Merge: Synchronized up to JuulLabs-OSS@c74c551

merged by GitHub GUI #38

Signed-off-by: Andrzej Puzdrowski <[email protected]>

Author: nvlsianpu

boot/boot_serial/src/boot_serial.c

@@ -51,6 +51,7 @@
 #include <os/os_malloc.h>
 
 #include <bootutil/image.h>
+#include <bootutil/bootutil.h>
 
 #include "boot_serial/boot_serial.h"
 #include "boot_serial_priv.h"
@@ -312,11 +313,17 @@ bs_upload(char *buf, int len)
         rc = 0;
         goto out;
     }
-    if (curr_off + img_blen < img_size) {
-        rem_bytes = img_blen % flash_area_align(fap);
-        if (rem_bytes) {
-            img_blen -= rem_bytes;
-        }
+
+    if (curr_off + img_blen > img_size) {
+        rc = MGMT_ERR_EINVAL;
+        goto out;
+    }
+
+    rem_bytes = img_blen % flash_area_align(fap);
+
+    if ((curr_off + img_blen < img_size) && rem_bytes) {
+        img_blen -= rem_bytes;
+        rem_bytes = 0;
     }
 
 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY
@@ -337,7 +344,32 @@ bs_upload(char *buf, int len)
 #endif
 
     BOOT_LOG_INF("Writing at 0x%x until 0x%x", curr_off, curr_off + img_blen);
-    rc = flash_area_write(fap, curr_off, img_data, img_blen);
+    if (rem_bytes) {
+        /* the last chunk of the image might be unaligned */
+        uint8_t wbs_aligned[BOOT_MAX_ALIGN];
+        size_t w_size = img_blen - rem_bytes;
+
+        if (w_size) {
+            rc = flash_area_write(fap, curr_off, img_data, w_size);
+            if (rc) {
+                goto out_invalid_data;
+            }
+            curr_off += w_size;
+            img_blen -= w_size;
+            img_data += w_size;
+        }
+
+        if (img_blen) {
+            memcpy(wbs_aligned, img_data, rem_bytes);
+            memset(wbs_aligned + rem_bytes, flash_area_erased_val(fap),
+                   sizeof(wbs_aligned) - rem_bytes);
+            rc = flash_area_write(fap, curr_off, wbs_aligned, flash_area_align(fap));
+        }
+
+    } else {
+        rc = flash_area_write(fap, curr_off, img_data, img_blen);
+    }
+
     if (rc == 0) {
         curr_off += img_blen;
 #ifdef CONFIG_BOOT_ERASE_PROGRESSIVELY

boot/bootutil/include/bootutil/crypto/ecdsa_p256.h

@@ -69,7 +69,7 @@ static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
     (void)ctx;
 }
 
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, const uint8_t *pk, const uint8_t *hash, const uint8_t *sig)
+static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, uint8_t *pk, uint8_t *hash, uint8_t *sig)
 {
     (void)ctx;
     return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);

boot/bootutil/include/bootutil/fault_injection_hardening.h

@@ -284,7 +284,11 @@ void fih_cfi_decrement(void);
 /* Label for interacting with FIH testing tool. Can be parsed from the elf file
  * after compilation. Does not require debug symbols.
  */
+#if defined(__ICCARM__)
+#define FIH_LABEL(str, lin, cnt) __asm volatile ("FIH_LABEL_" str "_" #lin "_" #cnt "::" ::);
+#else
 #define FIH_LABEL(str) __asm volatile ("FIH_LABEL_" str "_%=:" ::);
+#endif
 
 /* Main FIH calling macro. return variable is second argument. Does some setup
  * before and validation afterwards. Inserts labels for use with testing script.
@@ -301,6 +305,23 @@ void fih_cfi_decrement(void);
  * previously saved value. If this is equal then the function call and all child
  * function calls were performed.
  */
+#if defined(__ICCARM__)
+#define FIH_CALL(f, ret, ...) FIH_CALL2(f, ret, __LINE__, __COUNTER__, __VA_ARGS__)
+
+#define FIH_CALL2(f, ret, l, c, ...) \
+    do { \
+        FIH_LABEL("FIH_CALL_START", l, c);        \
+        FIH_CFI_PRECALL_BLOCK; \
+        ret = FIH_FAILURE; \
+        if (fih_delay()) { \
+            ret = f(__VA_ARGS__); \
+        } \
+        FIH_CFI_POSTCALL_BLOCK; \
+        FIH_LABEL("FIH_CALL_END", l, c);          \
+    } while (0)
+
+#else
+
 #define FIH_CALL(f, ret, ...) \
     do { \
         FIH_LABEL("FIH_CALL_START"); \
@@ -312,6 +333,7 @@ void fih_cfi_decrement(void);
         FIH_CFI_POSTCALL_BLOCK; \
         FIH_LABEL("FIH_CALL_END"); \
     } while (0)
+#endif
 
 /* FIH return changes the state of the internal state machine. If you do a
  * FIH_CALL then you need to do a FIH_RET else the state machine will detect

boot/bootutil/src/image_ec256.c

@@ -30,6 +30,9 @@
 
 #ifdef MCUBOOT_SIGN_EC256
 /*TODO: remove this after cypress port mbedtls to abstract crypto api */
+#ifdef MCUBOOT_USE_CC310
+#define NUM_ECC_BYTES (256 / 8)
+#endif
 #if defined (MCUBOOT_USE_TINYCRYPT) || defined (MCUBOOT_USE_CC310)
 #include "bootutil/sign_key.h"
 

boot/bootutil/src/loader.c

@@ -2207,7 +2207,7 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
     uint32_t img_sz;
     uint32_t img_loaded = 0;
 #endif /* MCUBOOT_RAM_LOAD */
-    fih_int fih_rc;
+    fih_int fih_rc = FIH_FAILURE;
 
     memset(state, 0, sizeof(struct boot_loader_state));
 

boot/bootutil/src/swap_move.c

@@ -264,6 +264,7 @@ int
 swap_status_source(struct boot_loader_state *state)
 {
     struct boot_swap_state state_primary_slot;
+    struct boot_swap_state state_secondary_slot;
     int rc;
     uint8_t source;
     uint8_t image_index;
@@ -280,8 +281,15 @@ swap_status_source(struct boot_loader_state *state)
 
     BOOT_LOG_SWAP_STATE("Primary image", &state_primary_slot);
 
+    rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY(image_index),
+            &state_secondary_slot);
+    assert(rc == 0);
+
+    BOOT_LOG_SWAP_STATE("Secondary image", &state_secondary_slot);
+
     if (state_primary_slot.magic == BOOT_MAGIC_GOOD &&
-            state_primary_slot.copy_done == BOOT_FLAG_UNSET) {
+            state_primary_slot.copy_done == BOOT_FLAG_UNSET &&
+            state_secondary_slot.magic != BOOT_MAGIC_GOOD) {
 
         source = BOOT_STATUS_SOURCE_PRIMARY_SLOT;
 
@@ -315,11 +323,13 @@ boot_move_sector_up(int idx, uint32_t sz, struct boot_loader_state *state,
     old_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx - 1);
 
     if (bs->idx == BOOT_STATUS_IDX_0) {
-        rc = swap_erase_trailer_sectors(state, fap_pri);
-        assert(rc == 0);
+        if (bs->source != BOOT_STATUS_SOURCE_PRIMARY_SLOT) {
+            rc = swap_erase_trailer_sectors(state, fap_pri);
+            assert(rc == 0);
 
-        rc = swap_status_init(state, fap_pri, bs);
-        assert(rc == 0);
+            rc = swap_status_init(state, fap_pri, bs);
+            assert(rc == 0);
+        }
 
         rc = swap_erase_trailer_sectors(state, fap_sec);
         assert(rc == 0);

boot/zephyr/Kconfig

@@ -147,7 +147,20 @@ config BOOT_SIGNATURE_KEY_FILE
 config MCUBOOT_CLEANUP_ARM_CORE
 	bool "Perform core cleanup before chain-load the application"
 	depends on CPU_CORTEX_M
-	default y
+	default y if !ARCH_SUPPORTS_ARCH_HW_INIT
+	help
+	  This option instructs MCUboot to perform a clean-up of a set of
+	  architecture core HW registers before junping to the application
+	  firmware. The clean-up sets these registers to their warm-reset
+	  values as specified by the architecture.
+
+	  By default, this option is enabled only if the architecture does
+	  not have the functionality to perform such a register clean-up
+	  during application firmware boot.
+
+	  Zephyr applications on Cortex-M will perform this register clean-up
+	  by default, if they are chain-loadable by MCUboot, so MCUboot does
+	  not need to perform such a cleanup itself.
 
 config MBEDTLS_CFG_FILE
 	default "mcuboot-mbedtls-cfg.h"
@@ -276,7 +289,7 @@ config BOOT_MAX_IMG_SECTORS
 
 config BOOT_ERASE_PROGRESSIVELY
 	bool "Erase flash progressively when receiving new firmware"
-	default y if SOC_NRF52840
+	default y if SOC_FAMILY_NRF
 	help
 	 If enabled, flash is erased as necessary when receiving new firmware,
 	 instead of erasing the whole image slot at once. This is necessary
@@ -429,7 +442,7 @@ config BOOT_SERIAL_DETECT_PIN
 	default 6 if BOARD_NRF9160DK_NRF9160
 	default 11 if BOARD_NRF52840DK_NRF52840
 	default 13 if BOARD_NRF52DK_NRF52832
-	default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS
+	default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS
 	help
 	  Pin on the serial detect port which triggers serial recovery mode.
 

boot/zephyr/arm_cleanup.c

@@ -20,3 +20,17 @@ void cleanup_arm_nvic(void) {
 		NVIC->ICPR[i] = 0xFFFFFFFF;
 	}
 }
+
+#if CONFIG_CPU_HAS_ARM_MPU
+__weak void z_arm_clear_arm_mpu_config(void)
+{
+	int i;
+
+	int num_regions =
+		((MPU->TYPE & MPU_TYPE_DREGION_Msk) >> MPU_TYPE_DREGION_Pos);
+
+	for (i = 0; i < num_regions; i++) {
+		ARM_MPU_ClrRegion(i);
+	}
+}
+#endif

boot/zephyr/flash_map_extended.c

@@ -110,7 +110,7 @@ int flash_area_sector_from_off(off_t off, struct flash_sector *sector)
 }
 
 #define ERASED_VAL 0xff
-uint8_t flash_area_erased_val(const struct flash_area *fap)
+__weak uint8_t flash_area_erased_val(const struct flash_area *fap)
 {
     (void)fap;
     return ERASED_VAL;

boot/zephyr/include/arm_cleanup.h

@@ -12,4 +12,12 @@
  * Cleanup interrupt priority and interupt enable registers.
  */
 void cleanup_arm_nvic(void);
+
+#if defined(CONFIG_CPU_HAS_ARM_MPU)
+/**
+ * Cleanup all ARM MPU region configuration
+ */
+void z_arm_clear_arm_mpu_config(void);
+#endif
+
 #endif