Merge: Synchronized up to mcu-tools/mcuboot@e512181

merged by GitHub GUI #41

Signed-off-by: Andrzej Puzdrowski <[email protected]>

Author: nvlsianpu

.travis.yml

@@ -70,6 +70,10 @@ install:
 script:
   - ./ci/${TEST}_run.sh
 
+cache:
+  directories:
+  - docker
+
 notifications:
   slack:
     rooms:

README.md

@@ -16,7 +16,7 @@
 [travis]: https://travis-ci.org/mcu-tools/mcuboot
 [license]: https://github.com/mcu-tools/mcuboot/blob/master/LICENSE
 
-This is mcuboot version 1.7.0-rc2
+This is mcuboot version 1.8.0-dev
 
 MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to
 define a common infrastructure for the bootloader, system flash layout on

boot/bootutil/CMakeLists.txt

@@ -0,0 +1,35 @@
+#------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#------------------------------------------------------------------------------
+
+add_library(bootutil STATIC)
+
+target_include_directories(bootutil
+    PUBLIC
+        include
+    PRIVATE
+        src
+)
+
+target_sources(bootutil
+    PRIVATE
+        src/boot_record.c
+        src/bootutil_misc.c
+        src/caps.c
+        src/encrypted.c
+        src/fault_injection_hardening.c
+        src/fault_injection_hardening_delay_rng_mbedtls.c
+        src/image_ec.c
+        src/image_ec256.c
+        src/image_ed25519.c
+        src/image_rsa.c
+        src/image_validate.c
+        src/loader.c
+        src/swap_misc.c
+        src/swap_move.c
+        src/swap_scratch.c
+        src/tlv.c
+)

boot/bootutil/include/bootutil/crypto/aes_ctr.h

@@ -62,19 +62,13 @@ static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const
 static inline int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
 {
     uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
-    int rc;
-    rc = mbedtls_aes_crypt_ctr(ctx, mlen, &blk_off, counter, stream_block, m, c);
-    memset(stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
-    return rc;
+    return mbedtls_aes_crypt_ctr(ctx, mlen, &blk_off, counter, stream_block, m, c);
 }
 
 static inline int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m)
 {
     uint8_t stream_block[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
-    int rc;
-    rc = mbedtls_aes_crypt_ctr(ctx, clen, &blk_off, counter, stream_block, c, m);
-    memset(stream_block, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
-    return rc;
+    return mbedtls_aes_crypt_ctr(ctx, clen, &blk_off, counter, stream_block, c, m);
 }
 #endif /* MCUBOOT_USE_MBED_TLS */
 
@@ -102,31 +96,9 @@ static inline int bootutil_aes_ctr_set_key(bootutil_aes_ctr_context *ctx, const
 
 static int _bootutil_aes_ctr_crypt(bootutil_aes_ctr_context *ctx, uint8_t *counter, const uint8_t *in, uint32_t inlen, uint32_t blk_off, uint8_t *out)
 {
-    uint8_t buf[16];
-    uint32_t buflen;
     int rc;
-    if (blk_off == 0) {
-        rc = tc_ctr_mode(out, inlen, in, inlen, counter, ctx);
-        if (rc != TC_CRYPTO_SUCCESS) {
-            return -1;
-        }
-    } else if (blk_off < 16) {
-        buflen = ((inlen + blk_off <= 16) ? inlen : (16 - blk_off));
-        inlen -= buflen;
-        memcpy(&buf[blk_off], &in[0], buflen);
-        rc = tc_ctr_mode(buf, 16, buf, 16, counter, ctx);
-        if (rc != TC_CRYPTO_SUCCESS) {
-            return -1;
-        }
-        memcpy(&out[0], &buf[blk_off], buflen);
-        memset(&buf[0], 0, 16);
-        if (inlen > 0) {
-            rc = tc_ctr_mode(&out[buflen], inlen, &in[buflen], inlen, counter, ctx);
-        }
-        if (rc != TC_CRYPTO_SUCCESS) {
-            return -1;
-        }
-    } else {
+    rc = tc_ctr_mode(out, inlen, in, inlen, counter, &blk_off, ctx);
+    if (rc != TC_CRYPTO_SUCCESS) {
         return -1;
     }
     return 0;

boot/bootutil/src/bootutil_priv.h

@@ -460,7 +460,7 @@ boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
 #ifdef MCUBOOT_RAM_LOAD
 #define LOAD_IMAGE_DATA(hdr, fap, start, output, size)       \
     (memcpy((output),(void*)((hdr)->ih_load_addr + (start)), \
-    (size)) != (output))
+    (size)), 0)
 #else
 #define LOAD_IMAGE_DATA(hdr, fap, start, output, size)       \
     (flash_area_read((fap), (start), (output), (size)))

boot/mbed/include/mcuboot_config/mcuboot_logging.h

@@ -55,6 +55,7 @@
 
 #define TRACE_GROUP "MCUb"
 #include "mbed_trace.h"
+#include "bootutil/ignore.h"
 
 #define MCUBOOT_LOG_MODULE_DECLARE(domain)  /* ignore */
 #define MCUBOOT_LOG_MODULE_REGISTER(domain) /* ignore */

boot/mbed/mbed_lib.json

@@ -160,6 +160,20 @@
             "help": "Share data (NOT TESTED)",
             "macro_name": "MCUBOOT_DATA_SHARING",
             "value": null
+        },
+        "direct-xip": {
+            "help": "Enable ability to boot update candidates in-place.",
+            "macro_name": "MCUBOOT_DIRECT_XIP",
+            "value": null
+        },
+        "direct-xip-revert": {
+            "help": "Enable XIP revert mechanism. Only valid if direct-xip is also enabled.",
+            "macro_name": "MCUBOOT_DIRECT_XIP_REVERT",
+            "value": null
+        },
+        "xip-secondary-slot-address": {
+            "help": "Specify start address for secondary slot address in XIP-accessible memory. This is required if direct-xip is enabled.",
+            "value": null
         }
     }
 }

boot/mbed/src/flash_map_backend.cpp

@@ -27,6 +27,8 @@
 
 #include "mcuboot_config/mcuboot_logging.h"
 
+#include "bootutil_priv.h"
+
 #define FLASH_DEVICE_INTERNAL_FLASH 0
 #define FLASH_AREAS 3
 
@@ -36,15 +38,15 @@ mbed::BlockDevice* mcuboot_secondary_bd = get_secondary_bd();
 /** Internal application block device */
 static FlashIAPBlockDevice mcuboot_primary_bd(MCUBOOT_PRIMARY_SLOT_START_ADDR, MCUBOOT_SLOT_SIZE);
 
-#ifndef MCUBOOT_OVERWRITE_ONLY
+#if MCUBOOT_SWAP_USING_SCRATCH
 /** Scratch space is at the end of internal flash, after the main application */
 static FlashIAPBlockDevice mcuboot_scratch_bd(MCUBOOT_SCRATCH_START_ADDR, MCUBOOT_SCRATCH_SIZE);
 #endif
 
 static mbed::BlockDevice* flash_map_bd[FLASH_AREAS] = {
         (mbed::BlockDevice*) &mcuboot_primary_bd,       /** Primary (loadable) image area */
         mcuboot_secondary_bd,                           /** Secondary (update candidate) image area */
-#ifndef MCUBOOT_OVERWRITE_ONLY
+#if MCUBOOT_SWAP_USING_SCRATCH
         (mbed::BlockDevice*) &mcuboot_scratch_bd        /** Scratch space for swapping images */
 #else
         nullptr
@@ -53,6 +55,8 @@ static mbed::BlockDevice* flash_map_bd[FLASH_AREAS] = {
 
 static struct flash_area flash_areas[FLASH_AREAS];
 
+static unsigned int open_count[FLASH_AREAS] = {0};
+
 int flash_area_open(uint8_t id, const struct flash_area** fapp) {
 
     *fapp = &flash_areas[id];
@@ -64,10 +68,13 @@ int flash_area_open(uint8_t id, const struct flash_area** fapp) {
             fap->fa_off = MCUBOOT_PRIMARY_SLOT_START_ADDR;
             break;
         case SECONDARY_ID:
-            // The offset of the secondary slot is not currently used.
+#if MCUBOOT_DIRECT_XIP
+            fap->fa_off = MBED_CONF_MCUBOOT_XIP_SECONDARY_SLOT_ADDRESS;
+#else
             fap->fa_off = 0;
+#endif
             break;
-#ifndef MCUBOOT_OVERWRITE_ONLY
+#if MCUBOOT_SWAP_USING_SCRATCH
         case SCRATCH_ID:
             fap->fa_off = MCUBOOT_SCRATCH_START_ADDR;
             break;
@@ -77,17 +84,40 @@ int flash_area_open(uint8_t id, const struct flash_area** fapp) {
             return -1;
     }
 
+    open_count[id]++;
+    MCUBOOT_LOG_DBG("flash area %d open count: %d (+)", id, open_count[id]);
+
     fap->fa_id = id;
     fap->fa_device_id = 0; // not relevant
 
     mbed::BlockDevice* bd = flash_map_bd[id];
     fap->fa_size = (uint32_t) bd->size();
-    return bd->init();
+
+    /* Only initialize if this isn't a nested call to open the flash area */
+    if (open_count[id] == 1) {
+        MCUBOOT_LOG_DBG("initializing flash area %d...", id);
+        return bd->init();
+    } else {
+        return 0;
+    }
 }
 
 void flash_area_close(const struct flash_area* fap) {
-    mbed::BlockDevice* bd = flash_map_bd[fap->fa_id];
-    bd->deinit();
+    uint8_t id = fap->fa_id;
+    /* No need to close an unopened flash area, avoid an overflow of the counter */
+    if (!open_count[id]) {
+        return;
+    }
+
+    open_count[id]--;
+    MCUBOOT_LOG_DBG("flash area %d open count: %d (-)", id, open_count[id]);
+    if (!open_count[id]) {
+        /* mcuboot is not currently consistent in opening/closing flash areas only once at a time
+         * so only deinitialize the BlockDevice if all callers have closed the flash area. */
+        MCUBOOT_LOG_DBG("deinitializing flash area block device %d...", id);
+        mbed::BlockDevice* bd = flash_map_bd[id];
+        bd->deinit();
+    }
 }
 
 /*
@@ -96,8 +126,8 @@ void flash_area_close(const struct flash_area* fap) {
 int flash_area_read(const struct flash_area* fap, uint32_t off, void* dst, uint32_t len) {
     mbed::BlockDevice* bd = flash_map_bd[fap->fa_id];
 
-    // Note: The address must be aligned to bd->get_read_size(). If MCUBOOT_READ_GRANULARITY
-    // is defined, the length does not need to be aligned.
+    /* Note: The address must be aligned to bd->get_read_size(). If MCUBOOT_READ_GRANULARITY
+       is defined, the length does not need to be aligned. */
 #ifdef MCUBOOT_READ_GRANULARITY
     uint32_t read_size = bd->get_read_size();
     if (read_size == 0) {
@@ -115,13 +145,15 @@ int flash_area_read(const struct flash_area* fap, uint32_t off, void* dst, uint3
     if (len != 0) {
 #endif
         if (!bd->is_valid_read(off, len)) {
-            MCUBOOT_LOG_ERR("Invalid read: fa_id %d offset 0x%x len 0x%x", fap->fa_id, off, len);
+            MCUBOOT_LOG_ERR("Invalid read: fa_id %d offset 0x%x len 0x%x", fap->fa_id,
+                    (unsigned int) off, (unsigned int) len);
             return -1;
         }
         else {
             int ret = bd->read(dst, off, len);
             if (ret != 0) {
-                MCUBOOT_LOG_ERR("Read failed: fa_id %d offset 0x%x len 0x%x", fap->fa_id, off, len);
+                MCUBOOT_LOG_ERR("Read failed: fa_id %d offset 0x%x len 0x%x", fap->fa_id,
+                        (unsigned int) off, (unsigned int) len);
                 return ret;
             }
         }
@@ -130,7 +162,8 @@ int flash_area_read(const struct flash_area* fap, uint32_t off, void* dst, uint3
 
     if (remainder) {
         if (!bd->is_valid_read(off + len, read_size)) {
-            MCUBOOT_LOG_ERR("Invalid read: fa_id %d offset 0x%x len 0x%x", fap->fa_id, off + len, read_size);
+            MCUBOOT_LOG_ERR("Invalid read: fa_id %d offset 0x%x len 0x%x", fap->fa_id,
+                    (unsigned int) (off + len), (unsigned int) read_size);
             return -1;
         }
         else {
@@ -171,7 +204,7 @@ uint8_t flash_area_erased_val(const struct flash_area* fap) {
 int flash_area_get_sectors(int fa_id, uint32_t* count, struct flash_sector* sectors) {
     mbed::BlockDevice* bd = flash_map_bd[fa_id];
 
-    // Loop through sectors and collect information on them
+    /* Loop through sectors and collect information on them */
     bd_addr_t offset = 0;
     *count = 0;
     while (*count < MCUBOOT_MAX_IMG_SECTORS && bd->is_valid_read(offset, bd->get_read_size())) {

boot/mbed/src/secondary_bd.cpp

@@ -0,0 +1,40 @@
+/*
+ * Mbed-OS Microcontroller Library
+ * Copyright (c) 2020 Embedded Planet
+ * Copyright (c) 2020 ARM Limited
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+#if MCUBOOT_DIRECT_XIP
+
+#include "flash_map_backend/secondary_bd.h"
+#include "platform/mbed_toolchain.h"
+#include "FlashIAPBlockDevice.h"
+
+/**
+ * For an XIP build, the secondary BD is provided by mcuboot by default.
+ *
+ * This is a weak symbol so the user can override it.
+ */
+MBED_WEAK mbed::BlockDevice* get_secondary_bd(void) {
+    static FlashIAPBlockDevice secondary_bd(MBED_CONF_MCUBOOT_XIP_SECONDARY_SLOT_ADDRESS,
+            MCUBOOT_SLOT_SIZE);
+
+    return &secondary_bd;
+}
+
+#endif
+
+

boot/mynewt/src/main.c

@@ -251,6 +251,7 @@ main(void)
 #if MYNEWT_VAL(BOOT_CUSTOM_START)
     boot_custom_start(flash_base, &rsp);
 #else
+    hal_bsp_deinit();
     hal_system_start((void *)(flash_base + rsp.br_image_off +
                               rsp.br_hdr->ih_hdr_size));
 #endif