kenny/cyber.scope
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source 
Initial commit.
This commit is contained in:
kntran1
2026-03-23 14:40:39 -05:00
parent e84b2b4166
commit 4e2a5258a5
872 changed files with 165227 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
bootloader/mcuboot/boot/bootutil/src/boot_record.c Normal file
View File

@@ -0,0 +1,343 @@
/*
* Copyright (c) 2018-2023 Arm Limited
* Copyright (c) 2020 Linaro Limited
* Copyright (c) 2023, Nordic Semiconductor ASA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include <stdint.h>
#include <limits.h>
#include <stdbool.h>
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
#include "bootutil/crypto/sha.h"
#if defined(MCUBOOT_MEASURED_BOOT) || defined(MCUBOOT_DATA_SHARING)
#include "bootutil/boot_record.h"
#include "bootutil/boot_status.h"
#include "bootutil_priv.h"
#include "bootutil/image.h"
#include "flash_map_backend/flash_map_backend.h"
#if !defined(MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION)
/**
* @var shared_memory_init_done
*
* @brief Indicates whether shared memory area was already initialized.
*
*/
static bool shared_memory_init_done;
/* See in boot_record.h */
int
boot_add_data_to_shared_area(uint8_t major_type,
uint16_t minor_type,
size_t size,
const uint8_t *data)
{
struct shared_data_tlv_entry tlv_entry = {0};
struct shared_boot_data *boot_data;
uint16_t boot_data_size;
uintptr_t tlv_end, offset;
if (data == NULL) {
return SHARED_MEMORY_GEN_ERROR;
}
boot_data = (struct shared_boot_data *)MCUBOOT_SHARED_DATA_BASE;
/* Check whether first time to call this function. If does then initialise
* shared data area.
*/
if (!shared_memory_init_done) {
memset((void *)MCUBOOT_SHARED_DATA_BASE, 0, MCUBOOT_SHARED_DATA_SIZE);
boot_data->header.tlv_magic = SHARED_DATA_TLV_INFO_MAGIC;
boot_data->header.tlv_tot_len = SHARED_DATA_HEADER_SIZE;
shared_memory_init_done = true;
}
/* Check whether TLV entry is already added.
* Get the boundaries of TLV section
*/
tlv_end = MCUBOOT_SHARED_DATA_BASE + boot_data->header.tlv_tot_len;
offset = MCUBOOT_SHARED_DATA_BASE + SHARED_DATA_HEADER_SIZE;
/* Iterates over the TLV section looks for the same entry if found then
* returns with error: SHARED_MEMORY_OVERWRITE
*/
while (offset < tlv_end) {
/* Create local copy to avoid unaligned access */
memcpy(&tlv_entry, (const void *)offset, SHARED_DATA_ENTRY_HEADER_SIZE);
if (GET_MAJOR(tlv_entry.tlv_type) == major_type &&
GET_MINOR(tlv_entry.tlv_type) == minor_type) {
return SHARED_MEMORY_OVERWRITE;
}
offset += SHARED_DATA_ENTRY_SIZE(tlv_entry.tlv_len);
}
/* Add TLV entry */
tlv_entry.tlv_type = SET_TLV_TYPE(major_type, minor_type);
tlv_entry.tlv_len = size;
if (!boot_u16_safe_add(&boot_data_size, boot_data->header.tlv_tot_len,
SHARED_DATA_ENTRY_SIZE(size))) {
return SHARED_MEMORY_GEN_ERROR;
}
/* Verify overflow of shared area */
if (boot_data_size > MCUBOOT_SHARED_DATA_SIZE) {
return SHARED_MEMORY_OVERFLOW;
}
offset = tlv_end;
memcpy((void *)offset, &tlv_entry, SHARED_DATA_ENTRY_HEADER_SIZE);
offset += SHARED_DATA_ENTRY_HEADER_SIZE;
memcpy((void *)offset, data, size);
boot_data->header.tlv_tot_len += SHARED_DATA_ENTRY_SIZE(size);
return SHARED_MEMORY_OK;
}
#endif /* MCUBOOT_MEASURED_BOOT OR MCUBOOT_DATA_SHARING */
#endif /* !MCUBOOT_CUSTOM_DATA_SHARING_FUNCTION */
#ifdef MCUBOOT_MEASURED_BOOT
/* See in boot_record.h */
int
boot_save_boot_status(uint8_t sw_module,
const struct image_header *hdr,
const struct flash_area *fap)
{
struct image_tlv_iter it;
uint32_t offset;
uint16_t len;
uint16_t type;
uint16_t ias_minor;
size_t record_len = 0;
uint8_t image_hash[IMAGE_HASH_SIZE];
uint8_t buf[MAX_BOOT_RECORD_SZ];
bool boot_record_found = false;
bool hash_found = false;
int rc;
/* Manifest data is concatenated to the end of the image.
* It is encoded in TLV format.
*/
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false);
if (rc) {
return -1;
}
/* Traverse through the TLV area to find the boot record
* and image hash TLVs.
*/
while (true) {
rc = bootutil_tlv_iter_next(&it, &offset, &len, &type);
if (rc < 0) {
return -1;
} else if (rc > 0) {
break;
}
if (type == IMAGE_TLV_BOOT_RECORD) {
if (len > sizeof(buf)) {
return -1;
}
rc = flash_area_read(fap, offset, buf, len);
if (rc) {
return -1;
}
record_len = len;
boot_record_found = true;
} else if (type == EXPECTED_HASH_TLV) {
/* Get the image's hash value from the manifest section. */
if (len > sizeof(image_hash)) {
return -1;
}
rc = flash_area_read(fap, offset, image_hash, len);
if (rc) {
return -1;
}
hash_found = true;
/* The boot record TLV is part of the protected TLV area which is
* located before the other parts of the TLV area (including the
* image hash) so at this point it is okay to break the loop
* as the boot record TLV should have already been found.
*/
break;
}
}
if (!boot_record_found || !hash_found) {
return -1;
}
/* Ensure that we have enough in the record for the hash. This
* prevents an underflow in the calculation below.
*/
if (record_len < sizeof(image_hash)) {
return -1;
}
/* Update the measurement value (hash of the image) data item in the
* boot record. It is always the last item in the structure to make
* it easy to calculate its position.
* The image hash is computed over the image header, the image itself and
* the protected TLV area (which should already include the image hash as
* part of the boot record TLV). For this reason this field has been
* filled with zeros during the image signing process.
*/
offset = record_len - sizeof(image_hash);
/* The size of 'buf' has already been checked when
* the BOOT_RECORD TLV was read, it won't overflow.
*/
memcpy(buf + offset, image_hash, sizeof(image_hash));
/* Add the CBOR encoded boot record to the shared data area. */
ias_minor = SET_IAS_MINOR(sw_module, SW_BOOT_RECORD);
rc = boot_add_data_to_shared_area(TLV_MAJOR_IAS,
ias_minor,
record_len,
buf);
if (rc != SHARED_MEMORY_OK) {
return rc;
}
return 0;
}
#endif /* MCUBOOT_MEASURED_BOOT */
#ifdef MCUBOOT_DATA_SHARING_BOOTINFO
int boot_save_shared_data(const struct image_header *hdr, const struct flash_area *fap,
const uint8_t slot, const struct image_max_size *max_app_sizes)
{
int rc;
uint8_t image = 0;
#if defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
uint8_t mode = MCUBOOT_MODE_SINGLE_SLOT;
#elif defined(MCUBOOT_SWAP_USING_SCRATCH)
uint8_t mode = MCUBOOT_MODE_SWAP_USING_SCRATCH;
#elif defined(MCUBOOT_OVERWRITE_ONLY)
uint8_t mode = MCUBOOT_MODE_UPGRADE_ONLY;
#elif defined(MCUBOOT_SWAP_USING_MOVE)
uint8_t mode = MCUBOOT_MODE_SWAP_USING_MOVE;
#elif defined(MCUBOOT_DIRECT_XIP)
#if defined(MCUBOOT_DIRECT_XIP_REVERT)
uint8_t mode = MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT;
#else
uint8_t mode = MCUBOOT_MODE_DIRECT_XIP;
#endif
#elif defined(MCUBOOT_RAM_LOAD)
uint8_t mode = MCUBOOT_MODE_RAM_LOAD;
#elif defined(MCUBOOT_FIRMWARE_LOADER)
uint8_t mode = MCUBOOT_MODE_FIRMWARE_LOADER;
#else
#error "Unknown mcuboot operating mode"
#endif
#if defined(MCUBOOT_SIGN_RSA)
uint8_t signature_type = MCUBOOT_SIGNATURE_TYPE_RSA;
#elif defined(MCUBOOT_SIGN_EC256)
uint8_t signature_type = MCUBOOT_SIGNATURE_TYPE_ECDSA_P256;
#elif defined(MCUBOOT_SIGN_ED25519)
uint8_t signature_type = MCUBOOT_SIGNATURE_TYPE_ED25519;
#else
uint8_t signature_type = MCUBOOT_SIGNATURE_TYPE_NONE;
#endif
#if defined(MCUBOOT_SERIAL_RECOVERY)
uint8_t recovery = MCUBOOT_RECOVERY_MODE_SERIAL_RECOVERY;
#elif defined(MCUBOOT_USB_DFU)
uint8_t recovery = MCUBOOT_RECOVERY_MODE_DFU;
#else
uint8_t recovery = MCUBOOT_RECOVERY_MODE_NONE;
#endif
#if defined(MCUBOOT_VERSION_AVAILABLE)
struct image_version mcuboot_version = {
.iv_major = MCUBOOT_VERSION_MAJOR,
.iv_minor = MCUBOOT_VERSION_MINOR,
#if defined(MCUBOOT_VERSION_PATCHLEVEL)
.iv_revision = MCUBOOT_VERSION_PATCHLEVEL,
#else
.iv_revision = 0,
#endif
#if defined(MCUBOOT_VERSION_TWEAK)
.iv_build_num = MCUBOOT_VERSION_TWEAK,
#else
.iv_build_num = 0,
#endif
};
#endif
/* Write out all fields */
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO, BLINFO_MODE,
sizeof(mode), &mode);
if (!rc) {
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
BLINFO_SIGNATURE_TYPE,
sizeof(signature_type),
&signature_type);
}
if (!rc) {
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
BLINFO_RECOVERY,
sizeof(recovery), &recovery);
}
if (!rc) {
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
BLINFO_RUNNING_SLOT,
sizeof(slot), (void *)&slot);
}
#if defined(MCUBOOT_VERSION_AVAILABLE)
if (!rc) {
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
BLINFO_BOOTLOADER_VERSION,
sizeof(mcuboot_version),
(void *)&mcuboot_version);
}
#endif
while (image < BOOT_IMAGE_NUMBER && !rc) {
if (max_app_sizes[image].calculated == true) {
rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
(BLINFO_MAX_APPLICATION_SIZE + image),
sizeof(max_app_sizes[image].max_size),
(void *)&max_app_sizes[image].max_size);
}
++image;
}
return rc;
}
#endif /* MCUBOOT_DATA_SHARING_BOOTINFO */

357
bootloader/mcuboot/boot/bootutil/src/bootutil_misc.c Normal file
View File

@@ -0,0 +1,357 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2019-2020 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <string.h>
#include <inttypes.h>
#include <stddef.h>
#include "sysflash/sysflash.h"
#include "flash_map_backend/flash_map_backend.h"
#include "bootutil/image.h"
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
#include "bootutil_misc.h"
#include "bootutil/bootutil_log.h"
#include "bootutil/fault_injection_hardening.h"
#ifdef MCUBOOT_ENC_IMAGES
#include "bootutil/enc_key.h"
#endif
BOOT_LOG_MODULE_DECLARE(mcuboot);
/* Currently only used by imgmgr */
int boot_current_slot;
/**
* @brief Determine if the data at two memory addresses is equal
*
* @param s1 The first memory region to compare.
* @param s2 The second memory region to compare.
* @param n The amount of bytes to compare.
*
* @note This function does not comply with the specification of memcmp,
* so should not be considered a drop-in replacement. It has no
* constant time execution. The point is to make sure that all the
* bytes are compared and detect if loop was abused and some cycles
* was skipped due to fault injection.
*
* @return FIH_SUCCESS if memory regions are equal, otherwise FIH_FAILURE
*/
#ifdef MCUBOOT_FIH_PROFILE_OFF
inline
fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n)
{
return memcmp(s1, s2, n);
}
#else
fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n)
{
size_t i;
uint8_t *s1_p = (uint8_t*) s1;
uint8_t *s2_p = (uint8_t*) s2;
FIH_DECLARE(ret, FIH_FAILURE);
for (i = 0; i < n; i++) {
if (s1_p[i] != s2_p[i]) {
goto out;
}
}
if (i == n) {
ret = FIH_SUCCESS;
}
out:
FIH_RET(ret);
}
#endif
/*
* Amount of space used to save information required when doing a swap,
* or while a swap is under progress, but not the status of sector swap
* progress itself.
*/
static inline uint32_t
boot_trailer_info_sz(void)
{
return (
#ifdef MCUBOOT_ENC_IMAGES
/* encryption keys */
# if MCUBOOT_SWAP_SAVE_ENCTLV
BOOT_ENC_TLV_ALIGN_SIZE * 2 +
# else
BOOT_ENC_KEY_ALIGN_SIZE * 2 +
# endif
#endif
/* swap_type + copy_done + image_ok + swap_size */
BOOT_MAX_ALIGN * 4 +
BOOT_MAGIC_ALIGN_SIZE
);
}
/*
* Amount of space used to maintain progress information for a single swap
* operation.
*/
static inline uint32_t
boot_status_entry_sz(uint32_t min_write_sz)
{
return BOOT_STATUS_STATE_COUNT * min_write_sz;
}
uint32_t
boot_status_sz(uint32_t min_write_sz)
{
return BOOT_STATUS_MAX_ENTRIES * boot_status_entry_sz(min_write_sz);
}
uint32_t
boot_trailer_sz(uint32_t min_write_sz)
{
return boot_status_sz(min_write_sz) + boot_trailer_info_sz();
}
#if MCUBOOT_SWAP_USING_SCRATCH
/*
* Similar to `boot_trailer_sz` but this function returns the space used to
* store status in the scratch partition. The scratch partition only stores
* status during the swap of the last sector from primary/secondary (which
* is the first swap operation) and thus only requires space for one swap.
*/
static uint32_t
boot_scratch_trailer_sz(uint32_t min_write_sz)
{
return boot_status_entry_sz(min_write_sz) + boot_trailer_info_sz();
}
#endif
int
boot_status_entries(int image_index, const struct flash_area *fap)
{
#if MCUBOOT_SWAP_USING_SCRATCH
if (flash_area_get_id(fap) == FLASH_AREA_IMAGE_SCRATCH) {
return BOOT_STATUS_STATE_COUNT;
} else
#endif
if (flash_area_get_id(fap) == FLASH_AREA_IMAGE_PRIMARY(image_index) ||
flash_area_get_id(fap) == FLASH_AREA_IMAGE_SECONDARY(image_index)) {
return BOOT_STATUS_STATE_COUNT * BOOT_STATUS_MAX_ENTRIES;
}
return -1;
}
uint32_t
boot_status_off(const struct flash_area *fap)
{
uint32_t off_from_end;
uint32_t elem_sz;
elem_sz = flash_area_align(fap);
#if MCUBOOT_SWAP_USING_SCRATCH
if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
off_from_end = boot_scratch_trailer_sz(elem_sz);
} else {
#endif
off_from_end = boot_trailer_sz(elem_sz);
#if MCUBOOT_SWAP_USING_SCRATCH
}
#endif
assert(off_from_end <= flash_area_get_size(fap));
return flash_area_get_size(fap) - off_from_end;
}
#ifdef MCUBOOT_ENC_IMAGES
static inline uint32_t
boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
{
#if MCUBOOT_SWAP_SAVE_ENCTLV
return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_TLV_ALIGN_SIZE);
#else
return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_ALIGN_SIZE);
#endif
}
#endif
/**
* This functions tries to locate the status area after an aborted swap,
* by looking for the magic in the possible locations.
*
* If the magic is successfully found, a flash_area * is returned and it
* is the responsibility of the called to close it.
*
* @returns 0 on success, -1 on errors
*/
int
boot_find_status(int image_index, const struct flash_area **fap)
{
uint8_t areas[] = {
#if MCUBOOT_SWAP_USING_SCRATCH
FLASH_AREA_IMAGE_SCRATCH,
#endif
FLASH_AREA_IMAGE_PRIMARY(image_index),
};
unsigned int i;
/*
* In the middle a swap, tries to locate the area that is currently
* storing a valid magic, first on the primary slot, then on scratch.
* Both "slots" can end up being temporary storage for a swap and it
* is assumed that if magic is valid then other metadata is too,
* because magic is always written in the last step.
*/
for (i = 0; i < sizeof(areas) / sizeof(areas[0]); i++) {
uint8_t magic[BOOT_MAGIC_SZ];
if (flash_area_open(areas[i], fap)) {
break;
}
if (flash_area_read(*fap, boot_magic_off(*fap), magic, BOOT_MAGIC_SZ)) {
flash_area_close(*fap);
break;
}
if (BOOT_MAGIC_GOOD == boot_magic_decode(magic)) {
return 0;
}
flash_area_close(*fap);
}
/* If we got here, no magic was found */
fap = NULL;
return -1;
}
int
boot_read_swap_size(const struct flash_area *fap, uint32_t *swap_size)
{
uint32_t off;
int rc;
off = boot_swap_size_off(fap);
rc = flash_area_read(fap, off, swap_size, sizeof *swap_size);
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
int
boot_read_enc_key(const struct flash_area *fap, uint8_t slot, struct boot_status *bs)
{
uint32_t off;
#if MCUBOOT_SWAP_SAVE_ENCTLV
uint32_t i;
#endif
int rc;
off = boot_enc_key_off(fap, slot);
#if MCUBOOT_SWAP_SAVE_ENCTLV
rc = flash_area_read(fap, off, bs->enctlv[slot], BOOT_ENC_TLV_ALIGN_SIZE);
if (rc == 0) {
for (i = 0; i < BOOT_ENC_TLV_ALIGN_SIZE; i++) {
if (bs->enctlv[slot][i] != 0xff) {
break;
}
}
/* Only try to decrypt non-erased TLV metadata */
if (i != BOOT_ENC_TLV_ALIGN_SIZE) {
rc = boot_decrypt_key(bs->enctlv[slot], bs->enckey[slot]);
}
}
#else
rc = flash_area_read(fap, off, bs->enckey[slot], BOOT_ENC_KEY_ALIGN_SIZE);
#endif
return rc;
}
#endif
int
boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size)
{
uint32_t off;
off = boot_swap_size_off(fap);
BOOT_LOG_DBG("writing swap_size; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)flash_area_get_off(fap) + off);
return boot_write_trailer(fap, off, (const uint8_t *) &swap_size, 4);
}
#ifdef MCUBOOT_ENC_IMAGES
int
boot_write_enc_key(const struct flash_area *fap, uint8_t slot,
const struct boot_status *bs)
{
uint32_t off;
int rc;
off = boot_enc_key_off(fap, slot);
BOOT_LOG_DBG("writing enc_key; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)flash_area_get_off(fap) + off);
#if MCUBOOT_SWAP_SAVE_ENCTLV
rc = flash_area_write(fap, off, bs->enctlv[slot], BOOT_ENC_TLV_ALIGN_SIZE);
#else
rc = flash_area_write(fap, off, bs->enckey[slot], BOOT_ENC_KEY_ALIGN_SIZE);
#endif
if (rc != 0) {
return BOOT_EFLASH;
}
return 0;
}
#endif
uint32_t bootutil_max_image_size(const struct flash_area *fap)
{
#if defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SINGLE_APPLICATION_SLOT) || \
defined(MCUBOOT_FIRMWARE_LOADER)
return boot_status_off(fap);
#elif defined(MCUBOOT_SWAP_USING_MOVE)
struct flash_sector sector;
/* get the last sector offset */
int rc = flash_area_get_sector(fap, boot_status_off(fap), &sector);
if (rc) {
BOOT_LOG_ERR("Unable to determine flash sector of the image trailer");
return 0; /* Returning of zero here should cause any check which uses
* this value to fail.
*/
}
return flash_sector_get_off(&sector);
#elif defined(MCUBOOT_OVERWRITE_ONLY)
return boot_swap_info_off(fap);
#elif defined(MCUBOOT_DIRECT_XIP)
return boot_swap_info_off(fap);
#elif defined(MCUBOOT_RAM_LOAD)
return boot_swap_info_off(fap);
#endif
}

52
bootloader/mcuboot/boot/bootutil/src/bootutil_misc.h Normal file
View File

@@ -0,0 +1,52 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2023 Nordic Semiconductor ASA
*
*/
#ifndef H_BOOTUTIL_MISC_
#define H_BOOTUTIL_MISC_
#include <string.h>
#include <inttypes.h>
#include <stddef.h>
#include "bootutil/bootutil_public.h"
#ifdef MCUBOOT_ENC_IMAGES
#include "bootutil/enc_key.h"
#endif
static int
boot_magic_decode(const uint8_t *magic)
{
if (memcmp(magic, BOOT_IMG_MAGIC, BOOT_MAGIC_SZ) == 0) {
return BOOT_MAGIC_GOOD;
}
return BOOT_MAGIC_BAD;
}
static inline uint32_t
boot_magic_off(const struct flash_area *fap)
{
return flash_area_get_size(fap) - BOOT_MAGIC_SZ;
}
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
{
return ALIGN_DOWN(boot_magic_off(fap) - BOOT_MAX_ALIGN, BOOT_MAX_ALIGN);
}
static inline uint32_t
boot_copy_done_off(const struct flash_area *fap)
{
return boot_image_ok_off(fap) - BOOT_MAX_ALIGN;
}
static inline uint32_t
boot_swap_size_off(const struct flash_area *fap)
{
return boot_swap_info_off(fap) - BOOT_MAX_ALIGN;
}
#endif /* H_BOOTUTIL_MISC_ */

486
bootloader/mcuboot/boot/bootutil/src/bootutil_priv.h Normal file
View File

@@ -0,0 +1,486 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017-2020 Linaro LTD
* Copyright (c) 2017-2019 JUUL Labs
* Copyright (c) 2019-2021 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#ifndef H_BOOTUTIL_PRIV_
#define H_BOOTUTIL_PRIV_
#include <string.h>
#include "sysflash/sysflash.h"
#include <flash_map_backend/flash_map_backend.h>
#include "bootutil/bootutil.h"
#include "bootutil/image.h"
#include "bootutil/fault_injection_hardening.h"
#include "mcuboot_config/mcuboot_config.h"
#ifdef MCUBOOT_ENC_IMAGES
#include "bootutil/enc_key.h"
#endif
#ifdef __cplusplus
extern "C" {
#endif
struct flash_area;
#define BOOT_TMPBUF_SZ 256
/** Number of image slots in flash; currently limited to two. */
#define BOOT_NUM_SLOTS 2
#if (defined(MCUBOOT_OVERWRITE_ONLY) + \
defined(MCUBOOT_SWAP_USING_MOVE) + \
defined(MCUBOOT_DIRECT_XIP) + \
defined(MCUBOOT_RAM_LOAD) + \
defined(MCUBOOT_FIRMWARE_LOADER) + \
defined(MCUBOOT_SWAP_USING_SCRATCH)) > 1
#error "Please enable only one of MCUBOOT_OVERWRITE_ONLY, MCUBOOT_SWAP_USING_MOVE, MCUBOOT_DIRECT_XIP, MCUBOOT_RAM_LOAD or MCUBOOT_FIRMWARE_LOADER"
#endif
#if !defined(MCUBOOT_DIRECT_XIP) && \
defined(MCUBOOT_DIRECT_XIP_REVERT)
#error "MCUBOOT_DIRECT_XIP_REVERT cannot be enabled unless MCUBOOT_DIRECT_XIP is used"
#endif
#if !defined(MCUBOOT_OVERWRITE_ONLY) && \
!defined(MCUBOOT_SWAP_USING_MOVE) && \
!defined(MCUBOOT_DIRECT_XIP) && \
!defined(MCUBOOT_RAM_LOAD) && \
!defined(MCUBOOT_SINGLE_APPLICATION_SLOT) && \
!defined(MCUBOOT_FIRMWARE_LOADER)
#define MCUBOOT_SWAP_USING_SCRATCH 1
#endif
#define BOOT_STATUS_OP_MOVE 1
#define BOOT_STATUS_OP_SWAP 2
/*
* Maintain state of copy progress.
*/
struct boot_status {
uint32_t idx; /* Which area we're operating on */
uint8_t state; /* Which part of the swapping process are we at */
uint8_t op; /* What operation are we performing? */
uint8_t use_scratch; /* Are status bytes ever written to scratch? */
uint8_t swap_type; /* The type of swap in effect */
uint32_t swap_size; /* Total size of swapped image */
#ifdef MCUBOOT_ENC_IMAGES
uint8_t enckey[BOOT_NUM_SLOTS][BOOT_ENC_KEY_ALIGN_SIZE];
#if MCUBOOT_SWAP_SAVE_ENCTLV
uint8_t enctlv[BOOT_NUM_SLOTS][BOOT_ENC_TLV_ALIGN_SIZE];
#endif
#endif
int source; /* Which slot contains swap status metadata */
};
#define BOOT_STATUS_IDX_0 1
#define BOOT_STATUS_STATE_0 1
#define BOOT_STATUS_STATE_1 2
#define BOOT_STATUS_STATE_2 3
/**
* End-of-image slot structure.
*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* ~ ~
* ~ Swap status (BOOT_MAX_IMG_SECTORS * min-write-size * 3) ~
* ~ ~
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encryption key 0 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | 0xff padding as needed |
* | (BOOT_MAX_ALIGN minus 16 octets from Encryption key 0) [*] |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encryption key 1 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | 0xff padding as needed |
* | (BOOT_MAX_ALIGN minus 16 octets from Encryption key 1) [*] |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Swap size (4 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | 0xff padding as needed |
* | (BOOT_MAX_ALIGN minus 4 octets from Swap size) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Swap info | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Copy done | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Image OK | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | 0xff padding as needed |
* | (BOOT_MAX_ALIGN minus 16 octets from MAGIC) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | MAGIC (16 octets) |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
* [*]: Only present if the encryption option is enabled
* (`MCUBOOT_ENC_IMAGES`).
*/
union boot_img_magic_t
{
struct {
uint16_t align;
uint8_t magic[14];
};
uint8_t val[16];
};
extern const union boot_img_magic_t boot_img_magic;
#define BOOT_IMG_MAGIC (boot_img_magic.val)
#if BOOT_MAX_ALIGN == 8
#define BOOT_IMG_ALIGN (BOOT_MAX_ALIGN)
#else
#define BOOT_IMG_ALIGN (boot_img_magic.align)
#endif
_Static_assert(sizeof(boot_img_magic) == BOOT_MAGIC_SZ, "Invalid size for image magic");
#if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)
#define ARE_SLOTS_EQUIVALENT() 0
#else
#define ARE_SLOTS_EQUIVALENT() 1
#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_ENC_IMAGES)
#error "Image encryption (MCUBOOT_ENC_IMAGES) is not supported when MCUBOOT_DIRECT_XIP is selected."
#endif /* MCUBOOT_DIRECT_XIP && MCUBOOT_ENC_IMAGES */
#endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
#define BOOT_MAX_IMG_SECTORS MCUBOOT_MAX_IMG_SECTORS
#define BOOT_LOG_IMAGE_INFO(slot, hdr) \
BOOT_LOG_INF("%-9s slot: version=%u.%u.%u+%u", \
((slot) == BOOT_PRIMARY_SLOT) ? "Primary" : "Secondary", \
(hdr)->ih_ver.iv_major, \
(hdr)->ih_ver.iv_minor, \
(hdr)->ih_ver.iv_revision, \
(hdr)->ih_ver.iv_build_num)
#if MCUBOOT_SWAP_USING_MOVE
#define BOOT_STATUS_MOVE_STATE_COUNT 1
#define BOOT_STATUS_SWAP_STATE_COUNT 2
#define BOOT_STATUS_STATE_COUNT (BOOT_STATUS_MOVE_STATE_COUNT + BOOT_STATUS_SWAP_STATE_COUNT)
#else
#define BOOT_STATUS_STATE_COUNT 3
#endif
/** Maximum number of image sectors supported by the bootloader. */
#define BOOT_STATUS_MAX_ENTRIES BOOT_MAX_IMG_SECTORS
#define BOOT_PRIMARY_SLOT 0
#define BOOT_SECONDARY_SLOT 1
#define BOOT_STATUS_SOURCE_NONE 0
#define BOOT_STATUS_SOURCE_SCRATCH 1
#define BOOT_STATUS_SOURCE_PRIMARY_SLOT 2
/**
* Compatibility shim for flash sector type.
*
* This can be deleted when flash_area_to_sectors() is removed.
*/
#ifdef MCUBOOT_USE_FLASH_AREA_GET_SECTORS
typedef struct flash_sector boot_sector_t;
#else
typedef struct flash_area boot_sector_t;
#endif
/** Private state maintained during boot. */
struct boot_loader_state {
struct {
struct image_header hdr;
const struct flash_area *area;
boot_sector_t *sectors;
uint32_t num_sectors;
} imgs[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
#if MCUBOOT_SWAP_USING_SCRATCH
struct {
const struct flash_area *area;
boot_sector_t *sectors;
uint32_t num_sectors;
} scratch;
#endif
uint8_t swap_type[BOOT_IMAGE_NUMBER];
uint32_t write_sz;
#if defined(MCUBOOT_ENC_IMAGES)
struct enc_key_data enc[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
#endif
#if (BOOT_IMAGE_NUMBER > 1)
uint8_t curr_img_idx;
bool img_mask[BOOT_IMAGE_NUMBER];
#endif
#if defined(MCUBOOT_DIRECT_XIP) || defined(MCUBOOT_RAM_LOAD)
struct slot_usage_t {
/* Index of the slot chosen to be loaded */
uint32_t active_slot;
bool slot_available[BOOT_NUM_SLOTS];
#if defined(MCUBOOT_RAM_LOAD)
/* Image destination and size for the active slot */
uint32_t img_dst;
uint32_t img_sz;
#elif defined(MCUBOOT_DIRECT_XIP_REVERT)
/* Swap status for the active slot */
struct boot_swap_state swap_state;
#endif
} slot_usage[BOOT_IMAGE_NUMBER];
#endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
};
fih_ret bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig,
size_t slen, uint8_t key_id);
fih_ret bootutil_verify_img(const uint8_t *img, uint32_t size,
uint8_t *sig, size_t slen, uint8_t key_id);
fih_ret boot_fih_memequal(const void *s1, const void *s2, size_t n);
int boot_find_status(int image_index, const struct flash_area **fap);
int boot_magic_compatible_check(uint8_t tbl_val, uint8_t val);
uint32_t boot_status_sz(uint32_t min_write_sz);
uint32_t boot_trailer_sz(uint32_t min_write_sz);
int boot_status_entries(int image_index, const struct flash_area *fap);
uint32_t boot_status_off(const struct flash_area *fap);
int boot_read_swap_state(const struct flash_area *fap,
struct boot_swap_state *state);
int boot_read_swap_state_by_id(int flash_area_id,
struct boot_swap_state *state);
int boot_write_magic(const struct flash_area *fap);
int boot_write_status(const struct boot_loader_state *state, struct boot_status *bs);
int boot_write_copy_done(const struct flash_area *fap);
int boot_write_image_ok(const struct flash_area *fap);
int boot_write_swap_info(const struct flash_area *fap, uint8_t swap_type,
uint8_t image_num);
int boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size);
int boot_write_trailer(const struct flash_area *fap, uint32_t off,
const uint8_t *inbuf, uint8_t inlen);
int boot_write_trailer_flag(const struct flash_area *fap, uint32_t off,
uint8_t flag_val);
int boot_read_swap_size(const struct flash_area *fap, uint32_t *swap_size);
int boot_slots_compatible(struct boot_loader_state *state);
uint32_t boot_status_internal_off(const struct boot_status *bs, int elem_sz);
int boot_read_image_header(struct boot_loader_state *state, int slot,
struct image_header *out_hdr, struct boot_status *bs);
int boot_copy_region(struct boot_loader_state *state,
const struct flash_area *fap_src,
const struct flash_area *fap_dst,
uint32_t off_src, uint32_t off_dst, uint32_t sz);
int boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz);
bool boot_status_is_reset(const struct boot_status *bs);
#ifdef MCUBOOT_ENC_IMAGES
int boot_write_enc_key(const struct flash_area *fap, uint8_t slot,
const struct boot_status *bs);
int boot_read_enc_key(const struct flash_area *fap, uint8_t slot,
struct boot_status *bs);
#endif
/**
* Checks that a buffer is erased according to what the erase value for the
* flash device provided in `flash_area` is.
*
* @returns true if the buffer is erased; false if any of the bytes is not
* erased, or when buffer is NULL, or when len == 0.
*/
bool bootutil_buffer_is_erased(const struct flash_area *area,
const void *buffer, size_t len);
/**
* Safe (non-overflowing) uint32_t addition. Returns true, and stores
* the result in *dest if it can be done without overflow. Otherwise,
* returns false.
*/
static inline bool boot_u32_safe_add(uint32_t *dest, uint32_t a, uint32_t b)
{
/*
* "a + b <= UINT32_MAX", subtract 'b' from both sides to avoid
* the overflow.
*/
if (a > UINT32_MAX - b) {
return false;
} else {
*dest = a + b;
return true;
}
}
/**
* Safe (non-overflowing) uint16_t addition. Returns true, and stores
* the result in *dest if it can be done without overflow. Otherwise,
* returns false.
*/
static inline bool boot_u16_safe_add(uint16_t *dest, uint16_t a, uint16_t b)
{
uint32_t tmp = a + b;
if (tmp > UINT16_MAX) {
return false;
} else {
*dest = tmp;
return true;
}
}
/*
* Accessors for the contents of struct boot_loader_state.
*/
/* These are macros so they can be used as lvalues. */
#if (BOOT_IMAGE_NUMBER > 1)
#define BOOT_CURR_IMG(state) ((state)->curr_img_idx)
#else
#define BOOT_CURR_IMG(state) 0
#endif
#ifdef MCUBOOT_ENC_IMAGES
#define BOOT_CURR_ENC(state) ((state)->enc[BOOT_CURR_IMG(state)])
#else
#define BOOT_CURR_ENC(state) NULL
#endif
#define BOOT_IMG(state, slot) ((state)->imgs[BOOT_CURR_IMG(state)][(slot)])
#define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
#define BOOT_WRITE_SZ(state) ((state)->write_sz)
#define BOOT_SWAP_TYPE(state) ((state)->swap_type[BOOT_CURR_IMG(state)])
#define BOOT_TLV_OFF(hdr) ((hdr)->ih_hdr_size + (hdr)->ih_img_size)
#define BOOT_IS_UPGRADE(swap_type) \
(((swap_type) == BOOT_SWAP_TYPE_TEST) || \
((swap_type) == BOOT_SWAP_TYPE_REVERT) || \
((swap_type) == BOOT_SWAP_TYPE_PERM))
static inline struct image_header*
boot_img_hdr(struct boot_loader_state *state, size_t slot)
{
return &BOOT_IMG(state, slot).hdr;
}
static inline size_t
boot_img_num_sectors(const struct boot_loader_state *state, size_t slot)
{
return BOOT_IMG(state, slot).num_sectors;
}
/*
* Offset of the slot from the beginning of the flash device.
*/
static inline uint32_t
boot_img_slot_off(struct boot_loader_state *state, size_t slot)
{
return flash_area_get_off(BOOT_IMG(state, slot).area);
}
#ifndef MCUBOOT_USE_FLASH_AREA_GET_SECTORS
static inline size_t
boot_img_sector_size(const struct boot_loader_state *state,
size_t slot, size_t sector)
{
return flash_area_get_size(&BOOT_IMG(state, slot).sectors[sector]);
}
/*
* Offset of the sector from the beginning of the image, NOT the flash
* device.
*/
static inline uint32_t
boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
size_t sector)
{
return flash_area_get_off(&BOOT_IMG(state, slot).sectors[sector]) -
flash_area_get_off(&BOOT_IMG(state, slot).sectors[0]);
}
#else /* defined(MCUBOOT_USE_FLASH_AREA_GET_SECTORS) */
static inline size_t
boot_img_sector_size(const struct boot_loader_state *state,
size_t slot, size_t sector)
{
return flash_sector_get_size(&BOOT_IMG(state, slot).sectors[sector]);
}
static inline uint32_t
boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
size_t sector)
{
return flash_sector_get_off(&BOOT_IMG(state, slot).sectors[sector]) -
flash_sector_get_off(&BOOT_IMG(state, slot).sectors[0]);
}
#endif /* !defined(MCUBOOT_USE_FLASH_AREA_GET_SECTORS) */
#ifdef MCUBOOT_RAM_LOAD
# ifdef __BOOTSIM__
/* Query for the layout of a RAM buffer appropriate for holding the
* image. This will be per-test-thread, and therefore must be queried
* through this call. */
struct bootsim_ram_info {
uint32_t start;
uint32_t size;
uintptr_t base;
};
struct bootsim_ram_info *bootsim_get_ram_info(void);
#define IMAGE_GET_FIELD(field) (bootsim_get_ram_info()->field)
#define IMAGE_RAM_BASE IMAGE_GET_FIELD(base)
#define IMAGE_EXECUTABLE_RAM_START IMAGE_GET_FIELD(start)
#define IMAGE_EXECUTABLE_RAM_SIZE IMAGE_GET_FIELD(size)
# else
# define IMAGE_RAM_BASE ((uintptr_t)0)
# endif
#define LOAD_IMAGE_DATA(hdr, fap, start, output, size) \
(memcpy((output),(void*)(IMAGE_RAM_BASE + (hdr)->ih_load_addr + (start)), \
(size)), 0)
#else
#define IMAGE_RAM_BASE ((uintptr_t)0)
#define LOAD_IMAGE_DATA(hdr, fap, start, output, size) \
(flash_area_read((fap), (start), (output), (size)))
#endif /* MCUBOOT_RAM_LOAD */
uint32_t bootutil_max_image_size(const struct flash_area *fap);
#ifdef __cplusplus
}
#endif
#endif

762
bootloader/mcuboot/boot/bootutil/src/bootutil_public.c Normal file
View File

@@ -0,0 +1,762 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2019-2023 Arm Limited
* Copyright (c) 2020-2023 Nordic Semiconductor ASA
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
/**
* @file
* @brief Public MCUBoot interface API implementation
*
* This file contains API implementation which can be combined with
* the application in order to interact with the MCUBoot bootloader.
* This file contains shared code-base betwen MCUBoot and the application
* which controls DFU process.
*/
#include <string.h>
#include <inttypes.h>
#include <stddef.h>
#include "sysflash/sysflash.h"
#include "flash_map_backend/flash_map_backend.h"
#include "bootutil/image.h"
#include "bootutil/bootutil_public.h"
#include "bootutil/bootutil_log.h"
#include "bootutil/boot_public_hooks.h"
#include "bootutil_priv.h"
#include "bootutil_misc.h"
#ifdef CONFIG_MCUBOOT
BOOT_LOG_MODULE_DECLARE(mcuboot);
#else
BOOT_LOG_MODULE_REGISTER(mcuboot_util);
#endif
#if BOOT_MAX_ALIGN == 8
const union boot_img_magic_t boot_img_magic = {
.val = {
0x77, 0xc2, 0x95, 0xf3,
0x60, 0xd2, 0xef, 0x7f,
0x35, 0x52, 0x50, 0x0f,
0x2c, 0xb6, 0x79, 0x80
}
};
#else
const union boot_img_magic_t boot_img_magic = {
.align = BOOT_MAX_ALIGN,
.magic = {
0x2d, 0xe1,
0x5d, 0x29, 0x41, 0x0b,
0x8d, 0x77, 0x67, 0x9c,
0x11, 0x0f, 0x1f, 0x8a
}
};
#endif
struct boot_swap_table {
uint8_t magic_primary_slot;
uint8_t magic_secondary_slot;
uint8_t image_ok_primary_slot;
uint8_t image_ok_secondary_slot;
uint8_t copy_done_primary_slot;
uint8_t swap_type;
};
/**
* This set of tables maps image trailer contents to swap operation type.
* When searching for a match, these tables must be iterated sequentially.
*
* NOTE: the table order is very important. The settings in the secondary
* slot always are priority to the primary slot and should be located
* earlier in the table.
*
* The table lists only states where there is action needs to be taken by
* the bootloader, as in starting/finishing a swap operation.
*/
static const struct boot_swap_table boot_swap_tables[] = {
{
.magic_primary_slot = BOOT_MAGIC_ANY,
.magic_secondary_slot = BOOT_MAGIC_GOOD,
.image_ok_primary_slot = BOOT_FLAG_ANY,
.image_ok_secondary_slot = BOOT_FLAG_UNSET,
.copy_done_primary_slot = BOOT_FLAG_ANY,
.swap_type = BOOT_SWAP_TYPE_TEST,
},
{
.magic_primary_slot = BOOT_MAGIC_ANY,
.magic_secondary_slot = BOOT_MAGIC_GOOD,
.image_ok_primary_slot = BOOT_FLAG_ANY,
.image_ok_secondary_slot = BOOT_FLAG_SET,
.copy_done_primary_slot = BOOT_FLAG_ANY,
.swap_type = BOOT_SWAP_TYPE_PERM,
},
{
.magic_primary_slot = BOOT_MAGIC_GOOD,
.magic_secondary_slot = BOOT_MAGIC_UNSET,
.image_ok_primary_slot = BOOT_FLAG_UNSET,
.image_ok_secondary_slot = BOOT_FLAG_ANY,
.copy_done_primary_slot = BOOT_FLAG_SET,
.swap_type = BOOT_SWAP_TYPE_REVERT,
},
};
#define BOOT_SWAP_TABLES_COUNT \
(sizeof boot_swap_tables / sizeof boot_swap_tables[0])
static int
boot_flag_decode(uint8_t flag)
{
if (flag != BOOT_FLAG_SET) {
return BOOT_FLAG_BAD;
}
return BOOT_FLAG_SET;
}
uint32_t
boot_swap_info_off(const struct flash_area *fap)
{
return boot_copy_done_off(fap) - BOOT_MAX_ALIGN;
}
/**
* Determines if a status source table is satisfied by the specified magic
* code.
*
* @param tbl_val A magic field from a status source table.
* @param val The magic value in a trailer, encoded as a
* BOOT_MAGIC_[...].
*
* @return 1 if the two values are compatible;
* 0 otherwise.
*/
int
boot_magic_compatible_check(uint8_t tbl_val, uint8_t val)
{
switch (tbl_val) {
case BOOT_MAGIC_ANY:
return 1;
case BOOT_MAGIC_NOTGOOD:
return val != BOOT_MAGIC_GOOD;
default:
return tbl_val == val;
}
}
bool bootutil_buffer_is_erased(const struct flash_area *area,
const void *buffer, size_t len)
{
size_t i;
uint8_t *u8b;
uint8_t erased_val;
if (buffer == NULL || len == 0) {
return false;
}
erased_val = flash_area_erased_val(area);
for (i = 0, u8b = (uint8_t *)buffer; i < len; i++) {
if (u8b[i] != erased_val) {
return false;
}
}
return true;
}
static int
boot_read_flag(const struct flash_area *fap, uint8_t *flag, uint32_t off)
{
int rc;
rc = flash_area_read(fap, off, flag, sizeof *flag);
if (rc < 0) {
return BOOT_EFLASH;
}
if (bootutil_buffer_is_erased(fap, flag, sizeof *flag)) {
*flag = BOOT_FLAG_UNSET;
} else {
*flag = boot_flag_decode(*flag);
}
return 0;
}
static inline int
boot_read_copy_done(const struct flash_area *fap, uint8_t *copy_done)
{
return boot_read_flag(fap, copy_done, boot_copy_done_off(fap));
}
int
boot_read_swap_state(const struct flash_area *fap,
struct boot_swap_state *state)
{
uint8_t magic[BOOT_MAGIC_SZ];
uint32_t off;
uint8_t swap_info;
int rc;
off = boot_magic_off(fap);
rc = flash_area_read(fap, off, magic, BOOT_MAGIC_SZ);
if (rc < 0) {
return BOOT_EFLASH;
}
if (bootutil_buffer_is_erased(fap, magic, BOOT_MAGIC_SZ)) {
state->magic = BOOT_MAGIC_UNSET;
} else {
state->magic = boot_magic_decode(magic);
}
off = boot_swap_info_off(fap);
rc = flash_area_read(fap, off, &swap_info, sizeof swap_info);
if (rc < 0) {
return BOOT_EFLASH;
}
/* Extract the swap type and image number */
state->swap_type = BOOT_GET_SWAP_TYPE(swap_info);
state->image_num = BOOT_GET_IMAGE_NUM(swap_info);
if (bootutil_buffer_is_erased(fap, &swap_info, sizeof swap_info) ||
state->swap_type > BOOT_SWAP_TYPE_REVERT) {
state->swap_type = BOOT_SWAP_TYPE_NONE;
state->image_num = 0;
}
rc = boot_read_copy_done(fap, &state->copy_done);
if (rc) {
return BOOT_EFLASH;
}
return boot_read_image_ok(fap, &state->image_ok);
}
int
boot_read_swap_state_by_id(int flash_area_id, struct boot_swap_state *state)
{
const struct flash_area *fap;
int rc;
rc = flash_area_open(flash_area_id, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = boot_read_swap_state(fap, state);
flash_area_close(fap);
return rc;
}
int
boot_write_magic(const struct flash_area *fap)
{
uint32_t off;
uint32_t pad_off;
int rc;
uint8_t magic[BOOT_MAGIC_ALIGN_SIZE];
uint8_t erased_val;
off = boot_magic_off(fap);
/* image_trailer structure was modified with additional padding such that
* the pad+magic ends up in a flash minimum write region. The address
* returned by boot_magic_off() is the start of magic which is not the
* start of the flash write boundary and thus writes to the magic will fail.
* To account for this change, write to magic is first padded with 0xFF
* before writing to the trailer.
*/
pad_off = ALIGN_DOWN(off, BOOT_MAX_ALIGN);
erased_val = flash_area_erased_val(fap);
memset(&magic[0], erased_val, sizeof(magic));
memcpy(&magic[BOOT_MAGIC_ALIGN_SIZE - BOOT_MAGIC_SZ], BOOT_IMG_MAGIC, BOOT_MAGIC_SZ);
BOOT_LOG_DBG("writing magic; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)(flash_area_get_off(fap) + off));
rc = flash_area_write(fap, pad_off, &magic[0], BOOT_MAGIC_ALIGN_SIZE);
if (rc != 0) {
return BOOT_EFLASH;
}
return 0;
}
/**
* Write trailer data; status bytes, swap_size, etc
*
* @returns 0 on success, != 0 on error.
*/
int
boot_write_trailer(const struct flash_area *fap, uint32_t off,
const uint8_t *inbuf, uint8_t inlen)
{
uint8_t buf[BOOT_MAX_ALIGN];
uint8_t erased_val;
uint32_t align;
int rc;
align = flash_area_align(fap);
align = ALIGN_UP(inlen, align);
if (align > BOOT_MAX_ALIGN) {
return -1;
}
erased_val = flash_area_erased_val(fap);
memcpy(buf, inbuf, inlen);
memset(&buf[inlen], erased_val, align - inlen);
rc = flash_area_write(fap, off, buf, align);
if (rc != 0) {
return BOOT_EFLASH;
}
return 0;
}
int
boot_write_trailer_flag(const struct flash_area *fap, uint32_t off,
uint8_t flag_val)
{
const uint8_t buf[1] = { flag_val };
return boot_write_trailer(fap, off, buf, 1);
}
int
boot_write_image_ok(const struct flash_area *fap)
{
uint32_t off;
off = boot_image_ok_off(fap);
BOOT_LOG_DBG("writing image_ok; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)(flash_area_get_off(fap) + off));
return boot_write_trailer_flag(fap, off, BOOT_FLAG_SET);
}
int
boot_read_image_ok(const struct flash_area *fap, uint8_t *image_ok)
{
return boot_read_flag(fap, image_ok, boot_image_ok_off(fap));
}
/**
* Writes the specified value to the `swap-type` field of an image trailer.
* This value is persisted so that the boot loader knows what swap operation to
* resume in case of an unexpected reset.
*/
int
boot_write_swap_info(const struct flash_area *fap, uint8_t swap_type,
uint8_t image_num)
{
uint32_t off;
uint8_t swap_info;
BOOT_SET_SWAP_INFO(swap_info, image_num, swap_type);
off = boot_swap_info_off(fap);
BOOT_LOG_DBG("writing swap_info; fa_id=%d off=0x%lx (0x%lx), swap_type=0x%x"
" image_num=0x%x",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)(flash_area_get_off(fap) + off),
swap_type, image_num);
return boot_write_trailer(fap, off, (const uint8_t *) &swap_info, 1);
}
int
boot_swap_type_multi(int image_index)
{
const struct boot_swap_table *table;
struct boot_swap_state primary_slot;
struct boot_swap_state secondary_slot;
int rc;
size_t i;
rc = BOOT_HOOK_CALL(boot_read_swap_state_primary_slot_hook,
BOOT_HOOK_REGULAR, image_index, &primary_slot);
if (rc == BOOT_HOOK_REGULAR)
{
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY(image_index),
&primary_slot);
}
if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY(image_index),
&secondary_slot);
if (rc == BOOT_EFLASH) {
BOOT_LOG_INF("Secondary image of image pair (%d.) "
"is unreachable. Treat it as empty", image_index);
secondary_slot.magic = BOOT_MAGIC_UNSET;
secondary_slot.swap_type = BOOT_SWAP_TYPE_NONE;
secondary_slot.copy_done = BOOT_FLAG_UNSET;
secondary_slot.image_ok = BOOT_FLAG_UNSET;
secondary_slot.image_num = 0;
} else if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
for (i = 0; i < BOOT_SWAP_TABLES_COUNT; i++) {
table = boot_swap_tables + i;
if (boot_magic_compatible_check(table->magic_primary_slot,
primary_slot.magic) &&
boot_magic_compatible_check(table->magic_secondary_slot,
secondary_slot.magic) &&
(table->image_ok_primary_slot == BOOT_FLAG_ANY ||
table->image_ok_primary_slot == primary_slot.image_ok) &&
(table->image_ok_secondary_slot == BOOT_FLAG_ANY ||
table->image_ok_secondary_slot == secondary_slot.image_ok) &&
(table->copy_done_primary_slot == BOOT_FLAG_ANY ||
table->copy_done_primary_slot == primary_slot.copy_done)) {
BOOT_LOG_INF("Image index: %d, Swap type: %s", image_index,
table->swap_type == BOOT_SWAP_TYPE_TEST ? "test" :
table->swap_type == BOOT_SWAP_TYPE_PERM ? "perm" :
table->swap_type == BOOT_SWAP_TYPE_REVERT ? "revert" :
"BUG; can't happen");
if (table->swap_type != BOOT_SWAP_TYPE_TEST &&
table->swap_type != BOOT_SWAP_TYPE_PERM &&
table->swap_type != BOOT_SWAP_TYPE_REVERT) {
return BOOT_SWAP_TYPE_PANIC;
}
return table->swap_type;
}
}
BOOT_LOG_INF("Image index: %d, Swap type: none", image_index);
return BOOT_SWAP_TYPE_NONE;
}
int
boot_write_copy_done(const struct flash_area *fap)
{
uint32_t off;
off = boot_copy_done_off(fap);
BOOT_LOG_DBG("writing copy_done; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)(flash_area_get_off(fap) + off));
return boot_write_trailer_flag(fap, off, BOOT_FLAG_SET);
}
#ifndef MCUBOOT_BOOTUTIL_LIB_FOR_DIRECT_XIP
static int flash_area_to_image(const struct flash_area *fa)
{
#if BOOT_IMAGE_NUMBER > 1
uint8_t i = 0;
int id = flash_area_get_id(fa);
while (i < BOOT_IMAGE_NUMBER) {
if (FLASH_AREA_IMAGE_PRIMARY(i) == id || (FLASH_AREA_IMAGE_SECONDARY(i) == id)) {
return i;
}
++i;
}
#else
(void)fa;
#endif
return 0;
}
int
boot_set_next(const struct flash_area *fa, bool active, bool confirm)
{
struct boot_swap_state slot_state;
int rc;
if (active) {
confirm = true;
}
rc = boot_read_swap_state(fa, &slot_state);
if (rc != 0) {
return rc;
}
switch (slot_state.magic) {
case BOOT_MAGIC_GOOD:
/* If non-active then swap already scheduled, else confirm needed.*/
if (active && slot_state.image_ok == BOOT_FLAG_UNSET) {
/* Intentionally do not check copy_done flag to be able to
* confirm a padded image which has been programmed using
* a programming interface.
*/
rc = boot_write_image_ok(fa);
}
break;
case BOOT_MAGIC_UNSET:
if (!active) {
rc = boot_write_magic(fa);
if (rc == 0 && confirm) {
rc = boot_write_image_ok(fa);
}
if (rc == 0) {
uint8_t swap_type;
if (confirm) {
swap_type = BOOT_SWAP_TYPE_PERM;
} else {
swap_type = BOOT_SWAP_TYPE_TEST;
}
rc = boot_write_swap_info(fa, swap_type, flash_area_to_image(fa));
}
}
break;
case BOOT_MAGIC_BAD:
if (active) {
rc = BOOT_EBADVECT;
} else {
/* The image slot is corrupt. There is no way to recover, so erase the
* slot to allow future upgrades.
*/
flash_area_erase(fa, 0, flash_area_get_size(fa));
rc = BOOT_EBADIMAGE;
}
break;
default:
/* Something is not OK, this should never happen */
assert(0);
rc = BOOT_EBADIMAGE;
}
return rc;
}
#else
int
boot_set_next(const struct flash_area *fa, bool active, bool confirm)
{
struct boot_swap_state slot_state;
int rc;
if (active) {
/* The only way to set active slot for next boot is to confirm it,
* as DirectXIP will conclude that, since slot has not been confirmed
* last boot, it is bad and will remove it.
*/
confirm = true;
}
rc = boot_read_swap_state(fa, &slot_state);
if (rc != 0) {
return rc;
}
switch (slot_state.magic) {
case BOOT_MAGIC_UNSET:
/* Magic is needed for MCUboot to even consider booting an image */
rc = boot_write_magic(fa);
if (rc != 0) {
break;
}
/* Pass */
case BOOT_MAGIC_GOOD:
if (confirm) {
if (slot_state.copy_done == BOOT_FLAG_UNSET) {
/* Magic is needed for DirectXIP to even try to boot application.
* DirectXIP will set copy-done flag before attempting to boot
* application. Next boot, application that has copy-done flag
* is expected to already have ok flag, otherwise it will be removed.
*/
rc = boot_write_copy_done(fa);
if (rc != 0) {
break;
}
}
if (slot_state.image_ok == BOOT_FLAG_UNSET) {
rc = boot_write_image_ok(fa);
if (rc != 0) {
break;
}
}
}
break;
case BOOT_MAGIC_BAD:
/* This image will not be boot next time anyway */
rc = BOOT_EBADIMAGE;
break;
default:
/* Something is not OK, this should never happen */
assert(0);
rc = BOOT_EBADSTATUS;
}
return rc;
}
#endif
/*
* This function is not used by the bootloader itself, but its required API
* by external tooling like mcumgr.
*/
int
boot_swap_type(void)
{
return boot_swap_type_multi(0);
}
/**
* Marks the image with the given index in the secondary slot as pending. On the
* next reboot, the system will perform a one-time boot of the the secondary
* slot image.
*
* @param image_index Image pair index.
*
* @param permanent Whether the image should be used permanently or
* only tested once:
* 0=run image once, then confirm or revert.
* 1=run image forever.
*
* @return 0 on success; nonzero on failure.
*/
int
boot_set_pending_multi(int image_index, int permanent)
{
const struct flash_area *fap;
int rc;
rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = boot_set_next(fap, false, !(permanent == 0));
flash_area_close(fap);
return rc;
}
/**
* Marks the image with index 0 in the secondary slot as pending. On the next
* reboot, the system will perform a one-time boot of the the secondary slot
* image. Note that this API is kept for compatibility. The
* boot_set_pending_multi() API is recommended.
*
* @param permanent Whether the image should be used permanently or
* only tested once:
* 0=run image once, then confirm or revert.
* 1=run image forever.
*
* @return 0 on success; nonzero on failure.
*/
int
boot_set_pending(int permanent)
{
return boot_set_pending_multi(0, permanent);
}
/**
* Marks the image with the given index in the primary slot as confirmed. The
* system will continue booting into the image in the primary slot until told to
* boot from a different slot.
*
* @param image_index Image pair index.
*
* @return 0 on success; nonzero on failure.
*/
int
boot_set_confirmed_multi(int image_index)
{
const struct flash_area *fap = NULL;
int rc;
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(image_index), &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = boot_set_next(fap, true, true);
flash_area_close(fap);
return rc;
}
/**
* Marks the image with index 0 in the primary slot as confirmed. The system
* will continue booting into the image in the primary slot until told to boot
* from a different slot. Note that this API is kept for compatibility. The
* boot_set_confirmed_multi() API is recommended.
*
* @return 0 on success; nonzero on failure.
*/
int
boot_set_confirmed(void)
{
return boot_set_confirmed_multi(0);
}
int
boot_image_load_header(const struct flash_area *fa_p,
struct image_header *hdr)
{
uint32_t size;
int rc = flash_area_read(fa_p, 0, hdr, sizeof *hdr);
if (rc != 0) {
rc = BOOT_EFLASH;
BOOT_LOG_ERR("Failed reading image header");
return BOOT_EFLASH;
}
if (hdr->ih_magic != IMAGE_MAGIC) {
BOOT_LOG_ERR("Bad image magic 0x%lx", (unsigned long)hdr->ih_magic);
return BOOT_EBADIMAGE;
}
if (hdr->ih_flags & IMAGE_F_NON_BOOTABLE) {
BOOT_LOG_ERR("Image not bootable");
return BOOT_EBADIMAGE;
}
if (!boot_u32_safe_add(&size, hdr->ih_img_size, hdr->ih_hdr_size) ||
size >= flash_area_get_size(fa_p)) {
return BOOT_EBADIMAGE;
}
return 0;
}

95
bootloader/mcuboot/boot/bootutil/src/caps.c Normal file
View File

@@ -0,0 +1,95 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017 Linaro Limited
* Copyright (c) 2021-2023 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <bootutil/caps.h>
#include "mcuboot_config/mcuboot_config.h"
uint32_t bootutil_get_caps(void)
{
uint32_t res = 0;
#if defined(MCUBOOT_SIGN_RSA)
#if MCUBOOT_SIGN_RSA_LEN == 2048
res |= BOOTUTIL_CAP_RSA2048;
#endif
#if MCUBOOT_SIGN_RSA_LEN == 3072
res |= BOOTUTIL_CAP_RSA3072;
#endif
#endif
#if defined(MCUBOOT_SIGN_EC256)
res |= BOOTUTIL_CAP_ECDSA_P256;
#endif
#if defined(MCUBOOT_SIGN_EC384)
res |= BOOTUTIL_CAP_ECDSA_P384;
#endif
#if defined(MCUBOOT_SIGN_ED25519)
res |= BOOTUTIL_CAP_ED25519;
#endif
#if defined(MCUBOOT_OVERWRITE_ONLY)
res |= BOOTUTIL_CAP_OVERWRITE_UPGRADE;
#elif defined(MCUBOOT_SWAP_USING_MOVE)
res |= BOOTUTIL_CAP_SWAP_USING_MOVE;
#else
res |= BOOTUTIL_CAP_SWAP_USING_SCRATCH;
#endif
#if defined(MCUBOOT_ENCRYPT_RSA)
res |= BOOTUTIL_CAP_ENC_RSA;
#endif
#if defined(MCUBOOT_ENCRYPT_KW)
res |= BOOTUTIL_CAP_ENC_KW;
#endif
#if defined(MCUBOOT_ENCRYPT_EC256)
res |= BOOTUTIL_CAP_ENC_EC256;
#endif
#if defined(MCUBOOT_ENCRYPT_X25519)
res |= BOOTUTIL_CAP_ENC_X25519;
#endif
#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
res |= BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT;
#endif
#if defined(MCUBOOT_DOWNGRADE_PREVENTION)
res |= BOOTUTIL_CAP_DOWNGRADE_PREVENTION;
#endif
#if defined(MCUBOOT_BOOTSTRAP)
res |= BOOTUTIL_CAP_BOOTSTRAP;
#endif
#if defined(MCUBOOT_AES_256)
res |= BOOTUTIL_CAP_AES256;
#endif
#if defined(MCUBOOT_RAM_LOAD)
res |= BOOTUTIL_CAP_RAM_LOAD;
#endif
#if defined(MCUBOOT_DIRECT_XIP)
res |= BOOTUTIL_CAP_DIRECT_XIP;
#endif
#if defined(MCUBOOT_HW_ROLLBACK_PROT)
res |= BOOTUTIL_CAP_HW_ROLLBACK_PROT;
#endif
return res;
}
uint32_t bootutil_get_num_images(void)
{
#if defined(MCUBOOT_IMAGE_NUMBER)
return MCUBOOT_IMAGE_NUMBER;
#else
return 1;
#endif
}

122
bootloader/mcuboot/boot/bootutil/src/ed25519_psa.c Normal file
View File

@@ -0,0 +1,122 @@
/*
* Copyright (c) 2020 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
#include <assert.h>
#include <string.h>
#include <stdint.h>
#include <mcuboot_config/mcuboot_config.h>
#include "bootutil/bootutil_log.h"
#include <psa/crypto.h>
#include <psa/crypto_types.h>
#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
#include <cracen_psa_kmu.h>
#endif
BOOT_LOG_MODULE_DECLARE(ed25519_psa);
#define SHA512_DIGEST_LENGTH 64
#define EDDSA_KEY_LENGTH 32
#define EDDSA_SIGNAGURE_LENGTH 64
#if defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
/* List of KMU stored key ids available for MCUboot */
#define MAKE_PSA_KMU_KEY_ID(id) PSA_KEY_HANDLE_FROM_CRACEN_KMU_SLOT(CRACEN_KMU_KEY_USAGE_SCHEME_RAW, id)
static psa_key_id_t kmu_key_ids[3] = {
MAKE_PSA_KMU_KEY_ID(226),
MAKE_PSA_KMU_KEY_ID(228),
MAKE_PSA_KMU_KEY_ID(230)
};
#define KMU_KEY_COUNT (sizeof(kmu_key_ids)/sizeof(kmu_key_ids[0]))
#endif
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
const uint8_t public_key[EDDSA_KEY_LENGTH])
{
/* Set to any error */
psa_status_t status = PSA_ERROR_BAD_STATE;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t kid;
int ret = 0; /* Fail by default */
/* Initialize PSA Crypto */
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d\n", status);
return 0;
}
status = PSA_ERROR_BAD_STATE;
psa_set_key_type(&key_attr,
PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS));
psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_VERIFY_MESSAGE);
psa_set_key_algorithm(&key_attr, PSA_ALG_PURE_EDDSA);
status = psa_import_key(&key_attr, public_key, EDDSA_KEY_LENGTH, &kid);
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("ED25519 key import failed %d", status);
return 0;
}
status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message, message_len,
signature, EDDSA_SIGNAGURE_LENGTH);
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("ED25519 signature verification failed %d", status);
ret = 0;
/* Pass through to destroy key */
} else {
ret = 1;
/* Pass through to destroy key */
}
status = psa_destroy_key(kid);
if (status != PSA_SUCCESS) {
/* Just for logging */
BOOT_LOG_WRN("Failed to destroy key %d", status);
}
return ret;
}
#else
int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNAGURE_LENGTH],
const uint8_t public_key[EDDSA_KEY_LENGTH])
{
ARG_UNUSED(public_key);
/* Set to any error */
psa_status_t status = PSA_ERROR_BAD_STATE;
int ret = 0; /* Fail by default */
/* Initialize PSA Crypto */
status = psa_crypto_init();
if (status != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d", status);
return 0;
}
status = PSA_ERROR_BAD_STATE;
for (int i = 0; i < KMU_KEY_COUNT; ++i) {
psa_key_id_t kid = kmu_key_ids[i];
status = psa_verify_message(kid, PSA_ALG_PURE_EDDSA, message,
message_len, signature,
EDDSA_SIGNAGURE_LENGTH);
if (status == PSA_SUCCESS) {
ret = 1;
break;
}
BOOT_LOG_ERR("ED25519 signature verification failed %d", status);
}
return ret;
}
#endif

755
bootloader/mcuboot/boot/bootutil/src/encrypted.c Normal file
View File

@@ -0,0 +1,755 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2018-2019 JUUL Labs
* Copyright (c) 2019-2024 Arm Limited
*/
#include "mcuboot_config/mcuboot_config.h"
#if defined(MCUBOOT_ENC_IMAGES)
#include <stddef.h>
#include <inttypes.h>
#include <string.h>
#if defined(MCUBOOT_ENCRYPT_RSA)
#define BOOTUTIL_CRYPTO_RSA_CRYPT_ENABLED
#include "bootutil/crypto/rsa.h"
#endif
#if defined(MCUBOOT_ENCRYPT_KW)
#include "bootutil/crypto/aes_kw.h"
#endif
#if defined(MCUBOOT_ENCRYPT_EC256)
#include "bootutil/crypto/ecdh_p256.h"
#endif
#if !defined(MCUBOOT_USE_PSA_CRYPTO)
#if defined(MCUBOOT_ENCRYPT_X25519)
#include "bootutil/crypto/ecdh_x25519.h"
#endif
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
#include "bootutil/crypto/sha.h"
#include "bootutil/crypto/hmac_sha256.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#endif
#endif
#include "bootutil/image.h"
#include "bootutil/enc_key.h"
#include "bootutil/sign_key.h"
#include "bootutil/crypto/common.h"
#include "bootutil_priv.h"
#define EXPECTED_ENC_LEN BOOT_ENC_TLV_SIZE
#if defined(MCUBOOT_ENCRYPT_RSA)
# define EXPECTED_ENC_TLV IMAGE_TLV_ENC_RSA2048
#elif defined(MCUBOOT_ENCRYPT_KW)
# define EXPECTED_ENC_TLV IMAGE_TLV_ENC_KW
#elif defined(MCUBOOT_ENCRYPT_EC256)
# define EXPECTED_ENC_TLV IMAGE_TLV_ENC_EC256
# define EC_PUBK_INDEX (0)
# define EC_TAG_INDEX (65)
# define EC_CIPHERKEY_INDEX (65 + 32)
_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
"Please fix ECIES-P256 component indexes");
#elif defined(MCUBOOT_ENCRYPT_X25519)
# define EXPECTED_ENC_TLV IMAGE_TLV_ENC_X25519
# define EC_PUBK_INDEX (0)
# define EC_TAG_INDEX (32)
# define EC_CIPHERKEY_INDEX (32 + 32)
_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
"Please fix ECIES-X25519 component indexes");
#endif
/* NOUP Fixme: */
#if !defined(CONFIG_BOOT_ED25519_PSA)
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
#if defined(_compare)
static inline int bootutil_constant_time_compare(const uint8_t *a, const uint8_t *b, size_t size)
{
return _compare(a, b, size);
}
#else
static int bootutil_constant_time_compare(const uint8_t *a, const uint8_t *b, size_t size)
{
const uint8_t *tempa = a;
const uint8_t *tempb = b;
uint8_t result = 0;
unsigned int i;
for (i = 0; i < size; i++) {
result |= tempa[i] ^ tempb[i];
}
return result;
}
#endif
#endif
#if defined(MCUBOOT_ENCRYPT_KW)
static int
key_unwrap(const uint8_t *wrapped, uint8_t *enckey, struct bootutil_key *bootutil_enc_key)
{
bootutil_aes_kw_context aes_kw;
int rc;
bootutil_aes_kw_init(&aes_kw);
rc = bootutil_aes_kw_set_unwrap_key(&aes_kw, bootutil_enc_key->key, *bootutil_enc_key->len);
if (rc != 0) {
goto done;
}
rc = bootutil_aes_kw_unwrap(&aes_kw, wrapped, TLV_ENC_KW_SZ, enckey, BOOT_ENC_KEY_SIZE);
if (rc != 0) {
goto done;
}
done:
bootutil_aes_kw_drop(&aes_kw);
return rc;
}
#endif /* MCUBOOT_ENCRYPT_KW */
#if defined(MCUBOOT_ENCRYPT_EC256)
static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
#define SHARED_KEY_LEN NUM_ECC_BYTES
#define PRIV_KEY_LEN NUM_ECC_BYTES
/*
* Parses the output of `imgtool keygen`, which produces a PKCS#8 elliptic
* curve keypair. See RFC5208 and RFC5915.
*/
static int
parse_ec256_enckey(uint8_t **p, uint8_t *end, uint8_t *private_key)
{
int rc;
size_t len;
int version;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if ((rc = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return -1;
}
if (*p + len != end) {
return -2;
}
version = 0;
if (mbedtls_asn1_get_int(p, end, &version) || version != 0) {
return -3;
}
if ((rc = mbedtls_asn1_get_alg(p, end, &alg, &param)) != 0) {
return -5;
}
if (alg.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.ASN1_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -6;
}
if (param.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1 ||
memcmp(param.ASN1_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
return -7;
}
if ((rc = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
return -8;
}
/* RFC5915 - ECPrivateKey */
if ((rc = mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
return -9;
}
version = 0;
if (mbedtls_asn1_get_int(p, end, &version) || version != 1) {
return -10;
}
/* privateKey */
if ((rc = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING)) != 0) {
return -11;
}
if (len != NUM_ECC_BYTES) {
return -12;
}
memcpy(private_key, *p, len);
/* publicKey usually follows but is not parsed here */
return 0;
}
#endif /* defined(MCUBOOT_ENCRYPT_EC256) */
#if defined(MCUBOOT_ENCRYPT_X25519)
#define X25519_OID "\x6e"
static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_GOV X25519_OID;
#define SHARED_KEY_LEN 32
#define PRIV_KEY_LEN 32
static int
parse_x25519_enckey(uint8_t **p, uint8_t *end, uint8_t *private_key)
{
size_t len;
int version;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE) != 0) {
return -1;
}
if (*p + len != end) {
return -2;
}
version = 0;
if (mbedtls_asn1_get_int(p, end, &version) || version != 0) {
return -3;
}
if (mbedtls_asn1_get_alg(p, end, &alg, &param) != 0) {
return -4;
}
if (alg.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.ASN1_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -5;
}
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING) != 0) {
return -6;
}
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING) != 0) {
return -7;
}
if (len != PRIV_KEY_LEN) {
return -8;
}
memcpy(private_key, *p, PRIV_KEY_LEN);
return 0;
}
#endif /* defined(MCUBOOT_ENCRYPT_X25519) */
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
/*
* HKDF as described by RFC5869.
*
* @param ikm The input data to be derived.
* @param ikm_len Length of the input data.
* @param info An information tag.
* @param info_len Length of the information tag.
* @param okm Output of the KDF computation.
* @param okm_len On input the requested length; on output the generated length
*/
static int
hkdf(uint8_t *ikm, uint16_t ikm_len, uint8_t *info, uint16_t info_len,
uint8_t *okm, uint16_t *okm_len)
{
bootutil_hmac_sha256_context hmac;
uint8_t salt[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint8_t prk[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint8_t T[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint16_t off;
uint16_t len;
uint8_t counter;
bool first;
int rc;
/*
* Extract
*/
if (ikm == NULL || okm == NULL || ikm_len == 0) {
return -1;
}
bootutil_hmac_sha256_init(&hmac);
memset(salt, 0, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
rc = bootutil_hmac_sha256_set_key(&hmac, salt, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
goto error;
}
rc = bootutil_hmac_sha256_update(&hmac, ikm, ikm_len);
if (rc != 0) {
goto error;
}
rc = bootutil_hmac_sha256_finish(&hmac, prk, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
goto error;
}
bootutil_hmac_sha256_drop(&hmac);
/*
* Expand
*/
len = *okm_len;
counter = 1;
first = true;
for (off = 0; len > 0; off += BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE, ++counter) {
bootutil_hmac_sha256_init(&hmac);
rc = bootutil_hmac_sha256_set_key(&hmac, prk, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
goto error;
}
if (first) {
first = false;
} else {
rc = bootutil_hmac_sha256_update(&hmac, T, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
goto error;
}
}
rc = bootutil_hmac_sha256_update(&hmac, info, info_len);
if (rc != 0) {
goto error;
}
rc = bootutil_hmac_sha256_update(&hmac, &counter, 1);
if (rc != 0) {
goto error;
}
rc = bootutil_hmac_sha256_finish(&hmac, T, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
goto error;
}
bootutil_hmac_sha256_drop(&hmac);
if (len > BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE) {
memcpy(&okm[off], T, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
len -= BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE;
} else {
memcpy(&okm[off], T, len);
len = 0;
}
}
return 0;
error:
bootutil_hmac_sha256_drop(&hmac);
return -1;
}
#endif /* MCUBOOT_ENCRYPT_EC256 || MCUBOOT_ENCRYPT_X25519 */
#if !defined(MCUBOOT_ENC_BUILTIN_KEY)
extern const struct bootutil_key bootutil_enc_key;
/*
* Default implementation to retrieve the private encryption key which is
* embedded in the bootloader code (when MCUBOOT_ENC_BUILTIN_KEY is not defined).
*/
int boot_enc_retrieve_private_key(struct bootutil_key **private_key)
{
*private_key = (struct bootutil_key *)&bootutil_enc_key;
return 0;
}
#endif /* !MCUBOOT_ENC_BUILTIN_KEY */
#if ( (defined(MCUBOOT_ENCRYPT_RSA) && defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_PSA_CRYPTO)) || \
(defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS)) )
#if MBEDTLS_VERSION_NUMBER >= 0x03000000
static int fake_rng(void *p_rng, unsigned char *output, size_t len)
{
size_t i;
(void)p_rng;
for (i = 0; i < len; i++) {
output[i] = (char)i;
}
return 0;
}
#endif /* MBEDTLS_VERSION_NUMBER */
#endif /* (MCUBOOT_ENCRYPT_RSA && MCUBOOT_USE_MBED_TLS && !MCUBOOT_USE_PSA_CRYPTO) ||
(MCUBOOT_ENCRYPT_EC256 && MCUBOOT_USE_MBED_TLS) */
/*
* Decrypt an encryption key TLV.
*
* @param buf An encryption TLV read from flash (build time fixed length)
* @param enckey An AES-128 or AES-256 key sized buffer to store to plain key.
*/
int
boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
{
#if defined(MCUBOOT_ENCRYPT_RSA)
bootutil_rsa_context rsa;
uint8_t *cp;
uint8_t *cpend;
size_t olen;
#endif
#if defined(MCUBOOT_ENCRYPT_EC256)
bootutil_ecdh_p256_context ecdh_p256;
#endif
#if defined(MCUBOOT_ENCRYPT_X25519)
bootutil_ecdh_x25519_context ecdh_x25519;
#endif
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
bootutil_hmac_sha256_context hmac;
bootutil_aes_ctr_context aes_ctr;
uint8_t tag[BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint8_t shared[SHARED_KEY_LEN];
uint8_t derived_key[BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint8_t *cp;
uint8_t *cpend;
uint8_t private_key[PRIV_KEY_LEN];
uint8_t counter[BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE];
uint16_t len;
#endif
struct bootutil_key *bootutil_enc_key = NULL;
int rc = -1;
rc = boot_enc_retrieve_private_key(&bootutil_enc_key);
if (rc) {
return rc;
}
if (bootutil_enc_key == NULL) {
return rc;
}
#if defined(MCUBOOT_ENCRYPT_RSA)
bootutil_rsa_init(&rsa);
cp = (uint8_t *)bootutil_enc_key->key;
cpend = cp + *bootutil_enc_key->len;
/* The enckey is encrypted through RSA so for decryption we need the private key */
rc = bootutil_rsa_parse_private_key(&rsa, &cp, cpend);
if (rc) {
bootutil_rsa_drop(&rsa);
return rc;
}
rc = bootutil_rsa_oaep_decrypt(&rsa, &olen, buf, enckey, BOOT_ENC_KEY_SIZE);
bootutil_rsa_drop(&rsa);
if (rc) {
return rc;
}
#endif /* defined(MCUBOOT_ENCRYPT_RSA) */
#if defined(MCUBOOT_ENCRYPT_KW)
assert(*bootutil_enc_key->len == BOOT_ENC_KEY_SIZE);
rc = key_unwrap(buf, enckey, bootutil_enc_key);
#endif /* defined(MCUBOOT_ENCRYPT_KW) */
#if defined(MCUBOOT_ENCRYPT_EC256)
cp = (uint8_t *)bootutil_enc_key->key;
cpend = cp + *bootutil_enc_key->len;
/*
* Load the stored EC256 decryption private key
*/
rc = parse_ec256_enckey(&cp, cpend, private_key);
if (rc) {
return rc;
}
/*
* First "element" in the TLV is the curve point (public key)
*/
bootutil_ecdh_p256_init(&ecdh_p256);
rc = bootutil_ecdh_p256_shared_secret(&ecdh_p256, &buf[EC_PUBK_INDEX], private_key, shared);
bootutil_ecdh_p256_drop(&ecdh_p256);
if (rc != 0) {
return -1;
}
#endif /* defined(MCUBOOT_ENCRYPT_EC256) */
#if defined(MCUBOOT_ENCRYPT_X25519)
cp = (uint8_t *)bootutil_enc_key->key;
cpend = cp + *bootutil_enc_key->len;
/*
* Load the stored X25519 decryption private key
*/
rc = parse_x25519_enckey(&cp, cpend, private_key);
if (rc) {
return rc;
}
/*
* First "element" in the TLV is the curve point (public key)
*/
bootutil_ecdh_x25519_init(&ecdh_x25519);
rc = bootutil_ecdh_x25519_shared_secret(&ecdh_x25519, &buf[EC_PUBK_INDEX], private_key, shared);
bootutil_ecdh_x25519_drop(&ecdh_x25519);
if (!rc) {
return -1;
}
#endif /* defined(MCUBOOT_ENCRYPT_X25519) */
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
/*
* Expand shared secret to create keys for AES-128-CTR + HMAC-SHA256
*/
len = BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE;
rc = hkdf(shared, SHARED_KEY_LEN, (uint8_t *)"MCUBoot_ECIES_v1", 16,
derived_key, &len);
if (rc != 0 || len != (BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE)) {
return -1;
}
/*
* HMAC the key and check that our received MAC matches the generated tag
*/
bootutil_hmac_sha256_init(&hmac);
rc = bootutil_hmac_sha256_set_key(&hmac, &derived_key[BOOT_ENC_KEY_SIZE], 32);
if (rc != 0) {
(void)bootutil_hmac_sha256_drop(&hmac);
return -1;
}
rc = bootutil_hmac_sha256_update(&hmac, &buf[EC_CIPHERKEY_INDEX], BOOT_ENC_KEY_SIZE);
if (rc != 0) {
(void)bootutil_hmac_sha256_drop(&hmac);
return -1;
}
/* Assumes the tag buffer is at least sizeof(hmac_tag_size(state)) bytes */
rc = bootutil_hmac_sha256_finish(&hmac, tag, BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
if (rc != 0) {
(void)bootutil_hmac_sha256_drop(&hmac);
return -1;
}
if (bootutil_constant_time_compare(tag, &buf[EC_TAG_INDEX], 32) != 0) {
(void)bootutil_hmac_sha256_drop(&hmac);
return -1;
}
bootutil_hmac_sha256_drop(&hmac);
/*
* Finally decrypt the received ciphered key
*/
bootutil_aes_ctr_init(&aes_ctr);
if (rc != 0) {
bootutil_aes_ctr_drop(&aes_ctr);
return -1;
}
rc = bootutil_aes_ctr_set_key(&aes_ctr, derived_key);
if (rc != 0) {
bootutil_aes_ctr_drop(&aes_ctr);
return -1;
}
memset(counter, 0, BOOTUTIL_CRYPTO_AES_CTR_BLOCK_SIZE);
rc = bootutil_aes_ctr_decrypt(&aes_ctr, counter, &buf[EC_CIPHERKEY_INDEX], BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE, 0, enckey);
if (rc != 0) {
bootutil_aes_ctr_drop(&aes_ctr);
return -1;
}
bootutil_aes_ctr_drop(&aes_ctr);
rc = 0;
#endif /* defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519) */
return rc;
}
#endif /* CONFIG_BOOT_ED25519_PSA */
/*
* Load encryption key.
*/
int
boot_enc_load(struct enc_key_data *enc_state, int slot,
const struct image_header *hdr, const struct flash_area *fap,
struct boot_status *bs)
{
uint32_t off;
uint16_t len;
struct image_tlv_iter it;
#if MCUBOOT_SWAP_SAVE_ENCTLV
uint8_t *buf;
#else
uint8_t buf[EXPECTED_ENC_LEN];
#endif
int rc;
/* Already loaded... */
if (enc_state[slot].valid) {
return 1;
}
/* Initialize the AES context */
boot_enc_init(enc_state, slot);
rc = bootutil_tlv_iter_begin(&it, hdr, fap, EXPECTED_ENC_TLV, false);
if (rc) {
return -1;
}
rc = bootutil_tlv_iter_next(&it, &off, &len, NULL);
if (rc != 0) {
return rc;
}
if (len != EXPECTED_ENC_LEN) {
return -1;
}
#if MCUBOOT_SWAP_SAVE_ENCTLV
buf = bs->enctlv[slot];
memset(buf, 0xff, BOOT_ENC_TLV_ALIGN_SIZE);
#endif
rc = flash_area_read(fap, off, buf, EXPECTED_ENC_LEN);
if (rc) {
return -1;
}
return boot_decrypt_key(buf, bs->enckey[slot]);
}
int
boot_enc_init(struct enc_key_data *enc_state, uint8_t slot)
{
bootutil_aes_ctr_init(&enc_state[slot].aes_ctr);
return 0;
}
int
boot_enc_drop(struct enc_key_data *enc_state, uint8_t slot)
{
bootutil_aes_ctr_drop(&enc_state[slot].aes_ctr);
enc_state[slot].valid = 0;
return 0;
}
int
boot_enc_set_key(struct enc_key_data *enc_state, uint8_t slot,
const struct boot_status *bs)
{
int rc;
rc = bootutil_aes_ctr_set_key(&enc_state[slot].aes_ctr, bs->enckey[slot]);
if (rc != 0) {
boot_enc_drop(enc_state, slot);
return -1;
}
enc_state[slot].valid = 1;
return 0;
}
bool
boot_enc_valid(struct enc_key_data *enc_state, int slot)
{
return enc_state[slot].valid;
}
void
boot_enc_encrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
uint32_t sz, uint32_t blk_off, uint8_t *buf)
{
struct enc_key_data *enc = &enc_state[slot];
uint8_t nonce[16];
/* Nothing to do with size == 0 */
if (sz == 0) {
return;
}
memset(nonce, 0, 12);
off >>= 4;
nonce[12] = (uint8_t)(off >> 24);
nonce[13] = (uint8_t)(off >> 16);
nonce[14] = (uint8_t)(off >> 8);
nonce[15] = (uint8_t)off;
assert(enc->valid == 1);
bootutil_aes_ctr_encrypt(&enc->aes_ctr, nonce, buf, sz, blk_off, buf);
}
void
boot_enc_decrypt(struct enc_key_data *enc_state, int slot, uint32_t off,
uint32_t sz, uint32_t blk_off, uint8_t *buf)
{
struct enc_key_data *enc = &enc_state[slot];
uint8_t nonce[16];
/* Nothing to do with size == 0 */
if (sz == 0) {
return;
}
memset(nonce, 0, 12);
off >>= 4;
nonce[12] = (uint8_t)(off >> 24);
nonce[13] = (uint8_t)(off >> 16);
nonce[14] = (uint8_t)(off >> 8);
nonce[15] = (uint8_t)off;
assert(enc->valid == 1);
bootutil_aes_ctr_decrypt(&enc->aes_ctr, nonce, buf, sz, blk_off, buf);
}
/**
* Clears encrypted state after use.
*/
void
boot_enc_zeroize(struct enc_key_data *enc_state)
{
uint8_t slot;
for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
(void)boot_enc_drop(enc_state, slot);
}
memset(enc_state, 0, sizeof(struct enc_key_data) * BOOT_NUM_SLOTS);
}
#endif /* MCUBOOT_ENC_IMAGES */

454
bootloader/mcuboot/boot/bootutil/src/encrypted_psa.c Normal file
View File

@@ -0,0 +1,454 @@
/*
* Copyright (c) 2024 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*/
#include "mcuboot_config/mcuboot_config.h"
#include <stddef.h>
#include <inttypes.h>
#include <string.h>
/* We are not really using the MBEDTLS but need the ASN.1 parsing functions */
#define MBEDTLS_ASN1_PARSE_C
#include "bootutil/crypto/sha.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "bootutil/image.h"
#include "bootutil/enc_key.h"
#include "bootutil/sign_key.h"
#include "bootutil/crypto/common.h"
#include "bootutil_priv.h"
#include "bootutil/bootutil_log.h"
BOOT_LOG_MODULE_DECLARE(mcuboot_psa_enc);
#define EXPECTED_ENC_LEN BOOT_ENC_TLV_SIZE
#define EXPECTED_ENC_TLV IMAGE_TLV_ENC_X25519
#define EC_PUBK_INDEX (0)
#define EC_TAG_INDEX (32)
#define EC_CIPHERKEY_INDEX (32 + 32)
_Static_assert(EC_CIPHERKEY_INDEX + BOOT_ENC_KEY_SIZE == EXPECTED_ENC_LEN,
"Please fix ECIES-X25519 component indexes");
#define X25519_OID "\x6e"
static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG \
MBEDTLS_OID_ORG_GOV X25519_OID;
#define SHARED_KEY_LEN 32
#define PRIV_KEY_LEN 32
/* Fixme: This duplicates code from encrypted.c and depends on mbedtls */
static int
parse_x25519_enckey(uint8_t **p, uint8_t *end, uint8_t *private_key)
{
size_t len;
int version;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
MBEDTLS_ASN1_SEQUENCE) != 0) {
return -1;
}
if (*p + len != end) {
return -2;
}
version = 0;
if (mbedtls_asn1_get_int(p, end, &version) || version != 0) {
return -3;
}
if (mbedtls_asn1_get_alg(p, end, &alg, &param) != 0) {
return -4;
}
if (alg.ASN1_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.ASN1_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -5;
}
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING) != 0) {
return -6;
}
if (mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_OCTET_STRING) != 0) {
return -7;
}
if (len != PRIV_KEY_LEN) {
return -8;
}
memcpy(private_key, *p, PRIV_KEY_LEN);
return 0;
}
void bootutil_aes_ctr_init(bootutil_aes_ctr_context *ctx)
{
psa_status_t psa_ret = psa_crypto_init();
(void)ctx;
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES init PSA crypto init failed %d", psa_ret);
assert(0);
}
}
#if defined(MCUBOOT_ENC_IMAGES)
extern const struct bootutil_key bootutil_enc_key;
/*
* Decrypt an encryption key TLV.
*
* @param buf An encryption TLV read from flash (build time fixed length)
* @param enckey An AES-128 or AES-256 key sized buffer to store to plain key.
*/
int
boot_decrypt_key(const uint8_t *buf, uint8_t *enckey)
{
uint8_t derived_key[BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE];
uint8_t *cp;
uint8_t *cpend;
uint8_t private_key[PRIV_KEY_LEN];
size_t len;
psa_status_t psa_ret = PSA_ERROR_BAD_STATE;
psa_status_t psa_cleanup_ret = PSA_ERROR_BAD_STATE;
psa_key_id_t kid;
psa_key_attributes_t kattr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t key_do = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_algorithm_t key_do_alg;
int rc = -1;
cp = (uint8_t *)bootutil_enc_key.key;
cpend = cp + *bootutil_enc_key.len;
/* The psa_cipher_decrypt needs initialization vector of proper length at
* the beginning of the input buffer.
*/
uint8_t iv_and_key[PSA_CIPHER_IV_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CTR) +
BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE];
psa_ret = psa_crypto_init();
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES crypto init failed %d", psa_ret);
return -1;
}
/*
* Load the stored X25519 decryption private key
*/
rc = parse_x25519_enckey(&cp, cpend, private_key);
if (rc) {
return rc;
}
psa_set_key_type(&kattr, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY));
psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_DERIVE);
psa_set_key_algorithm(&kattr, PSA_ALG_ECDH);
psa_ret = psa_import_key(&kattr, private_key, sizeof(private_key), &kid);
memset(private_key, 0, sizeof(private_key));
psa_reset_key_attributes(&kattr);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("Built-in key import failed %d", psa_ret);
return -1;
}
key_do_alg = PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256));
psa_ret = psa_key_derivation_setup(&key_do, key_do_alg);
if (psa_ret != PSA_SUCCESS) {
psa_cleanup_ret = psa_destroy_key(kid);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("Built-in key destruction failed %d", psa_cleanup_ret);
}
BOOT_LOG_ERR("Key derivation setup failed %d", psa_ret);
return -1;
}
/* Note: PSA 1.1.2 does not have psa_key_agreement that would be useful here
* as it could just add the derived key to the storage and return key id.
* Instead, we have to use the code below to generate derived key and put it
* into storage, to obtain the key id we can then use with psa_mac_* functions.
*/
psa_ret = psa_key_derivation_key_agreement(&key_do, PSA_KEY_DERIVATION_INPUT_SECRET,
kid, &buf[EC_PUBK_INDEX],
BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
psa_cleanup_ret = psa_destroy_key(kid);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("Built-in key destruction failed %d", psa_cleanup_ret);
}
if (psa_ret != PSA_SUCCESS) {
psa_cleanup_ret = psa_key_derivation_abort(&key_do);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("Key derivation abort failed %d", psa_ret);
}
BOOT_LOG_ERR("Key derivation failed %d", psa_ret);
return -1;
}
/* Only info, no salt */
psa_ret = psa_key_derivation_input_bytes(&key_do, PSA_KEY_DERIVATION_INPUT_INFO,
"MCUBoot_ECIES_v1", 16);
if (psa_ret != PSA_SUCCESS) {
psa_cleanup_ret = psa_key_derivation_abort(&key_do);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("Key derivation abort failed %d", psa_ret);
}
BOOT_LOG_ERR("Key derivation failed %d", psa_ret);
return -1;
}
len = BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE + BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE;
psa_ret = psa_key_derivation_output_bytes(&key_do, derived_key, len);
psa_cleanup_ret = psa_key_derivation_abort(&key_do);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("Key derivation cleanup failed %d", psa_ret);
}
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("Key derivation failed %d", psa_ret);
return -1;
}
/* The derived key consists of BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE bytes
* followed by BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE bytes. Both parts will
* be imported at the point where needed and discarded immediately after.
*/
psa_set_key_type(&kattr, PSA_KEY_TYPE_HMAC);
psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_VERIFY_MESSAGE);
psa_set_key_algorithm(&kattr, PSA_ALG_HMAC(PSA_ALG_SHA_256));
/* Import the MAC tag key part of derived key, that is the part that starts
* after BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE and has length of
* BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE bytes.
*/
psa_ret = psa_import_key(&kattr,
&derived_key[BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE],
BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE, &kid);
psa_reset_key_attributes(&kattr);
if (psa_ret != PSA_SUCCESS) {
memset(derived_key, 0, sizeof(derived_key));
BOOT_LOG_ERR("MAC key import failed %d", psa_ret);
return -1;
}
/* Verify the MAC tag of the random encryption key */
psa_ret = psa_mac_verify(kid, PSA_ALG_HMAC(PSA_ALG_SHA_256),
&buf[EC_CIPHERKEY_INDEX], BOOT_ENC_KEY_SIZE,
&buf[EC_TAG_INDEX],
BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE);
psa_cleanup_ret = psa_destroy_key(kid);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("MAC key destruction failed %d", psa_cleanup_ret);
}
if (psa_ret != PSA_SUCCESS) {
memset(derived_key, 0, sizeof(derived_key));
BOOT_LOG_ERR("MAC verification failed %d", psa_ret);
return -1;
}
/* The derived key is used in AES decryption of random key */
psa_set_key_type(&kattr, PSA_KEY_TYPE_AES);
psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&kattr, PSA_ALG_CTR);
/* Import the AES partition of derived key, the first 16 bytes */
psa_ret = psa_import_key(&kattr, &derived_key[0],
BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE, &kid);
memset(derived_key, 0, sizeof(derived_key));
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES key import failed %d", psa_ret);
return -1;
}
/* Decrypt the random AES encryption key with AES and the key obtained
* at derivation. */
memset(&iv_and_key[0], 0, PSA_CIPHER_IV_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CTR));
memcpy(&iv_and_key[PSA_CIPHER_IV_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CTR)],
&buf[EC_CIPHERKEY_INDEX],
sizeof(iv_and_key) - PSA_CIPHER_IV_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CTR));
len = 0;
psa_ret = psa_cipher_decrypt(kid, PSA_ALG_CTR, iv_and_key, sizeof(iv_and_key),
enckey, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE, &len);
memset(iv_and_key, 0, sizeof(iv_and_key));
psa_cleanup_ret = psa_destroy_key(kid);
if (psa_cleanup_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("AES key destruction failed %d", psa_cleanup_ret);
}
if (psa_ret != PSA_SUCCESS || len != BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE) {
memset(enckey, 0, BOOTUTIL_CRYPTO_AES_CTR_KEY_SIZE);
BOOT_LOG_ERR("Random key decryption failed %d", psa_ret);
return -1;
}
return 0;
}
int bootutil_aes_ctr_encrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
const uint8_t *m, uint32_t mlen, size_t blk_off, uint8_t *c)
{
int ret = 0;
psa_status_t psa_ret = PSA_ERROR_BAD_STATE;
psa_key_attributes_t kattr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t kid;
psa_cipher_operation_t psa_op;
size_t elen = 0; /* Decrypted length */
/* Fixme: calling psa_crypto_init multiple times is not a problem,
* yet the code here is only present because there is not general
* crypto init. */
psa_ret = psa_crypto_init();
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d", psa_ret);
ret = -1;
goto gone;
}
psa_op = psa_cipher_operation_init();
/* Fixme: Import should happen when key is decrypted, but due to lack
* of key destruction there is no way to destroy key stored by
* psa other way than here. */
psa_set_key_type(&kattr, PSA_KEY_TYPE_AES);
psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_ENCRYPT);
psa_set_key_algorithm(&kattr, PSA_ALG_CTR);
psa_ret = psa_import_key(&kattr, ctx->key, BOOT_ENC_KEY_SIZE, &kid);
psa_reset_key_attributes(&kattr);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES enc import key failed %d", psa_ret);
ret = -1;
goto gone;
}
/* This could be done with psa_cipher_decrypt one-shot operation, but
* multi-part operation is used to avoid re-allocating input buffer
* to account for IV in front of data.
*/
psa_ret = psa_cipher_encrypt_setup(&psa_op, kid, PSA_ALG_CTR);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES enc setup failed %d", psa_ret);
ret = -1;
goto gone_with_key;
}
/* Fixme: hardcoded counter size, but it is hardcoded everywhere */
psa_ret = psa_cipher_set_iv(&psa_op, counter, 16);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES enc IV set failed %d", psa_ret);
ret = -1;
goto gone_after_setup;
}
psa_ret = psa_cipher_update(&psa_op, m, mlen, c, mlen, &elen);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES enc encryption failed %d", psa_ret);
ret = -1;
goto gone_after_setup;
}
gone_after_setup:
psa_ret = psa_cipher_abort(&psa_op);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("AES enc cipher abort failed %d", psa_ret);
/* Intentionally not changing the ret */
}
gone_with_key:
/* Fixme: Should be removed once key is shared by id */
psa_ret = psa_destroy_key(kid);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("AES enc destroy key failed %d", psa_ret);
/* Intentionally not changing the ret */
}
gone:
return ret;
}
int bootutil_aes_ctr_decrypt(bootutil_aes_ctr_context *ctx, uint8_t *counter,
const uint8_t *c, uint32_t clen, size_t blk_off, uint8_t *m)
{
int ret = 0;
psa_status_t psa_ret = PSA_ERROR_BAD_STATE;
psa_key_attributes_t kattr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_id_t kid;
psa_cipher_operation_t psa_op;
size_t dlen = 0; /* Decrypted length */
/* Fixme: the init should already happen before calling the function, but
* somehow it does not, for example when recovering in swap.
*/
psa_ret = psa_crypto_init();
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("PSA crypto init failed %d", psa_ret);
ret = -1;
goto gone;
}
psa_op = psa_cipher_operation_init();
/* Fixme: Import should happen when key is decrypted, but due to lack
* of key destruction there is no way to destroy key stored by
* psa other way than here. */
psa_set_key_type(&kattr, PSA_KEY_TYPE_AES);
psa_set_key_usage_flags(&kattr, PSA_KEY_USAGE_DECRYPT);
psa_set_key_algorithm(&kattr, PSA_ALG_CTR);
psa_ret = psa_import_key(&kattr, ctx->key, BOOT_ENC_KEY_SIZE, &kid);
psa_reset_key_attributes(&kattr);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES dec import key failed %d", psa_ret);
ret = -1;
goto gone;
}
/* This could be done with psa_cipher_decrypt one-shot operation, but
* multi-part operation is used to avoid re-allocating input buffer
* to account for IV in front of data.
*/
psa_ret = psa_cipher_decrypt_setup(&psa_op, kid, PSA_ALG_CTR);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES dec setup failed %d", psa_ret);
ret = -1;
goto gone_with_key;
}
/* Fixme: hardcoded counter size, but it is hardcoded everywhere */
psa_ret = psa_cipher_set_iv(&psa_op, counter, 16);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES dec IV set failed %d", psa_ret);
ret = -1;
goto gone_after_setup;
}
psa_ret = psa_cipher_update(&psa_op, c, clen, m, clen, &dlen);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_ERR("AES dec decryption failed %d", psa_ret);
ret = -1;
goto gone_after_setup;
}
gone_after_setup:
psa_ret = psa_cipher_abort(&psa_op);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("PSA dec abort failed %d", psa_ret);
/* Intentionally not changing the ret */
}
gone_with_key:
psa_ret = psa_destroy_key(kid);
if (psa_ret != PSA_SUCCESS) {
BOOT_LOG_WRN("PSA dec key failed %d", psa_ret);
/* Intentionally not changing the ret */
}
gone:
return ret;
}
#endif /* defined(MCUBOOT_ENC_IMAGES) */

78
bootloader/mcuboot/boot/bootutil/src/fault_injection_hardening.c Normal file
View File

@@ -0,0 +1,78 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2020 Arm Limited
*/
#include "bootutil/fault_injection_hardening.h"
#ifdef FIH_ENABLE_DOUBLE_VARS
/* Variable that could be (but isn't) changed at runtime to force the compiler
* not to optimize the double check. Value doesn't matter.
*/
volatile int _fih_mask = _FIH_MASK_VALUE;
#endif /* FIH_ENABLE_DOUBLE_VARS */
fih_ret FIH_SUCCESS = FIH_POSITIVE_VALUE;
fih_ret FIH_FAILURE = FIH_NEGATIVE_VALUE;
fih_ret FIH_NO_BOOTABLE_IMAGE = FIH_CONST1;
fih_ret FIH_BOOT_HOOK_REGULAR = FIH_CONST2;
#ifdef FIH_ENABLE_CFI
#ifdef FIH_ENABLE_DOUBLE_VARS
fih_int _fih_cfi_ctr = {0, 0 ^ _FIH_MASK_VALUE};
#else
fih_int _fih_cfi_ctr = {0};
#endif /* FIH_ENABLE_DOUBLE_VARS */
/* Increment the CFI counter by one, and return the value before the increment.
*/
fih_int fih_cfi_get_and_increment(void)
{
fih_int saved = _fih_cfi_ctr;
_fih_cfi_ctr = fih_int_encode(fih_int_decode(saved) + 1);
return saved;
}
/* Validate that the saved precall value is the same as the value of the global
* counter. For this to be the case, a fih_ret must have been called between
* these functions being executed. If the values aren't the same then panic.
*/
void fih_cfi_validate(fih_int saved)
{
if (fih_int_decode(saved) != fih_int_decode(_fih_cfi_ctr)) {
FIH_PANIC;
}
}
/* Decrement the global CFI counter by one, so that it has the same value as
* before the cfi_precall
*/
void fih_cfi_decrement(void)
{
_fih_cfi_ctr = fih_int_encode(fih_int_decode(_fih_cfi_ctr) - 1);
}
#endif /* FIH_ENABLE_CFI */
#ifdef FIH_ENABLE_GLOBAL_FAIL
/* Global failure loop for bootloader code. Uses attribute used to prevent
* compiler removing due to non-standard calling procedure. Multiple loop jumps
* used to make unlooping difficult.
*/
__attribute__((used))
__attribute__((noinline))
void fih_panic_loop(void)
{
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
__asm volatile ("b fih_panic_loop");
}
#endif /* FIH_ENABLE_GLOBAL_FAIL */

47
bootloader/mcuboot/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c Normal file
View File

@@ -0,0 +1,47 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2020 Arm Limited
*/
#include "bootutil/fault_injection_hardening.h"
#ifdef FIH_ENABLE_DELAY
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
/* Mbedtls implementation of the delay RNG. Can be replaced by any other RNG
* implementation that is backed by an entropy source by altering these
* functions. This is not provided as a header API and a C file implementation
* due to issues with inlining.
*/
#ifdef MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#error "FIH_ENABLE_DELAY requires an entropy source"
#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
mbedtls_entropy_context fih_entropy_ctx;
mbedtls_ctr_drbg_context fih_drbg_ctx;
int fih_delay_init(void)
{
mbedtls_entropy_init(&fih_entropy_ctx);
mbedtls_ctr_drbg_init(&fih_drbg_ctx);
mbedtls_ctr_drbg_seed(&fih_drbg_ctx , mbedtls_entropy_func,
&fih_entropy_ctx, NULL, 0);
return 1;
}
unsigned char fih_delay_random_uchar(void)
{
unsigned char delay;
mbedtls_ctr_drbg_random(&fih_drbg_ctx,(unsigned char*) &delay,
sizeof(delay));
return delay;
}
#endif /* FIH_ENABLE_DELAY */

95
bootloader/mcuboot/boot/bootutil/src/image_ecdsa.c Normal file
View File

@@ -0,0 +1,95 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2017 Linaro LTD
* Copyright (C) 2021-2024 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
#if defined(MCUBOOT_SIGN_EC256) || defined(MCUBOOT_SIGN_EC384)
#include "bootutil_priv.h"
#include "bootutil/fault_injection_hardening.h"
#include "bootutil/crypto/ecdsa.h"
#if !defined(MCUBOOT_BUILTIN_KEY)
fih_ret
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
int rc;
bootutil_ecdsa_context ctx;
FIH_DECLARE(fih_rc, FIH_FAILURE);
uint8_t *pubkey;
uint8_t *end;
pubkey = (uint8_t *)bootutil_keys[key_id].key;
end = pubkey + *bootutil_keys[key_id].len;
bootutil_ecdsa_init(&ctx);
rc = bootutil_ecdsa_parse_public_key(&ctx, &pubkey, end);
if (rc) {
goto out;
}
rc = bootutil_ecdsa_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
fih_rc = fih_ret_encode_zero_equality(rc);
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
}
out:
bootutil_ecdsa_drop(&ctx);
FIH_RET(fih_rc);
}
#else /* !MCUBOOT_BUILTIN_KEY */
fih_ret
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
int rc;
bootutil_ecdsa_context ctx;
FIH_DECLARE(fih_rc, FIH_FAILURE);
/* Use builtin key for image verification, no key parsing is required. */
ctx.key_id = key_id;
bootutil_ecdsa_init(&ctx);
/* The public key pointer and key size can be omitted. */
rc = bootutil_ecdsa_verify(&ctx, NULL, 0, hash, hlen, sig, slen);
fih_rc = fih_ret_encode_zero_equality(rc);
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
}
bootutil_ecdsa_drop(&ctx);
FIH_RET(fih_rc);
}
#endif /* MCUBOOT_BUILTIN_KEY */
#endif /* MCUBOOT_SIGN_EC256 || MCUBOOT_SIGN_EC384 */

160
bootloader/mcuboot/boot/bootutil/src/image_ed25519.c Normal file
View File

@@ -0,0 +1,160 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
* Copyright (c) 2021-2023 Arm Limited
*/
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
#if defined(CONFIG_NRF_SECURITY)
/* We are not really using the MBEDTLS but need the ASN.1 parsing funcitons */
#define MBEDTLS_ASN1_PARSE_C
#endif
#ifdef MCUBOOT_SIGN_ED25519
#include "bootutil/sign_key.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "bootutil_priv.h"
#include "bootutil/crypto/common.h"
#include "bootutil/crypto/sha.h"
#define EDDSA_SIGNATURE_LENGTH 64
#define NUM_ED25519_BYTES 32
extern int ED25519_verify(const uint8_t *message, size_t message_len,
const uint8_t signature[EDDSA_SIGNATURE_LENGTH],
const uint8_t public_key[NUM_ED25519_BYTES]);
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
static const uint8_t ed25519_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG "\x65\x70";
/*
* Parse the public key used for signing.
*/
static int
bootutil_import_key(uint8_t **cp, uint8_t *end)
{
size_t len;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(cp, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
return -1;
}
end = *cp + len;
if (mbedtls_asn1_get_alg(cp, end, &alg, &param)) {
return -2;
}
if (alg.ASN1_CONTEXT_MEMBER(len) != sizeof(ed25519_pubkey_oid) - 1 ||
memcmp(alg.ASN1_CONTEXT_MEMBER(p), ed25519_pubkey_oid, sizeof(ed25519_pubkey_oid) - 1)) {
return -3;
}
if (mbedtls_asn1_get_bitstring_null(cp, end, &len)) {
return -4;
}
if (*cp + len != end) {
return -5;
}
if (len != NUM_ED25519_BYTES) {
return -6;
}
return 0;
}
#endif
fih_ret
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
int rc;
FIH_DECLARE(fih_rc, FIH_FAILURE);
uint8_t *pubkey = NULL;
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
uint8_t *end;
#endif
if (hlen != IMAGE_HASH_SIZE || slen != EDDSA_SIGNATURE_LENGTH) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
pubkey = (uint8_t *)bootutil_keys[key_id].key;
end = pubkey + *bootutil_keys[key_id].len;
rc = bootutil_import_key(&pubkey, end);
if (rc) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
#endif
rc = ED25519_verify(hash, IMAGE_HASH_SIZE, sig, pubkey);
if (rc == 0) {
/* if verify returns 0, there was an error. */
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
FIH_SET(fih_rc, FIH_SUCCESS);
out:
FIH_RET(fih_rc);
}
fih_ret
bootutil_verify_img(const uint8_t *img, uint32_t size,
uint8_t *sig, size_t slen, uint8_t key_id)
{
int rc;
FIH_DECLARE(fih_rc, FIH_FAILURE);
uint8_t *pubkey = NULL;
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
uint8_t *end;
#endif
if (slen != EDDSA_SIGNATURE_LENGTH) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
pubkey = (uint8_t *)bootutil_keys[key_id].key;
end = pubkey + *bootutil_keys[key_id].len;
rc = bootutil_import_key(&pubkey, end);
if (rc) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
#endif
rc = ED25519_verify(img, size, sig, pubkey);
if (rc == 0) {
/* if verify returns 0, there was an error. */
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
FIH_SET(fih_rc, FIH_SUCCESS);
out:
FIH_RET(fih_rc);
}
#endif /* MCUBOOT_SIGN_ED25519 */

288
bootloader/mcuboot/boot/bootutil/src/image_rsa.c Normal file
View File

@@ -0,0 +1,288 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017-2018 Linaro LTD
* Copyright (c) 2017-2019 JUUL Labs
* Copyright (c) 2020-2023 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
#ifdef MCUBOOT_SIGN_RSA
#include "bootutil_priv.h"
#include "bootutil/sign_key.h"
#include "bootutil/fault_injection_hardening.h"
#define BOOTUTIL_CRYPTO_RSA_SIGN_ENABLED
#include "bootutil/crypto/rsa.h"
/* PSA Crypto APIs provide an integrated API to perform the verification
* while for other crypto backends we need to implement each step at this
* abstraction level
*/
#if !defined(MCUBOOT_USE_PSA_CRYPTO)
#include "bootutil/crypto/sha.h"
/*
* Constants for this particular constrained implementation of
* RSA-PSS. In particular, we support RSA 2048, with a SHA256 hash,
* and a 32-byte salt. A signature with different parameters will be
* rejected as invalid.
*/
/* The size, in octets, of the message. */
#define PSS_EMLEN (MCUBOOT_SIGN_RSA_LEN / 8)
/* The size of the hash function. For SHA256, this is 32 bytes. */
#define PSS_HLEN 32
/* Size of the salt, should be fixed. */
#define PSS_SLEN 32
/* The length of the mask: emLen - hLen - 1. */
#define PSS_MASK_LEN (PSS_EMLEN - PSS_HLEN - 1)
#define PSS_HASH_OFFSET PSS_MASK_LEN
/* For the mask itself, how many bytes should be all zeros. */
#define PSS_MASK_ZERO_COUNT (PSS_MASK_LEN - PSS_SLEN - 1)
#define PSS_MASK_ONE_POS PSS_MASK_ZERO_COUNT
/* Where the salt starts. */
#define PSS_MASK_SALT_POS (PSS_MASK_ONE_POS + 1)
static const uint8_t pss_zeros[8] = {0};
/*
* Compute the RSA-PSS mask-generation function, MGF1. Assumptions
* are that the mask length will be less than 256 * PSS_HLEN, and
* therefore we never need to increment anything other than the low
* byte of the counter.
*
* This is described in PKCS#1, B.2.1.
*/
static void
pss_mgf1(uint8_t *mask, const uint8_t *hash)
{
bootutil_sha_context ctx;
uint8_t counter[4] = { 0, 0, 0, 0 };
uint8_t htmp[PSS_HLEN];
int count = PSS_MASK_LEN;
int bytes;
while (count > 0) {
bootutil_sha_init(&ctx);
bootutil_sha_update(&ctx, hash, PSS_HLEN);
bootutil_sha_update(&ctx, counter, 4);
bootutil_sha_finish(&ctx, htmp);
counter[3]++;
bytes = PSS_HLEN;
if (bytes > count)
bytes = count;
memcpy(mask, htmp, bytes);
mask += bytes;
count -= bytes;
}
bootutil_sha_drop(&ctx);
}
/*
* Validate an RSA signature, using RSA-PSS, as described in PKCS #1
* v2.2, section 9.1.2, with many parameters required to have fixed
* values. RSASSA-PSS-VERIFY RFC8017 section 8.1.2
*/
static fih_ret
bootutil_cmp_rsasig(bootutil_rsa_context *ctx, uint8_t *hash, uint32_t hlen,
uint8_t *sig, size_t slen)
{
bootutil_sha_context shactx;
uint8_t em[MBEDTLS_MPI_MAX_SIZE];
uint8_t db_mask[PSS_MASK_LEN];
uint8_t h2[PSS_HLEN];
int i;
FIH_DECLARE(fih_rc, FIH_FAILURE);
/* The caller has already verified that slen == bootutil_rsa_get_len(ctx) */
if (slen != PSS_EMLEN ||
PSS_EMLEN > MBEDTLS_MPI_MAX_SIZE) {
goto out;
}
if (hlen != PSS_HLEN) {
goto out;
}
/* Apply RSAVP1 to produce em = sig^E mod N using the public key */
if (bootutil_rsa_public(ctx, sig, em)) {
goto out;
}
/*
* PKCS #1 v2.2, 9.1.2 EMSA-PSS-Verify
*
* emBits is 2048
* emLen = ceil(emBits/8) = 256
*
* The salt length is not known at the beginning.
*/
/* Step 1. The message is constrained by the address space of a
* 32-bit processor, which is far less than the 2^61-1 limit of
* SHA-256.
*/
/* Step 2. mHash is passed in as 'hash', with hLen the hlen
* argument. */
/* Step 3. if emLen < hLen + sLen + 2, inconsistent and stop.
* The salt length is not known at this point.
*/
/* Step 4. If the rightmost octet of EM does have the value
* 0xbc, output inconsistent and stop.
*/
if (em[PSS_EMLEN - 1] != 0xbc) {
goto out;
}
/* Step 5. Let maskedDB be the leftmost emLen - hLen - 1 octets
* of EM, and H be the next hLen octets.
*
* maskedDB is then the first 256 - 32 - 1 = 0-222
* H is 32 bytes 223-254
*/
/* Step 6. If the leftmost 8emLen - emBits bits of the leftmost
* octet in maskedDB are not all equal to zero, output
* inconsistent and stop.
*
* 8emLen - emBits is zero, so there is nothing to test here.
*/
/* Step 7. let dbMask = MGF(H, emLen - hLen - 1). */
pss_mgf1(db_mask, &em[PSS_HASH_OFFSET]);
/* Step 8. let DB = maskedDB xor dbMask.
* To avoid needing an additional buffer, store the 'db' in the
* same buffer as db_mask. From now, to the end of this function,
* db_mask refers to the unmasked 'db'. */
for (i = 0; i < PSS_MASK_LEN; i++) {
db_mask[i] ^= em[i];
}
/* Step 9. Set the leftmost 8emLen - emBits bits of the leftmost
* octet in DB to zero.
* pycrypto seems to always make the emBits 2047, so we need to
* clear the top bit. */
db_mask[0] &= 0x7F;
/* Step 10. If the emLen - hLen - sLen - 2 leftmost octets of DB
* are not zero or if the octet at position emLen - hLen - sLen -
* 1 (the leftmost position is "position 1") does not have
* hexadecimal value 0x01, output "inconsistent" and stop. */
for (i = 0; i < PSS_MASK_ZERO_COUNT; i++) {
if (db_mask[i] != 0) {
goto out;
}
}
if (db_mask[PSS_MASK_ONE_POS] != 1) {
goto out;
}
/* Step 11. Let salt be the last sLen octets of DB */
/* Step 12. Let M' = 0x00 00 00 00 00 00 00 00 || mHash || salt; */
/* Step 13. Let H' = Hash(M') */
bootutil_sha_init(&shactx);
bootutil_sha_update(&shactx, pss_zeros, 8);
bootutil_sha_update(&shactx, hash, PSS_HLEN);
bootutil_sha_update(&shactx, &db_mask[PSS_MASK_SALT_POS], PSS_SLEN);
bootutil_sha_finish(&shactx, h2);
bootutil_sha_drop(&shactx);
/* Step 14. If H = H', output "consistent". Otherwise, output
* "inconsistent". */
FIH_CALL(boot_fih_memequal, fih_rc, h2, &em[PSS_HASH_OFFSET], PSS_HLEN);
out:
FIH_RET(fih_rc);
}
#else /* MCUBOOT_USE_PSA_CRYPTO */
static fih_ret
bootutil_cmp_rsasig(bootutil_rsa_context *ctx, uint8_t *hash, uint32_t hlen,
uint8_t *sig, size_t slen)
{
int rc = -1;
FIH_DECLARE(fih_rc, FIH_FAILURE);
/* PSA Crypto APIs allow the verification in a single call */
rc = bootutil_rsassa_pss_verify(ctx, hash, hlen, sig, slen);
fih_rc = fih_ret_encode_zero_equality(rc);
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
}
FIH_RET(fih_rc);
}
#endif /* MCUBOOT_USE_PSA_CRYPTO */
fih_ret
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
bootutil_rsa_context ctx;
int rc;
FIH_DECLARE(fih_rc, FIH_FAILURE);
uint8_t *cp;
uint8_t *end;
bootutil_rsa_init(&ctx);
cp = (uint8_t *)bootutil_keys[key_id].key;
end = cp + *bootutil_keys[key_id].len;
/* The key used for signature verification is a public RSA key */
rc = bootutil_rsa_parse_public_key(&ctx, &cp, end);
if (rc || slen != bootutil_rsa_get_len(&ctx)) {
goto out;
}
FIH_CALL(bootutil_cmp_rsasig, fih_rc, &ctx, hash, hlen, sig, slen);
out:
bootutil_rsa_drop(&ctx);
FIH_RET(fih_rc);
}
#endif /* MCUBOOT_SIGN_RSA */

920
bootloader/mcuboot/boot/bootutil/src/image_validate.c Normal file
View File

@@ -0,0 +1,920 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2019-2024 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <stddef.h>
#include <stdint.h>
#include <inttypes.h>
#include <string.h>
#include <flash_map_backend/flash_map_backend.h>
#include "bootutil/image.h"
#include "bootutil/crypto/sha.h"
#include "bootutil/sign_key.h"
#include "bootutil/security_cnt.h"
#include "bootutil/fault_injection_hardening.h"
#include "mcuboot_config/mcuboot_config.h"
#if defined(MCUBOOT_DECOMPRESS_IMAGES)
#include <nrf_compress/implementation.h>
#include <compression/decompression.h>
#endif
#include "bootutil/bootutil_log.h"
BOOT_LOG_MODULE_DECLARE(mcuboot);
#ifdef MCUBOOT_ENC_IMAGES
#include "bootutil/enc_key.h"
#endif
#if defined(MCUBOOT_SIGN_RSA)
#include "mbedtls/rsa.h"
#endif
#if defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/ecdsa.h"
#endif
#if defined(MCUBOOT_ENC_IMAGES) || defined(MCUBOOT_SIGN_RSA) || \
defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/asn1.h"
#endif
#include "bootutil_priv.h"
#ifndef MCUBOOT_SIGN_PURE
/*
* Compute SHA hash over the image.
* (SHA384 if ECDSA-P384 is being used,
* SHA256 otherwise).
*/
static int
bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
struct image_header *hdr, const struct flash_area *fap,
uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result,
uint8_t *seed, int seed_len)
{
bootutil_sha_context sha_ctx;
uint32_t size;
uint16_t hdr_size;
uint32_t blk_off;
uint32_t tlv_off;
#if !defined(MCUBOOT_HASH_STORAGE_DIRECTLY)
int rc;
uint32_t off;
uint32_t blk_sz;
#endif
#if (BOOT_IMAGE_NUMBER == 1) || !defined(MCUBOOT_ENC_IMAGES) || \
defined(MCUBOOT_RAM_LOAD)
(void)enc_state;
(void)image_index;
(void)hdr_size;
(void)blk_off;
(void)tlv_off;
#ifdef MCUBOOT_RAM_LOAD
(void)blk_sz;
(void)off;
(void)rc;
(void)fap;
(void)tmp_buf;
(void)tmp_buf_sz;
#endif
#endif
#ifdef MCUBOOT_ENC_IMAGES
/* Encrypted images only exist in the secondary slot */
if (MUST_DECRYPT(fap, image_index, hdr) &&
!boot_enc_valid(enc_state, 1)) {
return -1;
}
#endif
bootutil_sha_init(&sha_ctx);
/* in some cases (split image) the hash is seeded with data from
* the loader image */
if (seed && (seed_len > 0)) {
bootutil_sha_update(&sha_ctx, seed, seed_len);
}
/* Hash is computed over image header and image itself. */
size = hdr_size = hdr->ih_hdr_size;
size += hdr->ih_img_size;
tlv_off = size;
/* If protected TLVs are present they are also hashed. */
size += hdr->ih_protect_tlv_size;
#ifdef MCUBOOT_HASH_STORAGE_DIRECTLY
/* No chunk loading, storage is mapped to address space and can
* be directly given to hashing function.
*/
bootutil_sha_update(&sha_ctx, (void *)flash_area_get_off(fap), size);
#else /* MCUBOOT_HASH_STORAGE_DIRECTLY */
#ifdef MCUBOOT_RAM_LOAD
bootutil_sha_update(&sha_ctx,
(void*)(IMAGE_RAM_BASE + hdr->ih_load_addr),
size);
#else
for (off = 0; off < size; off += blk_sz) {
blk_sz = size - off;
if (blk_sz > tmp_buf_sz) {
blk_sz = tmp_buf_sz;
}
#ifdef MCUBOOT_ENC_IMAGES
/* The only data that is encrypted in an image is the payload;
* both header and TLVs (when protected) are not.
*/
if ((off < hdr_size) && ((off + blk_sz) > hdr_size)) {
/* read only the header */
blk_sz = hdr_size - off;
}
if ((off < tlv_off) && ((off + blk_sz) > tlv_off)) {
/* read only up to the end of the image payload */
blk_sz = tlv_off - off;
}
#endif
rc = flash_area_read(fap, off, tmp_buf, blk_sz);
if (rc) {
bootutil_sha_drop(&sha_ctx);
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
if (MUST_DECRYPT(fap, image_index, hdr)) {
/* Only payload is encrypted (area between header and TLVs) */
int slot = flash_area_id_to_multi_image_slot(image_index,
flash_area_get_id(fap));
if (off >= hdr_size && off < tlv_off) {
blk_off = (off - hdr_size) & 0xf;
boot_enc_decrypt(enc_state, slot, off - hdr_size,
blk_sz, blk_off, tmp_buf);
}
}
#endif
bootutil_sha_update(&sha_ctx, tmp_buf, blk_sz);
}
#endif /* MCUBOOT_RAM_LOAD */
#endif /* MCUBOOT_HASH_STORAGE_DIRECTLY */
bootutil_sha_finish(&sha_ctx, hash_result);
bootutil_sha_drop(&sha_ctx);
return 0;
}
#endif
/*
* Currently, we only support being able to verify one type of
* signature, because there is a single verification function that we
* call. List the type of TLV we are expecting. If we aren't
* configured for any signature, don't define this macro.
*/
#if (defined(MCUBOOT_SIGN_RSA) + \
defined(MCUBOOT_SIGN_EC256) + \
defined(MCUBOOT_SIGN_EC384) + \
defined(MCUBOOT_SIGN_ED25519)) > 1
#error "Only a single signature type is supported!"
#endif
#if defined(MCUBOOT_SIGN_RSA)
# if MCUBOOT_SIGN_RSA_LEN == 2048
# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
# elif MCUBOOT_SIGN_RSA_LEN == 3072
# define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
# else
# error "Unsupported RSA signature length"
# endif
# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
#elif defined(MCUBOOT_SIGN_EC256) || \
defined(MCUBOOT_SIGN_EC384) || \
defined(MCUBOOT_SIGN_EC)
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA_SIG
# define SIG_BUF_SIZE 128
# define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
#elif defined(MCUBOOT_SIGN_ED25519)
# define EXPECTED_SIG_TLV IMAGE_TLV_ED25519
# define SIG_BUF_SIZE 64
# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE)
#else
# define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
#endif
#if (defined(MCUBOOT_HW_KEY) + \
defined(MCUBOOT_BUILTIN_KEY)) > 1
#error "Please use either MCUBOOT_HW_KEY or the MCUBOOT_BUILTIN_KEY feature."
#endif
#ifdef EXPECTED_SIG_TLV
#if !defined(MCUBOOT_BUILTIN_KEY)
#if !defined(MCUBOOT_HW_KEY)
/* The key TLV contains the hash of the public key. */
# define EXPECTED_KEY_TLV IMAGE_TLV_KEYHASH
# define KEY_BUF_SIZE IMAGE_HASH_SIZE
#else
/* The key TLV contains the whole public key.
* Add a few extra bytes to the key buffer size for encoding and
* for public exponent.
*/
# define EXPECTED_KEY_TLV IMAGE_TLV_PUBKEY
# define KEY_BUF_SIZE (SIG_BUF_SIZE + 24)
#endif /* !MCUBOOT_HW_KEY */
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
#if !defined(MCUBOOT_HW_KEY)
static int
bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
{
bootutil_sha_context sha_ctx;
int i;
const struct bootutil_key *key;
uint8_t hash[IMAGE_HASH_SIZE];
if (keyhash_len > IMAGE_HASH_SIZE) {
return -1;
}
for (i = 0; i < bootutil_key_cnt; i++) {
key = &bootutil_keys[i];
bootutil_sha_init(&sha_ctx);
bootutil_sha_update(&sha_ctx, key->key, *key->len);
bootutil_sha_finish(&sha_ctx, hash);
if (!memcmp(hash, keyhash, keyhash_len)) {
bootutil_sha_drop(&sha_ctx);
return i;
}
}
bootutil_sha_drop(&sha_ctx);
return -1;
}
#else /* !MCUBOOT_HW_KEY */
extern unsigned int pub_key_len;
static int
bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
{
bootutil_sha_context sha_ctx;
uint8_t hash[IMAGE_HASH_SIZE];
uint8_t key_hash[IMAGE_HASH_SIZE];
size_t key_hash_size = sizeof(key_hash);
int rc;
FIH_DECLARE(fih_rc, FIH_FAILURE);
bootutil_sha_init(&sha_ctx);
bootutil_sha_update(&sha_ctx, key, key_len);
bootutil_sha_finish(&sha_ctx, hash);
bootutil_sha_drop(&sha_ctx);
rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
if (rc) {
return -1;
}
/* Adding hardening to avoid this potential attack:
* - Image is signed with an arbitrary key and the corresponding public
* key is added as a TLV field.
* - During public key validation (comparing against key-hash read from
* HW) a fault is injected to accept the public key as valid one.
*/
FIH_CALL(boot_fih_memequal, fih_rc, hash, key_hash, key_hash_size);
if (FIH_EQ(fih_rc, FIH_SUCCESS)) {
bootutil_keys[0].key = key;
pub_key_len = key_len;
return 0;
}
return -1;
}
#endif /* !MCUBOOT_HW_KEY */
#endif /* !MCUBOOT_BUILTIN_KEY */
#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */
#endif /* EXPECTED_SIG_TLV */
/**
* Reads the value of an image's security counter.
*
* @param hdr Pointer to the image header structure.
* @param fap Pointer to a description structure of the image's
* flash area.
* @param security_cnt Pointer to store the security counter value.
*
* @return 0 on success; nonzero on failure.
*/
int32_t
bootutil_get_img_security_cnt(struct image_header *hdr,
const struct flash_area *fap,
uint32_t *img_security_cnt)
{
struct image_tlv_iter it;
uint32_t off;
uint16_t len;
int32_t rc;
if ((hdr == NULL) ||
(fap == NULL) ||
(img_security_cnt == NULL)) {
/* Invalid parameter. */
return BOOT_EBADARGS;
}
/* The security counter TLV is in the protected part of the TLV area. */
if (hdr->ih_protect_tlv_size == 0) {
return BOOT_EBADIMAGE;
}
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SEC_CNT, true);
if (rc) {
return rc;
}
/* Traverse through the protected TLV area to find
* the security counter TLV.
*/
rc = bootutil_tlv_iter_next(&it, &off, &len, NULL);
if (rc != 0) {
/* Security counter TLV has not been found. */
return -1;
}
if (len != sizeof(*img_security_cnt)) {
/* Security counter is not valid. */
return BOOT_EBADIMAGE;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, img_security_cnt, len);
if (rc != 0) {
return BOOT_EFLASH;
}
return 0;
}
#if defined(MCUBOOT_SIGN_PURE)
/* Returns:
* 0 -- found
* 1 -- not found or found but not true
* -1 -- failed for some reason
*
* Value of TLV does not matter, presence decides.
*/
static int bootutil_check_for_pure(const struct image_header *hdr,
const struct flash_area *fap)
{
struct image_tlv_iter it;
uint32_t off;
uint16_t len;
int32_t rc;
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SIG_PURE, false);
if (rc) {
return rc;
}
/* Search for the TLV */
rc = bootutil_tlv_iter_next(&it, &off, &len, NULL);
if (rc == 0 && len == 1) {
bool val;
rc = LOAD_IMAGE_DATA(hdr, fap, off, &val, 1);
if (rc == 0) {
rc = !val;
}
}
return rc;
}
#endif
#ifndef ALLOW_ROGUE_TLVS
/*
* The following list of TLVs are the only entries allowed in the unprotected
* TLV section. All other TLV entries must be in the protected section.
*/
static const uint16_t allowed_unprot_tlvs[] = {
IMAGE_TLV_KEYHASH,
IMAGE_TLV_PUBKEY,
IMAGE_TLV_SHA256,
IMAGE_TLV_SHA384,
IMAGE_TLV_SHA512,
IMAGE_TLV_RSA2048_PSS,
IMAGE_TLV_ECDSA224,
IMAGE_TLV_ECDSA_SIG,
IMAGE_TLV_RSA3072_PSS,
IMAGE_TLV_ED25519,
#if defined(MCUBOOT_SIGN_PURE)
IMAGE_TLV_SIG_PURE,
#endif
IMAGE_TLV_ENC_RSA2048,
IMAGE_TLV_ENC_KW,
IMAGE_TLV_ENC_EC256,
IMAGE_TLV_ENC_X25519,
/* Mark end with ANY. */
IMAGE_TLV_ANY,
};
#endif
/*
* Verify the integrity of the image.
* Return non-zero if image could not be validated/does not validate.
*/
fih_ret
bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
struct image_header *hdr, const struct flash_area *fap,
uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *seed,
int seed_len, uint8_t *out_hash)
{
uint32_t off;
uint16_t len;
uint16_t type;
#ifdef EXPECTED_SIG_TLV
FIH_DECLARE(valid_signature, FIH_FAILURE);
#ifndef MCUBOOT_BUILTIN_KEY
int key_id = -1;
#else
/* Pass a key ID equal to the image index, the underlying crypto library
* is responsible for mapping the image index to a builtin key ID.
*/
int key_id = image_index;
#endif /* !MCUBOOT_BUILTIN_KEY */
#ifdef MCUBOOT_HW_KEY
uint8_t key_buf[KEY_BUF_SIZE];
#endif
#endif /* EXPECTED_SIG_TLV */
struct image_tlv_iter it;
uint8_t buf[SIG_BUF_SIZE];
#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE)
int image_hash_valid = 0;
uint8_t hash[IMAGE_HASH_SIZE];
#endif
int rc = 0;
FIH_DECLARE(fih_rc, FIH_FAILURE);
#ifdef MCUBOOT_HW_ROLLBACK_PROT
fih_int security_cnt = fih_int_encode(INT_MAX);
uint32_t img_security_cnt = 0;
FIH_DECLARE(security_counter_valid, FIH_FAILURE);
#endif
#ifdef MCUBOOT_DECOMPRESS_IMAGES
/* If the image is compressed, the integrity of the image must also be validated */
if (MUST_DECOMPRESS(fap, image_index, hdr)) {
bool found_decompressed_size = false;
bool found_decompressed_sha = false;
bool found_decompressed_signature = false;
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, true);
if (rc) {
goto out;
}
if (it.tlv_end > bootutil_max_image_size(fap)) {
rc = -1;
goto out;
}
while (true) {
uint16_t expected_size = 0;
bool *found_flag = NULL;
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
goto out;
} else if (rc > 0) {
break;
}
switch (type) {
case IMAGE_TLV_DECOMP_SIZE:
expected_size = sizeof(size_t);
found_flag = &found_decompressed_size;
break;
case IMAGE_TLV_DECOMP_SHA:
expected_size = IMAGE_HASH_SIZE;
found_flag = &found_decompressed_sha;
break;
case IMAGE_TLV_DECOMP_SIGNATURE:
found_flag = &found_decompressed_signature;
break;
default:
continue;
};
if (type == IMAGE_TLV_DECOMP_SIGNATURE && !EXPECTED_SIG_LEN(len)) {
rc = -1;
goto out;
} else if (type != IMAGE_TLV_DECOMP_SIGNATURE && len != expected_size) {
rc = -1;
goto out;
}
*found_flag = true;
}
rc = (!found_decompressed_size || !found_decompressed_sha || !found_decompressed_signature);
if (rc) {
goto out;
}
}
#endif
#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE)
rc = bootutil_img_hash(enc_state, image_index, hdr, fap, tmp_buf,
tmp_buf_sz, hash, seed, seed_len);
if (rc) {
goto out;
}
if (out_hash) {
memcpy(out_hash, hash, IMAGE_HASH_SIZE);
}
#endif
#if defined(MCUBOOT_SIGN_PURE)
/* If Pure type signature is expected then it has to be there */
rc = bootutil_check_for_pure(hdr, fap);
if (rc != 0) {
goto out;
}
#endif
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false);
if (rc) {
goto out;
}
if (it.tlv_end > bootutil_max_image_size(fap)) {
rc = -1;
goto out;
}
/*
* Traverse through all of the TLVs, performing any checks we know
* and are able to do.
*/
while (true) {
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
goto out;
} else if (rc > 0) {
break;
}
#ifndef ALLOW_ROGUE_TLVS
/*
* Ensure that the non-protected TLV only has entries necessary to hold
* the signature. We also allow encryption related keys to be in the
* unprotected area.
*/
if (!bootutil_tlv_iter_is_prot(&it, off)) {
bool found = false;
for (const uint16_t *p = allowed_unprot_tlvs; *p != IMAGE_TLV_ANY; p++) {
if (type == *p) {
found = true;
break;
}
}
if (!found) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
}
#endif
switch(type) {
#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE)
case EXPECTED_HASH_TLV:
{
/* Verify the image hash. This must always be present. */
if (len != sizeof(hash)) {
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, sizeof(hash));
if (rc) {
goto out;
}
FIH_CALL(boot_fih_memequal, fih_rc, hash, buf, sizeof(hash));
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
image_hash_valid = 1;
break;
}
#endif /* defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE) */
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
#ifdef EXPECTED_KEY_TLV
case EXPECTED_KEY_TLV:
{
/*
* Determine which key we should be checking.
*/
if (len > KEY_BUF_SIZE) {
rc = -1;
goto out;
}
#ifndef MCUBOOT_HW_KEY
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
if (rc) {
goto out;
}
key_id = bootutil_find_key(buf, len);
#else
rc = LOAD_IMAGE_DATA(hdr, fap, off, key_buf, len);
if (rc) {
goto out;
}
key_id = bootutil_find_key(image_index, key_buf, len);
#endif /* !MCUBOOT_HW_KEY */
/*
* The key may not be found, which is acceptable. There
* can be multiple signatures, each preceded by a key.
*/
break;
}
#endif /* EXPECTED_KEY_TLV */
#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */
#ifdef EXPECTED_SIG_TLV
case EXPECTED_SIG_TLV:
{
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU)
/* Ignore this signature if it is out of bounds. */
if (key_id < 0 || key_id >= bootutil_key_cnt) {
key_id = -1;
continue;
}
#endif /* !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) */
if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) {
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
if (rc) {
goto out;
}
#ifndef MCUBOOT_SIGN_PURE
FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash),
buf, len, key_id);
#else
/* Directly check signature on the image, by using the mapping of
* a device to memory. The pointer is beginning of image in flash,
* so offset of area, the range is header + image + protected tlvs.
*/
FIH_CALL(bootutil_verify_img, valid_signature, (void *)flash_area_get_off(fap),
hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size,
buf, len, key_id);
#endif
key_id = -1;
break;
}
#endif /* EXPECTED_SIG_TLV */
#ifdef MCUBOOT_HW_ROLLBACK_PROT
case IMAGE_TLV_SEC_CNT:
{
/*
* Verify the image's security counter.
* This must always be present.
*/
if (len != sizeof(img_security_cnt)) {
/* Security counter is not valid. */
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, &img_security_cnt, len);
if (rc) {
goto out;
}
FIH_CALL(boot_nv_security_counter_get, fih_rc, image_index,
&security_cnt);
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
/* Compare the new image's security counter value against the
* stored security counter value.
*/
fih_rc = fih_ret_encode_zero_equality(img_security_cnt <
(uint32_t)fih_int_decode(security_cnt));
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
/* The image's security counter has been successfully verified. */
security_counter_valid = fih_rc;
break;
}
#endif /* MCUBOOT_HW_ROLLBACK_PROT */
}
}
#if defined(EXPECTED_HASH_TLV) && !defined(MCUBOOT_SIGN_PURE)
rc = !image_hash_valid;
if (rc) {
goto out;
}
#elif defined(MCUBOOT_SIGN_PURE)
/* This returns true on EQ, rc is err on non-0 */
rc = FIH_NOT_EQ(valid_signature, FIH_SUCCESS);
#endif
#ifdef EXPECTED_SIG_TLV
FIH_SET(fih_rc, valid_signature);
#endif
#ifdef MCUBOOT_HW_ROLLBACK_PROT
if (FIH_NOT_EQ(security_counter_valid, FIH_SUCCESS)) {
rc = -1;
goto out;
}
#endif
#ifdef MCUBOOT_DECOMPRESS_IMAGES
/* Only after all previous verifications have passed, perform a dry-run of the decompression
* and ensure the image is valid
*/
if (!rc && MUST_DECOMPRESS(fap, image_index, hdr)) {
image_hash_valid = 0;
FIH_SET(valid_signature, FIH_FAILURE);
rc = bootutil_img_hash_decompress(enc_state, image_index, hdr, fap, tmp_buf, tmp_buf_sz,
hash, seed, seed_len);
if (rc) {
goto out;
}
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_DECOMP_SHA, true);
if (rc) {
goto out;
}
if (it.tlv_end > bootutil_max_image_size(fap)) {
rc = -1;
goto out;
}
while (true) {
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
goto out;
} else if (rc > 0) {
break;
}
if (type == IMAGE_TLV_DECOMP_SHA) {
/* Verify the image hash. This must always be present. */
if (len != sizeof(hash)) {
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, sizeof(hash));
if (rc) {
goto out;
}
FIH_CALL(boot_fih_memequal, fih_rc, hash, buf, sizeof(hash));
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
image_hash_valid = 1;
}
}
rc = !image_hash_valid;
if (rc) {
goto out;
}
#ifdef EXPECTED_SIG_TLV
#ifdef EXPECTED_KEY_TLV
rc = bootutil_tlv_iter_begin(&it, hdr, fap, EXPECTED_KEY_TLV, false);
if (rc) {
goto out;
}
if (it.tlv_end > bootutil_max_image_size(fap)) {
rc = -1;
goto out;
}
while (true) {
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
goto out;
} else if (rc > 0) {
break;
}
if (type == EXPECTED_KEY_TLV) {
/*
* Determine which key we should be checking.
*/
if (len > KEY_BUF_SIZE) {
rc = -1;
goto out;
}
#ifndef MCUBOOT_HW_KEY
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
if (rc) {
goto out;
}
key_id = bootutil_find_key(buf, len);
#else
rc = LOAD_IMAGE_DATA(hdr, fap, off, key_buf, len);
if (rc) {
goto out;
}
key_id = bootutil_find_key(image_index, key_buf, len);
#endif /* !MCUBOOT_HW_KEY */
/*
* The key may not be found, which is acceptable. There
* can be multiple signatures, each preceded by a key.
*/
}
}
#endif /* EXPECTED_KEY_TLV */
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_DECOMP_SIGNATURE, true);
if (rc) {
goto out;
}
if (it.tlv_end > bootutil_max_image_size(fap)) {
rc = -1;
goto out;
}
while (true) {
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
goto out;
} else if (rc > 0) {
rc = 0;
break;
}
if (type == IMAGE_TLV_DECOMP_SIGNATURE) {
/* Ignore this signature if it is out of bounds. */
if (key_id < 0 || key_id >= bootutil_key_cnt) {
key_id = -1;
continue;
}
if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) {
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
if (rc) {
goto out;
}
FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash),
buf, len, key_id);
key_id = -1;
}
}
#endif /* EXPECTED_SIG_TLV */
}
#endif
#ifdef EXPECTED_SIG_TLV
FIH_SET(fih_rc, valid_signature);
#endif
out:
if (rc) {
FIH_SET(fih_rc, FIH_FAILURE);
}
FIH_RET(fih_rc);
}

3974
bootloader/mcuboot/boot/bootutil/src/loader.c Normal file
View File

File diff suppressed because it is too large Load Diff

3896
bootloader/mcuboot/boot/bootutil/src/loader_legacy_child_parent.c Normal file
View File

File diff suppressed because it is too large Load Diff

234
bootloader/mcuboot/boot/bootutil/src/swap_misc.c Normal file
View File

@@ -0,0 +1,234 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include <stdbool.h>
#include <inttypes.h>
#include <stdlib.h>
#include <string.h>
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
#include "swap_priv.h"
#include "bootutil/bootutil_log.h"
#include "mcuboot_config/mcuboot_config.h"
BOOT_LOG_MODULE_DECLARE(mcuboot);
#if defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SWAP_USING_MOVE)
int
swap_erase_trailer_sectors(const struct boot_loader_state *state,
const struct flash_area *fap)
{
uint8_t slot;
uint32_t sector;
uint32_t trailer_sz;
uint32_t total_sz;
uint32_t off;
uint32_t sz;
int fa_id_primary;
int fa_id_secondary;
uint8_t image_index;
int rc;
BOOT_LOG_DBG("erasing trailer; fa_id=%d", flash_area_get_id(fap));
image_index = BOOT_CURR_IMG(state);
fa_id_primary = flash_area_id_from_multi_image_slot(image_index,
BOOT_PRIMARY_SLOT);
fa_id_secondary = flash_area_id_from_multi_image_slot(image_index,
BOOT_SECONDARY_SLOT);
if (flash_area_get_id(fap) == fa_id_primary) {
slot = BOOT_PRIMARY_SLOT;
} else if (flash_area_get_id(fap) == fa_id_secondary) {
slot = BOOT_SECONDARY_SLOT;
} else {
return BOOT_EFLASH;
}
/* delete starting from last sector and moving to beginning */
sector = boot_img_num_sectors(state, slot) - 1;
trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
total_sz = 0;
do {
sz = boot_img_sector_size(state, slot, sector);
off = boot_img_sector_off(state, slot, sector);
rc = boot_erase_region(fap, off, sz);
assert(rc == 0);
sector--;
total_sz += sz;
} while (total_sz < trailer_sz);
return rc;
}
int
swap_status_init(const struct boot_loader_state *state,
const struct flash_area *fap,
const struct boot_status *bs)
{
struct boot_swap_state swap_state;
uint8_t image_index;
int rc;
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
image_index = BOOT_CURR_IMG(state);
BOOT_LOG_DBG("initializing status; fa_id=%d", flash_area_get_id(fap));
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY(image_index),
&swap_state);
assert(rc == 0);
if (bs->swap_type != BOOT_SWAP_TYPE_NONE) {
rc = boot_write_swap_info(fap, bs->swap_type, image_index);
assert(rc == 0);
}
if (swap_state.image_ok == BOOT_FLAG_SET) {
rc = boot_write_image_ok(fap);
assert(rc == 0);
}
rc = boot_write_swap_size(fap, bs->swap_size);
assert(rc == 0);
#ifdef MCUBOOT_ENC_IMAGES
rc = boot_write_enc_key(fap, 0, bs);
assert(rc == 0);
rc = boot_write_enc_key(fap, 1, bs);
assert(rc == 0);
#endif
rc = boot_write_magic(fap);
assert(rc == 0);
return 0;
}
int
swap_read_status(struct boot_loader_state *state, struct boot_status *bs)
{
const struct flash_area *fap;
uint32_t off;
uint8_t swap_info;
int area_id;
int rc;
bs->source = swap_status_source(state);
switch (bs->source) {
case BOOT_STATUS_SOURCE_NONE:
return 0;
#if MCUBOOT_SWAP_USING_SCRATCH
case BOOT_STATUS_SOURCE_SCRATCH:
area_id = FLASH_AREA_IMAGE_SCRATCH;
break;
#endif
case BOOT_STATUS_SOURCE_PRIMARY_SLOT:
area_id = FLASH_AREA_IMAGE_PRIMARY(BOOT_CURR_IMG(state));
break;
default:
assert(0);
return BOOT_EBADARGS;
}
rc = flash_area_open(area_id, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = swap_read_status_bytes(fap, state, bs);
if (rc == 0) {
off = boot_swap_info_off(fap);
rc = flash_area_read(fap, off, &swap_info, sizeof swap_info);
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
if (bootutil_buffer_is_erased(fap, &swap_info, sizeof swap_info)) {
BOOT_SET_SWAP_INFO(swap_info, 0, BOOT_SWAP_TYPE_NONE);
rc = 0;
}
/* Extract the swap type info */
bs->swap_type = BOOT_GET_SWAP_TYPE(swap_info);
}
done:
flash_area_close(fap);
return rc;
}
int
swap_set_copy_done(uint8_t image_index)
{
const struct flash_area *fap;
int rc;
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(image_index),
&fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = boot_write_copy_done(fap);
flash_area_close(fap);
return rc;
}
int
swap_set_image_ok(uint8_t image_index)
{
const struct flash_area *fap;
struct boot_swap_state state;
int rc;
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(image_index),
&fap);
if (rc != 0) {
return BOOT_EFLASH;
}
rc = boot_read_swap_state(fap, &state);
if (rc != 0) {
rc = BOOT_EFLASH;
goto out;
}
if (state.image_ok == BOOT_FLAG_UNSET) {
rc = boot_write_image_ok(fap);
}
out:
flash_area_close(fap);
return rc;
}
#endif /* defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SWAP_USING_MOVE) */

608
bootloader/mcuboot/boot/bootutil/src/swap_move.c Normal file
View File

@@ -0,0 +1,608 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include <stdbool.h>
#include <inttypes.h>
#include <stdlib.h>
#include <string.h>
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
#include "swap_priv.h"
#include "bootutil/bootutil_log.h"
#include "mcuboot_config/mcuboot_config.h"
BOOT_LOG_MODULE_DECLARE(mcuboot);
#ifdef MCUBOOT_SWAP_USING_MOVE
#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
/*
* FIXME: this might have to be updated for threaded sim
*/
int boot_status_fails = 0;
#define BOOT_STATUS_ASSERT(x) \
do { \
if (!(x)) { \
boot_status_fails++; \
} \
} while (0)
#else
#define BOOT_STATUS_ASSERT(x) ASSERT(x)
#endif
uint32_t
find_last_idx(struct boot_loader_state *state, uint32_t swap_size)
{
uint32_t sector_sz;
uint32_t sz;
uint32_t last_idx;
sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
sz = 0;
last_idx = 0;
while (1) {
sz += sector_sz;
last_idx++;
if (sz >= swap_size) {
break;
}
}
return last_idx;
}
int
boot_read_image_header(struct boot_loader_state *state, int slot,
struct image_header *out_hdr, struct boot_status *bs)
{
const struct flash_area *fap;
uint32_t off;
uint32_t sz;
uint32_t last_idx;
uint32_t swap_size;
int area_id;
int rc;
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
off = 0;
if (bs && !boot_status_is_reset(bs)) {
boot_find_status(BOOT_CURR_IMG(state), &fap);
if (fap == NULL || boot_read_swap_size(fap, &swap_size)) {
rc = BOOT_EFLASH;
goto done;
}
flash_area_close(fap);
last_idx = find_last_idx(state, swap_size);
sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
/*
* Find the correct offset or slot where the image header is expected to
* be found for the steps where it is moved or swapped.
*/
if (bs->op == BOOT_STATUS_OP_MOVE && slot == 0 && bs->idx > last_idx) {
off = sz;
} else if (bs->op == BOOT_STATUS_OP_SWAP) {
if (bs->idx > 1 && bs->idx <= last_idx) {
slot = (slot == 0) ? 1 : 0;
} else if (bs->idx == 1) {
if (slot == 0) {
off = sz;
} else if (slot == 1 && bs->state == 2) {
slot = 0;
}
}
}
}
area_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), slot);
rc = flash_area_open(area_id, &fap);
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
rc = flash_area_read(fap, off, out_hdr, sizeof *out_hdr);
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
/* We only know where the headers are located when bs is valid */
if (bs != NULL && out_hdr->ih_magic != IMAGE_MAGIC) {
rc = -1;
goto done;
}
rc = 0;
done:
flash_area_close(fap);
return rc;
}
int
swap_read_status_bytes(const struct flash_area *fap,
struct boot_loader_state *state, struct boot_status *bs)
{
uint32_t off;
uint8_t status;
int max_entries;
int found_idx;
uint8_t write_sz;
int move_entries;
int rc;
int last_rc;
int erased_sections;
int i;
max_entries = boot_status_entries(BOOT_CURR_IMG(state), fap);
if (max_entries < 0) {
return BOOT_EBADARGS;
}
erased_sections = 0;
found_idx = -1;
/* skip erased sectors at the end */
last_rc = 1;
write_sz = BOOT_WRITE_SZ(state);
off = boot_status_off(fap);
for (i = max_entries; i > 0; i--) {
rc = flash_area_read(fap, off + (i - 1) * write_sz, &status, 1);
if (rc < 0) {
return BOOT_EFLASH;
}
if (bootutil_buffer_is_erased(fap, &status, 1)) {
if (rc != last_rc) {
erased_sections++;
}
} else {
if (found_idx == -1) {
found_idx = i;
}
}
last_rc = rc;
}
if (erased_sections > 1) {
/* This means there was an error writing status on the last
* swap. Tell user and move on to validation!
*/
#if !defined(__BOOTSIM__)
BOOT_LOG_ERR("Detected inconsistent status!");
#endif
#if !defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
/* With validation of the primary slot disabled, there is no way
* to be sure the swapped primary slot is OK, so abort!
*/
assert(0);
#endif
}
move_entries = BOOT_MAX_IMG_SECTORS * BOOT_STATUS_MOVE_STATE_COUNT;
if (found_idx == -1) {
/* no swap status found; nothing to do */
} else if (found_idx < move_entries) {
bs->op = BOOT_STATUS_OP_MOVE;
bs->idx = (found_idx / BOOT_STATUS_MOVE_STATE_COUNT) + BOOT_STATUS_IDX_0;
bs->state = (found_idx % BOOT_STATUS_MOVE_STATE_COUNT) + BOOT_STATUS_STATE_0;;
} else {
bs->op = BOOT_STATUS_OP_SWAP;
bs->idx = ((found_idx - move_entries) / BOOT_STATUS_SWAP_STATE_COUNT) + BOOT_STATUS_IDX_0;
bs->state = ((found_idx - move_entries) % BOOT_STATUS_SWAP_STATE_COUNT) + BOOT_STATUS_STATE_0;
}
return 0;
}
uint32_t
boot_status_internal_off(const struct boot_status *bs, int elem_sz)
{
uint32_t off;
int idx_sz;
idx_sz = elem_sz * ((bs->op == BOOT_STATUS_OP_MOVE) ?
BOOT_STATUS_MOVE_STATE_COUNT : BOOT_STATUS_SWAP_STATE_COUNT);
off = ((bs->op == BOOT_STATUS_OP_MOVE) ?
0 : (BOOT_MAX_IMG_SECTORS * BOOT_STATUS_MOVE_STATE_COUNT * elem_sz)) +
(bs->idx - BOOT_STATUS_IDX_0) * idx_sz +
(bs->state - BOOT_STATUS_STATE_0) * elem_sz;
return off;
}
static int app_max_sectors(struct boot_loader_state *state)
{
uint32_t sz = 0;
uint32_t sector_sz;
uint32_t trailer_sz;
uint32_t first_trailer_idx;
sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
first_trailer_idx = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1;
while (1) {
sz += sector_sz;
if (sz >= trailer_sz) {
break;
}
first_trailer_idx--;
}
return first_trailer_idx;
}
int
boot_slots_compatible(struct boot_loader_state *state)
{
#ifdef PM_S1_ADDRESS
/* Patch needed for NCS. In this case, image 1 primary points to the other
* B1 slot (ie S0 or S1), and image 0 primary points to the app.
* With this configuration, image 0 and image 1 share the secondary slot.
* Hence, the primary slot of image 1 will be *smaller* than image 1's
* secondary slot. This is not allowed in upstream mcuboot, so we need
* this patch to allow it. Also, all of these checks are redundant when
* partition manager is in use, and since we have the same sector size
* in all of our flash.
*/
return 1;
#else
size_t num_sectors_pri;
size_t num_sectors_sec;
size_t sector_sz_pri = 0;
size_t sector_sz_sec = 0;
size_t i;
size_t num_usable_sectors_pri;
num_sectors_pri = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT);
num_sectors_sec = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT);
num_usable_sectors_pri = app_max_sectors(state);
if ((num_sectors_pri != num_sectors_sec) &&
(num_sectors_pri != (num_sectors_sec + 1)) &&
(num_usable_sectors_pri != (num_sectors_sec + 1))) {
BOOT_LOG_WRN("Cannot upgrade: not a compatible amount of sectors");
BOOT_LOG_DBG("slot0 sectors: %d, slot1 sectors: %d, usable slot0 sectors: %d",
(int)num_sectors_pri, (int)num_sectors_sec,
(int)(num_usable_sectors_pri - 1));
return 0;
} else if (num_sectors_pri > BOOT_MAX_IMG_SECTORS) {
BOOT_LOG_WRN("Cannot upgrade: more sectors than allowed");
return 0;
}
if (num_usable_sectors_pri != (num_sectors_sec + 1)) {
BOOT_LOG_DBG("Non-optimal sector distribution, slot0 has %d usable sectors (%d assigned) "
"but slot1 has %d assigned", (int)(num_usable_sectors_pri - 1),
(int)num_sectors_pri, (int)num_sectors_sec);
}
for (i = 0; i < num_sectors_sec; i++) {
sector_sz_pri = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
sector_sz_sec = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, i);
if (sector_sz_pri != sector_sz_sec) {
BOOT_LOG_WRN("Cannot upgrade: not same sector layout");
return 0;
}
}
if (num_sectors_pri > num_sectors_sec) {
if (sector_sz_pri != boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i)) {
BOOT_LOG_WRN("Cannot upgrade: not same sector layout");
return 0;
}
}
return 1;
#endif /* PM_S1_ADDRESS */
}
#define BOOT_LOG_SWAP_STATE(area, state) \
BOOT_LOG_INF("%s: magic=%s, swap_type=0x%x, copy_done=0x%x, " \
"image_ok=0x%x", \
(area), \
((state)->magic == BOOT_MAGIC_GOOD ? "good" : \
(state)->magic == BOOT_MAGIC_UNSET ? "unset" : \
"bad"), \
(state)->swap_type, \
(state)->copy_done, \
(state)->image_ok)
int
swap_status_source(struct boot_loader_state *state)
{
struct boot_swap_state state_primary_slot;
struct boot_swap_state state_secondary_slot;
int rc;
uint8_t source;
uint8_t image_index;
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
image_index = BOOT_CURR_IMG(state);
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY(image_index),
&state_primary_slot);
assert(rc == 0);
BOOT_LOG_SWAP_STATE("Primary image", &state_primary_slot);
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY(image_index),
&state_secondary_slot);
assert(rc == 0);
BOOT_LOG_SWAP_STATE("Secondary image", &state_secondary_slot);
if (state_primary_slot.magic == BOOT_MAGIC_GOOD &&
state_primary_slot.copy_done == BOOT_FLAG_UNSET &&
state_secondary_slot.magic != BOOT_MAGIC_GOOD) {
source = BOOT_STATUS_SOURCE_PRIMARY_SLOT;
BOOT_LOG_INF("Boot source: primary slot");
return source;
}
BOOT_LOG_INF("Boot source: none");
return BOOT_STATUS_SOURCE_NONE;
}
/*
* "Moves" the sector located at idx - 1 to idx.
*/
static void
boot_move_sector_up(int idx, uint32_t sz, struct boot_loader_state *state,
struct boot_status *bs, const struct flash_area *fap_pri,
const struct flash_area *fap_sec)
{
uint32_t new_off;
uint32_t old_off;
int rc;
/*
* FIXME: assuming sectors of size == sz, a single off variable
* would be enough
*/
/* Calculate offset from start of image area. */
new_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx);
old_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx - 1);
if (bs->idx == BOOT_STATUS_IDX_0) {
if (bs->source != BOOT_STATUS_SOURCE_PRIMARY_SLOT) {
rc = swap_erase_trailer_sectors(state, fap_pri);
assert(rc == 0);
rc = swap_status_init(state, fap_pri, bs);
assert(rc == 0);
}
rc = swap_erase_trailer_sectors(state, fap_sec);
assert(rc == 0);
}
rc = boot_erase_region(fap_pri, new_off, sz);
assert(rc == 0);
rc = boot_copy_region(state, fap_pri, fap_pri, old_off, new_off, sz);
assert(rc == 0);
rc = boot_write_status(state, bs);
bs->idx++;
BOOT_STATUS_ASSERT(rc == 0);
}
static void
boot_swap_sectors(int idx, uint32_t sz, struct boot_loader_state *state,
struct boot_status *bs, const struct flash_area *fap_pri,
const struct flash_area *fap_sec)
{
uint32_t pri_off;
uint32_t pri_up_off;
uint32_t sec_off;
int rc;
pri_up_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx);
pri_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx - 1);
sec_off = boot_img_sector_off(state, BOOT_SECONDARY_SLOT, idx - 1);
if (bs->state == BOOT_STATUS_STATE_0) {
rc = boot_erase_region(fap_pri, pri_off, sz);
assert(rc == 0);
rc = boot_copy_region(state, fap_sec, fap_pri, sec_off, pri_off, sz);
assert(rc == 0);
rc = boot_write_status(state, bs);
bs->state = BOOT_STATUS_STATE_1;
BOOT_STATUS_ASSERT(rc == 0);
}
if (bs->state == BOOT_STATUS_STATE_1) {
rc = boot_erase_region(fap_sec, sec_off, sz);
assert(rc == 0);
rc = boot_copy_region(state, fap_pri, fap_sec, pri_up_off, sec_off, sz);
assert(rc == 0);
rc = boot_write_status(state, bs);
bs->idx++;
bs->state = BOOT_STATUS_STATE_0;
BOOT_STATUS_ASSERT(rc == 0);
}
}
/*
* When starting a revert the swap status exists in the primary slot, and
* the status in the secondary slot is erased. To start the swap, the status
* area in the primary slot must be re-initialized; if during the small
* window of time between re-initializing it and writing the first metadata
* a reset happens, the swap process is broken and cannot be resumed.
*
* This function handles the issue by making the revert look like a permanent
* upgrade (by initializing the secondary slot).
*/
void
fixup_revert(const struct boot_loader_state *state, struct boot_status *bs,
const struct flash_area *fap_sec)
{
struct boot_swap_state swap_state;
int rc;
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
/* No fixup required */
if (bs->swap_type != BOOT_SWAP_TYPE_REVERT ||
bs->op != BOOT_STATUS_OP_MOVE ||
bs->idx != BOOT_STATUS_IDX_0) {
return;
}
rc = boot_read_swap_state(fap_sec, &swap_state);
assert(rc == 0);
BOOT_LOG_SWAP_STATE("Secondary image", &swap_state);
if (swap_state.magic == BOOT_MAGIC_UNSET) {
rc = swap_erase_trailer_sectors(state, fap_sec);
assert(rc == 0);
rc = boot_write_image_ok(fap_sec);
assert(rc == 0);
rc = boot_write_swap_size(fap_sec, bs->swap_size);
assert(rc == 0);
rc = boot_write_magic(fap_sec);
assert(rc == 0);
}
}
void
swap_run(struct boot_loader_state *state, struct boot_status *bs,
uint32_t copy_size)
{
uint32_t sz;
uint32_t sector_sz;
uint32_t idx;
uint32_t trailer_sz;
uint32_t first_trailer_idx;
uint32_t last_idx;
uint8_t image_index;
const struct flash_area *fap_pri;
const struct flash_area *fap_sec;
int rc;
BOOT_LOG_INF("Starting swap using move algorithm.");
last_idx = find_last_idx(state, copy_size);
sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
/*
* When starting a new swap upgrade, check that there is enough space.
*/
if (boot_status_is_reset(bs)) {
sz = 0;
trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
first_trailer_idx = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1;
while (1) {
sz += sector_sz;
if (sz >= trailer_sz) {
break;
}
first_trailer_idx--;
}
if (last_idx >= first_trailer_idx) {
BOOT_LOG_WRN("Not enough free space to run swap upgrade");
BOOT_LOG_WRN("required %d bytes but only %d are available",
(last_idx + 1) * sector_sz,
first_trailer_idx * sector_sz);
bs->swap_type = BOOT_SWAP_TYPE_NONE;
return;
}
}
image_index = BOOT_CURR_IMG(state);
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(image_index), &fap_pri);
assert (rc == 0);
rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap_sec);
assert (rc == 0);
fixup_revert(state, bs, fap_sec);
if (bs->op == BOOT_STATUS_OP_MOVE) {
idx = last_idx;
while (idx > 0) {
if (idx <= (last_idx - bs->idx + 1)) {
boot_move_sector_up(idx, sector_sz, state, bs, fap_pri, fap_sec);
}
idx--;
}
bs->idx = BOOT_STATUS_IDX_0;
}
bs->op = BOOT_STATUS_OP_SWAP;
idx = 1;
while (idx <= last_idx) {
if (idx >= bs->idx) {
boot_swap_sectors(idx, sector_sz, state, bs, fap_pri, fap_sec);
}
idx++;
}
flash_area_close(fap_pri);
flash_area_close(fap_sec);
}
int app_max_size(struct boot_loader_state *state)
{
uint32_t sector_sz_primary;
uint32_t sector_sz_secondary;
uint32_t sz_primary;
uint32_t sz_secondary;
sector_sz_primary = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
sector_sz_secondary = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0);
/* Account for image flags and move sector */
sz_primary = app_max_sectors(state) * sector_sz_primary - sector_sz_primary;
sz_secondary = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT) * sector_sz_secondary;
return (sz_primary <= sz_secondary ? sz_primary : sz_secondary);
}
#endif

70
bootloader/mcuboot/boot/bootutil/src/swap_nsib.c Normal file
View File

@@ -0,0 +1,70 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2024 Nordic Semiconductor ASA
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include <stdbool.h>
#include <inttypes.h>
#include <stdlib.h>
#include <string.h>
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
#include "swap_priv.h"
#include "bootutil/bootutil_log.h"
#include "mcuboot_config/mcuboot_config.h"
BOOT_LOG_MODULE_DECLARE(mcuboot);
void nsib_swap_run(struct boot_loader_state *state, struct boot_status *bs)
{
uint32_t sector_sz;
uint8_t image_index;
const struct flash_area *fap_pri;
const struct flash_area *fap_sec;
int rc;
BOOT_LOG_INF("Starting swap using nsib algorithm.");
sector_sz = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0);
#if (CONFIG_NCS_IS_VARIANT_IMAGE)
rc = flash_area_open(PM_S0_ID, &fap_pri);
#else
rc = flash_area_open(PM_S1_ID, &fap_pri);
#endif
assert (rc == 0);
image_index = BOOT_CURR_IMG(state);
rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap_sec);
assert (rc == 0);
rc = boot_erase_region(fap_pri, 0, fap_pri->fa_size);
assert(rc == 0);
rc = boot_copy_region(state, fap_sec, fap_pri, 0, 0, fap_pri->fa_size);
assert(rc == 0);
rc = swap_erase_trailer_sectors(state, fap_sec);
assert(rc == 0);
rc = boot_erase_region(fap_sec, 0, MIN((fap_pri->fa_size + sector_sz), fap_sec->fa_size));
assert(rc == 0);
flash_area_close(fap_pri);
flash_area_close(fap_sec);
}

117
bootloader/mcuboot/boot/bootutil/src/swap_priv.h Normal file
View File

@@ -0,0 +1,117 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef H_SWAP_PRIV_
#define H_SWAP_PRIV_
#include "mcuboot_config/mcuboot_config.h"
#if defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SWAP_USING_MOVE)
/**
* Calculates the amount of space required to store the trailer, and erases
* all sectors required for this storage in the given flash_area.
*/
int swap_erase_trailer_sectors(const struct boot_loader_state *state,
const struct flash_area *fap);
/**
* Initialize the given flash_area with the metadata required to start a new
* swap upgrade.
*/
int swap_status_init(const struct boot_loader_state *state,
const struct flash_area *fap,
const struct boot_status *bs);
/**
* Tries to locate an interrupted swap status (metadata). If not metadata
* was found returns BOOT_STATUS_SOURCE_NONE.
*
* Must return one of:
* - BOOT_STATUS_SOURCE_NONE
* - BOOT_STATUS_SOURCE_SCRATCH
* - BOOT_STATUS_SOURCE_PRIMARY_SLOT
*/
int swap_status_source(struct boot_loader_state *state);
/**
* Reads the boot status from the flash. The boot status contains
* the current state of an interrupted image copy operation. If the boot
* status is not present, or it indicates that previous copy finished,
* there is no operation in progress.
*/
int swap_read_status(struct boot_loader_state *state, struct boot_status *bs);
/**
* Iterate over the swap status bytes in the given flash_area and populate
* the given boot_status with the calculated index where a swap upgrade was
* interrupted.
*/
int swap_read_status_bytes(const struct flash_area *fap,
struct boot_loader_state *state,
struct boot_status *bs);
/**
* Marks the image in the primary slot as fully copied.
*/
int swap_set_copy_done(uint8_t image_index);
/**
* Marks a reverted image in the primary slot as confirmed. This is necessary to
* ensure the status bytes from the image revert operation don't get processed
* on a subsequent boot.
*
* NOTE: image_ok is tested before writing because if there's a valid permanent
* image installed on the primary slot and the new image to be upgrade to has a
* bad sig, image_ok would be overwritten.
*/
int swap_set_image_ok(uint8_t image_index);
/**
* Start a new or resume an interrupted swap according to the parameters
* found in the given boot_status.
*/
void swap_run(struct boot_loader_state *state,
struct boot_status *bs,
uint32_t copy_size);
#if MCUBOOT_SWAP_USING_SCRATCH
#define BOOT_SCRATCH_AREA(state) ((state)->scratch.area)
static inline size_t boot_scratch_area_size(const struct boot_loader_state *state)
{
return flash_area_get_size(BOOT_SCRATCH_AREA(state));
}
#endif
#endif /* defined(MCUBOOT_SWAP_USING_SCRATCH) || defined(MCUBOOT_SWAP_USING_MOVE) */
/**
* Returns the maximum size of an application that can be loaded to a slot.
*/
int app_max_size(struct boot_loader_state *state);
#if defined(PM_S1_ADDRESS) && !defined(MCUBOOT_OVERWRITE_ONLY) && \
(CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 || defined(LEGACY_CHILD_PARENT_S0_S1_UPDATE_ENABLED))
/**
* Performs an NSIB update
*/
void nsib_swap_run(struct boot_loader_state *state, struct boot_status *bs);
#endif
#endif /* H_SWAP_PRIV_ */

992
bootloader/mcuboot/boot/bootutil/src/swap_scratch.c Normal file
View File

@@ -0,0 +1,992 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include <stdbool.h>
#include <inttypes.h>
#include <stdlib.h>
#include <string.h>
#include "bootutil/bootutil.h"
#include "bootutil_priv.h"
#include "swap_priv.h"
#include "bootutil/bootutil_log.h"
#include "mcuboot_config/mcuboot_config.h"
BOOT_LOG_MODULE_DECLARE(mcuboot);
#if !defined(MCUBOOT_SWAP_USING_MOVE)
#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
/*
* FIXME: this might have to be updated for threaded sim
*/
int boot_status_fails = 0;
#define BOOT_STATUS_ASSERT(x) \
do { \
if (!(x)) { \
boot_status_fails++; \
} \
} while (0)
#else
#define BOOT_STATUS_ASSERT(x) ASSERT(x)
#endif
#if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)
/**
* Reads the status of a partially-completed swap, if any. This is necessary
* to recover in case the boot lodaer was reset in the middle of a swap
* operation.
*/
int
swap_read_status_bytes(const struct flash_area *fap,
struct boot_loader_state *state, struct boot_status *bs)
{
uint32_t off;
uint8_t status;
int max_entries;
int found;
int found_idx;
int invalid;
int rc;
int i;
off = boot_status_off(fap);
max_entries = boot_status_entries(BOOT_CURR_IMG(state), fap);
if (max_entries < 0) {
return BOOT_EBADARGS;
}
found = 0;
found_idx = 0;
invalid = 0;
for (i = 0; i < max_entries; i++) {
rc = flash_area_read(fap, off + i * BOOT_WRITE_SZ(state),
&status, 1);
if (rc < 0) {
return BOOT_EFLASH;
}
if (bootutil_buffer_is_erased(fap, &status, 1)) {
if (found && !found_idx) {
found_idx = i;
}
} else if (!found) {
found = 1;
} else if (found_idx) {
invalid = 1;
break;
}
}
if (invalid) {
/* This means there was an error writing status on the last
* swap. Tell user and move on to validation!
*/
#if !defined(__BOOTSIM__)
BOOT_LOG_ERR("Detected inconsistent status!");
#endif
#if !defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
/* With validation of the primary slot disabled, there is no way
* to be sure the swapped primary slot is OK, so abort!
*/
assert(0);
#endif
}
if (found) {
if (!found_idx) {
found_idx = i;
}
bs->idx = (found_idx / BOOT_STATUS_STATE_COUNT) + 1;
bs->state = (found_idx % BOOT_STATUS_STATE_COUNT) + 1;
}
return 0;
}
uint32_t
boot_status_internal_off(const struct boot_status *bs, int elem_sz)
{
int idx_sz;
idx_sz = elem_sz * BOOT_STATUS_STATE_COUNT;
return (bs->idx - BOOT_STATUS_IDX_0) * idx_sz +
(bs->state - BOOT_STATUS_STATE_0) * elem_sz;
}
/*
* Slots are compatible when all sectors that store up to to size of the image
* round up to sector size, in both slot's are able to fit in the scratch
* area, and have sizes that are a multiple of each other (powers of two
* presumably!).
*/
int
boot_slots_compatible(struct boot_loader_state *state)
{
#ifdef PM_S1_ADDRESS
/* Patch needed for NCS. In this case, image 1 primary points to the other
* B1 slot (ie S0 or S1), and image 0 primary points to the app.
* With this configuration, image 0 and image 1 share the secondary slot.
* Hence, the primary slot of image 1 will be *smaller* than image 1's
* secondary slot. This is not allowed in upstream mcuboot, so we need
* this patch to allow it. Also, all of these checks are redundant when
* partition manager is in use, and since we have the same sector size
* in all of our flash.
*/
return 1;
#else
size_t num_sectors_primary;
size_t num_sectors_secondary;
size_t sz0, sz1;
size_t primary_slot_sz, secondary_slot_sz;
#ifndef MCUBOOT_OVERWRITE_ONLY
size_t scratch_sz;
#endif
size_t i, j;
int8_t smaller;
num_sectors_primary = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT);
num_sectors_secondary = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT);
if ((num_sectors_primary > BOOT_MAX_IMG_SECTORS) ||
(num_sectors_secondary > BOOT_MAX_IMG_SECTORS)) {
BOOT_LOG_WRN("Cannot upgrade: more sectors than allowed");
return 0;
}
#ifndef MCUBOOT_OVERWRITE_ONLY
scratch_sz = boot_scratch_area_size(state);
#endif
/*
* The following loop scans all sectors in a linear fashion, assuring that
* for each possible sector in each slot, it is able to fit in the other
* slot's sector or sectors. Slot's should be compatible as long as any
* number of a slot's sectors are able to fit into another, which only
* excludes cases where sector sizes are not a multiple of each other.
*/
i = sz0 = primary_slot_sz = 0;
j = sz1 = secondary_slot_sz = 0;
smaller = 0;
while (i < num_sectors_primary || j < num_sectors_secondary) {
if (sz0 == sz1) {
sz0 += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
sz1 += boot_img_sector_size(state, BOOT_SECONDARY_SLOT, j);
i++;
j++;
} else if (sz0 < sz1) {
sz0 += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
/* Guarantee that multiple sectors of the secondary slot
* fit into the primary slot.
*/
if (smaller == 2) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
}
smaller = 1;
i++;
} else {
size_t sector_size = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, j);
#ifdef MCUBOOT_DECOMPRESS_IMAGES
if (sector_size == 0) {
/* Since this supports decompressed images, we can safely exit if slot1 is
* smaller than slot0.
*/
break;
}
#endif
sz1 += sector_size;
/* Guarantee that multiple sectors of the primary slot
* fit into the secondary slot.
*/
if (smaller == 1) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
}
smaller = 2;
j++;
}
#ifndef MCUBOOT_OVERWRITE_ONLY
if (sz0 == sz1) {
primary_slot_sz += sz0;
secondary_slot_sz += sz1;
/* Scratch has to fit each swap operation to the size of the larger
* sector among the primary slot and the secondary slot.
*/
if (sz0 > scratch_sz || sz1 > scratch_sz) {
BOOT_LOG_WRN("Cannot upgrade: not all sectors fit inside scratch");
return 0;
}
smaller = sz0 = sz1 = 0;
}
#endif
}
#ifndef MCUBOOT_DECOMPRESS_IMAGES
if ((i != num_sectors_primary) ||
(j != num_sectors_secondary) ||
(primary_slot_sz != secondary_slot_sz)) {
BOOT_LOG_WRN("Cannot upgrade: slots are not compatible");
return 0;
}
#endif
return 1;
#endif /* PM_S1_ADDRESS */
}
#define BOOT_LOG_SWAP_STATE(area, state) \
BOOT_LOG_INF("%s: magic=%s, swap_type=0x%x, copy_done=0x%x, " \
"image_ok=0x%x", \
(area), \
((state)->magic == BOOT_MAGIC_GOOD ? "good" : \
(state)->magic == BOOT_MAGIC_UNSET ? "unset" : \
"bad"), \
(state)->swap_type, \
(state)->copy_done, \
(state)->image_ok)
struct boot_status_table {
uint8_t bst_magic_primary_slot;
uint8_t bst_magic_scratch;
uint8_t bst_copy_done_primary_slot;
uint8_t bst_status_source;
};
/**
* This set of tables maps swap state contents to boot status location.
* When searching for a match, these tables must be iterated in order.
*/
static const struct boot_status_table boot_status_tables[] = {
{
/* | primary slot | scratch |
* ----------+--------------+--------------|
* magic | Good | Any |
* copy-done | Set | N/A |
* ----------+--------------+--------------'
* source: none |
* ----------------------------------------'
*/
.bst_magic_primary_slot = BOOT_MAGIC_GOOD,
.bst_magic_scratch = BOOT_MAGIC_NOTGOOD,
.bst_copy_done_primary_slot = BOOT_FLAG_SET,
.bst_status_source = BOOT_STATUS_SOURCE_NONE,
},
{
/* | primary slot | scratch |
* ----------+--------------+--------------|
* magic | Good | Any |
* copy-done | Unset | N/A |
* ----------+--------------+--------------'
* source: primary slot |
* ----------------------------------------'
*/
.bst_magic_primary_slot = BOOT_MAGIC_GOOD,
.bst_magic_scratch = BOOT_MAGIC_NOTGOOD,
.bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
.bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
{
/* | primary slot | scratch |
* ----------+--------------+--------------|
* magic | Any | Good |
* copy-done | Any | N/A |
* ----------+--------------+--------------'
* source: scratch |
* ----------------------------------------'
*/
.bst_magic_primary_slot = BOOT_MAGIC_ANY,
.bst_magic_scratch = BOOT_MAGIC_GOOD,
.bst_copy_done_primary_slot = BOOT_FLAG_ANY,
.bst_status_source = BOOT_STATUS_SOURCE_SCRATCH,
},
{
/* | primary slot | scratch |
* ----------+--------------+--------------|
* magic | Unset | Any |
* copy-done | Unset | N/A |
* ----------+--------------+--------------|
* source: varies |
* ----------------------------------------+--------------------------+
* This represents one of two cases: |
* o No swaps ever (no status to read, so no harm in checking). |
* o Mid-revert; status in primary slot. |
* -------------------------------------------------------------------'
*/
.bst_magic_primary_slot = BOOT_MAGIC_UNSET,
.bst_magic_scratch = BOOT_MAGIC_ANY,
.bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
.bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
};
#define BOOT_STATUS_TABLES_COUNT \
(sizeof boot_status_tables / sizeof boot_status_tables[0])
/**
* Determines where in flash the most recent boot status is stored. The boot
* status is necessary for completing a swap that was interrupted by a boot
* loader reset.
*
* @return A BOOT_STATUS_SOURCE_[...] code indicating where status should
* be read from.
*/
int
swap_status_source(struct boot_loader_state *state)
{
const struct boot_status_table *table;
#if MCUBOOT_SWAP_USING_SCRATCH
struct boot_swap_state state_scratch;
#endif
struct boot_swap_state state_primary_slot;
int rc;
size_t i;
uint8_t source;
uint8_t image_index;
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
image_index = BOOT_CURR_IMG(state);
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY(image_index),
&state_primary_slot);
assert(rc == 0);
#if MCUBOOT_SWAP_USING_SCRATCH
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SCRATCH, &state_scratch);
assert(rc == 0);
#endif
BOOT_LOG_SWAP_STATE("Primary image", &state_primary_slot);
#if MCUBOOT_SWAP_USING_SCRATCH
BOOT_LOG_SWAP_STATE("Scratch", &state_scratch);
#endif
for (i = 0; i < BOOT_STATUS_TABLES_COUNT; i++) {
table = &boot_status_tables[i];
if (boot_magic_compatible_check(table->bst_magic_primary_slot,
state_primary_slot.magic) &&
#if MCUBOOT_SWAP_USING_SCRATCH
boot_magic_compatible_check(table->bst_magic_scratch,
state_scratch.magic) &&
#endif
(table->bst_copy_done_primary_slot == BOOT_FLAG_ANY ||
table->bst_copy_done_primary_slot == state_primary_slot.copy_done))
{
source = table->bst_status_source;
#if (BOOT_IMAGE_NUMBER > 1) && MCUBOOT_SWAP_USING_SCRATCH
/* In case of multi-image boot it can happen that if boot status
* info is found on scratch area then it does not belong to the
* currently examined image.
*/
if (source == BOOT_STATUS_SOURCE_SCRATCH &&
state_scratch.image_num != BOOT_CURR_IMG(state)) {
source = BOOT_STATUS_SOURCE_NONE;
}
#endif
BOOT_LOG_INF("Boot source: %s",
source == BOOT_STATUS_SOURCE_NONE ? "none" :
source == BOOT_STATUS_SOURCE_SCRATCH ? "scratch" :
source == BOOT_STATUS_SOURCE_PRIMARY_SLOT ?
"primary slot" : "BUG; can't happen");
return source;
}
}
BOOT_LOG_INF("Boot source: none");
return BOOT_STATUS_SOURCE_NONE;
}
#ifndef MCUBOOT_OVERWRITE_ONLY
/**
* Calculates the number of sectors the scratch area can contain. A "last"
* source sector is specified because images are copied backwards in flash
* (final index to index number 0).
*
* @param last_sector_idx The index of the last source sector
* (inclusive).
* @param out_first_sector_idx The index of the first source sector
* (inclusive) gets written here.
*
* @return The number of bytes comprised by the
* [first-sector, last-sector] range.
*/
static uint32_t
boot_copy_sz(const struct boot_loader_state *state, int last_sector_idx,
int *out_first_sector_idx)
{
size_t scratch_sz;
uint32_t new_sz;
uint32_t sz;
int i;
sz = 0;
scratch_sz = boot_scratch_area_size(state);
for (i = last_sector_idx; i >= 0; i--) {
new_sz = sz + boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
/*
* The secondary slot is not being checked here, because
* `boot_slots_compatible` already provides assurance that the copy size
* will be compatible with the primary slot and scratch.
*/
if (new_sz > scratch_sz) {
break;
}
sz = new_sz;
}
/* i currently refers to a sector that doesn't fit or it is -1 because all
* sectors have been processed. In both cases, exclude sector i.
*/
*out_first_sector_idx = i + 1;
return sz;
}
/**
* Finds the index of the last sector in the primary slot that needs swapping.
*
* @param state Current bootloader's state.
* @param copy_size Total number of bytes to swap.
*
* @return Index of the last sector in the primary slot that needs swapping.
*/
static int
find_last_sector_idx(const struct boot_loader_state *state, uint32_t copy_size)
{
int last_sector_idx;
uint32_t primary_slot_size;
uint32_t secondary_slot_size;
primary_slot_size = 0;
secondary_slot_size = 0;
last_sector_idx = 0;
/*
* Knowing the size of the largest image between both slots, here we
* find what is the last sector in the primary slot that needs swapping.
* Since we already know that both slots are compatible, the secondary
* slot's last sector is not really required after this check is finished.
*/
while (1) {
if ((primary_slot_size < copy_size) ||
(primary_slot_size < secondary_slot_size)) {
primary_slot_size += boot_img_sector_size(state,
BOOT_PRIMARY_SLOT,
last_sector_idx);
}
if ((secondary_slot_size < copy_size) ||
(secondary_slot_size < primary_slot_size)) {
secondary_slot_size += boot_img_sector_size(state,
BOOT_SECONDARY_SLOT,
last_sector_idx);
}
if (primary_slot_size >= copy_size &&
secondary_slot_size >= copy_size &&
primary_slot_size == secondary_slot_size) {
break;
}
last_sector_idx++;
}
return last_sector_idx;
}
/**
* Finds the number of swap operations that have to be performed to swap the two images.
*
* @param state Current bootloader's state.
* @param copy_size Total number of bytes to swap.
*
* @return The number of swap operations that have to be performed.
*/
static uint32_t
find_swap_count(const struct boot_loader_state *state, uint32_t copy_size)
{
int first_sector_idx;
int last_sector_idx;
uint32_t swap_count;
last_sector_idx = find_last_sector_idx(state, copy_size);
swap_count = 0;
while (last_sector_idx >= 0) {
boot_copy_sz(state, last_sector_idx, &first_sector_idx);
last_sector_idx = first_sector_idx - 1;
swap_count++;
}
return swap_count;
}
/**
* Swaps the contents of two flash regions within the two image slots.
*
* @param idx The index of the first sector in the range of
* sectors being swapped.
* @param sz The number of bytes to swap.
* @param bs The current boot status. This struct gets
* updated according to the outcome.
*
* @return 0 on success; nonzero on failure.
*/
static void
boot_swap_sectors(int idx, uint32_t sz, struct boot_loader_state *state,
struct boot_status *bs)
{
const struct flash_area *fap_primary_slot;
const struct flash_area *fap_secondary_slot;
const struct flash_area *fap_scratch;
uint32_t copy_sz;
uint32_t trailer_sz;
uint32_t sector_sz;
uint32_t img_off;
uint32_t scratch_trailer_off;
struct boot_swap_state swap_state;
size_t last_sector;
bool erase_scratch;
uint8_t image_index;
int rc;
/* Calculate offset from start of image area. */
img_off = boot_img_sector_off(state, BOOT_PRIMARY_SLOT, idx);
copy_sz = sz;
trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
/* sz in this function is always sized on a multiple of the sector size.
* The check against the start offset of the last sector
* is to determine if we're swapping the last sector. The last sector
* needs special handling because it's where the trailer lives. If we're
* copying it, we need to use scratch to write the trailer temporarily.
*
* NOTE: `use_scratch` is a temporary flag (never written to flash) which
* controls if special handling is needed (swapping last sector).
*/
last_sector = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1;
sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, last_sector);
if (sector_sz < trailer_sz) {
uint32_t trailer_sector_sz = sector_sz;
while (trailer_sector_sz < trailer_sz) {
/* Consider that the image trailer may span across sectors of
* different sizes.
*/
sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, --last_sector);
trailer_sector_sz += sector_sz;
}
}
if ((img_off + sz) >
boot_img_sector_off(state, BOOT_PRIMARY_SLOT, last_sector)) {
copy_sz -= trailer_sz;
}
bs->use_scratch = (bs->idx == BOOT_STATUS_IDX_0 && copy_sz != sz);
image_index = BOOT_CURR_IMG(state);
rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY(image_index),
&fap_primary_slot);
assert (rc == 0);
rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index),
&fap_secondary_slot);
assert (rc == 0);
rc = flash_area_open(FLASH_AREA_IMAGE_SCRATCH, &fap_scratch);
assert (rc == 0);
if (bs->state == BOOT_STATUS_STATE_0) {
BOOT_LOG_DBG("erasing scratch area");
rc = boot_erase_region(fap_scratch, 0, flash_area_get_size(fap_scratch));
assert(rc == 0);
if (bs->idx == BOOT_STATUS_IDX_0) {
/* Write a trailer to the scratch area, even if we don't need the
* scratch area for status. We need a temporary place to store the
* `swap-type` while we erase the primary trailer.
*/
rc = swap_status_init(state, fap_scratch, bs);
assert(rc == 0);
if (!bs->use_scratch) {
/* Prepare the primary status area... here it is known that the
* last sector is not being used by the image data so it's safe
* to erase.
*/
rc = swap_erase_trailer_sectors(state, fap_primary_slot);
assert(rc == 0);
rc = swap_status_init(state, fap_primary_slot, bs);
assert(rc == 0);
/* Erase the temporary trailer from the scratch area. */
rc = boot_erase_region(fap_scratch, 0,
flash_area_get_size(fap_scratch));
assert(rc == 0);
}
}
rc = boot_copy_region(state, fap_secondary_slot, fap_scratch,
img_off, 0, copy_sz);
assert(rc == 0);
rc = boot_write_status(state, bs);
bs->state = BOOT_STATUS_STATE_1;
BOOT_STATUS_ASSERT(rc == 0);
}
if (bs->state == BOOT_STATUS_STATE_1) {
rc = boot_erase_region(fap_secondary_slot, img_off, sz);
assert(rc == 0);
rc = boot_copy_region(state, fap_primary_slot, fap_secondary_slot,
img_off, img_off, copy_sz);
assert(rc == 0);
if (bs->idx == BOOT_STATUS_IDX_0 && !bs->use_scratch) {
/* If not all sectors of the slot are being swapped,
* guarantee here that only the primary slot will have the state.
*/
rc = swap_erase_trailer_sectors(state, fap_secondary_slot);
assert(rc == 0);
}
rc = boot_write_status(state, bs);
bs->state = BOOT_STATUS_STATE_2;
BOOT_STATUS_ASSERT(rc == 0);
}
if (bs->state == BOOT_STATUS_STATE_2) {
rc = boot_erase_region(fap_primary_slot, img_off, sz);
assert(rc == 0);
/* NOTE: If this is the final sector, we exclude the image trailer from
* this copy (copy_sz was truncated earlier).
*/
rc = boot_copy_region(state, fap_scratch, fap_primary_slot,
0, img_off, copy_sz);
assert(rc == 0);
if (bs->use_scratch) {
scratch_trailer_off = boot_status_off(fap_scratch);
/* copy current status that is being maintained in scratch */
rc = boot_copy_region(state, fap_scratch, fap_primary_slot,
scratch_trailer_off, img_off + copy_sz,
(BOOT_STATUS_STATE_COUNT - 1) * BOOT_WRITE_SZ(state));
BOOT_STATUS_ASSERT(rc == 0);
rc = boot_read_swap_state(fap_scratch, &swap_state);
assert(rc == 0);
if (swap_state.image_ok == BOOT_FLAG_SET) {
rc = boot_write_image_ok(fap_primary_slot);
assert(rc == 0);
}
if (swap_state.swap_type != BOOT_SWAP_TYPE_NONE) {
rc = boot_write_swap_info(fap_primary_slot,
swap_state.swap_type, image_index);
assert(rc == 0);
}
rc = boot_write_swap_size(fap_primary_slot, bs->swap_size);
assert(rc == 0);
#ifdef MCUBOOT_ENC_IMAGES
rc = boot_write_enc_key(fap_primary_slot, 0, bs);
assert(rc == 0);
rc = boot_write_enc_key(fap_primary_slot, 1, bs);
assert(rc == 0);
#endif
rc = boot_write_magic(fap_primary_slot);
assert(rc == 0);
}
/* If we wrote a trailer to the scratch area, erase it after we persist
* a trailer to the primary slot. We do this to prevent mcuboot from
* reading a stale status from the scratch area in case of immediate
* reset.
*/
erase_scratch = bs->use_scratch;
bs->use_scratch = 0;
rc = boot_write_status(state, bs);
bs->idx++;
bs->state = BOOT_STATUS_STATE_0;
BOOT_STATUS_ASSERT(rc == 0);
if (erase_scratch) {
rc = boot_erase_region(fap_scratch, 0, flash_area_get_size(fap_scratch));
assert(rc == 0);
}
}
flash_area_close(fap_primary_slot);
flash_area_close(fap_secondary_slot);
flash_area_close(fap_scratch);
}
void
swap_run(struct boot_loader_state *state, struct boot_status *bs,
uint32_t copy_size)
{
uint32_t sz;
int first_sector_idx;
int last_sector_idx;
uint32_t swap_idx;
BOOT_LOG_INF("Starting swap using scratch algorithm.");
last_sector_idx = find_last_sector_idx(state, copy_size);
swap_idx = 0;
while (last_sector_idx >= 0) {
sz = boot_copy_sz(state, last_sector_idx, &first_sector_idx);
if (swap_idx >= (bs->idx - BOOT_STATUS_IDX_0)) {
boot_swap_sectors(first_sector_idx, sz, state, bs);
}
last_sector_idx = first_sector_idx - 1;
swap_idx++;
}
}
#endif /* !MCUBOOT_OVERWRITE_ONLY */
int app_max_size(struct boot_loader_state *state)
{
size_t num_sectors_primary;
size_t num_sectors_secondary;
size_t sz0, sz1;
size_t primary_slot_sz, secondary_slot_sz;
#ifndef MCUBOOT_OVERWRITE_ONLY
size_t scratch_sz;
#endif
size_t i, j;
int8_t smaller;
num_sectors_primary = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT);
num_sectors_secondary = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT);
#ifndef MCUBOOT_OVERWRITE_ONLY
scratch_sz = boot_scratch_area_size(state);
#endif
/*
* The following loop scans all sectors in a linear fashion, assuring that
* for each possible sector in each slot, it is able to fit in the other
* slot's sector or sectors. Slot's should be compatible as long as any
* number of a slot's sectors are able to fit into another, which only
* excludes cases where sector sizes are not a multiple of each other.
*/
i = sz0 = primary_slot_sz = 0;
j = sz1 = secondary_slot_sz = 0;
smaller = 0;
while (i < num_sectors_primary || j < num_sectors_secondary) {
if (sz0 == sz1) {
sz0 += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
sz1 += boot_img_sector_size(state, BOOT_SECONDARY_SLOT, j);
i++;
j++;
} else if (sz0 < sz1) {
sz0 += boot_img_sector_size(state, BOOT_PRIMARY_SLOT, i);
/* Guarantee that multiple sectors of the secondary slot
* fit into the primary slot.
*/
if (smaller == 2) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
}
smaller = 1;
i++;
} else {
sz1 += boot_img_sector_size(state, BOOT_SECONDARY_SLOT, j);
/* Guarantee that multiple sectors of the primary slot
* fit into the secondary slot.
*/
if (smaller == 1) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
}
smaller = 2;
j++;
}
#ifndef MCUBOOT_OVERWRITE_ONLY
if (sz0 == sz1) {
primary_slot_sz += sz0;
secondary_slot_sz += sz1;
/* Scratch has to fit each swap operation to the size of the larger
* sector among the primary slot and the secondary slot.
*/
if (sz0 > scratch_sz || sz1 > scratch_sz) {
BOOT_LOG_WRN("Cannot upgrade: not all sectors fit inside scratch");
return 0;
}
smaller = sz0 = sz1 = 0;
}
#endif
}
#ifdef MCUBOOT_OVERWRITE_ONLY
return (sz1 < sz0 ? sz1 : sz0);
#else
return (secondary_slot_sz < primary_slot_sz ? secondary_slot_sz : primary_slot_sz);
#endif
}
#else
int app_max_size(struct boot_loader_state *state)
{
const struct flash_area *fap;
int fa_id;
int rc;
uint32_t active_slot;
int primary_sz, secondary_sz;
active_slot = state->slot_usage[BOOT_CURR_IMG(state)].active_slot;
fa_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), active_slot);
rc = flash_area_open(fa_id, &fap);
assert(rc == 0);
primary_sz = flash_area_get_size(fap);
flash_area_close(fap);
if (active_slot == BOOT_PRIMARY_SLOT) {
active_slot = BOOT_SECONDARY_SLOT;
} else {
active_slot = BOOT_PRIMARY_SLOT;
}
fa_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), active_slot);
rc = flash_area_open(fa_id, &fap);
assert(rc == 0);
secondary_sz = flash_area_get_size(fap);
flash_area_close(fap);
return (secondary_sz < primary_sz ? secondary_sz : primary_sz);
}
#endif /* !MCUBOOT_DIRECT_XIP && !MCUBOOT_RAM_LOAD */
int
boot_read_image_header(struct boot_loader_state *state, int slot,
struct image_header *out_hdr, struct boot_status *bs)
{
const struct flash_area *fap;
#ifdef MCUBOOT_SWAP_USING_SCRATCH
uint32_t swap_count;
uint32_t swap_size;
#endif
int area_id;
int hdr_slot;
int rc = 0;
#ifndef MCUBOOT_SWAP_USING_SCRATCH
(void)bs;
#endif
#if (BOOT_IMAGE_NUMBER == 1)
(void)state;
#endif
hdr_slot = slot;
#ifdef MCUBOOT_SWAP_USING_SCRATCH
/* If the slots are being swapped, the headers might have been moved to scratch area or to the
* other slot depending on the progress of the swap process.
*/
if (bs && !boot_status_is_reset(bs)) {
rc = boot_find_status(BOOT_CURR_IMG(state), &fap);
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
rc = boot_read_swap_size(fap, &swap_size);
flash_area_close(fap);
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
swap_count = find_swap_count(state, swap_size);
if (bs->idx - BOOT_STATUS_IDX_0 >= swap_count) {
/* If all segments have been swapped, the header is located in the other slot */
hdr_slot = (slot == BOOT_PRIMARY_SLOT) ? BOOT_SECONDARY_SLOT : BOOT_PRIMARY_SLOT;
} else if (bs->idx - BOOT_STATUS_IDX_0 == swap_count - 1) {
/* If the last swap operation is in progress, the headers are currently being swapped
* since the first segment of each slot is the last to be processed.
*/
if (slot == BOOT_SECONDARY_SLOT && bs->state >= BOOT_STATUS_STATE_1) {
/* After BOOT_STATUS_STATE_1, the secondary image's header has been moved to the
* scratch area.
*/
hdr_slot = BOOT_NUM_SLOTS;
} else if (slot == BOOT_PRIMARY_SLOT && bs->state >= BOOT_STATUS_STATE_2) {
/* After BOOT_STATUS_STATE_2, the primary image's header has been moved to the
* secondary slot.
*/
hdr_slot = BOOT_SECONDARY_SLOT;
}
}
}
if (hdr_slot == BOOT_NUM_SLOTS) {
area_id = FLASH_AREA_IMAGE_SCRATCH;
} else {
area_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), hdr_slot);
}
#else
area_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), hdr_slot);
#endif
rc = flash_area_open(area_id, &fap);
if (rc == 0) {
rc = flash_area_read(fap, 0, out_hdr, sizeof *out_hdr);
flash_area_close(fap);
}
if (rc != 0) {
rc = BOOT_EFLASH;
goto done;
}
done:
return rc;
}
#endif /* !MCUBOOT_SWAP_USING_MOVE */

154
bootloader/mcuboot/boot/bootutil/src/tlv.c Normal file
View File

@@ -0,0 +1,154 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2019 JUUL Labs
* Copyright (c) 2020 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stddef.h>
#include "bootutil/bootutil.h"
#include "bootutil/image.h"
#include "bootutil_priv.h"
/*
* Initialize a TLV iterator.
*
* @param it An iterator struct
* @param hdr image_header of the slot's image
* @param fap flash_area of the slot which is storing the image
* @param type Type of TLV to look for
* @param prot true if TLV has to be stored in the protected area, false otherwise
*
* @returns 0 if the TLV iterator was successfully started
* -1 on errors
*/
int
bootutil_tlv_iter_begin(struct image_tlv_iter *it, const struct image_header *hdr,
const struct flash_area *fap, uint16_t type, bool prot)
{
uint32_t off_;
struct image_tlv_info info;
if (it == NULL || hdr == NULL || fap == NULL) {
return -1;
}
off_ = BOOT_TLV_OFF(hdr);
if (LOAD_IMAGE_DATA(hdr, fap, off_, &info, sizeof(info))) {
return -1;
}
if (info.it_magic == IMAGE_TLV_PROT_INFO_MAGIC) {
if (hdr->ih_protect_tlv_size != info.it_tlv_tot) {
return -1;
}
if (LOAD_IMAGE_DATA(hdr, fap, off_ + info.it_tlv_tot,
&info, sizeof(info))) {
return -1;
}
} else if (hdr->ih_protect_tlv_size != 0) {
return -1;
}
if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
return -1;
}
it->hdr = hdr;
it->fap = fap;
it->type = type;
it->prot = prot;
it->prot_end = off_ + it->hdr->ih_protect_tlv_size;
it->tlv_end = off_ + it->hdr->ih_protect_tlv_size + info.it_tlv_tot;
// position on first TLV
it->tlv_off = off_ + sizeof(info);
return 0;
}
/*
* Find next TLV
*
* @param it The image TLV iterator struct
* @param off The offset of the TLV's payload in flash
* @param len The length of the TLV's payload
* @param type If not NULL returns the type of TLV found
*
* @returns 0 if a TLV with with matching type was found
* 1 if no more TLVs with matching type are available
* -1 on errors
*/
int
bootutil_tlv_iter_next(struct image_tlv_iter *it, uint32_t *off, uint16_t *len,
uint16_t *type)
{
struct image_tlv tlv;
int rc;
if (it == NULL || it->hdr == NULL || it->fap == NULL) {
return -1;
}
while (it->tlv_off < it->tlv_end) {
if (it->hdr->ih_protect_tlv_size > 0 && it->tlv_off == it->prot_end) {
it->tlv_off += sizeof(struct image_tlv_info);
}
rc = LOAD_IMAGE_DATA(it->hdr, it->fap, it->tlv_off, &tlv, sizeof tlv);
if (rc) {
return -1;
}
/* No more TLVs in the protected area */
if (it->prot && it->tlv_off >= it->prot_end) {
return 1;
}
if (it->type == IMAGE_TLV_ANY || tlv.it_type == it->type) {
if (type != NULL) {
*type = tlv.it_type;
}
*off = it->tlv_off + sizeof(tlv);
*len = tlv.it_len;
it->tlv_off += sizeof(tlv) + tlv.it_len;
return 0;
}
it->tlv_off += sizeof(tlv) + tlv.it_len;
}
return 1;
}
/*
* Return if a TLV entry is in the protected area.
*
* @param it The image TLV iterator struct
* @param off The offset of the entry to check.
*
* @return 0 if this TLV iterator entry is not protected.
* 1 if this TLV iterator entry is in the protected region
* -1 if the iterator is invalid.
*/
int
bootutil_tlv_iter_is_prot(struct image_tlv_iter *it, uint32_t off)
{
if (it == NULL || it->hdr == NULL || it->fap == NULL) {
return -1;
}
return off < it->prot_end;
}