Upmerge review PR #2
Draft
Commits on Oct 4, 2024
-
[nrf noup] github: Add a commit tags check workflow
Use the generic commit-tags action to provide sauce tag checks. Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no> (cherry picked from commit 786e351)
-
[nrf noup] zephyr: Remove duplication from cmake
Removes the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 5c94965)
-
[nrf noup] zephyr: add 'minimal' configuration files
Add prj_minimal.conf, a Kconfig fragment to be used for minimally sized image production. The minimal fragment has been simplified for only external crypto. Move partition sizing into Kconfig to be consistent with the method used by b0. Using this fragment with prj_minimal.conf makes MCUboot < 16kB for all nRF devices (9160 still needs 32kB partition). Ref: NCSDK-6704 Signed-off-by: Stephen Stauts <stephen.stauts@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 64740f7)
-
[nrf noup] boards: add support for Thingy:91
Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. The bootloader that is factory-programmed on thing91 does not support ECDSA signature type. Hence this commit also sets the signature type to RSA for applications built for Thingy:91. Signed-off-by: Bernt Johan Damslora <bernt.johan.damslora@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Jon Helge Nistad <jon.helge.nistad@nordicsemi.no> Signed-off-by: Balaji Srinivasan <balaji.srinivasan@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit de32681)
-
[nrf noup] zephyr: Restore default RTC user channel count
The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit a01d30a)
-
[nrf noup] boards: thingy91x: add board config
This patch adds board configuration for the Thingy:91 X. Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no> (cherry picked from commit 3c2f2ff)
-
[nrf noup] treewide: add NCS partition manager support
Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. - We lock mcuboot using fprotect before jumping, to enable the secure boot property of the system. - Call fw_info_ext_api_provide() before booting if EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Vidar Berg <vidar.berg@nordicsemi.no> Signed-off-by: Draus, Sebastian <sebastian.draus@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 518617a)
-
[nrf noup] boot: nrf53-specific customizations
- Add network core bootloader implementation Enables network core updates of nrf53 using MCUBoot by identifying images through their start addresses. Also implements the control and transfer using the PCD module. - Add support for multi image DFU using partition manager. - Add check for netcore addr if NSIB is enabled so netcore updates works - boot: zephyr: move thingy53_nrf5340_cpuapp.conf downstream Moved the board configuration for Thingy:53 Application Core to the nRF Connect SDK MCUboot downstream repository. The configuration file contains references to the Kconfig modules that are only available in the nRF Connect SDK. The current configuration is set up to work in the nRF Connect SDK environment and cannot be used upstream. - pm: enable ram flash partition using common flag This patch makes mcuboot_primary_1 ram-flash partition selectable using CONFIG_NRF53_MCUBOOT_PRIMARY_1_RAM_FLASH property. This is needed since CONFIG_NRF53_MULTI_IMAGE_UPDATE become not only configuration which requires that partition. - MCUBoot configures USB CDC by its own. There is no need for BOARD_SERIAL_BACKEND_CDC_ACM option to configure anything which is later overwritten anyway. Jira: NCSDK-18596 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no> Signed-off-by: Ole Sæther <ole.saether@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Simon Iversen <simon.iversen@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Mateusz Kapala <mateusz.kapala@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 42e43d0)
-
[nrf noup] zephyr: clean peripherals state before boot
Do some cleanup of nRF peripherals. This is necessary since Zephyr doesn't have any driver deinitialization functionality, and we'd like to leave peripherals in a more predictable state before booting the Zephyr image. This should be re-worked when the zephyr driver model allows us to deinitialize devices cleanly before jumping to the chain-loaded image. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 3b2a5ba)
-
[nrf noup] zephyr: Clean up non-secure RAM if enabled
To ensure that MCUBoot does not leak keys or other material through memory to non-secure side we clear the memory before jumping to the next image. Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> Signed-off-by: Ole Sæther <ole.saether@nordicsemi.no> (cherry picked from commit 047d463)
-
[nrf noup] loader: Fix reading reset addr to support ext flash
When mcuboot_secondary is on external flash, the image header cannot dircetly be accessed via secondary_fa->fa_off. Instead the provided function boot_img_hdr() is used now. Additionally a similar issue is present when trying to read the address of the reset handler. For this flash_area_read() is used now. With this patch is possible to have the update partiton mcuboot_secondary on external flash and update a updatable bootloader (mcuboot) in s0 and/or s1. Signed-off-by: Christian Taedcke <christian.taedcke@lemonbeat.com> Signed-off-by: Ole Sæther <ole.saether@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 2dac63a)
-
[nrf noup] zephyr: Fix path variables
Fixes path variables to use the proper Zephyr module variables Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit c28fa1d)
-
[nrf noup] loader: Do not check reset vector for XIP image
The XIP image, 2, does not have reset vector. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit d798de3)
-
[nrf noup] zephyr: Add RAM flash configuration to cache for sysbuild
Puts the flash simulation configurtion into cache variables that can be used by other applications and CMake code to know specifics on the simulated flash details Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit af27205)
-
[nrf noup] zephyr: Boot even if EXT_ABI is not provided
This removes the `return;` to ensure that the application is booted even if EXT_ABI is not provided to the application because it does not include `FW_INFO`. Added a bit more description to the error messages when FW_INFO is not found and EXT_ABI is not able to be provided to the next image. Ref. NCSDK-24132 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 41cc274)
-
[nrf noup] loader: Add firmware version check downgrade prevention
For nRF53, the only existing version number metadata is stored in the `firmware_info` structure in the network core. This utilizes PCD to read out the version number and compares it against the version number found in the secondary slot for the network core. Ref. NCSDK-21379 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 8e91ec1)
-
[nrf noup] boards: thingy53: disable GPIO ISR support
Change disables GPIO interrupt support in Zephyr GPIO driver, which is not obligatory for MCUboot. This is needed to reduce memory footprint. Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no> (cherry picked from commit 86af2de)
-
[nrf noup] boot/zephyr/boards: nRF54l15pdk ext flash cfg
Added configuration which allows to build MCUboot for nrf54l15pdk_nrf54l15_cpuapp with external flash used for the secondary slot. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 78bc87c)
-
[nrf noup] loader: work-around for multi-image builds
Seems multi-image dependencies are not supported for multi-image in NCS yet. This is a workaround which reverts some lines to restore previous MCUboot behavior, so that Immutable bootloader + MCUBoot type builds will work. Ref. NCSDK-8681 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 4ce3844)
-
[nrf noup] loader: Fix missing PCD define check
Fixes a missing PCD define check, an image might have the network core partition layout set but if PCD support is not enabled then it should not assume that PCD support is part of mcuboot. Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 150a1d4)
-
[nrf noup] boot: Add support for NSIB and multi-image
This adds support for using both NSIB and the multi-image configuration in MCUboot. Before this was not possible due to upgradable bootloader support through NSIB was using the `UPDATEABLE_IMAGE_NUMBER` configuration to update the updateable bootloader. In this commit we change from using `FLASH_AREA_IMAGE_PRIMARY` to get the flash area ID to using the bootloader state where we set the flash area ID of the free updatable bootloader slot if the image is intended for this slot. Ref. NCSDK-19223 Ref. NCSDK-23305 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 3ec5084)
-
[nrf noup] sysflash: Move partition manager definitions to pm_sysflash.h
Making sysflash.h and pm_sysflash.h more readable. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 51b7a3f)
-
[nrf noup] sysflash: Add support for three images
The commit modifies pm_sysflash.h to add support for three application images. Ref. NCSDK-19223 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 9c67351)
-
[nrf noup] loader: introduced cleanup of unusable secondary slot
Added procedure which clean-up content of all the secondary slot which contains valid header but couldn't be assigned to any of supported primary images. This behavior is needed when configuration allows to use one secondary slot for collecting image for multiple primary slots. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 8f4b472)
-
[nrf noup] boards: nrf54l15: Disable FPROTECT
FPROTECT is not suppored yet for nrf54l15. Signed-off-by: Grzegorz Chwierut <grzegorz.chwierut@nordicsemi.no> Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com> (cherry picked from commit 0b5810d)
-
[nrf noup] loader: remove cleanup for direct xip mode
Move ifdefs just to not add code for cleanup unusable slot when direct xip mode is enabled to avoid warnings. Signed-off-by: Grzegorz Chwierut <grzegorz.chwierut@nordicsemi.no> (cherry picked from commit 650d11c)
-
[nrf noup] zephyr: Clean up non-secure RAM if enabled
fixup! [nrf noup] zephyr: Clean up non-secure RAM if enabled Add support for nrf54l15 UARTE20 and UARTE30. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 0611b4c)
-
[nrf noup] boot/zephyr/boards: nrf54l15pdk ext-flash partition
Added DTS with partitioning which involves external flash as place for slo1_partition. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit efe6681)
-
[nrf noup] boot/zephyr/boards: nrf54l15pdk ext-flash update
This patch supplements the configuration for external flash so MCUboot can be build with FILE_SUFFIX="ext_flash" for the nrf54l15pdk instead of explicitly configuration specification. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 3131c92)
-
[nrf noup] boards: thingy91x: enable serial recovery
This patch disbales MCUBoot logging and enables serial recovery for the Thingy:91. Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no> Signed-off-by: Bernt Johan Damslora <bernt.damslora@nordicsemi.no> (cherry picked from commit f67a11a)
-
[nrf noup] boot: zephyr: Disable boot banner if NCS_BOOT_BANNER is used
Mcuboot's boot banner should not be used if NCS boot banner is enabled. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> (cherry picked from commit 7b018cb)
-
[nrf noup] boot/zephyr: fix fw_info search
By the upstream patch the vt get now the pointer to the copy of the arm_vector instead of original. This patch fixes address of the firmware which is to be taken by the fw_info_find. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 3be724f)
-
[nrf noup] Revert of zephyr: arm: Update reading the flash image rese…
…t vector This is revert of upstream commit 453096b which was supposed to allow picking interrupt vector table from flash area but the whole modification unfortunately misunderstood difference between flash device ID and flash area ID. The commit is not important for sdk-nrf and requires re-design and fixing upstream. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit f1e1675)
-
[nrf noup] zephyr/boards: fix nrf54l15pdk ext flash dts overlay
Align to changes in DTS: renamed: rram0 -> cpuapp_rram sized up cpauapp_rram region szie as part of it was reserved for cpuflpr_rram (which is not used by this config). Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit f1c2b8c)
-
[nrf noup] boot: zephyr: Add NCS boot banner
Adds a boot banner which shows as MCUboot Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 6869a65)
-
[nrf noup] boot/../loader: skip downgrade prevention for s1/s0
This patch introduces skip on checking downgrade for s1/s0 upgrade image (chain-loaded by NSIB). which is used for upgrade MCUboot instance itself. Reason is that sdk-mcuboot has not access to semantic version of its own image. I also shouldn't touch HW counter used for hardware downgrade prevention for the application image (which was the case). HW counters for s0/s1 image are owned by NSIB because its role is to prevnt dongrades of s0/s1 MCUboot. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 776ee26)
-
[nrf noup] boot/../loader: reboot after updating s0/s1
As this is MCUboot updating itself, it should reboot the device so NSIB will chainload the update MCUboot Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 8541955)
-
[nrf noup] Remove secure boot debug Kconfig
fixup! [nrf noup] zephyr: add 'minimal' configuration files Removes setting a now removed Kconfig option Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
-
[nrf noup] bootutil: loader: Fix netcore address checking
Fixes an issues with wrongly checking the network core reset address Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
-
[nrf noup] boards: nrf54l15dk: Disable FPROTECT
FPROTECT is not suppored for nrf54l15dk. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
-
[nrf noup] zephyr: Add support for compressed image updates
Adds support for LZMA-compressed firmware updates Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
-
[nrf fromtree] boot: SHA512 verification
adds TLV and Kconfig to decouple verification from other options. Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 41df52e)
-
[nrf noup] boot: Add shared crypto for ECDSA and SHA
* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 55683e3) (cherry picked from commit 0faa8b2) (cherry picked from commit a42e9cc) (cherry picked from commit 895c76b) (cherry picked from commit ff53382) (cherry picked from commit cc42516)
-
[nrf fromlist] imgtool: Add support for calculating SHA512
The adds support for hashing image with SHA512, to allow SHA512-ED25519-SHA512 signature. To support above --sha parameter has been added that can take value: auto, 256, 384, 512 to select sha, where auto brings the default behaviour, or current, behaviour. The sha provided here is tested against key so not all combinations are supported. Upstream PR: mcu-tools/mcuboot#2048 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf fromlist] boot: Replace boot_encrypt by boot_enc_encrypt and boo…
…t_enc_decrypt To be able to implement encryption with API that requires different calls for encryption and encryption, the boot_encrypt needs to be replaced with encryption/decryption specific functions. Upstream PR: mcu-tools/mcuboot#2017 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] PSA configuration required changes
Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] PSA implementation of x25519 and ed25519 verification
The commit provides implementation of image verification with ed25519 and encryption/decryption support where random key is encrypted using x25519. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] Exclude PSA source on non-PSA crypto configuration
fixup! [nrf noup] PSA configuration required changes Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] bootutil: Provide support for SHA512 with ED25519
Use SHA512 directly calculated over image with the ED25519 signature. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] bootutil: Enable hash calculation directly on storage
The commit add support for passing storage device address space to hash calculation functions, which allows to use hardware accelerated hash calculation on storage. This feature only works when image encryption is not enabled and all slots are defined within internal storage of device. The feature is enabled using Kconfig option CONFIG_BOOT_IMG_HASH_DIRECTLY_ON_STORAGE Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] bootutil: PureEdDSA using ED25519
The commit adds support for PureEdDSA, which validates signature of image rather than hash. This is most secure, available, ED25519 usage in MCUboot, but due to requirement of PureEdDSA to be able to calculate signature at whole message at once, here image, it only works on setups where entire image can be mapped to device address space, so that PSA functions calculating the signature can see the whole image at once. This option is enabled with Kconfig option: CONFIG_BOOT_SIGNATURE_TYPE_PURE when the ED25519 signature type is already selected. Note that the option will enable SHA512 for calculating public key hash. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] There is only one SHA supported at once
fixup! [nrf noup] PSA implementation of x25519 and ed25519 verification And fixing typos. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] bootutil: Fix typo in identifier
fixup! [nrf noup] bootutil: PureEdDSA using ED25519 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf fromlist] scripts: imgtool: compression
Adds LZMA2 compression to imgtool. Python lzma library is unable to compress with proper parameters while using "ALONE" container, therefore 2 header bytes are calculated and added to payload by imgtool. Upstream PR: mcu-tools/mcuboot#2038 Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no>
-
[nrf noup] boot: zephyr: kconfig: Select PM_USE_CONFIG_SRAM_SIZE when…
… needed fixup! [nrf noup] zephyr: Add support for compressed image updates Selects this Kconfig when compression is enabled for nrf54l15 Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
-
[nrf noup] Add missing selection of MBEDTLS_PSA_CRYPTO_C
fixup! [nrf noup] PSA configuration required changes Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
-
[nrf noup] boot/zephyr/Kconfig: conditionally disable BOOT_MAX_IMG_SE…
…CTORS_AUTO Automatic calculation are based on DTS data which are no the right source on partition layout in case Partition manager does the partitioning. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
-
[nrf fromlist] zephyr/Kconfig.serial_recovery: limit Slot info command
BOOT_SERIAL_IMG_GRP_SLOT_INFO should be not available for direct-xip and ram-load modes. Upstream PR: mcu-tools/mcuboot#2073 Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
-
[nrf fromtree] boot: bootutil: loader: Fix slot info for directXIP/RA…
…M load Fixes an issue when either of these modes is used with serial recovery slot info enabled Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 30109df)
-
[nrf fromtree] boot: bootutil: loader: Fix issue with using pointers
Fixes an issue whereby static buffers were changed into pointers, whereby they are then assumed to be the size of a pointer rather than the size of the actual buffers Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 3a195f2) Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.