From 014f42df092f9e026a32db86d49fbd1cb75f94aa Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 8 Apr 2020 12:02:03 -0500 Subject: [PATCH 001/112] zephyr: Replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL As upstream zephyr is phasing out DT_FLASH defines for non-partition usage replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL. Signed-off-by: Kumar Gala --- boot/zephyr/flash_map_extended.c | 2 +- boot/zephyr/include/target.h | 2 +- boot/zephyr/main.c | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/boot/zephyr/flash_map_extended.c b/boot/zephyr/flash_map_extended.c index b2de88494..4723af187 100644 --- a/boot/zephyr/flash_map_extended.c +++ b/boot/zephyr/flash_map_extended.c @@ -17,7 +17,7 @@ MCUBOOT_LOG_MODULE_DECLARE(mcuboot); -#if (!defined(CONFIG_XTENSA) && defined(DT_FLASH_DEV_NAME)) +#if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) #define FLASH_DEVICE_ID SOC_FLASH_0_ID #define FLASH_DEVICE_BASE CONFIG_FLASH_BASE_ADDRESS #elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 57a412b66..794f40f2d 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -28,7 +28,7 @@ /* * Sanity check the target support. */ -#if (!defined(CONFIG_XTENSA) && !defined(DT_FLASH_DEV_NAME)) || \ +#if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 978d517e4..ce628519a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -277,9 +277,10 @@ void main(void) ZEPHYR_BOOT_LOG_START(); -#if (!defined(CONFIG_XTENSA) && defined(DT_FLASH_DEV_NAME)) - if (!flash_device_get_binding(DT_FLASH_DEV_NAME)) { - BOOT_LOG_ERR("Flash device %s not found", DT_FLASH_DEV_NAME); +#if (!defined(CONFIG_XTENSA) && defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) + if (!flash_device_get_binding(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", + DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL); while (1) ; } From 8cd5dc5f9fc9582e9e4e52996e23ed5078dabf82 Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 8 Apr 2020 12:06:21 -0500 Subject: [PATCH 002/112] zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL Signed-off-by: Kumar Gala --- boot/zephyr/include/target.h | 6 +++++- boot/zephyr/main.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 794f40f2d..d6f5b74fc 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,11 +25,15 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ +#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) +#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) +#endif + /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ce628519a..c3e4cfef2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); while (1) ; } From 39d1aef28cacde4de2ca3f65fa31ba18925e46ea Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 7 May 2020 12:38:39 +0200 Subject: [PATCH 003/112] Revert "zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros" This reverts commit 8cd5dc5f9fc9582e9e4e52996e23ed5078dabf82. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 +----- boot/zephyr/main.c | 6 +++--- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d6f5b74fc..794f40f2d 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,15 +25,11 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ -#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) -#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) -#endif - /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c3e4cfef2..ce628519a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); while (1) ; } From 48b8ef0a9231cd2d16ed4dcb479472c4d33ac708 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 7 May 2020 12:38:48 +0200 Subject: [PATCH 004/112] Revert "Revert "zephyr: convert DT_JEDEC_SPI_NOR_0_LABEL to new dt macros"" This reverts commit 39d1aef28cacde4de2ca3f65fa31ba18925e46ea. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 +++++- boot/zephyr/main.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 794f40f2d..d6f5b74fc 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -25,11 +25,15 @@ #endif /* !defined(MCUBOOT_TARGET_CONFIG) */ +#if DT_NODE_HAS_PROP(DT_INST(0, jedec_spi_nor), label) +#define JEDEC_SPI_NOR_0_LABEL DT_LABEL(DT_INST(0, jedec_spi_nor)) +#endif + /* * Sanity check the target support. */ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ - (defined(CONFIG_XTENSA) && !defined(DT_JEDEC_SPI_NOR_0_LABEL)) || \ + (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ce628519a..c3e4cfef2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -284,9 +284,9 @@ void main(void) while (1) ; } -#elif (defined(CONFIG_XTENSA) && defined(DT_JEDEC_SPI_NOR_0_LABEL)) - if (!flash_device_get_binding(DT_JEDEC_SPI_NOR_0_LABEL)) { - BOOT_LOG_ERR("Flash device %s not found", DT_JEDEC_SPI_NOR_0_LABEL); +#elif (defined(CONFIG_XTENSA) && defined(JEDEC_SPI_NOR_0_LABEL)) + if (!flash_device_get_binding(JEDEC_SPI_NOR_0_LABEL)) { + BOOT_LOG_ERR("Flash device %s not found", JEDEC_SPI_NOR_0_LABEL); while (1) ; } From b7254d11cd305e321e48368a09795dd01c3856af Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Thu, 7 May 2020 19:31:57 -0500 Subject: [PATCH 005/112] zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA_ As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_ macros. Signed-off-by: Kumar Gala --- boot/zephyr/include/sysflash/sysflash.h | 18 +++++++++--------- boot/zephyr/include/target.h | 10 ++++------ 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index e745ffa19..66dce1d24 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -13,32 +13,32 @@ * running in single image mode. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_0_ID : \ - DT_FLASH_AREA_IMAGE_0_ID) + FLASH_AREA_ID(image_0) : \ + FLASH_AREA_ID(image_0)) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_1_ID : \ - DT_FLASH_AREA_IMAGE_1_ID) + FLASH_AREA_ID(image_1) : \ + FLASH_AREA_ID(image_1)) #elif (MCUBOOT_IMAGE_NUMBER == 2) /* MCUBoot currently supports only up to 2 updateable firmware images. * If the number of the current image is greater than MCUBOOT_IMAGE_NUMBER - 1 * then a dummy value will be assigned to the flash area macros. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_0_ID : \ + FLASH_AREA_ID(image_0) : \ ((x) == 1) ? \ - DT_FLASH_AREA_IMAGE_2_ID : \ + FLASH_AREA_ID(image_2) : \ 255) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - DT_FLASH_AREA_IMAGE_1_ID : \ + FLASH_AREA_ID(image_1) : \ ((x) == 1) ? \ - DT_FLASH_AREA_IMAGE_3_ID : \ + FLASH_AREA_ID(image_3) : \ 255) #else #error "Image slot and flash area mapping is not defined" #endif #if !defined(CONFIG_BOOT_SWAP_USING_MOVE) -#define FLASH_AREA_IMAGE_SCRATCH DT_FLASH_AREA_IMAGE_SCRATCH_ID +#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_ID(image_scratch) #endif #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d6f5b74fc..3cff9f36c 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -20,6 +20,7 @@ * everything we need. */ #include +#include #define FLASH_ALIGN FLASH_WRITE_BLOCK_SIZE @@ -35,12 +36,9 @@ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ - !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ - !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ - !defined(DT_FLASH_AREA_IMAGE_1_OFFSET) || \ - !defined(DT_FLASH_AREA_IMAGE_1_SIZE) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_OFFSET)) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_SIZE)) + !(FLASH_AREA_LABEL_EXISTS(image_0)) || \ + !(FLASH_AREA_LABEL_EXISTS(image_1)) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !(FLASH_AREA_LABEL_EXISTS(image_scratch))) #error "Target support is incomplete; cannot build mcuboot." #endif From 322b11ae3489e04b86ec2188a7de29ca6593178d Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 11 May 2020 14:20:29 +0200 Subject: [PATCH 006/112] zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA for multimage Use the new FLASH_AREA_ macros. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/target.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 3cff9f36c..2e0f5fdaf 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -42,10 +42,8 @@ #error "Target support is incomplete; cannot build mcuboot." #endif -#if ((MCUBOOT_IMAGE_NUMBER == 2) && (!defined(FLASH_AREA_IMAGE_2_OFFSET) || \ - !defined(FLASH_AREA_IMAGE_2_SIZE) || \ - !defined(FLASH_AREA_IMAGE_3_OFFSET) || \ - !defined(FLASH_AREA_IMAGE_3_SIZE))) +#if (MCUBOOT_IMAGE_NUMBER == 2) && (!(FLASH_AREA_LABEL_EXISTS(image_2)) || \ + !(FLASH_AREA_LABEL_EXISTS(image_3))) #error "Target support is incomplete; cannot build mcuboot." #endif From 1f181dda41e618e6269024ea6f097c52a68b9d3f Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Mon, 11 May 2020 15:08:19 -0500 Subject: [PATCH 007/112] sim: Fixup devicetree.h for changes to mcuboot Fixup how we fake out devicetree.h, which is now really the flash map API for what mcuboot is using. Signed-off-by: Kumar Gala --- sim/mcuboot-sys/csupport/devicetree.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/sim/mcuboot-sys/csupport/devicetree.h b/sim/mcuboot-sys/csupport/devicetree.h index f268640ae..434e4eebf 100644 --- a/sim/mcuboot-sys/csupport/devicetree.h +++ b/sim/mcuboot-sys/csupport/devicetree.h @@ -4,15 +4,17 @@ * SPDX-License-Identifier: Apache-2.0 */ -/* This file mocks zephyr's autogenerated DT output header file */ +/* This file mocks zephyr's flash map / DT macro */ #ifndef __DEVICETREE_H__ #define __DEVICETREE_H__ -#define DT_FLASH_AREA_IMAGE_0_ID 1 -#define DT_FLASH_AREA_IMAGE_1_ID 2 -#define DT_FLASH_AREA_IMAGE_SCRATCH_ID 3 -#define DT_FLASH_AREA_IMAGE_2_ID 4 -#define DT_FLASH_AREA_IMAGE_3_ID 5 +#define FLASH_AREA_ID(x) FLASH_AREA_ID_##x + +#define FLASH_AREA_ID_image_0 1 +#define FLASH_AREA_ID_image_1 2 +#define FLASH_AREA_ID_image_scratch 3 +#define FLASH_AREA_ID_image_2 4 +#define FLASH_AREA_ID_image_3 5 #endif /*__DEVICETREE_H__*/ From e88113bbebe34ff2ccc6627ffae885cfeed6fdfd Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Mon, 11 May 2020 15:33:03 -0500 Subject: [PATCH 008/112] scripts/assemble: Rework to use EDT library to get devicetree data Signed-off-by: Kumar Gala --- scripts/assemble.py | 55 +++++++++++++++++++++++++++++---------------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/scripts/assemble.py b/scripts/assemble.py index d8c824b00..e895ee773 100755 --- a/scripts/assemble.py +++ b/scripts/assemble.py @@ -23,6 +23,14 @@ import io import re import os.path +import sys + +ZEPHYR_BASE = os.getenv("ZEPHYR_BASE") +if not ZEPHYR_BASE: + sys.exit("$ZEPHYR_BASE environment variable undefined") + +sys.path.insert(0, os.path.join(ZEPHYR_BASE, "scripts", "dts")) +import edtlib def same_keys(a, b): """Determine if the dicts a and b have the same keys in them""" @@ -38,8 +46,8 @@ def same_keys(a, b): size_re = re.compile(r"^#define DT_FLASH_AREA_([0-9A-Z_]+)_SIZE(_0)?\s+(0x[0-9a-fA-F]+|[0-9]+)$") class Assembly(): - def __init__(self, output, bootdir): - self.find_slots(bootdir) + def __init__(self, output, bootdir, edt): + self.find_slots(edt) try: os.unlink(output) except OSError as e: @@ -47,29 +55,29 @@ def __init__(self, output, bootdir): raise self.output = output - def find_slots(self, bootdir): + def find_slots(self, edt): offsets = {} sizes = {} - with open(os.path.join(bootdir, 'zephyr', 'include', 'generated', 'devicetree_legacy_unfixed.h'), 'r') as fd: - for line in fd: - m = offset_re.match(line) - if m is not None: - offsets[m.group(1)] = int(m.group(3), 0) - m = size_re.match(line) - if m is not None: - sizes[m.group(1)] = int(m.group(3), 0) + + part_nodes = edt.compat2nodes["fixed-partitions"] + for node in part_nodes: + for child in node.children.values(): + if "label" in child.props: + label = child.props["label"].val + offsets[label] = child.regs[0].addr + sizes[label] = child.regs[0].size if not same_keys(offsets, sizes): raise Exception("Inconsistent data in devicetree.h") - # We care about the MCUBOOT, IMAGE_0, and IMAGE_1 partitions. - if 'MCUBOOT' not in offsets: + # We care about the mcuboot, image-0, and image-1 partitions. + if 'mcuboot' not in offsets: raise Exception("Board partition table does not have mcuboot partition") - if 'IMAGE_0' not in offsets: + if 'image-0' not in offsets: raise Exception("Board partition table does not have image-0 partition") - if 'IMAGE_1' not in offsets: + if 'image-1' not in offsets: raise Exception("Board partition table does not have image-1 partition") self.offsets = offsets @@ -103,12 +111,21 @@ def main(): help='Filename to write full image to') args = parser.parse_args() - output = Assembly(args.output, args.bootdir) - output.add_image(os.path.join(args.bootdir, 'zephyr', 'zephyr.bin'), 'MCUBOOT') - output.add_image(args.primary, "IMAGE_0") + # Extract board name from path + board = os.path.split(os.path.split(args.bootdir)[0])[1] + + dts_path = os.path.join(args.bootdir, "zephyr", board + ".dts.pre.tmp") + + edt = edtlib.EDT(dts_path, [os.path.join(ZEPHYR_BASE, "dts", "bindings")], + warn_reg_unit_address_mismatch=False) + + output = Assembly(args.output, args.bootdir, edt) + + output.add_image(os.path.join(args.bootdir, 'zephyr', 'zephyr.bin'), 'mcuboot') + output.add_image(args.primary, "image-0") if args.secondary is not None: - output.add_image(args.secondary, "IMAGE_1") + output.add_image(args.secondary, "image-1") if __name__ == '__main__': main() From f6252674aaef5988222925f1dfc05e68df2da2c6 Mon Sep 17 00:00:00 2001 From: Joakim Andersson Date: Tue, 19 May 2020 17:12:52 +0200 Subject: [PATCH 009/112] kconfig: Update to CONFIG_FLOAT to CONFIG_FPU rename in zephyr Update CONFIG_FLOAT to CONFIG_FPU which has been renamed in zephyr. Signed-off-by: Joakim Andersson --- boot/zephyr/boards/nrf52_minimal_footprint.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/boards/nrf52_minimal_footprint.conf b/boot/zephyr/boards/nrf52_minimal_footprint.conf index 8c24f54cc..afe8c9baf 100644 --- a/boot/zephyr/boards/nrf52_minimal_footprint.conf +++ b/boot/zephyr/boards/nrf52_minimal_footprint.conf @@ -53,7 +53,7 @@ CONFIG_IRQ_OFFLOAD=n # Memory protection CONFIG_MEMORY_PROTECTION=n CONFIG_THREAD_CUSTOM_DATA=n -CONFIG_FLOAT=n +CONFIG_FPU=n # Boot CONFIG_BOOT_BANNER=n From 4bb0f9547f80e1d14cb6591db12030e2dbf891f4 Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Thu, 28 May 2020 12:34:15 +0200 Subject: [PATCH 010/112] cmake: use find_package to locate Zephyr Using find_package to locate Zephyr. Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate code. Whenever an automatic run of CMake happend by the build system / IDE then it was required that ZEPHYR_BASE was defined. Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to cache the base variable and thus allowing subsequent invocation even if ZEPHYR_BASE is not set in the environment. It also removes the risk of strange build results if a user switchs between different Zephyr based project folders and forgetting to reset ZEPHYR_BASE before running ninja / make. Signed-off-by: Torsten Rasmussen --- boot/zephyr/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index c382c528b..b860e97b7 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -39,9 +39,9 @@ macro(app_set_runner_args) endif() endmacro() -# Standard Zephyr application boilerplate: +# find_package(Zephyr) in order to load application boilerplate: # http://docs.zephyrproject.org/application/application.html -include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE) +find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(NONE) # Path to "boot" subdirectory of repository root. From ba7748d0923077488fd8d7864db8d0af0a4b4657 Mon Sep 17 00:00:00 2001 From: Kumar Gala Date: Wed, 27 May 2020 12:25:41 -0500 Subject: [PATCH 011/112] Convert from Zephyr to C99 types Convert to use C99 types as we intend to deprecate the zephyr specific integer types. Signed-off-by: Kumar Gala --- boot/boot_serial/src/boot_serial.c | 2 +- boot/zephyr/arm_cleanup.c | 4 ++-- boot/zephyr/main.c | 4 ++-- boot/zephyr/serial_adapter.c | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 44a28fcba..f00c8e885 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -485,7 +485,7 @@ boot_serial_output(void) bs_hdr->nh_group = htons(bs_hdr->nh_group); #ifdef __ZEPHYR__ - crc = crc16((u8_t *)bs_hdr, sizeof(*bs_hdr), CRC_CITT_POLYMINAL, + crc = crc16((uint8_t *)bs_hdr, sizeof(*bs_hdr), CRC_CITT_POLYMINAL, CRC16_INITIAL_CRC, false); crc = crc16(data, len, CRC_CITT_POLYMINAL, crc, true); #else diff --git a/boot/zephyr/arm_cleanup.c b/boot/zephyr/arm_cleanup.c index 647b8b429..a36592685 100644 --- a/boot/zephyr/arm_cleanup.c +++ b/boot/zephyr/arm_cleanup.c @@ -12,11 +12,11 @@ void cleanup_arm_nvic(void) { __disable_irq(); /* Disable NVIC interrupts */ - for (u8_t i = 0; i < ARRAY_SIZE(NVIC->ICER); i++) { + for (uint8_t i = 0; i < ARRAY_SIZE(NVIC->ICER); i++) { NVIC->ICER[i] = 0xFFFFFFFF; } /* Clear pending NVIC interrupts */ - for (u8_t i = 0; i < ARRAY_SIZE(NVIC->ICPR); i++) { + for (uint8_t i = 0; i < ARRAY_SIZE(NVIC->ICPR); i++) { NVIC->ICPR[i] = 0xFFFFFFFF; } } diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c3e4cfef2..1bea3bbda 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -79,7 +79,7 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); static inline bool boot_skip_serial_recovery() { #if NRF_POWER_HAS_RESETREAS - u32_t rr = nrf_power_resetreas_get(NRF_POWER); + uint32_t rr = nrf_power_resetreas_get(NRF_POWER); return !(rr == 0 || (rr & NRF_POWER_RESETREAS_RESETPIN_MASK)); #else @@ -295,7 +295,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL struct device *detect_port; - u32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; + uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); __ASSERT(detect_port, "Error: Bad port for boot serial detection.\n"); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 63dca025a..896ed5231 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -47,7 +47,7 @@ static struct line_input line_bufs[2]; static sys_slist_t avail_queue; static sys_slist_t lines_queue; -static u16_t cur; +static uint16_t cur; static int boot_uart_fifo_getline(char **line); static int boot_uart_fifo_init(void); @@ -118,7 +118,7 @@ static void boot_uart_fifo_callback(struct device *dev) { static struct line_input *cmd; - u8_t byte; + uint8_t byte; int rx; uart_irq_update(uart_dev); @@ -203,7 +203,7 @@ boot_uart_fifo_init(void) } } #endif - u8_t c; + uint8_t c; if (!uart_dev) { return (-1); From 60cc568615e9f34f90677c12bc4264a5dd802303 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 8 Jun 2020 11:36:13 +0200 Subject: [PATCH 012/112] Revert "zephyr: Change DT_FLASH_AREA_ macros to FLASH_AREA_" This reverts commit b7254d11cd305e321e48368a09795dd01c3856af. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/sysflash/sysflash.h | 18 +++++++++--------- boot/zephyr/include/target.h | 10 ++++++---- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 66dce1d24..e745ffa19 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -13,32 +13,32 @@ * running in single image mode. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_0) : \ - FLASH_AREA_ID(image_0)) + DT_FLASH_AREA_IMAGE_0_ID : \ + DT_FLASH_AREA_IMAGE_0_ID) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_1) : \ - FLASH_AREA_ID(image_1)) + DT_FLASH_AREA_IMAGE_1_ID : \ + DT_FLASH_AREA_IMAGE_1_ID) #elif (MCUBOOT_IMAGE_NUMBER == 2) /* MCUBoot currently supports only up to 2 updateable firmware images. * If the number of the current image is greater than MCUBOOT_IMAGE_NUMBER - 1 * then a dummy value will be assigned to the flash area macros. */ #define FLASH_AREA_IMAGE_PRIMARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_0) : \ + DT_FLASH_AREA_IMAGE_0_ID : \ ((x) == 1) ? \ - FLASH_AREA_ID(image_2) : \ + DT_FLASH_AREA_IMAGE_2_ID : \ 255) #define FLASH_AREA_IMAGE_SECONDARY(x) (((x) == 0) ? \ - FLASH_AREA_ID(image_1) : \ + DT_FLASH_AREA_IMAGE_1_ID : \ ((x) == 1) ? \ - FLASH_AREA_ID(image_3) : \ + DT_FLASH_AREA_IMAGE_3_ID : \ 255) #else #error "Image slot and flash area mapping is not defined" #endif #if !defined(CONFIG_BOOT_SWAP_USING_MOVE) -#define FLASH_AREA_IMAGE_SCRATCH FLASH_AREA_ID(image_scratch) +#define FLASH_AREA_IMAGE_SCRATCH DT_FLASH_AREA_IMAGE_SCRATCH_ID #endif #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 2e0f5fdaf..861d25431 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -20,7 +20,6 @@ * everything we need. */ #include -#include #define FLASH_ALIGN FLASH_WRITE_BLOCK_SIZE @@ -36,9 +35,12 @@ #if (!defined(CONFIG_XTENSA) && !defined(DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL)) || \ (defined(CONFIG_XTENSA) && !defined(JEDEC_SPI_NOR_0_LABEL)) || \ !defined(FLASH_ALIGN) || \ - !(FLASH_AREA_LABEL_EXISTS(image_0)) || \ - !(FLASH_AREA_LABEL_EXISTS(image_1)) || \ - (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !(FLASH_AREA_LABEL_EXISTS(image_scratch))) + !defined(DT_FLASH_AREA_IMAGE_0_OFFSET) || \ + !defined(DT_FLASH_AREA_IMAGE_0_SIZE) || \ + !defined(DT_FLASH_AREA_IMAGE_1_OFFSET) || \ + !defined(DT_FLASH_AREA_IMAGE_1_SIZE) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_OFFSET)) || \ + (!defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(DT_FLASH_AREA_IMAGE_SCRATCH_SIZE)) #error "Target support is incomplete; cannot build mcuboot." #endif From 9920005e1bedf20d0e2b24d39a44de193fc36691 Mon Sep 17 00:00:00 2001 From: Carles Cufi Date: Mon, 20 Jul 2020 17:43:17 +0200 Subject: [PATCH 013/112] zephyr: serial: Align with new callback signature Align the code to the new UART callback signature, see: https://github.com/zephyrproject-rtos/zephyr/pull/26426 Signed-off-by: Carles Cufi --- boot/zephyr/serial_adapter.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 896ed5231..8787780e3 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(struct device *dev) +boot_uart_fifo_callback(struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From 3ab5ab307cbfd1f7d3028dc7461b35c156d3e5ab Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Wed, 26 Aug 2020 18:07:05 -0400 Subject: [PATCH 014/112] sample: inclusive language: whitelist -> allow Change whitelist->allow to be compatible with sanitycheck in zephyr. Signed-off-by: Anas Nashif --- boot/zephyr/sample.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/sample.yaml b/boot/zephyr/sample.yaml index faef68e59..6c41d2820 100644 --- a/boot/zephyr/sample.yaml +++ b/boot/zephyr/sample.yaml @@ -5,16 +5,16 @@ sample: tests: sample.bootloader.mcuboot: tags: bootloader_mcuboot - platform_whitelist: nrf52840dk_nrf52840 frdm_k64f + platform_allow: nrf52840dk_nrf52840 frdm_k64f sample.bootloader.mcuboot.serial_recovery: extra_args: OVERLAY_CONFIG=serial_recovery.conf - platform_whitelist: nrf52840dk_nrf52840 + platform_allow: nrf52840dk_nrf52840 tags: bootloader_mcuboot sample.bootloader.mcuboot.usb_cdc_acm_recovery: tags: bootloader_mcuboot - platform_whitelist: nrf52840dongle_nrf52840 + platform_allow: nrf52840dongle_nrf52840 sample.bootloader.mcuboot.usb_cdc_acm_recovery_log: extra_args: OVERLAY_CONFIG=./usb_cdc_acm_log_recovery.conf DTC_OVERLAY_FILE=./boards/nrf52840_big.overlay - platform_whitelist: nrf52840dk_nrf52840 + platform_allow: nrf52840dk_nrf52840 tags: bootloader_mcuboot From f78d1d0fc7105111f04e9e0c83e0b9e9f04d07fe Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Mon, 17 Aug 2020 12:05:52 -0300 Subject: [PATCH 015/112] imgtool: fix package's author email Fix author email after move to new mailing list. Signed-off-by: Fabio Utzig --- scripts/setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setup.py b/scripts/setup.py index 058d0cb4e..bf35d9ffe 100644 --- a/scripts/setup.py +++ b/scripts/setup.py @@ -5,7 +5,7 @@ name="imgtool", version=imgtool_version, author="The MCUboot committers", - author_email="dev-mcuboot@lists.runtime.co", + author_email="mcuboot@groups.io", description=("MCUboot's image signing and key management"), license="Apache Software License", url="http://github.com/JuulLabs-OSS/mcuboot", From 480421999ec2d8d2a20091e4f3a0393db04de5c4 Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Wed, 2 Sep 2020 11:39:43 -0300 Subject: [PATCH 016/112] zephyr: struct device const-ification Follows up the change added to Zephyr with: https://github.com/zephyrproject-rtos/zephyr/pull/24873 Signed-off-by: Fabio Utzig --- boot/zephyr/flash_map_extended.c | 4 ++-- boot/zephyr/include/flash_map_backend/flash_map_backend.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/flash_map_extended.c b/boot/zephyr/flash_map_extended.c index c77f96cf1..ffa45006a 100644 --- a/boot/zephyr/flash_map_extended.c +++ b/boot/zephyr/flash_map_extended.c @@ -27,9 +27,9 @@ MCUBOOT_LOG_MODULE_DECLARE(mcuboot); #error "FLASH_DEVICE_ID could not be determined" #endif -static struct device *flash_dev; +static const struct device *flash_dev; -struct device *flash_device_get_binding(char *dev_name) +const struct device *flash_device_get_binding(char *dev_name) { if (!flash_dev) { flash_dev = device_get_binding(dev_name); diff --git a/boot/zephyr/include/flash_map_backend/flash_map_backend.h b/boot/zephyr/include/flash_map_backend/flash_map_backend.h index 20dd37914..8b5fd0ca6 100644 --- a/boot/zephyr/include/flash_map_backend/flash_map_backend.h +++ b/boot/zephyr/include/flash_map_backend/flash_map_backend.h @@ -38,7 +38,7 @@ extern "C" { * * Returns the flash device on success, or NULL on failure. */ -struct device *flash_device_get_binding(char *dev_name); +const struct device *flash_device_get_binding(char *dev_name); /* * Retrieve a memory-mapped flash device's base address. From a5d79cf8ccb2c71e68ef32a71d6a2716e831d12e Mon Sep 17 00:00:00 2001 From: Marek Pieta Date: Wed, 12 Aug 2020 04:29:12 -0700 Subject: [PATCH 017/112] boot: zephyr: Fix build issue for multiple conf files Change fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. Signed-off-by: Marek Pieta Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/CMakeLists.txt | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index abe931e5e..b660bc74c 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -231,17 +231,30 @@ if(CONFIG_MCUBOOT_SERIAL) ) endif() -# CONF_FILE points to the KConfig configuration file of the bootloader -get_filename_component(CONF_DIR ${CONF_FILE} DIRECTORY) +# CONF_FILE points to the KConfig configuration files of the bootloader. +foreach (filepath ${CONF_FILE}) + file(READ ${filepath} temp_text) + string(FIND "${temp_text}" ${CONFIG_BOOT_SIGNATURE_KEY_FILE} match) + if (${match} GREATER_EQUAL 0) + if (NOT DEFINED CONF_DIR) + get_filename_component(CONF_DIR ${filepath} DIRECTORY) + else() + message(FATAL_ERROR "Signature key file defined in multiple conf files") + endif() + endif() +endforeach() if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") if(IS_ABSOLUTE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) set(KEY_FILE ${CONFIG_BOOT_SIGNATURE_KEY_FILE}) - elseif(EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) + elseif((DEFINED CONF_DIR) AND + (EXISTS ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE})) set(KEY_FILE ${CONF_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) else() set(KEY_FILE ${MCUBOOT_DIR}/${CONFIG_BOOT_SIGNATURE_KEY_FILE}) endif() + message("MCUBoot bootloader key file: ${KEY_FILE}") + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} From e8bfc030a541ac0385d2708927a64fb5a9db4648 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 11 Sep 2020 11:31:38 +0000 Subject: [PATCH 018/112] zephyr: Fix serial recovery compilation warnings Missing const on pointers to device structures caused compilation warnings when compiling bootloader with serial recovery enabled. Signed-off-by: Dominik Ermel --- boot/zephyr/main.c | 2 +- boot/zephyr/serial_adapter.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 4050f4c49..48ce6eb75 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -317,7 +317,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL - struct device *detect_port; + struct device const *detect_port; uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 8787780e3..829752289 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -41,7 +41,7 @@ struct line_input { char line[CONFIG_BOOT_MAX_LINE_INPUT_LEN]; }; -static struct device *uart_dev; +static struct device const *uart_dev; static struct line_input line_bufs[2]; static sys_slist_t avail_queue; @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(struct device *dev, void *user_data) +boot_uart_fifo_callback(const struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From 7718705e8b500aabbfa1cc720f082bfc048bb9f5 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Fri, 23 Nov 2018 15:37:52 +0100 Subject: [PATCH 019/112] [nrf noup] ci: add Jenkins-based CI for NCS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add Jenkinsfile and .gitlint files. Signed-off-by: Thomas Stilwell Signed-off-by: Ulrich Myhre Signed-off-by: Chris Bittner Signed-off-by: Martí Bolívar Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 1a8bd29cb01c809c46549813aff2b1c5461ef399) --- .github/workflows/backport.yml | 19 ++++ .gitlint | 57 ++++++++++++ Jenkinsfile | 157 +++++++++++++++++++++++++++++++++ 3 files changed, 233 insertions(+) create mode 100644 .github/workflows/backport.yml create mode 100644 .gitlint create mode 100644 Jenkinsfile diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 000000000..a6f3a2d5d --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,19 @@ +name: Backport +on: + pull_request: + types: + - closed + - labeled + +jobs: + backport: + runs-on: ubuntu-18.04 + name: Backport + steps: + - name: Backport Bot + uses: Gaurav0/backport@v1.0.24 + with: + bot_username: NordicBuilder + bot_token: 151a9b45052f9ee8be5a59963d31ad7b92c3ecb5 + bot_token_key: 67bb1f1f998d546859786a4088917c65415c0ebd + github_token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.gitlint b/.gitlint new file mode 100644 index 000000000..a2b26dbbf --- /dev/null +++ b/.gitlint @@ -0,0 +1,57 @@ +# All these sections are optional, edit this file as you like. +[general] +ignore=title-trailing-punctuation, T3, title-max-length, T1, body-hard-tab, B3, B1 +# verbosity should be a value between 1 and 3, the commandline -v flags take precedence over this +verbosity = 3 +# By default gitlint will ignore merge commits. Set to 'false' to disable. +ignore-merge-commits=true +# Enable debug mode (prints more output). Disabled by default +debug = false + +# Set the extra-path where gitlint will search for user defined rules +# See http://jorisroovers.github.io/gitlint/user_defined_rules for details +extra-path=../tools/ci-tools/scripts/gitlint + +[title-max-length-no-revert] +line-length=72 + +[body-min-line-count] +min-line-count=1 + +[body-max-line-count] +max-line-count=200 + +[title-starts-with-subsystem] +regex = ^(?!subsys:)(([^:]+):)(\s([^:]+):)*\s(.+)$ + +[title-must-not-contain-word] +# Comma-separated list of words that should not occur in the title. Matching is case +# insensitive. It's fine if the keyword occurs as part of a larger word (so "WIPING" +# will not cause a violation, but "WIP: my title" will. +words=wip + +[title-match-regex] +# python like regex (https://docs.python.org/2/library/re.html) that the +# commit-msg title must be matched to. +# Note that the regex can contradict with other rules if not used correctly +# (e.g. title-must-not-contain-word). +#regex=^US[0-9]* + +[max-line-length-with-exceptions] +# B1 = body-max-line-length +line-length=72 + +[body-min-length] +min-length=3 + +[body-is-missing] +# Whether to ignore this rule on merge commits (which typically only have a title) +# default = True +ignore-merge-commits=false + +[body-changed-file-mention] +# List of files that need to be explicitly mentioned in the body when they are changed +# This is useful for when developers often erroneously edit certain files or git submodules. +# By specifying this rule, developers can only change the file when they explicitly reference +# it in the commit message. +#files=gitlint/rules.py,README.md diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 000000000..402fdd16f --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,157 @@ +// +// Copyright (c) 2020 Nordic Semiconductor ASA. All Rights Reserved. +// +// The information contained herein is confidential property of Nordic Semiconductor ASA. +// The use, copying, transfer or disclosure of such information is prohibited except by +// express written agreement with Nordic Semiconductor ASA. +// + +@Library("CI_LIB") _ + +HashMap CI_STATE = lib_State.getConfig(JOB_NAME) +properties(lib_State.getTriggers()) + +pipeline { + + parameters { + booleanParam(name: 'RUN_DOWNSTREAM', description: 'if false skip downstream jobs', defaultValue: false) + booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) + booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) + string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) + choice(name: 'CRON', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') + } + + agent { + docker { + image CI_STATE.CFG.IMAGE_TAG + label CI_STATE.CFG.AGENT_LABELS + } + } + + options { + checkoutToSubdirectory('mcuboot') + parallelsAlwaysFailFast() + timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) + } + + environment { + // This token is used to by check_compliance to comment on PRs and use checks + GH_TOKEN = credentials('nordicbuilder-compliance-token') + GH_USERNAME = "NordicBuilder" + COMPLIANCE_ARGS = "-r NordicPlayground/fw-nrfconnect-mcuboot" + } + + stages { + stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} + stage('Checkout') { + steps { script { + CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) + lib_West.AddManifestUpdate("MCUBOOT", 'mcuboot', CI_STATE.SELF.GIT_URL, CI_STATE.SELF.GIT_REF, CI_STATE) + lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) + lib_West.InitUpdate('nrf', 'ci-tools') + }} + } + stage('Run compliance check') { + when { expression { CI_STATE.SELF.RUN_TESTS } } + steps { + script { + lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); + dir('mcuboot') { + + def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) + if (BUILD_TYPE == "PR") { + + if ( CI_STATE.SELF.CHANGE_TITLE.toLowerCase().contains('[nrf mergeup]') ) { + CI_STATE.SELF.IS_MERGEUP = true + println 'This is a MERGE-UP PR. CI_STATE.SELF.IS_MERGEUP=' + CI_STATE.SELF.IS_MERGEUP + CI_STATE.SELF.MERGEUP_BASE = sh( script: "git log --oneline --grep='\\[nrf mergeup\\].*' -i -n 1 --pretty=format:'%h' | tr -d '\\n'" , returnStdout: true) + println "CI_STATE.SELF.MERGEUP_BASE = $CI_STATE.SELF.MERGEUP_BASE" + COMMIT_RANGE = "$CI_STATE.SELF.MERGEUP_BASE..$CI_STATE.SELF.REPORT_SHA" + } else { + CI_STATE.SELF.IS_MERGEUP = false + COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" + } + + COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g" + // COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g -e pylint" + println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" + } + else if (BUILD_TYPE == "TAG") { + COMMIT_RANGE = "tags/${env.BRANCH_NAME}..tags/${env.BRANCH_NAME}" + println "Building a Tag: " + COMMIT_RANGE + } + // If not a PR, it's a non-PR-branch or master build. Compare against the origin. + else if (BUILD_TYPE == "BRANCH") { + COMMIT_RANGE = "origin/${env.BRANCH_NAME}..HEAD" + println "Building a Branch: " + COMMIT_RANGE + } + else { + assert condition : "Build fails because it is not a PR/Tag/Branch" + } + + // Run the compliance check + try { + sh "../tools/ci-tools/scripts/check_compliance.py $COMPLIANCE_ARGS --commits $COMMIT_RANGE" + } + finally { + junit 'compliance.xml' + archiveArtifacts artifacts: 'compliance.xml' + } + } + } + } + } + + stage('Build samples') { + when { expression { CI_STATE.SELF.RUN_BUILD } } + steps { + echo "No Samples to build yet." + } + } + + stage('Trigger Downstream Jobs') { + when { expression { CI_STATE.SELF.RUN_DOWNSTREAM } } + steps { script { lib_Stage.runDownstream(JOB_NAME, CI_STATE) } } + } + + stage('Report') { + when { expression { CI_STATE.SELF.RUN_TESTS } } + steps { script { + println 'no report generation yet' + } } + } + + } + + post { + // This is the order that the methods are run. {always->success/abort/failure/unstable->cleanup} + always { script { + lib_Status.set( "${currentBuild.currentResult}", 'MCUBOOT', CI_STATE) + if ( !CI_STATE.SELF.RUN_BUILD || !CI_STATE.SELF.RUN_TESTS ) { currentBuild.result = "UNSTABLE"} + }} + // Add if needed + // success {} + // aborted {} + // unstable {} + failure { + echo "failure" + script{ + if (env.BRANCH_NAME == 'master' || env.BRANCH_NAME.startsWith("PR")) + { + emailext(to: 'anpu', + body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", + subject: "[Jenkins][Build ${currentBuild.currentResult}: ${env.JOB_NAME}]", + mimeType: 'text/html',) + } + else + { + echo "Branch ${env.BRANCH_NAME} is not master nor PR. Sending failure email skipped." + } + } + } + cleanup { + echo "Pipeline Post: cleanup" + cleanWs disableDeferredWipeout: true, deleteDirs: true + } + } +} From 228e8868663ce009c6b1d1a18315ef3c5d75b105 Mon Sep 17 00:00:00 2001 From: Bernt Johan Damslora Date: Fri, 20 Sep 2019 18:25:41 +0200 Subject: [PATCH 020/112] [nrf toup] zephyr: add support for Thingy:91 Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. This was the "nrf9160_pca20035" board name in NCS v1.2. It has been renamed "thingy91_nrf9160" for NCS v1.3. Signed-off-by: Bernt Johan Damslora Signed-off-by: Sigvart Hovland Signed-off-by: Jon Helge Nistad (cherry picked from commit 96e698ca84c61a96ea8b8720757279d9d99ca3d4) --- boot/zephyr/boards/thingy91_nrf52840.conf | 38 +++++++++++++++++++++++ boot/zephyr/boards/thingy91_nrf9160.conf | 16 ++++++++++ 2 files changed, 54 insertions(+) create mode 100644 boot/zephyr/boards/thingy91_nrf52840.conf create mode 100644 boot/zephyr/boards/thingy91_nrf9160.conf diff --git a/boot/zephyr/boards/thingy91_nrf52840.conf b/boot/zephyr/boards/thingy91_nrf52840.conf new file mode 100644 index 000000000..18a1a4943 --- /dev/null +++ b/boot/zephyr/boards/thingy91_nrf52840.conf @@ -0,0 +1,38 @@ +# Disable Zephyr console +CONFIG_LOG=n +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n + +# The build won't fit on the partition allocated for it without size +# optimizations. +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x12000 + +# Serial +CONFIG_SERIAL=y +CONFIG_UART_NRFX=y +CONFIG_UART_INTERRUPT_DRIVEN=y +CONFIG_UART_LINE_CTRL=y + +# MCUboot serial recovery +CONFIG_GPIO=y +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_CDC_ACM=y +CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_1" +CONFIG_BOOT_SERIAL_DETECT_PIN=13 +CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 + +# Required by USB +CONFIG_MULTITHREADING=y + +# USB +CONFIG_USB=y +CONFIG_USB_DEVICE_STACK=y +CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" +CONFIG_USB_CDC_ACM=y +CONFIG_USB_COMPOSITE_DEVICE=y +CONFIG_USB_MASS_STORAGE=n +CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor" +CONFIG_USB_DEVICE_VID=0x1915 +CONFIG_USB_DEVICE_PID=0x520F diff --git a/boot/zephyr/boards/thingy91_nrf9160.conf b/boot/zephyr/boards/thingy91_nrf9160.conf new file mode 100644 index 000000000..6e671a286 --- /dev/null +++ b/boot/zephyr/boards/thingy91_nrf9160.conf @@ -0,0 +1,16 @@ +# Disable Zephyr console +CONFIG_CONSOLE=n +CONFIG_CONSOLE_HANDLER=n +CONFIG_UART_CONSOLE=n + +# Disable Flash protection +CONFIG_FPROTECT=n + +# MCUBoot settings +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# MCUboot serial recovery +CONFIG_MCUBOOT_SERIAL=y +CONFIG_BOOT_SERIAL_DETECT_PORT="GPIO_0" +CONFIG_BOOT_SERIAL_DETECT_PIN=26 +CONFIG_BOOT_SERIAL_DETECT_PIN_VAL=0 From 45f0833a8dee3549ef661137dd03e54d180ae8d8 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Tue, 26 Mar 2019 15:42:38 +0100 Subject: [PATCH 021/112] [nrf noup] zephyr: Remove duplication from Kconfig and cmake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes `NRFXLIB_CRYPTO`, `NRF_CC310_BL` and the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland Signed-off-by: Andrzej Puzdrowski Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 4dacbdc6b4871bd211861afc553c2fe60dec5ad8) --- boot/zephyr/CMakeLists.txt | 2 -- boot/zephyr/Kconfig | 13 +++---------- 2 files changed, 3 insertions(+), 12 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index b660bc74c..01d31ab4f 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -64,8 +64,6 @@ set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf") if(CONFIG_BOOT_USE_NRF_CC310_BL) set(NRFXLIB_DIR ${ZEPHYR_BASE}/../nrfxlib) assert_exists(NRFXLIB_DIR) -# Don't include this if we are using west - add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) endif() zephyr_library_include_directories( diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 2e416b849..32c77f9e0 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,14 +48,6 @@ config BOOT_USE_NRF_CC310_BL bool default n -config NRFXLIB_CRYPTO - bool - default n - -config NRF_CC310_BL - bool - default n - menu "MCUBoot settings" config SINGLE_IMAGE_DFU @@ -92,8 +84,9 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" - default BOOT_ECDSA_TINYCRYPT -config BOOT_ECDSA_TINYCRYPT + default BOOT_CC310 if HAS_HW_NRF_CC310 + default BOOT_TINYCRYPT +config BOOT_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT config BOOT_CC310 From 68f2bcc798113500cf4abf50af6e6def60ba384a Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 14 Feb 2019 13:20:34 +0100 Subject: [PATCH 022/112] [nrf noup] boot: bootutil: Add shared crypto functions for ECDSA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski (cherry picked from commit ef8f826cfee7c95e2ff2f96934d5c50aff930540) --- boot/bootutil/include/bootutil/sha256.h | 28 ++++++++++ boot/bootutil/src/image_ec256.c | 52 +++++++++++++++++++ boot/zephyr/CMakeLists.txt | 2 + boot/zephyr/Kconfig | 23 +++++++- .../include/mcuboot_config/mcuboot_config.h | 5 +- 5 files changed, 105 insertions(+), 5 deletions(-) diff --git a/boot/bootutil/include/bootutil/sha256.h b/boot/bootutil/include/bootutil/sha256.h index f34d2b7a3..7b9907efb 100644 --- a/boot/bootutil/include/bootutil/sha256.h +++ b/boot/bootutil/include/bootutil/sha256.h @@ -21,6 +21,7 @@ #if (defined(MCUBOOT_USE_MBED_TLS) + \ defined(MCUBOOT_USE_TINYCRYPT) + \ + defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_CC310)) != 1 #error "One crypto backend must be defined either CC310, MBED_TLS or TINYCRYPT" #endif @@ -37,6 +38,10 @@ #include #endif /* MCUBOOT_USE_CC310 */ +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO + #include +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #include #ifdef __cplusplus @@ -107,6 +112,29 @@ static inline void bootutil_sha256_finish(bootutil_sha256_context *ctx, } #endif /* MCUBOOT_USE_CC310 */ +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +typedef bl_sha256_ctx_t bootutil_sha256_context; + +static inline void bootutil_sha256_init(bootutil_sha256_context *ctx) +{ + bl_sha256_init(ctx); +} + +static inline void bootutil_sha256_update(bootutil_sha256_context *ctx, + const void * data, + uint32_t data_len) +{ + bl_sha256_update(ctx, data, data_len); + +} + +static inline void bootutil_sha256_finish(bootutil_sha256_context *ctx, + uint8_t * output) +{ + bl_sha256_finalize(ctx, output); +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus } #endif diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c index 84ece6a64..3e55af42d 100644 --- a/boot/bootutil/src/image_ec256.c +++ b/boot/bootutil/src/image_ec256.c @@ -41,6 +41,11 @@ #include "cc310_glue.h" #define NUM_ECC_BYTES (4*8) #endif +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +#include "bl_crypto.h" +#define NUM_ECC_BYTES (4*8) +#endif + #include "bootutil_priv.h" /* @@ -190,6 +195,7 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, } } #endif /* MCUBOOT_USE_TINYCRYPT */ + #ifdef MCUBOOT_USE_CC310 int bootutil_verify_sig(uint8_t *hash, @@ -234,4 +240,50 @@ bootutil_verify_sig(uint8_t *hash, return rc; } #endif /* MCUBOOT_USE_CC310 */ + +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +int +bootutil_verify_sig(uint8_t *hash, + uint32_t hlen, + uint8_t *sig, + size_t slen, + uint8_t key_id) +{ + int rc; + uint8_t *pubkey; + uint8_t *end; + uint8_t signature[2 * NUM_ECC_BYTES]; + + pubkey = (uint8_t *)bootutil_keys[key_id].key; + end = pubkey + *bootutil_keys[key_id].len; + + rc = bootutil_import_key(&pubkey, end); + if (rc) { + return -1; + } + + /* Decode signature */ + rc = bootutil_decode_sig(signature, sig, sig + slen); + if (rc) { + return -1; + } + + /* + * This is simplified, as the hash length is also 32 bytes. + */ + if (hlen != NUM_ECC_BYTES) { + return -1; + } + + /* Initialize and verify in one go */ + rc = bl_secp256r1_validate(hash, hlen, pubkey, signature); + + if(rc != 0 /*CRYS_OK*/){ + return -2; + } + + return rc; +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #endif /* MCUBOOT_SIGN_EC256 */ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 01d31ab4f..e3eaf51b0 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -142,6 +142,8 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256) zephyr_library_sources(${NRF_DIR}/cc310_glue.c) zephyr_library_include_directories(${NRF_DIR}) zephyr_link_libraries(nrfxlib_crypto) + elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) + zephyr_include_directories(${BL_CRYPTO_DIR}/../include) endif() # Since here we are not using Zephyr's mbedTLS but rather our own, we need diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 32c77f9e0..36d92ea44 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,6 +48,17 @@ config BOOT_USE_NRF_CC310_BL bool default n +config BOOT_USE_NRF_EXTERNAL_CRYPTO + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + depends on ! MBEDTLS + help + Use Shared crypto for crypto primitives. + menu "MCUBoot settings" config SINGLE_IMAGE_DFU @@ -84,19 +95,27 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" + default BOOT_NRF_EXTERNAL_CRYPTO if SECURE_BOOT default BOOT_CC310 if HAS_HW_NRF_CC310 default BOOT_TINYCRYPT + config BOOT_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT + config BOOT_CC310 bool "Use CC310" select BOOT_USE_NRF_CC310_BL if HAS_HW_NRF_CC310 - select NRF_CC310_BL if HAS_HW_NRF_CC310 select NRFXLIB_CRYPTO if SOC_FAMILY_NRF select BOOT_USE_CC310 + +config BOOT_NRF_EXTERNAL_CRYPTO + bool "Use Shared Crypto from bootloader" + select BOOT_USE_NRF_EXTERNAL_CRYPTO + depends on SECURE_BOOT_CRYPTO_CLIENT + endchoice -endif +endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 530e8dc33..220a02f71 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -40,9 +40,8 @@ #define MCUBOOT_USE_TINYCRYPT #elif defined(CONFIG_BOOT_USE_CC310) #define MCUBOOT_USE_CC310 -#ifdef CONFIG_BOOT_USE_NRF_CC310_BL -#define MCUBOOT_USE_NRF_CC310_BL -#endif +#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) +#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO #endif #ifdef CONFIG_BOOT_HW_KEY From e6e68505af12b6288da5b7215662bd711ec6e9c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=98yvind=20R=C3=B8nningstad?= Date: Wed, 12 Feb 2020 13:16:23 +0100 Subject: [PATCH 023/112] [nrf noup] boot: zephyr: Call fw_info_ext_api_provide() before booting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Øyvind Rønningstad Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski (cherry picked from commit c876abb82f0f18212d45c842f87ba4608e3a767f) --- boot/zephyr/main.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 4050f4c49..9657c5ed2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -31,6 +31,10 @@ #include "bootutil/bootutil.h" #include "flash_map_backend/flash_map_backend.h" +#ifdef CONFIG_FW_INFO +#include +#endif + #ifdef CONFIG_MCUBOOT_SERIAL #include "boot_serial/boot_serial.h" #include "serial_adapter/serial_adapter.h" @@ -136,6 +140,19 @@ static void do_boot(struct boot_rsp *rsp) /* Disable the USB to prevent it from firing interrupts */ usb_disable(); #endif + +#if defined(CONFIG_FW_INFO) && !defined(CONFIG_EXT_API_PROVIDE_EXT_API_UNUSED) + bool provided = fw_info_ext_api_provide(fw_info_find((uint32_t)vt), true); + +#ifdef PM_S0_ADDRESS + /* Only fail if the immutable bootloader is present. */ + if (!provided) { + BOOT_LOG_ERR("Failed to provide EXT_APIs\n"); + return; + } +#endif +#endif + #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ #endif From 04514d6a2236050ac8abd89d72f59dd175a0265e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Wed, 12 Dec 2018 08:59:47 +0100 Subject: [PATCH 024/112] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Øyvind Rønningstad Signed-off-by: Sebastian Bøe Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Torsten Rasmussen Signed-off-by: Andrzej Głąbek Signed-off-by: Robert Lubos Signed-off-by: Andrzej Puzdrowski Signed-off-by: Dominik Ermel Signed-off-by: Emil Obalski Signed-off-by: Torsten Rasmussen Signed-off-by: Pawel Dunaj (cherry picked from commit e632ea6f38f08de7981c2d24d5f9e2ca754bcd68) (cherry picked from commit e66f03264fb733bbda086d4746fd6919b6559375) (cherry picked from commit fcbc47f59e59e5a596e04857b78423bbb90cf602) (cherry picked from commit 5409c45d4019b015fbc2f0ad926e28752f77bc29) (cherry picked from commit 50155fddf309adbe79edbf49126ded5b27afe8eb) (cherry picked from commit d7373a00f65b7545c025cbb63cfd8bc153afe5e7) --- boot/bootutil/src/loader.c | 67 +++++++++++++++++++++++-- boot/bootutil/src/swap_move.c | 13 +++++ boot/bootutil/src/swap_scratch.c | 13 +++++ boot/zephyr/CMakeLists.txt | 7 +++ boot/zephyr/Kconfig | 14 +++++- boot/zephyr/include/sysflash/sysflash.h | 47 +++++++++++++++++ boot/zephyr/include/target.h | 4 ++ boot/zephyr/pm.yml | 38 ++++++++++++++ zephyr/CMakeLists.txt | 1 + zephyr/Kconfig | 32 ++++++++++++ 10 files changed, 230 insertions(+), 6 deletions(-) create mode 100644 boot/zephyr/pm.yml create mode 100644 zephyr/CMakeLists.txt create mode 100644 zephyr/Kconfig diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index c98b84180..50e6b0575 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -90,6 +90,15 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. The primary slot of the second image + * (image 1) will not contain a valid image header until an upgrade + * of mcuboot has happened (filling S1 with the new version). + */ + if (BOOT_CURR_IMG(state) == 1 && i == 0) { + continue; + } +#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -712,6 +721,41 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; int rc; +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other + * B1 slot S0 or S1) share the same secondary slot, we need to check + * whether the update candidate in the secondary slot is intended for + * image 0 or image 1 primary by looking at the address of the reset + * vector. Note that there are good reasons for not using img_num from + * the swap info. + */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; + + if (hdr->ih_magic == IMAGE_MAGIC) { + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } + } +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -1780,11 +1824,24 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT - rc = boot_validate_slot(state, BOOT_PRIMARY_SLOT, NULL); - if (rc != 0) { - rc = BOOT_EBADIMAGE; - goto out; - } +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. If secure boot is enabled, then mcuboot + * will be stored in either partition S0 or S1. Image 1 primary + * will point to the 'other' Sx partition. Hence, image 1 primary + * does not contain a valid image until mcuboot has been upgraded. + * Note that B0 will perform validation of the active mcuboot image, + * so there is no security lost by skipping this check for image 1 + * primary. + */ + if (BOOT_CURR_IMG(state) == 0) +#endif + { + rc = boot_validate_slot(state, BOOT_PRIMARY_SLOT, NULL); + if (rc != 0) { + rc = BOOT_EBADIMAGE; + goto out; + } + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index 90bf9d1fd..d258e241a 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -212,6 +212,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -248,6 +260,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index e60d93dff..190bc04e7 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -176,6 +176,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -261,6 +273,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index e3eaf51b0..f913c9b11 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -255,6 +255,13 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") + set_property( + GLOBAL + PROPERTY + KEY_FILE + ${KEY_FILE} + ) + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 36d92ea44..53e7c4958 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -15,6 +15,18 @@ config MCUBOOT select MPU_ALLOW_FLASH_WRITE if ARM_MPU select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET +partition=MCUBOOT +partition-size=0xc000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_SCRATCH +partition-size=0x1e000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_PAD +partition-size=0x200 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + config BOOT_USE_MBEDTLS bool # Hidden option @@ -138,7 +150,7 @@ endchoice config BOOT_SIGNATURE_KEY_FILE string "PEM key file" - default "" + default "root-rsa-2048.pem" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index f651779ad..3b479b3c3 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,6 +3,51 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ +#if USE_PARTITION_MANAGER +#include +#include + +#ifndef CONFIG_SINGLE_IMAGE_DFU + +#if (MCUBOOT_IMAGE_NUMBER == 1) + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID + +#elif (MCUBOOT_IMAGE_NUMBER == 2) + +extern uint32_t _image_1_primary_slot_id[]; + +#define FLASH_AREA_IMAGE_PRIMARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_PRIMARY_ID : \ + (x == 1) ? \ + (uint32_t)_image_1_primary_slot_id : \ + 255 ) + +#define FLASH_AREA_IMAGE_SECONDARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + (x == 1) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + 255 ) +#endif +#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID + +#else /* CONFIG_SINGLE_IMAGE_DFU */ + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID +/* NOTE: Scratch parition is not used by single image DFU but some of + * functions in common files reference it, so the definitions has been + * provided to allow compilation of common units. + */ +#define FLASH_AREA_IMAGE_SCRATCH 0 + +#endif /* CONFIG_SINGLE_IMAGE_DFU */ + +#else + #include #include @@ -55,4 +100,6 @@ #endif /* CONFIG_SINGLE_IMAGE_DFU */ +#endif /* USE_PARTITION_MANAGER */ + #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index d585b9c58..8ed8682dc 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,6 +8,8 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ +#ifndef USE_PARTITION_MANAGER + #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -47,4 +49,6 @@ #error "Target support is incomplete; cannot build mcuboot." #endif +#endif /* ifndef USE_PARTITION_MANAGER */ + #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml new file mode 100644 index 000000000..cb774f7ea --- /dev/null +++ b/boot/zephyr/pm.yml @@ -0,0 +1,38 @@ +#include +#include + +mcuboot: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT + placement: + before: [mcuboot_primary] + +mcuboot_primary_app: + # All images to be placed in MCUboot's slot 0 should be placed in this + # partition + span: [app] + +mcuboot_primary: + span: [mcuboot_pad, mcuboot_primary_app] + +mcuboot_secondary: + share_size: [mcuboot_primary] + placement: + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} + after: mcuboot_primary + +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) +mcuboot_scratch: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH + placement: + after: app + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} +#endif + +# Padding placed before image to boot +mcuboot_pad: + # MCUboot pad must be placed before the 'spm' partition if that is present. + # If 'spm' partition is not present, it must be placed before the 'app'. + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD + placement: + before: [mcuboot_primary_app] + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt new file mode 100644 index 000000000..683bcf226 --- /dev/null +++ b/zephyr/CMakeLists.txt @@ -0,0 +1 @@ +include(${ZEPHYR_NRF_MODULE_DIR}/cmake/mcuboot.cmake) diff --git a/zephyr/Kconfig b/zephyr/Kconfig new file mode 100644 index 000000000..ffca48313 --- /dev/null +++ b/zephyr/Kconfig @@ -0,0 +1,32 @@ +menu "MCUboot" + +if BOOTLOADER_MCUBOOT + +config MCUBOOT_CMAKELISTS_DIR + string "Path to the directory of the MCUBoot CMakeLists.txt file" + default "$MCUBOOT_BASE/boot/zephyr/" + + +# The name of this configuration needs to match the requirements set by the +# script `partition_manager.py`. See `pm.yml` in the application directory +# of MCUBoot. +module=MCUBOOT +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.build_strategy" + +config MCUBOOT_IMAGE_VERSION + string "Image version" + default "0.0.0+0" + help + Value to be passed as 'version' argument to 'imgtool.py' when + creating signed image. Note that no semantics are connected to + this variable. It does not provide downgrade prevention, and is only + valuable for debugging purposes. Format: maj.min.rev+build with + latter parts optional. + +endif # BOOTLOADER_MCUBOOT + +config DT_FLASH_WRITE_BLOCK_SIZE + int + default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) + +endmenu From 59e02e27dafd41456c54bf45d0b2d95ab15b6e0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Mon, 6 Jan 2020 11:35:06 +0000 Subject: [PATCH 025/112] [nrf noup] zephyr: lock mcuboot using fprotect before jumping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This to enable the secure boot property of the system. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Sigvart Hovland Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen (cherry picked from commit 3f02019110c5e7de2f85617fe7997ff64a97e3a5) --- boot/zephyr/main.c | 28 ++++++++++++++++++++++++++++ boot/zephyr/pm.yml | 4 +++- boot/zephyr/prj.conf | 1 + 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 9657c5ed2..6c9797b1a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -78,6 +78,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #define ZEPHYR_BOOT_LOG_STOP() do { } while (false) #endif /* defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) */ +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT +#include +#include + +#endif #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -393,7 +398,30 @@ void main(void) rsp.br_image_off); BOOT_LOG_INF("Jumping to the first image slot"); + +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT + +#ifdef PM_S1_ADDRESS +/* MCUBoot is stored in either S0 or S1, protect both */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) +#define PROTECT_ADDR PM_S0_ADDRESS +#else +/* There is only one instance of MCUBoot */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) +#define PROTECT_ADDR PM_MCUBOOT_ADDRESS +#endif + + rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); + + if (rc != 0) { + BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); + while (1) + ; + } +#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ + ZEPHYR_BOOT_LOG_STOP(); + do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index cb774f7ea..9f99a0e58 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -35,4 +35,6 @@ mcuboot_pad: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} +#ifdef CONFIG_FPROTECT + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 17826db08..0f9d0e81d 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -40,6 +40,7 @@ CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y +CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set From f35f763bbe7e698b3c275c548faae3537061e9c7 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 27 Aug 2020 14:29:31 +0200 Subject: [PATCH 026/112] [nrf noup] boot: zephyr: nrf53 network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. Signed-off-by: Sigvart Hovland (cherry picked from commit a401d3a056b6ef41a9ead1a7ad5263e028f52549) --- boot/bootutil/src/loader.c | 82 ++++++++++++++++++++++++++------------ boot/zephyr/main.c | 7 ++++ 2 files changed, 64 insertions(+), 25 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 50e6b0575..d0d37ab14 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,6 +45,10 @@ #include "bootutil/security_cnt.h" #include "bootutil/boot_record.h" +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -721,7 +725,15 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; int rc; -#ifdef PM_S1_ADDRESS + bool upgrade_valid = false; + +#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; + uint32_t vtable_addr = 0; + uint32_t *vtable = 0; + uint32_t reset_addr = 0; /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -729,33 +741,30 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } + vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + vtable = (uint32_t *)(vtable_addr); + reset_addr = vtable[1]; +#ifdef PM_S1_ADDRESS + const struct flash_area *primary_fa; + rc = flash_area_open(flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } +#endif /* PM_S1_ADDRESS */ } -#endif +#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -767,7 +776,30 @@ boot_validated_swap_type(struct boot_loader_state *state, swap_type = BOOT_SWAP_TYPE_NONE; } else if (rc != 0) { swap_type = BOOT_SWAP_TYPE_FAIL; + } else if (rc == 0) { + upgrade_valid = true; + } + +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + /* If the update is valid, and it targets the network core: perform the + * update and indicate to the caller of this function that no update is + * available + */ + if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { + uint32_t fw_size = hdr->ih_img_size; + + BOOT_LOG_INF("Starting network core update"); + rc = pcd_network_core_update(vtable, fw_size); + if (rc != 0) { + swap_type = BOOT_SWAP_TYPE_FAIL; + } else { + BOOT_LOG_INF("Done updating network core"); + rc = swap_erase_trailer_sectors(state, + secondary_fa); + swap_type = BOOT_SWAP_TYPE_NONE; + } } +#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 6c9797b1a..ace84371d 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -53,6 +53,10 @@ const struct boot_uart_funcs boot_funcs = { #include #endif +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) #ifdef CONFIG_LOG_PROCESS_THREAD #warning "The log internal thread for log processing can't transfer the log"\ @@ -419,6 +423,9 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + pcd_lock_ram(); +#endif ZEPHYR_BOOT_LOG_STOP(); From 1788ad7a9894780bf27c68d98aa87e833f170c7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 10:29:19 +0000 Subject: [PATCH 027/112] [nrf noup] kconfig: use cc310 for ecdsa by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit when hardware is available. NCSDK-5167 Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 40fc6dc073bfd1907eca563890bd49b286c715ea) --- boot/zephyr/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 53e7c4958..df2d0663d 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -58,7 +58,7 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - default n + select NRF_CC310_BL config BOOT_USE_NRF_EXTERNAL_CRYPTO bool @@ -83,6 +83,7 @@ config SINGLE_IMAGE_DFU choice prompt "Signature type" + default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From 4d1b74b32f7f49692fc40132c7c5e84030ef6a85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 12:20:32 +0000 Subject: [PATCH 028/112] [nrf noup] kconfig: enable external crypto config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove undefined dependency and add overlay file for building minimal mcuboot with exeternal crypto. Signed-off-by: Håkon Øye Amundsen (cherry picked from commit e473ee375bc6d53a976408fc133bd0bc6eb3f0a5) --- boot/zephyr/Kconfig | 1 - .../overlay-minimal-external-crypto.conf | 46 +++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/overlay-minimal-external-crypto.conf diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index df2d0663d..1293e59a8 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -125,7 +125,6 @@ config BOOT_CC310 config BOOT_NRF_EXTERNAL_CRYPTO bool "Use Shared Crypto from bootloader" select BOOT_USE_NRF_EXTERNAL_CRYPTO - depends on SECURE_BOOT_CRYPTO_CLIENT endchoice endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 diff --git a/boot/zephyr/overlay-minimal-external-crypto.conf b/boot/zephyr/overlay-minimal-external-crypto.conf new file mode 100644 index 000000000..a4bc98bf5 --- /dev/null +++ b/boot/zephyr/overlay-minimal-external-crypto.conf @@ -0,0 +1,46 @@ +# +# Copyright (c) 2020 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +# These configurations should be used when using nrf/samples/bootloader +# as the immutable bootloader (B0), and MCUBoot as the second stage updateable +# bootloader. With this configuration, MCUBoot will re-use the crypto +# functionality from B0, and fit within 16kB. + +CONFIG_NCS_SAMPLES_DEFAULTS=n +CONFIG_LOG=n +CONFIG_BOOT_BANNER=n +CONFIG_PRINTK=n +CONFIG_CONSOLE=n +CONFIG_UART_CONSOLE=n +CONFIG_SERIAL=n +CONFIG_SECURE_BOOT_DEBUG=n +CONFIG_ASSERT=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_REBOOT=n +CONFIG_GPIO=n +CONFIG_CLOCK_CONTROL=n +CONFIG_MINIMAL_LIBC_MALLOC=n +CONFIG_MINIMAL_LIBC_CALLOC=n +CONFIG_MINIMAL_LIBC_REALLOCARRAY=n +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_NO_RUNTIME_CHECKS=y +CONFIG_CONSOLE_HANDLER=n +CONFIG_NRF_RTC_TIMER=n +CONFIG_SYS_CLOCK_EXISTS=n + +# Set ECDSA as signing mechanism +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y + +# Use crypto backend from B0 +CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y +CONFIG_SECURE_BOOT_CRYPTO=y +CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y +CONFIG_SB_CRYPTO_CLIENT_SHA256=y +CONFIG_BL_SHA256_EXT_API_REQUIRED=y +CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y + +# Set 16kB as flash size +CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x3e00 From 74e2e0f30c4e48738dd5014bd88d31f90d00f9c5 Mon Sep 17 00:00:00 2001 From: Dominik Ermel Date: Fri, 11 Sep 2020 11:31:38 +0000 Subject: [PATCH 029/112] [nrf fromtree] zephyr: Fix serial recovery compilation warnings (Merged into JuulLabs-OSS tree as 1422b4b8c86d4584f213f5c0c.) Missing const on pointers to device structures caused compilation warnings when compiling bootloader with serial recovery enabled. Signed-off-by: Dominik Ermel (cherry picked from commit 9bf6927f813f167cd14f423227ceff6b34c4b35e) --- boot/zephyr/main.c | 2 +- boot/zephyr/serial_adapter.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ace84371d..318702228 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -343,7 +343,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL - struct device *detect_port; + struct device const *detect_port; uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 8787780e3..829752289 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -41,7 +41,7 @@ struct line_input { char line[CONFIG_BOOT_MAX_LINE_INPUT_LEN]; }; -static struct device *uart_dev; +static struct device const *uart_dev; static struct line_input line_bufs[2]; static sys_slist_t avail_queue; @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(struct device *dev, void *user_data) +boot_uart_fifo_callback(const struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From 54238adc9a5912ace04b35c8a642faa1e731fa74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 1 Oct 2020 12:52:38 +0000 Subject: [PATCH 030/112] [nrf fromtree] boot: zephyr: reset SPLIM registers before boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit to avoid causing stack overflow in the image being booted. PR: https://github.com/JuulLabs-OSS/mcuboot/pull/824 Ref: NCSDK-6530 Signed-off-by: Håkon Øye Amundsen (cherry picked from commit b40176e4dc12b75f93de03a53f2ce0c674c4c08f) --- boot/zephyr/main.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 318702228..bd8eac6bd 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -166,6 +166,15 @@ static void do_boot(struct boot_rsp *rsp) cleanup_arm_nvic(); /* cleanup NVIC registers */ #endif +#if defined(CONFIG_BUILTIN_STACK_GUARD) && \ + defined(CONFIG_CPU_CORTEX_M_HAS_SPLIM) + /* Reset limit registers to avoid inflicting stack overflow on image + * being booted. + */ + __set_PSPLIM(0); + __set_MSPLIM(0); +#endif + #ifdef CONFIG_BOOT_INTR_VEC_RELOC #if defined(CONFIG_SW_VECTOR_RELAY) _vector_table_pointer = vt; From 45a94cb234ec33a015677f106cbb937b6ff81569 Mon Sep 17 00:00:00 2001 From: Marcin Niestroj Date: Mon, 5 Oct 2020 19:21:04 +0200 Subject: [PATCH 031/112] [nrf fromtree] boot: zephyr: Disable HW stack protection Cherry-picked from: https://github.com/JuulLabs-OSS/mcuboot/pull/828 Some Zephyr boards enable HW stack protection by default, which propagates in mcuboot build. Bootloader works fine with that option, but the problem arises when we jump to application code. HW stack protection catches application code during early init, which results in "unresponsive" application. Disable HW stack protection, so it doesn't make any harm for application code. Signed-off-by: Marcin Niestroj Signed-off-by: Torsten Rasmussen (cherry picked from commit ec441e0a700280673e11f4e242ff5de696d4f962) --- boot/zephyr/prj.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 0f9d0e81d..d23ad6e42 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -50,3 +50,5 @@ CONFIG_FPROTECT=y CONFIG_LOG=y ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 + +CONFIG_HW_STACK_PROTECTION=n From d0634dd15ca4541a93bc22d9e1aa0fad07e95bc0 Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Thu, 1 Oct 2020 08:09:52 -0300 Subject: [PATCH 032/112] [nrf fromtree] doc: fix link to external page in PORTING Remove a footnote that is not generating a proper link and add an inline link to the mbed TLS referece for platform.h. This also fixes a warning when running through recommonmark==0.6.0 because it is unable to parse the old syntax. PR: JuulLabs-OSS/mcuboot#822 Signed-off-by: Fabio Utzig (cherry picked from commit 82828b5cee28499157c340454e8cfa7a9beecd98) --- docs/PORTING.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/PORTING.md b/docs/PORTING.md index 61a4f8d47..6bf091912 100644 --- a/docs/PORTING.md +++ b/docs/PORTING.md @@ -144,15 +144,14 @@ int flash_area_id_to_multi_image_slot(int image_index, int area_id); needs to provide this pair of function. To configure the what functions are called when allocating/deallocating -memory `mbed TLS` uses the following call [^1]: +memory `mbed TLS` uses the following call: ``` int mbedtls_platform_set_calloc_free (void *(*calloc_func)(size_t, size_t), void (*free_func)(void *)); ``` -If your system already provides functions with compatible signatures, those -can be used directly here, otherwise create new functions that glue to -your `calloc/free` implementations. - -[^1]: ```https://tls.mbed.org/api/platform_8h.html``` +For reference see [mbed TLS platform.h](https://tls.mbed.org/api/platform_8h.html). +If your system already provides functions with compatible signatures, those can +be used directly here, otherwise create new functions that glue to your +`calloc/free` implementations. From 80eb85475da3d3a8408170523e7cb6d1063a9757 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Mon, 28 Sep 2020 09:45:40 +0000 Subject: [PATCH 033/112] [nrf fromtree] kconfig: zephyr: provide logic ... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 705c6c2b67f27ed35d727aa4bc21a9235d3b33e4 ...for setting key file, simplify prj.conf Automate process of selecting correct .pem key file. Zephyr users are familiar with using 'menuconfig' and similar tools for seeing what options are available, so remove =n choices from prj.conf which were used to show the available options. Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 797e5da032d9a18e55202770e6168c2f9509ba04) --- boot/zephyr/Kconfig | 5 ++++- boot/zephyr/prj.conf | 16 ---------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 1293e59a8..945122c94 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -150,7 +150,10 @@ endchoice config BOOT_SIGNATURE_KEY_FILE string "PEM key file" - default "root-rsa-2048.pem" + default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 + default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 + default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 + default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index d23ad6e42..7fd49947e 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -14,22 +14,6 @@ CONFIG_BOOT_ENCRYPT_X25519=n CONFIG_BOOT_UPGRADE_ONLY=n CONFIG_BOOT_BOOTSTRAP=n -### Default to RSA -CONFIG_BOOT_SIGNATURE_TYPE_NONE=n -CONFIG_BOOT_SIGNATURE_TYPE_RSA=y -CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048 -CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n -CONFIG_BOOT_SIGNATURE_TYPE_ED25519=n - -### The bootloader generates its own signature verification based on a -### key file which needs to be provided and needs to match the selected signing -### algorithm (CONFIG_BOOT_SIGNATURE_TYPE_). -### The PEM files below are provided as examples. -CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" -#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-3072.pem" -#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem" -#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ed25519.pem" - ### mbedTLS has its own heap # CONFIG_HEAP_MEM_POOL_SIZE is not set From 32640591847ec648fb5b0cee85c9dc57db7cb3bf Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Tue, 6 Oct 2020 18:18:43 -0300 Subject: [PATCH 034/112] [nrf fromtree] bootutil: fix swap-move brick with padded image0 When the image in the primary slot is padded, the boot source is considered the primary slot; this results in skipping the typical initialization of the trailer, which ends up bricking the device. As it is fine to always initialize the trailer in the primary slot when starting a new upgrade the extra check was removed. Signed-off-by: Fabio Utzig Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 969431d93487aa7441665b6b4378f52b8242f4ca) --- boot/bootutil/src/swap_move.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index d258e241a..7ecd97784 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -329,13 +329,11 @@ boot_move_sector_up(int idx, uint32_t sz, struct boot_loader_state *state, old_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx - 1); if (bs->idx == BOOT_STATUS_IDX_0) { - if (bs->source != BOOT_STATUS_SOURCE_PRIMARY_SLOT) { - rc = swap_erase_trailer_sectors(state, fap_pri); - assert(rc == 0); + rc = swap_erase_trailer_sectors(state, fap_pri); + assert(rc == 0); - rc = swap_status_init(state, fap_pri, bs); - assert(rc == 0); - } + rc = swap_status_init(state, fap_pri, bs); + assert(rc == 0); rc = swap_erase_trailer_sectors(state, fap_sec); assert(rc == 0); From 931d96b455c536fbd33e50b27f89aa384b054590 Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Sun, 4 Oct 2020 10:36:02 -0300 Subject: [PATCH 035/112] [nrf fromtree] bootutil: fix boostrapping in swap-move Fix boostrapping in swap-move that was being skipped due to the having an erased header in the primary slot which caused an early return because of the requirement of having to re-read image headers when "moving" an image during an upgrade. Signed-off-by: Fabio Utzig Signed-off-by: Andrzej Puzdrowski (cherry picked from commit f07d302490ec1984c7b022c1111e2201cb3b2a9c) --- boot/bootutil/src/loader.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index d0d37ab14..8f2a65562 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -1601,7 +1601,14 @@ boot_prepare_image_for_update(struct boot_loader_state *state, * have been updated in the previous function call. */ rc = boot_read_image_headers(state, !boot_status_is_reset(bs), bs); +#ifdef MCUBOOT_BOOTSTRAP + /* When bootstrapping it's OK to not have image magic in the primary slot */ + if (rc != 0 && (BOOT_CURR_IMG(state) != BOOT_PRIMARY_SLOT || + boot_check_header_erased(state, BOOT_PRIMARY_SLOT) != 0)) { +#else if (rc != 0) { +#endif + /* Continue with next image if there is one. */ BOOT_LOG_WRN("Failed reading image headers; Image=%u", BOOT_CURR_IMG(state)); From 02833faca1a373767c67aed29df5eb9e0cfbc9fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Wed, 3 Jun 2020 14:58:08 +0200 Subject: [PATCH 036/112] [nrf fromlist] zephyr: update name of nrf5340 dk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR: https://github.com/JuulLabs-OSS/mcuboot/pull/846 This to correctly set the kconfig default value. Ref: NCSDK-5599 Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 92837bac5f675f6be21ff0f51ab30ef32c876963) --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 945122c94..2b14374ea 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -413,7 +413,7 @@ config BOOT_SERIAL_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS + default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS help Pin on the serial detect port which triggers serial recovery mode. From b03e43f31a96619287bbd0b43545152f17eab0b6 Mon Sep 17 00:00:00 2001 From: Bernt Johan Damslora Date: Fri, 20 Sep 2019 18:25:34 +0200 Subject: [PATCH 037/112] [nrf fromlist] zephyr: enable progressive erase on all nRF boards MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR: https://github.com/JuulLabs-OSS/mcuboot/pull/846 Enables BOOT_ERASE_PROGRESSIVELY for Nordic nRF boards. This fixes issue where mcumgr upload command would result in device being deleted, but no new image being uploaded due to timeout while waiting for erase operation. This avoids a delay of several seconds during firmware upload. Signed-off-by: Bernt Johan Damslora Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 2a0641984e89aced19110107185c538a3543f020) (cherry picked from commit e81a207f8b94b15c09a63e9e5ebf074d44315cb4) --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 2b14374ea..973d2730e 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -296,7 +296,7 @@ config BOOT_MAX_IMG_SECTORS config BOOT_ERASE_PROGRESSIVELY bool "Erase flash progressively when receiving new firmware" - default y if SOC_NRF52840 + default y if SOC_FAMILY_NRF help If enabled, flash is erased as necessary when receiving new firmware, instead of erasing the whole image slot at once. This is necessary From a8213955e7113e3dcc23f17318829dc6b695ce67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Thu, 8 Aug 2019 07:12:54 -0700 Subject: [PATCH 038/112] [nrf fromlist] doc: clean up multi-image documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/JuulLabs-OSS/mcuboot/pull/845 Signed-off-by: Martí Bolívar --- docs/design.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/design.md b/docs/design.md index 697243a89..01471d336 100644 --- a/docs/design.md +++ b/docs/design.md @@ -576,7 +576,7 @@ following section. The multiple image boot procedure is organized in loops which iterate over all the firmware images. The high-level overview of the boot process is presented below. -+ ###### Loop 1. Iterate over all images ++ Loop 1. Iterate over all images 1. Inspect swap status region of current image; is an interrupted swap being resumed? + Yes: @@ -604,7 +604,7 @@ process is presented below. + Mark the swap type as `None`. + Skip to next image. -+ ###### Loop 2. Iterate over all images ++ Loop 2. Iterate over all images 1. Does the current image depend on other image(s)? + Yes: Are all the image dependencies satisfied? + Yes: Skip to next image. @@ -613,7 +613,7 @@ process is presented below. + Restart dependency check from the first image. + No: Skip to next image. -+ ###### Loop 3. Iterate over all images ++ Loop 3. Iterate over all images 1. Is an image swap requested? + Yes: + Perform image update operation. @@ -621,7 +621,7 @@ process is presented below. + Skip to next image. + No: Skip to next image. -+ ###### Loop 4. Iterate over all images ++ Loop 4. Iterate over all images 1. Validate image in the primary slot (integrity and security check) or at least do a basic sanity check to avoid booting into an empty flash area. From 85645596570de42cda3cfd60a0cc5d02813947af Mon Sep 17 00:00:00 2001 From: Fabio Utzig Date: Sun, 4 Oct 2020 10:16:24 -0300 Subject: [PATCH 039/112] [nrf fromlist] bootutil: copy image size with fast overwrite Previously when `MCUBOOT_OVERWRITE_ONLY_FAST` was set, the whole amount of sectors that stored an image were being copied. After this commit only the exact amount of data used by the image is copied; this avoids copying some 0xff (or garbage) data between the end of the image and the end of the last sector storing it. Extra trailer management was added which suits using the copy upgrade routine also for bootstrapping. Signed-off-by: Fabio Utzig Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 2cb130637b5d94934023a1b4758b0e59794c4b74) --- boot/bootutil/src/loader.c | 39 +++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 8f2a65562..b0fedc22e 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -961,6 +961,13 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) const struct flash_area *fap_secondary_slot; uint8_t image_index; +#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) + uint32_t sector; + uint32_t trailer_sz; + uint32_t off; + uint32_t sz; +#endif + (void)bs; #if defined(MCUBOOT_OVERWRITE_ONLY_FAST) @@ -988,15 +995,31 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) rc = boot_erase_region(fap_primary_slot, size, this_size); assert(rc == 0); - size += this_size; - #if defined(MCUBOOT_OVERWRITE_ONLY_FAST) - if (size >= src_size) { + if ((size + this_size) >= src_size) { + size += src_size - size; + size += BOOT_WRITE_SZ(state) - (size % BOOT_WRITE_SZ(state)); break; } #endif + + size += this_size; } +#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) + trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); + sector = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1; + sz = 0; + do { + sz += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, sector); + off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, sector); + sector--; + } while (sz < trailer_sz); + + rc = boot_erase_region(fap_primary_slot, off, sz); + assert(rc == 0); +#endif + #ifdef MCUBOOT_ENC_IMAGES if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SECONDARY_SLOT))) { rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, @@ -1015,6 +1038,16 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) BOOT_LOG_INF("Copying the secondary slot to the primary slot: 0x%zx bytes", size); rc = boot_copy_region(state, fap_secondary_slot, fap_primary_slot, 0, 0, size); + if (rc != 0) { + return rc; + } + +#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) + rc = boot_write_magic(fap_primary_slot); + if (rc != 0) { + return rc; + } +#endif #ifdef MCUBOOT_HW_ROLLBACK_PROT /* Update the stored security counter with the new image's security counter From e9d64d45865fdd4943a01f55c5096643c399d52a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Fri, 24 Apr 2020 16:43:54 -0700 Subject: [PATCH 040/112] [nrf temphack] Kconfig: add accessor for flash write block size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is necessary to keep the NCS build system able to access this value, which it needs to do since it calls imgtool manually, but cannot access DT values via Kconfig by default anymore following the removal of devicetree.conf. Signed-off-by: Martí Bolívar Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen (cherry picked from commit 7dfa63abb12fdf1bd38c9274cda1eef54fc489b5) --- zephyr/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/zephyr/Kconfig b/zephyr/Kconfig index ffca48313..80ecad9cf 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -23,6 +23,16 @@ config MCUBOOT_IMAGE_VERSION valuable for debugging purposes. Format: maj.min.rev+build with latter parts optional. +# HACK: NCS temphack to keep our imgtool integration working now that +# there is no CONFIG_DT_* CMake namespace anymore. Use Zephyr +# kconfigfunctions to thread the flash write block size through +# Kconfig so it can be accessed from CMake. Needs a better solution. +DT_ZEPHYR_FLASH := zephyr,flash +DT_CHOSEN_ZEPHYR_FLASH := $(dt_chosen_path,$(DT_ZEPHYR_FLASH)) +config MCUBOOT_FLASH_WRITE_BLOCK_SIZE + int + default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) + endif # BOOTLOADER_MCUBOOT config DT_FLASH_WRITE_BLOCK_SIZE From a8cc9879747019ba0459b900920296365abae4b1 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 27 Feb 2020 12:48:56 +0100 Subject: [PATCH 041/112] [nrf temphack] do_boot: clean peripherals state before boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Øyvind Rønningstad Signed-off-by: Martí Bolívar (cherry picked from commit 664b8ad8b05e9fac567eafcf9fe617303fb6aed6) (cherry picked from commit a47b96262f1fd8401c0ec0d9d85460b1f53f005a) --- boot/zephyr/CMakeLists.txt | 6 ++++ boot/zephyr/Kconfig | 5 ++++ boot/zephyr/include/nrf_cleanup.h | 19 ++++++++++++ boot/zephyr/main.c | 9 +++++- boot/zephyr/nrf_cleanup.c | 49 +++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/include/nrf_cleanup.h create mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index f913c9b11..bd3621670 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -282,3 +282,9 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() + +if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/nrf_cleanup.c +) +endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 973d2730e..58e86149c 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -169,6 +169,11 @@ config MCUBOOT_CLEANUP_ARM_CORE depends on CPU_CORTEX_M default y +config MCUBOOT_NRF_CLEANUP_PERIPHERAL + bool "Perform peripheral cleanup before chain-load the application" + depends on SOC_FAMILY_NRF + default y + config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h new file mode 100644 index 000000000..2b175634e --- /dev/null +++ b/boot/zephyr/include/nrf_cleanup.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#ifndef H_NRF_CLEANUP_ +#define H_NRF_CLEANUP_ + +/** + * Perform cleanup on some peripheral resources used by MCUBoot prior chainload + * the application. + * + * This function disables all RTC instances and UARTE instances. + * It Disables their interrupts signals as well. + */ +void nrf_cleanup_peripheral(void); + +#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index bd8eac6bd..fa8e664dc 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -87,6 +87,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif + +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL +#include +#endif + #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -161,7 +166,9 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif - +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL + nrf_cleanup_peripheral(); +#endif #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ #endif diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c new file mode 100644 index 000000000..2f7cf2d68 --- /dev/null +++ b/boot/zephyr/nrf_cleanup.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#include +#if defined(NRF_UARTE0) || defined(NRF_UARTE1) + #include +#endif +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) + #include +#endif + +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) +static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) +{ + nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); + nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); + nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); +} +#endif + +static void nrf_cleanup_clock(void) +{ + nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); +} + +void nrf_cleanup_peripheral(void) +{ +#if defined(NRF_RTC0) + nrf_cleanup_rtc(NRF_RTC0); +#endif +#if defined(NRF_RTC1) + nrf_cleanup_rtc(NRF_RTC1); +#endif +#if defined(NRF_RTC2) + nrf_cleanup_rtc(NRF_RTC2); +#endif +#if defined(NRF_UARTE0) + nrf_uarte_disable(NRF_UARTE0); + nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); +#endif +#if defined(NRF_UARTE1) + nrf_uarte_disable(NRF_UARTE1); + nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); +#endif + nrf_cleanup_clock(); +} From 4c5ff85bbd6f218147cc4f29641e88957ad09a64 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 28 May 2020 01:18:16 +0200 Subject: [PATCH 042/112] [nrf temphack] boot: bootutil: Word align read buffer in loader This ensures that MCUBoot read buffers are word aligned Since other flash drivers does not handle unaligned access yet, we have to ensure that the read buffers are word aligned. We'll at most throw away 6 bytes so I think it should be okei. NCSDK-5537 Signed-off-by: Sigvart Hovland (cherry picked from commit 764ce6538b211a7c977b8f375e9137ce267e1e58) --- boot/bootutil/src/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index b0fedc22e..710c6337a 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -73,7 +73,7 @@ static struct boot_loader_state boot_data; * to just make those variables stack allocated. */ #if !defined(__BOOTSIM__) -#define TARGET_STATIC static +#define TARGET_STATIC __aligned(4) static #else #define TARGET_STATIC #endif From ac052356a507e309d9da7246f3c16dde4d46aea3 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Fri, 16 Oct 2020 13:29:31 +0200 Subject: [PATCH 043/112] [nrf temphack] Kconfig: select 8-bits flash access for recovery mode Serial recovery protocol doesn't care about writing data in block of multiples flash write-block-sizes. Therefore the last payload block which might be not aligned which imposes the flash write alignment error. This patch select 8-bits access emulation which solves the issue. Signed-off-by: Andrzej Puzdrowski (cherry picked from commit c74627b65540fdb4105216361688199b6eceff4d) --- boot/zephyr/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 58e86149c..f283e67d6 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -376,6 +376,7 @@ menuconfig MCUBOOT_SERIAL select UART_INTERRUPT_DRIVEN select BASE64 select TINYCBOR + select SOC_FLASH_NRF_EMULATE_ONE_BYTE_WRITE_ACCESS if SOC_FLASH_NRF help If y, enables a serial-port based update mode. This allows MCUboot itself to load update images into flash over a UART. From 9680f019b3bfe5cc70b5b844c42e984ab31d9e67 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:15:23 +0100 Subject: [PATCH 044/112] Revert "[nrf fromlist] bootutil: copy image size with fast overwrite" This reverts commit 85645596570de42cda3cfd60a0cc5d02813947af. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 39 +++----------------------------------- 1 file changed, 3 insertions(+), 36 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 710c6337a..3ac9b236d 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -961,13 +961,6 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) const struct flash_area *fap_secondary_slot; uint8_t image_index; -#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) - uint32_t sector; - uint32_t trailer_sz; - uint32_t off; - uint32_t sz; -#endif - (void)bs; #if defined(MCUBOOT_OVERWRITE_ONLY_FAST) @@ -995,31 +988,15 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) rc = boot_erase_region(fap_primary_slot, size, this_size); assert(rc == 0); + size += this_size; + #if defined(MCUBOOT_OVERWRITE_ONLY_FAST) - if ((size + this_size) >= src_size) { - size += src_size - size; - size += BOOT_WRITE_SZ(state) - (size % BOOT_WRITE_SZ(state)); + if (size >= src_size) { break; } #endif - - size += this_size; } -#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) - trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); - sector = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1; - sz = 0; - do { - sz += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, sector); - off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, sector); - sector--; - } while (sz < trailer_sz); - - rc = boot_erase_region(fap_primary_slot, off, sz); - assert(rc == 0); -#endif - #ifdef MCUBOOT_ENC_IMAGES if (IS_ENCRYPTED(boot_img_hdr(state, BOOT_SECONDARY_SLOT))) { rc = boot_enc_load(BOOT_CURR_ENC(state), image_index, @@ -1038,16 +1015,6 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) BOOT_LOG_INF("Copying the secondary slot to the primary slot: 0x%zx bytes", size); rc = boot_copy_region(state, fap_secondary_slot, fap_primary_slot, 0, 0, size); - if (rc != 0) { - return rc; - } - -#if defined(MCUBOOT_OVERWRITE_ONLY_FAST) - rc = boot_write_magic(fap_primary_slot); - if (rc != 0) { - return rc; - } -#endif #ifdef MCUBOOT_HW_ROLLBACK_PROT /* Update the stored security counter with the new image's security counter From f5f34394e644e84479bea0ae8eb21c36b36c51bc Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:15:42 +0100 Subject: [PATCH 045/112] Revert "[nrf fromlist] doc: clean up multi-image documentation" This reverts commit a8213955e7113e3dcc23f17318829dc6b695ce67. Signed-off-by: Ioannis Glaropoulos --- docs/design.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/design.md b/docs/design.md index 01471d336..697243a89 100644 --- a/docs/design.md +++ b/docs/design.md @@ -576,7 +576,7 @@ following section. The multiple image boot procedure is organized in loops which iterate over all the firmware images. The high-level overview of the boot process is presented below. -+ Loop 1. Iterate over all images ++ ###### Loop 1. Iterate over all images 1. Inspect swap status region of current image; is an interrupted swap being resumed? + Yes: @@ -604,7 +604,7 @@ process is presented below. + Mark the swap type as `None`. + Skip to next image. -+ Loop 2. Iterate over all images ++ ###### Loop 2. Iterate over all images 1. Does the current image depend on other image(s)? + Yes: Are all the image dependencies satisfied? + Yes: Skip to next image. @@ -613,7 +613,7 @@ process is presented below. + Restart dependency check from the first image. + No: Skip to next image. -+ Loop 3. Iterate over all images ++ ###### Loop 3. Iterate over all images 1. Is an image swap requested? + Yes: + Perform image update operation. @@ -621,7 +621,7 @@ process is presented below. + Skip to next image. + No: Skip to next image. -+ Loop 4. Iterate over all images ++ ###### Loop 4. Iterate over all images 1. Validate image in the primary slot (integrity and security check) or at least do a basic sanity check to avoid booting into an empty flash area. From d9a0c0fa638c3fbc4c5d66cf4efe537e61a38467 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:16:00 +0100 Subject: [PATCH 046/112] Revert "[nrf fromlist] zephyr: enable progressive erase on all nRF boards" This reverts commit b03e43f31a96619287bbd0b43545152f17eab0b6. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index f283e67d6..822a0b68d 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -301,7 +301,7 @@ config BOOT_MAX_IMG_SECTORS config BOOT_ERASE_PROGRESSIVELY bool "Erase flash progressively when receiving new firmware" - default y if SOC_FAMILY_NRF + default y if SOC_NRF52840 help If enabled, flash is erased as necessary when receiving new firmware, instead of erasing the whole image slot at once. This is necessary From 8c4b1d5ce20793cbb775a6ad1f1ec0f9314fffa3 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:16:17 +0100 Subject: [PATCH 047/112] Revert "[nrf fromlist] zephyr: update name of nrf5340 dk" This reverts commit 02833faca1a373767c67aed29df5eb9e0cfbc9fd. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 822a0b68d..16d25e23a 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -419,7 +419,7 @@ config BOOT_SERIAL_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS + default 23 if BOARD_NRF5340_DK_NRF5340_CPUAPP || BOARD_NRF5340_DK_NRF5340_CPUAPPNS help Pin on the serial detect port which triggers serial recovery mode. From 3cadeb90cd0cd7075893c9f9e6243b3787e0e896 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:16:32 +0100 Subject: [PATCH 048/112] Revert "[nrf fromtree] bootutil: fix boostrapping in swap-move" This reverts commit 931d96b455c536fbd33e50b27f89aa384b054590. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 3ac9b236d..0ba30dbca 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -1601,14 +1601,7 @@ boot_prepare_image_for_update(struct boot_loader_state *state, * have been updated in the previous function call. */ rc = boot_read_image_headers(state, !boot_status_is_reset(bs), bs); -#ifdef MCUBOOT_BOOTSTRAP - /* When bootstrapping it's OK to not have image magic in the primary slot */ - if (rc != 0 && (BOOT_CURR_IMG(state) != BOOT_PRIMARY_SLOT || - boot_check_header_erased(state, BOOT_PRIMARY_SLOT) != 0)) { -#else if (rc != 0) { -#endif - /* Continue with next image if there is one. */ BOOT_LOG_WRN("Failed reading image headers; Image=%u", BOOT_CURR_IMG(state)); From 9912d21b3c3de84f71842e40056616a23c73c77f Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:16:48 +0100 Subject: [PATCH 049/112] Revert "[nrf fromtree] bootutil: fix swap-move brick with padded image0" This reverts commit 32640591847ec648fb5b0cee85c9dc57db7cb3bf. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/swap_move.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index 7ecd97784..d258e241a 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -329,11 +329,13 @@ boot_move_sector_up(int idx, uint32_t sz, struct boot_loader_state *state, old_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx - 1); if (bs->idx == BOOT_STATUS_IDX_0) { - rc = swap_erase_trailer_sectors(state, fap_pri); - assert(rc == 0); + if (bs->source != BOOT_STATUS_SOURCE_PRIMARY_SLOT) { + rc = swap_erase_trailer_sectors(state, fap_pri); + assert(rc == 0); - rc = swap_status_init(state, fap_pri, bs); - assert(rc == 0); + rc = swap_status_init(state, fap_pri, bs); + assert(rc == 0); + } rc = swap_erase_trailer_sectors(state, fap_sec); assert(rc == 0); From ddcc4e12e0495ff11ada6533448f5869ef9bba9e Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:17:02 +0100 Subject: [PATCH 050/112] Revert "[nrf fromtree] doc: fix link to external page in PORTING" This reverts commit d0634dd15ca4541a93bc22d9e1aa0fad07e95bc0. Signed-off-by: Ioannis Glaropoulos --- docs/PORTING.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/PORTING.md b/docs/PORTING.md index 6bf091912..61a4f8d47 100644 --- a/docs/PORTING.md +++ b/docs/PORTING.md @@ -144,14 +144,15 @@ int flash_area_id_to_multi_image_slot(int image_index, int area_id); needs to provide this pair of function. To configure the what functions are called when allocating/deallocating -memory `mbed TLS` uses the following call: +memory `mbed TLS` uses the following call [^1]: ``` int mbedtls_platform_set_calloc_free (void *(*calloc_func)(size_t, size_t), void (*free_func)(void *)); ``` -For reference see [mbed TLS platform.h](https://tls.mbed.org/api/platform_8h.html). -If your system already provides functions with compatible signatures, those can -be used directly here, otherwise create new functions that glue to your -`calloc/free` implementations. +If your system already provides functions with compatible signatures, those +can be used directly here, otherwise create new functions that glue to +your `calloc/free` implementations. + +[^1]: ```https://tls.mbed.org/api/platform_8h.html``` From 4fb56e72cc3addf39cc844d80a7adfddf9ed7fa8 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:17:16 +0100 Subject: [PATCH 051/112] Revert "[nrf fromtree] boot: zephyr: Disable HW stack protection" This reverts commit 45a94cb234ec33a015677f106cbb937b6ff81569. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/prj.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 7fd49947e..b95f503ed 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -34,5 +34,3 @@ CONFIG_FPROTECT=y CONFIG_LOG=y ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 - -CONFIG_HW_STACK_PROTECTION=n From 9851136f3d28f59af7f00e1d7a91de36ac435b10 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:17:30 +0100 Subject: [PATCH 052/112] Revert "[nrf fromtree] boot: zephyr: reset SPLIM registers before boot" This reverts commit 54238adc9a5912ace04b35c8a642faa1e731fa74. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/main.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index fa8e664dc..94ba3dd02 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -173,15 +173,6 @@ static void do_boot(struct boot_rsp *rsp) cleanup_arm_nvic(); /* cleanup NVIC registers */ #endif -#if defined(CONFIG_BUILTIN_STACK_GUARD) && \ - defined(CONFIG_CPU_CORTEX_M_HAS_SPLIM) - /* Reset limit registers to avoid inflicting stack overflow on image - * being booted. - */ - __set_PSPLIM(0); - __set_MSPLIM(0); -#endif - #ifdef CONFIG_BOOT_INTR_VEC_RELOC #if defined(CONFIG_SW_VECTOR_RELAY) _vector_table_pointer = vt; From 8d0f628efc82010a99b575211275485b68b89ccb Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:17:42 +0100 Subject: [PATCH 053/112] Revert "[nrf fromtree] zephyr: Fix serial recovery compilation warnings" This reverts commit 74e2e0f30c4e48738dd5014bd88d31f90d00f9c5. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/main.c | 2 +- boot/zephyr/serial_adapter.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 94ba3dd02..91b12e021 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -350,7 +350,7 @@ void main(void) #ifdef CONFIG_MCUBOOT_SERIAL - struct device const *detect_port; + struct device *detect_port; uint32_t detect_value = !CONFIG_BOOT_SERIAL_DETECT_PIN_VAL; detect_port = device_get_binding(CONFIG_BOOT_SERIAL_DETECT_PORT); diff --git a/boot/zephyr/serial_adapter.c b/boot/zephyr/serial_adapter.c index 829752289..8787780e3 100644 --- a/boot/zephyr/serial_adapter.c +++ b/boot/zephyr/serial_adapter.c @@ -41,7 +41,7 @@ struct line_input { char line[CONFIG_BOOT_MAX_LINE_INPUT_LEN]; }; -static struct device const *uart_dev; +static struct device *uart_dev; static struct line_input line_bufs[2]; static sys_slist_t avail_queue; @@ -115,7 +115,7 @@ boot_console_init(void) } static void -boot_uart_fifo_callback(const struct device *dev, void *user_data) +boot_uart_fifo_callback(struct device *dev, void *user_data) { static struct line_input *cmd; uint8_t byte; From aada128809b9a155aa71c1b568df738cdef8e9fb Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Fri, 20 Nov 2020 13:26:58 +0100 Subject: [PATCH 054/112] Revert "[nrf fromtree] kconfig: zephyr: provide logic ..." This reverts commit 80eb85475da3d3a8408170523e7cb6d1063a9757. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 5 +---- boot/zephyr/prj.conf | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 16d25e23a..143f5a9cb 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -150,10 +150,7 @@ endchoice config BOOT_SIGNATURE_KEY_FILE string "PEM key file" - default "root-ec-p256.pem" if BOOT_SIGNATURE_TYPE_ECDSA_P256 - default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 - default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 - default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + default "root-rsa-2048.pem" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index b95f503ed..0f9d0e81d 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -14,6 +14,22 @@ CONFIG_BOOT_ENCRYPT_X25519=n CONFIG_BOOT_UPGRADE_ONLY=n CONFIG_BOOT_BOOTSTRAP=n +### Default to RSA +CONFIG_BOOT_SIGNATURE_TYPE_NONE=n +CONFIG_BOOT_SIGNATURE_TYPE_RSA=y +CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048 +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=n +CONFIG_BOOT_SIGNATURE_TYPE_ED25519=n + +### The bootloader generates its own signature verification based on a +### key file which needs to be provided and needs to match the selected signing +### algorithm (CONFIG_BOOT_SIGNATURE_TYPE_). +### The PEM files below are provided as examples. +CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" +#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-3072.pem" +#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem" +#CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ed25519.pem" + ### mbedTLS has its own heap # CONFIG_HEAP_MEM_POOL_SIZE is not set From ec663cc4002d1754d868eeb0207b22d3c269d79f Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:44:08 +0100 Subject: [PATCH 055/112] Revert "[nrf temphack] Kconfig: select 8-bits flash access for recovery mode" This reverts commit ac052356a507e309d9da7246f3c16dde4d46aea3. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 1 - 1 file changed, 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 143f5a9cb..b699260ea 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -373,7 +373,6 @@ menuconfig MCUBOOT_SERIAL select UART_INTERRUPT_DRIVEN select BASE64 select TINYCBOR - select SOC_FLASH_NRF_EMULATE_ONE_BYTE_WRITE_ACCESS if SOC_FLASH_NRF help If y, enables a serial-port based update mode. This allows MCUboot itself to load update images into flash over a UART. From 389b7f2b72fd3ee1904aaa34dd173fc19afb65c5 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:44:49 +0100 Subject: [PATCH 056/112] Revert "[nrf temphack] boot: bootutil: Word align read buffer in loader" This reverts commit 4c5ff85bbd6f218147cc4f29641e88957ad09a64. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 0ba30dbca..d0d37ab14 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -73,7 +73,7 @@ static struct boot_loader_state boot_data; * to just make those variables stack allocated. */ #if !defined(__BOOTSIM__) -#define TARGET_STATIC __aligned(4) static +#define TARGET_STATIC static #else #define TARGET_STATIC #endif From a85b621846d804a90d43ad01131287208b712736 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:45:16 +0100 Subject: [PATCH 057/112] Revert "[nrf temphack] do_boot: clean peripherals state before boot" This reverts commit a8cc9879747019ba0459b900920296365abae4b1. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/CMakeLists.txt | 6 ---- boot/zephyr/Kconfig | 5 ---- boot/zephyr/include/nrf_cleanup.h | 19 ------------ boot/zephyr/main.c | 9 +----- boot/zephyr/nrf_cleanup.c | 49 ------------------------------- 5 files changed, 1 insertion(+), 87 deletions(-) delete mode 100644 boot/zephyr/include/nrf_cleanup.h delete mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index bd3621670..f913c9b11 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -282,9 +282,3 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() - -if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/nrf_cleanup.c -) -endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index b699260ea..1293e59a8 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -166,11 +166,6 @@ config MCUBOOT_CLEANUP_ARM_CORE depends on CPU_CORTEX_M default y -config MCUBOOT_NRF_CLEANUP_PERIPHERAL - bool "Perform peripheral cleanup before chain-load the application" - depends on SOC_FAMILY_NRF - default y - config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h deleted file mode 100644 index 2b175634e..000000000 --- a/boot/zephyr/include/nrf_cleanup.h +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (c) 2020 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic - */ - -#ifndef H_NRF_CLEANUP_ -#define H_NRF_CLEANUP_ - -/** - * Perform cleanup on some peripheral resources used by MCUBoot prior chainload - * the application. - * - * This function disables all RTC instances and UARTE instances. - * It Disables their interrupts signals as well. - */ -void nrf_cleanup_peripheral(void); - -#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 91b12e021..ace84371d 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -87,11 +87,6 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif - -#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL -#include -#endif - #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -166,9 +161,7 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif -#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL - nrf_cleanup_peripheral(); -#endif + #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ #endif diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c deleted file mode 100644 index 2f7cf2d68..000000000 --- a/boot/zephyr/nrf_cleanup.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2020 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic - */ - -#include -#if defined(NRF_UARTE0) || defined(NRF_UARTE1) - #include -#endif -#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) - #include -#endif - -#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) -static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) -{ - nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); - nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); - nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); -} -#endif - -static void nrf_cleanup_clock(void) -{ - nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); -} - -void nrf_cleanup_peripheral(void) -{ -#if defined(NRF_RTC0) - nrf_cleanup_rtc(NRF_RTC0); -#endif -#if defined(NRF_RTC1) - nrf_cleanup_rtc(NRF_RTC1); -#endif -#if defined(NRF_RTC2) - nrf_cleanup_rtc(NRF_RTC2); -#endif -#if defined(NRF_UARTE0) - nrf_uarte_disable(NRF_UARTE0); - nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); -#endif -#if defined(NRF_UARTE1) - nrf_uarte_disable(NRF_UARTE1); - nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); -#endif - nrf_cleanup_clock(); -} From 9bbc222afa32c5d250e0b5436462c530a63976ac Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:45:55 +0100 Subject: [PATCH 058/112] Revert "[nrf noup] kconfig: enable external crypto config" This reverts commit 4d1b74b32f7f49692fc40132c7c5e84030ef6a85. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 1 + .../overlay-minimal-external-crypto.conf | 46 ------------------- 2 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 boot/zephyr/overlay-minimal-external-crypto.conf diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 1293e59a8..df2d0663d 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -125,6 +125,7 @@ config BOOT_CC310 config BOOT_NRF_EXTERNAL_CRYPTO bool "Use Shared Crypto from bootloader" select BOOT_USE_NRF_EXTERNAL_CRYPTO + depends on SECURE_BOOT_CRYPTO_CLIENT endchoice endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 diff --git a/boot/zephyr/overlay-minimal-external-crypto.conf b/boot/zephyr/overlay-minimal-external-crypto.conf deleted file mode 100644 index a4bc98bf5..000000000 --- a/boot/zephyr/overlay-minimal-external-crypto.conf +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) 2020 Nordic Semiconductor ASA -# -# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic -# - -# These configurations should be used when using nrf/samples/bootloader -# as the immutable bootloader (B0), and MCUBoot as the second stage updateable -# bootloader. With this configuration, MCUBoot will re-use the crypto -# functionality from B0, and fit within 16kB. - -CONFIG_NCS_SAMPLES_DEFAULTS=n -CONFIG_LOG=n -CONFIG_BOOT_BANNER=n -CONFIG_PRINTK=n -CONFIG_CONSOLE=n -CONFIG_UART_CONSOLE=n -CONFIG_SERIAL=n -CONFIG_SECURE_BOOT_DEBUG=n -CONFIG_ASSERT=n -CONFIG_RESET_ON_FATAL_ERROR=n -CONFIG_REBOOT=n -CONFIG_GPIO=n -CONFIG_CLOCK_CONTROL=n -CONFIG_MINIMAL_LIBC_MALLOC=n -CONFIG_MINIMAL_LIBC_CALLOC=n -CONFIG_MINIMAL_LIBC_REALLOCARRAY=n -CONFIG_SIZE_OPTIMIZATIONS=y -CONFIG_NO_RUNTIME_CHECKS=y -CONFIG_CONSOLE_HANDLER=n -CONFIG_NRF_RTC_TIMER=n -CONFIG_SYS_CLOCK_EXISTS=n - -# Set ECDSA as signing mechanism -CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y - -# Use crypto backend from B0 -CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y -CONFIG_SECURE_BOOT_CRYPTO=y -CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y -CONFIG_SB_CRYPTO_CLIENT_SHA256=y -CONFIG_BL_SHA256_EXT_API_REQUIRED=y -CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y - -# Set 16kB as flash size -CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x3e00 From e991409dc312a176a98a3c75f639c0090dfc9fba Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:46:18 +0100 Subject: [PATCH 059/112] Revert "[nrf noup] kconfig: use cc310 for ecdsa by default" This reverts commit 1788ad7a9894780bf27c68d98aa87e833f170c7d. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index df2d0663d..53e7c4958 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -58,7 +58,7 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - select NRF_CC310_BL + default n config BOOT_USE_NRF_EXTERNAL_CRYPTO bool @@ -83,7 +83,6 @@ config SINGLE_IMAGE_DFU choice prompt "Signature type" - default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From fb00c70a47b4428d460b48a0f74e2194625ab861 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:46:40 +0100 Subject: [PATCH 060/112] Revert "[nrf noup] boot: zephyr: nrf53 network core bootloader implementation" This reverts commit f35f763bbe7e698b3c275c548faae3537061e9c7. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 82 ++++++++++++-------------------------- boot/zephyr/main.c | 7 ---- 2 files changed, 25 insertions(+), 64 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index d0d37ab14..50e6b0575 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,10 +45,6 @@ #include "bootutil/security_cnt.h" #include "bootutil/boot_record.h" -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -725,15 +721,7 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; int rc; - bool upgrade_valid = false; - -#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; - uint32_t vtable_addr = 0; - uint32_t *vtable = 0; - uint32_t reset_addr = 0; +#ifdef PM_S1_ADDRESS /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -741,30 +729,33 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - vtable = (uint32_t *)(vtable_addr); - reset_addr = vtable[1]; -#ifdef PM_S1_ADDRESS - const struct flash_area *primary_fa; - rc = flash_area_open(flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } -#endif /* PM_S1_ADDRESS */ + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } } -#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -776,30 +767,7 @@ boot_validated_swap_type(struct boot_loader_state *state, swap_type = BOOT_SWAP_TYPE_NONE; } else if (rc != 0) { swap_type = BOOT_SWAP_TYPE_FAIL; - } else if (rc == 0) { - upgrade_valid = true; - } - -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - /* If the update is valid, and it targets the network core: perform the - * update and indicate to the caller of this function that no update is - * available - */ - if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { - uint32_t fw_size = hdr->ih_img_size; - - BOOT_LOG_INF("Starting network core update"); - rc = pcd_network_core_update(vtable, fw_size); - if (rc != 0) { - swap_type = BOOT_SWAP_TYPE_FAIL; - } else { - BOOT_LOG_INF("Done updating network core"); - rc = swap_erase_trailer_sectors(state, - secondary_fa); - swap_type = BOOT_SWAP_TYPE_NONE; - } } -#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index ace84371d..6c9797b1a 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -53,10 +53,6 @@ const struct boot_uart_funcs boot_funcs = { #include #endif -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) #ifdef CONFIG_LOG_PROCESS_THREAD #warning "The log internal thread for log processing can't transfer the log"\ @@ -423,9 +419,6 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - pcd_lock_ram(); -#endif ZEPHYR_BOOT_LOG_STOP(); From 7aa2990bbc6b229dc6129a4d73d0afd38a39380f Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:47:33 +0100 Subject: [PATCH 061/112] Revert "[nrf temphack] Kconfig: add accessor for flash write block size" This reverts commit e9d64d45865fdd4943a01f55c5096643c399d52a. Signed-off-by: Ioannis Glaropoulos --- zephyr/Kconfig | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/zephyr/Kconfig b/zephyr/Kconfig index 80ecad9cf..ffca48313 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -23,16 +23,6 @@ config MCUBOOT_IMAGE_VERSION valuable for debugging purposes. Format: maj.min.rev+build with latter parts optional. -# HACK: NCS temphack to keep our imgtool integration working now that -# there is no CONFIG_DT_* CMake namespace anymore. Use Zephyr -# kconfigfunctions to thread the flash write block size through -# Kconfig so it can be accessed from CMake. Needs a better solution. -DT_ZEPHYR_FLASH := zephyr,flash -DT_CHOSEN_ZEPHYR_FLASH := $(dt_chosen_path,$(DT_ZEPHYR_FLASH)) -config MCUBOOT_FLASH_WRITE_BLOCK_SIZE - int - default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) - endif # BOOTLOADER_MCUBOOT config DT_FLASH_WRITE_BLOCK_SIZE From d5445355632ca8357ef192100d50b2222c326791 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:48:17 +0100 Subject: [PATCH 062/112] Revert "[nrf noup] zephyr: lock mcuboot using fprotect before jumping" This reverts commit 59e02e27dafd41456c54bf45d0b2d95ab15b6e0f. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/main.c | 28 ---------------------------- boot/zephyr/pm.yml | 4 +--- boot/zephyr/prj.conf | 1 - 3 files changed, 1 insertion(+), 32 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 6c9797b1a..9657c5ed2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -78,11 +78,6 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #define ZEPHYR_BOOT_LOG_STOP() do { } while (false) #endif /* defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) */ -#if USE_PARTITION_MANAGER && CONFIG_FPROTECT -#include -#include - -#endif #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -398,30 +393,7 @@ void main(void) rsp.br_image_off); BOOT_LOG_INF("Jumping to the first image slot"); - -#if USE_PARTITION_MANAGER && CONFIG_FPROTECT - -#ifdef PM_S1_ADDRESS -/* MCUBoot is stored in either S0 or S1, protect both */ -#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) -#define PROTECT_ADDR PM_S0_ADDRESS -#else -/* There is only one instance of MCUBoot */ -#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) -#define PROTECT_ADDR PM_MCUBOOT_ADDRESS -#endif - - rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); - - if (rc != 0) { - BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); - while (1) - ; - } -#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ - ZEPHYR_BOOT_LOG_STOP(); - do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 9f99a0e58..cb774f7ea 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -35,6 +35,4 @@ mcuboot_pad: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] -#ifdef CONFIG_FPROTECT - align: {start: CONFIG_FPROTECT_BLOCK_SIZE} -#endif + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 0f9d0e81d..17826db08 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -40,7 +40,6 @@ CONFIG_BOOT_SIGNATURE_KEY_FILE="root-rsa-2048.pem" # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y -CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set From 449c2969aed125dbaca6c05ae300c9841a8b9d34 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:49:02 +0100 Subject: [PATCH 063/112] Revert "[nrf noup] treewide: add NCS partition manager support" This reverts commit 04514d6a2236050ac8abd89d72f59dd175a0265e. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 67 ++----------------------- boot/bootutil/src/swap_move.c | 13 ----- boot/bootutil/src/swap_scratch.c | 13 ----- boot/zephyr/CMakeLists.txt | 7 --- boot/zephyr/Kconfig | 14 +----- boot/zephyr/include/sysflash/sysflash.h | 47 ----------------- boot/zephyr/include/target.h | 4 -- boot/zephyr/pm.yml | 38 -------------- zephyr/CMakeLists.txt | 1 - zephyr/Kconfig | 32 ------------ 10 files changed, 6 insertions(+), 230 deletions(-) delete mode 100644 boot/zephyr/pm.yml delete mode 100644 zephyr/CMakeLists.txt delete mode 100644 zephyr/Kconfig diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 50e6b0575..c98b84180 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -90,15 +90,6 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. The primary slot of the second image - * (image 1) will not contain a valid image header until an upgrade - * of mcuboot has happened (filling S1 with the new version). - */ - if (BOOT_CURR_IMG(state) == 1 && i == 0) { - continue; - } -#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -721,41 +712,6 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; int rc; -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other - * B1 slot S0 or S1) share the same secondary slot, we need to check - * whether the update candidate in the secondary slot is intended for - * image 0 or image 1 primary by looking at the address of the reset - * vector. Note that there are good reasons for not using img_num from - * the swap info. - */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; - - if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } - } -#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -1824,24 +1780,11 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. If secure boot is enabled, then mcuboot - * will be stored in either partition S0 or S1. Image 1 primary - * will point to the 'other' Sx partition. Hence, image 1 primary - * does not contain a valid image until mcuboot has been upgraded. - * Note that B0 will perform validation of the active mcuboot image, - * so there is no security lost by skipping this check for image 1 - * primary. - */ - if (BOOT_CURR_IMG(state) == 0) -#endif - { - rc = boot_validate_slot(state, BOOT_PRIMARY_SLOT, NULL); - if (rc != 0) { - rc = BOOT_EBADIMAGE; - goto out; - } - } + rc = boot_validate_slot(state, BOOT_PRIMARY_SLOT, NULL); + if (rc != 0) { + rc = BOOT_EBADIMAGE; + goto out; + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index d258e241a..90bf9d1fd 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -212,18 +212,6 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. In this case, image 1 primary points to the other - * B1 slot (ie S0 or S1), and image 0 primary points to the app. - * With this configuration, image 0 and image 1 share the secondary slot. - * Hence, the primary slot of image 1 will be *smaller* than image 1's - * secondary slot. This is not allowed in upstream mcuboot, so we need - * this patch to allow it. Also, all of these checks are redundant when - * partition manager is in use, and since we have the same sector size - * in all of our flash. - */ - return 1; -#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -260,7 +248,6 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; -#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index 190bc04e7..e60d93dff 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -176,18 +176,6 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. In this case, image 1 primary points to the other - * B1 slot (ie S0 or S1), and image 0 primary points to the app. - * With this configuration, image 0 and image 1 share the secondary slot. - * Hence, the primary slot of image 1 will be *smaller* than image 1's - * secondary slot. This is not allowed in upstream mcuboot, so we need - * this patch to allow it. Also, all of these checks are redundant when - * partition manager is in use, and since we have the same sector size - * in all of our flash. - */ - return 1; -#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -273,7 +261,6 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; -#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index f913c9b11..e3eaf51b0 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -255,13 +255,6 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") - set_property( - GLOBAL - PROPERTY - KEY_FILE - ${KEY_FILE} - ) - set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 53e7c4958..36d92ea44 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -15,18 +15,6 @@ config MCUBOOT select MPU_ALLOW_FLASH_WRITE if ARM_MPU select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET -partition=MCUBOOT -partition-size=0xc000 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -partition=MCUBOOT_SCRATCH -partition-size=0x1e000 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -partition=MCUBOOT_PAD -partition-size=0x200 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - config BOOT_USE_MBEDTLS bool # Hidden option @@ -150,7 +138,7 @@ endchoice config BOOT_SIGNATURE_KEY_FILE string "PEM key file" - default "root-rsa-2048.pem" + default "" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 3b479b3c3..f651779ad 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,51 +3,6 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ -#if USE_PARTITION_MANAGER -#include -#include - -#ifndef CONFIG_SINGLE_IMAGE_DFU - -#if (MCUBOOT_IMAGE_NUMBER == 1) - -#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID -#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID - -#elif (MCUBOOT_IMAGE_NUMBER == 2) - -extern uint32_t _image_1_primary_slot_id[]; - -#define FLASH_AREA_IMAGE_PRIMARY(x) \ - ((x == 0) ? \ - PM_MCUBOOT_PRIMARY_ID : \ - (x == 1) ? \ - (uint32_t)_image_1_primary_slot_id : \ - 255 ) - -#define FLASH_AREA_IMAGE_SECONDARY(x) \ - ((x == 0) ? \ - PM_MCUBOOT_SECONDARY_ID: \ - (x == 1) ? \ - PM_MCUBOOT_SECONDARY_ID: \ - 255 ) -#endif -#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID - -#else /* CONFIG_SINGLE_IMAGE_DFU */ - -#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID -#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID -/* NOTE: Scratch parition is not used by single image DFU but some of - * functions in common files reference it, so the definitions has been - * provided to allow compilation of common units. - */ -#define FLASH_AREA_IMAGE_SCRATCH 0 - -#endif /* CONFIG_SINGLE_IMAGE_DFU */ - -#else - #include #include @@ -100,6 +55,4 @@ extern uint32_t _image_1_primary_slot_id[]; #endif /* CONFIG_SINGLE_IMAGE_DFU */ -#endif /* USE_PARTITION_MANAGER */ - #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 8ed8682dc..d585b9c58 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,8 +8,6 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ -#ifndef USE_PARTITION_MANAGER - #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -49,6 +47,4 @@ #error "Target support is incomplete; cannot build mcuboot." #endif -#endif /* ifndef USE_PARTITION_MANAGER */ - #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml deleted file mode 100644 index cb774f7ea..000000000 --- a/boot/zephyr/pm.yml +++ /dev/null @@ -1,38 +0,0 @@ -#include -#include - -mcuboot: - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT - placement: - before: [mcuboot_primary] - -mcuboot_primary_app: - # All images to be placed in MCUboot's slot 0 should be placed in this - # partition - span: [app] - -mcuboot_primary: - span: [mcuboot_pad, mcuboot_primary_app] - -mcuboot_secondary: - share_size: [mcuboot_primary] - placement: - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} - after: mcuboot_primary - -#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) -mcuboot_scratch: - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH - placement: - after: app - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} -#endif - -# Padding placed before image to boot -mcuboot_pad: - # MCUboot pad must be placed before the 'spm' partition if that is present. - # If 'spm' partition is not present, it must be placed before the 'app'. - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD - placement: - before: [mcuboot_primary_app] - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt deleted file mode 100644 index 683bcf226..000000000 --- a/zephyr/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -include(${ZEPHYR_NRF_MODULE_DIR}/cmake/mcuboot.cmake) diff --git a/zephyr/Kconfig b/zephyr/Kconfig deleted file mode 100644 index ffca48313..000000000 --- a/zephyr/Kconfig +++ /dev/null @@ -1,32 +0,0 @@ -menu "MCUboot" - -if BOOTLOADER_MCUBOOT - -config MCUBOOT_CMAKELISTS_DIR - string "Path to the directory of the MCUBoot CMakeLists.txt file" - default "$MCUBOOT_BASE/boot/zephyr/" - - -# The name of this configuration needs to match the requirements set by the -# script `partition_manager.py`. See `pm.yml` in the application directory -# of MCUBoot. -module=MCUBOOT -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.build_strategy" - -config MCUBOOT_IMAGE_VERSION - string "Image version" - default "0.0.0+0" - help - Value to be passed as 'version' argument to 'imgtool.py' when - creating signed image. Note that no semantics are connected to - this variable. It does not provide downgrade prevention, and is only - valuable for debugging purposes. Format: maj.min.rev+build with - latter parts optional. - -endif # BOOTLOADER_MCUBOOT - -config DT_FLASH_WRITE_BLOCK_SIZE - int - default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) - -endmenu From f8d1c8473ecd62c1a7a1f698e8da4b1ce4e401c8 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:49:20 +0100 Subject: [PATCH 064/112] Revert "[nrf noup] boot: bootutil: Add shared crypto functions for ECDSA" This reverts commit 68f2bcc798113500cf4abf50af6e6def60ba384a. Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/include/bootutil/sha256.h | 28 ---------- boot/bootutil/src/image_ec256.c | 52 ------------------- boot/zephyr/CMakeLists.txt | 2 - boot/zephyr/Kconfig | 23 +------- .../include/mcuboot_config/mcuboot_config.h | 5 +- 5 files changed, 5 insertions(+), 105 deletions(-) diff --git a/boot/bootutil/include/bootutil/sha256.h b/boot/bootutil/include/bootutil/sha256.h index 7b9907efb..f34d2b7a3 100644 --- a/boot/bootutil/include/bootutil/sha256.h +++ b/boot/bootutil/include/bootutil/sha256.h @@ -21,7 +21,6 @@ #if (defined(MCUBOOT_USE_MBED_TLS) + \ defined(MCUBOOT_USE_TINYCRYPT) + \ - defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_CC310)) != 1 #error "One crypto backend must be defined either CC310, MBED_TLS or TINYCRYPT" #endif @@ -38,10 +37,6 @@ #include #endif /* MCUBOOT_USE_CC310 */ -#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO - #include -#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ - #include #ifdef __cplusplus @@ -112,29 +107,6 @@ static inline void bootutil_sha256_finish(bootutil_sha256_context *ctx, } #endif /* MCUBOOT_USE_CC310 */ -#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO -typedef bl_sha256_ctx_t bootutil_sha256_context; - -static inline void bootutil_sha256_init(bootutil_sha256_context *ctx) -{ - bl_sha256_init(ctx); -} - -static inline void bootutil_sha256_update(bootutil_sha256_context *ctx, - const void * data, - uint32_t data_len) -{ - bl_sha256_update(ctx, data, data_len); - -} - -static inline void bootutil_sha256_finish(bootutil_sha256_context *ctx, - uint8_t * output) -{ - bl_sha256_finalize(ctx, output); -} -#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ - #ifdef __cplusplus } #endif diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c index 3e55af42d..84ece6a64 100644 --- a/boot/bootutil/src/image_ec256.c +++ b/boot/bootutil/src/image_ec256.c @@ -41,11 +41,6 @@ #include "cc310_glue.h" #define NUM_ECC_BYTES (4*8) #endif -#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO -#include "bl_crypto.h" -#define NUM_ECC_BYTES (4*8) -#endif - #include "bootutil_priv.h" /* @@ -195,7 +190,6 @@ bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen, } } #endif /* MCUBOOT_USE_TINYCRYPT */ - #ifdef MCUBOOT_USE_CC310 int bootutil_verify_sig(uint8_t *hash, @@ -240,50 +234,4 @@ bootutil_verify_sig(uint8_t *hash, return rc; } #endif /* MCUBOOT_USE_CC310 */ - -#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO -int -bootutil_verify_sig(uint8_t *hash, - uint32_t hlen, - uint8_t *sig, - size_t slen, - uint8_t key_id) -{ - int rc; - uint8_t *pubkey; - uint8_t *end; - uint8_t signature[2 * NUM_ECC_BYTES]; - - pubkey = (uint8_t *)bootutil_keys[key_id].key; - end = pubkey + *bootutil_keys[key_id].len; - - rc = bootutil_import_key(&pubkey, end); - if (rc) { - return -1; - } - - /* Decode signature */ - rc = bootutil_decode_sig(signature, sig, sig + slen); - if (rc) { - return -1; - } - - /* - * This is simplified, as the hash length is also 32 bytes. - */ - if (hlen != NUM_ECC_BYTES) { - return -1; - } - - /* Initialize and verify in one go */ - rc = bl_secp256r1_validate(hash, hlen, pubkey, signature); - - if(rc != 0 /*CRYS_OK*/){ - return -2; - } - - return rc; -} -#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ - #endif /* MCUBOOT_SIGN_EC256 */ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index e3eaf51b0..01d31ab4f 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -142,8 +142,6 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256) zephyr_library_sources(${NRF_DIR}/cc310_glue.c) zephyr_library_include_directories(${NRF_DIR}) zephyr_link_libraries(nrfxlib_crypto) - elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) - zephyr_include_directories(${BL_CRYPTO_DIR}/../include) endif() # Since here we are not using Zephyr's mbedTLS but rather our own, we need diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 36d92ea44..32c77f9e0 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,17 +48,6 @@ config BOOT_USE_NRF_CC310_BL bool default n -config BOOT_USE_NRF_EXTERNAL_CRYPTO - bool - # Hidden option - default n - # When building for ECDSA, we use our own copy of mbedTLS, so the - # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros - # will collide. - depends on ! MBEDTLS - help - Use Shared crypto for crypto primitives. - menu "MCUBoot settings" config SINGLE_IMAGE_DFU @@ -95,27 +84,19 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" - default BOOT_NRF_EXTERNAL_CRYPTO if SECURE_BOOT default BOOT_CC310 if HAS_HW_NRF_CC310 default BOOT_TINYCRYPT - config BOOT_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT - config BOOT_CC310 bool "Use CC310" select BOOT_USE_NRF_CC310_BL if HAS_HW_NRF_CC310 + select NRF_CC310_BL if HAS_HW_NRF_CC310 select NRFXLIB_CRYPTO if SOC_FAMILY_NRF select BOOT_USE_CC310 - -config BOOT_NRF_EXTERNAL_CRYPTO - bool "Use Shared Crypto from bootloader" - select BOOT_USE_NRF_EXTERNAL_CRYPTO - depends on SECURE_BOOT_CRYPTO_CLIENT - endchoice -endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 +endif config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 220a02f71..530e8dc33 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -40,8 +40,9 @@ #define MCUBOOT_USE_TINYCRYPT #elif defined(CONFIG_BOOT_USE_CC310) #define MCUBOOT_USE_CC310 -#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) -#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +#ifdef CONFIG_BOOT_USE_NRF_CC310_BL +#define MCUBOOT_USE_NRF_CC310_BL +#endif #endif #ifdef CONFIG_BOOT_HW_KEY From c7ee647f7f9412ebb3a6c4608c50b73a41fb3a47 Mon Sep 17 00:00:00 2001 From: Ioannis Glaropoulos Date: Mon, 23 Nov 2020 18:49:42 +0100 Subject: [PATCH 065/112] Revert "[nrf noup] zephyr: Remove duplication from Kconfig and cmake" This reverts commit 45f0833a8dee3549ef661137dd03e54d180ae8d8. Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/CMakeLists.txt | 2 ++ boot/zephyr/Kconfig | 13 ++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 01d31ab4f..b660bc74c 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -64,6 +64,8 @@ set(NRF_DIR "${MCUBOOT_DIR}/ext/nrf") if(CONFIG_BOOT_USE_NRF_CC310_BL) set(NRFXLIB_DIR ${ZEPHYR_BASE}/../nrfxlib) assert_exists(NRFXLIB_DIR) +# Don't include this if we are using west + add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) endif() zephyr_library_include_directories( diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 32c77f9e0..2e416b849 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,6 +48,14 @@ config BOOT_USE_NRF_CC310_BL bool default n +config NRFXLIB_CRYPTO + bool + default n + +config NRF_CC310_BL + bool + default n + menu "MCUBoot settings" config SINGLE_IMAGE_DFU @@ -84,9 +92,8 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" - default BOOT_CC310 if HAS_HW_NRF_CC310 - default BOOT_TINYCRYPT -config BOOT_TINYCRYPT + default BOOT_ECDSA_TINYCRYPT +config BOOT_ECDSA_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT config BOOT_CC310 From 3fddc5482120f261672dac1ccfbfd8adbc2b1c31 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Tue, 26 Mar 2019 15:42:38 +0100 Subject: [PATCH 066/112] [nrf noup] zephyr: Remove duplication from Kconfig and cmake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Removes `NRFXLIB_CRYPTO`, `NRF_CC310_BL` and the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland Signed-off-by: Andrzej Puzdrowski Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 4dacbdc6b4871bd211861afc553c2fe60dec5ad8) (cherry picked from commit 45f0833a8dee3549ef661137dd03e54d180ae8d8) (cherry picked from commit 7888f0ad4df6eb10fd8c732cb84656a4e7030ad1) Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/CMakeLists.txt | 2 -- boot/zephyr/Kconfig | 14 +++----------- 2 files changed, 3 insertions(+), 13 deletions(-) diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 1b6024d12..28213e469 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -74,8 +74,6 @@ if(NOT EXISTS ${NRFXLIB_DIR}) To use the tinycrypt set `CONFIG_BOOT_ECDSA_TINYCRYPT` to y. ------------------------------------------------------------------------") endif() -# Don't include this if we are using west - add_subdirectory(${NRFXLIB_DIR} ${PROJECT_BINARY_DIR}/nrfxlib) endif() zephyr_library_include_directories( diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 3f2374b66..a6e357dac 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,14 +48,6 @@ config BOOT_USE_NRF_CC310_BL bool default n -config NRFXLIB_CRYPTO - bool - default n - -config NRF_CC310_BL - bool - default n - menu "MCUBoot settings" config SINGLE_APPLICATION_SLOT @@ -92,9 +84,9 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" - default BOOT_ECDSA_TINYCRYPT - -config BOOT_ECDSA_TINYCRYPT + default BOOT_ECDSA_CC310 if HAS_HW_NRF_CC310 + default BOOT_TINYCRYPT +config BOOT_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT From fd12a3d0691e0b58eb2e7835c7b8e4cdc57a911d Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 14 Feb 2019 13:20:34 +0100 Subject: [PATCH 067/112] [nrf noup] boot: bootutil: Add shared crypto for ECDSA and SHA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Håkon Øye Amundsen (cherry picked from commit ef8f826cfee7c95e2ff2f96934d5c50aff930540) (cherry picked from commit 68f2bcc798113500cf4abf50af6e6def60ba384a) (cherry picked from commit f20a1a1c10e3949d1d12bd0621518eccb4cd69f2) Signed-off-by: Ioannis Glaropoulos --- .../include/bootutil/crypto/ecdsa_p256.h | 27 ++++++++++++++++ .../bootutil/include/bootutil/crypto/sha256.h | 32 +++++++++++++++++++ boot/bootutil/src/image_ec256.c | 6 +++- boot/zephyr/CMakeLists.txt | 2 ++ boot/zephyr/Kconfig | 22 ++++++++++++- .../include/mcuboot_config/mcuboot_config.h | 5 ++- 6 files changed, 89 insertions(+), 5 deletions(-) diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h index b77cd347c..a658ba854 100644 --- a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h +++ b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h @@ -14,6 +14,7 @@ #if (defined(MCUBOOT_USE_TINYCRYPT) + \ defined(MCUBOOT_USE_CC310) + \ + defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_MBED_TLS)) != 1 #error "One crypto backend must be defined: either CC310 or TINYCRYPT" #endif @@ -29,6 +30,11 @@ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8) #endif /* MCUBOOT_USE_CC310 */ +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + #include + #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8) +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus extern "C" { #endif @@ -76,6 +82,27 @@ static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, u } #endif /* MCUBOOT_USE_CC310 */ +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) +typedef uintptr_t bootutil_ecdsa_p256_context; + +static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx) +{ + (void)ctx; +} + +static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx) +{ + (void)ctx; +} + +static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, uint8_t *pk, uint8_t *hash, uint8_t *sig) +{ + (void)ctx; + return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, + pk, sig); +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus } #endif diff --git a/boot/bootutil/include/bootutil/crypto/sha256.h b/boot/bootutil/include/bootutil/crypto/sha256.h index 00c321893..2c8140dbc 100644 --- a/boot/bootutil/include/bootutil/crypto/sha256.h +++ b/boot/bootutil/include/bootutil/crypto/sha256.h @@ -21,6 +21,7 @@ #if (defined(MCUBOOT_USE_MBED_TLS) + \ defined(MCUBOOT_USE_TINYCRYPT) + \ + defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \ defined(MCUBOOT_USE_CC310)) != 1 #error "One crypto backend must be defined: either CC310, MBED_TLS or TINYCRYPT" #endif @@ -134,6 +135,37 @@ static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx, } #endif /* MCUBOOT_USE_CC310 */ +#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + +#include + +typedef bl_sha256_ctx_t bootutil_sha256_context; + +static inline void bootutil_sha256_init(bootutil_sha256_context *ctx) +{ + bl_sha256_init(ctx); +} + +static inline void bootutil_sha256_drop(bootutil_sha256_context *ctx) +{ + (void)ctx; +} + +static inline int bootutil_sha256_update(bootutil_sha256_context *ctx, + const void *data, + uint32_t data_len) +{ + return bl_sha256_update(ctx, data, data_len); +} + +static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx, + uint8_t *output) +{ + bl_sha256_finalize(ctx, output); + return 0; +} +#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */ + #ifdef __cplusplus } #endif diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c index f5b813593..d181cfe2c 100644 --- a/boot/bootutil/src/image_ec256.c +++ b/boot/bootutil/src/image_ec256.c @@ -33,7 +33,11 @@ #ifdef MCUBOOT_USE_CC310 #define NUM_ECC_BYTES (256 / 8) #endif -#if defined (MCUBOOT_USE_TINYCRYPT) || defined (MCUBOOT_USE_CC310) +#ifdef MCUBOOT_USE_NRF_EXTERNAL_CRYPTO +#define NUM_ECC_BYTES (256 / 8) +#endif +#if defined (MCUBOOT_USE_TINYCRYPT) || defined (MCUBOOT_USE_CC310) \ + || defined (MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) #include "bootutil/sign_key.h" #include "mbedtls/oid.h" diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 28213e469..799b83e30 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -158,6 +158,8 @@ if(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 OR CONFIG_BOOT_ENCRYPT_EC256) zephyr_library_sources(${NRF_DIR}/cc310_glue.c) zephyr_library_include_directories(${NRF_DIR}) zephyr_link_libraries(nrfxlib_crypto) + elseif(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) + zephyr_include_directories(${BL_CRYPTO_DIR}/../include) endif() # Since here we are not using Zephyr's mbedTLS but rather our own, we need diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index a6e357dac..f2556f407 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -48,6 +48,17 @@ config BOOT_USE_NRF_CC310_BL bool default n +config BOOT_USE_NRF_EXTERNAL_CRYPTO + bool + # Hidden option + default n + # When building for ECDSA, we use our own copy of mbedTLS, so the + # Zephyr one must not be enabled or the MBEDTLS_CONFIG_FILE macros + # will collide. + depends on ! MBEDTLS + help + Use Shared crypto for crypto primitives. + menu "MCUBoot settings" config SINGLE_APPLICATION_SLOT @@ -84,8 +95,10 @@ config BOOT_SIGNATURE_TYPE_ECDSA_P256 if BOOT_SIGNATURE_TYPE_ECDSA_P256 choice prompt "Ecdsa implementation" + default BOOT_NRF_EXTERNAL_CRYPTO if SECURE_BOOT default BOOT_ECDSA_CC310 if HAS_HW_NRF_CC310 default BOOT_TINYCRYPT + config BOOT_TINYCRYPT bool "Use tinycrypt" select BOOT_USE_TINYCRYPT @@ -97,8 +110,15 @@ config BOOT_ECDSA_CC310 select NRF_CC310_BL select NRFXLIB_CRYPTO select BOOT_USE_CC310 + +config BOOT_NRF_EXTERNAL_CRYPTO + bool "Use Shared Crypto from bootloader" + select BOOT_USE_NRF_EXTERNAL_CRYPTO + depends on SECURE_BOOT_CRYPTO_CLIENT + endchoice # Ecdsa implementation -endif + +endif #BOOT_SIGNATURE_TYPE_ECDSA_P256 config BOOT_SIGNATURE_TYPE_ED25519 bool "Edwards curve digital signatures using ed25519" diff --git a/boot/zephyr/include/mcuboot_config/mcuboot_config.h b/boot/zephyr/include/mcuboot_config/mcuboot_config.h index 0ccf36dfd..af8d49184 100644 --- a/boot/zephyr/include/mcuboot_config/mcuboot_config.h +++ b/boot/zephyr/include/mcuboot_config/mcuboot_config.h @@ -40,9 +40,8 @@ #define MCUBOOT_USE_TINYCRYPT #elif defined(CONFIG_BOOT_USE_CC310) #define MCUBOOT_USE_CC310 -#ifdef CONFIG_BOOT_USE_NRF_CC310_BL -#define MCUBOOT_USE_NRF_CC310_BL -#endif +#elif defined(CONFIG_BOOT_USE_NRF_EXTERNAL_CRYPTO) +#define MCUBOOT_USE_NRF_EXTERNAL_CRYPTO #endif #ifdef CONFIG_BOOT_HW_KEY From ecbaa04e9ec0ca3f194e6a6de68a9c5ea1d64835 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Wed, 12 Dec 2018 08:59:47 +0100 Subject: [PATCH 068/112] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Øyvind Rønningstad Signed-off-by: Sebastian Bøe Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Torsten Rasmussen Signed-off-by: Andrzej Głąbek Signed-off-by: Robert Lubos Signed-off-by: Andrzej Puzdrowski Signed-off-by: Dominik Ermel Signed-off-by: Emil Obalski Signed-off-by: Torsten Rasmussen Signed-off-by: Pawel Dunaj (cherry picked from commit e632ea6f38f08de7981c2d24d5f9e2ca754bcd68) (cherry picked from commit e66f03264fb733bbda086d4746fd6919b6559375) (cherry picked from commit fcbc47f59e59e5a596e04857b78423bbb90cf602) (cherry picked from commit 5409c45d4019b015fbc2f0ad926e28752f77bc29) (cherry picked from commit 50155fddf309adbe79edbf49126ded5b27afe8eb) (cherry picked from commit d7373a00f65b7545c025cbb63cfd8bc153afe5e7) (cherry picked from commit 04514d6a2236050ac8abd89d72f59dd175a0265e) (cherry picked from commit 069b603167a1e8f1491e44139dc099c8065fdf28) Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 66 +++++++++++++++++++++++-- boot/bootutil/src/swap_move.c | 13 +++++ boot/bootutil/src/swap_scratch.c | 13 +++++ boot/zephyr/CMakeLists.txt | 7 +++ boot/zephyr/Kconfig | 13 ++++- boot/zephyr/include/sysflash/sysflash.h | 47 ++++++++++++++++++ boot/zephyr/include/target.h | 4 ++ boot/zephyr/pm.yml | 37 ++++++++++++++ zephyr/CMakeLists.txt | 1 + zephyr/Kconfig | 32 ++++++++++++ 10 files changed, 228 insertions(+), 5 deletions(-) create mode 100644 boot/zephyr/pm.yml create mode 100644 zephyr/CMakeLists.txt create mode 100644 zephyr/Kconfig diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 431f4dd03..64457e47a 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -90,6 +90,15 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. The primary slot of the second image + * (image 1) will not contain a valid image header until an upgrade + * of mcuboot has happened (filling S1 with the new version). + */ + if (BOOT_CURR_IMG(state) == 1 && i == 0) { + continue; + } +#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -715,6 +724,42 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other + * B1 slot S0 or S1) share the same secondary slot, we need to check + * whether the update candidate in the secondary slot is intended for + * image 0 or image 1 primary by looking at the address of the reset + * vector. Note that there are good reasons for not using img_num from + * the swap info. + */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; + + if (hdr->ih_magic == IMAGE_MAGIC) { + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + int rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } + } +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -1839,10 +1884,23 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT - FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); - if (fih_not_eq(fih_rc, FIH_SUCCESS)) { - goto out; - } +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. If secure boot is enabled, then mcuboot + * will be stored in either partition S0 or S1. Image 1 primary + * will point to the 'other' Sx partition. Hence, image 1 primary + * does not contain a valid image until mcuboot has been upgraded. + * Note that B0 will perform validation of the active mcuboot image, + * so there is no security lost by skipping this check for image 1 + * primary. + */ + if (BOOT_CURR_IMG(state) == 0) +#endif + { + FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { + goto out; + } + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index f2883f626..71d35361f 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -211,6 +211,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -247,6 +259,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index 55fa61f0f..e37caccee 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -175,6 +175,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -260,6 +272,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 799b83e30..ab07791f1 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -271,6 +271,13 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") + set_property( + GLOBAL + PROPERTY + KEY_FILE + ${KEY_FILE} + ) + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index f2556f407..f89d7ff53 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -15,6 +15,18 @@ config MCUBOOT select MPU_ALLOW_FLASH_WRITE if ARM_MPU select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET +partition=MCUBOOT +partition-size=0xc000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_SCRATCH +partition-size=0x1e000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_PAD +partition-size=0x200 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + config BOOT_USE_MBEDTLS bool # Hidden option @@ -145,7 +157,6 @@ config BOOT_SIGNATURE_KEY_FILE default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 - default "" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 99ca27371..a73b935dd 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,6 +3,51 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ +#if USE_PARTITION_MANAGER +#include +#include + +#ifndef CONFIG_SINGLE_IMAGE_DFU + +#if (MCUBOOT_IMAGE_NUMBER == 1) + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID + +#elif (MCUBOOT_IMAGE_NUMBER == 2) + +extern uint32_t _image_1_primary_slot_id[]; + +#define FLASH_AREA_IMAGE_PRIMARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_PRIMARY_ID : \ + (x == 1) ? \ + (uint32_t)_image_1_primary_slot_id : \ + 255 ) + +#define FLASH_AREA_IMAGE_SECONDARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + (x == 1) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + 255 ) +#endif +#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID + +#else /* CONFIG_SINGLE_IMAGE_DFU */ + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID +/* NOTE: Scratch parition is not used by single image DFU but some of + * functions in common files reference it, so the definitions has been + * provided to allow compilation of common units. + */ +#define FLASH_AREA_IMAGE_SCRATCH 0 + +#endif /* CONFIG_SINGLE_IMAGE_DFU */ + +#else + #include #include @@ -55,4 +100,6 @@ #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ +#endif /* USE_PARTITION_MANAGER */ + #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 1b0c8f52f..72a62cc22 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,6 +8,8 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ +#ifndef USE_PARTITION_MANAGER + #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -47,4 +49,6 @@ #error "Target support is incomplete; cannot build mcuboot." #endif +#endif /* ifndef USE_PARTITION_MANAGER */ + #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml new file mode 100644 index 000000000..5f5ca520e --- /dev/null +++ b/boot/zephyr/pm.yml @@ -0,0 +1,37 @@ +#include + +mcuboot: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT + placement: + before: [mcuboot_primary] + +mcuboot_primary_app: + # All images to be placed in MCUboot's slot 0 should be placed in this + # partition + span: [app] + +mcuboot_primary: + span: [mcuboot_pad, mcuboot_primary_app] + +mcuboot_secondary: + share_size: [mcuboot_primary] + placement: + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} + after: mcuboot_primary + +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) +mcuboot_scratch: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH + placement: + after: app + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif + +# Padding placed before image to boot +mcuboot_pad: + # MCUboot pad must be placed before the 'spm' partition if that is present. + # If 'spm' partition is not present, it must be placed before the 'app'. + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD + placement: + before: [mcuboot_primary_app] + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt new file mode 100644 index 000000000..683bcf226 --- /dev/null +++ b/zephyr/CMakeLists.txt @@ -0,0 +1 @@ +include(${ZEPHYR_NRF_MODULE_DIR}/cmake/mcuboot.cmake) diff --git a/zephyr/Kconfig b/zephyr/Kconfig new file mode 100644 index 000000000..ffca48313 --- /dev/null +++ b/zephyr/Kconfig @@ -0,0 +1,32 @@ +menu "MCUboot" + +if BOOTLOADER_MCUBOOT + +config MCUBOOT_CMAKELISTS_DIR + string "Path to the directory of the MCUBoot CMakeLists.txt file" + default "$MCUBOOT_BASE/boot/zephyr/" + + +# The name of this configuration needs to match the requirements set by the +# script `partition_manager.py`. See `pm.yml` in the application directory +# of MCUBoot. +module=MCUBOOT +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.build_strategy" + +config MCUBOOT_IMAGE_VERSION + string "Image version" + default "0.0.0+0" + help + Value to be passed as 'version' argument to 'imgtool.py' when + creating signed image. Note that no semantics are connected to + this variable. It does not provide downgrade prevention, and is only + valuable for debugging purposes. Format: maj.min.rev+build with + latter parts optional. + +endif # BOOTLOADER_MCUBOOT + +config DT_FLASH_WRITE_BLOCK_SIZE + int + default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) + +endmenu From 01c58f5534811f804a93b19e3ae72ab1da6973a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Mon, 6 Jan 2020 11:35:06 +0000 Subject: [PATCH 069/112] [nrf noup] zephyr: lock mcuboot using fprotect before jumping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This to enable the secure boot property of the system. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Sigvart Hovland Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen (cherry picked from commit 3f02019110c5e7de2f85617fe7997ff64a97e3a5) (cherry picked from commit 59e02e27dafd41456c54bf45d0b2d95ab15b6e0f) (cherry picked from commit c21b25a9a8f60fa2e10c820be0166ac87de52fdf) Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/main.c | 28 ++++++++++++++++++++++++++++ boot/zephyr/pm.yml | 4 +++- boot/zephyr/prj.conf | 1 + 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 0e0a13dde..0ba7837cc 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -80,6 +80,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #define ZEPHYR_BOOT_LOG_STOP() do { } while (false) #endif /* defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) */ +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT +#include +#include + +#endif #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -421,7 +426,30 @@ void main(void) rsp.br_image_off); BOOT_LOG_INF("Jumping to the first image slot"); + +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT + +#ifdef PM_S1_ADDRESS +/* MCUBoot is stored in either S0 or S1, protect both */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) +#define PROTECT_ADDR PM_S0_ADDRESS +#else +/* There is only one instance of MCUBoot */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) +#define PROTECT_ADDR PM_MCUBOOT_ADDRESS +#endif + + rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); + + if (rc != 0) { + BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); + while (1) + ; + } +#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ + ZEPHYR_BOOT_LOG_STOP(); + do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 5f5ca520e..e04e05292 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -34,4 +34,6 @@ mcuboot_pad: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} +#ifdef CONFIG_FPROTECT + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 7f15372de..b95f503ed 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -24,6 +24,7 @@ CONFIG_BOOT_BOOTSTRAP=n # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y +CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set From ee8ab639004945282c129e66504727ff32ed7e89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mart=C3=AD=20Bol=C3=ADvar?= Date: Fri, 24 Apr 2020 16:43:54 -0700 Subject: [PATCH 070/112] [nrf temphack] Kconfig: add accessor for flash write block size MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is necessary to keep the NCS build system able to access this value, which it needs to do since it calls imgtool manually, but cannot access DT values via Kconfig by default anymore following the removal of devicetree.conf. Signed-off-by: Martí Bolívar Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 7dfa63abb12fdf1bd38c9274cda1eef54fc489b5) (cherry picked from commit e9d64d45865fdd4943a01f55c5096643c399d52a) (cherry picked from commit 3d745d389b10beb1e333a8ea65d3590c2f06b965) Signed-off-by: Ioannis Glaropoulos --- zephyr/Kconfig | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/zephyr/Kconfig b/zephyr/Kconfig index ffca48313..80ecad9cf 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -23,6 +23,16 @@ config MCUBOOT_IMAGE_VERSION valuable for debugging purposes. Format: maj.min.rev+build with latter parts optional. +# HACK: NCS temphack to keep our imgtool integration working now that +# there is no CONFIG_DT_* CMake namespace anymore. Use Zephyr +# kconfigfunctions to thread the flash write block size through +# Kconfig so it can be accessed from CMake. Needs a better solution. +DT_ZEPHYR_FLASH := zephyr,flash +DT_CHOSEN_ZEPHYR_FLASH := $(dt_chosen_path,$(DT_ZEPHYR_FLASH)) +config MCUBOOT_FLASH_WRITE_BLOCK_SIZE + int + default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) + endif # BOOTLOADER_MCUBOOT config DT_FLASH_WRITE_BLOCK_SIZE From df05bff1ed950942fda3f1335556f2bf90ee0076 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 27 Aug 2020 14:29:31 +0200 Subject: [PATCH 071/112] [nrf noup] boot: zephyr: nrf53 network core bootloader implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. Signed-off-by: Sigvart Hovland Signed-off-by: Håkon Øye Amundsen (cherry picked from commit a401d3a056b6ef41a9ead1a7ad5263e028f52549) (cherry picked from commit f35f763bbe7e698b3c275c548faae3537061e9c7) (cherry picked from commit 337357898d46250584c2d400ea3ae57770ae99b8) Signed-off-by: Ioannis Glaropoulos --- boot/bootutil/src/loader.c | 85 ++++++++++++++++++++++++++------------ boot/zephyr/main.c | 7 ++++ 2 files changed, 66 insertions(+), 26 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 64457e47a..b421ede02 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,6 +45,10 @@ #include "bootutil/boot_record.h" #include "bootutil/fault_injection_hardening.h" +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -724,7 +728,15 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; -#ifdef PM_S1_ADDRESS + bool upgrade_valid = false; + +#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; + uint32_t vtable_addr = 0; + uint32_t *vtable = 0; + uint32_t reset_addr = 0; /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -732,34 +744,31 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - int rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } + vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + vtable = (uint32_t *)(vtable_addr); + reset_addr = vtable[1]; +#ifdef PM_S1_ADDRESS + const struct flash_area *primary_fa; + int rc = flash_area_open(flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } +#endif /* PM_S1_ADDRESS */ } -#endif +#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -773,7 +782,31 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } + } else { + upgrade_valid = true; + } + +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + /* If the update is valid, and it targets the network core: perform the + * update and indicate to the caller of this function that no update is + * available + */ + if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { + uint32_t fw_size = hdr->ih_img_size; + + BOOT_LOG_INF("Starting network core update"); + int rc = pcd_network_core_update(vtable, fw_size); + + if (rc != 0) { + swap_type = BOOT_SWAP_TYPE_FAIL; + } else { + BOOT_LOG_INF("Done updating network core"); + rc = swap_erase_trailer_sectors(state, + secondary_fa); + swap_type = BOOT_SWAP_TYPE_NONE; + } } +#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 0ba7837cc..c01323af8 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -55,6 +55,10 @@ const struct boot_uart_funcs boot_funcs = { #include #endif +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) #ifdef CONFIG_LOG_PROCESS_THREAD #warning "The log internal thread for log processing can't transfer the log"\ @@ -447,6 +451,9 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + pcd_lock_ram(); +#endif ZEPHYR_BOOT_LOG_STOP(); From ee5338f153c6f74276d5bd59fb8c4f5aa9dac87c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 10:29:19 +0000 Subject: [PATCH 072/112] [nrf noup] kconfig: use cc310 for ecdsa by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit when hardware is available. NCSDK-5167 Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 40fc6dc073bfd1907eca563890bd49b286c715ea) (cherry picked from commit 1788ad7a9894780bf27c68d98aa87e833f170c7d) (cherry picked from commit 5e0fc4ec914b0765920c00a994f3dd30c93e4136) Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index f89d7ff53..d2a81fbf9 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -58,7 +58,7 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - default n + select NRF_CC310_BL config BOOT_USE_NRF_EXTERNAL_CRYPTO bool @@ -83,6 +83,7 @@ config SINGLE_APPLICATION_SLOT choice prompt "Signature type" + default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From fbd3e7a70d275fb907fcfd8a431d959036334cc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 12:20:32 +0000 Subject: [PATCH 073/112] [nrf noup] kconfig: enable external crypto config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove undefined dependency and add overlay file for building minimal mcuboot with exeternal crypto. Signed-off-by: Håkon Øye Amundsen (cherry picked from commit e473ee375bc6d53a976408fc133bd0bc6eb3f0a5) (cherry picked from commit 4d1b74b32f7f49692fc40132c7c5e84030ef6a85) (cherry picked from commit a2c9384795e897f52f5eee840ac63f04633335f3) Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/Kconfig | 1 - .../overlay-minimal-external-crypto.conf | 46 +++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/overlay-minimal-external-crypto.conf diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index d2a81fbf9..c5846aa7c 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -127,7 +127,6 @@ config BOOT_ECDSA_CC310 config BOOT_NRF_EXTERNAL_CRYPTO bool "Use Shared Crypto from bootloader" select BOOT_USE_NRF_EXTERNAL_CRYPTO - depends on SECURE_BOOT_CRYPTO_CLIENT endchoice # Ecdsa implementation diff --git a/boot/zephyr/overlay-minimal-external-crypto.conf b/boot/zephyr/overlay-minimal-external-crypto.conf new file mode 100644 index 000000000..a4bc98bf5 --- /dev/null +++ b/boot/zephyr/overlay-minimal-external-crypto.conf @@ -0,0 +1,46 @@ +# +# Copyright (c) 2020 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +# These configurations should be used when using nrf/samples/bootloader +# as the immutable bootloader (B0), and MCUBoot as the second stage updateable +# bootloader. With this configuration, MCUBoot will re-use the crypto +# functionality from B0, and fit within 16kB. + +CONFIG_NCS_SAMPLES_DEFAULTS=n +CONFIG_LOG=n +CONFIG_BOOT_BANNER=n +CONFIG_PRINTK=n +CONFIG_CONSOLE=n +CONFIG_UART_CONSOLE=n +CONFIG_SERIAL=n +CONFIG_SECURE_BOOT_DEBUG=n +CONFIG_ASSERT=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_REBOOT=n +CONFIG_GPIO=n +CONFIG_CLOCK_CONTROL=n +CONFIG_MINIMAL_LIBC_MALLOC=n +CONFIG_MINIMAL_LIBC_CALLOC=n +CONFIG_MINIMAL_LIBC_REALLOCARRAY=n +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_NO_RUNTIME_CHECKS=y +CONFIG_CONSOLE_HANDLER=n +CONFIG_NRF_RTC_TIMER=n +CONFIG_SYS_CLOCK_EXISTS=n + +# Set ECDSA as signing mechanism +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y + +# Use crypto backend from B0 +CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y +CONFIG_SECURE_BOOT_CRYPTO=y +CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y +CONFIG_SB_CRYPTO_CLIENT_SHA256=y +CONFIG_BL_SHA256_EXT_API_REQUIRED=y +CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y + +# Set 16kB as flash size +CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x3e00 From bd4d82f7f97c059e2ba151a93913d47715a53884 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 27 Feb 2020 12:48:56 +0100 Subject: [PATCH 074/112] [nrf temphack] do_boot: clean peripherals state before boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Øyvind Rønningstad Signed-off-by: Martí Bolívar Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 664b8ad8b05e9fac567eafcf9fe617303fb6aed6) (cherry picked from commit a47b96262f1fd8401c0ec0d9d85460b1f53f005a) (cherry picked from commit a8cc9879747019ba0459b900920296365abae4b1) (cherry picked from commit 4b41ab6ccaee6c54f37d351b51b85f94499459f7) Signed-off-by: Ioannis Glaropoulos --- boot/zephyr/CMakeLists.txt | 6 ++++ boot/zephyr/Kconfig | 5 ++++ boot/zephyr/include/nrf_cleanup.h | 19 ++++++++++++ boot/zephyr/main.c | 9 +++++- boot/zephyr/nrf_cleanup.c | 49 +++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/include/nrf_cleanup.h create mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index ab07791f1..87ad7d226 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -298,3 +298,9 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() + +if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/nrf_cleanup.c +) +endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index c5846aa7c..a559c26b0 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -185,6 +185,11 @@ config MCUBOOT_CLEANUP_ARM_CORE by default, if they are chain-loadable by MCUboot, so MCUboot does not need to perform such a cleanup itself. +config MCUBOOT_NRF_CLEANUP_PERIPHERAL + bool "Perform peripheral cleanup before chain-load the application" + depends on SOC_FAMILY_NRF + default y + config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h new file mode 100644 index 000000000..2b175634e --- /dev/null +++ b/boot/zephyr/include/nrf_cleanup.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#ifndef H_NRF_CLEANUP_ +#define H_NRF_CLEANUP_ + +/** + * Perform cleanup on some peripheral resources used by MCUBoot prior chainload + * the application. + * + * This function disables all RTC instances and UARTE instances. + * It Disables their interrupts signals as well. + */ +void nrf_cleanup_peripheral(void); + +#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c01323af8..538975d25 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -89,6 +89,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif + +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL +#include +#endif + #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -164,7 +169,9 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif - +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL + nrf_cleanup_peripheral(); +#endif #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c new file mode 100644 index 000000000..2f7cf2d68 --- /dev/null +++ b/boot/zephyr/nrf_cleanup.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#include +#if defined(NRF_UARTE0) || defined(NRF_UARTE1) + #include +#endif +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) + #include +#endif + +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) +static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) +{ + nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); + nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); + nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); +} +#endif + +static void nrf_cleanup_clock(void) +{ + nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); +} + +void nrf_cleanup_peripheral(void) +{ +#if defined(NRF_RTC0) + nrf_cleanup_rtc(NRF_RTC0); +#endif +#if defined(NRF_RTC1) + nrf_cleanup_rtc(NRF_RTC1); +#endif +#if defined(NRF_RTC2) + nrf_cleanup_rtc(NRF_RTC2); +#endif +#if defined(NRF_UARTE0) + nrf_uarte_disable(NRF_UARTE0); + nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); +#endif +#if defined(NRF_UARTE1) + nrf_uarte_disable(NRF_UARTE1); + nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); +#endif + nrf_cleanup_clock(); +} From 794fbcf67f23532ab369d97cf03e00e8a6075f36 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 26 Nov 2020 15:57:13 +0100 Subject: [PATCH 075/112] [nrf noup] PM: adapted PM related code to CONFIG_SINGLE_APPLICATION_SLOT CONFIG_SINGLE_APPLICATION_SLOT replaced CONFIG_SINGLE_IMAGE_DFU in the upstream, so need to adapt all the code which is using that keyword. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/include/sysflash/sysflash.h | 6 +++--- boot/zephyr/pm.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index a73b935dd..25479900f 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -7,7 +7,7 @@ #include #include -#ifndef CONFIG_SINGLE_IMAGE_DFU +#ifndef CONFIG_SINGLE_APPLICATION_SLOT #if (MCUBOOT_IMAGE_NUMBER == 1) @@ -34,7 +34,7 @@ extern uint32_t _image_1_primary_slot_id[]; #endif #define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID -#else /* CONFIG_SINGLE_IMAGE_DFU */ +#else /* CONFIG_SINGLE_APPLICATION_SLOT */ #define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID #define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID @@ -44,7 +44,7 @@ extern uint32_t _image_1_primary_slot_id[]; */ #define FLASH_AREA_IMAGE_SCRATCH 0 -#endif /* CONFIG_SINGLE_IMAGE_DFU */ +#endif /* CONFIG_SINGLE_APPLICATION_SLOT */ #else diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index e04e05292..f05ef65e5 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -19,7 +19,7 @@ mcuboot_secondary: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} after: mcuboot_primary -#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_APPLICATION_SLOT) mcuboot_scratch: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH placement: From 534a4ecb02d27dcaf1194fdef4e7afd20280caae Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Fri, 27 Nov 2020 12:07:23 +0100 Subject: [PATCH 076/112] [nrf fromlist] zephyr: use minimal CBPRINTF implementation Addition of cbprintf capability in zephyr zephyrproject-rtos/zephyr#29876 cause flash footprint rise by ~5 KB. Selecting CBPRINTF_NANO=y mitigates the footprint rise to ~1 KB Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/prj.conf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index b95f503ed..e3e63c068 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -34,3 +34,5 @@ CONFIG_FPROTECT=y CONFIG_LOG=y ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 +### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y +CONFIG_CBPRINTF_NANO=y From 853e11283805ec66f157bc27a5286edb36046725 Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Fri, 27 Nov 2020 15:30:50 +0100 Subject: [PATCH 077/112] [nrf temphack]: remove CONFIG_DEBUG=y in Zephyr prj.conf This commit removes the `CONFIG_DEBUG=y` setting from Zephyr prj.conf to save k flash size. Signed-off-by: Torsten Rasmussen --- boot/zephyr/prj.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e3e63c068..40920f000 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,5 +1,4 @@ CONFIG_CONSOLE_HANDLER=y -CONFIG_DEBUG=y CONFIG_SYSTEM_CLOCK_DISABLE=y CONFIG_SYS_POWER_MANAGEMENT=n From b95e49304a9ee82f83668d51c1d95c6f2faaf983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20S=C3=A6ther?= Date: Wed, 25 Nov 2020 13:26:21 +0100 Subject: [PATCH 078/112] [nrf fromtree] zephyr/Kconfig: Added default pin for serial ... MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Added default pin for triggering serial recovery mode for nRF5340DK. Upstream: 83ec842609e7d0142df0532daa93502e5df66652 Ref: NCSDK-7085 Upstream PR https://github.com/mcu-tools/mcuboot/pull/891 Signed-off-by: Ole Sæther Signed-off by: Haakon Amundsen --- boot/zephyr/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index a559c26b0..0573d247d 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -470,7 +470,8 @@ config BOOT_SERIAL_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS + default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS || \ + BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS help Pin on the serial detect port which triggers serial recovery mode. From ef3942301adbf3d7da1051f97fac01574c66f5c4 Mon Sep 17 00:00:00 2001 From: Vidar Berg Date: Mon, 30 Nov 2020 13:43:28 +0100 Subject: [PATCH 079/112] [nrf noup] pm: clarify the purpose of the mcuboot_pad partition I didn't find a description of this partition it in the docs. Signed-off-by: Vidar Berg --- boot/zephyr/pm.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index f05ef65e5..503615b31 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -27,7 +27,8 @@ mcuboot_scratch: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} #endif -# Padding placed before image to boot +# Padding placed before image to boot. This reserves space for the MCUboot image header +# and it ensures that the boot image gets linked with the correct address offset in flash. mcuboot_pad: # MCUboot pad must be placed before the 'spm' partition if that is present. # If 'spm' partition is not present, it must be placed before the 'app'. From 9f8ccb9333da631d803ff40f3ca0df0665000a99 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Wed, 20 Jan 2021 16:18:32 +0100 Subject: [PATCH 080/112] [nrf noup] ci: use zephyr/scripts/ci/check_compliance.py replace ci-tools version of check_compliance.py Signed-off-by: Thomas Stilwell --- .gitlint | 2 +- Jenkinsfile | 37 ++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/.gitlint b/.gitlint index a2b26dbbf..512813bbb 100644 --- a/.gitlint +++ b/.gitlint @@ -10,7 +10,7 @@ debug = false # Set the extra-path where gitlint will search for user defined rules # See http://jorisroovers.github.io/gitlint/user_defined_rules for details -extra-path=../tools/ci-tools/scripts/gitlint +extra-path=../../zephyr/scripts/gitlint [title-max-length-no-revert] line-length=72 diff --git a/Jenkinsfile b/Jenkinsfile index 402fdd16f..7b732e887 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) - choice(name: 'CRON', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') + choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') } agent { @@ -29,7 +29,7 @@ pipeline { } options { - checkoutToSubdirectory('mcuboot') + checkoutToSubdirectory('bootloader/mcuboot') parallelsAlwaysFailFast() timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) } @@ -38,25 +38,34 @@ pipeline { // This token is used to by check_compliance to comment on PRs and use checks GH_TOKEN = credentials('nordicbuilder-compliance-token') GH_USERNAME = "NordicBuilder" - COMPLIANCE_ARGS = "-r NordicPlayground/fw-nrfconnect-mcuboot" } stages { stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} stage('Checkout') { steps { script { - CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) - lib_West.AddManifestUpdate("MCUBOOT", 'mcuboot', CI_STATE.SELF.GIT_URL, CI_STATE.SELF.GIT_REF, CI_STATE) + println "Running on NODE: $NODE_NAME" lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) - lib_West.InitUpdate('nrf', 'ci-tools') + lib_West.InitUpdate('nrf') + dir('bootloader') { + CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) + dir('mcuboot') { + sh "git log --graph --oneline --decorate -n 10" + } + } }} } stage('Run compliance check') { when { expression { CI_STATE.SELF.RUN_TESTS } } steps { script { + println "Running on NODE: $NODE_NAME" lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); - dir('mcuboot') { + dir('bootloader/mcuboot') { + + CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') + CI_STATE.SELF.COMPLIANCE = new HashMap() + CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) if (BUILD_TYPE == "PR") { @@ -72,8 +81,7 @@ pipeline { COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" } - COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g" - // COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g -e pylint" + CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" } else if (BUILD_TYPE == "TAG") { @@ -89,9 +97,16 @@ pipeline { assert condition : "Build fails because it is not a PR/Tag/Branch" } + CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " + CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " + // Run the compliance check try { - sh "../tools/ci-tools/scripts/check_compliance.py $COMPLIANCE_ARGS --commits $COMMIT_RANGE" + sh """ + echo $CI_STATE.SELF.COMPLIANCE.ARGS + source ../../zephyr/zephyr-env.sh + ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS + """ } finally { junit 'compliance.xml' @@ -136,7 +151,7 @@ pipeline { failure { echo "failure" script{ - if (env.BRANCH_NAME == 'master' || env.BRANCH_NAME.startsWith("PR")) + if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) { emailext(to: 'anpu', body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", From 8834daf508d612f1912adcaac3962975e1e363e7 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Thu, 21 Jan 2021 11:12:13 +0100 Subject: [PATCH 081/112] [nrf noup] ci: replace jenkins pipeline in jenkinsfile with a stub load pipeline from internal config repo Signed-off-by: Thomas Stilwell --- Jenkinsfile | 170 +--------------------------------------------------- 1 file changed, 2 insertions(+), 168 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7b732e887..8220afe03 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,172 +1,6 @@ -// -// Copyright (c) 2020 Nordic Semiconductor ASA. All Rights Reserved. -// -// The information contained herein is confidential property of Nordic Semiconductor ASA. -// The use, copying, transfer or disclosure of such information is prohibited except by -// express written agreement with Nordic Semiconductor ASA. -// - @Library("CI_LIB") _ -HashMap CI_STATE = lib_State.getConfig(JOB_NAME) -properties(lib_State.getTriggers()) - -pipeline { - - parameters { - booleanParam(name: 'RUN_DOWNSTREAM', description: 'if false skip downstream jobs', defaultValue: false) - booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) - booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) - string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) - choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') - } - - agent { - docker { - image CI_STATE.CFG.IMAGE_TAG - label CI_STATE.CFG.AGENT_LABELS - } - } - - options { - checkoutToSubdirectory('bootloader/mcuboot') - parallelsAlwaysFailFast() - timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) - } - - environment { - // This token is used to by check_compliance to comment on PRs and use checks - GH_TOKEN = credentials('nordicbuilder-compliance-token') - GH_USERNAME = "NordicBuilder" - } - - stages { - stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} - stage('Checkout') { - steps { script { - println "Running on NODE: $NODE_NAME" - lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) - lib_West.InitUpdate('nrf') - dir('bootloader') { - CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) - dir('mcuboot') { - sh "git log --graph --oneline --decorate -n 10" - } - } - }} - } - stage('Run compliance check') { - when { expression { CI_STATE.SELF.RUN_TESTS } } - steps { - script { - println "Running on NODE: $NODE_NAME" - lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); - dir('bootloader/mcuboot') { - - CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') - CI_STATE.SELF.COMPLIANCE = new HashMap() - CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " - - def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) - if (BUILD_TYPE == "PR") { - - if ( CI_STATE.SELF.CHANGE_TITLE.toLowerCase().contains('[nrf mergeup]') ) { - CI_STATE.SELF.IS_MERGEUP = true - println 'This is a MERGE-UP PR. CI_STATE.SELF.IS_MERGEUP=' + CI_STATE.SELF.IS_MERGEUP - CI_STATE.SELF.MERGEUP_BASE = sh( script: "git log --oneline --grep='\\[nrf mergeup\\].*' -i -n 1 --pretty=format:'%h' | tr -d '\\n'" , returnStdout: true) - println "CI_STATE.SELF.MERGEUP_BASE = $CI_STATE.SELF.MERGEUP_BASE" - COMMIT_RANGE = "$CI_STATE.SELF.MERGEUP_BASE..$CI_STATE.SELF.REPORT_SHA" - } else { - CI_STATE.SELF.IS_MERGEUP = false - COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" - } - - CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " - println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" - } - else if (BUILD_TYPE == "TAG") { - COMMIT_RANGE = "tags/${env.BRANCH_NAME}..tags/${env.BRANCH_NAME}" - println "Building a Tag: " + COMMIT_RANGE - } - // If not a PR, it's a non-PR-branch or master build. Compare against the origin. - else if (BUILD_TYPE == "BRANCH") { - COMMIT_RANGE = "origin/${env.BRANCH_NAME}..HEAD" - println "Building a Branch: " + COMMIT_RANGE - } - else { - assert condition : "Build fails because it is not a PR/Tag/Branch" - } - - CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " - CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " - - // Run the compliance check - try { - sh """ - echo $CI_STATE.SELF.COMPLIANCE.ARGS - source ../../zephyr/zephyr-env.sh - ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS - """ - } - finally { - junit 'compliance.xml' - archiveArtifacts artifacts: 'compliance.xml' - } - } - } - } - } - - stage('Build samples') { - when { expression { CI_STATE.SELF.RUN_BUILD } } - steps { - echo "No Samples to build yet." - } - } - - stage('Trigger Downstream Jobs') { - when { expression { CI_STATE.SELF.RUN_DOWNSTREAM } } - steps { script { lib_Stage.runDownstream(JOB_NAME, CI_STATE) } } - } - - stage('Report') { - when { expression { CI_STATE.SELF.RUN_TESTS } } - steps { script { - println 'no report generation yet' - } } - } +def pipeline = new ncs.sdk_mcuboot.Main() - } +pipeline.run(JOB_NAME) - post { - // This is the order that the methods are run. {always->success/abort/failure/unstable->cleanup} - always { script { - lib_Status.set( "${currentBuild.currentResult}", 'MCUBOOT', CI_STATE) - if ( !CI_STATE.SELF.RUN_BUILD || !CI_STATE.SELF.RUN_TESTS ) { currentBuild.result = "UNSTABLE"} - }} - // Add if needed - // success {} - // aborted {} - // unstable {} - failure { - echo "failure" - script{ - if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) - { - emailext(to: 'anpu', - body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", - subject: "[Jenkins][Build ${currentBuild.currentResult}: ${env.JOB_NAME}]", - mimeType: 'text/html',) - } - else - { - echo "Branch ${env.BRANCH_NAME} is not master nor PR. Sending failure email skipped." - } - } - } - cleanup { - echo "Pipeline Post: cleanup" - cleanWs disableDeferredWipeout: true, deleteDirs: true - } - } -} From eda03c6802547e855149bf69ac53d80bbfc1f417 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 082/112] Revert "[nrf noup] ci: replace jenkins pipeline in jenkinsfile with a stub" This reverts commit 8834daf508d612f1912adcaac3962975e1e363e7. Signed-off-by: Johann Fischer --- Jenkinsfile | 170 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 168 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8220afe03..7b732e887 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,172 @@ +// +// Copyright (c) 2020 Nordic Semiconductor ASA. All Rights Reserved. +// +// The information contained herein is confidential property of Nordic Semiconductor ASA. +// The use, copying, transfer or disclosure of such information is prohibited except by +// express written agreement with Nordic Semiconductor ASA. +// + @Library("CI_LIB") _ -def pipeline = new ncs.sdk_mcuboot.Main() +HashMap CI_STATE = lib_State.getConfig(JOB_NAME) +properties(lib_State.getTriggers()) + +pipeline { + + parameters { + booleanParam(name: 'RUN_DOWNSTREAM', description: 'if false skip downstream jobs', defaultValue: false) + booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) + booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) + string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) + choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') + } + + agent { + docker { + image CI_STATE.CFG.IMAGE_TAG + label CI_STATE.CFG.AGENT_LABELS + } + } + + options { + checkoutToSubdirectory('bootloader/mcuboot') + parallelsAlwaysFailFast() + timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) + } + + environment { + // This token is used to by check_compliance to comment on PRs and use checks + GH_TOKEN = credentials('nordicbuilder-compliance-token') + GH_USERNAME = "NordicBuilder" + } + + stages { + stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} + stage('Checkout') { + steps { script { + println "Running on NODE: $NODE_NAME" + lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) + lib_West.InitUpdate('nrf') + dir('bootloader') { + CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) + dir('mcuboot') { + sh "git log --graph --oneline --decorate -n 10" + } + } + }} + } + stage('Run compliance check') { + when { expression { CI_STATE.SELF.RUN_TESTS } } + steps { + script { + println "Running on NODE: $NODE_NAME" + lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); + dir('bootloader/mcuboot') { + + CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') + CI_STATE.SELF.COMPLIANCE = new HashMap() + CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " + + def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) + if (BUILD_TYPE == "PR") { + + if ( CI_STATE.SELF.CHANGE_TITLE.toLowerCase().contains('[nrf mergeup]') ) { + CI_STATE.SELF.IS_MERGEUP = true + println 'This is a MERGE-UP PR. CI_STATE.SELF.IS_MERGEUP=' + CI_STATE.SELF.IS_MERGEUP + CI_STATE.SELF.MERGEUP_BASE = sh( script: "git log --oneline --grep='\\[nrf mergeup\\].*' -i -n 1 --pretty=format:'%h' | tr -d '\\n'" , returnStdout: true) + println "CI_STATE.SELF.MERGEUP_BASE = $CI_STATE.SELF.MERGEUP_BASE" + COMMIT_RANGE = "$CI_STATE.SELF.MERGEUP_BASE..$CI_STATE.SELF.REPORT_SHA" + } else { + CI_STATE.SELF.IS_MERGEUP = false + COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" + } + + CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " + println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" + } + else if (BUILD_TYPE == "TAG") { + COMMIT_RANGE = "tags/${env.BRANCH_NAME}..tags/${env.BRANCH_NAME}" + println "Building a Tag: " + COMMIT_RANGE + } + // If not a PR, it's a non-PR-branch or master build. Compare against the origin. + else if (BUILD_TYPE == "BRANCH") { + COMMIT_RANGE = "origin/${env.BRANCH_NAME}..HEAD" + println "Building a Branch: " + COMMIT_RANGE + } + else { + assert condition : "Build fails because it is not a PR/Tag/Branch" + } + + CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " + CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " + + // Run the compliance check + try { + sh """ + echo $CI_STATE.SELF.COMPLIANCE.ARGS + source ../../zephyr/zephyr-env.sh + ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS + """ + } + finally { + junit 'compliance.xml' + archiveArtifacts artifacts: 'compliance.xml' + } + } + } + } + } + + stage('Build samples') { + when { expression { CI_STATE.SELF.RUN_BUILD } } + steps { + echo "No Samples to build yet." + } + } + + stage('Trigger Downstream Jobs') { + when { expression { CI_STATE.SELF.RUN_DOWNSTREAM } } + steps { script { lib_Stage.runDownstream(JOB_NAME, CI_STATE) } } + } + + stage('Report') { + when { expression { CI_STATE.SELF.RUN_TESTS } } + steps { script { + println 'no report generation yet' + } } + } -pipeline.run(JOB_NAME) + } + post { + // This is the order that the methods are run. {always->success/abort/failure/unstable->cleanup} + always { script { + lib_Status.set( "${currentBuild.currentResult}", 'MCUBOOT', CI_STATE) + if ( !CI_STATE.SELF.RUN_BUILD || !CI_STATE.SELF.RUN_TESTS ) { currentBuild.result = "UNSTABLE"} + }} + // Add if needed + // success {} + // aborted {} + // unstable {} + failure { + echo "failure" + script{ + if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) + { + emailext(to: 'anpu', + body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", + subject: "[Jenkins][Build ${currentBuild.currentResult}: ${env.JOB_NAME}]", + mimeType: 'text/html',) + } + else + { + echo "Branch ${env.BRANCH_NAME} is not master nor PR. Sending failure email skipped." + } + } + } + cleanup { + echo "Pipeline Post: cleanup" + cleanWs disableDeferredWipeout: true, deleteDirs: true + } + } +} From 8faa32b33768f43c7d30b4660b2122386c0bc708 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 083/112] Revert "[nrf noup] ci: use zephyr/scripts/ci/check_compliance.py" This reverts commit 9f8ccb9333da631d803ff40f3ca0df0665000a99. Signed-off-by: Johann Fischer --- .gitlint | 2 +- Jenkinsfile | 37 +++++++++++-------------------------- 2 files changed, 12 insertions(+), 27 deletions(-) diff --git a/.gitlint b/.gitlint index 512813bbb..a2b26dbbf 100644 --- a/.gitlint +++ b/.gitlint @@ -10,7 +10,7 @@ debug = false # Set the extra-path where gitlint will search for user defined rules # See http://jorisroovers.github.io/gitlint/user_defined_rules for details -extra-path=../../zephyr/scripts/gitlint +extra-path=../tools/ci-tools/scripts/gitlint [title-max-length-no-revert] line-length=72 diff --git a/Jenkinsfile b/Jenkinsfile index 7b732e887..402fdd16f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) - choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') + choice(name: 'CRON', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') } agent { @@ -29,7 +29,7 @@ pipeline { } options { - checkoutToSubdirectory('bootloader/mcuboot') + checkoutToSubdirectory('mcuboot') parallelsAlwaysFailFast() timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) } @@ -38,34 +38,25 @@ pipeline { // This token is used to by check_compliance to comment on PRs and use checks GH_TOKEN = credentials('nordicbuilder-compliance-token') GH_USERNAME = "NordicBuilder" + COMPLIANCE_ARGS = "-r NordicPlayground/fw-nrfconnect-mcuboot" } stages { stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} stage('Checkout') { steps { script { - println "Running on NODE: $NODE_NAME" + CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) + lib_West.AddManifestUpdate("MCUBOOT", 'mcuboot', CI_STATE.SELF.GIT_URL, CI_STATE.SELF.GIT_REF, CI_STATE) lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) - lib_West.InitUpdate('nrf') - dir('bootloader') { - CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) - dir('mcuboot') { - sh "git log --graph --oneline --decorate -n 10" - } - } + lib_West.InitUpdate('nrf', 'ci-tools') }} } stage('Run compliance check') { when { expression { CI_STATE.SELF.RUN_TESTS } } steps { script { - println "Running on NODE: $NODE_NAME" lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); - dir('bootloader/mcuboot') { - - CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') - CI_STATE.SELF.COMPLIANCE = new HashMap() - CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " + dir('mcuboot') { def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) if (BUILD_TYPE == "PR") { @@ -81,7 +72,8 @@ pipeline { COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" } - CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " + COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g" + // COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g -e pylint" println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" } else if (BUILD_TYPE == "TAG") { @@ -97,16 +89,9 @@ pipeline { assert condition : "Build fails because it is not a PR/Tag/Branch" } - CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " - CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " - // Run the compliance check try { - sh """ - echo $CI_STATE.SELF.COMPLIANCE.ARGS - source ../../zephyr/zephyr-env.sh - ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS - """ + sh "../tools/ci-tools/scripts/check_compliance.py $COMPLIANCE_ARGS --commits $COMMIT_RANGE" } finally { junit 'compliance.xml' @@ -151,7 +136,7 @@ pipeline { failure { echo "failure" script{ - if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) + if (env.BRANCH_NAME == 'master' || env.BRANCH_NAME.startsWith("PR")) { emailext(to: 'anpu', body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", From 62f5e99060edd4c7e2c12a3a2318b85dde5edb21 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 084/112] Revert "[nrf noup] pm: clarify the purpose of the mcuboot_pad partition" This reverts commit ef3942301adbf3d7da1051f97fac01574c66f5c4. Signed-off-by: Johann Fischer --- boot/zephyr/pm.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 503615b31..f05ef65e5 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -27,8 +27,7 @@ mcuboot_scratch: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} #endif -# Padding placed before image to boot. This reserves space for the MCUboot image header -# and it ensures that the boot image gets linked with the correct address offset in flash. +# Padding placed before image to boot mcuboot_pad: # MCUboot pad must be placed before the 'spm' partition if that is present. # If 'spm' partition is not present, it must be placed before the 'app'. From d1802889cce628ff075545782d9e00bc4853c7b4 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 085/112] Revert "[nrf fromtree] zephyr/Kconfig: Added default pin for serial ..." This reverts commit b95e49304a9ee82f83668d51c1d95c6f2faaf983. Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 0573d247d..a559c26b0 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -470,8 +470,7 @@ config BOOT_SERIAL_DETECT_PIN default 6 if BOARD_NRF9160DK_NRF9160 default 11 if BOARD_NRF52840DK_NRF52840 default 13 if BOARD_NRF52DK_NRF52832 - default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS || \ - BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_NRF5340DK_NRF5340_CPUAPPNS + default 23 if BOARD_NRF5340PDK_NRF5340_CPUAPP || BOARD_NRF5340PDK_NRF5340_CPUAPPNS help Pin on the serial detect port which triggers serial recovery mode. From 3397b9a8d28ab97f7f90708ae30bdfeb24b82d42 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 086/112] Revert "[nrf temphack]: remove CONFIG_DEBUG=y in Zephyr prj.conf" This reverts commit 853e11283805ec66f157bc27a5286edb36046725. Signed-off-by: Johann Fischer --- boot/zephyr/prj.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 40920f000..e3e63c068 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,4 +1,5 @@ CONFIG_CONSOLE_HANDLER=y +CONFIG_DEBUG=y CONFIG_SYSTEM_CLOCK_DISABLE=y CONFIG_SYS_POWER_MANAGEMENT=n From 6109ca64bdd747b3876f344ed1b484446b5caaaa Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 087/112] Revert "[nrf fromlist] zephyr: use minimal CBPRINTF implementation" This reverts commit 534a4ecb02d27dcaf1194fdef4e7afd20280caae. Signed-off-by: Johann Fischer --- boot/zephyr/prj.conf | 2 -- 1 file changed, 2 deletions(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index e3e63c068..b95f503ed 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -34,5 +34,3 @@ CONFIG_FPROTECT=y CONFIG_LOG=y ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 -### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y -CONFIG_CBPRINTF_NANO=y From c86f39356244bb804846426c30e4e6ebffe4ee6e Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 088/112] Revert "[nrf noup] PM: adapted PM related code to CONFIG_SINGLE_APPLICATION_SLOT" This reverts commit 794fbcf67f23532ab369d97cf03e00e8a6075f36. Signed-off-by: Johann Fischer --- boot/zephyr/include/sysflash/sysflash.h | 6 +++--- boot/zephyr/pm.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 25479900f..a73b935dd 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -7,7 +7,7 @@ #include #include -#ifndef CONFIG_SINGLE_APPLICATION_SLOT +#ifndef CONFIG_SINGLE_IMAGE_DFU #if (MCUBOOT_IMAGE_NUMBER == 1) @@ -34,7 +34,7 @@ extern uint32_t _image_1_primary_slot_id[]; #endif #define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID -#else /* CONFIG_SINGLE_APPLICATION_SLOT */ +#else /* CONFIG_SINGLE_IMAGE_DFU */ #define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID #define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID @@ -44,7 +44,7 @@ extern uint32_t _image_1_primary_slot_id[]; */ #define FLASH_AREA_IMAGE_SCRATCH 0 -#endif /* CONFIG_SINGLE_APPLICATION_SLOT */ +#endif /* CONFIG_SINGLE_IMAGE_DFU */ #else diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index f05ef65e5..e04e05292 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -19,7 +19,7 @@ mcuboot_secondary: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} after: mcuboot_primary -#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_APPLICATION_SLOT) +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) mcuboot_scratch: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH placement: From 6f10738e72c9a7480acda4cd9bb6bf964e3bb4bd Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 089/112] Revert "[nrf temphack] do_boot: clean peripherals state before boot" This reverts commit bd4d82f7f97c059e2ba151a93913d47715a53884. Signed-off-by: Johann Fischer --- boot/zephyr/CMakeLists.txt | 6 ---- boot/zephyr/Kconfig | 5 ---- boot/zephyr/include/nrf_cleanup.h | 19 ------------ boot/zephyr/main.c | 9 +----- boot/zephyr/nrf_cleanup.c | 49 ------------------------------- 5 files changed, 1 insertion(+), 87 deletions(-) delete mode 100644 boot/zephyr/include/nrf_cleanup.h delete mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 87ad7d226..ab07791f1 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -298,9 +298,3 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() - -if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) -zephyr_library_sources( - ${BOOT_DIR}/zephyr/nrf_cleanup.c -) -endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index a559c26b0..c5846aa7c 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -185,11 +185,6 @@ config MCUBOOT_CLEANUP_ARM_CORE by default, if they are chain-loadable by MCUboot, so MCUboot does not need to perform such a cleanup itself. -config MCUBOOT_NRF_CLEANUP_PERIPHERAL - bool "Perform peripheral cleanup before chain-load the application" - depends on SOC_FAMILY_NRF - default y - config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h deleted file mode 100644 index 2b175634e..000000000 --- a/boot/zephyr/include/nrf_cleanup.h +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (c) 2020 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic - */ - -#ifndef H_NRF_CLEANUP_ -#define H_NRF_CLEANUP_ - -/** - * Perform cleanup on some peripheral resources used by MCUBoot prior chainload - * the application. - * - * This function disables all RTC instances and UARTE instances. - * It Disables their interrupts signals as well. - */ -void nrf_cleanup_peripheral(void); - -#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 538975d25..c01323af8 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -89,11 +89,6 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif - -#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL -#include -#endif - #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -169,9 +164,7 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif -#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL - nrf_cleanup_peripheral(); -#endif + #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c deleted file mode 100644 index 2f7cf2d68..000000000 --- a/boot/zephyr/nrf_cleanup.c +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (c) 2020 Nordic Semiconductor ASA - * - * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic - */ - -#include -#if defined(NRF_UARTE0) || defined(NRF_UARTE1) - #include -#endif -#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) - #include -#endif - -#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) -static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) -{ - nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); - nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); - nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); -} -#endif - -static void nrf_cleanup_clock(void) -{ - nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); -} - -void nrf_cleanup_peripheral(void) -{ -#if defined(NRF_RTC0) - nrf_cleanup_rtc(NRF_RTC0); -#endif -#if defined(NRF_RTC1) - nrf_cleanup_rtc(NRF_RTC1); -#endif -#if defined(NRF_RTC2) - nrf_cleanup_rtc(NRF_RTC2); -#endif -#if defined(NRF_UARTE0) - nrf_uarte_disable(NRF_UARTE0); - nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); -#endif -#if defined(NRF_UARTE1) - nrf_uarte_disable(NRF_UARTE1); - nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); -#endif - nrf_cleanup_clock(); -} From 154f9c089eb3bc252ef370ee25ee0332c15f3a87 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 090/112] Revert "[nrf noup] kconfig: enable external crypto config" This reverts commit fbd3e7a70d275fb907fcfd8a431d959036334cc9. Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 1 + .../overlay-minimal-external-crypto.conf | 46 ------------------- 2 files changed, 1 insertion(+), 46 deletions(-) delete mode 100644 boot/zephyr/overlay-minimal-external-crypto.conf diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index c5846aa7c..d2a81fbf9 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -127,6 +127,7 @@ config BOOT_ECDSA_CC310 config BOOT_NRF_EXTERNAL_CRYPTO bool "Use Shared Crypto from bootloader" select BOOT_USE_NRF_EXTERNAL_CRYPTO + depends on SECURE_BOOT_CRYPTO_CLIENT endchoice # Ecdsa implementation diff --git a/boot/zephyr/overlay-minimal-external-crypto.conf b/boot/zephyr/overlay-minimal-external-crypto.conf deleted file mode 100644 index a4bc98bf5..000000000 --- a/boot/zephyr/overlay-minimal-external-crypto.conf +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) 2020 Nordic Semiconductor ASA -# -# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic -# - -# These configurations should be used when using nrf/samples/bootloader -# as the immutable bootloader (B0), and MCUBoot as the second stage updateable -# bootloader. With this configuration, MCUBoot will re-use the crypto -# functionality from B0, and fit within 16kB. - -CONFIG_NCS_SAMPLES_DEFAULTS=n -CONFIG_LOG=n -CONFIG_BOOT_BANNER=n -CONFIG_PRINTK=n -CONFIG_CONSOLE=n -CONFIG_UART_CONSOLE=n -CONFIG_SERIAL=n -CONFIG_SECURE_BOOT_DEBUG=n -CONFIG_ASSERT=n -CONFIG_RESET_ON_FATAL_ERROR=n -CONFIG_REBOOT=n -CONFIG_GPIO=n -CONFIG_CLOCK_CONTROL=n -CONFIG_MINIMAL_LIBC_MALLOC=n -CONFIG_MINIMAL_LIBC_CALLOC=n -CONFIG_MINIMAL_LIBC_REALLOCARRAY=n -CONFIG_SIZE_OPTIMIZATIONS=y -CONFIG_NO_RUNTIME_CHECKS=y -CONFIG_CONSOLE_HANDLER=n -CONFIG_NRF_RTC_TIMER=n -CONFIG_SYS_CLOCK_EXISTS=n - -# Set ECDSA as signing mechanism -CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y - -# Use crypto backend from B0 -CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y -CONFIG_SECURE_BOOT_CRYPTO=y -CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y -CONFIG_SB_CRYPTO_CLIENT_SHA256=y -CONFIG_BL_SHA256_EXT_API_REQUIRED=y -CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y - -# Set 16kB as flash size -CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x3e00 From 78a55d25b34e5c9acb1bd4346e0b9590046b7aa0 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 091/112] Revert "[nrf noup] kconfig: use cc310 for ecdsa by default" This reverts commit ee5338f153c6f74276d5bd59fb8c4f5aa9dac87c. Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index d2a81fbf9..f89d7ff53 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -58,7 +58,7 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - select NRF_CC310_BL + default n config BOOT_USE_NRF_EXTERNAL_CRYPTO bool @@ -83,7 +83,6 @@ config SINGLE_APPLICATION_SLOT choice prompt "Signature type" - default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From 8ea00dfbffb2f9380be7b31a143a5dca7d657971 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Fri, 22 Jan 2021 23:41:16 +0100 Subject: [PATCH 092/112] Revert "[nrf noup] boot: zephyr: nrf53 network core bootloader implementation" This reverts commit df05bff1ed950942fda3f1335556f2bf90ee0076. Signed-off-by: Johann Fischer --- boot/bootutil/src/loader.c | 85 ++++++++++++-------------------------- boot/zephyr/main.c | 7 ---- 2 files changed, 26 insertions(+), 66 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index b421ede02..64457e47a 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,10 +45,6 @@ #include "bootutil/boot_record.h" #include "bootutil/fault_injection_hardening.h" -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -728,15 +724,7 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; - bool upgrade_valid = false; - -#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; - uint32_t vtable_addr = 0; - uint32_t *vtable = 0; - uint32_t reset_addr = 0; +#ifdef PM_S1_ADDRESS /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -744,31 +732,34 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - vtable = (uint32_t *)(vtable_addr); - reset_addr = vtable[1]; -#ifdef PM_S1_ADDRESS - const struct flash_area *primary_fa; - int rc = flash_area_open(flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } -#endif /* PM_S1_ADDRESS */ + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + int rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } } -#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -782,31 +773,7 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } - } else { - upgrade_valid = true; - } - -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - /* If the update is valid, and it targets the network core: perform the - * update and indicate to the caller of this function that no update is - * available - */ - if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { - uint32_t fw_size = hdr->ih_img_size; - - BOOT_LOG_INF("Starting network core update"); - int rc = pcd_network_core_update(vtable, fw_size); - - if (rc != 0) { - swap_type = BOOT_SWAP_TYPE_FAIL; - } else { - BOOT_LOG_INF("Done updating network core"); - rc = swap_erase_trailer_sectors(state, - secondary_fa); - swap_type = BOOT_SWAP_TYPE_NONE; - } } -#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index c01323af8..0ba7837cc 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -55,10 +55,6 @@ const struct boot_uart_funcs boot_funcs = { #include #endif -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) #ifdef CONFIG_LOG_PROCESS_THREAD #warning "The log internal thread for log processing can't transfer the log"\ @@ -451,9 +447,6 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - pcd_lock_ram(); -#endif ZEPHYR_BOOT_LOG_STOP(); From 12c6bf9f29de2ae61941eb6a1aa05704e2c6b470 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Mon, 25 Jan 2021 15:21:12 +0100 Subject: [PATCH 093/112] Revert "[nrf temphack] Kconfig: add accessor for flash write block size" This reverts commit ee8ab639004945282c129e66504727ff32ed7e89. Signed-off-by: Johann Fischer --- zephyr/Kconfig | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/zephyr/Kconfig b/zephyr/Kconfig index 80ecad9cf..ffca48313 100644 --- a/zephyr/Kconfig +++ b/zephyr/Kconfig @@ -23,16 +23,6 @@ config MCUBOOT_IMAGE_VERSION valuable for debugging purposes. Format: maj.min.rev+build with latter parts optional. -# HACK: NCS temphack to keep our imgtool integration working now that -# there is no CONFIG_DT_* CMake namespace anymore. Use Zephyr -# kconfigfunctions to thread the flash write block size through -# Kconfig so it can be accessed from CMake. Needs a better solution. -DT_ZEPHYR_FLASH := zephyr,flash -DT_CHOSEN_ZEPHYR_FLASH := $(dt_chosen_path,$(DT_ZEPHYR_FLASH)) -config MCUBOOT_FLASH_WRITE_BLOCK_SIZE - int - default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) - endif # BOOTLOADER_MCUBOOT config DT_FLASH_WRITE_BLOCK_SIZE From c7de60b618a1324fa9db0cedbc50ecc79a3f6780 Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Mon, 25 Jan 2021 15:21:12 +0100 Subject: [PATCH 094/112] Revert "[nrf noup] zephyr: lock mcuboot using fprotect before jumping" This reverts commit 01c58f5534811f804a93b19e3ae72ab1da6973a9. Signed-off-by: Johann Fischer --- boot/zephyr/main.c | 28 ---------------------------- boot/zephyr/pm.yml | 4 +--- boot/zephyr/prj.conf | 1 - 3 files changed, 1 insertion(+), 32 deletions(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 0ba7837cc..0e0a13dde 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -80,11 +80,6 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #define ZEPHYR_BOOT_LOG_STOP() do { } while (false) #endif /* defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) */ -#if USE_PARTITION_MANAGER && CONFIG_FPROTECT -#include -#include - -#endif #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -426,30 +421,7 @@ void main(void) rsp.br_image_off); BOOT_LOG_INF("Jumping to the first image slot"); - -#if USE_PARTITION_MANAGER && CONFIG_FPROTECT - -#ifdef PM_S1_ADDRESS -/* MCUBoot is stored in either S0 or S1, protect both */ -#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) -#define PROTECT_ADDR PM_S0_ADDRESS -#else -/* There is only one instance of MCUBoot */ -#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) -#define PROTECT_ADDR PM_MCUBOOT_ADDRESS -#endif - - rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); - - if (rc != 0) { - BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); - while (1) - ; - } -#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ - ZEPHYR_BOOT_LOG_STOP(); - do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index e04e05292..5f5ca520e 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -34,6 +34,4 @@ mcuboot_pad: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] -#ifdef CONFIG_FPROTECT - align: {start: CONFIG_FPROTECT_BLOCK_SIZE} -#endif + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index b95f503ed..7f15372de 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -24,7 +24,6 @@ CONFIG_BOOT_BOOTSTRAP=n # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y -CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set From 3b2a79085d560e065432290e249eea37159f9a9f Mon Sep 17 00:00:00 2001 From: Johann Fischer Date: Mon, 25 Jan 2021 15:21:12 +0100 Subject: [PATCH 095/112] Revert "[nrf noup] treewide: add NCS partition manager support" This reverts commit ecbaa04e9ec0ca3f194e6a6de68a9c5ea1d64835. Signed-off-by: Johann Fischer --- boot/bootutil/src/loader.c | 66 ++----------------------- boot/bootutil/src/swap_move.c | 13 ----- boot/bootutil/src/swap_scratch.c | 13 ----- boot/zephyr/CMakeLists.txt | 7 --- boot/zephyr/Kconfig | 13 +---- boot/zephyr/include/sysflash/sysflash.h | 47 ------------------ boot/zephyr/include/target.h | 4 -- boot/zephyr/pm.yml | 37 -------------- zephyr/CMakeLists.txt | 1 - zephyr/Kconfig | 32 ------------ 10 files changed, 5 insertions(+), 228 deletions(-) delete mode 100644 boot/zephyr/pm.yml delete mode 100644 zephyr/CMakeLists.txt delete mode 100644 zephyr/Kconfig diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 64457e47a..431f4dd03 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -90,15 +90,6 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. The primary slot of the second image - * (image 1) will not contain a valid image header until an upgrade - * of mcuboot has happened (filling S1 with the new version). - */ - if (BOOT_CURR_IMG(state) == 1 && i == 0) { - continue; - } -#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -724,42 +715,6 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other - * B1 slot S0 or S1) share the same secondary slot, we need to check - * whether the update candidate in the secondary slot is intended for - * image 0 or image 1 primary by looking at the address of the reset - * vector. Note that there are good reasons for not using img_num from - * the swap info. - */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; - - if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - int rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } - } -#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -1884,23 +1839,10 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. If secure boot is enabled, then mcuboot - * will be stored in either partition S0 or S1. Image 1 primary - * will point to the 'other' Sx partition. Hence, image 1 primary - * does not contain a valid image until mcuboot has been upgraded. - * Note that B0 will perform validation of the active mcuboot image, - * so there is no security lost by skipping this check for image 1 - * primary. - */ - if (BOOT_CURR_IMG(state) == 0) -#endif - { - FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); - if (fih_not_eq(fih_rc, FIH_SUCCESS)) { - goto out; - } - } + FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { + goto out; + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index 71d35361f..f2883f626 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -211,18 +211,6 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. In this case, image 1 primary points to the other - * B1 slot (ie S0 or S1), and image 0 primary points to the app. - * With this configuration, image 0 and image 1 share the secondary slot. - * Hence, the primary slot of image 1 will be *smaller* than image 1's - * secondary slot. This is not allowed in upstream mcuboot, so we need - * this patch to allow it. Also, all of these checks are redundant when - * partition manager is in use, and since we have the same sector size - * in all of our flash. - */ - return 1; -#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -259,7 +247,6 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; -#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index e37caccee..55fa61f0f 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -175,18 +175,6 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { -#ifdef PM_S1_ADDRESS - /* Patch needed for NCS. In this case, image 1 primary points to the other - * B1 slot (ie S0 or S1), and image 0 primary points to the app. - * With this configuration, image 0 and image 1 share the secondary slot. - * Hence, the primary slot of image 1 will be *smaller* than image 1's - * secondary slot. This is not allowed in upstream mcuboot, so we need - * this patch to allow it. Also, all of these checks are redundant when - * partition manager is in use, and since we have the same sector size - * in all of our flash. - */ - return 1; -#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -272,7 +260,6 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; -#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index ab07791f1..799b83e30 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -271,13 +271,6 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") - set_property( - GLOBAL - PROPERTY - KEY_FILE - ${KEY_FILE} - ) - set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index f89d7ff53..f2556f407 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -15,18 +15,6 @@ config MCUBOOT select MPU_ALLOW_FLASH_WRITE if ARM_MPU select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET -partition=MCUBOOT -partition-size=0xc000 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -partition=MCUBOOT_SCRATCH -partition-size=0x1e000 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - -partition=MCUBOOT_PAD -partition-size=0x200 -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" - config BOOT_USE_MBEDTLS bool # Hidden option @@ -157,6 +145,7 @@ config BOOT_SIGNATURE_KEY_FILE default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + default "" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index a73b935dd..99ca27371 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,51 +3,6 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ -#if USE_PARTITION_MANAGER -#include -#include - -#ifndef CONFIG_SINGLE_IMAGE_DFU - -#if (MCUBOOT_IMAGE_NUMBER == 1) - -#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID -#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID - -#elif (MCUBOOT_IMAGE_NUMBER == 2) - -extern uint32_t _image_1_primary_slot_id[]; - -#define FLASH_AREA_IMAGE_PRIMARY(x) \ - ((x == 0) ? \ - PM_MCUBOOT_PRIMARY_ID : \ - (x == 1) ? \ - (uint32_t)_image_1_primary_slot_id : \ - 255 ) - -#define FLASH_AREA_IMAGE_SECONDARY(x) \ - ((x == 0) ? \ - PM_MCUBOOT_SECONDARY_ID: \ - (x == 1) ? \ - PM_MCUBOOT_SECONDARY_ID: \ - 255 ) -#endif -#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID - -#else /* CONFIG_SINGLE_IMAGE_DFU */ - -#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID -#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID -/* NOTE: Scratch parition is not used by single image DFU but some of - * functions in common files reference it, so the definitions has been - * provided to allow compilation of common units. - */ -#define FLASH_AREA_IMAGE_SCRATCH 0 - -#endif /* CONFIG_SINGLE_IMAGE_DFU */ - -#else - #include #include @@ -100,6 +55,4 @@ extern uint32_t _image_1_primary_slot_id[]; #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ -#endif /* USE_PARTITION_MANAGER */ - #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 72a62cc22..1b0c8f52f 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,8 +8,6 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ -#ifndef USE_PARTITION_MANAGER - #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -49,6 +47,4 @@ #error "Target support is incomplete; cannot build mcuboot." #endif -#endif /* ifndef USE_PARTITION_MANAGER */ - #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml deleted file mode 100644 index 5f5ca520e..000000000 --- a/boot/zephyr/pm.yml +++ /dev/null @@ -1,37 +0,0 @@ -#include - -mcuboot: - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT - placement: - before: [mcuboot_primary] - -mcuboot_primary_app: - # All images to be placed in MCUboot's slot 0 should be placed in this - # partition - span: [app] - -mcuboot_primary: - span: [mcuboot_pad, mcuboot_primary_app] - -mcuboot_secondary: - share_size: [mcuboot_primary] - placement: - align: {start: CONFIG_FPROTECT_BLOCK_SIZE} - after: mcuboot_primary - -#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) -mcuboot_scratch: - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH - placement: - after: app - align: {start: CONFIG_FPROTECT_BLOCK_SIZE} -#endif - -# Padding placed before image to boot -mcuboot_pad: - # MCUboot pad must be placed before the 'spm' partition if that is present. - # If 'spm' partition is not present, it must be placed before the 'app'. - size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD - placement: - before: [mcuboot_primary_app] - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/zephyr/CMakeLists.txt b/zephyr/CMakeLists.txt deleted file mode 100644 index 683bcf226..000000000 --- a/zephyr/CMakeLists.txt +++ /dev/null @@ -1 +0,0 @@ -include(${ZEPHYR_NRF_MODULE_DIR}/cmake/mcuboot.cmake) diff --git a/zephyr/Kconfig b/zephyr/Kconfig deleted file mode 100644 index ffca48313..000000000 --- a/zephyr/Kconfig +++ /dev/null @@ -1,32 +0,0 @@ -menu "MCUboot" - -if BOOTLOADER_MCUBOOT - -config MCUBOOT_CMAKELISTS_DIR - string "Path to the directory of the MCUBoot CMakeLists.txt file" - default "$MCUBOOT_BASE/boot/zephyr/" - - -# The name of this configuration needs to match the requirements set by the -# script `partition_manager.py`. See `pm.yml` in the application directory -# of MCUBoot. -module=MCUBOOT -source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.build_strategy" - -config MCUBOOT_IMAGE_VERSION - string "Image version" - default "0.0.0+0" - help - Value to be passed as 'version' argument to 'imgtool.py' when - creating signed image. Note that no semantics are connected to - this variable. It does not provide downgrade prevention, and is only - valuable for debugging purposes. Format: maj.min.rev+build with - latter parts optional. - -endif # BOOTLOADER_MCUBOOT - -config DT_FLASH_WRITE_BLOCK_SIZE - int - default $(dt_node_int_prop_int,$(DT_CHOSEN_ZEPHYR_FLASH),write-block-size) - -endmenu From 84cc24d4795540331fe62a435e4cf9365fbb736a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=B8e?= Date: Wed, 12 Dec 2018 08:59:47 +0100 Subject: [PATCH 096/112] [nrf noup] treewide: add NCS partition manager support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. Updating `zephyr/module.yml` with: ``` cmake-ext: True kconfig-ext: True ``` This allows all mcuboot glue code to be placed directly in sdk-nrf repository. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Øyvind Rønningstad Signed-off-by: Sebastian Bøe Signed-off-by: Sigvart Hovland Signed-off-by: Martí Bolívar Signed-off-by: Torsten Rasmussen Signed-off-by: Andrzej Głąbek Signed-off-by: Robert Lubos Signed-off-by: Andrzej Puzdrowski Signed-off-by: Dominik Ermel Signed-off-by: Emil Obalski Signed-off-by: Torsten Rasmussen Signed-off-by: Pawel Dunaj (cherry picked from commit e632ea6f38f08de7981c2d24d5f9e2ca754bcd68) (cherry picked from commit e66f03264fb733bbda086d4746fd6919b6559375) (cherry picked from commit fcbc47f59e59e5a596e04857b78423bbb90cf602) (cherry picked from commit 5409c45d4019b015fbc2f0ad926e28752f77bc29) (cherry picked from commit 50155fddf309adbe79edbf49126ded5b27afe8eb) (cherry picked from commit d7373a00f65b7545c025cbb63cfd8bc153afe5e7) (cherry picked from commit 04514d6a2236050ac8abd89d72f59dd175a0265e) (cherry picked from commit 069b603167a1e8f1491e44139dc099c8065fdf28) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit ecbaa04e9ec0ca3f194e6a6de68a9c5ea1d64835) Signed-off-by: Johann Fischer --- boot/bootutil/src/loader.c | 66 +++++++++++++++++++++++-- boot/bootutil/src/swap_move.c | 13 +++++ boot/bootutil/src/swap_scratch.c | 13 +++++ boot/zephyr/CMakeLists.txt | 7 +++ boot/zephyr/Kconfig | 13 ++++- boot/zephyr/include/sysflash/sysflash.h | 47 ++++++++++++++++++ boot/zephyr/include/target.h | 4 ++ boot/zephyr/pm.yml | 37 ++++++++++++++ zephyr/module.yml | 3 +- 9 files changed, 197 insertions(+), 6 deletions(-) create mode 100644 boot/zephyr/pm.yml diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index b81a7cea3..098e9aa65 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -90,6 +90,15 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all, * * Failure to read any headers is a fatal error. */ +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. The primary slot of the second image + * (image 1) will not contain a valid image header until an upgrade + * of mcuboot has happened (filling S1 with the new version). + */ + if (BOOT_CURR_IMG(state) == 1 && i == 0) { + continue; + } +#endif /* PM_S1_ADDRESS */ if (i > 0 && !require_all) { return 0; } else { @@ -715,6 +724,42 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other + * B1 slot S0 or S1) share the same secondary slot, we need to check + * whether the update candidate in the secondary slot is intended for + * image 0 or image 1 primary by looking at the address of the reset + * vector. Note that there are good reasons for not using img_num from + * the swap info. + */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; + + if (hdr->ih_magic == IMAGE_MAGIC) { + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + int rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } + } +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -1839,10 +1884,23 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp) } #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT - FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); - if (fih_not_eq(fih_rc, FIH_SUCCESS)) { - goto out; - } +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. If secure boot is enabled, then mcuboot + * will be stored in either partition S0 or S1. Image 1 primary + * will point to the 'other' Sx partition. Hence, image 1 primary + * does not contain a valid image until mcuboot has been upgraded. + * Note that B0 will perform validation of the active mcuboot image, + * so there is no security lost by skipping this check for image 1 + * primary. + */ + if (BOOT_CURR_IMG(state) == 0) +#endif + { + FIH_CALL(boot_validate_slot, fih_rc, state, BOOT_PRIMARY_SLOT, NULL); + if (fih_not_eq(fih_rc, FIH_SUCCESS)) { + goto out; + } + } #else /* Even if we're not re-validating the primary slot, we could be booting * onto an empty flash chip. At least do a basic sanity check that diff --git a/boot/bootutil/src/swap_move.c b/boot/bootutil/src/swap_move.c index f2883f626..71d35361f 100644 --- a/boot/bootutil/src/swap_move.c +++ b/boot/bootutil/src/swap_move.c @@ -211,6 +211,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_pri; size_t num_sectors_sec; size_t sector_sz_pri = 0; @@ -247,6 +259,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c index 55fa61f0f..e37caccee 100644 --- a/boot/bootutil/src/swap_scratch.c +++ b/boot/bootutil/src/swap_scratch.c @@ -175,6 +175,18 @@ boot_status_internal_off(const struct boot_status *bs, int elem_sz) int boot_slots_compatible(struct boot_loader_state *state) { +#ifdef PM_S1_ADDRESS + /* Patch needed for NCS. In this case, image 1 primary points to the other + * B1 slot (ie S0 or S1), and image 0 primary points to the app. + * With this configuration, image 0 and image 1 share the secondary slot. + * Hence, the primary slot of image 1 will be *smaller* than image 1's + * secondary slot. This is not allowed in upstream mcuboot, so we need + * this patch to allow it. Also, all of these checks are redundant when + * partition manager is in use, and since we have the same sector size + * in all of our flash. + */ + return 1; +#else size_t num_sectors_primary; size_t num_sectors_secondary; size_t sz0, sz1; @@ -260,6 +272,7 @@ boot_slots_compatible(struct boot_loader_state *state) } return 1; +#endif /* PM_S1_ADDRESS */ } #define BOOT_LOG_SWAP_STATE(area, state) \ diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 51aab16ef..5ef5ea8c2 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -274,6 +274,13 @@ if(NOT CONFIG_BOOT_SIGNATURE_KEY_FILE STREQUAL "") endif() message("MCUBoot bootloader key file: ${KEY_FILE}") + set_property( + GLOBAL + PROPERTY + KEY_FILE + ${KEY_FILE} + ) + set(GENERATED_PUBKEY ${ZEPHYR_BINARY_DIR}/autogen-pubkey.c) add_custom_command( OUTPUT ${GENERATED_PUBKEY} diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 4251e1900..b0a77c684 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -16,6 +16,18 @@ config MCUBOOT select USE_DT_CODE_PARTITION if HAS_FLASH_LOAD_OFFSET select MCUBOOT_BOOTUTIL_LIB +partition=MCUBOOT +partition-size=0xc000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_SCRATCH +partition-size=0x1e000 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + +partition=MCUBOOT_PAD +partition-size=0x200 +source "${ZEPHYR_BASE}/../nrf/subsys/partition_manager/Kconfig.template.partition_size" + config BOOT_USE_MBEDTLS bool # Hidden option @@ -146,7 +158,6 @@ config BOOT_SIGNATURE_KEY_FILE default "root-ed25519.pem" if BOOT_SIGNATURE_TYPE_ED25519 default "root-rsa-3072.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=3072 default "root-rsa-2048.pem" if BOOT_SIGNATURE_TYPE_RSA && BOOT_SIGNATURE_TYPE_RSA_LEN=2048 - default "" help You can use either absolute or relative path. In case relative path is used, the build system assumes that it starts diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index 99ca27371..a73b935dd 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -3,6 +3,51 @@ #ifndef __SYSFLASH_H__ #define __SYSFLASH_H__ +#if USE_PARTITION_MANAGER +#include +#include + +#ifndef CONFIG_SINGLE_IMAGE_DFU + +#if (MCUBOOT_IMAGE_NUMBER == 1) + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_SECONDARY_ID + +#elif (MCUBOOT_IMAGE_NUMBER == 2) + +extern uint32_t _image_1_primary_slot_id[]; + +#define FLASH_AREA_IMAGE_PRIMARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_PRIMARY_ID : \ + (x == 1) ? \ + (uint32_t)_image_1_primary_slot_id : \ + 255 ) + +#define FLASH_AREA_IMAGE_SECONDARY(x) \ + ((x == 0) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + (x == 1) ? \ + PM_MCUBOOT_SECONDARY_ID: \ + 255 ) +#endif +#define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID + +#else /* CONFIG_SINGLE_IMAGE_DFU */ + +#define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID +#define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID +/* NOTE: Scratch parition is not used by single image DFU but some of + * functions in common files reference it, so the definitions has been + * provided to allow compilation of common units. + */ +#define FLASH_AREA_IMAGE_SCRATCH 0 + +#endif /* CONFIG_SINGLE_IMAGE_DFU */ + +#else + #include #include @@ -55,4 +100,6 @@ #endif /* CONFIG_SINGLE_APPLICATION_SLOT */ +#endif /* USE_PARTITION_MANAGER */ + #endif /* __SYSFLASH_H__ */ diff --git a/boot/zephyr/include/target.h b/boot/zephyr/include/target.h index 1b0c8f52f..72a62cc22 100644 --- a/boot/zephyr/include/target.h +++ b/boot/zephyr/include/target.h @@ -8,6 +8,8 @@ #ifndef H_TARGETS_TARGET_ #define H_TARGETS_TARGET_ +#ifndef USE_PARTITION_MANAGER + #if defined(MCUBOOT_TARGET_CONFIG) /* * Target-specific definitions are permitted in legacy cases that @@ -47,4 +49,6 @@ #error "Target support is incomplete; cannot build mcuboot." #endif +#endif /* ifndef USE_PARTITION_MANAGER */ + #endif /* H_TARGETS_TARGET_ */ diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml new file mode 100644 index 000000000..5f5ca520e --- /dev/null +++ b/boot/zephyr/pm.yml @@ -0,0 +1,37 @@ +#include + +mcuboot: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT + placement: + before: [mcuboot_primary] + +mcuboot_primary_app: + # All images to be placed in MCUboot's slot 0 should be placed in this + # partition + span: [app] + +mcuboot_primary: + span: [mcuboot_pad, mcuboot_primary_app] + +mcuboot_secondary: + share_size: [mcuboot_primary] + placement: + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} + after: mcuboot_primary + +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) +mcuboot_scratch: + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH + placement: + after: app + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif + +# Padding placed before image to boot +mcuboot_pad: + # MCUboot pad must be placed before the 'spm' partition if that is present. + # If 'spm' partition is not present, it must be placed before the 'app'. + size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD + placement: + before: [mcuboot_primary_app] + align: {start: DT_FLASH_ERASE_BLOCK_SIZE} diff --git a/zephyr/module.yml b/zephyr/module.yml index c4293e387..797b0fa10 100644 --- a/zephyr/module.yml +++ b/zephyr/module.yml @@ -1,4 +1,5 @@ samples: - boot/zephyr build: - cmake: ./boot/bootutil/zephyr + cmake-ext: True + kconfig-ext: True From 0bb3e660c709caa9db79a010e7de188f36a60f17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Mon, 6 Jan 2020 11:35:06 +0000 Subject: [PATCH 097/112] [nrf noup] zephyr: lock mcuboot using fprotect before jumping MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This to enable the secure boot property of the system. Signed-off-by: Håkon Øye Amundsen Signed-off-by: Emil Obalski Signed-off-by: Andrzej Puzdrowski Signed-off-by: Sigvart Hovland Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen (cherry picked from commit 3f02019110c5e7de2f85617fe7997ff64a97e3a5) (cherry picked from commit 59e02e27dafd41456c54bf45d0b2d95ab15b6e0f) (cherry picked from commit c21b25a9a8f60fa2e10c820be0166ac87de52fdf) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit 01c58f5534811f804a93b19e3ae72ab1da6973a9) Signed-off-by: Johann Fischer --- boot/zephyr/main.c | 28 ++++++++++++++++++++++++++++ boot/zephyr/pm.yml | 4 +++- boot/zephyr/prj.conf | 1 + 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index b7ded97f9..3479bdcb2 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -81,6 +81,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #define ZEPHYR_BOOT_LOG_STOP() do { } while (false) #endif /* defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) */ +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT +#include +#include + +#endif #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -422,7 +427,30 @@ void main(void) rsp.br_image_off); BOOT_LOG_INF("Jumping to the first image slot"); + +#if USE_PARTITION_MANAGER && CONFIG_FPROTECT + +#ifdef PM_S1_ADDRESS +/* MCUBoot is stored in either S0 or S1, protect both */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_S0_ADDRESS) +#define PROTECT_ADDR PM_S0_ADDRESS +#else +/* There is only one instance of MCUBoot */ +#define PROTECT_SIZE (PM_MCUBOOT_PRIMARY_ADDRESS - PM_MCUBOOT_ADDRESS) +#define PROTECT_ADDR PM_MCUBOOT_ADDRESS +#endif + + rc = fprotect_area(PROTECT_ADDR, PROTECT_SIZE); + + if (rc != 0) { + BOOT_LOG_ERR("Protect mcuboot flash failed, cancel startup."); + while (1) + ; + } +#endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ + ZEPHYR_BOOT_LOG_STOP(); + do_boot(&rsp); BOOT_LOG_ERR("Never should get here"); diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 5f5ca520e..e04e05292 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -34,4 +34,6 @@ mcuboot_pad: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_PAD placement: before: [mcuboot_primary_app] - align: {start: DT_FLASH_ERASE_BLOCK_SIZE} +#ifdef CONFIG_FPROTECT + align: {start: CONFIG_FPROTECT_BLOCK_SIZE} +#endif diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index 03c5067d8..c0319d417 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -24,6 +24,7 @@ CONFIG_BOOT_BOOTSTRAP=n # CONFIG_TINYCRYPT_SHA256 is not set CONFIG_FLASH=y +CONFIG_FPROTECT=y ### Various Zephyr boards enable features that we don't want. # CONFIG_BT is not set From 6841a6bd4e76bbbb814f8b9709ecf6e5e784cd87 Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 27 Aug 2020 14:29:31 +0200 Subject: [PATCH 098/112] [nrf noup] boot: zephyr: nrf53 network core bootloader implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. Signed-off-by: Sigvart Hovland Signed-off-by: Håkon Øye Amundsen (cherry picked from commit a401d3a056b6ef41a9ead1a7ad5263e028f52549) (cherry picked from commit f35f763bbe7e698b3c275c548faae3537061e9c7) (cherry picked from commit 337357898d46250584c2d400ea3ae57770ae99b8) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit df05bff1ed950942fda3f1335556f2bf90ee0076) Signed-off-by: Johann Fischer --- boot/bootutil/src/loader.c | 85 ++++++++++++++++++++++++++------------ boot/zephyr/main.c | 7 ++++ 2 files changed, 66 insertions(+), 26 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 098e9aa65..716e3edd0 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,6 +45,10 @@ #include "bootutil/boot_record.h" #include "bootutil/fault_injection_hardening.h" +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -724,7 +728,15 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; -#ifdef PM_S1_ADDRESS + bool upgrade_valid = false; + +#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; + uint32_t vtable_addr = 0; + uint32_t *vtable = 0; + uint32_t reset_addr = 0; /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -732,34 +744,31 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - int rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } + vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + vtable = (uint32_t *)(vtable_addr); + reset_addr = vtable[1]; +#ifdef PM_S1_ADDRESS + const struct flash_area *primary_fa; + int rc = flash_area_open(flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } +#endif /* PM_S1_ADDRESS */ } -#endif +#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -773,7 +782,31 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } + } else { + upgrade_valid = true; + } + +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + /* If the update is valid, and it targets the network core: perform the + * update and indicate to the caller of this function that no update is + * available + */ + if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { + uint32_t fw_size = hdr->ih_img_size; + + BOOT_LOG_INF("Starting network core update"); + int rc = pcd_network_core_update(vtable, fw_size); + + if (rc != 0) { + swap_type = BOOT_SWAP_TYPE_FAIL; + } else { + BOOT_LOG_INF("Done updating network core"); + rc = swap_erase_trailer_sectors(state, + secondary_fa); + swap_type = BOOT_SWAP_TYPE_NONE; + } } +#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 3479bdcb2..79191f751 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -55,6 +55,10 @@ const struct boot_uart_funcs boot_funcs = { #include #endif +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) && \ !defined(CONFIG_LOG_MINIMAL) #ifdef CONFIG_LOG_PROCESS_THREAD @@ -448,6 +452,9 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + pcd_lock_ram(); +#endif ZEPHYR_BOOT_LOG_STOP(); From d80776b9863096716371eb2e949863a94b041f59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 10:29:19 +0000 Subject: [PATCH 099/112] [nrf noup] kconfig: use cc310 for ecdsa by default MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit when hardware is available. NCSDK-5167 Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 40fc6dc073bfd1907eca563890bd49b286c715ea) (cherry picked from commit 1788ad7a9894780bf27c68d98aa87e833f170c7d) (cherry picked from commit 5e0fc4ec914b0765920c00a994f3dd30c93e4136) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit ee5338f153c6f74276d5bd59fb8c4f5aa9dac87c) Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index b0a77c684..b17e7f079 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -59,7 +59,7 @@ config BOOT_USE_CC310 config BOOT_USE_NRF_CC310_BL bool - default n + select NRF_CC310_BL config BOOT_USE_NRF_EXTERNAL_CRYPTO bool @@ -84,6 +84,7 @@ config SINGLE_APPLICATION_SLOT choice prompt "Signature type" + default BOOT_SIGNATURE_TYPE_ECDSA_P256 if HAS_HW_NRF_CC310 default BOOT_SIGNATURE_TYPE_RSA config BOOT_SIGNATURE_TYPE_NONE From ca4d049ca1241389b3564e65ec69ec8ef2af763b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?H=C3=A5kon=20=C3=98ye=20Amundsen?= Date: Thu, 8 Oct 2020 12:20:32 +0000 Subject: [PATCH 100/112] [nrf noup] kconfig: enable external crypto config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remove undefined dependency and add overlay file for building minimal mcuboot with exeternal crypto. Signed-off-by: Håkon Øye Amundsen (cherry picked from commit e473ee375bc6d53a976408fc133bd0bc6eb3f0a5) (cherry picked from commit 4d1b74b32f7f49692fc40132c7c5e84030ef6a85) (cherry picked from commit a2c9384795e897f52f5eee840ac63f04633335f3) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit fbd3e7a70d275fb907fcfd8a431d959036334cc9) Signed-off-by: Johann Fischer --- boot/zephyr/Kconfig | 1 - .../overlay-minimal-external-crypto.conf | 46 +++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/overlay-minimal-external-crypto.conf diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index b17e7f079..0e1a97547 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -128,7 +128,6 @@ config BOOT_ECDSA_CC310 config BOOT_NRF_EXTERNAL_CRYPTO bool "Use Shared Crypto from bootloader" select BOOT_USE_NRF_EXTERNAL_CRYPTO - depends on SECURE_BOOT_CRYPTO_CLIENT endchoice # Ecdsa implementation diff --git a/boot/zephyr/overlay-minimal-external-crypto.conf b/boot/zephyr/overlay-minimal-external-crypto.conf new file mode 100644 index 000000000..a4bc98bf5 --- /dev/null +++ b/boot/zephyr/overlay-minimal-external-crypto.conf @@ -0,0 +1,46 @@ +# +# Copyright (c) 2020 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic +# + +# These configurations should be used when using nrf/samples/bootloader +# as the immutable bootloader (B0), and MCUBoot as the second stage updateable +# bootloader. With this configuration, MCUBoot will re-use the crypto +# functionality from B0, and fit within 16kB. + +CONFIG_NCS_SAMPLES_DEFAULTS=n +CONFIG_LOG=n +CONFIG_BOOT_BANNER=n +CONFIG_PRINTK=n +CONFIG_CONSOLE=n +CONFIG_UART_CONSOLE=n +CONFIG_SERIAL=n +CONFIG_SECURE_BOOT_DEBUG=n +CONFIG_ASSERT=n +CONFIG_RESET_ON_FATAL_ERROR=n +CONFIG_REBOOT=n +CONFIG_GPIO=n +CONFIG_CLOCK_CONTROL=n +CONFIG_MINIMAL_LIBC_MALLOC=n +CONFIG_MINIMAL_LIBC_CALLOC=n +CONFIG_MINIMAL_LIBC_REALLOCARRAY=n +CONFIG_SIZE_OPTIMIZATIONS=y +CONFIG_NO_RUNTIME_CHECKS=y +CONFIG_CONSOLE_HANDLER=n +CONFIG_NRF_RTC_TIMER=n +CONFIG_SYS_CLOCK_EXISTS=n + +# Set ECDSA as signing mechanism +CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y + +# Use crypto backend from B0 +CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y +CONFIG_SECURE_BOOT_CRYPTO=y +CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y +CONFIG_SB_CRYPTO_CLIENT_SHA256=y +CONFIG_BL_SHA256_EXT_API_REQUIRED=y +CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y + +# Set 16kB as flash size +CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x3e00 From 18a0a8a5f5bdbaf74b192f08f9ef4b49a68c4af1 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 27 Feb 2020 12:48:56 +0100 Subject: [PATCH 101/112] [nrf temphack] do_boot: clean peripherals state before boot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. Signed-off-by: Andrzej Puzdrowski Signed-off-by: Robert Lubos Signed-off-by: Torsten Rasmussen Signed-off-by: Øyvind Rønningstad Signed-off-by: Martí Bolívar Signed-off-by: Håkon Øye Amundsen (cherry picked from commit 664b8ad8b05e9fac567eafcf9fe617303fb6aed6) (cherry picked from commit a47b96262f1fd8401c0ec0d9d85460b1f53f005a) (cherry picked from commit a8cc9879747019ba0459b900920296365abae4b1) (cherry picked from commit 4b41ab6ccaee6c54f37d351b51b85f94499459f7) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit bd4d82f7f97c059e2ba151a93913d47715a53884) Signed-off-by: Johann Fischer --- boot/zephyr/CMakeLists.txt | 6 ++++ boot/zephyr/Kconfig | 5 ++++ boot/zephyr/include/nrf_cleanup.h | 19 ++++++++++++ boot/zephyr/main.c | 9 +++++- boot/zephyr/nrf_cleanup.c | 49 +++++++++++++++++++++++++++++++ 5 files changed, 87 insertions(+), 1 deletion(-) create mode 100644 boot/zephyr/include/nrf_cleanup.h create mode 100644 boot/zephyr/nrf_cleanup.c diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt index 5ef5ea8c2..32ec9627e 100644 --- a/boot/zephyr/CMakeLists.txt +++ b/boot/zephyr/CMakeLists.txt @@ -301,3 +301,9 @@ zephyr_library_sources( ${BOOT_DIR}/zephyr/arm_cleanup.c ) endif() + +if(CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL) +zephyr_library_sources( + ${BOOT_DIR}/zephyr/nrf_cleanup.c +) +endif() diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig index 0e1a97547..0b57d86e2 100644 --- a/boot/zephyr/Kconfig +++ b/boot/zephyr/Kconfig @@ -186,6 +186,11 @@ config MCUBOOT_CLEANUP_ARM_CORE by default, if they are chain-loadable by MCUboot, so MCUboot does not need to perform such a cleanup itself. +config MCUBOOT_NRF_CLEANUP_PERIPHERAL + bool "Perform peripheral cleanup before chain-load the application" + depends on SOC_FAMILY_NRF + default y + config MBEDTLS_CFG_FILE default "mcuboot-mbedtls-cfg.h" diff --git a/boot/zephyr/include/nrf_cleanup.h b/boot/zephyr/include/nrf_cleanup.h new file mode 100644 index 000000000..2b175634e --- /dev/null +++ b/boot/zephyr/include/nrf_cleanup.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#ifndef H_NRF_CLEANUP_ +#define H_NRF_CLEANUP_ + +/** + * Perform cleanup on some peripheral resources used by MCUBoot prior chainload + * the application. + * + * This function disables all RTC instances and UARTE instances. + * It Disables their interrupts signals as well. + */ +void nrf_cleanup_peripheral(void); + +#endif diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 79191f751..a2c0fe29e 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -90,6 +90,11 @@ K_SEM_DEFINE(boot_log_sem, 1, 1); #include #endif + +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL +#include +#endif + #ifdef CONFIG_SOC_FAMILY_NRF #include @@ -165,7 +170,9 @@ static void do_boot(struct boot_rsp *rsp) } #endif #endif - +#if CONFIG_MCUBOOT_NRF_CLEANUP_PERIPHERAL + nrf_cleanup_peripheral(); +#endif #if CONFIG_MCUBOOT_CLEANUP_ARM_CORE cleanup_arm_nvic(); /* cleanup NVIC registers */ diff --git a/boot/zephyr/nrf_cleanup.c b/boot/zephyr/nrf_cleanup.c new file mode 100644 index 000000000..2f7cf2d68 --- /dev/null +++ b/boot/zephyr/nrf_cleanup.c @@ -0,0 +1,49 @@ +/* + * Copyright (c) 2020 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: LicenseRef-BSD-5-Clause-Nordic + */ + +#include +#if defined(NRF_UARTE0) || defined(NRF_UARTE1) + #include +#endif +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) + #include +#endif + +#if defined(NRF_RTC0) || defined(NRF_RTC1) || defined(NRF_RTC2) +static inline void nrf_cleanup_rtc(NRF_RTC_Type * rtc_reg) +{ + nrf_rtc_task_trigger(rtc_reg, NRF_RTC_TASK_STOP); + nrf_rtc_event_disable(rtc_reg, 0xFFFFFFFF); + nrf_rtc_int_disable(rtc_reg, 0xFFFFFFFF); +} +#endif + +static void nrf_cleanup_clock(void) +{ + nrf_clock_int_disable(NRF_CLOCK, 0xFFFFFFFF); +} + +void nrf_cleanup_peripheral(void) +{ +#if defined(NRF_RTC0) + nrf_cleanup_rtc(NRF_RTC0); +#endif +#if defined(NRF_RTC1) + nrf_cleanup_rtc(NRF_RTC1); +#endif +#if defined(NRF_RTC2) + nrf_cleanup_rtc(NRF_RTC2); +#endif +#if defined(NRF_UARTE0) + nrf_uarte_disable(NRF_UARTE0); + nrf_uarte_int_disable(NRF_UARTE0, 0xFFFFFFFF); +#endif +#if defined(NRF_UARTE1) + nrf_uarte_disable(NRF_UARTE1); + nrf_uarte_int_disable(NRF_UARTE1, 0xFFFFFFFF); +#endif + nrf_cleanup_clock(); +} From a79c7ece94281176967c850deb2b494164ed1fa4 Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Thu, 26 Nov 2020 15:57:13 +0100 Subject: [PATCH 102/112] [nrf noup] PM: adapted PM related code to CONFIG_SINGLE_APPLICATION_SLOT CONFIG_SINGLE_APPLICATION_SLOT replaced CONFIG_SINGLE_IMAGE_DFU in the upstream, so need to adapt all the code which is using that keyword. Signed-off-by: Andrzej Puzdrowski (cherry picked from commit 794fbcf67f23532ab369d97cf03e00e8a6075f36) Signed-off-by: Johann Fischer --- boot/zephyr/include/sysflash/sysflash.h | 6 +++--- boot/zephyr/pm.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/boot/zephyr/include/sysflash/sysflash.h b/boot/zephyr/include/sysflash/sysflash.h index a73b935dd..25479900f 100644 --- a/boot/zephyr/include/sysflash/sysflash.h +++ b/boot/zephyr/include/sysflash/sysflash.h @@ -7,7 +7,7 @@ #include #include -#ifndef CONFIG_SINGLE_IMAGE_DFU +#ifndef CONFIG_SINGLE_APPLICATION_SLOT #if (MCUBOOT_IMAGE_NUMBER == 1) @@ -34,7 +34,7 @@ extern uint32_t _image_1_primary_slot_id[]; #endif #define FLASH_AREA_IMAGE_SCRATCH PM_MCUBOOT_SCRATCH_ID -#else /* CONFIG_SINGLE_IMAGE_DFU */ +#else /* CONFIG_SINGLE_APPLICATION_SLOT */ #define FLASH_AREA_IMAGE_PRIMARY(x) PM_MCUBOOT_PRIMARY_ID #define FLASH_AREA_IMAGE_SECONDARY(x) PM_MCUBOOT_PRIMARY_ID @@ -44,7 +44,7 @@ extern uint32_t _image_1_primary_slot_id[]; */ #define FLASH_AREA_IMAGE_SCRATCH 0 -#endif /* CONFIG_SINGLE_IMAGE_DFU */ +#endif /* CONFIG_SINGLE_APPLICATION_SLOT */ #else diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index e04e05292..f05ef65e5 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -19,7 +19,7 @@ mcuboot_secondary: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} after: mcuboot_primary -#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_IMAGE_DFU) +#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_APPLICATION_SLOT) mcuboot_scratch: size: CONFIG_PM_PARTITION_SIZE_MCUBOOT_SCRATCH placement: From 798c35143eab33c16edb61410d395fe9b97641ce Mon Sep 17 00:00:00 2001 From: Torsten Rasmussen Date: Fri, 27 Nov 2020 15:30:50 +0100 Subject: [PATCH 103/112] [nrf temphack]: remove CONFIG_DEBUG=y in Zephyr prj.conf This commit removes the `CONFIG_DEBUG=y` setting from Zephyr prj.conf to save k flash size. Signed-off-by: Torsten Rasmussen (cherry picked from commit 853e11283805ec66f157bc27a5286edb36046725) Signed-off-by: Johann Fischer --- boot/zephyr/prj.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index c0319d417..dbaa3d90a 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -1,5 +1,4 @@ CONFIG_CONSOLE_HANDLER=y -CONFIG_DEBUG=y CONFIG_SYSTEM_CLOCK_DISABLE=y CONFIG_SYS_POWER_MANAGEMENT=n From cab5843a5d4880580d1f65f54aaaa1e07c11a9d9 Mon Sep 17 00:00:00 2001 From: Vidar Berg Date: Mon, 30 Nov 2020 13:43:28 +0100 Subject: [PATCH 104/112] [nrf noup] pm: clarify the purpose of the mcuboot_pad partition I didn't find a description of this partition it in the docs. Signed-off-by: Vidar Berg (cherry picked from commit ef3942301adbf3d7da1051f97fac01574c66f5c4) Signed-off-by: Johann Fischer --- boot/zephyr/pm.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index f05ef65e5..503615b31 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -27,7 +27,8 @@ mcuboot_scratch: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} #endif -# Padding placed before image to boot +# Padding placed before image to boot. This reserves space for the MCUboot image header +# and it ensures that the boot image gets linked with the correct address offset in flash. mcuboot_pad: # MCUboot pad must be placed before the 'spm' partition if that is present. # If 'spm' partition is not present, it must be placed before the 'app'. From 0e60baf000c35c6beee30647d421cf26ac2de355 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Wed, 20 Jan 2021 16:18:32 +0100 Subject: [PATCH 105/112] [nrf noup] ci: use zephyr/scripts/ci/check_compliance.py replace ci-tools version of check_compliance.py Signed-off-by: Thomas Stilwell (cherry picked from commit 9f8ccb9333da631d803ff40f3ca0df0665000a99) Signed-off-by: Johann Fischer --- .gitlint | 2 +- Jenkinsfile | 37 ++++++++++++++++++++++++++----------- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/.gitlint b/.gitlint index a2b26dbbf..512813bbb 100644 --- a/.gitlint +++ b/.gitlint @@ -10,7 +10,7 @@ debug = false # Set the extra-path where gitlint will search for user defined rules # See http://jorisroovers.github.io/gitlint/user_defined_rules for details -extra-path=../tools/ci-tools/scripts/gitlint +extra-path=../../zephyr/scripts/gitlint [title-max-length-no-revert] line-length=72 diff --git a/Jenkinsfile b/Jenkinsfile index 402fdd16f..7b732e887 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) - choice(name: 'CRON', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') + choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') } agent { @@ -29,7 +29,7 @@ pipeline { } options { - checkoutToSubdirectory('mcuboot') + checkoutToSubdirectory('bootloader/mcuboot') parallelsAlwaysFailFast() timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) } @@ -38,25 +38,34 @@ pipeline { // This token is used to by check_compliance to comment on PRs and use checks GH_TOKEN = credentials('nordicbuilder-compliance-token') GH_USERNAME = "NordicBuilder" - COMPLIANCE_ARGS = "-r NordicPlayground/fw-nrfconnect-mcuboot" } stages { stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} stage('Checkout') { steps { script { - CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) - lib_West.AddManifestUpdate("MCUBOOT", 'mcuboot', CI_STATE.SELF.GIT_URL, CI_STATE.SELF.GIT_REF, CI_STATE) + println "Running on NODE: $NODE_NAME" lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) - lib_West.InitUpdate('nrf', 'ci-tools') + lib_West.InitUpdate('nrf') + dir('bootloader') { + CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) + dir('mcuboot') { + sh "git log --graph --oneline --decorate -n 10" + } + } }} } stage('Run compliance check') { when { expression { CI_STATE.SELF.RUN_TESTS } } steps { script { + println "Running on NODE: $NODE_NAME" lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); - dir('mcuboot') { + dir('bootloader/mcuboot') { + + CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') + CI_STATE.SELF.COMPLIANCE = new HashMap() + CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) if (BUILD_TYPE == "PR") { @@ -72,8 +81,7 @@ pipeline { COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" } - COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g" - // COMPLIANCE_ARGS = "$COMPLIANCE_ARGS -p $CHANGE_ID -S $CI_STATE.SELF.REPORT_SHA -g -e pylint" + CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" } else if (BUILD_TYPE == "TAG") { @@ -89,9 +97,16 @@ pipeline { assert condition : "Build fails because it is not a PR/Tag/Branch" } + CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " + CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " + // Run the compliance check try { - sh "../tools/ci-tools/scripts/check_compliance.py $COMPLIANCE_ARGS --commits $COMMIT_RANGE" + sh """ + echo $CI_STATE.SELF.COMPLIANCE.ARGS + source ../../zephyr/zephyr-env.sh + ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS + """ } finally { junit 'compliance.xml' @@ -136,7 +151,7 @@ pipeline { failure { echo "failure" script{ - if (env.BRANCH_NAME == 'master' || env.BRANCH_NAME.startsWith("PR")) + if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) { emailext(to: 'anpu', body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", From 78fc1d62edc9d639059fa5fdf7b39ef8a9e3f1a3 Mon Sep 17 00:00:00 2001 From: Thomas Stilwell Date: Thu, 21 Jan 2021 11:12:13 +0100 Subject: [PATCH 106/112] [nrf noup] ci: replace jenkins pipeline in jenkinsfile with a stub load pipeline from internal config repo Signed-off-by: Thomas Stilwell (cherry picked from commit 8834daf508d612f1912adcaac3962975e1e363e7) Signed-off-by: Johann Fischer --- Jenkinsfile | 170 +--------------------------------------------------- 1 file changed, 2 insertions(+), 168 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7b732e887..8220afe03 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,172 +1,6 @@ -// -// Copyright (c) 2020 Nordic Semiconductor ASA. All Rights Reserved. -// -// The information contained herein is confidential property of Nordic Semiconductor ASA. -// The use, copying, transfer or disclosure of such information is prohibited except by -// express written agreement with Nordic Semiconductor ASA. -// - @Library("CI_LIB") _ -HashMap CI_STATE = lib_State.getConfig(JOB_NAME) -properties(lib_State.getTriggers()) - -pipeline { - - parameters { - booleanParam(name: 'RUN_DOWNSTREAM', description: 'if false skip downstream jobs', defaultValue: false) - booleanParam(name: 'RUN_TESTS', description: 'if false skip testing', defaultValue: true) - booleanParam(name: 'RUN_BUILD', description: 'if false skip building', defaultValue: true) - string( name: 'jsonstr_CI_STATE', description: 'Default State if no upstream job', defaultValue: CI_STATE.CFG.INPUT_STATE_STR ) - choice(name: 'TEST_CYCLE', choices: CI_STATE.CFG.CRON_CHOICES, description: 'Cron Test Phase') - } - - agent { - docker { - image CI_STATE.CFG.IMAGE_TAG - label CI_STATE.CFG.AGENT_LABELS - } - } - - options { - checkoutToSubdirectory('bootloader/mcuboot') - parallelsAlwaysFailFast() - timeout(time: CI_STATE.CFG.TIMEOUT.time, unit: CI_STATE.CFG.TIMEOUT.unit) - } - - environment { - // This token is used to by check_compliance to comment on PRs and use checks - GH_TOKEN = credentials('nordicbuilder-compliance-token') - GH_USERNAME = "NordicBuilder" - } - - stages { - stage('Load') { steps { script { CI_STATE = lib_State.load('MCUBOOT', CI_STATE) }}} - stage('Checkout') { - steps { script { - println "Running on NODE: $NODE_NAME" - lib_Main.checkoutRepo(CI_STATE.NRF.GIT_URL, "nrf", CI_STATE.NRF, true) - lib_West.InitUpdate('nrf') - dir('bootloader') { - CI_STATE.SELF.REPORT_SHA = lib_Main.checkoutRepo(CI_STATE.SELF.GIT_URL, "mcuboot", CI_STATE.SELF, false) - dir('mcuboot') { - sh "git log --graph --oneline --decorate -n 10" - } - } - }} - } - stage('Run compliance check') { - when { expression { CI_STATE.SELF.RUN_TESTS } } - steps { - script { - println "Running on NODE: $NODE_NAME" - lib_Status.set("PENDING", 'MCUBOOT', CI_STATE); - dir('bootloader/mcuboot') { - - CI_STATE.SELF.ORG_AND_REPO = CI_STATE.SELF.GIT_URL.replace('.git','').replace('https://github.com/','') - CI_STATE.SELF.COMPLIANCE = new HashMap() - CI_STATE.SELF.COMPLIANCE.ARGS = " -r $CI_STATE.SELF.ORG_AND_REPO " - - def BUILD_TYPE = lib_Main.getBuildType(CI_STATE.SELF) - if (BUILD_TYPE == "PR") { - - if ( CI_STATE.SELF.CHANGE_TITLE.toLowerCase().contains('[nrf mergeup]') ) { - CI_STATE.SELF.IS_MERGEUP = true - println 'This is a MERGE-UP PR. CI_STATE.SELF.IS_MERGEUP=' + CI_STATE.SELF.IS_MERGEUP - CI_STATE.SELF.MERGEUP_BASE = sh( script: "git log --oneline --grep='\\[nrf mergeup\\].*' -i -n 1 --pretty=format:'%h' | tr -d '\\n'" , returnStdout: true) - println "CI_STATE.SELF.MERGEUP_BASE = $CI_STATE.SELF.MERGEUP_BASE" - COMMIT_RANGE = "$CI_STATE.SELF.MERGEUP_BASE..$CI_STATE.SELF.REPORT_SHA" - } else { - CI_STATE.SELF.IS_MERGEUP = false - COMMIT_RANGE = "$CI_STATE.SELF.MERGE_BASE..$CI_STATE.SELF.REPORT_SHA" - } - - CI_STATE.SELF.COMPLIANCE.ARGS += " -p $CHANGE_ID " - println "Building a PR [$CHANGE_ID]: $COMMIT_RANGE" - } - else if (BUILD_TYPE == "TAG") { - COMMIT_RANGE = "tags/${env.BRANCH_NAME}..tags/${env.BRANCH_NAME}" - println "Building a Tag: " + COMMIT_RANGE - } - // If not a PR, it's a non-PR-branch or master build. Compare against the origin. - else if (BUILD_TYPE == "BRANCH") { - COMMIT_RANGE = "origin/${env.BRANCH_NAME}..HEAD" - println "Building a Branch: " + COMMIT_RANGE - } - else { - assert condition : "Build fails because it is not a PR/Tag/Branch" - } - - CI_STATE.SELF.COMPLIANCE.ARGS += " -S $CI_STATE.SELF.REPORT_SHA " - CI_STATE.SELF.COMPLIANCE.ARGS += " --commits $COMMIT_RANGE " - - // Run the compliance check - try { - sh """ - echo $CI_STATE.SELF.COMPLIANCE.ARGS - source ../../zephyr/zephyr-env.sh - ../../zephyr/scripts/ci/check_compliance.py $CI_STATE.SELF.COMPLIANCE.ARGS - """ - } - finally { - junit 'compliance.xml' - archiveArtifacts artifacts: 'compliance.xml' - } - } - } - } - } - - stage('Build samples') { - when { expression { CI_STATE.SELF.RUN_BUILD } } - steps { - echo "No Samples to build yet." - } - } - - stage('Trigger Downstream Jobs') { - when { expression { CI_STATE.SELF.RUN_DOWNSTREAM } } - steps { script { lib_Stage.runDownstream(JOB_NAME, CI_STATE) } } - } - - stage('Report') { - when { expression { CI_STATE.SELF.RUN_TESTS } } - steps { script { - println 'no report generation yet' - } } - } +def pipeline = new ncs.sdk_mcuboot.Main() - } +pipeline.run(JOB_NAME) - post { - // This is the order that the methods are run. {always->success/abort/failure/unstable->cleanup} - always { script { - lib_Status.set( "${currentBuild.currentResult}", 'MCUBOOT', CI_STATE) - if ( !CI_STATE.SELF.RUN_BUILD || !CI_STATE.SELF.RUN_TESTS ) { currentBuild.result = "UNSTABLE"} - }} - // Add if needed - // success {} - // aborted {} - // unstable {} - failure { - echo "failure" - script{ - if ( env.JOB_NAME == 'latest/sdk-mcuboot/master' ) - { - emailext(to: 'anpu', - body: "${currentBuild.currentResult}\nJob ${env.JOB_NAME}\t\t build ${env.BUILD_NUMBER}\r\nLink: ${env.BUILD_URL}", - subject: "[Jenkins][Build ${currentBuild.currentResult}: ${env.JOB_NAME}]", - mimeType: 'text/html',) - } - else - { - echo "Branch ${env.BRANCH_NAME} is not master nor PR. Sending failure email skipped." - } - } - } - cleanup { - echo "Pipeline Post: cleanup" - cleanWs disableDeferredWipeout: true, deleteDirs: true - } - } -} From 4620e27763f604dac669c62560040a01e0af3339 Mon Sep 17 00:00:00 2001 From: "Draus, Sebastian" Date: Thu, 4 Feb 2021 16:34:20 +0100 Subject: [PATCH 107/112] [nrf noup] pm: Don't create second image partition in single slot build This commit prevents creating secondary image partition if CONFIG_SINGLE_APPLICATION_SLOT=y. Signed-off-by: Draus, Sebastian --- boot/zephyr/pm.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/boot/zephyr/pm.yml b/boot/zephyr/pm.yml index 503615b31..003bcea28 100644 --- a/boot/zephyr/pm.yml +++ b/boot/zephyr/pm.yml @@ -13,11 +13,15 @@ mcuboot_primary_app: mcuboot_primary: span: [mcuboot_pad, mcuboot_primary_app] +# Partition for secondary slot is not created if building in single applicaton +# slot configuration. +#if !defined(CONFIG_SINGLE_APPLICATION_SLOT) mcuboot_secondary: share_size: [mcuboot_primary] placement: align: {start: CONFIG_FPROTECT_BLOCK_SIZE} after: mcuboot_primary +#endif #if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_SINGLE_APPLICATION_SLOT) mcuboot_scratch: From 3384cd3c173e93a33f7866c9745f001982d95bbb Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 8 Feb 2021 12:27:26 +0100 Subject: [PATCH 108/112] Revert "[nrf noup] boot: zephyr: nrf53 network core bootloader implementation" This reverts commit 6841a6bd4e76bbbb814f8b9709ecf6e5e784cd87. Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/src/loader.c | 85 ++++++++++++-------------------------- boot/zephyr/main.c | 7 ---- 2 files changed, 26 insertions(+), 66 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 716e3edd0..098e9aa65 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,10 +45,6 @@ #include "bootutil/boot_record.h" #include "bootutil/fault_injection_hardening.h" -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -728,15 +724,7 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; - bool upgrade_valid = false; - -#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; - uint32_t vtable_addr = 0; - uint32_t *vtable = 0; - uint32_t reset_addr = 0; +#ifdef PM_S1_ADDRESS /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -744,31 +732,34 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = + (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - vtable = (uint32_t *)(vtable_addr); - reset_addr = vtable[1]; -#ifdef PM_S1_ADDRESS - const struct flash_area *primary_fa; - int rc = flash_area_open(flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } -#endif /* PM_S1_ADDRESS */ + const struct flash_area *primary_fa; + uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + uint32_t *vtable = (uint32_t *)(vtable_addr); + uint32_t reset_addr = vtable[1]; + int rc = flash_area_open( + flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } } -#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ +#endif swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -782,31 +773,7 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } - } else { - upgrade_valid = true; - } - -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - /* If the update is valid, and it targets the network core: perform the - * update and indicate to the caller of this function that no update is - * available - */ - if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { - uint32_t fw_size = hdr->ih_img_size; - - BOOT_LOG_INF("Starting network core update"); - int rc = pcd_network_core_update(vtable, fw_size); - - if (rc != 0) { - swap_type = BOOT_SWAP_TYPE_FAIL; - } else { - BOOT_LOG_INF("Done updating network core"); - rc = swap_erase_trailer_sectors(state, - secondary_fa); - swap_type = BOOT_SWAP_TYPE_NONE; - } } -#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index a2c0fe29e..6b2cb8ea7 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -55,10 +55,6 @@ const struct boot_uart_funcs boot_funcs = { #include #endif -#ifdef CONFIG_SOC_NRF5340_CPUAPP -#include -#endif - #if defined(CONFIG_LOG) && !defined(CONFIG_LOG_IMMEDIATE) && \ !defined(CONFIG_LOG_MINIMAL) #ifdef CONFIG_LOG_PROCESS_THREAD @@ -459,9 +455,6 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ -#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) - pcd_lock_ram(); -#endif ZEPHYR_BOOT_LOG_STOP(); From b767052ad611454055374e9bb32448d37ce3669d Mon Sep 17 00:00:00 2001 From: Sigvart Hovland Date: Thu, 27 Aug 2020 14:29:31 +0200 Subject: [PATCH 109/112] [nrf noup] boot: zephyr: nrf53 network core bootloader implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. Signed-off-by: Sigvart Hovland Signed-off-by: Håkon Øye Amundsen (cherry picked from commit a401d3a056b6ef41a9ead1a7ad5263e028f52549) (cherry picked from commit f35f763bbe7e698b3c275c548faae3537061e9c7) (cherry picked from commit 337357898d46250584c2d400ea3ae57770ae99b8) Signed-off-by: Ioannis Glaropoulos (cherry picked from commit df05bff1ed950942fda3f1335556f2bf90ee0076) Signed-off-by: Johann Fischer (cherry picked from commit 6841a6bd4e76bbbb814f8b9709ecf6e5e784cd87) Signed-off-by: Andrzej Puzdrowski --- boot/bootutil/src/loader.c | 85 ++++++++++++++++++++++++++------------ boot/zephyr/main.c | 7 ++++ 2 files changed, 66 insertions(+), 26 deletions(-) diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index 098e9aa65..716e3edd0 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -45,6 +45,10 @@ #include "bootutil/boot_record.h" #include "bootutil/fault_injection_hardening.h" +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + #ifdef MCUBOOT_ENC_IMAGES #include "bootutil/enc_key.h" #endif @@ -724,7 +728,15 @@ boot_validated_swap_type(struct boot_loader_state *state, { int swap_type; fih_int fih_rc = FIH_FAILURE; -#ifdef PM_S1_ADDRESS + bool upgrade_valid = false; + +#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP) + const struct flash_area *secondary_fa = + BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); + struct image_header *hdr = (struct image_header *)secondary_fa->fa_off; + uint32_t vtable_addr = 0; + uint32_t *vtable = 0; + uint32_t reset_addr = 0; /* Patch needed for NCS. Since image 0 (the app) and image 1 (the other * B1 slot S0 or S1) share the same secondary slot, we need to check * whether the update candidate in the secondary slot is intended for @@ -732,34 +744,31 @@ boot_validated_swap_type(struct boot_loader_state *state, * vector. Note that there are good reasons for not using img_num from * the swap info. */ - const struct flash_area *secondary_fa = - BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT); - struct image_header *hdr = - (struct image_header *)secondary_fa->fa_off; if (hdr->ih_magic == IMAGE_MAGIC) { - const struct flash_area *primary_fa; - uint32_t vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; - uint32_t *vtable = (uint32_t *)(vtable_addr); - uint32_t reset_addr = vtable[1]; - int rc = flash_area_open( - flash_area_id_from_multi_image_slot( - BOOT_CURR_IMG(state), - BOOT_PRIMARY_SLOT), - &primary_fa); - - if (rc != 0) { - return BOOT_SWAP_TYPE_FAIL; - } - /* Get start and end of primary slot for current image */ - if (reset_addr < primary_fa->fa_off || - reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { - /* The image in the secondary slot is not intended for this image - */ - return BOOT_SWAP_TYPE_NONE; - } + vtable_addr = (uint32_t)hdr + hdr->ih_hdr_size; + vtable = (uint32_t *)(vtable_addr); + reset_addr = vtable[1]; +#ifdef PM_S1_ADDRESS + const struct flash_area *primary_fa; + int rc = flash_area_open(flash_area_id_from_multi_image_slot( + BOOT_CURR_IMG(state), + BOOT_PRIMARY_SLOT), + &primary_fa); + + if (rc != 0) { + return BOOT_SWAP_TYPE_FAIL; + } + /* Get start and end of primary slot for current image */ + if (reset_addr < primary_fa->fa_off || + reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) { + /* The image in the secondary slot is not intended for this image + */ + return BOOT_SWAP_TYPE_NONE; + } +#endif /* PM_S1_ADDRESS */ } -#endif +#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */ swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state)); if (BOOT_IS_UPGRADE(swap_type)) { @@ -773,7 +782,31 @@ boot_validated_swap_type(struct boot_loader_state *state, } else { swap_type = BOOT_SWAP_TYPE_FAIL; } + } else { + upgrade_valid = true; + } + +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + /* If the update is valid, and it targets the network core: perform the + * update and indicate to the caller of this function that no update is + * available + */ + if (upgrade_valid && reset_addr > PM_CPUNET_B0N_ADDRESS) { + uint32_t fw_size = hdr->ih_img_size; + + BOOT_LOG_INF("Starting network core update"); + int rc = pcd_network_core_update(vtable, fw_size); + + if (rc != 0) { + swap_type = BOOT_SWAP_TYPE_FAIL; + } else { + BOOT_LOG_INF("Done updating network core"); + rc = swap_erase_trailer_sectors(state, + secondary_fa); + swap_type = BOOT_SWAP_TYPE_NONE; + } } +#endif /* CONFIG_SOC_NRF5340_CPUAPP */ } return swap_type; diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c index 645dc4e6d..b0a9ec6a7 100644 --- a/boot/zephyr/main.c +++ b/boot/zephyr/main.c @@ -55,6 +55,10 @@ const struct boot_uart_funcs boot_funcs = { #include #endif +#ifdef CONFIG_SOC_NRF5340_CPUAPP +#include +#endif + /* CONFIG_LOG_MINIMAL is the legacy Kconfig property, * replaced by CONFIG_LOG_MODE_MINIMAL. */ @@ -461,6 +465,9 @@ void main(void) ; } #endif /* USE_PARTITION_MANAGER && CONFIG_FPROTECT */ +#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(PM_CPUNET_B0N_ADDRESS) + pcd_lock_ram(); +#endif ZEPHYR_BOOT_LOG_STOP(); From 858dd034f6565bcab5ed780e48aa713994ca1b7d Mon Sep 17 00:00:00 2001 From: Andrzej Puzdrowski Date: Mon, 8 Feb 2021 12:46:06 +0100 Subject: [PATCH 110/112] [nrf temphack] prj.conf: don't use CONFIG_LOG_MODE_MINIMAL yet MCUboot was updated to newer version which uses refactored LOG Kconfig keyword not available in sdk-zephyr yet. Revert this commit on the next upmerge. Signed-off-by: Andrzej Puzdrowski --- boot/zephyr/prj.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index dade88558..dbaa3d90a 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -31,7 +31,7 @@ CONFIG_FPROTECT=y # CONFIG_I2C is not set CONFIG_LOG=y -CONFIG_LOG_MODE_MINIMAL=y # former CONFIG_MODE_MINIMAL +CONFIG_LOG_MINIMAL=y ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 ### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y From 3ea42d2d5a7ebc5f7c691325a9f0d90b5d64fa1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andrzej=20G=C5=82=C4=85bek?= Date: Fri, 5 Mar 2021 16:52:05 +0100 Subject: [PATCH 111/112] Revert "[nrf temphack] prj.conf: don't use CONFIG_LOG_MODE_MINIMAL yet" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 858dd034f6565bcab5ed780e48aa713994ca1b7d. Signed-off-by: Andrzej Głąbek --- boot/zephyr/prj.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf index dbaa3d90a..dade88558 100644 --- a/boot/zephyr/prj.conf +++ b/boot/zephyr/prj.conf @@ -31,7 +31,7 @@ CONFIG_FPROTECT=y # CONFIG_I2C is not set CONFIG_LOG=y -CONFIG_LOG_MINIMAL=y +CONFIG_LOG_MODE_MINIMAL=y # former CONFIG_MODE_MINIMAL ### Ensure Zephyr logging changes don't use more resources CONFIG_LOG_DEFAULT_LEVEL=0 ### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y From 769d5a385ec30819f17b870fc532596636347f0a Mon Sep 17 00:00:00 2001 From: CapnOdin Date: Wed, 14 Apr 2021 15:37:13 +0200 Subject: [PATCH 112/112] Made boot_serial_start yield to allow the usb connection to be established and transfer data --- boot/boot_serial/src/boot_serial.c | 1 + 1 file changed, 1 insertion(+) diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index d0f0eb0cd..1e4faf133 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -626,6 +626,7 @@ boot_serial_start(const struct boot_uart_funcs *f) while (1) { rc = f->read(in_buf + off, sizeof(in_buf) - off, &full_line); if (rc <= 0 && !full_line) { + k_yield(); continue; } off += rc;