fix: boot_set_confirmed_multi() ignores set/confirm command if "unset" #234
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…LER_LABEL As upstream zephyr is phasing out DT_FLASH defines for non-partition usage replace DT_FLASH_DEV_NAME with DT_CHOSEN_ZEPHYR_FLASH_CONTROLLER_LABEL. Signed-off-by: Kumar Gala <[email protected]>
As the DT define DT_JEDEC_SPI_NOR_0_LABEL is intended to be deprecated move to the new macro style to determine for DT_JEDEC_SPI_NOR_0_LABEL Signed-off-by: Kumar Gala <[email protected]>
This reverts commit 8cd5dc5. Signed-off-by: Andrzej Puzdrowski <[email protected]>
…cros"" This reverts commit 39d1aef. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronize up to mcu-tools/mcuboot@82c5f7 which is same as v1.6.0-rc2 tag. Signed-off-by: Andrzej Puzdrowski <[email protected]>
As we replace the legacy DT_FLASH_ support use the new FLASH_AREA_ macros. Signed-off-by: Kumar Gala <[email protected]>
Use the new FLASH_AREA_ macros. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Fixup how we fake out devicetree.h, which is now really the flash map API for what mcuboot is using. Signed-off-by: Kumar Gala <[email protected]>
Signed-off-by: Kumar Gala <[email protected]>
Update CONFIG_FLOAT to CONFIG_FPU which has been renamed in zephyr. Signed-off-by: Joakim Andersson <[email protected]>
Using find_package to locate Zephyr.
Old behavior was to use $ENV{ZEPHYR_BASE} for inclusion of boiler plate
code.
Whenever an automatic run of CMake happend by the build system / IDE
then it was required that ZEPHYR_BASE was defined.
Using ZEPHYR_BASE only to locate the Zephyr package allows CMake to
cache the base variable and thus allowing subsequent invocation even
if ZEPHYR_BASE is not set in the environment.
It also removes the risk of strange build results if a user switchs
between different Zephyr based project folders and forgetting to reset
ZEPHYR_BASE before running ninja / make.
Signed-off-by: Torsten Rasmussen <[email protected]>
Convert to use C99 types as we intend to deprecate the zephyr specific integer types. Signed-off-by: Kumar Gala <[email protected]>
This reverts commit b7254d1. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronize up to: mcu-tools/mcuboot@9b48d08 Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronize up to: mcu-tools/mcuboot@33fbef5 Signed-off-by: Andrzej Puzdrowski <[email protected]>
Align the code to the new UART callback signature, see: zephyrproject-rtos/zephyr#26426 Signed-off-by: Carles Cufi <[email protected]>
Synchronize up to: mcu-tools/mcuboot@1cb076c Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronize up to: mcu-tools/mcuboot@5a6e181 Signed-off-by: Andrzej Puzdrowski <[email protected]>
Change whitelist->allow to be compatible with sanitycheck in zephyr. Signed-off-by: Anas Nashif <[email protected]>
Fix author email after move to new mailing list. Signed-off-by: Fabio Utzig <[email protected]>
Follows up the change added to Zephyr with: zephyrproject-rtos/zephyr#24873 Signed-off-by: Fabio Utzig <[email protected]>
Change fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. Signed-off-by: Marek Pieta <[email protected]> Signed-off-by: Andrzej Puzdrowski <[email protected]>
Missing const on pointers to device structures caused compilation warnings when compiling bootloader with serial recovery enabled. Signed-off-by: Dominik Ermel <[email protected]>
Synchronized up to: https://github.com/JuulLabs-OSS/mcuboot/commit/@296949e Improvements: - hardening against hardware level fault injection and timing attacks - Abstract crypto primitives to simplify porting. - boot: Add ram-load upgrade mode - renamed single-image mode to single-slot mode - kconfig: provide logic for setting key file, simplify prj.conf - imgtool: Print image digest during verify - imgtool: Add possibility to set confirm flag for hex files as well - imgtool: --confirm implies --pad - Added single-slot Zephyr-RTOS test build fixes: - bootutil: fix boostrapping in swap-move - bootutil: fix swap-move brick with padded image_0 - Disable HW stack protection (temporary hack) - reset SPLIM registers before boot - fixes build issue that occurs if CONF_FILE contains multiple file paths instead of single file path. - imgtool: Fix 'custom_tlvs' argument handling - Turn off cache for Cortex M7 before chain-loading.- hardening against hardware level fault injection and timing attacks Conflicts: - took upsteram boot/zephyr/sample.yaml Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronized up to: mcu-tools/mcuboot@c625da4 - Removed the `flash_area_read_is_empty()` port implementation function - Added watchdog feed on nRF dvices. See CONFIG BOOT_WATCHDOG_FEED option. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronized up to: mcu-tools/mcuboot@c74c551 - corected bugfix #830 of upgrade issue in swap-move - changed default for CONFIG_MCUBOOT_CLEANUP_ARM_CODE to n, added MPU register clean-up to this option - bootutil: ecdsa: Fixed CC310 for nRF devices - zephyr: made flash_area_erased_val() weak - serial recovery: allow unaligned last image data chunk Signed-off-by: Andrzej Puzdrowski <[email protected]>
merged by GitHub GUI nrfconnect#38 Signed-off-by: Andrzej Puzdrowski <[email protected]>
Synchronized up to: mcu-tools/mcuboot@d2122bc - Added 'revert' support to direct-xip mode. Signed-off-by: Andrzej Puzdrowski <[email protected]>
merged by GitHub GUI nrfconnect#39 Signed-off-by: Andrzej Puzdrowski <[email protected]>
Merge in upstream MCUboot revision e512181 - allow xip-revert only for xip-mode - boot: Fix LOAD_IMAGE_DATA macro - bootutil: crypto: avoid unuseful memset - ext: tinycrypt: update ctr mode to stream - zephyr: use minimal CBPRINTF implementation - zephyr/Kconfig: Added default pin for serial recovery mode for nRF5340DK - boot: zephyr: Default to LOG_MINIMAL - imgtool: Add support for setting fixed ROM address into image header - boot: zephyr: cleanup NXP MPU configuration before boot - fix nokogiri<=1.11.0.rc4 vulnerability The remaining commits are related to MCUboot CI and tests.
* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 2576bf3)
…d configuration Removed the board configuration for Thingy:53 Application Core as it contains references to the Kconfig modules that are not available in the upstream Zephyr. The current configuration is set up to work in the nRF Connect SDK environment and should be moved there. Signed-off-by: Kamil Piszczek <[email protected]> (cherry picked from commit b9e47b7)
- Add network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. - Add support for multi image DFU using partition manager. - Add check for netcore addr if NSIB is enabled so netcore updates works - boot: zephyr: move thingy53_nrf5340_cpuapp.conf downstream Moved the board configuration for Thingy:53 Application Core to the nRF Connect SDK MCUboot downstream repository. The configuration file contains references to the Kconfig modules that are only available in the nRF Connect SDK. The current configuration is set up to work in the nRF Connect SDK environment and cannot be used upstream. - pm: enable ram flash partition using common flag This patch makes mcuboot_primary_1 ram-flash partition selectable using CONFIG_NRF53_MCUBOOT_PRIMARY_1_RAM_FLASH property. This is needed since CONFIG_NRF53_MULTI_IMAGE_UPDATE become not only configuration which requires that partition. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Kamil Piszczek <[email protected]> Signed-off-by: Ole Sæther <[email protected]> Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Simon Iversen <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> (cherry picked from commit 7c3d7ed) (cherry picked from commit 3895554) (cherry picked from commit 2da20eb) (cherry picked from commit 1d535d0)
Add prj_minimal.conf, a Kconfig fragment to be used for minimally sized image production. The minimal fragment has been simplified for only external crypto. Move partition sizing into Kconfig to be consistent with the method used by b0. Using this fragment with prj_minimal.conf makes MCUboot < 16kB for all nRF devices (9160 still needs 32kB partition). Ref: NCSDK-6704 Signed-off-by: Stephen Stauts <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 6186a43)
Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. The bootloader that is factory-programmed on thing91 does not support ECDSA signature type. Hence this commit also sets the signature type to RSA for applications built for Thingy:91. Signed-off-by: Bernt Johan Damslora <[email protected]> Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Jon Helge Nistad <[email protected]> Signed-off-by: Balaji Srinivasan <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 145fa69)
Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. This should be re-worked when the zephyr driver model allows us to deinitialize devices cleanly before jumping to the chain-loaded image. Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Robert Lubos <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Øyvind Rønningstad <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 4869eb3)
Seems multi-image dependencies are not supported for multi-image in NCS yet. This is a workaround which reverts some lines to restore previous MCUboot behavior, so that Immutable bootloader + MCUBoot type builds will work. Ref. NCSDK-8681 Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 72ce504)
-This sets the provide EXT_API to be at least optional when the external_crypto is being used. Ref: NCSDK-12021 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit ec8b60d)
This commit removes the `CONFIG_DEBUG=y` setting from Zephyr prj.conf to save on flash size. Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Sebastian Bøe <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 2dc0e40)
-This enables the MBEDTLS_PLATFORM_ZEROIZE_ALT definition on Mbed TLS build of the MCUBOOT when the platform library is enabled. If not defined the Mbed TLS will compile the zeroize function and it will cause multiple definition errors. This is a noup because the configuration does not exist outside the sdk-nrf. Ref: NCSDK-13503 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 6dfa1a1)
The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit f8d7b0b)
Change removes the legacy configuration. The legacy configuration became problematic, because GPIO DTS nodes no longer support labels that were used to identify nodes in MCUboot. Therefore we need to use GPIO DTS node name with the legacy approach. The GPIO should be configured by board's DTS, which is simpler. Jira: NCSDK-16550 Signed-off-by: Marek Pieta <[email protected]> (cherry picked from commit bf00840)
Add `zephyr/` prefix to `<devicetree.h>`. Signed-off-by: Andrzej Głąbek <[email protected]> (cherry picked from commit 14e45ce)
Fixes a bug when writing to devices which have memory alignment requirements with data being using directly from a zcbor-response whereby the alignment of the buffer data does not meet the requirements of the flash driver. Upstream PR: mcu-tools/mcuboot#1533 Signed-off-by: Jamie McCrae <[email protected]>
There are 3 levels of buffers and only the first one seems to be configurable, this fixes that issue. Upstream PR: mcu-tools/mcuboot#1536 Signed-off-by: Jamie McCrae <[email protected]>
Fixes an issue whereby rc is a signed variable but is returned as an unsigned variable in the zcbor functions. Upstream PR: mcu-tools/mcuboot#1538 Signed-off-by: Jamie McCrae <[email protected]>
fixup! [nrf noup] treewide: add NCS partition manager support The comment correctly states that we should skip the check for image 1, but the code skips validation for all images except image 0. Today it is only supported for two images, 0 and 1, but in the future it is expected that there might be an image 2, so we refactor this code to make it future-proof. Also, the comment was confusing and misleading so it has been re-written. Signed-off-by: Sebastian Bøe <[email protected]>
fixup! [nrf noup] treewide: add NCS partition manager support It is more precise to note that it's NSIB that does the validation. Also, this makes the comment more applicable to the fact that we won't be updating the HW counters for this image. Signed-off-by: Sebastian Bøe <[email protected]>
Don't update security counters for the MCUBoot image as it is NSIB that maintains a counter for this image. Ref: NCSDK-9045 Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Sebastian Bøe <[email protected]>
NCS has switch to the new license ID some time ago from LicenseRef-BSD-5-Clause-Nordic to new (more accurate) LicenseRef-Nordic-5-Clause. All source files must be adjusted to the new name. Ref: NCSIDB-717 Signed-off-by: Dominik Kilian <[email protected]>
... extensions Moved group definitions to extension source code. Upstream PR: mcu-tools/mcuboot#1551 Signed-off-by: Dominik Ermel <[email protected]>
fixup! [nrf noup] treewide: add NCS partition manager support Update comment to not mention the removed SPM secure firmware solution. Signed-off-by: Joakim Andersson <[email protected]>
allow boot_set_confirmed_multi() to set mcuboot magic if "unset"
mbolivar-nordic
force-pushed
the
main
branch
from
d97046e
to
e9086ca
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
allow boot_set_confirmed_multi() to set mcuboot magic if "unset"
background info:
The use-case is I want to set the confirm flag in the local firmware after certain conditions have been met.
On every boot up I check the boot_is_img_confirmed() and if false, firmware does certain checks and then sets the flag using boot_write_img_confirmed().
However it seems like the flag is not being set . I dug deeper and found:
boot_is_img_confirmed() only returns true if flag value is set to BOOT_FLAG_SET
boot_write_img_confirmed() however skips setting the flag if it is currently set to "UNSET"
This PR is to change the behavior of boot_write_img_confirmed() to set the flag in the case that it is unset.
I may be missing something in the API/usage, but this was my only way to initiate the conversation as creating issues are closed/restricted.