Initial commit

Initial commit.

bootloader/mcuboot/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h

@@ -0,0 +1,157 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+#ifndef __MCUBOOT_CONFIG_H__
+#define __MCUBOOT_CONFIG_H__
+
+#include <syscfg/syscfg.h>
+
+#if MYNEWT_VAL(BOOTUTIL_IMAGE_NUMBER)
+#define MCUBOOT_IMAGE_NUMBER MYNEWT_VAL(BOOTUTIL_IMAGE_NUMBER)
+#else
+#define MCUBOOT_IMAGE_NUMBER 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_VERSION_CMP_USE_BUILD_NUMBER)
+#define MCUBOOT_VERSION_CMP_USE_BUILD_NUMBER
+#endif
+#if MYNEWT_VAL(BOOT_SERIAL)
+#define MCUBOOT_SERIAL 1
+#endif
+#if MYNEWT_VAL(BOOT_SERIAL_MGMT_ECHO)
+#define MCUBOOT_BOOT_MGMT_ECHO 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_VALIDATE_SLOT0)
+#define MCUBOOT_VALIDATE_PRIMARY_SLOT 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_USE_MBED_TLS)
+#define MCUBOOT_USE_MBED_TLS 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_USE_TINYCRYPT)
+#define MCUBOOT_USE_TINYCRYPT 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#define MCUBOOT_SIGN_EC256 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#define MCUBOOT_SIGN_RSA 1
+#define MCUBOOT_SIGN_RSA_LEN MYNEWT_VAL(BOOTUTIL_SIGN_RSA_LEN)
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_ED25519)
+#define MCUBOOT_SIGN_ED25519 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_RSA)
+#define MCUBOOT_ENCRYPT_RSA 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_KW)
+#define MCUBOOT_ENCRYPT_KW 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_EC256)
+#define MCUBOOT_ENCRYPT_EC256 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_X25519)
+#define MCUBOOT_ENCRYPT_X25519 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_RSA) || MYNEWT_VAL(BOOTUTIL_ENCRYPT_KW) || \
+    MYNEWT_VAL(BOOTUTIL_ENCRYPT_EC256) || MYNEWT_VAL(BOOTUTIL_ENCRYPT_X25519)
+#define MCUBOOT_ENC_IMAGES 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SWAP_USING_MOVE)
+#define MCUBOOT_SWAP_USING_MOVE 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SWAP_SAVE_ENCTLV)
+#define MCUBOOT_SWAP_SAVE_ENCTLV 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_OVERWRITE_ONLY)
+#define MCUBOOT_OVERWRITE_ONLY 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_OVERWRITE_ONLY_FAST)
+#define MCUBOOT_OVERWRITE_ONLY_FAST 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SINGLE_APPLICATION_SLOT)
+#define MCUBOOT_SINGLE_APPLICATION_SLOT 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_HAVE_LOGGING)
+#define MCUBOOT_HAVE_LOGGING 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_BOOTSTRAP)
+#define MCUBOOT_BOOTSTRAP 1
+#endif
+#if MYNEWT_VAL_CHOICE(BOOTUTIL_DOWNGRADE_PREVENTION, version)
+#define MCUBOOT_DOWNGRADE_PREVENTION                     1
+/* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
+ * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
+ * preprocessor condition and my be not defined) */
+#define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER    0
+#elif MYNEWT_VAL_CHOICE(BOOTUTIL_DOWNGRADE_PREVENTION, security_counter)
+#define MCUBOOT_DOWNGRADE_PREVENTION                     1
+#define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER    1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_HW_DOWNGRADE_PREVENTION)
+#define MCUBOOT_HW_ROLLBACK_PROT 1
+#endif
+
+#if MYNEWT_VAL(MCUBOOT_MEASURED_BOOT)
+#define MCUBOOT_MEASURED_BOOT       1
+#endif
+
+#if MYNEWT_VAL(MCUBOOT_MEASURED_BOOT_MAX_RECORD_SZ)
+#define MAX_BOOT_RECORD_SZ          MYNEWT_VAL(MCUBOOT_MEASURED_BOOT_MAX_RECORD_SZ)
+#endif
+
+#if MYNEWT_VAL(MCUBOOT_DATA_SHARING)
+#define MCUBOOT_DATA_SHARING        1
+#endif
+
+#if MYNEWT_VAL(MCUBOOT_SHARED_DATA_BASE)
+#define MCUBOOT_SHARED_DATA_BASE    MYNEWT_VAL(MCUBOOT_SHARED_DATA_BASE)
+#endif
+
+#if MYNEWT_VAL(MCUBOOT_SHARED_DATA_SIZE)
+#define MCUBOOT_SHARED_DATA_SIZE    MYNEWT_VAL(MCUBOOT_SHARED_DATA_SIZE)
+#endif
+
+/*
+ * Currently there is no configuration option, for this platform,
+ * that enables the system specific mcumgr commands in mcuboot
+ */
+#define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
+
+#define MCUBOOT_MAX_IMG_SECTORS       MYNEWT_VAL(BOOTUTIL_MAX_IMG_SECTORS)
+
+#if MYNEWT_VAL(MCU_FLASH_MIN_WRITE_SIZE) > 8
+#define MCUBOOT_BOOT_MAX_ALIGN  MYNEWT_VAL(MCU_FLASH_MIN_WRITE_SIZE)
+#endif
+
+#if MYNEWT_VAL(BOOTUTIL_FEED_WATCHDOG) && MYNEWT_VAL(WATCHDOG_INTERVAL)
+#include <hal/hal_watchdog.h>
+#define MCUBOOT_WATCHDOG_FEED()    \
+    do {                           \
+        hal_watchdog_tickle();     \
+    } while (0)
+#else
+#define MCUBOOT_WATCHDOG_FEED()    do {} while (0)
+#endif
+
+/*
+ * No direct idle call implemented
+ */
+#define MCUBOOT_CPU_IDLE() \
+    do {                   \
+    } while (0)
+
+#endif /* __MCUBOOT_CONFIG_H__ */

bootloader/mcuboot/boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_logging.h

@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+#ifndef __MCUBOOT_LOGGING_H__
+#define __MCUBOOT_LOGGING_H__
+
+#include <syscfg/syscfg.h>
+#include <stdio.h>
+
+#define BOOTUTIL_LOG_LEVEL_OFF     1
+#define BOOTUTIL_LOG_LEVEL_ERROR   2
+#define BOOTUTIL_LOG_LEVEL_WARNING 3
+#define BOOTUTIL_LOG_LEVEL_INFO    4
+#define BOOTUTIL_LOG_LEVEL_DEBUG   5
+
+#define MCUBOOT_LOG_LEVEL_OFF      BOOTUTIL_LOG_LEVEL_OFF
+#define MCUBOOT_LOG_LEVEL_ERROR    BOOTUTIL_LOG_LEVEL_ERROR
+#define MCUBOOT_LOG_LEVEL_WARNING  BOOTUTIL_LOG_LEVEL_WARNING
+#define MCUBOOT_LOG_LEVEL_INFO     BOOTUTIL_LOG_LEVEL_INFO
+#define MCUBOOT_LOG_LEVEL_DEBUG    BOOTUTIL_LOG_LEVEL_DEBUG
+
+#ifndef MCUBOOT_LOG_LEVEL
+#define MCUBOOT_LOG_LEVEL MYNEWT_VAL(BOOTUTIL_LOG_LEVEL)
+#endif
+
+#define MCUBOOT_LOG_MODULE_DECLARE(domain)	/* ignore */
+#define MCUBOOT_LOG_MODULE_REGISTER(domain)	/* ignore */
+
+#if !((MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_OFF) && \
+      (MCUBOOT_LOG_LEVEL <= MCUBOOT_LOG_LEVEL_DEBUG))
+#error "Invalid MCUBOOT_LOG_LEVEL config."
+#endif
+
+#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_ERROR
+#define MCUBOOT_LOG_ERR(_fmt, ...)                                      \
+    do {                                                                \
+        printf("[ERR] " _fmt "\n", ##__VA_ARGS__);                      \
+    } while (0)
+#else
+#define MCUBOOT_LOG_ERR(...) IGNORE(__VA_ARGS__)
+#endif
+
+#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_WARNING
+#define MCUBOOT_LOG_WRN(_fmt, ...)                                      \
+    do {                                                                \
+        printf("[WRN] " _fmt "\n", ##__VA_ARGS__);                      \
+    } while (0)
+#else
+#define MCUBOOT_LOG_WRN(...) IGNORE(__VA_ARGS__)
+#endif
+
+#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_INFO
+#define MCUBOOT_LOG_INF(_fmt, ...)                                      \
+    do {                                                                \
+        printf("[INF] " _fmt "\n", ##__VA_ARGS__);                      \
+    } while (0)
+#else
+#define MCUBOOT_LOG_INF(...) IGNORE(__VA_ARGS__)
+#endif
+
+#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_DEBUG
+#define MCUBOOT_LOG_DBG(_fmt, ...)                                      \
+    do {                                                                \
+        printf("[DBG] " _fmt "\n", ##__VA_ARGS__);                      \
+    } while (0)
+#else
+#define MCUBOOT_LOG_DBG(...) IGNORE(__VA_ARGS__)
+#endif
+
+#define MCUBOOT_LOG_SIM(...) IGNORE(__VA_ARGS__)
+
+#endif

bootloader/mcuboot/boot/mynewt/mcuboot_config/pkg.yml

@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+pkg.name: boot/mynewt/mcuboot_config
+pkg.description: "Mynewt's mcuboot configuration"
+pkg.author: "Apache Mynewt <dev@mynewt.apache.org>"
+pkg.homepage: "http://mynewt.apache.org/"

bootloader/mcuboot/boot/mynewt/mcuboot_config/syscfg.yml

@@ -0,0 +1,159 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#  http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+# Package: boot/mynewt/mcuboot_config
+
+syscfg.defs:
+    BOOTUTIL_IMAGE_NUMBER:
+        description: 'Number of images for multi-image (0 and 1 mean single image).'
+        value: 0
+    BOOTUTIL_VALIDATE_SLOT0:
+        description: 'Validate image at slot 0 on each boot.'
+        value: 0
+    BOOTUTIL_SIGN_RSA:
+        description: 'Images are signed using RSA.'
+        value: 0
+    BOOTUTIL_SIGN_RSA_LEN:
+        description: 'Key size for RSA keys (2048 or 3072).'
+        value: 2048
+    BOOTUTIL_SIGN_EC256:
+        description: 'Images are signed using ECDSA NIST P-256.'
+        value: 0
+    BOOTUTIL_SIGN_ED25519:
+        description: 'Images are signed using ED25519.'
+        value: 0
+    BOOTUTIL_ENCRYPT_RSA:
+        description: 'Support for encrypted images using RSA-2048-OAEP.'
+        value: 0
+    BOOTUTIL_ENCRYPT_KW:
+        description: 'Support for encrypted images using AES-128-Keywrap.'
+        value: 0
+    BOOTUTIL_ENCRYPT_EC256:
+        description: 'Support for encrypted images using ECIES-P256.'
+        value: 0
+    BOOTUTIL_ENCRYPT_X25519:
+        description: 'Support for encrypted images using ECIES-X25519.'
+        value: 0
+    BOOTUTIL_USE_MBED_TLS:
+        description: 'Use mbed TLS for crypto operations.'
+        value: 1
+    BOOTUTIL_USE_TINYCRYPT:
+        description: 'Use tinycrypt for crypto operations.'
+        value: 0
+    BOOTUTIL_SWAP_USING_MOVE:
+        description: 'Perform swap without requiring scratch.'
+        value: 0
+    BOOTUTIL_SWAP_SAVE_ENCTLV:
+        description: 'Save TLVs instead of plaintext encryption keys in swap status.'
+        value: 0
+    BOOTUTIL_OVERWRITE_ONLY:
+        description: 'Non-swapping upgrades, copy from slot 1 to slot 0 only.'
+        value: 0
+    BOOTUTIL_OVERWRITE_ONLY_FAST:
+        description: 'Use faster copy only upgrade.'
+        value: 1
+    BOOTUTIL_SINGLE_APPLICATION_SLOT:
+        description: 'Set to one if there is only one slot.'
+        value: 0
+    BOOTUTIL_IMAGE_FORMAT_V2:
+        description: 'Indicates that system is using v2 of image format.'
+        value: 1
+    BOOTUTIL_MAX_IMG_SECTORS:
+        description: 'Maximum number of sectors that are swapped.'
+        value: 128
+    BOOTUTIL_DOWNGRADE_PREVENTION:
+        description: >
+            Select downgrade prevention strategy.
+            - none downgrades are allowed
+            - version:
+                Prevent downgrades by enforcing incrementing version numbers.
+                When this option is set, any upgrade must have greater major version
+                or greater minor version with equal major version. This mechanism
+                only protects against some attacks against version downgrades (for
+                example, a JTAG could be used to write an older version).
+            - security_counter:
+                security counter is used for version eligibility check instead of pure
+                version.  When this option is set, any upgrade must have greater or
+                equal security counter value.
+                Because of the acceptance of equal values it allows for software
+                downgrades to some extent.
+        choices:
+            - none
+            - version
+            - security_counter
+        value: none
+    BOOTUTIL_VERSION_CMP_USE_BUILD_NUMBER:
+        description: >
+            Use build number while comparing image version.
+            By default, the image version comparison relies only on version major,
+            minor and revision. Enable this option to take into account the build
+            number as well.
+            This only affect builds with BOOTUTIL_DOWNGRADE_PREVENTION set to version.
+        value: 0
+    BOOTUTIL_HW_ROLLBACK_PROT:
+        description: >
+            Prevent undesirable/malicious software downgrades. When this option is
+            set, any upgrade must have greater or equal security counter value.
+            Because of the acceptance of equal values it allows for software
+            downgrade to some extent
+        value: 0
+    BOOTUTIL_HAVE_LOGGING:
+        description: 'Enable serial logging'
+        value: 0
+        restrictions:
+            - "!BOOTUTIL_NO_LOGGING"
+    BOOTUTIL_NO_LOGGING:
+        description: 'No serial logging'
+        value: 1
+        restrictions:
+            - "!BOOTUTIL_HAVE_LOGGING"
+    BOOTUTIL_LOG_LEVEL:
+        description: >
+            Default console log level. Valid values are:
+                BOOTUTIL_LOG_LEVEL_OFF
+                BOOTUTIL_LOG_LEVEL_ERROR
+                BOOTUTIL_LOG_LEVEL_WARNING
+                BOOTUTIL_LOG_LEVEL_INFO
+                BOOTUTIL_LOG_LEVEL_DEBUG
+        value: 'BOOTUTIL_LOG_LEVEL_INFO'
+    BOOTUTIL_BOOTSTRAP:
+        description: 'Support bootstrapping slot0 from slot1, if slot0 is empty'
+        value: 0
+    BOOTUTIL_FEED_WATCHDOG:
+        description: 'Enable watchdog feeding while performing a swap upgrade'
+        value: 0
+
+    MCUBOOT_MEASURED_BOOT:
+        description: >
+            Store the boot state/measurements in shared memory.
+            If enabled, the bootloader will store certain boot measurements such as
+            the hash of the firmware image in a shared memory area. This data can
+            be used later by runtime services (e.g. by a device attestation service).
+        value:
+    MCUBOOT_MEASURED_BOOT_MAX_RECORD_SZ:
+        description: the maximum size of the CBOR encoded boot record in bytes.
+        value:
+    MCUBOOT_DATA_SHARING:
+        description: Save application specific data in shared memory (RAM).
+        value:
+    MCUBOOT_SHARED_DATA_BASE:
+        description: RAM address of shared data
+        value:
+    MCUBOOT_SHARED_DATA_SIZE:
+        description: Shared data size.
+        value: