for Zephyr builds") +endif() + +# Verify the module name is set correctly +set(expected_module_name "mcuboot") +if(NOT "${module_name}" STREQUAL ${expected_module_name}) + message(FATAL_ERROR " + ------------------------------------------------------------------------ + A module configuration error has occurred. + + This module is named '${module_name}' when '${expected_module_name}' is expected. + Verify `module.yml` contains the line 'name: ${expected_module_name}'. + ------------------------------------------------------------------------") +endif() +unset(expected_module_name) + +# Do not allow in source builds +set(CMAKE_DISABLE_SOURCE_CHANGES ON) +set(CMAKE_DISABLE_IN_SOURCE_BUILD ON) + + +# +# Module options managed through Kconfig and use names CONFIG_* +# + +zephyr_include_directories(../boot/zephyr/include) + +add_subdirectory(subsys) diff --git a/zephyr/module.yml b/zephyr/module.yml index 8bc0dcdcec..222bc49d61 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -7,5 +7,5 @@ name: mcuboot samples: - boot/zephyr build: - cmake: ./boot/bootutil/zephyr + cmake: ./zephyr kconfig: ./zephyr/Kconfig diff --git a/zephyr/subsys/CMakeLists.txt b/zephyr/subsys/CMakeLists.txt new file mode 100644 index 0000000000..c3d5673a87 --- /dev/null +++ b/zephyr/subsys/CMakeLists.txt @@ -0,0 +1,9 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + + +cmake_minimum_required(VERSION 3.10 FATAL_ERROR) + +add_subdirectory_ifdef(CONFIG_MCUBOOT_BOOTUTIL_LIB mcuboot_util) +add_subdirectory_ifdef(CONFIG_MCUBOOT_APP mcuboot_app) diff --git a/zephyr/subsys/mcuboot_app/CMakeLists.txt b/zephyr/subsys/mcuboot_app/CMakeLists.txt new file mode 100644 index 0000000000..922188c15e --- /dev/null +++ b/zephyr/subsys/mcuboot_app/CMakeLists.txt @@ -0,0 +1,234 @@ +# CMakeLists.txt for building mcuboot as a Zephyr project +# +# Copyright (c) 2017 Open Source Foundries Limited +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +cmake_minimum_required(VERSION 3.13.1) + +# Path to "boot" subdirectory of repository root. +set(BOOT_DIR ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot) +# Path to top-level repository root directory. +set(MCUBOOT_DIR ${ZEPHYR_MCUBOOT_MODULE_DIR}) +# Path to tinycrypt library source subdirectory of MCUBOOT_DIR. +set(TINYCRYPT_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt/lib") +assert_exists(TINYCRYPT_DIR) +set(TINYCRYPT_SHA512_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt-sha512/lib") +assert_exists(TINYCRYPT_SHA512_DIR) +# Path to crypto-fiat +set(FIAT_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/fiat") +assert_exists(FIAT_DIR) +# Path to mbed-tls' asn1 parser library. +set(MBEDTLS_ASN1_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/mbedtls-asn1") +assert_exists(MBEDTLS_ASN1_DIR) +set(NRF_DIR "${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/nrf") + +if(CONFIG_BOOT_USE_NRF_CC310_BL) +set(NRFXLIB_DIR ${ZEPHYR_NRFXLIB_MODULE_DIR}) +if(NOT EXISTS ${NRFXLIB_DIR}) + message(FATAL_ERROR " + ------------------------------------------------------------------------ + No such file or directory: ${NRFXLIB_DIR} + The current configuration enables nRF CC310 crypto accelerator hardware + with the `CONFIG_BOOT_USE_NRF_CC310_BL` option. Please follow + `ext/nrf/README.md` guide to fix your setup or use tinycrypt instead of + the HW accelerator. + To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. + ------------------------------------------------------------------------") +endif() +# Don't include this if we are using west + add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) +endif() + +zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + targets + ) +if(EXISTS targets/${BOARD}.h) + zephyr_library_compile_definitions(MCUBOOT_TARGET_CONFIG="${BOARD}.h") +endif() + +# Zephyr port-specific sources. +zephyr_library_sources( + ${BOOT_DIR}/zephyr/main.c + ${BOOT_DIR}/zephyr/flash_map_extended.c + ${BOOT_DIR}/zephyr/os.c + ) + +if(DEFINED CONFIG_ENABLE_MGMT_PERUSER) + zephyr_library_sources( + ${BOOT_DIR}/zephyr/boot_serial_extensions.c + ) +endif() + +if(NOT DEFINED CONFIG_FLASH_PAGE_LAYOUT) + zephyr_library_sources( + ${BOOT_DIR}/zephyr/flash_map_legacy.c + ) +endif() + +# Generic bootutil sources and includes. +zephyr_library_include_directories(${BOOT_DIR}/bootutil/include) +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/image_validate.c + ${BOOT_DIR}/bootutil/src/tlv.c + ${BOOT_DIR}/bootutil/src/encrypted.c + ${BOOT_DIR}/bootutil/src/image_rsa.c + ${BOOT_DIR}/bootutil/src/image_ec256.c + ${BOOT_DIR}/bootutil/src/image_ed25519.c + ${BOOT_DIR}/bootutil/src/bootutil_misc.c + ${BOOT_DIR}/bootutil/src/fault_injection_hardening.c + ) + +if(CONFIG_BOOT_FIH_PROFILE_HIGH) +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c + ) +endif() + +if(CONFIG_SINGLE_APPLICATION_SLOT) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/single_loader.c + ) +zephyr_library_include_directories(${BOOT_DIR}/bootutil/src) +else() +zephyr_library_sources( + ${BOOT_DIR}/bootutil/src/loader.c + ${BOOT_DIR}/bootutil/src/swap_misc.c + ${BOOT_DIR}/bootutil/src/swap_scratch.c + ${BOOT_DIR}/bootutil/src/swap_move.c + ${BOOT_DIR}/bootutil/src/caps.c + ) +endif() + +if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include + ) + zephyr_library_sources( + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c + ) + if(CONFIG_BOOT_USE_TINYCRYPT) + # When using ECDSA signatures, pull in our copy of the tinycrypt library. + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ) + zephyr_include_directories(${TINYCRYPT_DIR}/include) + + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/ecc.c + ${TINYCRYPT_DIR}/source/ecc_dsa.c + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ) + elseif(CONFIG_BOOT_USE_NRF_CC310_BL) + zephyr_library_sources(${NRF_DIR}/cc310_glue.c) + zephyr_library_include_directories(${NRF_DIR}) + zephyr_link_libraries(nrfxlib_crypto) + endif() + + # Since here we are not using Zephyr's mbedTLS but rather our own, we need + # to set MBEDTLS_CONFIG_FILE ourselves. When using Zephyr's copy, this + # variable is set by its Kconfig in the Zephyr codebase. + zephyr_library_compile_definitions( + MBEDTLS_CONFIG_FILE="${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include/mcuboot-mbedtls-cfg.h" + ) +elseif(CONFIG_BOOT_SIGNATURE_TYPE_NONE) + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ) + + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ) +elseif(CONFIG_BOOT_SIGNATURE_TYPE_RSA) + # Use mbedTLS provided by Zephyr for RSA signatures. (Its config file + # is set using Kconfig.) + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + if(CONFIG_BOOT_ENCRYPT_RSA) + set_source_files_properties( + ${BOOT_DIR}/bootutil/src/encrypted.c + PROPERTIES + INCLUDE_DIRECTORIES ${ZEPHYR_MBEDTLS_MODULE_DIR}/library + ) + endif() +elseif(CONFIG_BOOT_SIGNATURE_TYPE_ED25519 OR CONFIG_BOOT_ENCRYPT_X25519) + if(CONFIG_BOOT_USE_TINYCRYPT) + zephyr_library_include_directories( + ${MBEDTLS_ASN1_DIR}/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${TINYCRYPT_DIR}/include + ${TINYCRYPT_SHA512_DIR}/include + ) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/sha256.c + ${TINYCRYPT_DIR}/source/utils.c + ${TINYCRYPT_SHA512_DIR}/source/sha512.c + # Additionally pull in just the ASN.1 parser from mbedTLS. + ${MBEDTLS_ASN1_DIR}/src/asn1parse.c + ${MBEDTLS_ASN1_DIR}/src/platform_util.c + ) + zephyr_library_compile_definitions( + MBEDTLS_CONFIG_FILE="${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include/mcuboot-mbedtls-cfg.h" + ) + else() + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + endif() + + zephyr_library_include_directories( + ${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include + ${FIAT_DIR}/include/ + ) + + zephyr_library_sources( + ${FIAT_DIR}/src/curve25519.c + ) +endif() + +if(CONFIG_BOOT_ENCRYPT_EC256 OR CONFIG_BOOT_ENCRYPT_X25519 OR CONFIG_BOOT_SERIAL_ENCRYPT_EC256) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/aes_encrypt.c + ${TINYCRYPT_DIR}/source/aes_decrypt.c + ${TINYCRYPT_DIR}/source/ctr_mode.c + ${TINYCRYPT_DIR}/source/hmac.c + ${TINYCRYPT_DIR}/source/ecc_dh.c + ) +endif() + +if(CONFIG_BOOT_ENCRYPT_EC256) + zephyr_library_sources( + ${TINYCRYPT_DIR}/source/ecc_dh.c + ) +endif() + +if(CONFIG_MCUBOOT_SERIAL) + zephyr_sources(${BOOT_DIR}/zephyr/serial_adapter.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/boot_serial.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/serial_recovery_cbor.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_decode.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_encode.c) + zephyr_sources(${BOOT_DIR}/boot_serial/src/zcbor_common.c) + + zephyr_sources_ifdef(CONFIG_BOOT_MGMT_ECHO ${BOOT_DIR}/boot_serial/src/serial_recovery_echo.c) + + zephyr_include_directories(${BOOT_DIR}/bootutil/include) + zephyr_include_directories(${BOOT_DIR}/boot_serial/include) + zephyr_include_directories(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/include) + + zephyr_include_directories_ifdef( + CONFIG_BOOT_ERASE_PROGRESSIVELY + ${BOOT_DIR}/bootutil/src + ) +endif() + +if(CONFIG_MCUBOOT_CLEANUP_ARM_CORE) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/arm_cleanup.c +) +endif() diff --git a/boot/bootutil/zephyr/CMakeLists.txt b/zephyr/subsys/mcuboot_util/CMakeLists.txt similarity index 67% rename from boot/bootutil/zephyr/CMakeLists.txt rename to zephyr/subsys/mcuboot_util/CMakeLists.txt index 72a6a8638f..8ea31ba4a2 100644 --- a/boot/bootutil/zephyr/CMakeLists.txt +++ b/zephyr/subsys/mcuboot_util/CMakeLists.txt @@ -1,20 +1,22 @@ # Copyright (c) 2020 Nordic Semiconductor ASA +# Copyright (c) 2022 Legrand North America, LLC. # # SPDX-License-Identifier: Apache-2.0 + if(CONFIG_MCUBOOT_BOOTUTIL_LIB) zephyr_interface_library_named(MCUBOOT_BOOTUTIL) -target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../ - ../include - ../../zephyr/include +zephyr_include_directories(MCUBOOT_BOOTUTIL INTERFACE + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil/ + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/zephyr/include ) zephyr_library_named(mcuboot_util) zephyr_library_sources( - ../src/bootutil_public.c + ${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/bootutil/src/bootutil_public.c ) # Sensitivity to the TEST_BOOT_IMAGE_ACCESS_HOOKS define is implemented for @@ -30,7 +32,7 @@ target_link_libraries(MCUBOOT_BOOTUTIL INTERFACE zephyr_interface) if(CONFIG_BOOT_USE_TINYCRYPT) target_include_directories(MCUBOOT_BOOTUTIL INTERFACE - ../../../ext/tinycrypt/lib/include + ${ZEPHYR_MCUBOOT_MODULE_DIR}/ext/tinycrypt/lib/include ) endif() From ebca6cdd8236aeb913e588e75a929738a97b9294 Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Tue, 25 Oct 2022 13:57:42 -0700 Subject: [PATCH 3/4] Refactor mcuboot build fragments for reuse Extract reusable portions of boot/zephyr for use in other mcuboot builds: - mcuboot signature key file generation build logic - mcuboot zephyr runner mass erase hooks Verification: 1. (Pass) west build -p always -b nrf52840dk_nrf52840 mcuboot/boot/zephyr/ 2. (Pass) ./zephyr/scripts/twister --testsuite-root mcuboot/boot/zephyr/ 3. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/tfm_integration/psa_crypto/ 4. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/tests/subsys/dfu/ 5. (Pass) ./zephyr/scripts/twister --testsuite-root zephyr/samples/subsys/mgmt/mcumgr/smp_svr/ Signed-off-by: Gregory Shue --- boot/zephyr/CMakeLists.txt | 61 ++----------------- ...cuboot_signature_key_file_generation.cmake | 49 +++++++++++++++ .../mcuboot_zephyr_runner_mass_erase.cmake | 23 +++++++ 3 files changed, 76 insertions(+), 57 deletions(-) create mode 100644 zephyr/cmake/mcuboot_signature_key_file_generation.cmake create mode 100644 zephyr/cmake/mcuboot_zephyr_runner_mass_erase.cmake diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 0a16835469..76ba148be1 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -7,25 +7,9 @@ cmake_minimum_required(VERSION 3.13.1) -# Enable Zephyr runner options which request mass erase if so -# configured. -# -# Note that this also disables the default "leave" option when -# targeting STM32 DfuSe devices with dfu-util, making the chip stay in -# the bootloader after flashing. -# -# That's the right thing, because mcuboot has nothing to do since the -# chip was just erased. The next thing the user is going to want to do -# is flash the application. (Developers can reset DfuSE devices -# manually to test mcuboot behavior on an otherwise erased flash -# device.) -macro(app_set_runner_args) - if(CONFIG_ZEPHYR_TRY_MASS_ERASE) - board_runner_args(dfu-util "--dfuse-modifiers=force:mass-erase") - board_runner_args(pyocd "--flash-opt=-e=chip") - board_runner_args(nrfjprog "--erase") - endif() -endmacro() +# NOTE: ${ZEPHYR_MCUBOOT_MODULE_DIR} requires delayed evaluation, +# as it has not yet been defined. Relative paths must be used at this point. +include(${CMAKE_CURRENT_LIST_DIR}/../../zephyr/cmake/mcuboot_zephyr_runner_mass_erase.cmake) # find_package(Zephyr) in order to load application boilerplate: # http://docs.zephyrproject.org/application/application.html @@ -36,41 +20,4 @@ target_sources(app PRIVATE keys.c ) -if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") - # CONF_FILE points to the KConfig configuration files of the bootloader. - foreach (filepath ${CONF_FILE}) - file(READ ${filepath} temp_text) - string(FIND "${temp_text}" ${CONFIG_BOOT_SIGNATURE_KEY_FILE} match) - if (${match} GREATER_EQUAL 0) - if (NOT DEFINED CONF_DIR) - get_filename_component(CONF_DIR ${filepath} DIRECTORY) - else() - message(FATAL_ERROR "Signature key file defined in multiple conf files") - endif() - endif() - endforeach() - - if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - elseif((DEFINED CONF_DIR) AND - (EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) - set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - else() - set(KEY_FILE ${ZEPHYR_MCUBOOT_MODULE_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - endif() - message("MCUBoot bootloader key file: ${KEY_FILE}") - - set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) - add_custom_command( - OUTPUT ${GENERATED_PUBKEY} - COMMAND - ${PYTHON_EXECUTABLE} - ${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py - getpub - -k - ${KEY_FILE} - > ${GENERATED_PUBKEY} - DEPENDS ${KEY_FILE} - ) - zephyr_library_sources(${GENERATED_PUBKEY}) -endif() +include(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/cmake/mcuboot_signature_key_file_generation.cmake) diff --git a/zephyr/cmake/mcuboot_signature_key_file_generation.cmake b/zephyr/cmake/mcuboot_signature_key_file_generation.cmake new file mode 100644 index 0000000000..fb474170a5 --- /dev/null +++ b/zephyr/cmake/mcuboot_signature_key_file_generation.cmake @@ -0,0 +1,49 @@ +# Copyright (c) 2017 Open Source Foundaries Limited +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +#cmake_minimum_required(VERSION 3.20.0) + +# This is a MCUBoot-specific fragment for top-level CMakeLists.txt files. +# Sourcing this file brings in reusable logic to generate the public key file. + +if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") + # CONF_FILE points to the KConfig configuration files of the bootloader. + foreach (mcuboot_filepath ${CONF_FILE}) + string(CONFIGURE "${mcuboot_filepath}" mcuboot_filepath_expanded) + file(READ ${mcuboot_filepath_expanded} temp_text) + string(FIND "${temp_text}" ${CONFIG_BOOT_SIGNATURE_KEY_FILE} match) + if (${match} GREATER_EQUAL 0) + if (NOT DEFINED mcuboot_signature_file_dir) + get_filename_component(mcuboot_signature_file_dir ${mcuboot_filepath_expanded} DIRECTORY) + else() + message(FATAL_ERROR "Signature key file defined in multiple conf files") + endif() + endif() + endforeach() + + if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + elseif((DEFINED mcuboot_signature_file_dir) AND + (EXISTS ${mcuboot_signature_file_dir}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) + set(KEY_FILE ${mcuboot_signature_file_dir}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + else() + set(KEY_FILE ${ZEPHYR_MCUBOOT_MODULE_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + endif() + message("MCUBoot bootloader key file: ${KEY_FILE}") + + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) + add_custom_command( + OUTPUT ${GENERATED_PUBKEY} + COMMAND + ${PYTHON_EXECUTABLE} + ${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/imgtool.py + getpub + -k + ${KEY_FILE} + > ${GENERATED_PUBKEY} + DEPENDS ${KEY_FILE} + ) + zephyr_library_sources(${GENERATED_PUBKEY}) +endif() diff --git a/zephyr/cmake/mcuboot_zephyr_runner_mass_erase.cmake b/zephyr/cmake/mcuboot_zephyr_runner_mass_erase.cmake new file mode 100644 index 0000000000..7338638414 --- /dev/null +++ b/zephyr/cmake/mcuboot_zephyr_runner_mass_erase.cmake @@ -0,0 +1,23 @@ +# Copyright (c) 2017 Open Source Foundaries Limited +# +# SPDX-License-Identifier: Apache-2.0 + +# Enable Zephyr runner options which request mass erase if so +# configured. +# +# Note that this also disables the default "leave" option when +# targeting STM32 DfuSe devices with dfu-util, making the chip stay in +# the bootloader after flashing. +# +# That's the right thing, because mcuboot has nothing to do since the +# chip was just erased. The next thing the user is going to want to do +# is flash the application. (Developers can reset DfuSE devices +# manually to test mcuboot behavior on an otherwise erased flash +# device.) +macro(app_set_runner_args) + if(CONFIG_ZEPHYR_TRY_MASS_ERASE) + board_runner_args(dfu-util "--dfuse-modifiers=force:mass-erase") + board_runner_args(pyocd "--flash-opt=-e=chip") + board_runner_args(nrfjprog "--erase") + endif() +endmacro() From e0afbd11792d72f96f775a340c5a776243f9339c Mon Sep 17 00:00:00 2001 From: Gregory Shue Date: Tue, 11 Oct 2022 15:17:20 -0700 Subject: [PATCH 4/4] New sample: mcuboot_external_config Created a sample of how to configure MCUBoot build from an external repository. This sample provides no `main()` definition and reuses all logic from MCUBoot and other repositories. The functionality matches the existing functionality of mcuboot/boot/zephyr. The sample is located within `$mcuboot/zephyr/samples/modules/mcuboot/` so that the directory path matches that used in Zephyr for samples of external modules. The directory name `mcuboot_external_config` intentionally begins with the module name to help avoid futures conflict with samples that may be defined in other repositories. Together, this pattern supports easy integration of this sample documentation with sample documentation in Zephyr. NOTE: This commit required copying board and .conf files from mcuboot/boot/zephyr because the _current_ zephyr build system (about v3.2.0) does not fully support using APPLICATION_CONFIG_DIR with a list of files/directories in CONF_FILE and with boards/ beneath those settings. When APPLICATION_CONF_DIR was set to reference mcuboot/boot/zephyr/ and CONF_FILE referenced APPLICATION_CONFIG_DIR then here, the boot config did not pick up a board-specific configuration setting from APPLICATION_CONFIG_DIR, resulting in FLASH going from ~40000 to ~45000 bytes. This is captured in Zephyr Issue #51621. Verification: 1. (Pass) west build -p always -b nrf52840dk_nrf52840 \ mcuboot/zephyr/samples/modules/mcuboot/mcuboot_external_config/ 2. (Pass) ./zephyr/scripts/twister --testsuite-root mcuboot/zephyr/samples/ Fixes #1410 Signed-off-by: Gregory Shue --- zephyr/module.yml | 1 + .../mcuboot_external_config/CMakeLists.txt | 19 ++ .../mcuboot_external_config/README.rst | 30 +++ .../mcuboot_external_config/app.overlay | 5 + .../boards/actinius_icarus.conf | 8 + .../boards/bl5340_dvk_cpuapp.conf | 6 + .../boards/circuitdojo_feather_nrf9160.conf | 16 ++ .../boards/conexio_stratus.conf | 21 ++ .../boards/disco_l475_iot1.conf | 2 + .../boards/flash_sim_driver.conf | 2 + .../boards/frdm_k64f.conf | 1 + .../boards/intel_s1000_crb.conf | 4 + .../boards/intel_s1000_crb.overlay | 13 ++ .../boards/mimxrt1020_evk.conf | 4 + .../boards/mimxrt1024_evk.conf | 4 + .../boards/mimxrt1050_evk_qspi.conf | 5 + .../boards/mimxrt1060_evk.conf | 5 + .../boards/mimxrt1060_evkb.conf | 5 + .../boards/mimxrt1064_evk.conf | 4 + .../boards/mimxrt1160_evk_cm7.conf | 7 + .../boards/mimxrt1170_evk_cm7.conf | 7 + .../boards/mimxrt685_evk_cm33.conf | 4 + .../boards/nrf51dk_nrf51422.conf | 6 + .../boards/nrf52840_big.overlay | 36 +++ .../boards/nrf52840_single_slot.overlay | 26 +++ .../nrf52840dk_hooks_sample_overlay.conf | 6 + .../boards/nrf52840dk_nrf52840.conf | 2 + .../boards/nrf52840dk_qspi_nor.conf | 3 + .../nrf52840dk_qspi_nor_secondary.overlay | 36 +++ .../nrf52840dk_qspi_secondary_boot.conf | 2 + .../boards/nrf52840dk_ram.overlay | 54 +++++ .../boards/nrf52840dk_ram_multi.overlay | 62 ++++++ .../boards/nrf52840dongle_nrf52840.conf | 31 +++ .../boards/nrf52_minimal_footprint.conf | 65 ++++++ .../boards/pinnacle_100_dvk.conf | 6 + .../boards/sparkfun_thing_plus_nrf9160.conf | 16 ++ .../boards/thingy53_nrf5340_cpuapp.conf | 72 ++++++ .../boards/tlsr9518adk80d.conf | 4 + .../mcuboot_external_config/hooks_sample.c | 95 ++++++++ .../mcuboot/mcuboot_external_config/keys.c | 209 ++++++++++++++++++ .../nrf52840dk_nrf52840_cc310_ecdsa.conf | 2 + .../mcuboot/mcuboot_external_config/prj.conf | 46 ++++ .../mcuboot_external_config/ram_load.conf | 6 + .../mcuboot_external_config/sample.yaml | 62 ++++++ .../serial_recovery.conf | 3 + .../mcuboot_external_config/single_slot.conf | 1 + .../usb_cdc_acm.overlay | 5 + .../usb_cdc_acm_log_recovery.conf | 16 ++ 48 files changed, 1045 insertions(+) create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/CMakeLists.txt create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/README.rst create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/app.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/actinius_icarus.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/bl5340_dvk_cpuapp.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/circuitdojo_feather_nrf9160.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/conexio_stratus.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/disco_l475_iot1.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/flash_sim_driver.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/frdm_k64f.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1020_evk.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1024_evk.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1050_evk_qspi.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evk.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evkb.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1064_evk.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1160_evk_cm7.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1170_evk_cm7.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt685_evk_cm33.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf51dk_nrf51422.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_big.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_single_slot.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_hooks_sample_overlay.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_nrf52840.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor_secondary.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_secondary_boot.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram_multi.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dongle_nrf52840.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52_minimal_footprint.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/pinnacle_100_dvk.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/sparkfun_thing_plus_nrf9160.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/thingy53_nrf5340_cpuapp.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/tlsr9518adk80d.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/hooks_sample.c create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/keys.c create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/nrf52840dk_nrf52840_cc310_ecdsa.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/prj.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/ram_load.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/sample.yaml create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/serial_recovery.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/single_slot.conf create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm.overlay create mode 100644 zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm_log_recovery.conf diff --git a/zephyr/module.yml b/zephyr/module.yml index 222bc49d61..e2372e2d4b 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -6,6 +6,7 @@ name: mcuboot samples: - boot/zephyr + - zephyr/samples build: cmake: ./zephyr kconfig: ./zephyr/Kconfig diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/CMakeLists.txt b/zephyr/samples/modules/mcuboot/mcuboot_external_config/CMakeLists.txt new file mode 100644 index 0000000000..9403096b1f --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/CMakeLists.txt @@ -0,0 +1,19 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# SPDX-License-Identifier: Apache-2.0 + +cmake_minimum_required(VERSION 3.20.0) + +# NOTE: ${ZEPHYR_MCUBOOT_MODULE_DIR} requires delayed evaluation, +# as it has not yet been defined. Relative paths must be used at this point. +include(${CMAKE_CURRENT_LIST_DIR}/../../../../cmake/mcuboot_zephyr_runner_mass_erase.cmake) + +# find_package(Zephyr) in order to load application boilerplate: +# http://docs.zephyrproject.org/application/application.html +find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) +project(mcuboot_exernal_config) + +target_sources(app PRIVATE + keys.c + ) + +include(${ZEPHYR_MCUBOOT_MODULE_DIR}/zephyr/cmake/mcuboot_signature_key_file_generation.cmake) diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/README.rst b/zephyr/samples/modules/mcuboot/mcuboot_external_config/README.rst new file mode 100644 index 0000000000..c9eb40cadb --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/README.rst @@ -0,0 +1,30 @@ +.. _mcuboot_external_config: + +MCUBoot External Config +####################### + +Overview +******** + +A simple sample illustrating how to configure from a different module +an MCUBoot image, using local keys and certificates. + +NOTE: This references ``${ZEPHYR_MCUBOOT_MODULE_DIR}/boot/zephyr`` +for most configuration files for the verified set of boards. Other +board configuration files will need to be provided locally. + +Building and Running +******************** + +This application can be built and executed on QEMU as follows: + +.. code-block:: console + + west build -b nrf52840dk_nrf52840 \ + bootloader/mcuboot/samples/modules/mcuboot/mcuboot_external_config + + +Sample Output +============= + +None. diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/app.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/app.overlay new file mode 100644 index 0000000000..74d3dfbfd2 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/app.overlay @@ -0,0 +1,5 @@ +/ { + chosen { + zephyr,code-partition = &boot_partition; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/actinius_icarus.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/actinius_icarus.conf new file mode 100644 index 0000000000..ae2fa1e428 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/actinius_icarus.conf @@ -0,0 +1,8 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/bl5340_dvk_cpuapp.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/bl5340_dvk_cpuapp.conf new file mode 100644 index 0000000000..00a8dfb461 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/bl5340_dvk_cpuapp.conf @@ -0,0 +1,6 @@ +CONFIG_MULTITHREADING=y +# Enable QSPI (MX25R64) - Slot 1 in QSPI +CONFIG_NORDIC_QSPI_NOR=y +CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 +CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=4 +CONFIG_BOOT_MAX_IMG_SECTORS=256 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/circuitdojo_feather_nrf9160.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/circuitdojo_feather_nrf9160.conf new file mode 100644 index 0000000000..656239c81d --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/circuitdojo_feather_nrf9160.conf @@ -0,0 +1,16 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n + +# Multithreading +CONFIG_MULTITHREADING=y + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_DETECT_DELAY=450 +CONFIG_MCUBOOT_INDICATION_LED=y + +# Size of mcuboot partition +CONFIG_SIZE_OPTIMIZATIONS=y \ No newline at end of file diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/conexio_stratus.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/conexio_stratus.conf new file mode 100644 index 0000000000..6bc5f8cd0c --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/conexio_stratus.conf @@ -0,0 +1,21 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n + +# Multithreading +CONFIG_MULTITHREADING=y + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_0" +CONFIG_BOOT_SERIAL_DETECT_PIN=12 +CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 +CONFIG_BOOT_SERIAL_DETECT_DELAY=450 +CONFIG_MCUBOOT_INDICATION_LED=y + +# Size of mcuboot partition +CONFIG_SIZE_OPTIMIZATIONS=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/disco_l475_iot1.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/disco_l475_iot1.conf new file mode 100644 index 0000000000..cbf3886be3 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/disco_l475_iot1.conf @@ -0,0 +1,2 @@ +CONFIG_BOOT_MAX_IMG_SECTORS=256 +CONFIG_WATCHDOG=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/flash_sim_driver.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/flash_sim_driver.conf new file mode 100644 index 0000000000..7e5e58eca3 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/flash_sim_driver.conf @@ -0,0 +1,2 @@ +CONFIG_FLASH_SIMULATOR=y +CONFIG_FLASH_SIMULATOR_UNALIGNED_READ=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/frdm_k64f.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/frdm_k64f.conf new file mode 100644 index 0000000000..80e211dced --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/frdm_k64f.conf @@ -0,0 +1 @@ +CONFIG_WATCHDOG=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.conf new file mode 100644 index 0000000000..ab2bfd6922 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.conf @@ -0,0 +1,4 @@ +CONFIG_DEBUG=n +CONFIG_I2C=n +CONFIG_BOOT_MAX_IMG_SECTORS=512 +CONFIG_BOOT_WAIT_FOR_USB_DFU=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.overlay new file mode 100644 index 0000000000..61f0d436c9 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/intel_s1000_crb.overlay @@ -0,0 +1,13 @@ +/* + * Copyright (c) 2018 Intel Corporation + * + * SPDX-License-Identifier: Apache-2.0 + */ +/ { + sram0: memory@be000000 { + device_type = "memory"; + compatible = "mmio-sram"; + reg = <0xbe000000 0x30000>; + }; +}; + diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1020_evk.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1020_evk.conf new file mode 100644 index 0000000000..37ed5f87d4 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1020_evk.conf @@ -0,0 +1,4 @@ +# Copyright 2021 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1024_evk.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1024_evk.conf new file mode 100644 index 0000000000..22e3320cbb --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1024_evk.conf @@ -0,0 +1,4 @@ +# Copyright (c) 2021 Prevas A/S +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=512 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1050_evk_qspi.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1050_evk_qspi.conf new file mode 100644 index 0000000000..7850953a39 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1050_evk_qspi.conf @@ -0,0 +1,5 @@ +# Copyright 2021-2022 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 +CONFIG_BOOT_ERASE_PROGRESSIVELY=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evk.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evk.conf new file mode 100644 index 0000000000..7850953a39 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evk.conf @@ -0,0 +1,5 @@ +# Copyright 2021-2022 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 +CONFIG_BOOT_ERASE_PROGRESSIVELY=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evkb.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evkb.conf new file mode 100644 index 0000000000..7850953a39 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1060_evkb.conf @@ -0,0 +1,5 @@ +# Copyright 2021-2022 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 +CONFIG_BOOT_ERASE_PROGRESSIVELY=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1064_evk.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1064_evk.conf new file mode 100644 index 0000000000..1c50bc9f6a --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1064_evk.conf @@ -0,0 +1,4 @@ +# Copyright 2021 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=512 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1160_evk_cm7.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1160_evk_cm7.conf new file mode 100644 index 0000000000..480796d09c --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1160_evk_cm7.conf @@ -0,0 +1,7 @@ +# Copyright 2022 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 +CONFIG_BOOT_ERASE_PROGRESSIVELY=y +# Move swap provides better wear levelling, so use it by default +CONFIG_BOOT_SWAP_USING_MOVE=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1170_evk_cm7.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1170_evk_cm7.conf new file mode 100644 index 0000000000..480796d09c --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt1170_evk_cm7.conf @@ -0,0 +1,7 @@ +# Copyright 2022 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=1024 +CONFIG_BOOT_ERASE_PROGRESSIVELY=y +# Move swap provides better wear levelling, so use it by default +CONFIG_BOOT_SWAP_USING_MOVE=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt685_evk_cm33.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt685_evk_cm33.conf new file mode 100644 index 0000000000..f93c663d7d --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/mimxrt685_evk_cm33.conf @@ -0,0 +1,4 @@ +# Copyright 2021 NXP +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=8192 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf51dk_nrf51422.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf51dk_nrf51422.conf new file mode 100644 index 0000000000..bd4eaac8dd --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf51dk_nrf51422.conf @@ -0,0 +1,6 @@ +# Due the small boot partition, we can't enable logging or the debug +# optimization level out off the box. You need to increase the boot +# partition size with a zephyr DTS overlay to make MCUboot's debug +# builds fit. +CONFIG_LOG=n +CONFIG_SIZE_OPTIMIZATIONS=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_big.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_big.overlay new file mode 100644 index 0000000000..8ad19fca28 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_big.overlay @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/delete-node/ &boot_partition; +/delete-node/ &slot0_partition; +/delete-node/ &slot1_partition; + +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x000000000 0x00010000>; + }; + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x000010000 0x000074000>; + }; + slot1_partition: partition@75000 { + label = "image-1"; + reg = <0x00084000 0x000074000>; + }; + }; +}; + +&zephyr_udc0 { + cdc_acm_uart0 { + compatible = "zephyr,cdc-acm-uart"; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_single_slot.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_single_slot.overlay new file mode 100644 index 0000000000..8e7cc333c4 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840_single_slot.overlay @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/delete-node/ &boot_partition; +/delete-node/ &slot0_partition; +/delete-node/ &slot1_partition; + +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x000000000 0x00010000>; + }; + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x000010000 0x0000E8000>; + }; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_hooks_sample_overlay.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_hooks_sample_overlay.conf new file mode 100644 index 0000000000..fd336db8b9 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_hooks_sample_overlay.conf @@ -0,0 +1,6 @@ +CONFIG_UPDATEABLE_IMAGE_NUMBER=2 + +CONFIG_FLASH_SIMULATOR=y +CONFIG_FLASH_SIMULATOR_UNALIGNED_READ=y + +CONFIG_BOOT_IMAGE_ACCESS_HOOKS=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_nrf52840.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_nrf52840.conf new file mode 100644 index 0000000000..3bd75a29d6 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_nrf52840.conf @@ -0,0 +1,2 @@ +# Ensure that the qspi driver is disabled by default +CONFIG_NORDIC_QSPI_NOR=n diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor.conf new file mode 100644 index 0000000000..3205eafd60 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor.conf @@ -0,0 +1,3 @@ +CONFIG_NORDIC_QSPI_NOR=y +CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 +CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor_secondary.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor_secondary.overlay new file mode 100644 index 0000000000..7c9a87c32e --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_nor_secondary.overlay @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/delete-node/ &boot_partition; +/delete-node/ &slot0_partition; +/delete-node/ &slot1_partition; +/delete-node/ &scratch_partition; + +&flash0 { + partitions { + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x000000000 0x00010000>; + }; + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x000010000 0x0000e8000>; + }; + }; +}; + +&mx25r64 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + slot1_partition: partition@0 { + label = "image-1"; + reg = <0x000000000 0x0000e8000>; + }; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_secondary_boot.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_secondary_boot.conf new file mode 100644 index 0000000000..9f984be4fe --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_qspi_secondary_boot.conf @@ -0,0 +1,2 @@ +CONFIG_MULTITHREADING=y +CONFIG_BOOT_MAX_IMG_SECTORS=256 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram.overlay new file mode 100644 index 0000000000..d489e97e73 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram.overlay @@ -0,0 +1,54 @@ +/* + * Copyright (c) 2021 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/delete-node/ &slot1_partition; +/delete-node/ &slot0_partition; +/delete-node/ &boot_partition; + +&flash0 { + partitions { + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x000000000 0x00010000>; + }; + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x000010000 0x00000A000>; + }; + }; +}; + +/ { + soc { + flash_controller2: flash-controller@2 { + compatible = "zephyr,sim-flash"; + reg = <0x00000000 DT_SIZE_K(40)>; + + #address-cells = <1>; + #size-cells = <1>; + erase-value = <0xff>; + + flash_sim0: flash_sim@0 { + status = "okay"; + compatible = "soc-nv-flash"; + erase-block-size = <4096>; + write-block-size = <1>; + reg = <0x00000000 DT_SIZE_K(40)>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + slot1_partition: partition@0 { + label = "image-1"; + reg = <0x00000000 0x00000A000>; + }; + }; + }; + }; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram_multi.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram_multi.overlay new file mode 100644 index 0000000000..aeb0b05b42 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dk_ram_multi.overlay @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2021 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/delete-node/ &slot1_partition; +/delete-node/ &slot0_partition; +/delete-node/ &boot_partition; + +&flash0 { + partitions { + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x000000000 0x00010000>; + }; + slot0_partition: partition@10000 { + label = "image-0"; + reg = <0x000010000 0x00000A000>; + }; + slot1_partition: partition@1A000 { + label = "image-1"; + reg = <0x00001A000 0x00000A000>; + }; + slot3_partition: partition@24000 { + label = "image-3"; + reg = <0x000024000 0x00000A000>; + }; + }; +}; + +/ { + soc { + flash_controller2: flash-controller@2 { + compatible = "zephyr,sim-flash"; + reg = <0x00000000 DT_SIZE_K(40)>; + + #address-cells = <1>; + #size-cells = <1>; + erase-value = <0xff>; + + flash_sim0: flash_sim@0 { + status = "okay"; + compatible = "soc-nv-flash"; + erase-block-size = <4096>; + write-block-size = <1>; + reg = <0x00000000 DT_SIZE_K(40)>; + + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + slot2_partition: partition@0 { + label = "image-2"; + reg = <0x00000000 0x00000A000>; + }; + }; + }; + }; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dongle_nrf52840.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dongle_nrf52840.conf new file mode 100644 index 0000000000..c1a9384471 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52840dongle_nrf52840.conf @@ -0,0 +1,31 @@ +# The UART is used for Serial Recovery, so logging requires +# an RTT console, which is not available out of the box on this board. +# Disable logging. +CONFIG_LOG=n + +# The build won't fit on the partition allocated for it without size +# optimizations. +CONFIG_SIZE_OPTIMIZATIONS=y + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_NRFX=y +CONFIG_UART_INTERRUPT_DRIVEN=y +CONFIG_UART_LINE_CTRL=y + +# MCUBoot serial +CONFIG_GPIO=y +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_CDC_ACM=y + +# Required by USB +CONFIG_MULTITHREADING=y + +# USB +CONFIG_USB_DEVICE_STACK=y +CONFIG_USB_DEVICE_REMOTE_WAKEUP=n +CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" +CONFIG_USB_COMPOSITE_DEVICE=n +CONFIG_USB_MASS_STORAGE=n + +CONFIG_NORDIC_QSPI_NOR=n diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52_minimal_footprint.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52_minimal_footprint.conf new file mode 100644 index 0000000000..c315b441a2 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/nrf52_minimal_footprint.conf @@ -0,0 +1,65 @@ +# Minimal MCUBoot flash footprint configuration +# for nRF52832 SoC targets +# This is not recomendet configuration because of security and reliability +# reasons. + + +# Generated by Kconfiglib (https://github.com/ulfalizer/Kconfiglib) +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y +CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem" + +# In any real project CONFIG_BOOT_VALIDATE_SLOT0 enabling is recommended +# by security reason. +# CONFIG_BOOT_VALIDATE_SLOT0 is not set + +# In most of projects CONFIG_BOOT_UPGRADE_ONLY disabling is recommended +# by reliability reason. +CONFIG_BOOT_UPGRADE_ONLY=y + +# CONFIG_ZEPHYR_TRY_MASS_ERASE is not set +# CONFIG_BOARD_ENABLE_DCDC is not set +CONFIG_SOC_SERIES_NRF52X=y +CONFIG_SOC_NRF52832_QFAA=y +CONFIG_ARM=y +CONFIG_ARM_MPU=n +CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_THREAD_STACK_INFO=n +# CONFIG_TICKLESS_KERNEL is not set +CONFIG_FLASH=y + +CONFIG_CONSOLE=n +CONFIG_DEBUG=n +CONFIG_EARLY_CONSOLE=n +CONFIG_PRINTK=n + +CONFIG_SYS_CLOCK_EXISTS=n + +# Drivers and peripherals +CONFIG_I2C=n +CONFIG_WATCHDOG=n +CONFIG_GPIO=n +CONFIG_PINMUX=n +CONFIG_SPI=n +CONFIG_SERIAL=n + +# Power management +CONFIG_PM=n + +# Interrupts +CONFIG_DYNAMIC_INTERRUPTS=n +CONFIG_IRQ_OFFLOAD=n + +# Memory protection +CONFIG_MEMORY_PROTECTION=n +CONFIG_THREAD_CUSTOM_DATA=n +CONFIG_FPU=n + +# Boot +CONFIG_BOOT_BANNER=n +CONFIG_BOOT_DELAY=0 + +# Console +CONFIG_STDOUT_CONSOLE=n + +# Build +CONFIG_SIZE_OPTIMIZATIONS=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/pinnacle_100_dvk.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/pinnacle_100_dvk.conf new file mode 100644 index 0000000000..00a8dfb461 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/pinnacle_100_dvk.conf @@ -0,0 +1,6 @@ +CONFIG_MULTITHREADING=y +# Enable QSPI (MX25R64) - Slot 1 in QSPI +CONFIG_NORDIC_QSPI_NOR=y +CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 +CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=4 +CONFIG_BOOT_MAX_IMG_SECTORS=256 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/sparkfun_thing_plus_nrf9160.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/sparkfun_thing_plus_nrf9160.conf new file mode 100644 index 0000000000..656239c81d --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/sparkfun_thing_plus_nrf9160.conf @@ -0,0 +1,16 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n + +# Multithreading +CONFIG_MULTITHREADING=y + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_DETECT_DELAY=450 +CONFIG_MCUBOOT_INDICATION_LED=y + +# Size of mcuboot partition +CONFIG_SIZE_OPTIMIZATIONS=y \ No newline at end of file diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/thingy53_nrf5340_cpuapp.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/thingy53_nrf5340_cpuapp.conf new file mode 100644 index 0000000000..cde9d45b0e --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/thingy53_nrf5340_cpuapp.conf @@ -0,0 +1,72 @@ +CONFIG_SIZE_OPTIMIZATIONS=y + +CONFIG_SYSTEM_CLOCK_NO_WAIT=y +CONFIG_PM=n + +CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" + +CONFIG_BOOT_MAX_IMG_SECTORS=2048 +CONFIG_BOOT_SIGNATURE_TYPE_RSA=y + +# Flash +CONFIG_FLASH=y +CONFIG_BOOT_ERASE_PROGRESSIVELY=y +CONFIG_SOC_FLASH_NRF_EMULATE_ONE_BYTE_WRITE_ACCESS=y +CONFIG_FPROTECT=y + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_LINE_CTRL=y + +# MCUBoot serial +CONFIG_GPIO=y +CONFIG_MCUBOOT_SERIAL=y +CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y +CONFIG_BOOT_SERIAL_CDC_ACM=y + +# Required by QSPI +CONFIG_NORDIC_QSPI_NOR=y +CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 +CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 + +# Required by USB and QSPI +CONFIG_MULTITHREADING=y + +# USB +CONFIG_USB_DEVICE_REMOTE_WAKEUP=n +CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor ASA" +CONFIG_USB_DEVICE_PRODUCT="Bootloader Thingy:53" +CONFIG_USB_DEVICE_VID=0x1915 +CONFIG_USB_DEVICE_PID=0x5300 +CONFIG_USB_CDC_ACM=y + +# Decrease memory footprint +CONFIG_CBPRINTF_NANO=y +CONFIG_TIMESLICING=n +CONFIG_BOOT_BANNER=n +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n +CONFIG_USE_SEGGER_RTT=n +CONFIG_LOG=n +CONFIG_ERRNO=n +CONFIG_PRINTK=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_SPI=n +CONFIG_I2C=n +CONFIG_UART_NRFX=n + +# The following configurations are required to support simultaneous multi image update +CONFIG_PCD_APP=y +CONFIG_UPDATEABLE_IMAGE_NUMBER=2 +CONFIG_BOOT_UPGRADE_ONLY=y +# The network core cannot access external flash directly. The flash simulator must be used to +# provide a memory region that is used to forward the new firmware to the network core. +CONFIG_FLASH_SIMULATOR=y +CONFIG_FLASH_SIMULATOR_DOUBLE_WRITES=y +CONFIG_FLASH_SIMULATOR_STATS=n + +# Enable custom command to erase settings partition. +CONFIG_ENABLE_MGMT_PERUSER=y +CONFIG_BOOT_MGMT_CUSTOM_STORAGE_ERASE=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/tlsr9518adk80d.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/tlsr9518adk80d.conf new file mode 100644 index 0000000000..d0f5330829 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/boards/tlsr9518adk80d.conf @@ -0,0 +1,4 @@ +# Copyright 2022 Telink Semiconductor +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_BOOT_MAX_IMG_SECTORS=4096 diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/hooks_sample.c b/zephyr/samples/modules/mcuboot/mcuboot_external_config/hooks_sample.c new file mode 100644 index 0000000000..baa2b7552e --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/hooks_sample.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 2021 Nordic Semiconductor ASA + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include "bootutil/image.h" +#include "bootutil/bootutil.h" +#include "bootutil/fault_injection_hardening.h" +#include "flash_map_backend/flash_map_backend.h" + +/* @retval 0: header was read/populated + * FIH_FAILURE: image is invalid, + * BOOT_HOOK_REGULAR if hook not implemented for the image-slot, + * othervise an error-code value. + */ +int boot_read_image_header_hook(int img_index, int slot, + struct image_header *img_hed) +{ + if (img_index == 1 && slot == 0) { + img_hed->ih_magic = IMAGE_MAGIC; + return 0; + } + + return BOOT_HOOK_REGULAR; +} + +/* @retval FIH_SUCCESS: image is valid, + * FIH_FAILURE: image is invalid, + * fih encoded BOOT_HOOK_REGULAR if hook not implemented for + * the image-slot. + */ +fih_int boot_image_check_hook(int img_index, int slot) +{ + if (img_index == 1 && slot == 0) { + FIH_RET(FIH_SUCCESS); + } + + FIH_RET(fih_int_encode(BOOT_HOOK_REGULAR)); +} + +int boot_perform_update_hook(int img_index, struct image_header *img_head, + const struct flash_area *area) +{ + if (img_index == 1) { + return 0; + } + + return BOOT_HOOK_REGULAR; +} + +int boot_read_swap_state_primary_slot_hook(int image_index, + struct boot_swap_state *state) +{ + if (image_index == 1) { + state->magic = BOOT_MAGIC_UNSET; + state->swap_type = BOOT_SWAP_TYPE_NONE; + state->image_num = image_index ; // ? + state->copy_done = BOOT_FLAG_UNSET; + state->image_ok = BOOT_FLAG_UNSET; + + return 0; + } + + return BOOT_HOOK_REGULAR; +} + +int boot_copy_region_post_hook(int img_index, const struct flash_area *area, + size_t size) +{ + return 0; +} + +int boot_serial_uploaded_hook(int img_index, const struct flash_area *area, + size_t size) +{ + return 0; +} + +int boot_img_install_stat_hook(int image_index, int slot, int *img_install_stat) +{ + return BOOT_HOOK_REGULAR; +} diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/keys.c b/zephyr/samples/modules/mcuboot/mcuboot_external_config/keys.c new file mode 100644 index 0000000000..b7a9edf791 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/keys.c @@ -0,0 +1,209 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include + +/* + * Even though this is in principle a Zephyr-specific file, the + * simulator builds it and uses it as well. Because of that, we can't + * use Kconfig symbols for key types, and have to rely on the MCUBoot + * symbols (which Zephyr provides via this header, and the simulator + * provides via the compiler command line). + */ +#include + +#if !defined(MCUBOOT_HW_KEY) +#if defined(MCUBOOT_SIGN_RSA) +#define HAVE_KEYS +extern const unsigned char rsa_pub_key[]; +extern unsigned int rsa_pub_key_len; +#elif defined(MCUBOOT_SIGN_EC256) +#define HAVE_KEYS +extern const unsigned char ecdsa_pub_key[]; +extern unsigned int ecdsa_pub_key_len; +#elif defined(MCUBOOT_SIGN_ED25519) +#define HAVE_KEYS +extern const unsigned char ed25519_pub_key[]; +extern unsigned int ed25519_pub_key_len; +#endif + +/* + * NOTE: *_pub_key and *_pub_key_len are autogenerated based on the provided + * key file. If no key file was configured, the array and length must be + * provided and added to the build manually. + */ +#if defined(HAVE_KEYS) +const struct bootutil_key bootutil_keys[] = { + { +#if defined(MCUBOOT_SIGN_RSA) + .key = rsa_pub_key, + .len = &rsa_pub_key_len, +#elif defined(MCUBOOT_SIGN_EC256) + .key = ecdsa_pub_key, + .len = &ecdsa_pub_key_len, +#elif defined(MCUBOOT_SIGN_ED25519) + .key = ed25519_pub_key, + .len = &ed25519_pub_key_len, +#endif + }, +}; +const int bootutil_key_cnt = 1; +#endif /* HAVE_KEYS */ +#else +unsigned int pub_key_len; +struct bootutil_key bootutil_keys[1] = { + { + .key = 0, + .len = &pub_key_len, + } +}; +const int bootutil_key_cnt = 1; +#endif /* !MCUBOOT_HW_KEY */ + +#if defined(MCUBOOT_ENCRYPT_RSA) +unsigned char enc_priv_key[] = { + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xb4, 0x26, 0x14, 0x49, 0x3d, 0x16, 0x13, 0x3a, 0x6d, 0x9c, 0x84, 0xa9, + 0x8b, 0x6a, 0x10, 0x20, 0x61, 0xef, 0x48, 0x04, 0xa4, 0x4b, 0x24, 0xf3, + 0x00, 0x32, 0xac, 0x22, 0xe0, 0x30, 0x27, 0x70, 0x18, 0xe5, 0x55, 0xc8, + 0xb8, 0x05, 0x34, 0x03, 0xb0, 0xf8, 0xa5, 0x96, 0xd2, 0x48, 0x58, 0xef, + 0x70, 0xb0, 0x09, 0xdb, 0xe3, 0x58, 0x62, 0xef, 0x99, 0x63, 0x01, 0xb2, + 0x89, 0xc4, 0xb3, 0xf6, 0x9e, 0x62, 0xbf, 0x4d, 0xc2, 0x8a, 0xd0, 0xc9, + 0x4d, 0x43, 0xa3, 0xd8, 0xe5, 0x1d, 0xec, 0x62, 0x63, 0x08, 0xe2, 0x20, + 0xa5, 0xfc, 0x78, 0xd0, 0x3e, 0x74, 0xc8, 0xa4, 0x1b, 0x36, 0xad, 0x7b, + 0xf5, 0x06, 0xae, 0x4d, 0x51, 0x9b, 0x40, 0xce, 0x30, 0x4f, 0x6c, 0xea, + 0xf9, 0xe9, 0x74, 0xea, 0x06, 0xee, 0x9c, 0xe4, 0x14, 0x68, 0x20, 0xb9, + 0x3d, 0xe7, 0x11, 0x14, 0x8b, 0x25, 0xa3, 0xff, 0x4c, 0x8a, 0xf3, 0x53, + 0xee, 0x6b, 0x3e, 0xef, 0x34, 0xcd, 0x6a, 0x3f, 0x62, 0x68, 0xc0, 0xff, + 0x78, 0x4c, 0xb0, 0xc3, 0xe6, 0x96, 0x61, 0xfc, 0x1f, 0x18, 0xf1, 0x7a, + 0x82, 0xe2, 0x8f, 0x35, 0xa8, 0x2b, 0x86, 0x16, 0xa4, 0x46, 0xfb, 0xac, + 0x7e, 0x41, 0xdb, 0x02, 0x05, 0x91, 0x6d, 0xdf, 0xc1, 0xde, 0x13, 0x95, + 0x9c, 0xf9, 0x9e, 0x5e, 0x72, 0xba, 0xa7, 0x25, 0x93, 0xfb, 0xdc, 0xe8, + 0xab, 0x86, 0x45, 0x88, 0x47, 0x2d, 0xed, 0xee, 0xee, 0x97, 0x9e, 0xce, + 0x5d, 0x9b, 0x04, 0x04, 0x40, 0x7c, 0xcb, 0x7c, 0x3d, 0x2c, 0x74, 0xab, + 0xa4, 0xcc, 0x64, 0xa3, 0x5c, 0x95, 0x3d, 0xd4, 0xa2, 0xdc, 0x92, 0xb2, + 0xc8, 0x18, 0xcb, 0xf9, 0x00, 0x39, 0x81, 0x8f, 0x8f, 0x40, 0xc2, 0xdf, + 0x99, 0x29, 0xac, 0x8a, 0xc2, 0x3b, 0xd8, 0xa4, 0xf2, 0xad, 0xaf, 0x74, + 0xc0, 0x11, 0xc7, 0x99, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x42, 0x47, 0x80, 0x4f, 0x31, 0xda, 0x5d, 0x58, 0xb1, 0xdb, 0x54, + 0x33, 0xcc, 0xc7, 0x49, 0x07, 0xa1, 0x00, 0x98, 0x4e, 0x9c, 0xe3, 0xc8, + 0xc4, 0x5e, 0xde, 0x45, 0xd6, 0xcf, 0x04, 0xe8, 0x7d, 0xa5, 0xab, 0x3a, + 0xd4, 0x8e, 0x5f, 0xdb, 0xb3, 0x3f, 0xf9, 0x3b, 0x73, 0x32, 0x0a, 0xcc, + 0x2d, 0xcc, 0x17, 0xf8, 0x88, 0x9e, 0x2c, 0x76, 0xba, 0x10, 0x85, 0x0c, + 0xaa, 0xd3, 0x65, 0x3b, 0x91, 0x10, 0xd4, 0xe3, 0xed, 0x88, 0x15, 0xea, + 0x9b, 0x25, 0x82, 0x2d, 0x56, 0x2f, 0x75, 0xc2, 0xf2, 0xaf, 0xdd, 0x24, + 0xd5, 0x3e, 0x3c, 0x95, 0x76, 0x88, 0x84, 0x0f, 0x0d, 0xd1, 0xb5, 0x5c, + 0x3e, 0xae, 0xf7, 0xb6, 0x49, 0x5c, 0x2c, 0xf2, 0xba, 0xe9, 0xab, 0x4f, + 0x37, 0x64, 0x9b, 0x30, 0x18, 0xaa, 0x54, 0x40, 0x04, 0xea, 0x3d, 0x25, + 0x4d, 0x02, 0x29, 0x71, 0x6f, 0x4d, 0x82, 0x9b, 0xc3, 0x44, 0x2a, 0x9d, + 0x0c, 0x98, 0xd3, 0xc8, 0x15, 0x0d, 0x04, 0x93, 0x60, 0x30, 0xc7, 0x5e, + 0x79, 0xea, 0x53, 0x9d, 0xc0, 0x0e, 0x81, 0xac, 0x90, 0xbc, 0x9e, 0x1e, + 0xd2, 0x28, 0x0f, 0x10, 0xf5, 0x1f, 0xdf, 0x38, 0x7f, 0x8a, 0x90, 0x8d, + 0x49, 0x07, 0x7d, 0x78, 0xcb, 0xa7, 0xef, 0x92, 0x6d, 0x3b, 0x13, 0x95, + 0x9b, 0xba, 0x83, 0xc6, 0xb3, 0x71, 0x25, 0x27, 0x07, 0x99, 0x54, 0x82, + 0x3d, 0xec, 0xc5, 0xf8, 0xb4, 0xa0, 0x38, 0x7a, 0x59, 0x6a, 0x0b, 0xca, + 0x69, 0x6c, 0x17, 0xa4, 0x18, 0xe0, 0xb4, 0xaa, 0x89, 0x99, 0x8f, 0xcb, + 0x71, 0x34, 0x09, 0x1b, 0x6e, 0xe6, 0x87, 0x00, 0xb5, 0xba, 0x70, 0x8a, + 0x29, 0x3d, 0x9a, 0x06, 0x18, 0x2d, 0x66, 0x5e, 0x61, 0x37, 0xeb, 0xdd, + 0x5e, 0xc8, 0x28, 0x92, 0x05, 0x30, 0xfd, 0xb8, 0x65, 0xb1, 0x7f, 0xbf, + 0x2d, 0x55, 0x12, 0x91, 0xc1, 0x02, 0x81, 0x81, 0x00, 0xda, 0x65, 0xda, + 0x38, 0x7c, 0x18, 0xfb, 0x00, 0x11, 0x60, 0xeb, 0x37, 0x65, 0xb8, 0x83, + 0x62, 0x88, 0xc4, 0x3a, 0x4e, 0x64, 0x6a, 0xf3, 0x3e, 0x4e, 0xc0, 0x34, + 0x19, 0x8a, 0xcb, 0x4a, 0xca, 0x2f, 0x5d, 0x50, 0x7a, 0xac, 0xf7, 0x9e, + 0x87, 0x5a, 0xfc, 0x4d, 0x49, 0xd7, 0xf9, 0x21, 0xf5, 0x0b, 0x6f, 0x57, + 0x41, 0x3d, 0x8f, 0xb8, 0xec, 0x7f, 0xcc, 0x92, 0x09, 0xbe, 0xd3, 0xa4, + 0xc3, 0x14, 0x85, 0x21, 0x5d, 0x05, 0xa3, 0xaa, 0x20, 0xf6, 0x62, 0x44, + 0x50, 0x03, 0x5e, 0x53, 0x4a, 0xcd, 0x6a, 0xb6, 0x65, 0x8e, 0x4e, 0x4b, + 0x3f, 0x25, 0xc6, 0x16, 0x31, 0xf5, 0x99, 0x13, 0x77, 0x42, 0xda, 0xdc, + 0x70, 0x4d, 0x65, 0xb0, 0x99, 0x0f, 0xdf, 0x5a, 0xb1, 0x45, 0xf0, 0xb9, + 0x8e, 0xa0, 0xae, 0x4f, 0x4d, 0x65, 0x09, 0x84, 0xb5, 0x38, 0x29, 0xbf, + 0x69, 0xe0, 0x88, 0x1f, 0x27, 0x02, 0x81, 0x81, 0x00, 0xd3, 0x2a, 0x59, + 0xec, 0x28, 0xc3, 0x0d, 0x4f, 0x92, 0x96, 0xca, 0x67, 0x94, 0xfc, 0x2e, + 0xa6, 0x86, 0x68, 0x45, 0x53, 0x92, 0xcc, 0x86, 0x7f, 0x8a, 0xe1, 0x5d, + 0xe8, 0x1d, 0x9e, 0xbb, 0x1e, 0x00, 0x26, 0x1d, 0x80, 0x12, 0xff, 0x9c, + 0x11, 0x0a, 0xbd, 0xa6, 0xc3, 0x8d, 0x48, 0xda, 0xfc, 0x10, 0xf7, 0x7a, + 0x16, 0x07, 0x15, 0xa0, 0x3a, 0xd3, 0x94, 0xfb, 0x52, 0x87, 0x39, 0xee, + 0xe7, 0xc4, 0x26, 0x49, 0x16, 0xc6, 0xc0, 0x83, 0x25, 0xbf, 0x6a, 0x4e, + 0x8c, 0x0b, 0x10, 0x85, 0x66, 0xab, 0x7e, 0xae, 0xac, 0x4c, 0x69, 0x3c, + 0x44, 0xeb, 0xcd, 0xe9, 0xf6, 0x64, 0x8b, 0x4a, 0xd8, 0x6a, 0x4d, 0x6d, + 0x47, 0xa9, 0xb8, 0x55, 0x72, 0xc1, 0xfd, 0xf4, 0x81, 0x4c, 0x66, 0xbe, + 0x49, 0xf2, 0x75, 0x4f, 0x80, 0xf1, 0x20, 0x38, 0xb8, 0x6a, 0x1b, 0x75, + 0x41, 0x30, 0x0f, 0x1b, 0x3f, 0x02, 0x81, 0x80, 0x09, 0x35, 0xfa, 0x7a, + 0x1f, 0x61, 0xbe, 0x54, 0x46, 0x67, 0x5c, 0x04, 0x3e, 0x1a, 0x06, 0x10, + 0x85, 0xcc, 0x20, 0xd9, 0x65, 0x8a, 0xcd, 0x2f, 0x77, 0x8a, 0xcb, 0xa7, + 0xb8, 0x1e, 0xd2, 0xcc, 0xac, 0x2a, 0xb7, 0x56, 0x35, 0x2d, 0x4c, 0x56, + 0x51, 0x14, 0x0a, 0xfe, 0x6e, 0x49, 0x67, 0x91, 0x3a, 0x26, 0x3b, 0xfb, + 0xd8, 0x68, 0xd3, 0x57, 0xc6, 0x1c, 0x0e, 0x9c, 0xb2, 0x9b, 0xa2, 0x7b, + 0x47, 0xc6, 0x45, 0x9d, 0xf2, 0xba, 0xf0, 0x55, 0xeb, 0x8e, 0x41, 0x6b, + 0x4e, 0x79, 0x0f, 0xf2, 0x3b, 0xaf, 0xa0, 0x79, 0xb0, 0x02, 0xc5, 0x51, + 0xa8, 0x7a, 0x2e, 0x3d, 0x75, 0x2a, 0x3b, 0x93, 0xf0, 0x11, 0xe2, 0xf2, + 0x29, 0x91, 0x7c, 0x5d, 0x38, 0x3a, 0x27, 0x4d, 0x0a, 0xb2, 0x18, 0x61, + 0x57, 0x8d, 0x82, 0x72, 0xb5, 0x2c, 0x2d, 0x98, 0xa7, 0x01, 0xbb, 0xbc, + 0xef, 0x67, 0x4e, 0x49, 0x02, 0x81, 0x81, 0x00, 0xb2, 0x70, 0x53, 0x54, + 0x70, 0x8d, 0x82, 0xad, 0xff, 0x1d, 0x55, 0x24, 0x7a, 0x8d, 0x2f, 0x8e, + 0xa0, 0x7d, 0x74, 0x37, 0xcf, 0x10, 0xed, 0x86, 0xd1, 0x80, 0xe7, 0xad, + 0xc1, 0x79, 0xe4, 0x7c, 0xd1, 0x7b, 0x63, 0xea, 0x5a, 0x23, 0x8d, 0x6a, + 0x09, 0x3d, 0x81, 0xb2, 0x35, 0xad, 0x9e, 0xfe, 0xea, 0x07, 0x76, 0x2f, + 0x2f, 0x05, 0x63, 0x44, 0xd2, 0x8e, 0x4e, 0x61, 0xca, 0xcb, 0x75, 0xca, + 0x7b, 0xc2, 0x2e, 0x79, 0x04, 0xb2, 0xa1, 0x20, 0x40, 0xc4, 0x40, 0x63, + 0xae, 0xe5, 0xe3, 0x14, 0x83, 0x4e, 0xa5, 0xa4, 0x0b, 0x5d, 0xd2, 0x04, + 0x1b, 0x8f, 0x01, 0x69, 0xa8, 0x44, 0xdc, 0x96, 0x4c, 0x1d, 0xe9, 0x7e, + 0x69, 0x38, 0xcf, 0x5c, 0x0d, 0xf9, 0xdf, 0xa7, 0x73, 0x3c, 0x4f, 0x08, + 0x85, 0xce, 0x03, 0xc4, 0xdd, 0xfd, 0x70, 0x70, 0xc5, 0x99, 0x36, 0x58, + 0x43, 0x98, 0x40, 0x59, 0x02, 0x81, 0x81, 0x00, 0xd5, 0xaa, 0xfb, 0xec, + 0x8d, 0xc6, 0xdd, 0xfa, 0x2b, 0x5a, 0x24, 0xd0, 0xda, 0x58, 0xbd, 0x87, + 0x92, 0x1a, 0x29, 0x62, 0x13, 0x1d, 0x4b, 0x79, 0x1b, 0xbe, 0x79, 0x7d, + 0xad, 0x79, 0xca, 0x17, 0x75, 0xda, 0xe8, 0x32, 0xe8, 0xa0, 0x9e, 0xa8, + 0x77, 0x53, 0xac, 0x38, 0xd6, 0xeb, 0xe6, 0x22, 0x65, 0xc4, 0xaa, 0x4c, + 0xc8, 0xd0, 0x33, 0x1a, 0x1e, 0xbe, 0xbd, 0x73, 0x09, 0x4a, 0xfa, 0x85, + 0x5c, 0xf3, 0x0c, 0x9c, 0x81, 0x56, 0x30, 0xa7, 0xf7, 0x9b, 0xf4, 0x92, + 0x9c, 0x6b, 0x93, 0x6a, 0x00, 0x33, 0xdc, 0x2f, 0x54, 0x1e, 0x78, 0xd4, + 0x97, 0xec, 0x24, 0xa2, 0xdb, 0x3d, 0x03, 0x33, 0x09, 0xb2, 0x2c, 0x03, + 0x05, 0x40, 0xde, 0x52, 0xf2, 0x9b, 0xfa, 0x00, 0x8d, 0x4b, 0xfe, 0x5b, + 0x9b, 0x9c, 0x73, 0xad, 0xfb, 0x7a, 0x00, 0x42, 0x62, 0x9e, 0xa0, 0x95, + 0x55, 0x50, 0x32, 0x87 +}; +static unsigned int enc_priv_key_len = 1192; + +const struct bootutil_key bootutil_enc_key = { + .key = enc_priv_key, + .len = &enc_priv_key_len, +}; +#elif defined(MCUBOOT_ENCRYPT_EC256) +extern const unsigned char enc_priv_key[]; +extern unsigned int enc_priv_key_len; +const struct bootutil_key bootutil_enc_key = { + .key = enc_priv_key, + .len = &enc_priv_key_len, +}; +#elif defined(MCUBOOT_ENCRYPT_X25519) +unsigned char enc_key[] = { + 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, + 0x04, 0x22, 0x04, 0x20, 0x28, 0x80, 0x2f, 0xef, 0xef, 0x82, 0x95, 0x50, + 0xf1, 0x41, 0x93, 0x03, 0x6c, 0x1b, 0xb9, 0x49, 0x6c, 0x51, 0xe5, 0x26, + 0x87, 0x8f, 0x77, 0x07, 0xf8, 0xb4, 0x1f, 0x04, 0x45, 0x6d, 0x84, 0x4f, +}; +static unsigned int enc_key_len = 48; +const struct bootutil_key bootutil_enc_key = { + .key = enc_key, + .len = &enc_key_len, +}; +#elif defined(MCUBOOT_ENCRYPT_KW) +#error "Encrypted images with AES-KW is not implemented yet." +#endif diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/nrf52840dk_nrf52840_cc310_ecdsa.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/nrf52840dk_nrf52840_cc310_ecdsa.conf new file mode 100644 index 0000000000..d195965315 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/nrf52840dk_nrf52840_cc310_ecdsa.conf @@ -0,0 +1,2 @@ +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y +CONFIG_BOOT_ECDSA_CC310=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/prj.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/prj.conf new file mode 100644 index 0000000000..0166765640 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/prj.conf @@ -0,0 +1,46 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_MCUBOOT_APP=y +CONFIG_MCUBOOT_DEVICE_SETTINGS=y + +CONFIG_DEBUG=y +CONFIG_PM=n + +CONFIG_MAIN_STACK_SIZE=10240 +CONFIG_CUSTOM_MBEDTLS_CFG_FILE=y +CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" +#CONFIG_BOOT_SIGNATURE_KEY_FILE="my-rsa-2048.pem" + +CONFIG_BOOT_SWAP_SAVE_ENCTLV=n +CONFIG_BOOT_ENCRYPT_RSA=n +CONFIG_BOOT_ENCRYPT_EC256=n +CONFIG_BOOT_ENCRYPT_X25519=n + +CONFIG_BOOT_UPGRADE_ONLY=n +CONFIG_BOOT_BOOTSTRAP=n + +### mbedTLS has its own heap +# CONFIG_HEAP_MEM_POOL_SIZE is not set + +### We never want Zephyr's copy of tinycrypt. If tinycrypt is needed, +### MCUboot has its own copy in tree. +# CONFIG_TINYCRYPT is not set +# CONFIG_TINYCRYPT_ECC_DSA is not set +# CONFIG_TINYCRYPT_SHA256 is not set + +CONFIG_FLASH=y + +### Various Zephyr boards enable features that we don't want. +# CONFIG_BT is not set +# CONFIG_BT_CTLR is not set +# CONFIG_I2C is not set + +CONFIG_LOG=y +CONFIG_LOG_MODE_MINIMAL=y # former CONFIG_MODE_MINIMAL +### Ensure Zephyr logging changes don't use more resources +CONFIG_LOG_DEFAULT_LEVEL=0 +### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y +CONFIG_CBPRINTF_NANO=y + diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/ram_load.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/ram_load.conf new file mode 100644 index 0000000000..4cca450b3a --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/ram_load.conf @@ -0,0 +1,6 @@ +# Enables RAM load mode and specifies 16 MB of memory from 0x80000000 +# as a valid location for the firmware to be loaded into. + +CONFIG_BOOT_RAM_LOAD=y +CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START=0x80000000 +CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE=16777216 \ No newline at end of file diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/sample.yaml b/zephyr/samples/modules/mcuboot/mcuboot_external_config/sample.yaml new file mode 100644 index 0000000000..aebe21ed5d --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/sample.yaml @@ -0,0 +1,62 @@ +# Copyright (c) 2022 Legrand North America, LLC. +# SPDX-License-Identifier: Apache-2.0 + +sample: + description: MCUBoot external config + name: MCUBoot external config + +tests: + mcuboot.sample.modules.mcuboot.mcuboot_external_config: + tags: bootloader_mcuboot + platform_allow: nrf52840dk_nrf52840 frdm_k64f disco_l475_iot1 + integration_platforms: + - nrf52840dk_nrf52840 + - frdm_k64f + - disco_l475_iot1 + mcuboot.sample.modules.mcuboot.serial_recovery: + extra_args: OVERLAY_CONFIG=serial_recovery.conf + platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 + tags: bootloader_mcuboot + mcuboot.sample.modules.mcuboot.usb_cdc_acm_recovery: + tags: bootloader_mcuboot + platform_allow: nrf52840dongle_nrf52840 + extra_args: DTC_OVERLAY_FILE="./usb_cdc_acm.overlay;app.overlay" + integration_platforms: + - nrf52840dongle_nrf52840 + mcuboot.sample.modules.mcuboot.usb_cdc_acm_recovery_log: + extra_args: OVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf + DTC_OVERLAY_FILE="./boards/nrf52840_big.overlay;app.overlay" + platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 + tags: bootloader_mcuboot + mcuboot.sample.modules.mcuboot.single_slot: + extra_args: OVERLAY_CONFIG=./single_slot.conf + DTC_OVERLAY_FILE="./boards/nrf52840_single_slot.overlay;app.overlay" + platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 + tags: bootloader_mcuboot + mcuboot.sample.modules.mcuboot.qspi_nor_slot: + extra_args: DTC_OVERLAY_FILE="./boards/nrf52840dk_qspi_nor_secondary.overlay;app.overlay" + OVERLAY_CONFIG="./boards/nrf52840dk_qspi_nor.conf;./boards/nrf52840dk_qspi_secondary_boot.conf" + platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 + tags: bootloader_mcuboot + mcuboot.sample.modules.mcuboot.hooks_multi: + extra_args: DTC_OVERLAY_FILE="./boards/nrf52840dk_ram_multi.overlay;app.overlay" + OVERLAY_CONFIG=./boards/nrf52840dk_hooks_sample_overlay.conf + TEST_BOOT_IMAGE_ACCESS_HOOKS=Y + platform_allow: nrf52840dk_nrf52840 + integration_platforms: + - nrf52840dk_nrf52840 + tags: bootloader_mcuboot + mcuboot.sample.modules.mcuboot.ram_load: + extra_args: OVERLAY_CONFIG=./ram_load.conf + tags: bootloader_mcuboot + platform_allow: mimxrt1020_evk + integration_platforms: + - mimxrt1020_evk diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/serial_recovery.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/serial_recovery.conf new file mode 100644 index 0000000000..ddd08fcf61 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/serial_recovery.conf @@ -0,0 +1,3 @@ +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_UART=y +CONFIG_UART_CONSOLE=n diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/single_slot.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/single_slot.conf new file mode 100644 index 0000000000..34cc92a655 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/single_slot.conf @@ -0,0 +1 @@ +CONFIG_SINGLE_APPLICATION_SLOT=y diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm.overlay b/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm.overlay new file mode 100644 index 0000000000..800d63caf0 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm.overlay @@ -0,0 +1,5 @@ +&zephyr_udc0 { + cdc_acm_uart0 { + compatible = "zephyr,cdc-acm-uart"; + }; +}; diff --git a/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm_log_recovery.conf b/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm_log_recovery.conf new file mode 100644 index 0000000000..ae412fed59 --- /dev/null +++ b/zephyr/samples/modules/mcuboot/mcuboot_external_config/usb_cdc_acm_log_recovery.conf @@ -0,0 +1,16 @@ +CONFIG_LOG=y + +# The build won't fit on the partition allocated for it without size +# optimizations. +CONFIG_SIZE_OPTIMIZATIONS=y + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_LINE_CTRL=y + +# MCUBoot serial +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_CDC_ACM=y + +CONFIG_LOG_BACKEND_UART=y +CONFIG_LOG_BACKEND_RTT=n