Merge branch 'mcu-tools:main' into bootutil-refacto-crypto-usage

Signed-off-by: Raphael Dupont <[email protected]>

README.md

@@ -16,7 +16,7 @@
 [travis]: https://travis-ci.org/mcu-tools/mcuboot
 [license]: https://github.com/mcu-tools/mcuboot/blob/main/LICENSE
 
-This is MCUboot version 1.10.0-rc1
+This is MCUboot version 1.11.0-dev
 
 MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a
 common infrastructure for the bootloader and the system flash layout on

boot/boot_serial/src/boot_serial.c

@@ -26,7 +26,6 @@
 #include "sysflash/sysflash.h"
 
 #include "bootutil/bootutil_log.h"
-#include "zcbor_encode.h"
 
 #ifdef __ZEPHYR__
 #include <zephyr/sys/reboot.h>
@@ -37,13 +36,16 @@
 #include <zephyr/sys/crc.h>
 #include <zephyr/sys/base64.h>
 #include <hal/hal_flash.h>
+#include <zcbor_encode.h>
 #elif __ESPRESSIF__
+#include "zcbor_encode.h"
 #include <bootloader_utility.h>
 #include <esp_rom_sys.h>
 #include <esp_crc.h>
 #include <endian.h>
 #include <mbedtls/base64.h>
 #else
+#include "zcbor_encode.h"
 #include <bsp/bsp.h>
 #include <hal/hal_system.h>
 #include <hal/hal_flash.h>
@@ -196,8 +198,11 @@ bs_list_img_ver(char *dst, int maxlen, struct image_version *ver)
     off += u32toa(dst + off, ver->iv_minor);
     dst[off++] = '.';
     off += u32toa(dst + off, ver->iv_revision);
-    dst[off++] = '.';
-    off += u32toa(dst + off, ver->iv_build_num);
+
+    if (ver->iv_build_num != 0) {
+        dst[off++] = '.';
+        off += u32toa(dst + off, ver->iv_build_num);
+    }
 }
 #else
 /*
@@ -206,8 +211,14 @@ bs_list_img_ver(char *dst, int maxlen, struct image_version *ver)
 static void
 bs_list_img_ver(char *dst, int maxlen, struct image_version *ver)
 {
-   snprintf(dst, maxlen, "%hu.%hu.%hu.%u", (uint16_t)ver->iv_major,
-            (uint16_t)ver->iv_minor, ver->iv_revision, ver->iv_build_num);
+   int len;
+
+   len = snprintf(dst, maxlen, "%hu.%hu.%hu", (uint16_t)ver->iv_major,
+                  (uint16_t)ver->iv_minor, ver->iv_revision);
+
+   if (ver->iv_build_num != 0 && len > 0 && len < maxlen) {
+      snprintf(&dst[len], (maxlen - len), "%u", ver->iv_build_num);
+   }
 }
 #endif /* !MCUBOOT_USE_SNPRINTF */
 

boot/boot_serial/src/serial_recovery_cbor.c

@@ -15,7 +15,13 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
+
 #include "serial_recovery_cbor.h"
 
 #if DEFAULT_MAX_QTY != 3

boot/boot_serial/src/serial_recovery_cbor.h

@@ -18,7 +18,13 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
+
 #include "serial_recovery_cbor_types.h"
 
 #if DEFAULT_MAX_QTY != 3

boot/boot_serial/src/serial_recovery_cbor_types.h

@@ -18,7 +18,12 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
 
 /** Which value for --default-max-qty this file was created with.
  *

boot/boot_serial/src/serial_recovery_echo.c

@@ -8,7 +8,13 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
+
 #include "serial_recovery_echo.h"
 
 #if DEFAULT_MAX_QTY != 3

boot/boot_serial/src/serial_recovery_echo.h

@@ -11,7 +11,13 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
+
 #include "serial_recovery_echo_types.h"
 
 #if DEFAULT_MAX_QTY != 3

boot/boot_serial/src/serial_recovery_echo_types.h

@@ -11,7 +11,12 @@
 #include <stdbool.h>
 #include <stddef.h>
 #include <string.h>
+
+#ifdef __ZEPHYR__
+#include <zcbor_decode.h>
+#else
 #include "zcbor_decode.h"
+#endif
 
 /** Which value for --default-max-qty this file was created with.
  *

boot/bootutil/CMakeLists.txt

@@ -1,5 +1,5 @@
 #------------------------------------------------------------------------------
-# Copyright (c) 2020, Arm Limited. All rights reserved.
+# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
@@ -28,7 +28,6 @@ target_sources(bootutil
         src/encrypted.c
         src/fault_injection_hardening.c
         src/fault_injection_hardening_delay_rng_mbedtls.c
-        src/image_ec.c
         src/image_ec256.c
         src/image_ed25519.c
         src/image_rsa.c

boot/bootutil/include/bootutil/bootutil_public.h

@@ -39,6 +39,7 @@
 #define H_BOOTUTIL_PUBLIC
 
 #include <inttypes.h>
+#include <stdbool.h>
 #include <string.h>
 #include <flash_map_backend/flash_map_backend.h>
 #include <mcuboot_config/mcuboot_config.h>
@@ -266,6 +267,33 @@ int
 boot_read_swap_state(const struct flash_area *fa,
                      struct boot_swap_state *state);
 
+/**
+ * @brief Set next image application slot by flash area pointer
+ *
+ * @param fa pointer to flash_area representing image to set for next boot;
+ * @param active should be true if @fa points to currently running image
+ *        slot, false otherwise;
+ * @param confirm confirms image; when @p active is true, this is considered
+ *        true, regardless of passed value.
+ *
+ * It is users responsibility to identify whether @p fa provided as parameter
+ * is currently running/active image and provide proper value to @p active.
+ * Failing to do so may render device non-upgradeable.
+ *
+ * Note that in multi-image setup running/active application is the one
+ * that is currently being executed by any MCU core, from the pair of
+ * slots dedicated to that MCU core. As confirming application currently
+ * running on a given slot should be, preferably, done after functional
+ * tests prove application to function correctly, it may not be a good idea
+ * to cross-confirm running images.
+ * An application should only confirm slots designated to MCU core it is
+ * running on.
+ *
+ * @return 0 on success; non-zero error code on failure.
+ */
+int
+boot_set_next(const struct flash_area *fa, bool active, bool confirm);
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/caps.h

@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2017 Linaro Limited
- * Copyright (c) 2021 Arm Limited
+ * Copyright (c) 2021-2023 Arm Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,23 +34,22 @@ extern "C" {
 uint32_t bootutil_get_caps(void);
 
 #define BOOTUTIL_CAP_RSA2048                (1<<0)
-#define BOOTUTIL_CAP_ECDSA_P224             (1<<1)
-#define BOOTUTIL_CAP_ECDSA_P256             (1<<2)
-#define BOOTUTIL_CAP_SWAP_USING_SCRATCH     (1<<3)
-#define BOOTUTIL_CAP_OVERWRITE_UPGRADE      (1<<4)
-#define BOOTUTIL_CAP_ENC_RSA                (1<<5)
-#define BOOTUTIL_CAP_ENC_KW                 (1<<6)
-#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT  (1<<7)
-#define BOOTUTIL_CAP_RSA3072                (1<<8)
-#define BOOTUTIL_CAP_ED25519                (1<<9)
-#define BOOTUTIL_CAP_ENC_EC256              (1<<10)
-#define BOOTUTIL_CAP_SWAP_USING_MOVE        (1<<11)
-#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION   (1<<12)
-#define BOOTUTIL_CAP_ENC_X25519             (1<<13)
-#define BOOTUTIL_CAP_BOOTSTRAP              (1<<14)
-#define BOOTUTIL_CAP_AES256                 (1<<15)
-#define BOOTUTIL_CAP_RAM_LOAD               (1<<16)
-#define BOOTUTIL_CAP_DIRECT_XIP             (1<<17)
+#define BOOTUTIL_CAP_ECDSA_P256             (1<<1)
+#define BOOTUTIL_CAP_SWAP_USING_SCRATCH     (1<<2)
+#define BOOTUTIL_CAP_OVERWRITE_UPGRADE      (1<<3)
+#define BOOTUTIL_CAP_ENC_RSA                (1<<4)
+#define BOOTUTIL_CAP_ENC_KW                 (1<<5)
+#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT  (1<<6)
+#define BOOTUTIL_CAP_RSA3072                (1<<7)
+#define BOOTUTIL_CAP_ED25519                (1<<8)
+#define BOOTUTIL_CAP_ENC_EC256              (1<<9)
+#define BOOTUTIL_CAP_SWAP_USING_MOVE        (1<<10)
+#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION   (1<<11)
+#define BOOTUTIL_CAP_ENC_X25519             (1<<12)
+#define BOOTUTIL_CAP_BOOTSTRAP              (1<<13)
+#define BOOTUTIL_CAP_AES256                 (1<<14)
+#define BOOTUTIL_CAP_RAM_LOAD               (1<<15)
+#define BOOTUTIL_CAP_DIRECT_XIP             (1<<16)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/include/bootutil/crypto/common.h

@@ -1,19 +1,19 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2021 Arm Limited
- */
-
-#ifndef __BOOTUTIL_CRYPTO_COMMON_H__
-#define __BOOTUTIL_CRYPTO_COMMON_H__
-
-/* TODO May need to update this in a future 3.x version of Mbed TLS.
- * Extract a member of the mbedtls context structure.
- */
-#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-#define MBEDTLS_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X)
-#else
-#define MBEDTLS_CONTEXT_MEMBER(X) X
-#endif
-
-#endif /* __BOOTUTIL_CRYPTO_COMMON_H__ */
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2021 Arm Limited
+ */
+
+#ifndef __BOOTUTIL_CRYPTO_COMMON_H__
+#define __BOOTUTIL_CRYPTO_COMMON_H__
+
+/* TODO May need to update this in a future 3.x version of Mbed TLS.
+ * Extract a member of the mbedtls context structure.
+ */
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#define MBEDTLS_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X)
+#else
+#define MBEDTLS_CONTEXT_MEMBER(X) X
+#endif
+
+#endif /* __BOOTUTIL_CRYPTO_COMMON_H__ */