[DNM] Upmerge TF-M v2.1.0 Mbed TLS v3.6.0 #333
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update the list of SoCs to support the ESP32-C6. Signed-off-by: Marek Matej <marek.matej@espressif.com>
Add imgtool test call to workflows, use pytest and
publish artifacts with test results.
Also enable test run on 'pull_request', but limit
the previous default imgtool_run.sh run ('environment' job)
to run on 'push' event only (the same behaviour as before).
Signed-off-by: Denis Mingulov <denis@mingulov.com>
keys.KeyClass._emit is able to use 'file' parameter not as a file but some object (not only sys.stdout but io.StringIO, like by tests). Fixed all explicit checks for sys.stdio usage in favor of io.TextIOBase, also improve a single unit test to cover also all the changed methods. Signed-off-by: Denis Mingulov <denis@mingulov.com>
imgtool's dumpinfo depends to pyyaml package, so add it to requirements. Signed-off-by: Denis Mingulov <denis@mingulov.com>
An initial sanity test for imgtool is added, checks different commands for key operations (keygen, getpriv, getpub and getpubhash). Also very basic test for sign / verify is added. Some tests are disabled (marked as 'xfail') due to the missing implementation. Signed-off-by: Denis Mingulov <denis@mingulov.com>
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.16.2 to 1.16.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](sparklemotion/nokogiri@v1.16.2...v1.16.5) --- updated-dependencies: - dependency-name: nokogiri dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
swap_scratch.c requires definition of SLOT1, in single application slot build it's not needed and file would not be used anyway so now it is removed from mynewt build Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
Bumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](ruby/rexml@v3.2.6...v3.2.8) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
1. set BOOT_MAX_IMG_SECTORS value for frmd_mcxn947_qspi. W25Q64 flash on the board is very large (8MB), so we must increase the number of max sectors when targeting this board with MCUboot. 2. Set the zephyr,flash chosen node to point to internal flash as this board supports booting from internal flash only. Signed-off-by: Mahesh Mahadevan <mahesh.mahadevan@nxp.com>
Signed-off-by: David Vincze <david.vincze@arm.com> Change-Id: I69ee2da7637363f5a50b9ef3aa3f0aaf5301714a
Currently encryption supports only private key embed in mcuboot itself. To support MCUBOOT_HW_KEY for image encryption boot_retrieve_private_key() hook is added. This hook helps retrieving private key from trusted sources like OTP, TPM. Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
Signed-off-by: Dinesh Kumar K <dinesh@linumiz.com>
Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: I9c84e544b466c0e041bb947fb4dd3e01b0d38ae5
Fixed hash algorithm defaults to SHA256 in case no key provided. Verification improved by adding check for key - tlv mismatch, VerifyResult.KEY_MISMATCH added to indicate this case. Multiple styling fixes and import optimisation, exception handling. Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: I61a588de5b39678707c0179f4edaa411ceb67c8e
'Measurement Value' added the 'properties' list initially, rather than adding it separately later. Added an assertion to ensure 'Measurement Value' remains as the last item in the 'properties' list Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: I106059c6c903c3d560477d5114d866f48590ad7e
Add support for dumping images with custom tlv Fix uninitialized access to some variables Fix trailer magic detection Fix some linting issues (parenthesis, indentation, spacing) Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: I5b6e1dfa74606e2645a258065dd045cc8c7052c5
Fix trailer info dumping reads pad characters as values for status Refactor printing styled texts and frames Use isinstance() for type checking Fold notice text depending on line length Refactoring some parts for readability Fix additional linting issues Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: I741562bb70b18407bdd32e9c7391048faf6394c6
Main method printed hardcoded versions, update to take argument to enable the possibility of testing version strings by invoking the command through command line. Signed-off-by: Rustam Ismayilov <rustam.ismayilov@arm.com> Change-Id: If75769ef223944865313ed95336e859ebef85fd6
Replace Slack channel links with MCUboot Discord channel as the discussions have moved there. Signed-off-by: David Vincze <david.vincze@arm.com> Change-Id: I132279574e674408dffc9ed377d216775a54fd56
When MCUBOOT_SWAP_SAVE_ENCTLV is enabled, a comparison between a signed and an unsigned integer is made in boot_read_enc_key. This might cause a warning to be emitted at compile-time. Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
This struct was having addresses taken of fields within it, and then being returned. It is platform-specific whether this causes a move. It seems to be working on x86_64, but causes a segfault on aarch64. Box the struct so that it isn't moved after being initialized. Signed-off-by: David Brown <david.brown@linaro.org>
Since there are references to this struct passed to C code, put it into an Rc so that it won't move around when the data is moved. Signed-off-by: David Brown <david.brown@linaro.org>
The symbols injected here cause some kind of poor interaction with the linker on MacOS, which results in most of the code becoming hopelessly corrupt. For now, just disable these symbols on this target. Signed-off-by: David Brown <david.brown@linaro.org>
Many of these extern functions are missing the "C". It doesn't seem to matter on any of our targets, but this does make the code more correct, and might be a problem in the future. Signed-off-by: David Brown <david.brown@linaro.org>
Cargo prints a warning about conflicting resolvers being used. Fix this by explicitly setting the resolver in the project file. Signed-off-by: David Brown <david.brown@linaro.org>
Increase the size of the jmpbuf to accomodate other architectures. Unfortunately, the size of this is not available in the libc crate. Increase this so encompass any platforms we wish to support, including aarch64 on both Linux and MacOS. Increasing an array beyond 32 means there is no default offered, so implement this manually. Signed-off-by: David Brown <david.brown@linaro.org>
The libc assert macro was used in curve25519.c even if the user provided its own definition of the assert macro for MCUboot through mcuboot_assert.h. This commit fixes this issue. Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
In Mbed TLS 3.1, the private fields in the ASN.1 structure were made private. This breaks code that accesses these private macros. Fix this by changing the ASN.1 specific code to use a new field accessor `ASN1_CONTEXT_MEMBER` that will be conditionally defined based on the version of Mbed TLS that is present. Signed-off-by: David Brown <david.brown@linaro.org>
This reverts commit 0fa4627. This breaks: samples/synchronization/sample.kernel.synchronization on b_u585i_iot02a/stm32u585xx/ns error as this TF-M configuration uses its own keys. This change is an API change that needs to be coordinated with TF-M changes. Before this revert, compiling this test results in: .../encrypted.c:447: undefined reference to `boot_enc_retrieve_private_key` Signed-off-by: David Brown <david.brown@linaro.org>
Fixes building MCUboot for this board Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Puts the flash simulation configurtion into cache variables that can be used by other applications and CMake code to know specifics on the simulated flash details Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit af27205)
This removes the `return;` to ensure that the application is booted even if EXT_ABI is not provided to the application because it does not include `FW_INFO`. Added a bit more description to the error messages when FW_INFO is not found and EXT_ABI is not able to be provided to the next image. Ref. NCSDK-24132 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 41cc274)
For nRF53, the only existing version number metadata is stored in the `firmware_info` structure in the network core. This utilizes PCD to read out the version number and compares it against the version number found in the secondary slot for the network core. Ref. NCSDK-21379 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 8e91ec1)
Change disables GPIO interrupt support in Zephyr GPIO driver, which is not obligatory for MCUboot. This is needed to reduce memory footprint. Signed-off-by: Nikodem Kastelik <nikodem.kastelik@nordicsemi.no> (cherry picked from commit 86af2de)
Added configuration which allows to build MCUboot for nrf54l15pdk_nrf54l15_cpuapp with external flash used for the secondary slot. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 78bc87c)
Seems multi-image dependencies are not supported for multi-image in NCS yet. This is a workaround which reverts some lines to restore previous MCUboot behavior, so that Immutable bootloader + MCUBoot type builds will work. Ref. NCSDK-8681 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 4ce3844)
Fixes a missing PCD define check, an image might have the network core partition layout set but if PCD support is not enabled then it should not assume that PCD support is part of mcuboot. Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 150a1d4)
This adds support for using both NSIB and the multi-image configuration in MCUboot. Before this was not possible due to upgradable bootloader support through NSIB was using the `UPDATEABLE_IMAGE_NUMBER` configuration to update the updateable bootloader. In this commit we change from using `FLASH_AREA_IMAGE_PRIMARY` to get the flash area ID to using the bootloader state where we set the flash area ID of the free updatable bootloader slot if the image is intended for this slot. Ref. NCSDK-19223 Ref. NCSDK-23305 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 3ec5084)
Making sysflash.h and pm_sysflash.h more readable. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 51b7a3f)
The commit modifies pm_sysflash.h to add support for three application images. Ref. NCSDK-19223 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> (cherry picked from commit 9c67351)
Added procedure which clean-up content of all the secondary slot which contains valid header but couldn't be assigned to any of supported primary images. This behavior is needed when configuration allows to use one secondary slot for collecting image for multiple primary slots. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 8f4b472)
FPROTECT is not suppored yet for nrf54l15. Signed-off-by: Grzegorz Chwierut <grzegorz.chwierut@nordicsemi.no> Signed-off-by: Gerard Marull-Paretas <gerard@teslabs.com> (cherry picked from commit 0b5810d)
Move ifdefs just to not add code for cleanup unusable slot when direct xip mode is enabled to avoid warnings. Signed-off-by: Grzegorz Chwierut <grzegorz.chwierut@nordicsemi.no> (cherry picked from commit 650d11c)
fixup! [nrf noup] zephyr: Clean up non-secure RAM if enabled Add support for nrf54l15 UARTE20 and UARTE30. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 0611b4c)
Added DTS with partitioning which involves external flash as place for slo1_partition. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit efe6681)
This patch supplements the configuration for external flash so MCUboot can be build with FILE_SUFFIX="ext_flash" for the nrf54l15pdk instead of explicitly configuration specification. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 3131c92)
This patch disbales MCUBoot logging and enables serial recovery for the Thingy:91. Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no> Signed-off-by: Bernt Johan Damslora <bernt.damslora@nordicsemi.no> (cherry picked from commit f67a11a)
Mcuboot's boot banner should not be used if NCS boot banner is enabled. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> (cherry picked from commit 7b018cb)
By the upstream patch the vt get now the pointer to the copy of the arm_vector instead of original. This patch fixes address of the firmware which is to be taken by the fw_info_find. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 3be724f)
…t vector This is revert of upstream commit 453096b which was supposed to allow picking interrupt vector table from flash area but the whole modification unfortunately misunderstood difference between flash device ID and flash area ID. The commit is not important for sdk-nrf and requires re-design and fixing upstream. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit f1e1675)
Disabled at last optional EXT_API when external-crypto is enabled. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 1d02303)
Align to changes in DTS: renamed: rram0 -> cpuapp_rram sized up cpauapp_rram region szie as part of it was reserved for cpuflpr_rram (which is not used by this config). Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit f1c2b8c)
Adds a boot banner which shows as MCUboot Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 6869a65)
This patch introduces skip on checking downgrade for s1/s0 upgrade image (chain-loaded by NSIB). which is used for upgrade MCUboot instance itself. Reason is that sdk-mcuboot has not access to semantic version of its own image. I also shouldn't touch HW counter used for hardware downgrade prevention for the application image (which was the case). HW counters for s0/s1 image are owned by NSIB because its role is to prevnt dongrades of s0/s1 MCUboot. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 776ee26)
As this is MCUboot updating itself, it should reboot the device so NSIB will chainload the update MCUboot Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> (cherry picked from commit 8541955)
fixup! [nrf noup] zephyr: add 'minimal' configuration files Removes setting a now removed Kconfig option Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issues with wrongly checking the network core reset address Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
FPROTECT is not suppored for nrf54l15dk. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
…CTORS_AUTO Automatic calculation are based on DTS data which are no the right source on partition layout in case Partition manager does the partitioning. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
frkv
force-pushed
the
upmerge-TF-M-2.1-mbedtls-3.6
branch
from
c71ed2f
to
8aebcf7
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds a WIP commit needed to resolve a deprecation warning for zephyr include for the upmerge bringing in TF-M v2.1.0 and Mbed TLS 3.6.0