boot: boot_serial: Fix issue with encrypted second slot images

Fixes issues whereby encrypted images were not properly listed due to not treating them as encrypted, also removes a piece of wrong hack code that would never run as the primary slot cannot be encrypted. Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
mcu-tools · Aug 9, 2023 · c9fa608 · c9fa608
1 parent 25d2f2c
commit c9fa608
Show file tree

Hide file tree

Showing 12 changed files with 436 additions and 405 deletions.
diff --git a/boot/boot_serial/include/boot_serial/boot_serial_encryption.h b/boot/boot_serial/include/boot_serial/boot_serial_encryption.h
@@ -0,0 +1,32 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2023 Nordic Semiconductor ASA
+ */
+
+#ifndef H_BOOT_SERIAL_ENCRYPTION_
+#define H_BOOT_SERIAL_ENCRYPTION_
+#include "bootutil/fault_injection_hardening.h"
+
+/**
+ * Validate hash of a primary boot image doing on the fly decryption as well
+ *
+ * @param[in]   fa_p      flash area pointer
+ * @param[in]   hdr       boot image header pointer
+ * @param[in]   buf       buffer which is used for validating data
+ * @param[in]   buf_size  size of input buffer
+ *
+ * @return                FIH_SUCCESS on success, error code otherwise
+ */
+fih_ret
+boot_image_validate_encrypted(const struct flash_area *fa_p,
+                              struct image_header *hdr, uint8_t *buf,
+                              uint16_t buf_size);
+
+/**
+ * Handle an encrypted firmware in the main flash.
+ * This will decrypt the image inplace
+ */
+int boot_handle_enc_fw(const struct flash_area *flash_area);
+
+#endif
diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c
@@ -73,7 +73,7 @@
 #endif
 
 #ifdef MCUBOOT_ENC_IMAGES
-#include "single_loader.h"
+#include "boot_serial/boot_serial_encryption.h"
 #endif
 
 #include "bootutil/boot_hooks.h"
@@ -293,18 +293,16 @@ bs_list(char *buf, int len)
                 if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR))
                 {
 #ifdef MCUBOOT_ENC_IMAGES
-                    if (slot == 0 && IS_ENCRYPTED(&hdr)) {
-                        /* Clear the encrypted flag we didn't supply a key
-                        * This flag could be set if there was a decryption in place
-                        * performed before. We will try to validate the image without
-                        * decryption by clearing the flag in the heder. If
-                        * still encrypted the validation will fail.
-                        */
-                        hdr.ih_flags &= ~(ENCRYPTIONFLAGS);
+                    if (IS_ENCRYPTED(&hdr)) {
+                        FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
+                                 &hdr, tmpbuf, sizeof(tmpbuf));
+                    } else {
+#endif
+                        FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr,
+                                 fap, tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
+#ifdef MCUBOOT_ENC_IMAGES
                     }
 #endif
-                    FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr, fap, tmpbuf, sizeof(tmpbuf),
-                                    NULL, 0, NULL);
                 }
             }
 
@@ -483,8 +481,17 @@ bs_set(char *buf, int len)
                                    fih_rc, image_index, 1);
                 if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR))
                 {
-                    FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr, fap,
-                             tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
+#ifdef MCUBOOT_ENC_IMAGES
+                    if (IS_ENCRYPTED(&hdr)) {
+                        FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
+                                 &hdr, tmpbuf, sizeof(tmpbuf));
+                    } else {
+#endif
+                        FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr,
+                                 fap, tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
+#ifdef MCUBOOT_ENC_IMAGES
+                    }
+#endif
                 }
 
                 if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
@@ -862,14 +869,23 @@ bs_upload(char *buf, int len)
     zcbor_map_end_encode(cbor_state, 10);
 
     boot_serial_output();
-    flash_area_close(fap);
 
 #ifdef MCUBOOT_ENC_IMAGES
-    if (curr_off == img_size) {
-        /* Last sector received, now start a decryption on the image if it is encrypted*/
-        rc = boot_handle_enc_fw();
+    /* Check if this upload was for the primary slot */
+#if !defined(MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD)
+    if (flash_area_id_from_multi_image_slot(img_num, 0) == FLASH_AREA_IMAGE_PRIMARY(0))
+#else
+    if (flash_area_id_from_direct_image(img_num) == FLASH_AREA_IMAGE_PRIMARY(0))
+#endif
+    {
+        if (curr_off == img_size) {
+            /* Last sector received, now start a decryption on the image if it is encrypted */
+            rc = boot_handle_enc_fw(fap);
+        }
     }
-#endif //#ifdef MCUBOOT_ENC_IMAGES
+#endif
+
+    flash_area_close(fap);
 }
 
 #ifdef MCUBOOT_BOOT_MGMT_ECHO