[nrf mergeup] merge upsteram up to commit 9686e70

Signed-off-by: Andrzej Puzdrowski <[email protected]>

Author: nvlsianpu

.travis.yml

@@ -12,9 +12,9 @@ matrix:
     # Runs each value defined in $SINGLE_FEATURES by itself in the order
     # the were defined.
     - os: linux
-      env: SINGLE_FEATURES="sig-ecdsa enc-kw bootstrap" TEST=sim
+      env: SINGLE_FEATURES="sig-ecdsa sig-ed25519 enc-kw bootstrap" TEST=sim
     - os: linux
-      env: SINGLE_FEATURES="none sig-rsa overwrite-only validate-primary-slot" TEST=sim
+      env: SINGLE_FEATURES="none sig-rsa sig-rsa3072 overwrite-only validate-primary-slot" TEST=sim
     - os: linux
       env: SINGLE_FEATURES="enc-rsa" TEST=sim
 
@@ -43,7 +43,7 @@ matrix:
       language: go
       env: TEST=mynewt
       go:
-        - "1.10"
+        - "1.11"
 
 before_install:
   - |

boot/bootutil/include/bootutil/bootutil.h

@@ -79,10 +79,12 @@ struct boot_rsp {
  * when attempting to read/write a trailer.
  */
 struct image_trailer {
-    uint8_t copy_done;
+    uint8_t swap_type;
     uint8_t pad1[MAX_FLASH_ALIGN - 1];
-    uint8_t image_ok;
+    uint8_t copy_done;
     uint8_t pad2[MAX_FLASH_ALIGN - 1];
+    uint8_t image_ok;
+    uint8_t pad3[MAX_FLASH_ALIGN - 1];
     uint8_t magic[16];
 };
 

boot/bootutil/include/bootutil/caps.h

@@ -40,6 +40,8 @@ uint32_t bootutil_get_caps(void);
 #define BOOTUTIL_CAP_ENC_RSA                (1<<5)
 #define BOOTUTIL_CAP_ENC_KW                 (1<<6)
 #define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT  (1<<7)
+#define BOOTUTIL_CAP_RSA3072                (1<<8)
+#define BOOTUTIL_CAP_ED25519                (1<<9)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/include/bootutil/image.h

@@ -72,6 +72,8 @@ struct flash_area;
 #define IMAGE_TLV_RSA2048_PSS       0x20   /* RSA2048 of hash output */
 #define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output */
 #define IMAGE_TLV_ECDSA256          0x22   /* ECDSA of hash output */
+#define IMAGE_TLV_RSA3072_PSS       0x23   /* RSA3072 of hash output */
+#define IMAGE_TLV_ED25519           0x24   /* ed25519 of hash output */
 #define IMAGE_TLV_ENC_RSA2048       0x30   /* Key encrypted with RSA-OAEP-2048 */
 #define IMAGE_TLV_ENC_KW128         0x31   /* Key encrypted with AES-KW-128 */
 

boot/bootutil/pkg.yml

@@ -47,3 +47,7 @@ pkg.deps.BOOTUTIL_USE_MBED_TLS:
 pkg.deps.BOOTUTIL_USE_TINYCRYPT:
     - "@mcuboot/ext/tinycrypt/lib"
     - "@mcuboot/ext/mbedtls"
+
+pkg.deps.BOOTUTIL_SIGN_ED25519:
+    - "@apache-mynewt-core/crypto/mbedtls"
+    - "@mcuboot/ext/fiat"

boot/bootutil/src/bootutil_misc.c

@@ -119,38 +119,49 @@ boot_flag_decode(uint8_t flag)
     return BOOT_FLAG_SET;
 }
 
-uint32_t
-boot_slots_trailer_sz(uint8_t min_write_sz)
+/**
+ * Determines if a status source table is satisfied by the specified magic
+ * code.
+ *
+ * @param tbl_val               A magic field from a status source table.
+ * @param val                   The magic value in a trailer, encoded as a
+ *                                  BOOT_MAGIC_[...].
+ *
+ * @return                      1 if the two values are compatible;
+ *                              0 otherwise.
+ */
+int
+boot_magic_compatible_check(uint8_t tbl_val, uint8_t val)
 {
-    return /* state for all sectors */
-           BOOT_STATUS_MAX_ENTRIES * BOOT_STATUS_STATE_COUNT * min_write_sz +
-#ifdef MCUBOOT_ENC_IMAGES
-           /* encryption keys */
-           BOOT_ENC_KEY_SIZE * 2                  +
-#endif
-           /* copy_done + image_ok + swap_size */
-           BOOT_MAX_ALIGN * 3                     +
-           BOOT_MAGIC_SZ;
+    switch (tbl_val) {
+    case BOOT_MAGIC_ANY:
+        return 1;
+
+    case BOOT_MAGIC_NOTGOOD:
+        return val != BOOT_MAGIC_GOOD;
+
+    default:
+        return tbl_val == val;
+    }
 }
 
-static uint32_t
-boot_scratch_trailer_sz(uint8_t min_write_sz)
+uint32_t
+boot_trailer_sz(uint8_t min_write_sz)
 {
-           /* state for one sector */
-    return BOOT_STATUS_STATE_COUNT * min_write_sz +
+    return /* state for all sectors */
+           BOOT_STATUS_MAX_ENTRIES * BOOT_STATUS_STATE_COUNT * min_write_sz +
 #ifdef MCUBOOT_ENC_IMAGES
            /* encryption keys */
            BOOT_ENC_KEY_SIZE * 2                  +
 #endif
-           /* image_ok + swap_size */
-           BOOT_MAX_ALIGN * 2                     +
+           /* swap_type + copy_done + image_ok + swap_size */
+           BOOT_MAX_ALIGN * 4                     +
            BOOT_MAGIC_SZ;
 }
 
 static uint32_t
 boot_magic_off(const struct flash_area *fap)
 {
-    assert(offsetof(struct image_trailer, magic) == 16);
     return fap->fa_size - BOOT_MAGIC_SZ;
 }
 
@@ -176,55 +187,41 @@ boot_status_off(const struct flash_area *fap)
 
     elem_sz = flash_area_align(fap);
 
-    if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
-        off_from_end = boot_scratch_trailer_sz(elem_sz);
-    } else {
-        off_from_end = boot_slots_trailer_sz(elem_sz);
-    }
+    off_from_end = boot_trailer_sz(elem_sz);
 
     assert(off_from_end <= fap->fa_size);
     return fap->fa_size - off_from_end;
 }
 
+uint32_t
+boot_swap_type_off(const struct flash_area *fap)
+{
+    return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 3;
+}
+
 static uint32_t
 boot_copy_done_off(const struct flash_area *fap)
 {
-    assert(fap->fa_id != FLASH_AREA_IMAGE_SCRATCH);
-    assert(offsetof(struct image_trailer, copy_done) == 0);
     return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2;
 }
 
 static uint32_t
 boot_image_ok_off(const struct flash_area *fap)
 {
-    assert(offsetof(struct image_trailer, image_ok) == 8);
     return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN;
 }
 
 static uint32_t
 boot_swap_size_off(const struct flash_area *fap)
 {
-    /*
-     * The "swap_size" field if located just before the trailer.
-     * The scratch slot doesn't store "copy_done"...
-     */
-    if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
-        return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2;
-    }
-
-    return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 3;
+    return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 4;
 }
 
 #ifdef MCUBOOT_ENC_IMAGES
 static uint32_t
 boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
 {
-    if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
-        return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2 -
-                              ((slot + 1) * BOOT_ENC_KEY_SIZE);
-    }
-
-    return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 3 -
+    return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 4 -
                           ((slot + 1) * BOOT_ENC_KEY_SIZE);
 }
 #endif
@@ -248,18 +245,26 @@ boot_read_swap_state(const struct flash_area *fap,
         state->magic = boot_magic_decode(magic);
     }
 
-    if (fap->fa_id != FLASH_AREA_IMAGE_SCRATCH) {
-        off = boot_copy_done_off(fap);
-        rc = flash_area_read_is_empty(fap, off, &state->copy_done,
-                sizeof state->copy_done);
-        if (rc < 0) {
-            return BOOT_EFLASH;
-        }
-        if (rc == 1) {
-            state->copy_done = BOOT_FLAG_UNSET;
-        } else {
-            state->copy_done = boot_flag_decode(state->copy_done);
-        }
+    off = boot_swap_type_off(fap);
+    rc = flash_area_read_is_empty(fap, off, &state->swap_type,
+            sizeof state->swap_type);
+    if (rc < 0) {
+        return BOOT_EFLASH;
+    }
+    if (rc == 1 || state->swap_type > BOOT_SWAP_TYPE_REVERT) {
+        state->swap_type = BOOT_SWAP_TYPE_NONE;
+    }
+
+    off = boot_copy_done_off(fap);
+    rc = flash_area_read_is_empty(fap, off, &state->copy_done,
+            sizeof state->copy_done);
+    if (rc < 0) {
+        return BOOT_EFLASH;
+    }
+    if (rc == 1) {
+        state->copy_done = BOOT_FLAG_UNSET;
+    } else {
+        state->copy_done = boot_flag_decode(state->copy_done);
     }
 
     off = boot_image_ok_off(fap);
@@ -428,6 +433,8 @@ boot_write_magic(const struct flash_area *fap)
 
     off = boot_magic_off(fap);
 
+    BOOT_LOG_DBG("writing magic; fa_id=%d off=0x%x (0x%x)",
+                 fap->fa_id, off, fap->fa_off + off);
     rc = flash_area_write(fap, off, boot_img_magic, BOOT_MAGIC_SZ);
     if (rc != 0) {
         return BOOT_EFLASH;
@@ -437,30 +444,19 @@ boot_write_magic(const struct flash_area *fap)
 }
 
 static int
-boot_write_flag(int flag, const struct flash_area *fap)
+boot_write_trailer_byte(const struct flash_area *fap, uint32_t off,
+                        uint8_t val)
 {
-    uint32_t off;
-    int rc;
     uint8_t buf[BOOT_MAX_ALIGN];
     uint8_t align;
     uint8_t erased_val;
-
-    switch (flag) {
-    case BOOT_FLAG_COPY_DONE:
-        off = boot_copy_done_off(fap);
-        break;
-    case BOOT_FLAG_IMAGE_OK:
-        off = boot_image_ok_off(fap);
-        break;
-    default:
-        return BOOT_EBADARGS;
-    }
+    int rc;
 
     align = flash_area_align(fap);
     assert(align <= BOOT_MAX_ALIGN);
     erased_val = flash_area_erased_val(fap);
     memset(buf, erased_val, BOOT_MAX_ALIGN);
-    buf[0] = BOOT_FLAG_SET;
+    buf[0] = val;
 
     rc = flash_area_write(fap, off, buf, align);
     if (rc != 0) {
@@ -473,13 +469,39 @@ boot_write_flag(int flag, const struct flash_area *fap)
 int
 boot_write_copy_done(const struct flash_area *fap)
 {
-    return boot_write_flag(BOOT_FLAG_COPY_DONE, fap);
+    uint32_t off;
+
+    off = boot_copy_done_off(fap);
+    BOOT_LOG_DBG("writing copy_done; fa_id=%d off=0x%x (0x%x)",
+                 fap->fa_id, off, fap->fa_off + off);
+    return boot_write_trailer_byte(fap, off, BOOT_FLAG_SET);
 }
 
 int
 boot_write_image_ok(const struct flash_area *fap)
 {
-    return boot_write_flag(BOOT_FLAG_IMAGE_OK, fap);
+    uint32_t off;
+
+    off = boot_image_ok_off(fap);
+    BOOT_LOG_DBG("writing image_ok; fa_id=%d off=0x%x (0x%x)",
+                 fap->fa_id, off, fap->fa_off + off);
+    return boot_write_trailer_byte(fap, off, BOOT_FLAG_SET);
+}
+
+/**
+ * Writes the specified value to the `swap-type` field of an image trailer.
+ * This value is persisted so that the boot loader knows what swap operation to
+ * resume in case of an unexpected reset.
+ */
+int
+boot_write_swap_type(const struct flash_area *fap, uint8_t swap_type)
+{
+    uint32_t off;
+
+    off = boot_swap_type_off(fap);
+    BOOT_LOG_DBG("writing swap_type; fa_id=%d off=0x%x (0x%x), swap_type=0x%x",
+                 fap->fa_id, off, fap->fa_off + off, swap_type);
+    return boot_write_trailer_byte(fap, off, swap_type);
 }
 
 int
@@ -501,6 +523,9 @@ boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size)
     memset(buf, erased_val, BOOT_MAX_ALIGN);
     memcpy(buf, (uint8_t *)&swap_size, sizeof swap_size);
 
+    BOOT_LOG_DBG("writing swap_size; fa_id=%d off=0x%x (0x%x)",
+                 fap->fa_id, off, fap->fa_off + off);
+
     rc = flash_area_write(fap, off, buf, align);
     if (rc != 0) {
         return BOOT_EFLASH;
@@ -549,10 +574,10 @@ boot_swap_type(void)
     for (i = 0; i < BOOT_SWAP_TABLES_COUNT; i++) {
         table = boot_swap_tables + i;
 
-        if ((table->magic_primary_slot == BOOT_MAGIC_ANY     ||
-                table->magic_primary_slot == primary_slot.magic) &&
-            (table->magic_secondary_slot == BOOT_MAGIC_ANY   ||
-                table->magic_secondary_slot == secondary_slot.magic) &&
+        if (boot_magic_compatible_check(table->magic_primary_slot,
+                                        primary_slot.magic) &&
+            boot_magic_compatible_check(table->magic_secondary_slot,
+                                        secondary_slot.magic) &&
             (table->image_ok_primary_slot == BOOT_FLAG_ANY   ||
                 table->image_ok_primary_slot == primary_slot.image_ok) &&
             (table->image_ok_secondary_slot == BOOT_FLAG_ANY ||
@@ -591,6 +616,7 @@ boot_set_pending(int permanent)
 {
     const struct flash_area *fap;
     struct boot_swap_state state_secondary_slot;
+    uint8_t swap_type;
     int rc;
 
     rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY,
@@ -616,6 +642,15 @@ boot_set_pending(int permanent)
             rc = boot_write_image_ok(fap);
         }
 
+        if (rc == 0) {
+            if (permanent) {
+                swap_type = BOOT_SWAP_TYPE_PERM;
+            } else {
+                swap_type = BOOT_SWAP_TYPE_TEST;
+            }
+            rc = boot_write_swap_type(fap, swap_type);
+        }
+
         flash_area_close(fap);
         return rc;