[DNM] Upmerge 20231208 #290
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes building the bootloader with serial recovery mode and boot serial extensions enabled due to changes in Zephyr's MCUmgr file and naming changes. Signed-off-by: Jamie McCrae <[email protected]>
Add new badge to easily check build status for Espressif CI. Signed-off-by: Fabio Utzig <[email protected]>
Fix documentation issues for the rendering of the Espressif README page. No content is changed with this commit, but formatting and line breaks are set to approximately 100 columns. Signed-off-by: Fabio Utzig <[email protected]>
Update to versions matching: https://pages.github.com/versions/ Signed-off-by: Fabio Utzig <[email protected]>
This plugin enables jekyll to display emojis; the version added matches current on github-pages (https://pages.github.com/versions/) Signed-off-by: Fabio Utzig <[email protected]>
webrick needs to be installed for ruby versions >3, which should ease local testing for someone running newer versions. This is compatible with running on ruby 2.7.4, the version used on github pages. Signed-off-by: Fabio Utzig <[email protected]>
Guards the inclusion of cmsis_core header for ARM targets only. Fixes #1799 Signed-off-by: Lucas Tamborrino <[email protected]>
The commit adds missing support for direct upload of third image slots. Signed-off-by: Dominik Ermel <[email protected]>
This adds support for indication LED option (MCUBOOT_INDICATION_LED) in the timeout based recovery. Configured LED will be enabled when entering the recovery and disabled after selected timeout (if no mcumgr command was received). Signed-off-by: Piotr Dymacz <[email protected]>
Adds missing point in version when snprintf is used Signed-off-by: Benjamin Bigler <[email protected]>
Make MINIMAL_LIBC as default for MCUboot app build instead of picolibc. Footprint is lower and no need to MULTLTHREADING enabled for SoC build. Signed-off-by: Sylvio Alves <[email protected]>
Fixes an include which is needed for multiple options by just always including it, and fixing the path so it can be included. Signed-off-by: Jamie McCrae <[email protected]>
Changes back to the minimal C library instead of picolibc to reduce flash usage Signed-off-by: Jamie McCrae <[email protected]>
This commit enables ECDSA signature verification using PSA Crypto API. Signed-off-by: Roland Mikhel <[email protected]> Change-Id: I51c7aadba03348f335e89d9252e70c09f8787f30
This commit enables ECDSA signature verification using PSA Crypto API. Signed-off-by: Roland Mikhel <[email protected]> Change-Id: I33f559ecdd59b1ce41c6a2d5f315212300d585e3
Currently all the hashing functionality is done with SHA256 but if we would like to use ECDSA-P384 that requires SHA384 as the hashing algorithm, but MCUboot is using SHA256 for image hashing and public key hashing. This commit modifies the hashing operations to use SHA384 thus SHA256 can be omitted which is beneficial from a code size standpoint. Signed-off-by: Roland Mikhel <[email protected]> Change-Id: I59230f76f88e0b42ad6383b2c9b71b73f33d7dd7
Currently all the hashing functionality is done with SHA256 but if we would like to use ECDSA-P384 that requires SHA384 as the hashing algorithm. However, MCUboot is using SHA256 for image hashing and public key hashing. This commit modifies the hashing operations to use SHA384 thus SHA256 can be omitted which is beneficial from a code size standpoint. Signed-off-by: Roland Mikhel <[email protected]> Change-Id: I364eefe334e4fe6668b8a3b97991b5dbb0c80104
Add ECDSA verification tests to the CI using the PSA Crypto API Signed-off-by: Roland Mikhel <[email protected]> Change-Id: I904c8929f355ec791ff28ac7c3e0ca3832b2403d
Fixes an issue whereby multiple commands are received and some are still being processed. This generally arises when a response takes a long time (e.g. when image decryption is required), duplicate commands will now send multiple responses but avoids the bug of future commands being sent to which previous responses are received. Signed-off-by: Jamie McCrae <[email protected]>
Adds a note about a fix for boot_serial duplicate commands Signed-off-by: Jamie McCrae <[email protected]>
Fixes 2 issues, one whereby multiple slots were checked despite operating in single slot mode, and another whereby decrypted images would not appear on serial recovery image listing, due to assuming that the images were still encrypted. Signed-off-by: Jamie McCrae <[email protected]>
Adds a note on fixes with boot serial image listing Signed-off-by: Jamie McCrae <[email protected]>
Adjust secure boot and flash encryption after IDF v5.x updates. It also allows to enable secure boot on ESP32-C2. Signed-off-by: Almir Okato <[email protected]>
This fixes a build error when PSA Crypto API is being used as it has no need for bootutil_import_key but it's included currently since it's allowed to have both Mbed TLS and PSA defined. Signed-off-by: Roland Mikhel <[email protected]> Change-Id: If38d3011fc4fa2d317f8be65df9e231d7d57dcbf
Adds the ability to share mcuboot configuration with the application using Zephyr's retention subsystem. Signed-off-by: Jamie McCrae <[email protected]>
Adds a note that Zephyr can now use the retention subsystem to share information with applications about MCUboot's configuration. Signed-off-by: Jamie McCrae <[email protected]>
Adds a new define if bootloader in built in direct-XIP with revert mode Signed-off-by: Jamie McCrae <[email protected]>
Adds support for sharing the direct-XIP MCUboot mode with revert to applications using shared data Signed-off-by: Jamie McCrae <[email protected]>
This allows for out-of-tree modules to define their own boot serial functions by using iterable sections. Note that this also removes the custom img list command, which was not used in-tree. Signed-off-by: Jamie McCrae <[email protected]>
Adds a note on the reworked boot serial extensions features which now allows modules to add handlers Signed-off-by: Jamie McCrae <[email protected]>
This reverts commit 48ad055. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit a47c9c4. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 1f14ccb. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 0030544. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 16fd63c. Signed-off-by: Dominik Ermel <[email protected]>
This reverts commit 8ba5c7f. Signed-off-by: Dominik Ermel <[email protected]>
Update sdk-mcuboot with the latest code from Zephyr fork of MCUboot. Signed-off-by: Dominik Ermel <[email protected]>
The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit f5559b7) (cherry picked from commit 36c37c0) (cherry picked from commit 0e3ab1b) (cherry picked from commit 8ba5c7f) Signed-off-by: Dominik Ermel <[email protected]>
Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. - We lock mcuboot using fprotect before jumping, to enable the secure boot property of the system. - Call fw_info_ext_api_provide() before booting if EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Øyvind Rønningstad <[email protected]> Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Andrzej Głąbek <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Pawel Dunaj <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Vidar Berg <[email protected]> Signed-off-by: Draus, Sebastian <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Joakim Andersson <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]> (cherry picked from commit ed5f069) (cherry picked from commit d2cac70) (cherry picked from commit 1630628) (cherry picked from commit 349361e) (cherry picked from commit 16fd63c) Signed-off-by: Dominik Ermel <[email protected]>
- Add network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. - Add support for multi image DFU using partition manager. - Add check for netcore addr if NSIB is enabled so netcore updates works - boot: zephyr: move thingy53_nrf5340_cpuapp.conf downstream Moved the board configuration for Thingy:53 Application Core to the nRF Connect SDK MCUboot downstream repository. The configuration file contains references to the Kconfig modules that are only available in the nRF Connect SDK. The current configuration is set up to work in the nRF Connect SDK environment and cannot be used upstream. - pm: enable ram flash partition using common flag This patch makes mcuboot_primary_1 ram-flash partition selectable using CONFIG_NRF53_MCUBOOT_PRIMARY_1_RAM_FLASH property. This is needed since CONFIG_NRF53_MULTI_IMAGE_UPDATE become not only configuration which requires that partition. - MCUBoot configures USB CDC by its own. There is no need for BOARD_SERIAL_BACKEND_CDC_ACM option to configure anything which is later overwritten anyway. Jira: NCSDK-18596 Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Kamil Piszczek <[email protected]> Signed-off-by: Ole Sæther <[email protected]> Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Simon Iversen <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Mateusz Kapala <[email protected]> (cherry picked from commit b96bed8) (cherry picked from commit 4302a91) (cherry picked from commit e52481a) (cherry picked from commit 8642c39) (cherry picked from commit 0030544) Signed-off-by: Dominik Ermel <[email protected]>
Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. This should be re-worked when the zephyr driver model allows us to deinitialize devices cleanly before jumping to the chain-loaded image. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Øyvind Rønningstad <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 0a4da3a) (cherry picked from commit e56136a) (cherry picked from commit 05405d4) (cherry picked from commit 0eacb35) (cherry picked from commit 1f14ccb) Signed-off-by: Dominik Ermel <[email protected]>
To ensure that MCUBoot does not leak keys or other material through memory to non-secure side we clear the memory before jumping to the next image. Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ff95e7b) (cherry picked from commit d584ea0) (cherry picked from commit 2394b5b) (cherry picked from commit 3266b99) (cherry picked from commit a47c9c4) Signed-off-by: Dominik Ermel <[email protected]>
When mcuboot_secondary is on external flash, the image header cannot dircetly be accessed via secondary_fa->fa_off. Instead the provided function boot_img_hdr() is used now. Additionally a similar issue is present when trying to read the address of the reset handler. For this flash_area_read() is used now. With this patch is possible to have the update partiton mcuboot_secondary on external flash and update a updatable bootloader (mcuboot) in s0 and/or s1. Signed-off-by: Christian Taedcke <[email protected]> Signed-off-by: Ole Sæther <[email protected]> Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit d6c6170) (cherry picked from commit 4d30b55) (cherry picked from commit 7af56df) (cherry picked from commit a49b83e) (cherry picked from commit 48ad055) Signed-off-by: Dominik Ermel <[email protected]>
The file nrf_cleanup.c has "#if defined(USE_PARTITION_MANAGER)" Which is true even if USE_PARTITION_MANAGER=n. This must be changed to "#if USE_PARTITION_MANAGER" for correct behaviour. Ref: NCSIDB-987 Signed-off-by: Ole Sæther <[email protected]> (cherry picked from commit 823fd36) (cherry picked from commit 09bad48) Signed-off-by: Dominik Ermel <[email protected]>
Fixes path variables to use the proper Zephyr module variables Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit fecfb1e) (cherry picked from commit 5777337) Signed-off-by: Dominik Ermel <[email protected]>
Fixes a missing PCD define check, an image might have the network core partition layout set but if PCD support is not enabled then it should not assume that PCD support is part of mcuboot. Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 71ec266) (cherry picked from commit 815fa3a) Signed-off-by: Dominik Ermel <[email protected]>
This adds an ifdef check so that RAM is only protected if PCD is enabled, whereas previously this would cause a build failure. Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 4ec411c) (cherry picked from commit 52997e1) Signed-off-by: Dominik Ermel <[email protected]>
This adds support for using both NSIB and the multi-image configuration in MCUboot. Before this was not possible due to upgradable bootloader support through NSIB was using the `UPDATEABLE_IMAGE_NUMBER` configuration to update the updateable bootloader. In this commit we change from using `FLASH_AREA_IMAGE_PRIMARY` to get the flash area ID to using the bootloader state where we set the flash area ID of the free updatable bootloader slot if the image is intended for this slot. Ref. NCSDK-19223 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit 8fe7070) Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 037f4da) (cherry picked from commit b518e13) Signed-off-by: Dominik Ermel <[email protected]>
Making sysflash.h and pm_sysflash.h more readable. (cherry picked from commit eafdae9) Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 99001d0) (cherry picked from commit 0383b7c) Signed-off-by: Dominik Ermel <[email protected]>
Commit 8fe7070 broke bootloader updates for nRF91 and non-multi image builds. This commit is fixing this by restoring the previous functionality and `ifdef` out the new logic needed for multi-image. Ref. NCSDK-23305 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit 7429a98) Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 8c5b560) (cherry picked from commit 745cf4e) Signed-off-by: Dominik Ermel <[email protected]>
The commit modifies pm_sysflash.h to add support for three application images. (cherry picked from commit 8fba4db) Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit a7f6ccb) (cherry picked from commit 5822244) Signed-off-by: Dominik Ermel <[email protected]>
The XIP image, 2, does not have reset vector. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 568d62c) Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit c6349b9) (cherry picked from commit 4fe70b6) Signed-off-by: Dominik Ermel <[email protected]>
Puts the flash simulation configurtion into cache variables that can be used by other applications and CMake code to know specifics on the simulated flash details Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit c28768e) (cherry picked from commit 9cd1de1) Signed-off-by: Dominik Ermel <[email protected]>
A mismatch in defines was made for `_image_1_primary_slot_id` resulting in some configurations not working. This fixes that the linker variable is exposed for mcuboot so that it knows which slot is running an which slot a bootloader upgrade is to be put into. Ref. NCSDK-19223 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit 1f38eb8) (cherry picked from commit 862bca5) Signed-off-by: Dominik Ermel <[email protected]>
This removes the `return;` to ensure that the application is booted even if EXT_ABI is not provided to the application because it does not include `FW_INFO`. Added a bit more description to the error messages when FW_INFO is not found and EXT_ABI is not able to be provided to the next image. Ref. NCSDK-24132 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit b80046d) (cherry picked from commit 01f17eb) Signed-off-by: Dominik Ermel <[email protected]>
For nRF53, the only existing version number metadata is stored in the `firmware_info` structure in the network core. This utilizes PCD to read out the version number and compares it against the version number found in the secondary slot for the network core. Ref. NCSDK-21379 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit 1b6571d) (cherry picked from commit 4d9859a) Signed-off-by: Dominik Ermel <[email protected]>
After the upmerge using external crypto from NSIB in MCUBoot resulted in build failures. This commit fixes the build failures but also fixes a change in the API call which resulted in `-102` error when calling the verify function. Ref. NCSDK-23994 Signed-off-by: Sigvart Hovland <[email protected]> (cherry picked from commit dc0b692) (cherry picked from commit 2891664) Signed-off-by: Dominik Ermel <[email protected]>
Change disables GPIO interrupt support in Zephyr GPIO driver, which is not obligatory for MCUboot. This is needed to reduce memory footprint. Signed-off-by: Nikodem Kastelik <[email protected]> (cherry picked from commit adab597) Signed-off-by: Dominik Ermel <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.