boot/zephyr/nrf_cleanup: cleanup uarte pins

.github/workflows/backport.yml

@@ -0,0 +1,19 @@
+name: Backport
+on:
+ pull_request:
+ types:
+ - closed
+ - labeled
+
+jobs:
+ backport:
+ runs-on: ubuntu-18.04
+ name: Backport
+ steps:
+ - name: Backport Bot
+ uses: Gaurav0/backport@v1.0.24
+ with:
+ bot_username: NordicBuilder
+ bot_token: 151a9b45052f9ee8be5a59963d31ad7b92c3ecb5
+ bot_token_key: 67bb1f1f998d546859786a4088917c65415c0ebd
+ github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/commit-tags.yml

@@ -0,0 +1,31 @@
+name: Commit tags
+
+on: pull_request
+
+jobs:
+ commit_tags:
+ runs-on: ubuntu-22.04
+ name: Run commit tags checks on patch series (PR)
+ steps:
+ - name: Update PATH for west
+ run: |
+ echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+ - name: Checkout the code
+ uses: actions/checkout@v3
+ with:
+ ref: ${{ github.event.pull_request.head.sha }}
+ fetch-depth: 0
+
+ - name: Install python dependencies
+ run: |
+ pip3 install setuptools
+ pip3 install wheel
+ pip3 install gitlint
+
+ - name: Run the commit tags
+ uses: nrfconnect/action-commit-tags@main
+ with:
+ target: '.'
+ baserev: origin/${{ github.base_ref }}
+ revrange: 'none'

.gitlint

@@ -0,0 +1,57 @@
+# All these sections are optional, edit this file as you like.
+[general]
+ignore=title-trailing-punctuation, T3, title-max-length, T1, body-hard-tab, B3, B1
+# verbosity should be a value between 1 and 3, the commandline -v flags take precedence over this
+verbosity = 3
+# By default gitlint will ignore merge commits. Set to 'false' to disable.
+ignore-merge-commits=true
+# Enable debug mode (prints more output). Disabled by default
+debug = false
+
+# Set the extra-path where gitlint will search for user defined rules
+# See http://jorisroovers.github.io/gitlint/user_defined_rules for details
+extra-path=../../zephyr/scripts/gitlint
+
+[title-max-length-no-revert]
+line-length=72
+
+[body-min-line-count]
+min-line-count=1
+
+[body-max-line-count]
+max-line-count=200
+
+[title-starts-with-subsystem]
+regex = ^(?!subsys:)(([^:]+):)(\s([^:]+):)*\s(.+)$
+
+[title-must-not-contain-word]
+# Comma-separated list of words that should not occur in the title. Matching is case
+# insensitive. It's fine if the keyword occurs as part of a larger word (so "WIPING"
+# will not cause a violation, but "WIP: my title" will.
+words=wip
+
+[title-match-regex]
+# python like regex (https://docs.python.org/2/library/re.html) that the
+# commit-msg title must be matched to.
+# Note that the regex can contradict with other rules if not used correctly
+# (e.g. title-must-not-contain-word).
+#regex=^US[0-9]*
+
+[max-line-length-with-exceptions]
+# B1 = body-max-line-length
+line-length=72
+
+[body-min-length]
+min-length=3
+
+[body-is-missing]
+# Whether to ignore this rule on merge commits (which typically only have a title)
+# default = True
+ignore-merge-commits=false
+
+[body-changed-file-mention]
+# List of files that need to be explicitly mentioned in the body when they are changed
+# This is useful for when developers often erroneously edit certain files or git submodules.
+# By specifying this rule, developers can only change the file when they explicitly reference
+# it in the commit message.
+#files=gitlint/rules.py,README.md

Jenkinsfile

@@ -0,0 +1,6 @@
+@Library("CI_LIB") _
+
+def pipeline = new ncs.sdk_mcuboot.Main()
+
+pipeline.run(JOB_NAME)
+

boot/boot_serial/src/boot_serial.c

@@ -437,7 +437,7 @@ bs_set(char *buf, int len)
 #endif
 
  zcbor_state_t zsd[4];
- zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1);
+ zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1, NULL, 0);
 
  struct zcbor_map_decode_key_val image_set_state_decode[] = {
  ZCBOR_MAP_DECODE_KEY_DECODER("confirm", zcbor_bool_decode, &confirm),
@@ -655,7 +655,7 @@ bs_upload(char *buf, int len)
 #endif
 
  zcbor_state_t zsd[4];
- zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1);
+ zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1, NULL, 0);
 
  struct zcbor_map_decode_key_val image_upload_decode[] = {
  ZCBOR_MAP_DECODE_KEY_DECODER("image", zcbor_uint32_decode, &img_num_tmp),
@@ -908,7 +908,7 @@ bs_echo(char *buf, int len)
  uint32_t rc = MGMT_ERR_EINVAL;
 
  zcbor_state_t zsd[4];
- zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1);
+ zcbor_new_state(zsd, sizeof(zsd) / sizeof(zcbor_state_t), (uint8_t *)buf, len, 1, NULL, 0);
 
  if (!zcbor_map_start_decode(zsd)) {
  goto out;
@@ -932,7 +932,7 @@ bs_echo(char *buf, int len)
  }
 
  zcbor_map_start_encode(cbor_state, 10);
- zcbor_tstr_put_term(cbor_state, "r");
+ zcbor_tstr_put_lit(cbor_state, "r");
  if (zcbor_tstr_encode(cbor_state, &value) && zcbor_map_end_encode(cbor_state, 10)) {
  boot_serial_output();
  return;

boot/bootutil/include/bootutil/crypto/ecdsa.h

@@ -34,6 +34,7 @@
 
 #if (defined(MCUBOOT_USE_TINYCRYPT) + \
  defined(MCUBOOT_USE_CC310) + \
+ defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \
  defined(MCUBOOT_USE_PSA_OR_MBED_TLS)) != 1
  #error "One crypto backend must be defined: either CC310/TINYCRYPT/MBED_TLS/PSA_CRYPTO"
 #endif
@@ -70,12 +71,18 @@
 #include "bootutil/sign_key.h"
 #include "common.h"
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+ #include <bl_crypto.h>
+ #define NUM_ECC_BYTES (256 / 8)
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 #if (defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || \
- defined(MCUBOOT_USE_CC310)) && !defined(MCUBOOT_USE_PSA_CRYPTO)
+ defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)) \
+ && !defined(MCUBOOT_USE_PSA_CRYPTO)
 /*
  * Declaring these like this adds NULL termination.
  */
@@ -127,8 +134,6 @@ static int bootutil_import_key(uint8_t **cp, uint8_t *end)
 }
 #endif /* (MCUBOOT_USE_TINYCRYPT || MCUBOOT_USE_MBED_TLS || MCUBOOT_USE_CC310) && !MCUBOOT_USE_PSA_CRYPTO */
 
-#if defined(MCUBOOT_USE_TINYCRYPT)
-#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
 /*
  * cp points to ASN1 string containing an integer.
  * Verify the tag, and that the length is 32 bytes. Helper function.
@@ -178,8 +183,8 @@ static int bootutil_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t *cp
  }
  return 0;
 }
-#endif /* not MCUBOOT_ECDSA_NEED_ASN1_SIG */
 
+#if defined(MCUBOOT_USE_TINYCRYPT)
 typedef uintptr_t bootutil_ecdsa_context;
 static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
 {
@@ -248,16 +253,20 @@ static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
 {
  (void)ctx;
  (void)pk_len;
- (void)sig_len;
  (void)hash_len;
+ uint8_t dsig[2 * NUM_ECC_BYTES];
+
+ if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
+ return -1;
+ }
 
  /* Only support uncompressed keys. */
  if (pk[0] != 0x04) {
  return -1;
  }
  pk++;
 
- return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
+ return cc310_ecdsa_verify_secp256r1(hash, pk, dsig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
 }
 
 static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
@@ -594,6 +603,49 @@ static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
 
 #endif /* MCUBOOT_USE_MBED_TLS */
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+typedef uintptr_t bootutil_ecdsa_context;
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash, size_t hash_len,
+ uint8_t *sig, size_t sig_len)
+{
+ (void)ctx;
+ (void)pk_len;
+ (void)hash_len;
+ uint8_t dsig[2 * NUM_ECC_BYTES];
+
+ if (bootutil_decode_sig(dsig, sig, sig + sig_len)) {
+ return -1;
+ }
+
+ /* Only support uncompressed keys. */
+ if (pk[0] != 0x04) {
+ return -1;
+ }
+ pk++;
+
+ return bl_secp256r1_validate(hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, pk, dsig);
+}
+
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+ uint8_t **cp,uint8_t *end)
+{
+ (void)ctx;
+ return bootutil_import_key(cp, end);
+}
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 }
 #endif

boot/bootutil/include/bootutil/crypto/sha.h

@@ -30,6 +30,7 @@
 
 #if (defined(MCUBOOT_USE_PSA_OR_MBED_TLS) + \
  defined(MCUBOOT_USE_TINYCRYPT) + \
+ defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO) + \
  defined(MCUBOOT_USE_CC310)) != 1
  #error "One crypto backend must be defined: either CC310/MBED_TLS/TINYCRYPT/PSA_CRYPTO"
 #endif
@@ -206,6 +207,37 @@ static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
 }
 #endif /* MCUBOOT_USE_CC310 */
 
+#if defined(MCUBOOT_USE_NRF_EXTERNAL_CRYPTO)
+
+#include <bl_crypto.h>
+
+typedef bl_sha256_ctx_t bootutil_sha_context;
+
+static inline void bootutil_sha_init(bootutil_sha_context *ctx)
+{
+ bl_sha256_init(ctx);
+}
+
+static inline void bootutil_sha_drop(bootutil_sha_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline int bootutil_sha_update(bootutil_sha_context *ctx,
+ const void *data,
+ uint32_t data_len)
+{
+ return bl_sha256_update(ctx, data, data_len);
+}
+
+static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
+ uint8_t *output)
+{
+ bl_sha256_finalize(ctx, output);
+ return 0;
+}
+#endif /* MCUBOOT_USE_NRF_EXTERNAL_CRYPTO */
+
 #ifdef __cplusplus
 }
 #endif