mcu-tools / mcuboot Goto Github PK

Secure boot for 32-bit Microcontrollers!

License: Apache License 2.0

C 88.00% Makefile 0.85% Shell 0.70% Rust 4.63% Python 2.88% C++ 0.39% CMake 1.32% Nix 0.01% Assembly 1.19% Dockerfile 0.03%

bootloader software upgrade microcontrollers iot device device-management

mcuboot's Introduction

MCUboot

This is MCUboot version 2.1.0-rc1

MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a common infrastructure for the bootloader and the system flash layout on microcontroller systems, and provides a secure bootloader that enables easy software upgrade.

MCUboot is not dependent on any specific operating system and hardware and relies on hardware porting layers from the operating system it works with. Currently, MCUboot works with the following operating systems and SoCs:

RIOT is supported only as a boot target. We will accept any new port contributed by the community once it is good enough.

MCUboot How-tos

See the following pages for instructions on using MCUboot with different operating systems and SoCs:

There are also instructions for the Simulator.

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To give your input, visit MCUboot GitHub Issues.

Source files

You can find additional documentation on the bootloader in the source files. For more information, use the following links:

boot/bootutil - The core of the bootloader itself.
boot/boot_serial - Support for serial upgrade within the bootloader itself.
boot/zephyr - Port of the bootloader to Zephyr.
boot/mynewt - Bootloader application for Apache Mynewt.
boot/nuttx - Bootloader application and port of MCUboot interfaces for Apache NuttX.
boot/mbed - Port of the bootloader to Mbed OS.
boot/espressif - Bootloader application and MCUboot port for Espressif SoCs.
boot/cypress - Bootloader application and MCUboot port for Cypress/Infineon SoCs.
imgtool - A tool to securely sign firmware images for booting by MCUboot.
sim - A bootloader simulator for testing and regression.

Joining the project

Developers are welcome!

Use the following links to join or see more about the project:

mcuboot's People

Contributors

Stargazers

Watchers

Forkers

d3zd3z rsalveti mbolivar mike-scott linaro ccollins476ad kyc0o vrahane andrewboie utzig seidleroni wrtcoder daifeimcu maswangy drf63329272 ohhoheihei gampt schuschu jamike xiaobai2458 lowlander hotrays mkiiskila d00616 p2xy miyatsu embeddedandroid carlescufi locomuco tamasban nvlsianpu b0661 sjanc psidhu arewhyan cvinayak niurenyige jpfaff zjl037600 zhengwang721 amritpati14 ziqiangyu skawu superna9999 easonxiang tprimini sebastianboe sidneyzou giulianofranchetto andrzej-kaczmarek rahimcharania mariuszskamra kontais nashif sdsxpln lemrey fhaacn ericyao2013 gautieratwork 1847123212 neoyong rosterloh deepcube lyft bsphere pvyawaha 0xchaihu natetrue masz-nordic danielinux liuzhiping1 psjb2008 henrikbrixandersen alexshilucky amattoo sathishscripts sigvartmh rymanluk babayb taotieren unisoc g-observer hiproz bourne-h sonnyswolf itmaktub rgundi cesarbr zagor takumiando findlayfeng timokroeger doanac davidvincze tgagneret-embedded mike-or ru-fu omsquare xxxxzzzz000 pelioniot

mcuboot's Issues

Boot serial support for Mynewt

Boot serial support was added to mcuboot supporting Zephyr for now. Also needs to add support for using the bundled boot_serial in Mynewt.

Generalize Zephyr sample apps

The Zephyr sample apps currently only work for the frdm_k64f board. Two issues are that Zephyr searches for a DTC overlay file based on the name of the target, and that the image signing hard codes the partition size.

The DTC overlay can be fixed by a recent patch which allows the Makefile to specify a common name for that.

For figuring out the partition size, a script can parse that from the generated config file.

David Brown added a comment - 05/Jan/18 8:08 AM
The DTC overlay part is solved. The Makefile still has hardcoded partition positions. I'm not sure the easiest way to solve that. I can look into that a little today, though.

Why MCUBOOT_SERIAL restores in area0 directly ?

Hi team,
I have a quick question : i see that MCUBOOT_SERIAL feature seems to restore an image into area0 (i.e. the one used for execution, right ?).
But i'm wondering why this feature does not flash area1 and resets ? This would allow using the usual security mcuboot features for the next boot (i.e. authenticate and restore from area1 to area0 once authentication is OK)... but i guess i'm probably missing something here.
Thanks for your answer
Bastien

mcuboot should clear memory before chainloading

While the operations mcuboot currently performs don't involve managing secrets, this may change in the future. This ticket tracks extending mcuboot to zero RAM it used during execution before chain-loading the next image, to avoid information leaks.

This should still be done from just a hygiene view. It is also possible there are unknown attacks against our signature system if memory is leaked.

Would need work for each OS.

Protect bootloader flash pages as much as possible

Some devices have flash page protection, but it is transient, and needs to be initialized on every boot. Add platform hooks to mcuboot so that these can be added for these platforms to protect the bootloader memory from being written. This should be done as early as possible in the instruction stream.

zephyr: when only use two images, mcuboot can't support

hi all:
i have used mcuboot for zephyr os and i find a problem,mcuboot must config 3 slots,slot0, solt1 and scratch area, my flash size is 512k and my slot is more than 128k, so i can not use 3 slots, only slot0 and slot1, but mcuboot has a limition in file boot/zephyr/include/target.h

#if !defined(FLASH_DRIVER_NAME) ||
!defined(FLASH_ALIGN) ||
!defined(FLASH_AREA_IMAGE_0_OFFSET) ||
!defined(FLASH_AREA_IMAGE_0_SIZE) ||
!defined(FLASH_AREA_IMAGE_1_OFFSET) ||
!defined(FLASH_AREA_IMAGE_1_SIZE) ||
!defined(FLASH_AREA_IMAGE_SCRATCH_OFFSET) ||
!defined(FLASH_AREA_IMAGE_SCRATCH_SIZE)
#error "Target support is incomplete; cannot build mcuboot."
#endif

so anybody can give me some advise, thank you for your answer !

[Zephyr] Use Kconfig instead of CMake variables for configuration

Hi,

I'm not sure what the background for this code is:


> ########################
> # Configuration choices.
> ########################
> 
> # Set CONF_SIGNATURE_TYPE to determine the signature type used.
> # Currently, it should be set to either RSA or ECDSA_P256.
> #
> # To choose RSA (this is the default):
> #
> #     cmake -DCONF_SIGNATURE_TYPE=RSA [...]
> #
> # To use ECDSA_P256:
> #
> #     cmake -DCONF_SIGNATURE_TYPE=ECDSA_P256 [...]
> if (NOT DEFINED CONF_SIGNATURE_TYPE)
>   set(CONF_SIGNATURE_TYPE RSA)
> endif()
>

but as a general rule it is preferable to use Kconfig rather than CMake variables for configuration.

This github issue can be considered a feature request.

Creating an unsigned image with imgtool requires using the "sign" subcommand

Creating an unsigned image with imgtool requires using the "sign" subcommand. Either a new subcmd needs to be added, or the "sign" subcommand needs to renamed to "create".

readme-zephyr.md has a broken link

The Zephyr docs have a broken link when rendered through GitHub. It looks like this:

Please see the [design document]({% link design.md %}) for documentation on the design and operation of the bootloader itself. This functionality should be the same on all supported RTOSs.

Support multiple flash devices (slot 0 internal, slot 1+scratch external)

There are some concerns that need to be addressed to support a configuration where slot 0 is on an internal flash device, and slot 1 and scratch are on a larger external flash. This allows most of the internal flash to be used for code.

Although there is some support in the code, it hasn't been tested, so will need simulator support to test this.
The Zephyr port is hardcoded for a single flash device.
How to handle the write alignment being different between internal and external flash devices.
Addressing issues discovered by the above.

zephyr: warn-on-open-flash-area feature (whenever flash_area_close become a real operation)

When ever flash_are_close become non dummy function it is recommended to implement functionalities to notice whenever open/close calls were mismatched.

Such functionality is intended to be called just before do_boot().

Upgrade of mbed TLS to 2.7.0 (Zephyr) breaks RSA signatures

Zephyr commit bb72c3d020166c388316c6be7d6584a09782c9d1 changes something about RSA-PSS that keeps signatures from being considered valid.

Tool to spit out the image trailer to help debug issues

This is going to be a newt command.

Downgrade prevention

Optional feature:
Bootloader should not accept any firmware which has version lower than current one. It may be that older firmware has known vulnerability and attack wants to exploit it.

samples/zephyr make error

hello,when i make zephyr hello-world use "make hello1",an error appeared,who can help me:

Traceback (most recent call last):
File "../../scripts/imgtool.py", line 145, in
args()
File "../../scripts/imgtool.py", line 142, in args
subcmdsargs.subcmd
File "../../scripts/imgtool.py", line 85, in do_sign
img.sign(key)
File "/home/liang/work/shared/mcuboot-1.1.0/scripts/imgtool/image.py", line 128, in sign
sig = key.sign(bytes(self.payload))
File "/home/liang/work/shared/mcuboot-1.1.0/scripts/imgtool/keys/rsa.py", line 92, in sign
return self.key.sign(
AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

Add support for optional anti-rollback protection

Some systems require anti-rollback protection to be in place. The easiest way for us to do this is to prevent upgrades to versions that are older than the currently running version.

In order to do this, we need to define what the ordering means with the version fields, and then add an option to enforce it.

Add more "how to" doc for zephyr targets

Looks like the description is too dry. It needs to be more guide.

I observe that:
it is not clear to user how-to compile proper image-application and how to create the image for upgarde
https://github.com/runtimeco/mcuboot/blob/master/README-zephyr.rst#building-applications-for-the-bootloader
Prefered here is examle of what should be added to the project cmake file and how a-board-overlay.dts should looks like. For instance we can redact this somehow:

Put into the project's top cmake the path to the overlay file: 

set(DTC_OVERLAY_FILE "${CMAKE_CURRENT_SOURCE_DIR}/board-dts.overlay") before including boilerplate.cmake, File should looks for instance like this: 
set(CONF_FILE "prj.conf") 

set(DTC_OVERLAY_FILE "${CMAKE_CURRENT_SOURCE_DIR}/dts.overlay") 

include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(NONE) 

target_sources(app PRIVATE src/main.c) 
  

add the file <a-board.overlay> with payload: 

/ { 
chosen { 
zephyr,code-partition = &slot0_partition; 
}; 
};

for: https://github.com/runtimeco/mcuboot/blob/master/README-zephyr.rst#signing-the-application need to exaplane --pad imagetool option user case (manually triggered test image swap).

Status write failures are ignored

When any of the status update writes fail, the remainder of the code tends to ignore these failures (either immediately, or upon a small number of returns). This generally results in the status not being updated correctly, and the flash then in an inconsistent state from what is expected.

It's hard to determine exactly what to do if these calls fail. Generally it is either going to be a worn device, which probably does not have meaningful recovery, or it is some type of bug or driver problem that is preventing the writes from working. In any case, it should be a lot easier to figure out what is happening.

Clean up Zephyr flash driver name after 1.11

The MCUboot define FLASH_DRIVER_NAME needs to be globally renamed to FLASH_DEV_NAME after Zephyr 1.11.

scratch area size might be used as flash-sector-size (zephyr)

For zephyr targets the scratch area size is used as the flash sector size in case API for retrieving the layout of flash memory pages.is disabled (CONFIG_FLASH_PAGE_LAYOUT == n).

This causes in flash area size verification error.
This bug is related at last to nrf52xx targets

Andrzej Puzdrowski added a comment - 23/Nov/17 6:12 AM

Values form directory https://github.com/runtimeco/mcuboot/tree/3d9e3eb974812b0a02c3185ab15c2f7ce9a99feb/boot/zephyr/targets
should be used instead of {quote}#define FLASH_AREA_IMAGE_SECTOR_SIZE FLASH_AREA_IMAGE_SCRATCH_SIZE{quote}

The build fails when CMake is invoked from outside of the build directory

Hi,

I am observing that

mkdir build && cd build && cmake ..

works.

But

cmake -Bbuild -H.

doesn't for mcuboot/boot/zephyr

Define communication between bootloader and booted image

In order for the application to know how to perform an upgrade, it needs to know certain information from the bootloader, at a minimum, a version number. It would be better, however, for this information to be closer to the information needed to convey (upgrade type, slot information, etc).

Implement a mechanism to communicate this information between the bootloader and the running app.

Add support for Intel Hex (.hex) in imgtool.py

The Intel Hex format (.hex) is very convenient for MCUboot since it includes the addresses at which the code is to be flashed.

If imgtool.py supported .hex alongside with .bin, it would make it very simple to work with certain platforms that support flashing .hex files.

Add common hardware security support, including MPU and HSM

HW features include, but are not limited to:

OTP memory for secure key storage
crypto accelerator
TCB (trusted computing base) e.g. ROM
isolated execution environment
device authentication - immutable base identity
execution-aware memory protection unit

This issue covers adding support for HSM to MCUboot (likely to imgtool). It will probably be needed to do some initial investigation as to what HSM to initially support. Without an economical device, we may have to leave the support simulated, with hooks, so that someone needing these devices can add the support.

CONFIG_IS_BOOTLOADER is poorly named and documented

Hi,

when following the instructions for building a Zephyr bootloader I was surprised to see that in the .config:

# CONFIG_IS_BOOTLOADER is not set

Is this a bug?

[Zephyr] Build error due to missing `asm_inline.h` header

MCUboot commit: db974f2
Zephyr commit: 9afb0cfab010519d92c4706e5070b37e8725505a

Attempting to build MCUboot results in the following build error:

/Users/ccollins/repos/mcuboot/boot/zephyr/main.c:22:24: fatal error: asm_inline.h: No such file or directory

Applying the following patch fixes the build error:

diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c
index 1159e34..1f80dac 100644
--- a/boot/zephyr/main.c
+++ b/boot/zephyr/main.c
@@ -19,7 +19,6 @@
 #include <gpio.h>
 #include <misc/__assert.h>
 #include <flash.h>
-#include <asm_inline.h>
 #include <drivers/system_timer.h>

 #include "target.h"
@@ -65,7 +64,7 @@ static void do_boot(struct boot_rsp *rsp)
                                      rsp->br_hdr->ih_hdr_size);
     irq_lock();
     sys_clock_disable();
-    _MspSet(vt->msp);
+    __set_MSP(vt->msp);
     ((void (*)(void))vt->reset)();
 }
 #else

But this may introduce build failures with older versions of Zephyr.

The Zephyr commit that causes this problem is:

commit c028f88b37d2a033d6a85c8d365ef048e1e4d621
Author: Ioannis Glaropoulos <[email protected]>
Date:   Mon Mar 12 10:45:02 2018 +0100

    arch: arm: remove redundant asm inline headers

    This commit removes the unnecessary asm inline header for ARM.
    It also adapts the stack.h and exc.h to use the ARM CMSIS inline
    functions to access the IPSR and MSP registers.

    Signed-off-by: Ioannis Glaropoulos <[email protected]>

Allow public keys to be specified at build time

Instead of baking the specific public keys directly into the build, allow cmake variables (for Zephyr) to point to a file containing the keys to be built in.

Support dual-image upgrades and verification

Upcoming designs will have two images that need to both be verified and upgraded. Add support for more than one image that can be updated and booted.

CI environment setup for MCUboot sim using Coverity and Travis

Detect oversized app image

Right now, if an application overlaps the image trailer, it just causes failures. Ideally, we should detect this, but there are difficulties since this information depends on the flash alignment, which isn't readily available in the host tools.

First question - can we detect this?

Replace mcuboot flash_map by zephyr flash_map module

zephyr has now compatible flash _map module - should be us instead of mcuboot one. It will also help with serve external flash for zephyr targets.

AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

I am want test usb dfu example in zephyr, but imgtool.py report that error. may be I installed the wrong version cryptography?

~/debug/port/github-os/mcuboot/scripts/imgtool.py sign \
> --key ~/debug/port/github-os/mcuboot/root-rsa-2048.pem \
> --header-size 0x200 \
> --align 8 \
> --version 1.2 \
> --included-header \
> ./zephyr/zephyr.bin \
> signed-zephyr.bin
Traceback (most recent call last):
  File "/home/qianfan/debug/port/github-os/mcuboot/scripts/imgtool.py", line 148, in <module>
    args()
  File "/home/qianfan/debug/port/github-os/mcuboot/scripts/imgtool.py", line 145, in args
    subcmds[args.subcmd](args)
  File "/home/qianfan/debug/port/github-os/mcuboot/scripts/imgtool.py", line 85, in do_sign
    img.sign(key)
  File "/home/qianfan/debug/port/github-os/mcuboot/scripts/imgtool/image.py", line 136, in sign
    sig = key.sign(bytes(self.payload))
  File "/home/qianfan/debug/port/github-os/mcuboot/scripts/imgtool/keys/rsa.py", line 92, in sign
    return self.key.sign(
AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

Missing license headers

The following files are missing license headers:

sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_assert.h
sim/mcuboot-sys/csupport/bootsim.h

Need to add them.

[Zephyr] Bootloader build failure with arduino_101

Hi,

I am unable to build a Zephyr bootloader for the board arduino_101. I think my environment is sane because I am successful with frdm_k64f.

Tested with Zephyr version be0aa2ac2c53d7146e666d08756c31d4ffad2205

Steps to reproduce:

sebo@mach:~/mcuboot/boot/zephyr/b$ export BOARD=arduino_101
sebo@mach:~/mcuboot/boot/zephyr/b$ cmake ..
-- Found PythonInterp: /usr/bin/python3 (found suitable version "3.5.2", minimum required is "3.4") 
-- Selected BOARD arduino_101
Zephyr version: 1.10.99
prj.conf:15: warning: attempt to assign the value "y" to the undefined symbol MPU_ALLOW_FLASH_WRITE
Parsing Kconfig tree in /home/sebo/mcuboot/boot/zephyr/../../Kconfig
Using /home/sebo/zephyr/boards/x86/arduino_101/arduino_101_defconfig as base
Merging prj.conf
warning: UART_QMSI_0_HW_FC was assigned the value "y" but got the value "n" -- check dependencies
warning: UART_QMSI_0_HW_FC was assigned the value "y" but got the value "n" -- check dependencies
-- Generating zephyr/include/generated/generated_dts_board.h
-- The C compiler identification is GNU 6.2.0
-- The CXX compiler identification is GNU 6.2.0
-- The ASM compiler identification is GNU
-- Found assembler: /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/bin/i586-zephyr-elfiamcu/i586-zephyr-elfiamcu-gcc
-- Performing Test toolchain_is_ok
-- Performing Test toolchain_is_ok - Success
-- Performing Test check_nostartfiles
-- Performing Test check_nostartfiles - Success
-- Performing Test check_nodefaultlibs
-- Performing Test check_nodefaultlibs - Success
-- Performing Test check_nostdlib
-- Performing Test check_nostdlib - Success
-- Performing Test check_static
-- Performing Test check_static - Success
-- Performing Test check_no_pie
-- Performing Test check_no_pie - Success
-- Performing Test check_fno_asynchronous_unwind_tables_C
-- Performing Test check_fno_asynchronous_unwind_tables_C - Success
-- Performing Test check_fno_pie_C
-- Performing Test check_fno_pie_C - Success
-- Performing Test check_fno_pic_C
-- Performing Test check_fno_pic_C - Success
-- Performing Test check_fno_strict_overflow_C
-- Performing Test check_fno_strict_overflow_C - Success
-- Performing Test check_Wno_pointer_sign_C
-- Performing Test check_Wno_pointer_sign_C - Success
-- Performing Test check_Wno_unused_but_set_variable_C
-- Performing Test check_Wno_unused_but_set_variable_C - Success
-- Performing Test check_fno_reorder_functions_C
-- Performing Test check_fno_reorder_functions_C - Success
-- Performing Test check_fno_defer_pop_C
-- Performing Test check_fno_defer_pop_C - Success
-- Performing Test check_Werror_implicit_int_C
-- Performing Test check_Werror_implicit_int_C - Success
-- Performing Test check_Wl__X
-- Performing Test check_Wl__X - Success
-- Performing Test check_Wl__N
-- Performing Test check_Wl__N - Success
-- Performing Test check_Wl___gc_sections
-- Performing Test check_Wl___gc_sections - Success
-- Performing Test check_Wl___build_id_none
-- Performing Test check_Wl___build_id_none - Success
-- Performing Test check_ffunction_sections_C
-- Performing Test check_ffunction_sections_C - Success
-- Performing Test check_fdata_sections_C
-- Performing Test check_fdata_sections_C - Success
-- Performing Test check_mno_sse_C
-- Performing Test check_mno_sse_C - Success
-- Performing Test check_march_lakemont_C
-- Performing Test check_march_lakemont_C - Success
-- Performing Test check_mtune_lakemont_C
-- Performing Test check_mtune_lakemont_C - Success
-- Performing Test check_msoft_float_C
-- Performing Test check_msoft_float_C - Success
-- Performing Test check_Wl___print_memory_usage
-- Performing Test check_Wl___print_memory_usage - Success
-- Configuring done
-- Generating done
-- Build files have been written to: /home/sebo/mcuboot/boot/zephyr/b
sebo@mach:~/mcuboot/boot/zephyr/b$ ninja
[1/177] Generating always_rebuild
Building for board arduino_101
[2/177] Generating include/generated/syscall_macros.h
[3/177] Generating misc/generated/syscalls.json
[4/177] Generating include/generated/syscall_dispatch.c, include/generated/syscall_list.h
[5/177] Building C object zephyr/CMakeFiles/offsets.dir/arch/x86/core/offsets/offsets.c.obj
[6/177] Linking C static library zephyr/liboffsets.a
[7/177] Generating include/generated/offsets.h
[8/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdlib/atoi.c.obj
[9/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdlib/strtol.c.obj
[10/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/string/string.c.obj
[11/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdlib/strtoul.c.obj
[12/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/string/strncasecmp.c.obj
[13/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/string/strstr.c.obj
[14/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdout/prf.c.obj
[15/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdout/stdout_console.c.obj
[16/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdout/sprintf.c.obj
[17/177] Building C object CMakeFiles/app.dir/home/sebo/zephyr/lib/libc/minimal/source/stdout/fprintf.c.obj
[18/177] Building C object CMakeFiles/app.dir/keys.c.obj
[19/177] Building C object CMakeFiles/app.dir/os.c.obj
../os.c:27:0: warning: "MBEDTLS_CONFIG_FILE" redefined
 #define MBEDTLS_CONFIG_FILE CONFIG_MBEDTLS_CFG_FILE
 
<command-line>:0:0: note: this is the location of the previous definition
[20/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/loader.c.obj
[21/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/bootutil_misc.c.obj
[22/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/image_ec256.c.obj
[23/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/image_validate.c.obj
[24/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/image_rsa.c.obj
[25/177] Building C object CMakeFiles/app.dir/home/sebo/mcuboot/boot/bootutil/src/caps.c.obj
[26/177] Building C object CMakeFiles/app.dir/flash_map_legacy.c.obj
FAILED: CMakeFiles/app.dir/flash_map_legacy.c.obj 
ccache /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/bin/i586-zephyr-elfiamcu/i586-zephyr-elfiamcu-gcc -DENABLE_EXTERNAL_ISR_HANDLING -DKERNEL -DMBEDTLS_CONFIG_FILE=\"config-boot.h\" -DMCUBOOT_TARGET_CONFIG="'\"arduino_101.h\"'" -DPERF_OPT -DQM_LAKEMONT -DSOC_SERIES=quark_se -D_FORTIFY_SOURCE=2 -D__ZEPHYR__=1 -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/include -I../include -I../targets -I/home/sebo/mcuboot/boot/bootutil/include -I/home/sebo/zephyr/kernel/include -I/home/sebo/zephyr/arch/x86/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/include -I/home/sebo/zephyr/boards/x86/arduino_101 -I/home/sebo/zephyr/include -I/home/sebo/zephyr/include/drivers -Izephyr/include/generated -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include-fixed -I/home/sebo/zephyr/lib/libc/minimal/include -I/home/sebo/zephyr/ext/hal/qmsi/include -I/home/sebo/zephyr/ext/hal/qmsi/drivers/include -I/home/sebo/zephyr/ext/hal/qmsi/soc/quark_se/include -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/configs -Og -g -Wall -Wformat -Wformat-security -Wno-format-zero-length -imacros /home/sebo/mcuboot/boot/zephyr/b/zephyr/include/generated/autoconf.h -ffreestanding -Wno-main -std=c99 -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS -DMCUBOOT_VALIDATE_SLOT0 -DMCUBOOT_USE_FLASH_AREA_GET_SECTORS -fno-asynchronous-unwind-tables -fno-pie -fno-pic -fno-strict-overflow -Wno-pointer-sign -Wno-unused-but-set-variable -fno-reorder-functions -fno-defer-pop -Werror=implicit-int -ffunction-sections -fdata-sections -mno-sse -march=lakemont -mtune=lakemont -msoft-float -MD -MT CMakeFiles/app.dir/flash_map_legacy.c.obj -MF CMakeFiles/app.dir/flash_map_legacy.c.obj.d -o CMakeFiles/app.dir/flash_map_legacy.c.obj   -c ../flash_map_legacy.c
In file included from ../flash_map_legacy.c:45:0:
../include/target.h:14:10: error: #include expects "FILENAME" or <FILENAME>
 #include MCUBOOT_TARGET_CONFIG
          ^~~~~~~~~~~~~~~~~~~~~
../include/target.h:44:2: error: #error "Target support is incomplete; cannot build mcuboot."
 #error "Target support is incomplete; cannot build mcuboot."
  ^~~~~
../flash_map_legacy.c:47:2: warning: #warning "The flash driver lacks page layout support; falling back on hacks." [-Wcpp]
 #warning "The flash driver lacks page layout support; falling back on hacks."
  ^~~~~~~
../flash_map_legacy.c: In function ‘flash_area_to_sectors’:
../flash_map_legacy.c:50:38: error: ‘FLASH_AREA_IMAGE_SCRATCH_SIZE’ undeclared (first use in this function)
 #define FLASH_AREA_IMAGE_SECTOR_SIZE FLASH_AREA_IMAGE_SCRATCH_SIZE
                                      ^
../flash_map_legacy.c:73:23: note: in expansion of macro ‘FLASH_AREA_IMAGE_SECTOR_SIZE’
         if (rem_len < FLASH_AREA_IMAGE_SECTOR_SIZE) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map_legacy.c:50:38: note: each undeclared identifier is reported only once for each function it appears in
 #define FLASH_AREA_IMAGE_SECTOR_SIZE FLASH_AREA_IMAGE_SCRATCH_SIZE
                                      ^
../flash_map_legacy.c:73:23: note: in expansion of macro ‘FLASH_AREA_IMAGE_SECTOR_SIZE’
         if (rem_len < FLASH_AREA_IMAGE_SECTOR_SIZE) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map_legacy.c: In function ‘flash_area_get_sectors’:
../flash_map_legacy.c:50:38: error: ‘FLASH_AREA_IMAGE_SCRATCH_SIZE’ undeclared (first use in this function)
 #define FLASH_AREA_IMAGE_SECTOR_SIZE FLASH_AREA_IMAGE_SCRATCH_SIZE
                                      ^
../flash_map_legacy.c:120:23: note: in expansion of macro ‘FLASH_AREA_IMAGE_SECTOR_SIZE’
         if (rem_len < FLASH_AREA_IMAGE_SECTOR_SIZE) {
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
[27/177] Building C object zephyr/CMakeFiles/zephyr.dir/arch/x86/soc/intel_quark/quark_se/soc.c.obj
[28/177] Building C object zephyr/CMakeFiles/zephyr.dir/arch/x86/soc/intel_quark/quark_se/soc_config.c.obj
[29/177] Building ASM object zephyr/CMakeFiles/zephyr.dir/arch/x86/soc/intel_quark/quark_se/soc_power.S.obj
[30/177] Building C object CMakeFiles/app.dir/hal_flash.c.obj
FAILED: CMakeFiles/app.dir/hal_flash.c.obj 
ccache /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/bin/i586-zephyr-elfiamcu/i586-zephyr-elfiamcu-gcc -DENABLE_EXTERNAL_ISR_HANDLING -DKERNEL -DMBEDTLS_CONFIG_FILE=\"config-boot.h\" -DMCUBOOT_TARGET_CONFIG="'\"arduino_101.h\"'" -DPERF_OPT -DQM_LAKEMONT -DSOC_SERIES=quark_se -D_FORTIFY_SOURCE=2 -D__ZEPHYR__=1 -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/include -I../include -I../targets -I/home/sebo/mcuboot/boot/bootutil/include -I/home/sebo/zephyr/kernel/include -I/home/sebo/zephyr/arch/x86/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/include -I/home/sebo/zephyr/boards/x86/arduino_101 -I/home/sebo/zephyr/include -I/home/sebo/zephyr/include/drivers -Izephyr/include/generated -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include-fixed -I/home/sebo/zephyr/lib/libc/minimal/include -I/home/sebo/zephyr/ext/hal/qmsi/include -I/home/sebo/zephyr/ext/hal/qmsi/drivers/include -I/home/sebo/zephyr/ext/hal/qmsi/soc/quark_se/include -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/configs -Og -g -Wall -Wformat -Wformat-security -Wno-format-zero-length -imacros /home/sebo/mcuboot/boot/zephyr/b/zephyr/include/generated/autoconf.h -ffreestanding -Wno-main -std=c99 -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS -DMCUBOOT_VALIDATE_SLOT0 -DMCUBOOT_USE_FLASH_AREA_GET_SECTORS -fno-asynchronous-unwind-tables -fno-pie -fno-pic -fno-strict-overflow -Wno-pointer-sign -Wno-unused-but-set-variable -fno-reorder-functions -fno-defer-pop -Werror=implicit-int -ffunction-sections -fdata-sections -mno-sse -march=lakemont -mtune=lakemont -msoft-float -MD -MT CMakeFiles/app.dir/hal_flash.c.obj -MF CMakeFiles/app.dir/hal_flash.c.obj.d -o CMakeFiles/app.dir/hal_flash.c.obj   -c ../hal_flash.c
In file included from ../hal_flash.c:22:0:
../include/target.h:14:10: error: #include expects "FILENAME" or <FILENAME>
 #include MCUBOOT_TARGET_CONFIG
          ^~~~~~~~~~~~~~~~~~~~~
../include/target.h:44:2: error: #error "Target support is incomplete; cannot build mcuboot."
 #error "Target support is incomplete; cannot build mcuboot."
  ^~~~~
../hal_flash.c: In function ‘hal_flash_align’:
../hal_flash.c:28:12: error: ‘FLASH_ALIGN’ undeclared (first use in this function)
     return FLASH_ALIGN;
            ^~~~~~~~~~~
../hal_flash.c:28:12: note: each undeclared identifier is reported only once for each function it appears in
../hal_flash.c:29:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
[31/177] Building C object CMakeFiles/app.dir/main.c.obj
FAILED: CMakeFiles/app.dir/main.c.obj 
ccache /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/bin/i586-zephyr-elfiamcu/i586-zephyr-elfiamcu-gcc -DENABLE_EXTERNAL_ISR_HANDLING -DKERNEL -DMBEDTLS_CONFIG_FILE=\"config-boot.h\" -DMCUBOOT_TARGET_CONFIG="'\"arduino_101.h\"'" -DPERF_OPT -DQM_LAKEMONT -DSOC_SERIES=quark_se -D_FORTIFY_SOURCE=2 -D__ZEPHYR__=1 -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/include -I../include -I../targets -I/home/sebo/mcuboot/boot/bootutil/include -I/home/sebo/zephyr/kernel/include -I/home/sebo/zephyr/arch/x86/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/include -I/home/sebo/zephyr/boards/x86/arduino_101 -I/home/sebo/zephyr/include -I/home/sebo/zephyr/include/drivers -Izephyr/include/generated -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include-fixed -I/home/sebo/zephyr/lib/libc/minimal/include -I/home/sebo/zephyr/ext/hal/qmsi/include -I/home/sebo/zephyr/ext/hal/qmsi/drivers/include -I/home/sebo/zephyr/ext/hal/qmsi/soc/quark_se/include -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/configs -Og -g -Wall -Wformat -Wformat-security -Wno-format-zero-length -imacros /home/sebo/mcuboot/boot/zephyr/b/zephyr/include/generated/autoconf.h -ffreestanding -Wno-main -std=c99 -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS -DMCUBOOT_VALIDATE_SLOT0 -DMCUBOOT_USE_FLASH_AREA_GET_SECTORS -fno-asynchronous-unwind-tables -fno-pie -fno-pic -fno-strict-overflow -Wno-pointer-sign -Wno-unused-but-set-variable -fno-reorder-functions -fno-defer-pop -Werror=implicit-int -ffunction-sections -fdata-sections -mno-sse -march=lakemont -mtune=lakemont -msoft-float -MD -MT CMakeFiles/app.dir/main.c.obj -MF CMakeFiles/app.dir/main.c.obj.d -o CMakeFiles/app.dir/main.c.obj   -c ../main.c
In file included from ../main.c:25:0:
../include/target.h:14:10: error: #include expects "FILENAME" or <FILENAME>
 #include MCUBOOT_TARGET_CONFIG
          ^~~~~~~~~~~~~~~~~~~~~
../include/target.h:44:2: error: #error "Target support is incomplete; cannot build mcuboot."
 #error "Target support is incomplete; cannot build mcuboot."
  ^~~~~
../main.c: In function ‘main’:
../main.c:103:44: error: ‘FLASH_DRIVER_NAME’ undeclared (first use in this function)
     boot_flash_device = device_get_binding(FLASH_DRIVER_NAME);
                                            ^~~~~~~~~~~~~~~~~
../main.c:103:44: note: each undeclared identifier is reported only once for each function it appears in
[32/177] Building C object zephyr/CMakeFiles/zephyr.dir/arch/x86/soc/intel_quark/quark_se/power.c.obj
[33/177] Building C object CMakeFiles/app.dir/flash_map.c.obj
FAILED: CMakeFiles/app.dir/flash_map.c.obj 
ccache /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/bin/i586-zephyr-elfiamcu/i586-zephyr-elfiamcu-gcc -DENABLE_EXTERNAL_ISR_HANDLING -DKERNEL -DMBEDTLS_CONFIG_FILE=\"config-boot.h\" -DMCUBOOT_TARGET_CONFIG="'\"arduino_101.h\"'" -DPERF_OPT -DQM_LAKEMONT -DSOC_SERIES=quark_se -D_FORTIFY_SOURCE=2 -D__ZEPHYR__=1 -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/include -I../include -I../targets -I/home/sebo/mcuboot/boot/bootutil/include -I/home/sebo/zephyr/kernel/include -I/home/sebo/zephyr/arch/x86/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se -I/home/sebo/zephyr/arch/x86/soc/intel_quark/quark_se/include -I/home/sebo/zephyr/arch/x86/soc/intel_quark/include -I/home/sebo/zephyr/boards/x86/arduino_101 -I/home/sebo/zephyr/include -I/home/sebo/zephyr/include/drivers -Izephyr/include/generated -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include -isystem /home/sebo/zephyr-sdk-0.9.2-rc5/sysroots/x86_64-pokysdk-linux/usr/lib/i586-zephyr-elfiamcu/gcc/i586-zephyr-elfiamcu/6.2.0/include-fixed -I/home/sebo/zephyr/lib/libc/minimal/include -I/home/sebo/zephyr/ext/hal/qmsi/include -I/home/sebo/zephyr/ext/hal/qmsi/drivers/include -I/home/sebo/zephyr/ext/hal/qmsi/soc/quark_se/include -I/home/sebo/zephyr/ext/lib/crypto/mbedtls/configs -Og -g -Wall -Wformat -Wformat-security -Wno-format-zero-length -imacros /home/sebo/mcuboot/boot/zephyr/b/zephyr/include/generated/autoconf.h -ffreestanding -Wno-main -std=c99 -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS -DMCUBOOT_VALIDATE_SLOT0 -DMCUBOOT_USE_FLASH_AREA_GET_SECTORS -fno-asynchronous-unwind-tables -fno-pie -fno-pic -fno-strict-overflow -Wno-pointer-sign -Wno-unused-but-set-variable -fno-reorder-functions -fno-defer-pop -Werror=implicit-int -ffunction-sections -fdata-sections -mno-sse -march=lakemont -mtune=lakemont -msoft-float -MD -MT CMakeFiles/app.dir/flash_map.c.obj -MF CMakeFiles/app.dir/flash_map.c.obj.d -o CMakeFiles/app.dir/flash_map.c.obj   -c ../flash_map.c
In file included from ../flash_map.c:23:0:
../include/target.h:14:10: error: #include expects "FILENAME" or <FILENAME>
 #include MCUBOOT_TARGET_CONFIG
          ^~~~~~~~~~~~~~~~~~~~~
../include/target.h:44:2: error: #error "Target support is incomplete; cannot build mcuboot."
 #error "Target support is incomplete; cannot build mcuboot."
  ^~~~~
../flash_map.c:61:23: error: ‘FLASH_AREA_IMAGE_0_OFFSET’ undeclared here (not in a function)
             .fa_off = FLASH_AREA_IMAGE_0_OFFSET,
                       ^~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c:62:24: error: ‘FLASH_AREA_IMAGE_0_SIZE’ undeclared here (not in a function)
             .fa_size = FLASH_AREA_IMAGE_0_SIZE,
                        ^~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c:70:23: error: ‘FLASH_AREA_IMAGE_1_OFFSET’ undeclared here (not in a function)
             .fa_off = FLASH_AREA_IMAGE_1_OFFSET,
                       ^~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c:71:24: error: ‘FLASH_AREA_IMAGE_1_SIZE’ undeclared here (not in a function)
             .fa_size = FLASH_AREA_IMAGE_1_SIZE,
                        ^~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c:79:23: error: ‘FLASH_AREA_IMAGE_SCRATCH_OFFSET’ undeclared here (not in a function)
             .fa_off = FLASH_AREA_IMAGE_SCRATCH_OFFSET,
                       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c:80:24: error: ‘FLASH_AREA_IMAGE_SCRATCH_SIZE’ undeclared here (not in a function)
             .fa_size = FLASH_AREA_IMAGE_SCRATCH_SIZE,
                        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../flash_map.c: In function ‘flash_area_get_bounds’:
../flash_map.c:216:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *off = FLASH_AREA_IMAGE_0_OFFSET;
              ^
../flash_map.c:217:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *len = FLASH_AREA_IMAGE_0_SIZE;
              ^
../flash_map.c:220:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *off = FLASH_AREA_IMAGE_1_OFFSET;
              ^
../flash_map.c:221:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *len = FLASH_AREA_IMAGE_1_SIZE;
              ^
../flash_map.c:224:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *off = FLASH_AREA_IMAGE_SCRATCH_OFFSET;
              ^
../flash_map.c:225:14: warning: assignment makes integer from pointer without a cast [-Wint-conversion]
         *len = FLASH_AREA_IMAGE_SCRATCH_SIZE;
              ^
[34/177] Building C object zephyr/CMakeFiles/zephyr.dir/arch/x86/soc/intel_quark/quark_se/eoi.c.obj
[35/177] Building C object zephyr/CMakeFiles/zephyr.dir/arch/x86/core/cache.c.obj
ninja: build stopped: subcommand failed.

Design document needs to have better definition of boot states behavior

After reviewing the last update to the design document, a lot of inconsistencies in behavior were found. The previous discussion can be seen here:

#87

The main point of the discussion is regarding to how boot states should behave, which given the importance of correctness in the aforementioned code, documentation needs to be clear and very well thought through for all possible states a boot can be in.
Options

Marti Bolivar added a comment - 04/Aug/17 2:47 PM
#104

Some remaining work I see:

There is still an "important caveat" to describing things in
terms of swap states, which means it's not quite right.
It's strange to say that "none" is a swap state.
This doesn't provide a clean explanation for how mcuboot handles an
interrupted swap.

image.py: Error on sign a firmware

Use tag v1.1.0, when I sign a firmware using the root-*.pem key provide by this repo, got some error message.
mcuboot is at the root dir of zephyr, and run this script at dir zephyr/sample/http_client

#!/bin/bash

mcuboot_path="../../../mcuboot";
firmware_path="build/stm32f4_explo/zephyr";
firmware_version=1

output_file_name="${firmware_path}/http_v${firmware_version}_debug.bin";

./${mcuboot_path}/scripts/imgtool.py sign \
	--key ${mcuboot_path}/root-ec-p256.pem \
	--header-size 0x200 \
	--align 8 \
	--version ${firmware_version} \
	--included-header \
	${firmware_path}/zephyr.bin ${firmware_path}/http_v0.0.1_debug.bin

I got error message below:

Traceback (most recent call last):
  File "./../../../mcuboot/scripts/imgtool.py", line 145, in <module>
    args()
  File "./../../../mcuboot/scripts/imgtool.py", line 142, in args
    subcmds[args.subcmd](args)
  File "./../../../mcuboot/scripts/imgtool.py", line 84, in do_sign
    key = load_key(args) if args.key else None
  File "./../../../mcuboot/scripts/imgtool.py", line 62, in load_key
    key = keys.load(args.key)
  File "/home/${user_name}/project/zephyr/mcuboot/scripts/imgtool/keys/__init__.py", line 66, in load
    if pk.key_size != 256:
AttributeError: '_EllipticCurvePrivateKey' object has no attribute 'key_size'

image.py - needs update for image header

Image header structure in bootloader and image.py are not in sync.
image.py does not hold the loadaddr, and holding TlvSz.

Add more "how to" doc for zephyr targets

Looks like the description is too dry. It needs to be more guide.

Put into the project's top cmake the path to the overlay file: 

set(DTC_OVERLAY_FILE "${CMAKE_CURRENT_SOURCE_DIR}/board-dts.overlay") before including boilerplate.cmake, File should looks for instance like this:
set(CONF_FILE "prj.conf")

set(DTC_OVERLAY_FILE "${CMAKE_CURRENT_SOURCE_DIR}/dts.overlay")

include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE)
project(NONE)

target_sources(app PRIVATE src/main.c)
 

add the file <a-board.overlay> with payload:

/ {
	chosen {
		zephyr,code-partition = &slot0_partition;
	};
};

for: https://github.com/runtimeco/mcuboot/blob/master/README-zephyr.rst#signing-the-application need to exaplane --pad imagetool option user case (manually triggered test image swap).

Remove padding for ECDSA signatures

Now that the header no longer contains the TLV size, it is not necessary to pad the value used for an ECDSA signature. These signatures can vary slightly in size, depending on the setting of the highest bit (they are encoded as signed integers, which if the high bit is set, will cause an extra 0x00 byte to be emitted).

However, imgtool.py and the verification code still have support for this padding. We probably can't remove the code that verified from allowing the padding, since that would break parsing of existing signatures, but we can change imgtool to no long add the padding.

Maximum number of image sectors is 120 instead of 128

The current maximum number of sectors per image is hard coded at 120:
https://github.com/runtimeco/mcuboot/blob/7cc3261e2d1df66b556a2ceadb76b5b89ea81c2e/boot/bootutil/src/bootutil_priv.h#L112

According to the the design document (docs/design.md) the maximum supported sectors per image is 128.

Note that changing BOOT_MAX_IMG_SECTORS to 128 makes it possible to boot form image slots that are larger then 120 sectors.

Build MCUboot as a RIOT app

https://runtimeco.atlassian.net/browse/MCUB-72

Francisco Acosta added a comment - 05/Dec/17 7:15 AM:
For 1.1 release I'll add just a "small" update on which RIOT will include a signature using the example key (the one on the mcuboot git repo). A pre-compiled mynewt mcuboot binary with signature and hash checks enabled will be used to boot this new RIOT image.

Support for loading image from Flash into on-chip RAM

The boot loader should support the option where slot 1 is defined in external flash. The new image needs to be uploaded to on-chip flash/RAM (slot 0).
Swap space can be defined by the user in the external flash. This allows fall back to known good image in case the new image fails to boot.

David Brown added a comment - 22/Aug/17 2:18 PM
One point of complexity here has to do with the minimum write size. If they differ between the external and internal flash, we would have to probably pick the largest value. At least this will have to be accounted for in the software.

sign.sh is very out of date

The sign.sh in the root directory still refers to the now removed zep2newt.py script. Either just remove this script entirely, or update it to be and example of how to sign. Given that samples/zephyr/Makefile shows how to sign on Zephyr, and newt takes care of it on MyNewt, it is probably best to just remove the file.

Implement dual-slot (non swap) image upgrade

Implement a mechanism that allows two different images to be deployed, one that runs in slot 0 and one that runs in slot 1. MCUboot's responsibility will then be to track which one to run, not to handle the complexity of swapping them.

Support for revoking/invalidating keys

Fabio Utzig added a comment - 22/May/17 11:25 AM
I haven't seen this ticket before, but one suggestion to implement this would be to have another partition to put keys. We could build mcuboot with the original key, and if it needs to be revoked we write a new key to some special partition. If the key is available on the partition we assume it is to be used instead of the one linked in mcuboot. This, of course, assumes we control the fw by using our key.

One problematic situation would be if we loose control of the key, before we are able to update the fw someone can use the stolen key to update the fw first and assume control.

But this should be enough to start a discussion...

Add --slot-size argument to imgtool

When imgtool is run with the --pad option, it checks that the image + trailer will fit into the slot.

However, that's the only way to get it to output an error if the image is too big. The image's size and whether or not to insert a pad are orthogonal; mixing them in this way prevents users from being able to check with imgtool that their signed images fit properly into slots unless they build padded images, which is not recommended.

To resolve this, imgtool should gain a --slot-size option to specify the total slot size, and --pad should just be a boolean flag that pads the image out to the --slot-size value (if given, and an error raised if not).

That way, users can use --slot-size to check for the trailer fitting without having to generate a padded image.

Always use overwrite-only code for non-revert upgrades

We have added the configuration BOOTUTIL_OVERWRITE_ONLY to allow a simpler upgrade process to be used. Instead of just making this code a compile-time choice, enhance the regular startup to use this code when the system has requested a non-test upgrade (which won't be reverted).

Since there is still a desire to be able to revert, this should be another compilation option.

Unable to sign image using imgtool.py

I compiled the sample hello world and tried signing it with the following command
../../../../scripts/imgtool.py sign --key ../../../../root-rsa-2048.pem --header-size 0x200 --align 8 --version 1.2 --included-header ./zephyr/zephyr.bin signed.bin

I get following error

Traceback (most recent call last):
File "../../../../scripts/imgtool.py", line 148, in
args()
File "../../../../scripts/imgtool.py", line 145, in args
subcmdsargs.subcmd
File "../../../../scripts/imgtool.py", line 85, in do_sign
img.sign(key)
File "/home/yatish/Desktop/zephyr-zephyr-v1.11.0/samples/mcuboot-master/scripts/imgtool/image.py", line 136, in sign
sig = key.sign(bytes(self.payload))
File "/home/yatish/Desktop/zephyr-zephyr-v1.11.0/samples/mcuboot-master/scripts/imgtool/keys/rsa.py", line 92, in sign
return self.key.sign(
AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

prevalidation (signature check prior flash modification)

Firmware is validated (authentication, downgrade prevention, etc.) before any content is written to flash. Prevalidation protects against battery drain or intentional flash wearing. Prevalidation is performed by the application (in case of background DFU) but material needed for prevalidation (keys, versions) is owned by the bootloader. Prevalidation requires interface between bootloader and application. Prevalidation in most of the cases ensures that delivery of new firmware will not start unless validated. However, since application might be exploited it can still accept new firmware. Even then, new firmware will not be activated unless bootloader is exploited. In case of single bank approach prevalidation is the main validation step since once accepted old firmware is overwritten.

This task requires resolution for Define communication between bootloader and booted image

Add SHA-512 capability to MCUBoot

Digest size is 512 bit, hash function computed with 64-bit words.
tweetnacl supports only this hash function.

A new type is needed to support it.
Should be a config variable for the user to choose if desired.

Also needs support to 'newt' 'imgtool' and 'imgtool.py' for this new hash.
Options