├── .github └── workflows │ ├── backport.yml │ ├── commit-tags.yml │ ├── espressif.yaml │ ├── fih_tests.yaml │ ├── imgtool.yaml │ ├── issue.yml │ ├── issue_closed.yml │ ├── mynewt.yaml │ ├── sim.yaml │ ├── stale_issue.yml │ └── zephyr_build.yaml ├── .gitignore ├── .gitmodules ├── .mbedignore ├── .travis.yml-disabled ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── Cargo.lock ├── Cargo.toml ├── LICENSE ├── NOTICE ├── README.md ├── boot ├── boot_serial │ ├── include │ │ └── boot_serial │ │ │ ├── boot_serial.h │ │ │ └── boot_serial_encryption.h │ ├── pkg.yml │ ├── src │ │ ├── boot_serial.c │ │ ├── boot_serial_encryption.c │ │ ├── boot_serial_priv.h │ │ ├── zcbor_bulk.c │ │ └── zcbor_bulk.h │ ├── syscfg.yml │ └── test │ │ ├── pkg.yml │ │ ├── src │ │ ├── boot_test.c │ │ ├── boot_test.h │ │ └── testcases │ │ │ ├── boot_serial_empty_img_msg.c │ │ │ ├── boot_serial_empty_msg.c │ │ │ ├── boot_serial_img_msg.c │ │ │ ├── boot_serial_setup.c │ │ │ └── boot_serial_upload_bigger_image.c │ │ └── syscfg.yml ├── bootutil │ ├── CMakeLists.txt │ ├── include │ │ └── bootutil │ │ │ ├── bench.h │ │ │ ├── boot_hooks.h │ │ │ ├── boot_public_hooks.h │ │ │ ├── boot_record.h │ │ │ ├── boot_status.h │ │ │ ├── bootutil.h │ │ │ ├── bootutil_log.h │ │ │ ├── bootutil_macros.h │ │ │ ├── bootutil_public.h │ │ │ ├── bootutil_test.h │ │ │ ├── caps.h │ │ │ ├── crypto │ │ │ ├── aes_ctr.h │ │ │ ├── aes_kw.h │ │ │ ├── common.h │ │ │ ├── ecdh_p256.h │ │ │ ├── ecdh_x25519.h │ │ │ ├── ecdsa.h │ │ │ ├── hmac_sha256.h │ │ │ ├── rsa.h │ │ │ └── sha.h │ │ │ ├── enc_key.h │ │ │ ├── enc_key_public.h │ │ │ ├── fault_injection_hardening.h │ │ │ ├── fault_injection_hardening_delay_rng.h │ │ │ ├── ignore.h │ │ │ ├── image.h │ │ │ ├── key_revocation.h │ │ │ ├── mcuboot_status.h │ │ │ ├── ramload.h │ │ │ ├── security_cnt.h │ │ │ └── sign_key.h │ ├── pkg.yml │ ├── src │ │ ├── boot_record.c │ │ ├── bootutil_misc.c │ │ ├── bootutil_misc.h │ │ ├── bootutil_priv.h │ │ ├── bootutil_public.c │ │ ├── caps.c │ │ ├── ed25519_psa.c │ │ ├── encrypted.c │ │ ├── encrypted_psa.c │ │ ├── fault_injection_hardening.c │ │ ├── fault_injection_hardening_delay_rng_mbedtls.c │ │ ├── image_ecdsa.c │ │ ├── image_ed25519.c │ │ ├── image_rsa.c │ │ ├── image_validate.c │ │ ├── key_revocation.c │ │ ├── loader.c │ │ ├── ram_load.c │ │ ├── swap_misc.c │ │ ├── swap_move.c │ │ ├── swap_nsib.c │ │ ├── swap_offset.c │ │ ├── swap_priv.h │ │ ├── swap_scratch.c │ │ └── tlv.c │ └── zephyr │ │ └── CMakeLists.txt ├── cypress │ ├── .gitignore │ ├── BlinkyApp │ │ ├── BlinkyApp.mk │ │ ├── BlinkyApp_CM4_Debug.launch │ │ ├── Readme.md │ │ ├── libs.mk │ │ ├── linker │ │ │ └── BlinkyApp_template.ld │ │ ├── main.c │ │ └── main.h │ ├── MCUBootApp │ │ ├── ExternalMemory.md │ │ ├── MCUBootApp.ld │ │ ├── MCUBootApp.mk │ │ ├── MCUBootApp_CM0P_Debug.launch │ │ ├── README.md │ │ ├── config │ │ │ ├── mcuboot_config │ │ │ │ ├── mcuboot_assert.h │ │ │ │ ├── mcuboot_config.h │ │ │ │ └── mcuboot_logging.h │ │ │ ├── mcuboot_crypto_acc_config.h │ │ │ └── mcuboot_crypto_config.h │ │ ├── cy_security_cnt.c │ │ ├── cy_serial_flash_prog.c │ │ ├── keys.c │ │ ├── libs.mk │ │ ├── main.c │ │ ├── os │ │ │ ├── os.h │ │ │ ├── os_heap.h │ │ │ └── os_malloc.h │ │ └── sysflash │ │ │ └── sysflash.h │ ├── Makefile │ ├── README.md │ ├── common_libs.mk │ ├── cy_flash_pal │ │ ├── cy_flash_map.c │ │ ├── cy_smif_psoc6.c │ │ ├── flash_qspi │ │ │ ├── flash_qspi.c │ │ │ └── flash_qspi.h │ │ └── include │ │ │ ├── cy_smif_psoc6.h │ │ │ └── flash_map_backend │ │ │ └── flash_map_backend.h │ ├── host.mk │ ├── keys │ │ ├── cypress-test-ec-p256.pem │ │ └── cypress-test-ec-p256.pub │ ├── libs │ │ ├── retarget_io_pdl │ │ │ ├── cy_retarget_io_pdl.c │ │ │ └── cy_retarget_io_pdl.h │ │ └── watchdog │ │ │ ├── watchdog.c │ │ │ └── watchdog.h │ ├── platforms.mk │ ├── platforms │ │ ├── PSOC_062_2M │ │ │ ├── CM0P │ │ │ │ └── GCC_ARM │ │ │ │ │ ├── cy8c6xxa_cm0plus.ld │ │ │ │ │ └── startup_psoc6_02_cm0plus.S │ │ │ └── CM4 │ │ │ │ └── GCC_ARM │ │ │ │ ├── cy8c6xxa_cm4_dual.ld │ │ │ │ └── startup_psoc6_02_cm4.S │ │ ├── cycfg.c │ │ ├── cycfg.h │ │ ├── cycfg_clocks.c │ │ ├── cycfg_clocks.h │ │ ├── cycfg_peripherals.c │ │ ├── cycfg_peripherals.h │ │ ├── cycfg_pins.c │ │ ├── cycfg_pins.h │ │ ├── cycfg_routing.c │ │ ├── cycfg_routing.h │ │ ├── cycfg_system.c │ │ ├── cycfg_system.h │ │ └── retarget_io_pdl │ │ │ ├── cy_retarget_io_pdl.c │ │ │ └── cy_retarget_io_pdl.h │ └── toolchains.mk ├── espressif │ ├── CMakeLists.txt │ ├── ci_configs │ │ ├── multi-boot.conf │ │ ├── multi-image.conf │ │ ├── secureboot-sign-ec256.conf │ │ ├── secureboot-sign-ed25519.conf │ │ ├── secureboot-sign-rsa2048.conf │ │ ├── secureboot-sign-rsa3072.conf │ │ └── serialrecovery.conf │ ├── hal │ │ ├── CMakeLists.txt │ │ ├── include │ │ │ ├── app_cpu_start.h │ │ │ ├── bootloader_wdt.h │ │ │ ├── esp32 │ │ │ │ ├── esp32.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32c2 │ │ │ │ ├── esp32c2.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32c3 │ │ │ │ ├── esp32c3.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32c6 │ │ │ │ ├── esp32c6.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32h2 │ │ │ │ ├── esp32h2.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32s2 │ │ │ │ ├── esp32s2.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp32s3 │ │ │ │ ├── esp32s3.cmake │ │ │ │ └── sdkconfig.h │ │ │ ├── esp_log.h │ │ │ ├── esp_mcuboot_image.h │ │ │ ├── mcuboot_config │ │ │ │ ├── mcuboot_assert.h │ │ │ │ ├── mcuboot_config.h │ │ │ │ └── mcuboot_logging.h │ │ │ └── soc_log.h │ │ └── src │ │ │ ├── bootloader_banner.c │ │ │ ├── bootloader_wdt.c │ │ │ ├── esp32 │ │ │ ├── app_cpu_start.c │ │ │ └── console_uart_custom.c │ │ │ ├── esp32c2 │ │ │ └── console_uart_custom.c │ │ │ ├── esp32c3 │ │ │ └── console_uart_custom.c │ │ │ ├── esp32c6 │ │ │ └── console_uart_custom.c │ │ │ ├── esp32h2 │ │ │ └── console_uart_custom.c │ │ │ ├── esp32s3 │ │ │ └── app_cpu_start.c │ │ │ ├── flash_encrypt.c │ │ │ └── secure_boot.c │ ├── include │ │ ├── crypto_config │ │ │ ├── ec256.cmake │ │ │ ├── ed25519.cmake │ │ │ ├── mbedtls_custom_config.h │ │ │ └── rsa.cmake │ │ ├── esp_loader.h │ │ ├── flash_map_backend │ │ │ └── flash_map_backend.h │ │ ├── os │ │ │ ├── os.h │ │ │ └── os_malloc.h │ │ ├── serial_adapter │ │ │ └── serial_adapter.h │ │ └── sysflash │ │ │ └── sysflash.h │ ├── keys.c │ ├── main.c │ ├── os.c │ ├── port │ │ ├── esp32 │ │ │ ├── bootloader-multi.conf │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32c2 │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32c3 │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32c6 │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32h2 │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32s2 │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp32s3 │ │ │ ├── bootloader-multi.conf │ │ │ ├── bootloader.conf │ │ │ ├── ld │ │ │ │ └── bootloader.ld │ │ │ └── serial_adapter.c │ │ ├── esp_loader.c │ │ └── esp_mcuboot.c │ └── tools │ │ ├── toolchain-esp32.cmake │ │ ├── toolchain-esp32c2.cmake │ │ ├── toolchain-esp32c3.cmake │ │ ├── toolchain-esp32c6.cmake │ │ ├── toolchain-esp32h2.cmake │ │ ├── toolchain-esp32s2.cmake │ │ ├── toolchain-esp32s3.cmake │ │ └── utils.cmake ├── mbed │ ├── CMakeLists.txt │ ├── app_enc_keys.c │ ├── include │ │ ├── flash_map_backend │ │ │ ├── flash_map_backend.h │ │ │ └── secondary_bd.h │ │ ├── mcuboot_config │ │ │ ├── mcuboot_assert.h │ │ │ ├── mcuboot_config.h │ │ │ └── mcuboot_logging.h │ │ ├── os │ │ │ └── os_malloc.h │ │ ├── sysflash │ │ │ └── sysflash.h │ │ └── utils │ │ │ ├── DataShare.cpp │ │ │ └── DataShare.h │ ├── mbed_lib.json │ ├── mcuboot_imgtool.cmake │ ├── mcuboot_main.cpp │ └── src │ │ ├── flash_map_backend.cpp │ │ └── secondary_bd.cpp ├── mynewt │ ├── README.md │ ├── boot_uart │ │ ├── include │ │ │ └── boot_uart │ │ │ │ └── boot_uart.h │ │ ├── pkg.yml │ │ ├── src │ │ │ └── boot_uart.c │ │ └── syscfg.yml │ ├── flash_map_backend │ │ ├── include │ │ │ └── flash_map_backend │ │ │ │ └── flash_map_backend.h │ │ ├── pkg.yml │ │ └── src │ │ │ └── flash_map_extended.c │ ├── mcuboot_config │ │ ├── include │ │ │ └── mcuboot_config │ │ │ │ ├── mcuboot_config.h │ │ │ │ └── mcuboot_logging.h │ │ ├── pkg.yml │ │ └── syscfg.yml │ ├── pkg.yml │ ├── src │ │ ├── main.c │ │ └── single_loader.c │ └── syscfg.yml ├── nuttx │ ├── include │ │ ├── flash_map_backend │ │ │ └── flash_map_backend.h │ │ ├── mcuboot_config │ │ │ ├── mcuboot_config.h │ │ │ └── mcuboot_logging.h │ │ ├── os │ │ │ └── os_malloc.h │ │ ├── sysflash │ │ │ └── sysflash.h │ │ └── watchdog │ │ │ └── watchdog.h │ ├── main.c │ └── src │ │ ├── flash_map_backend │ │ └── flash_map_backend.c │ │ └── watchdog │ │ └── watchdog.c ├── zcbor │ ├── add_zcbor_copy_version.sh │ ├── include │ │ ├── zcbor_common.h │ │ ├── zcbor_decode.h │ │ ├── zcbor_encode.h │ │ ├── zcbor_print.h │ │ └── zcbor_tags.h │ ├── pkg.yml │ └── src │ │ ├── zcbor_common.c │ │ ├── zcbor_decode.c │ │ └── zcbor_encode.c └── zephyr │ ├── CMakeLists.txt │ ├── Kconfig │ ├── Kconfig.firmware_loader │ ├── Kconfig.serial_recovery │ ├── VERSION │ ├── app.overlay │ ├── arm_cleanup.c │ ├── boards │ ├── actinius_icarus_bee_nrf9160.conf │ ├── actinius_icarus_nrf9160.conf │ ├── actinius_icarus_som_dk_nrf9160.conf │ ├── actinius_icarus_som_nrf9160.conf │ ├── bl5340_dvk_nrf5340_cpuapp.conf │ ├── circuitdojo_feather_nrf9160.conf │ ├── conexio_stratus.conf │ ├── conexio_stratus_pro.conf │ ├── ctcc_nrf52840.conf │ ├── ctcc_nrf9161.conf │ ├── disco_l475_iot1_stm32l475xx.conf │ ├── flash_sim_driver.conf │ ├── frdm_k64f_mk64f12.conf │ ├── frdm_mcxa156.conf │ ├── frdm_mcxn236.conf │ ├── frdm_mcxn947_mcxn947_cpu0.conf │ ├── frdm_mcxn947_mcxn947_cpu0_qspi.conf │ ├── frdm_mcxn947_mcxn947_cpu0_qspi.overlay │ ├── lpcxpresso55s06_lpc55s06.conf │ ├── lpcxpresso55s16_lpc55s16.conf │ ├── lpcxpresso55s28_lpc55s28.conf │ ├── lpcxpresso55s36_lpc55s36.conf │ ├── lpcxpresso55s69_lpc55s69_cpu0.conf │ ├── m5stack_cores3_esp32s3_procpu.overlay │ ├── m5stack_cores3_esp32s3_procpu_se.overlay │ ├── mcx_n9xx_evk_mcxn947_cpu0.conf │ ├── mcx_n9xx_evk_mcxn947_cpu0_qspi.conf │ ├── mcx_n9xx_evk_mcxn947_cpu0_qspi.overlay │ ├── nrf51dk_nrf51822.conf │ ├── nrf52840_big.overlay │ ├── nrf52840_single_slot.overlay │ ├── nrf52840dk_hooks_sample_overlay.conf │ ├── nrf52840dk_nrf52840.conf │ ├── nrf52840dk_qspi_nor.conf │ ├── nrf52840dk_qspi_nor_secondary.overlay │ ├── nrf52840dk_qspi_secondary_boot.conf │ ├── nrf52840dk_ram.overlay │ ├── nrf52840dk_ram_multi.overlay │ ├── nrf52840dongle_nrf52840.conf │ ├── nrf52_minimal_footprint.conf │ ├── nrf5340dk_nrf5340_cpuapp_minimal.conf │ ├── nrf54h20dk_nrf54h20_cpuapp_iron.conf │ ├── nrf54l15dk_nrf54l05_cpuapp.conf │ ├── nrf54l15dk_nrf54l10_cpuapp.conf │ ├── nrf54l15dk_nrf54l15_cpuapp.conf │ ├── nrf54l15dk_nrf54l15_cpuapp_ext_flash.conf │ ├── nrf54l15dk_nrf54l15_cpuapp_ext_flash.overlay │ ├── nrf54l15pdk_nrf54l15_cpuapp.conf │ ├── nrf54l15pdk_nrf54l15_cpuapp_ext_flash.conf │ ├── nrf54l15pdk_nrf54l15_cpuapp_ext_flash.overlay │ ├── nrf54lm20pdk_nrf54lm20a_cpuapp.conf │ ├── nrf7002dk_nrf5340_cpuapp.conf │ ├── nrf9161dk_nrf9161_0_7_0.conf │ ├── odroid_go_esp32_procpu.conf │ ├── pinnacle_100_dvk_nrf52840.conf │ ├── sparkfun_thing_plus_nrf9160.conf │ ├── thingy52_nrf52832.conf │ ├── thingy53_nrf5340_cpuapp.conf │ ├── thingy91_nrf52840.conf │ ├── thingy91_nrf9160.conf │ ├── thingy91x_nrf5340_cpuapp.conf │ ├── thingy91x_nrf9151.conf │ ├── thingy91x_nrf9151.overlay │ ├── tlsr9518adk80d_tlsr9518.conf │ └── vmu_rt1170_mimxrt1176_cm7.conf │ ├── boot_serial_extension_zephyr_basic.c │ ├── boot_serial_extensions.c │ ├── decompression.c │ ├── external_crypto.conf │ ├── firmware_loader.c │ ├── flash_check.c │ ├── flash_map_extended.c │ ├── flash_map_legacy.c │ ├── hooks_sample.c │ ├── include │ ├── arm_cleanup.h │ ├── boot_serial │ │ ├── boot_serial.ld │ │ └── boot_serial_extensions.h │ ├── compression │ │ └── decompression.h │ ├── config-asn1.h │ ├── config-ec.h │ ├── config-ed25519.h │ ├── config-kw.h │ ├── config-rsa-kw.h │ ├── config-rsa.h │ ├── flash_map_backend │ │ └── flash_map_backend.h │ ├── hal │ │ ├── hal_bsp.h │ │ └── hal_flash.h │ ├── io │ │ └── io.h │ ├── mcuboot-mbedtls-cfg.h │ ├── mcuboot_config │ │ ├── mcuboot_config.h │ │ └── mcuboot_logging.h │ ├── nrf_cleanup.h │ ├── os │ │ ├── os.h │ │ ├── os_heap.h │ │ └── os_malloc.h │ ├── platform-bench.h │ ├── serial_adapter │ │ └── serial_adapter.h │ ├── sysflash │ │ ├── pm_sysflash.h │ │ └── sysflash.h │ └── target.h │ ├── io.c │ ├── kernel │ └── banner.c │ ├── keys.c │ ├── main.c │ ├── nrf52840dk_nrf52840_cc310_ecdsa.conf │ ├── nrf_cleanup.c │ ├── os.c │ ├── pm.yml │ ├── prj.conf │ ├── prj_minimal.conf │ ├── ram_load.conf │ ├── sample.yaml │ ├── serial_adapter.c │ ├── serial_recovery.conf │ ├── shared_data.c │ ├── single_loader.c │ ├── single_slot.conf │ ├── socs │ ├── esp32_procpu.conf │ ├── esp32c2.conf │ ├── esp32c3.conf │ ├── esp32c6.conf │ ├── esp32s2.conf │ ├── esp32s3_procpu.conf │ └── nrf54l15_cpuapp.conf │ ├── swap_offset.conf │ ├── sysbuild │ └── CMakeLists.txt │ ├── usb_cdc_acm.overlay │ ├── usb_cdc_acm_log_recovery.conf │ └── usb_cdc_acm_recovery.conf ├── ci ├── check-signed-off-by.sh ├── compare_versions.py ├── espressif_install.sh ├── espressif_run.sh ├── fih-tests_install.sh ├── fih-tests_run.sh ├── fih-tests_version.sh ├── fih_test_docker │ ├── damage_image.py │ ├── docker-build │ │ ├── Dockerfile │ │ └── build.sh │ ├── execute_test.sh │ ├── fi_make_manifest.sh │ ├── fi_tester_gdb.sh │ ├── generate_test_report.py │ ├── paths.sh │ ├── run_fi_test.sh │ ├── utils.py │ └── validate_output.py ├── get_features.py ├── imgtool_install.sh ├── imgtool_run.sh ├── mynewt_install.sh ├── mynewt_keys │ ├── enc_kw │ │ ├── pkg.yml │ │ └── src │ │ │ └── keys.c │ └── enc_rsa │ │ ├── pkg.yml │ │ └── src │ │ └── keys.c ├── mynewt_project.yml ├── mynewt_run.sh ├── mynewt_targets │ ├── basic │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── bootserial │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── ecdsa │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── ecdsa_kw │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── rsa │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── rsa_kw │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── rsa_overwriteonly │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── rsa_rsaoaep │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ ├── rsa_rsaoaep_bootstrap │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml │ └── swap_move │ │ ├── pkg.yml │ │ ├── syscfg.yml │ │ └── target.yml ├── requirements.txt ├── sim_install.sh └── sim_run.sh ├── docs ├── .gitignore ├── CNAME ├── Gemfile ├── Gemfile.lock ├── PORTING.md ├── SECURITY.md ├── SubmittingPatches.md ├── _config.yml ├── compression_format.md ├── design.md ├── ecdsa.md ├── encrypted_images.md ├── images │ └── decomp.png ├── imgtool.md ├── index.md ├── readme-espressif.md ├── readme-mbed.md ├── readme-mynewt.md ├── readme-nuttx.md ├── readme-riot.md ├── readme-zephyr.md ├── release-notes.d │ └── 00readme.md ├── release-notes.md ├── release.md ├── serial_recovery.md ├── signed_images.md ├── testplan-mynewt.md └── testplan-zephyr.md ├── enc-aes128kw.b64 ├── enc-aes256kw.b64 ├── enc-ec256-priv.pem ├── enc-ec256-pub.pem ├── enc-rsa2048-priv.pem ├── enc-rsa2048-pub.pem ├── enc-x25519-priv.pem ├── enc-x25519-pub.pem ├── ext ├── fiat │ ├── LICENSE │ ├── METADATA │ ├── README.chromium │ ├── README.md │ ├── pkg.yml │ └── src │ │ ├── curve25519.c │ │ ├── curve25519.h │ │ └── curve25519_tables.h ├── mbedtls-asn1 │ ├── README │ ├── include │ │ ├── common.h │ │ └── mbedtls │ │ │ ├── asn1.h │ │ │ ├── bignum.h │ │ │ ├── build_info.h │ │ │ ├── check_config.h │ │ │ ├── ecdsa.h │ │ │ ├── ecp.h │ │ │ ├── error.h │ │ │ ├── mbedtls_config.h │ │ │ ├── md.h │ │ │ ├── oid.h │ │ │ ├── pk.h │ │ │ ├── platform.h │ │ │ ├── platform_util.h │ │ │ ├── private_access.h │ │ │ ├── rsa.h │ │ │ ├── threading.h │ │ │ └── version.h │ ├── pkg.yml │ └── src │ │ ├── asn1parse.c │ │ └── platform_util.c ├── nrf │ ├── README.md │ ├── cc310_glue.c │ └── cc310_glue.h ├── tinycrypt-sha512 │ └── lib │ │ ├── include │ │ └── tinycrypt │ │ │ └── sha512.h │ │ ├── pkg.yml │ │ └── source │ │ └── sha512.c └── tinycrypt │ ├── .gitignore │ ├── AUTHORS │ ├── LICENSE │ ├── Makefile │ ├── README │ ├── VERSION │ ├── config.mk │ ├── documentation │ └── tinycrypt.rst │ ├── lib │ ├── Makefile │ ├── include │ │ └── tinycrypt │ │ │ ├── aes.h │ │ │ ├── cbc_mode.h │ │ │ ├── ccm_mode.h │ │ │ ├── cmac_mode.h │ │ │ ├── constants.h │ │ │ ├── ctr_mode.h │ │ │ ├── ctr_prng.h │ │ │ ├── ecc.h │ │ │ ├── ecc_dh.h │ │ │ ├── ecc_dsa.h │ │ │ ├── ecc_platform_specific.h │ │ │ ├── hmac.h │ │ │ ├── hmac_prng.h │ │ │ ├── sha256.h │ │ │ └── utils.h │ ├── pkg.yml │ └── source │ │ ├── aes_decrypt.c │ │ ├── aes_encrypt.c │ │ ├── cbc_mode.c │ │ ├── ccm_mode.c │ │ ├── cmac_mode.c │ │ ├── ctr_mode.c │ │ ├── ctr_prng.c │ │ ├── ecc.c │ │ ├── ecc_dh.c │ │ ├── ecc_dsa.c │ │ ├── ecc_platform_specific.c │ │ ├── hmac.c │ │ ├── hmac_prng.c │ │ ├── sha256.c │ │ └── utils.c │ └── tests │ ├── Makefile │ ├── include │ ├── test_ecc_utils.h │ └── test_utils.h │ ├── pseudo-random-data.bin │ ├── test_aes.c │ ├── test_cbc_mode.c │ ├── test_ccm_mode.c │ ├── test_cmac_mode.c │ ├── test_ctr_mode.c │ ├── test_ctr_prng.c │ ├── test_ecc_dh.c │ ├── test_ecc_dsa.c │ ├── test_ecc_utils.c │ ├── test_hmac.c │ ├── test_hmac_prng.c │ └── test_sha256.c ├── go.mod ├── project.yml ├── ptest ├── .gitignore ├── Cargo.lock ├── Cargo.toml └── src │ └── main.rs ├── repository.yml ├── root-ec-p256-pkcs8.pem ├── root-ec-p256.pem ├── root-ec-p384-pkcs8.pem ├── root-ec-p384.pem ├── root-ed25519.pem ├── root-rsa-2048.pem ├── root-rsa-3072.pem ├── samples ├── compression_test │ ├── README.txt │ └── independent_cmp.c ├── mcuboot_config │ └── mcuboot_config.template.h ├── runtime-source │ └── zephyr │ │ ├── README.md │ │ ├── app │ │ ├── CMakeLists.txt │ │ ├── boards │ │ │ └── frdm_k64f.overlay │ │ ├── prj.conf │ │ ├── sample.yaml │ │ └── src │ │ │ └── main.c │ │ ├── hooks │ │ ├── CMakeLists.txt │ │ ├── hooks.c │ │ └── zephyr │ │ │ └── module.yml │ │ └── sample.conf └── zephyr │ ├── .gitignore │ ├── Makefile │ ├── README.md │ ├── bad-keys │ ├── README.md │ ├── bad-ec-p256.pem │ └── bad-rsa-2048.pem │ ├── build-boot.sh │ ├── build-hello.sh │ ├── hello-world │ ├── CMakeLists.txt │ ├── README.rst │ ├── boards │ │ ├── .gitignore │ │ └── README.rst │ ├── prj.conf │ ├── sample.yaml │ ├── src │ │ ├── Makefile │ │ └── main.c │ └── sysbuild.conf │ ├── mcutests │ └── mcutests.go │ ├── overlay-ecdsa-p256.conf │ ├── overlay-rsa.conf │ ├── overlay-skip-primary-slot-validate.conf │ ├── overlay-upgrade-only.conf │ ├── run-tests.go │ ├── run-tests.sh │ └── test-compile.go ├── scripts ├── assemble.py ├── flash.sh ├── gdb-boot.sh ├── imgtool.nix ├── imgtool.py ├── imgtool │ ├── __init__.py │ ├── boot_record.py │ ├── dumpinfo.py │ ├── image.py │ ├── keys │ │ ├── __init__.py │ │ ├── ecdsa.py │ │ ├── ecdsa_test.py │ │ ├── ed25519.py │ │ ├── ed25519_test.py │ │ ├── general.py │ │ ├── privatebytes.py │ │ ├── rsa.py │ │ ├── rsa_test.py │ │ └── x25519.py │ ├── main.py │ └── version.py ├── jgdb.sh ├── jl.sh ├── mcubin.bt ├── requirements.txt ├── setup.py └── tests │ ├── conftest.py │ ├── test_commands.py │ ├── test_compression.py │ └── test_keys.py ├── sim ├── .gitignore ├── Cargo.toml ├── README.rst ├── mcuboot-sys │ ├── .gitignore │ ├── Cargo.toml │ ├── build.rs │ ├── csupport │ │ ├── bootsim.h │ │ ├── config-add-psa-crypto.h │ │ ├── config-asn1.h │ │ ├── config-ec-psa.h │ │ ├── config-ec.h │ │ ├── config-ed25519.h │ │ ├── config-kw.h │ │ ├── config-rsa-kw.h │ │ ├── config-rsa.h │ │ ├── devicetree.h │ │ ├── flash_map_backend │ │ │ └── flash_map_backend.h │ │ ├── keys.c │ │ ├── mcuboot_config │ │ │ ├── mcuboot_assert.h │ │ │ ├── mcuboot_config.h │ │ │ └── mcuboot_logging.h │ │ ├── os │ │ │ ├── os_heap.h │ │ │ └── os_malloc.h │ │ ├── psa_crypto_init_stub.c │ │ ├── run.c │ │ ├── security_cnt.c │ │ ├── storage │ │ │ └── flash_map.h │ │ └── sysflash │ │ │ └── sysflash.h │ └── src │ │ ├── api.rs │ │ ├── area.rs │ │ ├── c.rs │ │ └── lib.rs ├── simflash │ ├── .gitignore │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ └── pdump.rs ├── src │ ├── caps.rs │ ├── depends.rs │ ├── ecdsa_pub_key-rs.txt │ ├── ed25519_pub_key-rs.txt │ ├── image.rs │ ├── lib.rs │ ├── main.rs │ ├── rsa3072_pub_key-rs.txt │ ├── rsa_pub_key-rs.txt │ ├── testlog.rs │ ├── tlv.rs │ └── utils.rs └── tests │ └── core.rs ├── testplan └── mynewt │ ├── Makefile │ ├── apps │ ├── blinky │ │ ├── pkg.yml │ │ ├── src │ │ │ └── main.c │ │ └── syscfg.yml │ └── slinky │ │ ├── pkg.yml │ │ ├── src │ │ ├── main.c │ │ └── random_data.c │ │ └── syscfg.yml │ ├── key_ec.pem │ ├── key_ec256.pem │ ├── key_ec256_2.pem │ ├── key_ec_2.pem │ ├── key_rsa.pem │ ├── key_rsa_2.pem │ ├── keys │ ├── ec256 │ │ ├── pkg.yml │ │ └── src │ │ │ └── keys.c │ ├── pkg.yml │ └── rsa │ │ ├── pkg.yml │ │ └── src │ │ └── keys.c │ └── project.yml └── zephyr ├── module.yml └── requirements.txt /.github/workflows/backport.yml: -------------------------------------------------------------------------------- 1 | name: Backport 2 | on: 3 | pull_request_target: 4 | types: 5 | - closed 6 | - labeled 7 | branches: 8 | - main 9 | 10 | jobs: 11 | backport: 12 | name: Backport 13 | runs-on: ubuntu-22.04 14 | # Only react to merged PRs for security reasons. 15 | # See https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target. 16 | if: > 17 | github.event.pull_request.merged && 18 | ( 19 | github.event.action == 'closed' || 20 | ( 21 | github.event.action == 'labeled' && 22 | contains(github.event.label.name, 'backport') 23 | ) 24 | ) 25 | steps: 26 | - name: Backport 27 | uses: zephyrproject-rtos/action-backport@v2.0.3-3 28 | with: 29 | github_token: ${{ secrets.NCS_GITHUB_TOKEN }} 30 | issue_labels: Backport 31 | labels_template: '["Backport"]' 32 | -------------------------------------------------------------------------------- /.github/workflows/commit-tags.yml: -------------------------------------------------------------------------------- 1 | name: Commit tags 2 | 3 | on: 4 | pull_request: 5 | types: [synchronize, opened, reopened, edited, labeled, unlabeled, 6 | milestoned, demilestoned, assigned, unassigned, ready_for_review, 7 | review_requested] 8 | 9 | jobs: 10 | commit_tags: 11 | runs-on: ubuntu-22.04 12 | name: Run commit tags checks on patch series (PR) 13 | steps: 14 | - name: Update PATH for west 15 | run: | 16 | echo "$HOME/.local/bin" >> $GITHUB_PATH 17 | 18 | - name: Checkout the code 19 | uses: actions/checkout@v3 20 | with: 21 | ref: ${{ github.event.pull_request.head.sha }} 22 | fetch-depth: 0 23 | 24 | - name: Run the commit tags 25 | uses: nrfconnect/action-commit-tags@main 26 | with: 27 | target: . 28 | upstream: mcu-tools/mcuboot/main 29 | -------------------------------------------------------------------------------- /.github/workflows/issue.yml: -------------------------------------------------------------------------------- 1 | name: Issue assignment 2 | 3 | on: 4 | issues: 5 | types: [opened] 6 | 7 | jobs: 8 | move-to-todo: 9 | runs-on: ubuntu-latest 10 | if: github.repository == 'mcu-tools/mcuboot' 11 | steps: 12 | - uses: fojia/action-move-issues-to-column@master 13 | with: 14 | project: 'Issue Tracking' 15 | column: 'No Status' 16 | owner: 'mcu-tools' 17 | repo: 'mcuboot' 18 | type: 'repo' 19 | github_token: ${{ secrets.GITHUB_TOKEN }} 20 | marker: 'issue:todo' 21 | -------------------------------------------------------------------------------- /.github/workflows/issue_closed.yml: -------------------------------------------------------------------------------- 1 | name: Issue closed 2 | 3 | on: 4 | issues: 5 | types: [close] 6 | 7 | jobs: 8 | move-to-todo: 9 | runs-on: ubuntu-latest 10 | if: github.repository == 'mcu-tools/mcuboot' 11 | steps: 12 | - uses: fojia/action-move-issues-to-column@master 13 | with: 14 | project: 'MCUboot releases' 15 | column: 'Done' 16 | owner: 'mcu-tools' 17 | repo: 'mcuboot' 18 | type: 'repo' 19 | github_token: ${{ secrets.GITHUB_TOKEN }} 20 | -------------------------------------------------------------------------------- /.github/workflows/mynewt.yaml: -------------------------------------------------------------------------------- 1 | # For development, trigger this on any push. 2 | on: 3 | push: 4 | branches: 5 | - main 6 | pull_request: 7 | 8 | name: Mynewt 9 | 10 | concurrency: 11 | group: mynewt-${{ github.event.pull_request.number || github.ref }} 12 | cancel-in-progress: true 13 | 14 | jobs: 15 | environment: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - uses: actions/checkout@v2 19 | with: 20 | fetch-depth: 0 21 | - uses: actions/setup-go@v3 22 | with: 23 | go-version: 'stable' 24 | - name: Print the environment 25 | run: | 26 | uname -a 27 | lscpu 28 | free 29 | pwd 30 | - name: Signed commit check 31 | if: ${{ github.event_name == 'pull_request' }} 32 | run: | 33 | ./ci/check-signed-off-by.sh 34 | - name: Mynewt install 35 | run: | 36 | ./ci/mynewt_install.sh 37 | - name: Mynewt run 38 | run: | 39 | ./ci/mynewt_run.sh 40 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | outdir/ 2 | .*.swp 3 | target.sh 4 | *.pyc 5 | tags 6 | rusty-tags.* 7 | 8 | # mynewt 9 | /repos/ 10 | /project.state 11 | /bin/ 12 | /targets/ 13 | **/build/**/* 14 | 15 | #Eclipse project files 16 | .cproject 17 | .project 18 | 19 | # Compiled python modules. 20 | *.pyc 21 | 22 | # Setuptools distribution folder. 23 | /scripts/dist/ 24 | 25 | # Python egg metadata, regenerated from source files by setuptools. 26 | /scripts/*.egg-info 27 | /scripts/*.egg 28 | 29 | # The target directory from Rust development 30 | /target/ 31 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "sim/mbedtls"] 2 | path = ext/mbedtls 3 | url = https://github.com/ARMmbed/mbedtls 4 | [submodule "boot/cypress/libs/mtb-pdl-cat1"] 5 | path = boot/cypress/libs/mtb-pdl-cat1 6 | url = https://github.com/cypresssemiconductorco/mtb-pdl-cat1.git 7 | [submodule "boot/cypress/libs/pdl/psoc6pdl"] 8 | path = boot/cypress/libs/pdl/psoc6pdl 9 | url = https://github.com/cypresssemiconductorco/psoc6pdl.git 10 | [submodule "boot/cypress/libs/retarget-io"] 11 | path = boot/cypress/libs/retarget-io 12 | url = https://github.com/cypresssemiconductorco/retarget-io.git 13 | [submodule "boot/cypress/libs/core-lib"] 14 | path = boot/cypress/libs/core-lib 15 | url = https://github.com/cypresssemiconductorco/core-lib.git 16 | [submodule "boot/cypress/libs/psoc6hal"] 17 | path = boot/cypress/libs/psoc6hal 18 | url = https://github.com/cypresssemiconductorco/psoc6hal.git 19 | [submodule "boot/cypress/libs/cy-mbedtls-acceleration"] 20 | path = boot/cypress/libs/cy-mbedtls-acceleration 21 | url = https://github.com/cypresssemiconductorco/cy-mbedtls-acceleration.git 22 | -------------------------------------------------------------------------------- /.mbedignore: -------------------------------------------------------------------------------- 1 | boot/boot_serial/* 2 | boot/mynewt/* 3 | boot/zephyr/* 4 | boot/cypress/* 5 | boot/espressif/* 6 | boot/nuttx/* 7 | ci/* 8 | docs/* 9 | ptest/* 10 | samples/* 11 | scripts/* 12 | sim/* 13 | testplan/* 14 | ext/fiat/* 15 | ext/mbedtls/* 16 | ext/mbedtls-asn1/* 17 | ext/nrf/* 18 | ext/tinycrypt/tests/* 19 | ext/tinycrypt/* 20 | ext/tinycrypt-sha512/* 21 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @d3zd3z 2 | boot/boot_serial/ @nordicjm @de-nordic 3 | boot/bootutil/ @davidvincze 4 | boot/cypress/ @romanjoe 5 | boot/espressif/ @almir-okato 6 | boot/mynewt/ @kasjer 7 | boot/nuttx/ @michallenc 8 | boot/zcbor/ @nordicjm @de-nordic 9 | boot/zephyr/ @nordicjm @de-nordic 10 | zephyr/ @nordicjm @de-nordic 11 | -------------------------------------------------------------------------------- /Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | members = ["sim"] 3 | exclude = ["ptest"] 4 | resolver = "2" 5 | 6 | # The simulator runs very slowly without optimization. A value of 1 7 | # compiles in about half the time, but runs about 5-6 times slower. 2 8 | # and 3 are hardly different in either compile time or performance. 9 | # Use 2 in case that makes the code slightly more debuggable. 10 | [profile.test] 11 | opt-level = 2 12 | 13 | [profile.dev] 14 | opt-level = 2 15 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | Apache Mynewt 2 | Copyright 2015-2017 The Apache Software Foundation 3 | 4 | This product includes software developed at 5 | The Apache Software Foundation (http://www.apache.org/). 6 | 7 | Portions of this software were developed at 8 | Runtime Inc, copyright 2015. 9 | 10 | Portions of this software were developed at 11 | Arm Limited, copyright 2019-2021. 12 | -------------------------------------------------------------------------------- /boot/boot_serial/test/src/testcases/boot_serial_setup.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | #include "boot_test.h" 20 | 21 | TEST_CASE(boot_serial_setup) 22 | { 23 | 24 | } 25 | -------------------------------------------------------------------------------- /boot/boot_serial/test/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | # Package: boot/boot_serial/test 20 | 21 | syscfg.vals: 22 | # This is here to work around the $notnull syscfg restriction. 23 | BOOT_SERIAL_DETECT_PIN: 0 24 | 25 | syscfg.vals.BOOTUTIL_USE_MBED_TLS: 26 | MBEDTLS_CIPHER_MODE_CTR: 1 27 | -------------------------------------------------------------------------------- /boot/bootutil/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #------------------------------------------------------------------------------ 2 | # Copyright (c) 2020-2023, Arm Limited. All rights reserved. 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | #------------------------------------------------------------------------------ 7 | 8 | add_library(bootutil STATIC) 9 | 10 | target_include_directories(bootutil 11 | PUBLIC 12 | include 13 | PRIVATE 14 | src 15 | ) 16 | 17 | target_sources(bootutil 18 | PRIVATE 19 | src/boot_record.c 20 | src/bootutil_misc.c 21 | src/bootutil_public.c 22 | src/caps.c 23 | src/encrypted.c 24 | src/fault_injection_hardening.c 25 | src/fault_injection_hardening_delay_rng_mbedtls.c 26 | src/image_ecdsa.c 27 | src/image_ed25519.c 28 | src/image_rsa.c 29 | src/image_validate.c 30 | src/loader.c 31 | src/swap_misc.c 32 | src/swap_move.c 33 | src/swap_scratch.c 34 | src/tlv.c 35 | ) 36 | if(CONFIG_BOOT_RAM_LOAD) 37 | target_sources(bootutil 38 | PRIVATE 39 | src/ram_load.c 40 | ) 41 | endif() 42 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/bootutil_macros.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Copyright (c) 2025 Nordic Semiconductor ASA 5 | * 6 | */ 7 | 8 | #ifndef H_BOOTUTIL_MACROS 9 | #define H_BOOTUTIL_MACROS 10 | 11 | #ifndef ALIGN_UP 12 | #define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1)) 13 | #endif 14 | 15 | #ifndef ALIGN_DOWN 16 | #define ALIGN_DOWN(num, align) ((num) & ~((align) - 1)) 17 | #endif 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/bootutil_test.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Licensed to the Apache Software Foundation (ASF) under one 5 | * or more contributor license agreements. See the NOTICE file 6 | * distributed with this work for additional information 7 | * regarding copyright ownership. The ASF licenses this file 8 | * to you under the Apache License, Version 2.0 (the 9 | * "License"); you may not use this file except in compliance 10 | * with the License. You may obtain a copy of the License at 11 | * 12 | * http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * Unless required by applicable law or agreed to in writing, 15 | * software distributed under the License is distributed on an 16 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 17 | * KIND, either express or implied. See the License for the 18 | * specific language governing permissions and limitations 19 | * under the License. 20 | */ 21 | 22 | #ifndef H_BOOTUTIL_TEST_ 23 | #define H_BOOTUTIL_TEST_ 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | int boot_test_all(void); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/crypto/common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Copyright (c) 2021 Arm Limited 5 | */ 6 | 7 | #ifndef __BOOTUTIL_CRYPTO_COMMON_H__ 8 | #define __BOOTUTIL_CRYPTO_COMMON_H__ 9 | 10 | /* The check below can be performed even for those cases 11 | * where MCUBOOT_USE_MBED_TLS has not been defined 12 | */ 13 | #include "mbedtls/version.h" 14 | #if MBEDTLS_VERSION_NUMBER >= 0x03000000 15 | #define MBEDTLS_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X) 16 | #else 17 | #define MBEDTLS_CONTEXT_MEMBER(X) X 18 | #endif 19 | 20 | /* Newer versions of Mbed TLS have removed the private accessor requirement for 21 | * the ASN1 fields. 22 | */ 23 | #if (MBEDTLS_VERSION_NUMBER >= 0x03000000) && (MBEDTLS_VERSION_NUMBER < 0x03010000) 24 | #define ASN1_CONTEXT_MEMBER(X) MBEDTLS_PRIVATE(X) 25 | #else 26 | #define ASN1_CONTEXT_MEMBER(X) X 27 | #endif 28 | 29 | #endif /* __BOOTUTIL_CRYPTO_COMMON_H__ */ 30 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/fault_injection_hardening_delay_rng.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Copyright (c) 2020 Arm Limited 5 | */ 6 | 7 | #ifndef __FAULT_INJECTION_HARDENING_DELAY_RNG_H__ 8 | #define __FAULT_INJECTION_HARDENING_DELAY_RNG_H__ 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif /* __cplusplus */ 13 | 14 | /** 15 | * \brief Set up the RNG for use with random delays. Called once at startup. 16 | */ 17 | int fih_delay_init(void); 18 | 19 | /** 20 | * \brief Get a random unsigned char from an RNG seeded with an entropy source. 21 | * 22 | * \return A random value that fits inside an unsigned char. 23 | */ 24 | unsigned char fih_delay_random_uchar(void); 25 | 26 | #ifdef __cplusplus 27 | } 28 | #endif /* __cplusplus */ 29 | 30 | #endif /* __FAULT_INJECTION_HARDENING_DELAY_RNG_H__ */ 31 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/key_revocation.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2025 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | */ 6 | 7 | #ifndef H_KEY_REVOCATION_ 8 | #define H_KEY_REVOCATION_ 9 | 10 | #include 11 | 12 | #ifdef __cplusplus 13 | extern "C" { 14 | #endif 15 | 16 | #define BOOT_KEY_REVOKE_OK 0 17 | #define BOOT_KEY_REVOKE_NOT_READY 1 18 | #define BOOT_KEY_REVOKE_INVALID 2 19 | #define BOOT_KEY_REVOKE_FAILED 2 20 | 21 | 22 | void allow_revoke(void); 23 | 24 | int revoke(void); 25 | 26 | #ifdef __cplusplus 27 | } 28 | #endif 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/mcuboot_status.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022, Laird Connectivity 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef H_MCUBOOT_STATUS_ 8 | #define H_MCUBOOT_STATUS_ 9 | 10 | /* Enumeration representing the states that MCUboot can be in */ 11 | typedef enum 12 | { 13 | MCUBOOT_STATUS_STARTUP = 0, 14 | MCUBOOT_STATUS_UPGRADING, 15 | MCUBOOT_STATUS_BOOTABLE_IMAGE_FOUND, 16 | MCUBOOT_STATUS_NO_BOOTABLE_IMAGE_FOUND, 17 | MCUBOOT_STATUS_BOOT_FAILED, 18 | MCUBOOT_STATUS_USB_DFU_WAITING, 19 | MCUBOOT_STATUS_USB_DFU_ENTERED, 20 | MCUBOOT_STATUS_USB_DFU_TIMED_OUT, 21 | MCUBOOT_STATUS_SERIAL_DFU_ENTERED, 22 | } mcuboot_status_type_t; 23 | 24 | #if defined(CONFIG_MCUBOOT_ACTION_HOOKS) 25 | extern void mcuboot_status_change(mcuboot_status_type_t status); 26 | #else 27 | #define mcuboot_status_change(_status) do {} while (0) 28 | #endif 29 | 30 | #endif /* H_MCUBOOT_STATUS_ */ 31 | -------------------------------------------------------------------------------- /boot/bootutil/include/bootutil/ramload.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021, Arm Limited. All rights reserved. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef __RAMLOAD_H__ 8 | #define __RAMLOAD_H__ 9 | 10 | #include 11 | 12 | #ifdef __cplusplus 13 | extern "C" { 14 | #endif 15 | 16 | #ifdef MULTIPLE_EXECUTABLE_RAM_REGIONS 17 | /** 18 | * Provides information about the Executable RAM for a given image ID. 19 | * 20 | * @param image_id Index of the image (from 0). 21 | * @param exec_ram_start Pointer to store the start address of the exec RAM 22 | * @param exec_ram_size Pointer to store the size of the exec RAM 23 | * 24 | * @return 0 on success; nonzero on failure. 25 | */ 26 | int boot_get_image_exec_ram_info(uint32_t image_id, 27 | uint32_t *exec_ram_start, 28 | uint32_t *exec_ram_size); 29 | #endif 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif /* __RAMLOAD_H__ */ -------------------------------------------------------------------------------- /boot/bootutil/src/key_revocation.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2025 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | */ 6 | 7 | #include 8 | 9 | extern int exec_revoke(void); 10 | 11 | static uint8_t ready_to_revoke; 12 | 13 | void allow_revoke(void) 14 | { 15 | ready_to_revoke = 1; 16 | } 17 | 18 | int revoke(void) 19 | { 20 | if (ready_to_revoke) { 21 | return exec_revoke(); 22 | } 23 | return BOOT_KEY_REVOKE_NOT_READY; 24 | } 25 | -------------------------------------------------------------------------------- /boot/cypress/.gitignore: -------------------------------------------------------------------------------- 1 | outdir/ 2 | .*.swp 3 | target.sh 4 | *.pyc 5 | tags 6 | rusty-tags.* 7 | 8 | # mynewt 9 | /repos/ 10 | /project.state 11 | /bin/ 12 | /targets/ 13 | **/build/**/* 14 | 15 | #Eclipse project files 16 | .cproject 17 | .project 18 | 19 | # Compiled python modules. 20 | *.pyc 21 | 22 | # Setuptools distribution folder. 23 | /scripts/dist/ 24 | 25 | # Python egg metadata, regenerated from source files by setuptools. 26 | /scripts/*.egg-info 27 | /scripts/*.egg 28 | 29 | # Build dirs 30 | *out/*/* 31 | *out/obj/* 32 | 33 | # Build files 34 | *.o 35 | *.d 36 | *.map 37 | *.elf 38 | *.bin 39 | *.hex 40 | *.log 41 | *.lst -------------------------------------------------------------------------------- /boot/cypress/BlinkyApp/main.h: -------------------------------------------------------------------------------- 1 | /* 2 | \copyright 3 | * Copyright 2017-2019 Cypress Semiconductor Corporation 4 | * SPDX-License-Identifier: Apache-2.0 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | 19 | #ifndef USER_APP_START 20 | #define USER_APP_START 0x10000000 21 | #endif 22 | 23 | #ifndef USER_APP_SIZE 24 | #define USER_APP_SIZE 0x10000 25 | #endif -------------------------------------------------------------------------------- /boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_assert.h: -------------------------------------------------------------------------------- 1 | /* 2 | * mcuboot_assert.h 3 | * 4 | * Cypress-specific assert() macro redefinition 5 | * 6 | */ 7 | 8 | #ifndef MCUBOOT_ASSERT_H 9 | #define MCUBOOT_ASSERT_H 10 | 11 | //#include "cy_bootloader_services.h" 12 | 13 | #define CYBL_ASSERT(...) Cy_BLServ_Assert(__VA_ARGS__) 14 | 15 | #if !defined(NDEBUG) 16 | #undef assert 17 | #define assert(...) CYBL_ASSERT(__VA_ARGS__) 18 | #else 19 | #define assert 20 | #endif 21 | 22 | #endif /* MCUBOOT_ASSERT_H */ 23 | -------------------------------------------------------------------------------- /boot/cypress/MCUBootApp/os/os.h: -------------------------------------------------------------------------------- 1 | /***************************************************************************//** 2 | * \file os.h 3 | * \version 1.0 4 | * 5 | * \brief 6 | * Objective: 7 | * Heap init prototype 8 | * 9 | ******************************************************************************** 10 | * \copyright 11 | * Copyright 2017-2018, Cypress Semiconductor Corporation. All rights reserved. 12 | * You may use this file only in accordance with the license, terms, conditions, 13 | * disclaimers, and limitations in the end user license agreement accompanying 14 | * the software package with which this file was provided. 15 | *******************************************************************************/ 16 | 17 | 18 | void os_heap_init(void); 19 | -------------------------------------------------------------------------------- /boot/cypress/MCUBootApp/os/os_heap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | #ifndef H_OS_HEAP_ 21 | #define H_OS_HEAP_ 22 | 23 | #include 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | void *os_malloc(size_t size); 30 | void os_free(void *mem); 31 | void *os_realloc(void *ptr, size_t size); 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /boot/cypress/keys/cypress-test-ec-p256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQguR/Jq6LjMgp8DVtE 3 | 7pKguttNo6L239aEcijzGOr5C72hRANCAAT/NroNASdTGo6bS8r0+C+30YcG0WLV 4 | chWs+99DnOr3SZoalv6/pCNIVrwFv3KkJsmsZUbNNmxeMPr+IlfGGPg0 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /boot/cypress/keys/cypress-test-ec-p256.pub: -------------------------------------------------------------------------------- 1 | /* Autogenerated by imgtool.py, do not edit. */ 2 | const unsigned char ecdsa_pub_key[] = { 3 | 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 4 | 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 5 | 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 6 | 0x42, 0x00, 0x04, 0xff, 0x36, 0xba, 0x0d, 0x01, 7 | 0x27, 0x53, 0x1a, 0x8e, 0x9b, 0x4b, 0xca, 0xf4, 8 | 0xf8, 0x2f, 0xb7, 0xd1, 0x87, 0x06, 0xd1, 0x62, 9 | 0xd5, 0x72, 0x15, 0xac, 0xfb, 0xdf, 0x43, 0x9c, 10 | 0xea, 0xf7, 0x49, 0x9a, 0x1a, 0x96, 0xfe, 0xbf, 11 | 0xa4, 0x23, 0x48, 0x56, 0xbc, 0x05, 0xbf, 0x72, 12 | 0xa4, 0x26, 0xc9, 0xac, 0x65, 0x46, 0xcd, 0x36, 13 | 0x6c, 0x5e, 0x30, 0xfa, 0xfe, 0x22, 0x57, 0xc6, 14 | 0x18, 0xf8, 0x34, 15 | }; 16 | const unsigned int ecdsa_pub_key_len = 91; 17 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/multi-boot.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | 9 | CONFIG_ESP_IMAGE_NUMBER=2 10 | CONFIG_ESP_MULTI_PROCESSOR_BOOT=y 11 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/multi-image.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | 9 | CONFIG_ESP_IMAGE_NUMBER=2 10 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/secureboot-sign-ec256.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | # Running the generated firmware image may result in irreversible operations 9 | # to the chip! 10 | 11 | CONFIG_SECURE_SIGNED_ON_BOOT=1 12 | CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 13 | CONFIG_SECURE_BOOT=1 14 | CONFIG_SECURE_BOOT_V2_ENABLED=1 15 | CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 16 | CONFIG_SECURE_FLASH_ENC_ENABLED=1 17 | CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 18 | CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem 19 | CONFIG_ESP_USE_TINYCRYPT=1 20 | CONFIG_ESP_SIGN_EC256=1 21 | CONFIG_ESP_DOWNGRADE_PREVENTION=1 22 | CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1 23 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/secureboot-sign-ed25519.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | # Running the generated firmware image may result in irreversible operations 9 | # to the chip! 10 | 11 | CONFIG_SECURE_SIGNED_ON_BOOT=1 12 | CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 13 | CONFIG_SECURE_BOOT=1 14 | CONFIG_SECURE_BOOT_V2_ENABLED=1 15 | CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 16 | CONFIG_SECURE_FLASH_ENC_ENABLED=1 17 | CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 18 | CONFIG_ESP_SIGN_KEY_FILE=root-ed25519.pem 19 | CONFIG_ESP_USE_TINYCRYPT=1 20 | CONFIG_ESP_SIGN_ED25519=1 21 | CONFIG_ESP_DOWNGRADE_PREVENTION=1 22 | CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1 23 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/secureboot-sign-rsa2048.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | # Running the generated firmware image may result in irreversible operations 9 | # to the chip! 10 | 11 | CONFIG_SECURE_SIGNED_ON_BOOT=1 12 | CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 13 | CONFIG_SECURE_BOOT=1 14 | CONFIG_SECURE_BOOT_V2_ENABLED=1 15 | CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 16 | CONFIG_SECURE_FLASH_ENC_ENABLED=1 17 | CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 18 | CONFIG_ESP_SIGN_KEY_FILE=root-rsa-2048.pem 19 | CONFIG_ESP_USE_MBEDTLS=1 20 | CONFIG_ESP_SIGN_RSA=1 21 | CONFIG_ESP_SIGN_RSA_LEN=2048 22 | CONFIG_ESP_DOWNGRADE_PREVENTION=1 23 | CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1 24 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/secureboot-sign-rsa3072.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | # Running the generated firmware image may result in irreversible operations 9 | # to the chip! 10 | 11 | CONFIG_SECURE_SIGNED_ON_BOOT=1 12 | CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 13 | CONFIG_SECURE_BOOT=1 14 | CONFIG_SECURE_BOOT_V2_ENABLED=1 15 | CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 16 | CONFIG_SECURE_FLASH_ENC_ENABLED=1 17 | CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 18 | CONFIG_ESP_SIGN_KEY_FILE=root-rsa-3072.pem 19 | CONFIG_ESP_USE_MBEDTLS=1 20 | CONFIG_ESP_SIGN_RSA=1 21 | CONFIG_ESP_SIGN_RSA_LEN=3072 22 | CONFIG_ESP_DOWNGRADE_PREVENTION=1 23 | CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=1 24 | -------------------------------------------------------------------------------- /boot/espressif/ci_configs/serialrecovery.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | # ATTENTION: 6 | # This configuration file targets the building for CI environment and contains 7 | # a set of definitions to resemble a bootloader image for RELEASE environment. 8 | 9 | CONFIG_ESP_MCUBOOT_SERIAL=y 10 | CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY=y 11 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/app_cpu_start.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | 11 | void appcpu_start(uint32_t entry_addr); 12 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/bootloader_wdt.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | #pragma once 7 | 8 | void bootloader_wdt_feed(void); 9 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0000 9 | #define CONFIG_IDF_TARGET_ESP32 1 10 | #define CONFIG_ESP32_REV_MIN_3 1 11 | #define CONFIG_ESP32_REV_MIN_FULL 300 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32_REV_MIN_FULL 13 | #define CONFIG_ESP32_REV_MIN 3 14 | #define CONFIG_ESP32_REV_MAX_FULL 399 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32_REV_MAX_FULL 16 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 17 | #define CONFIG_MMU_PAGE_SIZE 0x10000 18 | #define CONFIG_ESP32_XTAL_FREQ 40 19 | #define CONFIG_XTAL_FREQ 40 20 | #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160 1 21 | #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ 160 22 | #define CONFIG_MCUBOOT 1 23 | #define NDEBUG 1 24 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 25 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 26 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x1000 27 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 28 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 29 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 30 | #define CONFIG_EFUSE_MAX_BLK_LEN 192 31 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 32 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32c2/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x000C 9 | #define CONFIG_IDF_TARGET_ESP32C2 1 10 | #define CONFIG_ESP32C2_REV_MIN_0 1 11 | #define CONFIG_ESP32C2_REV_MIN_FULL 3 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C2_REV_MIN_FULL 13 | #define CONFIG_ESP32C2_REV_MIN 3 14 | #define CONFIG_ESP32C2_REV_MAX_FULL 99 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C2_REV_MAX_FULL 16 | #define CONFIG_IDF_TARGET_ARCH_RISCV 1 17 | #define CONFIG_MMU_PAGE_SIZE 0x10000 18 | #define CONFIG_XTAL_FREQ_26 1 19 | #define CONFIG_XTAL_FREQ 26 20 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 21 | #define CONFIG_MCUBOOT 1 22 | #define NDEBUG 1 23 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 24 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 25 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000 26 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 27 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 28 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 29 | #define CONFIG_EFUSE_MAX_BLK_LEN 256 30 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 31 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32c3/esp32c3.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | list(APPEND hal_srcs 6 | ${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c 7 | ${esp_hal_dir}/components/hal/cache_hal.c 8 | ${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c 9 | ) 10 | 11 | if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM) 12 | list(APPEND hal_srcs 13 | ${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c 14 | ) 15 | endif() 16 | 17 | list(APPEND LINKER_SCRIPTS 18 | -T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld 19 | -T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.eco3.ld 20 | ) 21 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32c3/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0005 9 | #define CONFIG_IDF_TARGET_ESP32C3 1 10 | #define CONFIG_ESP32C3_REV_MIN_3 1 11 | #define CONFIG_ESP32C3_REV_MIN_FULL 3 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C3_REV_MIN_FULL 13 | #define CONFIG_ESP32C3_REV_MIN 3 14 | #define CONFIG_ESP32C3_REV_MAX_FULL 99 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C3_REV_MAX_FULL 16 | #define CONFIG_IDF_TARGET_ARCH_RISCV 1 17 | #define CONFIG_MMU_PAGE_SIZE 0x10000 18 | #define CONFIG_XTAL_FREQ 40 19 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 20 | #define CONFIG_MCUBOOT 1 21 | #define NDEBUG 1 22 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 23 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 24 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000 25 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 26 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 27 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 28 | #define CONFIG_EFUSE_MAX_BLK_LEN 256 29 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 30 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32c6/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x000D 9 | #define CONFIG_IDF_TARGET_ESP32C6 1 10 | #define CONFIG_ESP32C6_REV_MIN_0 1 11 | #define CONFIG_ESP32C6_REV_MIN_FULL 0 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C6_REV_MIN_FULL 13 | #define CONFIG_ESP32C6_REV_MIN 0 14 | #define CONFIG_ESP32C6_REV_MAX_FULL 99 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C6_REV_MAX_FULL 16 | #define CONFIG_IDF_TARGET_ARCH_RISCV 1 17 | #define CONFIG_MMU_PAGE_SIZE 0x10000 18 | #define SOC_MMU_PAGE_SIZE CONFIG_MMU_PAGE_SIZE /* from soc/CMakeLists */ 19 | #define CONFIG_XTAL_FREQ 40 20 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 21 | #define CONFIG_MCUBOOT 1 22 | #define NDEBUG 1 23 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 24 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 25 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000 26 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 27 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 28 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 29 | #define CONFIG_EFUSE_MAX_BLK_LEN 256 30 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 31 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32s2/esp32s2.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | list(APPEND hal_srcs 6 | ${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c 7 | ${esp_hal_dir}/components/hal/cache_hal.c 8 | ${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c 9 | ${esp_hal_dir}/components/esp_rom/patches/esp_rom_crc.c 10 | ${esp_hal_dir}/components/esp_rom/patches/esp_rom_regi2c_esp32s2.c 11 | 12 | ) 13 | 14 | list(APPEND LINKER_SCRIPTS 15 | -T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib-funcs.ld 16 | -T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.spiflash.ld 17 | ) 18 | 19 | set_source_files_properties( 20 | ${esp_hal_dir}/components/bootloader_support/src/esp32s2/bootloader_esp32s2.c 21 | PROPERTIES COMPILE_FLAGS 22 | "-Wno-unused-but-set-variable") 23 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32s2/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0002 9 | #define CONFIG_IDF_TARGET_ESP32S2 1 10 | #define CONFIG_ESP32S2_REV_MIN_0 1 11 | #define CONFIG_ESP32S2_REV_MIN_FULL 0 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32S2_REV_MIN_FULL 13 | #define CONFIG_ESP32S2_REV_MIN 0 14 | #define CONFIG_ESP32S2_REV_MAX_FULL 99 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32S2_REV_MAX_FULL 16 | #define CONFIG_MMU_PAGE_SIZE 0x10000 17 | #define CONFIG_XTAL_FREQ 40 18 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 19 | #define CONFIG_ESP32S2_XTAL_FREQ 40 20 | #define CONFIG_MCUBOOT 1 21 | #define NDEBUG 1 22 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 23 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 24 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x1000 25 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 26 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 27 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 28 | #define CONFIG_EFUSE_MAX_BLK_LEN 256 29 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 30 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32s3/esp32s3.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | list(APPEND hal_srcs 6 | ${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c 7 | ${esp_hal_dir}/components/hal/cache_hal.c 8 | ${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c 9 | ) 10 | 11 | if (DEFINED CONFIG_ESP_MULTI_PROCESSOR_BOOT) 12 | list(APPEND hal_srcs 13 | ${src_dir}/${MCUBOOT_TARGET}/app_cpu_start.c 14 | ${esp_hal_dir}/components/esp_hw_support/cpu.c 15 | ) 16 | endif() 17 | 18 | list(APPEND LINKER_SCRIPTS 19 | -T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld 20 | ) 21 | 22 | set_source_files_properties( 23 | ${esp_hal_dir}/components/bootloader_support/src/esp32s3/bootloader_esp32s3.c 24 | PROPERTIES COMPILE_FLAGS 25 | "-Wno-unused-variable -Wno-unused-but-set-variable") 26 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/esp32s3/sdkconfig.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #define BOOTLOADER_BUILD 1 8 | #define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0009 9 | #define CONFIG_IDF_TARGET_ESP32S3 1 10 | #define CONFIG_ESP32S3_REV_MIN_0 1 11 | #define CONFIG_ESP32S3_REV_MIN_FULL 0 12 | #define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32S3_REV_MIN_FULL 13 | #define CONFIG_ESP32S3_REV_MIN 0 14 | #define CONFIG_ESP32S3_REV_MAX_FULL 99 15 | #define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32S3_REV_MAX_FULL 16 | #define CONFIG_MMU_PAGE_SIZE 0x10000 17 | #define CONFIG_XTAL_FREQ 40 18 | #define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1 19 | #define CONFIG_MCUBOOT 1 20 | #define NDEBUG 1 21 | #define CONFIG_BOOTLOADER_WDT_TIME_MS 9000 22 | #define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200 23 | #define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000 24 | #define CONFIG_PARTITION_TABLE_OFFSET 0x10000 25 | #define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000 26 | #define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000 27 | #define CONFIG_EFUSE_MAX_BLK_LEN 256 28 | #define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1 29 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/mcuboot_config/mcuboot_assert.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | extern void mcuboot_assert_handler(const char *file, int line, const char *func); 10 | 11 | #ifdef assert 12 | #undef assert 13 | #endif 14 | #define assert(arg) \ 15 | do { \ 16 | if (!(arg)) { \ 17 | mcuboot_assert_handler(__FILE__, __LINE__, __func__); \ 18 | } \ 19 | } while(0) 20 | -------------------------------------------------------------------------------- /boot/espressif/hal/include/soc_log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | #include 11 | 12 | #define SOC_LOGE(tag, fmt, ...) MCUBOOT_LOG_ERR("[%s] " fmt, tag, ##__VA_ARGS__) 13 | #define SOC_LOGW(tag, fmt, ...) MCUBOOT_LOG_WRN("[%s] " fmt, tag, ##__VA_ARGS__) 14 | #define SOC_LOGI(tag, fmt, ...) MCUBOOT_LOG_INF("[%s] " fmt, tag, ##__VA_ARGS__) 15 | #define SOC_LOGD(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__) 16 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/bootloader_banner.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | 9 | /** 10 | * Override the bootloader's print banner function from IDF. 11 | */ 12 | void __wrap_bootloader_print_banner(void) 13 | { 14 | MCUBOOT_LOG_INF("*** Booting MCUboot build %s ***", MCUBOOT_VER); 15 | } 16 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/bootloader_wdt.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include "soc/rtc.h" 10 | 11 | void bootloader_wdt_feed(void) 12 | { 13 | wdt_hal_context_t rtc_wdt_ctx = RWDT_HAL_CONTEXT_DEFAULT(); 14 | wdt_hal_write_protect_disable(&rtc_wdt_ctx); 15 | wdt_hal_feed(&rtc_wdt_ctx); 16 | wdt_hal_write_protect_enable(&rtc_wdt_ctx); 17 | } 18 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32/app_cpu_start.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include "app_cpu_start.h" 8 | 9 | #include "soc/dport_reg.h" 10 | #include "soc/gpio_periph.h" 11 | #include "soc/rtc_periph.h" 12 | #include "soc/rtc_cntl_reg.h" 13 | #include "esp32/rom/cache.h" 14 | #include "esp32/rom/uart.h" 15 | #include "esp_cpu.h" 16 | #include "esp_log.h" 17 | 18 | static const char *TAG = "app_cpu_start"; 19 | 20 | void appcpu_start(uint32_t entry_addr) 21 | { 22 | ESP_LOGI(TAG, "Starting APPCPU"); 23 | 24 | Cache_Flush(1); 25 | Cache_Read_Enable(1); 26 | 27 | esp_cpu_unstall(1); 28 | 29 | DPORT_SET_PERI_REG_MASK(DPORT_APPCPU_CTRL_B_REG, DPORT_APPCPU_CLKGATE_EN); 30 | DPORT_CLEAR_PERI_REG_MASK(DPORT_APPCPU_CTRL_C_REG, DPORT_APPCPU_RUNSTALL); 31 | DPORT_SET_PERI_REG_MASK(DPORT_APPCPU_CTRL_A_REG, DPORT_APPCPU_RESETTING); 32 | DPORT_CLEAR_PERI_REG_MASK(DPORT_APPCPU_CTRL_A_REG, DPORT_APPCPU_RESETTING); 33 | 34 | ets_set_appcpu_boot_addr(entry_addr); 35 | ets_delay_us(10000); 36 | uart_tx_wait_idle(0); 37 | ESP_LOGI(TAG, "APPCPU start sequence complete"); 38 | } 39 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32/console_uart_custom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | #if CONFIG_ESP_CONSOLE_UART_CUSTOM 12 | static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ? 13 | &UART0 : 14 | (CONFIG_ESP_CONSOLE_UART_NUM == 1) ? 15 | &UART1 : 16 | &UART2; 17 | 18 | void IRAM_ATTR esp_rom_uart_putc(char c) 19 | { 20 | while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0); 21 | uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1); 22 | } 23 | #endif 24 | 25 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32c2/console_uart_custom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | #if CONFIG_ESP_CONSOLE_UART_CUSTOM 12 | static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ? 13 | &UART0 : 14 | &UART1; 15 | 16 | void IRAM_ATTR esp_rom_uart_putc(char c) 17 | { 18 | while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0); 19 | uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1); 20 | } 21 | #endif 22 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32c3/console_uart_custom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | 11 | #if CONFIG_ESP_CONSOLE_UART_CUSTOM 12 | static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ? 13 | &UART0 : 14 | &UART1; 15 | 16 | void IRAM_ATTR esp_rom_uart_putc(char c) 17 | { 18 | while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0); 19 | uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1); 20 | } 21 | #endif 22 | 23 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32c6/console_uart_custom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #if CONFIG_ESP_CONSOLE_UART_CUSTOM 13 | static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ? 14 | &UART0 : 15 | &UART1; 16 | 17 | void IRAM_ATTR esp_rom_uart_putc(char c) 18 | { 19 | while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0); 20 | uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1); 21 | } 22 | #endif 23 | 24 | -------------------------------------------------------------------------------- /boot/espressif/hal/src/esp32h2/console_uart_custom.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | 12 | #if CONFIG_ESP_CONSOLE_UART_CUSTOM 13 | static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ? 14 | &UART0 : 15 | &UART1; 16 | 17 | void IRAM_ATTR esp_rom_uart_putc(char c) 18 | { 19 | while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0); 20 | uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1); 21 | } 22 | #endif 23 | -------------------------------------------------------------------------------- /boot/espressif/include/crypto_config/ec256.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(MBEDTLS_ASN1_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls-asn1") 6 | set(CRYPTO_INC 7 | ${MBEDTLS_ASN1_DIR}/include 8 | ) 9 | set(crypto_srcs 10 | # Additionally pull in just the ASN.1 parser from Mbed TLS. 11 | ${MBEDTLS_ASN1_DIR}/src/asn1parse.c 12 | ${MBEDTLS_ASN1_DIR}/src/platform_util.c 13 | ) 14 | 15 | if (DEFINED CONFIG_ESP_USE_MBEDTLS) 16 | message(FATAL_ERROR "EC256 signature verification using Mbed TLS lib is not supported") 17 | elseif (DEFINED CONFIG_ESP_USE_TINYCRYPT) 18 | set(TINYCRYPT_DIR ${MCUBOOT_ROOT_DIR}/ext/tinycrypt/lib) 19 | list(APPEND CRYPTO_INC 20 | ${TINYCRYPT_DIR}/include 21 | ) 22 | list(APPEND crypto_srcs 23 | ${ESPRESSIF_PORT_DIR}/keys.c 24 | ${TINYCRYPT_DIR}/source/utils.c 25 | ${TINYCRYPT_DIR}/source/sha256.c 26 | ${TINYCRYPT_DIR}/source/ecc.c 27 | ${TINYCRYPT_DIR}/source/ecc_dsa.c 28 | ) 29 | endif() -------------------------------------------------------------------------------- /boot/espressif/include/crypto_config/ed25519.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(MBEDTLS_ASN1_DIR "${MCUBOOT_ROOT_DIR}/ext/mbedtls-asn1") 6 | set(CRYPTO_INC 7 | ${MBEDTLS_ASN1_DIR}/include 8 | ) 9 | set(crypto_srcs 10 | # Additionally pull in just the ASN.1 parser from Mbed TLS. 11 | ${MBEDTLS_ASN1_DIR}/src/asn1parse.c 12 | ${MBEDTLS_ASN1_DIR}/src/platform_util.c 13 | ) 14 | 15 | if (DEFINED CONFIG_ESP_USE_MBEDTLS) 16 | message(FATAL_ERROR "ED25519 image signing using Mbed TLS lib is not supported") 17 | elseif (DEFINED CONFIG_ESP_USE_TINYCRYPT) 18 | set(TINYCRYPT_DIR ${MCUBOOT_ROOT_DIR}/ext/tinycrypt/lib) 19 | set(TINYCRYPT512_DIR ${MCUBOOT_ROOT_DIR}/ext/tinycrypt-sha512/lib) 20 | list(APPEND CRYPTO_INC 21 | ${TINYCRYPT_DIR}/include 22 | ${TINYCRYPT512_DIR}/include 23 | ) 24 | list(APPEND crypto_srcs 25 | ${ESPRESSIF_PORT_DIR}/keys.c 26 | ${TINYCRYPT_DIR}/source/utils.c 27 | ${TINYCRYPT_DIR}/source/sha256.c 28 | ${TINYCRYPT512_DIR}/source/sha512.c 29 | ${MCUBOOT_ROOT_DIR}/ext/fiat/src/curve25519.c 30 | ) 31 | endif() -------------------------------------------------------------------------------- /boot/espressif/include/crypto_config/rsa.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | if (DEFINED CONFIG_ESP_USE_MBEDTLS) 6 | set(MBEDTLS_DIR ${MCUBOOT_ROOT_DIR}/ext/mbedtls) 7 | set(CRYPTO_INC 8 | ${MBEDTLS_DIR}/include 9 | ) 10 | set(crypto_srcs 11 | ${ESPRESSIF_PORT_DIR}/keys.c 12 | ${MBEDTLS_DIR}/library/platform.c 13 | ${MBEDTLS_DIR}/library/platform_util.c 14 | ${MBEDTLS_DIR}/library/sha256.c 15 | ${MBEDTLS_DIR}/library/rsa.c 16 | ${MBEDTLS_DIR}/library/bignum.c 17 | ${MBEDTLS_DIR}/library/asn1parse.c 18 | ${MBEDTLS_DIR}/library/md.c 19 | ${MBEDTLS_DIR}/library/memory_buffer_alloc.c 20 | ) 21 | if (DEFINED MBEDTLS_CONFIG_FILE) 22 | add_definitions(-DMBEDTLS_CONFIG_FILE=\"${MBEDTLS_CONFIG_FILE}\") 23 | else() 24 | add_definitions(-DMBEDTLS_CONFIG_FILE=\"${ESPRESSIF_PORT_DIR}/include/crypto_config/mbedtls_custom_config.h\") 25 | endif() 26 | elseif (DEFINED CONFIG_ESP_USE_TINYCRYPT) 27 | message(FATAL_ERROR "RSA signature verification using Tinycrypt lib is not supported") 28 | endif() -------------------------------------------------------------------------------- /boot/espressif/include/esp_loader.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | void start_cpu0_image(int image_index, int slot, unsigned int hdr_offset); 10 | #ifdef CONFIG_ESP_MULTI_PROCESSOR_BOOT 11 | void start_cpu1_image(int image_index, int slot, unsigned int hdr_offset); 12 | #endif 13 | 14 | void esp_app_image_load(int image_index, int slot, unsigned int hdr_offset, unsigned int *entry_addr); 15 | -------------------------------------------------------------------------------- /boot/espressif/include/os/os.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nrfconnect/sdk-mcuboot/b37f58b7fa7221fe2fd4e9d0ca0a2567e5279bc0/boot/espressif/include/os/os.h -------------------------------------------------------------------------------- /boot/espressif/include/os/os_malloc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | #include 10 | 11 | void os_heap_init(void); 12 | -------------------------------------------------------------------------------- /boot/espressif/include/serial_adapter/serial_adapter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #pragma once 8 | 9 | /** 10 | * Serial write implementation used by MCUboot boot serial structure 11 | * in boot_serial.h 12 | */ 13 | void console_write(const char *str, int cnt); 14 | 15 | /** 16 | * Serial read implementation used by MCUboot boot serial structure 17 | * in boot_serial.h 18 | */ 19 | int console_read(char *str, int str_cnt, int *newline); 20 | 21 | /** 22 | * Initialize GPIOs used by console serial read/write 23 | */ 24 | void boot_console_init(void); 25 | 26 | /** 27 | * Check if serial recovery detection pin is active 28 | */ 29 | bool boot_serial_detect_pin(void); 30 | -------------------------------------------------------------------------------- /boot/espressif/os.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifdef CONFIG_ESP_USE_MBEDTLS 8 | 9 | #include 10 | #include 11 | 12 | #define CRYPTO_HEAP_SIZE 8192 13 | 14 | static unsigned char memory_buf[CRYPTO_HEAP_SIZE]; 15 | 16 | /* 17 | * Initialize Mbed TLS to be able to use the local heap. 18 | */ 19 | void os_heap_init(void) 20 | { 21 | mbedtls_memory_buffer_alloc_init(memory_buf, sizeof(memory_buf)); 22 | } 23 | #else 24 | 25 | void os_heap_init(void) 26 | { 27 | } 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_SYSTEM_NAME Generic) 2 | 3 | set(CMAKE_C_COMPILER xtensa-esp32-elf-gcc) 4 | set(CMAKE_CXX_COMPILER xtensa-esp32-elf-g++) 5 | set(CMAKE_ASM_COMPILER xtensa-esp32-elf-gcc) 6 | set(_CMAKE_TOOLCHAIN_PREFIX xtensa-esp32-elf-) 7 | 8 | set(CMAKE_C_FLAGS "${UNIQ_CMAKE_C_FLAGS}" CACHE STRING "C Compiler Base Flags" FORCE) 9 | set(CMAKE_CXX_FLAGS "${UNIQ_CMAKE_CXX_FLAGS}" CACHE STRING "C++ Compiler Base Flags" FORCE) 10 | set(CMAKE_ASM_FLAGS "${UNIQ_CMAKE_ASM_FLAGS}" CACHE STRING "ASM Compiler Base Flags" FORCE) 11 | 12 | set(CMAKE_EXE_LINKER_FLAGS "-Wl,--gc-sections" CACHE STRING "Linker Base Flags") 13 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32c2.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(CMAKE_SYSTEM_NAME Generic) 6 | 7 | set(CMAKE_C_COMPILER riscv32-esp-elf-gcc) 8 | set(CMAKE_CXX_COMPILER riscv32-esp-elf-g++) 9 | set(CMAKE_ASM_COMPILER riscv32-esp-elf-gcc) 10 | 11 | set(CMAKE_C_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C Compiler Base Flags") 12 | set(CMAKE_CXX_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C++ Compiler Base Flags") 13 | set(CMAKE_EXE_LINKER_FLAGS "-nostartfiles -march=rv32imc_zicsr_zifencei --specs=nosys.specs" CACHE STRING "Linker Base Flags") 14 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32c3.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_SYSTEM_NAME Generic) 2 | 3 | set(CMAKE_C_COMPILER riscv32-esp-elf-gcc) 4 | set(CMAKE_CXX_COMPILER riscv32-esp-elf-g++) 5 | set(CMAKE_ASM_COMPILER riscv32-esp-elf-gcc) 6 | 7 | set(CMAKE_C_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C Compiler Base Flags") 8 | set(CMAKE_CXX_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C++ Compiler Base Flags") 9 | set(CMAKE_EXE_LINKER_FLAGS "-nostartfiles -march=rv32imc_zicsr_zifencei --specs=nosys.specs" CACHE STRING "Linker Base Flags") 10 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32c6.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(CMAKE_SYSTEM_NAME Generic) 6 | 7 | set(CMAKE_C_COMPILER riscv32-esp-elf-gcc) 8 | set(CMAKE_CXX_COMPILER riscv32-esp-elf-g++) 9 | set(CMAKE_ASM_COMPILER riscv32-esp-elf-gcc) 10 | 11 | set(CMAKE_C_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C Compiler Base Flags") 12 | set(CMAKE_CXX_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C++ Compiler Base Flags") 13 | set(CMAKE_EXE_LINKER_FLAGS "-nostartfiles -march=rv32imc_zicsr_zifencei --specs=nosys.specs" CACHE STRING "Linker Base Flags") 14 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32h2.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(CMAKE_SYSTEM_NAME Generic) 6 | 7 | set(CMAKE_C_COMPILER riscv32-esp-elf-gcc) 8 | set(CMAKE_CXX_COMPILER riscv32-esp-elf-g++) 9 | set(CMAKE_ASM_COMPILER riscv32-esp-elf-gcc) 10 | 11 | set(CMAKE_C_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C Compiler Base Flags") 12 | set(CMAKE_CXX_FLAGS "-march=rv32imc_zicsr_zifencei" CACHE STRING "C++ Compiler Base Flags") 13 | set(CMAKE_EXE_LINKER_FLAGS "-nostartfiles -march=rv32imc_zicsr_zifencei --specs=nosys.specs" CACHE STRING "Linker Base Flags") 14 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32s2.cmake: -------------------------------------------------------------------------------- 1 | set(CMAKE_SYSTEM_NAME Generic) 2 | 3 | set(CMAKE_C_COMPILER xtensa-esp32s2-elf-gcc) 4 | set(CMAKE_CXX_COMPILER xtensa-esp32s2-elf-g++) 5 | set(CMAKE_ASM_COMPILER xtensa-esp32s2-elf-gcc) 6 | 7 | set(CMAKE_C_FLAGS "-mlongcalls" CACHE STRING "C Compiler Base Flags") 8 | set(CMAKE_CXX_FLAGS "-mlongcalls" CACHE STRING "C++ Compiler Base Flags") 9 | 10 | set(CMAKE_EXE_LINKER_FLAGS "-Wl,--gc-sections" CACHE STRING "Linker Base Flags") 11 | -------------------------------------------------------------------------------- /boot/espressif/tools/toolchain-esp32s3.cmake: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set(CMAKE_SYSTEM_NAME Generic) 6 | 7 | set(CMAKE_C_COMPILER xtensa-esp32s3-elf-gcc) 8 | set(CMAKE_CXX_COMPILER xtensa-esp32s3-elf-g++) 9 | set(CMAKE_ASM_COMPILER xtensa-esp32s3-elf-gcc) 10 | set(_CMAKE_TOOLCHAIN_PREFIX xtensa-esp32s3-elf-) 11 | 12 | set(CMAKE_C_FLAGS "-mlongcalls" CACHE STRING "C Compiler Base Flags" FORCE) 13 | set(CMAKE_CXX_FLAGS "-mlongcalls" CACHE STRING "C++ Compiler Base Flags" FORCE) 14 | set(CMAKE_ASM_FLAGS "${UNIQ_CMAKE_ASM_FLAGS}" CACHE STRING "ASM Compiler Base Flags" FORCE) 15 | 16 | set(CMAKE_EXE_LINKER_FLAGS "-Wl,--gc-sections" CACHE STRING "Linker Base Flags") 17 | -------------------------------------------------------------------------------- /boot/mbed/include/mcuboot_config/mcuboot_assert.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018 Open Source Foundries Limited 3 | * 4 | * Copyright (c) 2020 Embedded Planet 5 | * SPDX-License-Identifier: Apache-2.0 6 | * 7 | * Licensed under the Apache License, Version 2.0 (the "License"); 8 | * you may not use this file except in compliance with the License. 9 | * You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, software 14 | * distributed under the License is distributed on an "AS IS" BASIS, 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | * See the License for the specific language governing permissions and 17 | * limitations under the Licens 18 | */ 19 | 20 | #include "platform/mbed_assert.h" 21 | -------------------------------------------------------------------------------- /boot/mbed/include/os/os_malloc.h: -------------------------------------------------------------------------------- 1 | /** Not required for Mbed -- malloc calls are retargeted by the platform */ 2 | -------------------------------------------------------------------------------- /boot/mbed/include/sysflash/sysflash.h: -------------------------------------------------------------------------------- 1 | /* Manual version of auto-generated version. */ 2 | 3 | #ifndef __SYSFLASH_H__ 4 | #define __SYSFLASH_H__ 5 | 6 | #define PRIMARY_ID 0 7 | #define SECONDARY_ID 1 8 | #define SCRATCH_ID 2 9 | 10 | #define FLASH_AREA_IMAGE_PRIMARY(x) PRIMARY_ID 11 | #define FLASH_AREA_IMAGE_SECONDARY(x) SECONDARY_ID 12 | #define FLASH_AREA_IMAGE_SCRATCH SCRATCH_ID 13 | 14 | #endif /* __SYSFLASH_H__ */ 15 | -------------------------------------------------------------------------------- /boot/mynewt/README.md: -------------------------------------------------------------------------------- 1 | # MCUboot - apps/boot 2 | 3 | This sample app implements a bootloader for the Mynewt OS (apache.mynewt.org). 4 | This app requires the following Mynewt repositories: 5 | * @mcuboot (this one) 6 | * @apache-mynewt-core 7 | -------------------------------------------------------------------------------- /boot/mynewt/boot_uart/include/boot_uart/boot_uart.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | #ifndef _BOOT_UART_H_ 21 | #define _BOOT_UART_H_ 22 | 23 | int boot_uart_open(void); 24 | void boot_uart_close(void); 25 | int boot_uart_read(char *str, int cnt, int *newline); 26 | void boot_uart_write(const char *ptr, int cnt); 27 | 28 | #endif /* _BOOT_UART_H_ */ 29 | -------------------------------------------------------------------------------- /boot/mynewt/boot_uart/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: boot/mynewt/boot_uart 21 | pkg.description: "For interfacing with uart from boot_serial" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | pkg.keywords: 25 | - loader 26 | - boot 27 | - bootloader 28 | 29 | pkg.deps: 30 | - "@apache-mynewt-core/hw/hal" 31 | 32 | 33 | -------------------------------------------------------------------------------- /boot/mynewt/boot_uart/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | syscfg.defs: 20 | CONSOLE_UART_RX_BUF_SIZE: 21 | description: > 22 | UART console receive buffer size; must be power of 2. 23 | value: 32 24 | 25 | -------------------------------------------------------------------------------- /boot/mynewt/flash_map_backend/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2018 Nordic Semiconductor ASA 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | 7 | pkg.name: boot/mynewt/flash_map_backend 8 | pkg.description: Flash_map API helper reference. 9 | pkg.author: "Nordic Semiconductor ASA" 10 | pkg.homepage: "http://mcuboot.com" 11 | 12 | pkg.deps: 13 | - "@apache-mynewt-core/sys/flash_map" 14 | - "@mcuboot/boot/mynewt/mcuboot_config" 15 | -------------------------------------------------------------------------------- /boot/mynewt/mcuboot_config/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: boot/mynewt/mcuboot_config 21 | pkg.description: "Mynewt's mcuboot configuration" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | -------------------------------------------------------------------------------- /boot/zcbor/add_zcbor_copy_version.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$1" == "--help" ]; then 4 | echo "Add header if the zcbor files are updated." 5 | exit -1 6 | fi 7 | 8 | add_copy_notice() { 9 | echo "$(printf '/* 10 | * This file has been %s from the zcbor library. 11 | * Commit %s 12 | */ 13 | 14 | ' "$2" "$(zcbor --version)"; cat $1;)" > $1 15 | } 16 | 17 | add_copy_notice src/zcbor_decode.c "copied" 18 | add_copy_notice src/zcbor_encode.c "copied" 19 | add_copy_notice src/zcbor_common.c "copied" 20 | add_copy_notice include/zcbor_decode.h "copied" 21 | add_copy_notice include/zcbor_encode.h "copied" 22 | add_copy_notice include/zcbor_common.h "copied" 23 | add_copy_notice include/zcbor_print.h "copied" 24 | add_copy_notice include/zcbor_tags.h "copied" 25 | -------------------------------------------------------------------------------- /boot/zcbor/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: boot/zcbor 21 | pkg.description: Library for encoding and decoding data to/from cbor. 22 | pkg.author: "Nordic Semiconductor" 23 | pkg.homepage: "https://github.com/NordicSemiconductor/zcbor" 24 | pkg.keywords: 25 | - zcbor 26 | 27 | #pkg.src_dirs: src 28 | -------------------------------------------------------------------------------- /boot/zephyr/VERSION: -------------------------------------------------------------------------------- 1 | VERSION_MAJOR = 2 2 | VERSION_MINOR = 1 3 | PATCHLEVEL = 0 4 | VERSION_TWEAK = 0 5 | EXTRAVERSION = dev 6 | -------------------------------------------------------------------------------- /boot/zephyr/app.overlay: -------------------------------------------------------------------------------- 1 | / { 2 | chosen { 3 | zephyr,code-partition = &boot_partition; 4 | }; 5 | }; 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/actinius_icarus_bee_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # MCUBoot settings 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # MCUboot serial recovery 8 | CONFIG_MCUBOOT_SERIAL=y 9 | 10 | CONFIG_MULTITHREADING=y 11 | -------------------------------------------------------------------------------- /boot/zephyr/boards/actinius_icarus_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # MCUBoot settings 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # MCUboot serial recovery 8 | CONFIG_MCUBOOT_SERIAL=y 9 | 10 | CONFIG_MULTITHREADING=y 11 | -------------------------------------------------------------------------------- /boot/zephyr/boards/actinius_icarus_som_dk_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # MCUBoot settings 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # MCUboot serial recovery 8 | CONFIG_MCUBOOT_SERIAL=y 9 | 10 | CONFIG_MULTITHREADING=y 11 | -------------------------------------------------------------------------------- /boot/zephyr/boards/actinius_icarus_som_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # MCUBoot settings 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # MCUboot serial recovery 8 | CONFIG_MCUBOOT_SERIAL=y 9 | 10 | CONFIG_MULTITHREADING=y 11 | -------------------------------------------------------------------------------- /boot/zephyr/boards/bl5340_dvk_nrf5340_cpuapp.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MULTITHREADING=y 2 | # Enable QSPI (MX25R64) - Slot 1 in QSPI 3 | CONFIG_NORDIC_QSPI_NOR=y 4 | CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 5 | CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=4 6 | CONFIG_BOOT_MAX_IMG_SECTORS=256 7 | -------------------------------------------------------------------------------- /boot/zephyr/boards/circuitdojo_feather_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # Multithreading 5 | CONFIG_MULTITHREADING=y 6 | 7 | # MCUBoot settings 8 | CONFIG_BOOT_MAX_IMG_SECTORS=256 9 | 10 | # MCUboot serial recovery 11 | CONFIG_MCUBOOT_SERIAL=y 12 | CONFIG_BOOT_SERIAL_DETECT_DELAY=450 13 | CONFIG_MCUBOOT_INDICATION_LED=y 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/conexio_stratus.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | CONFIG_CONSOLE_HANDLER=n 4 | CONFIG_UART_CONSOLE=n 5 | 6 | # Multithreading 7 | CONFIG_MULTITHREADING=y 8 | 9 | # MCUBoot settings 10 | CONFIG_BOOT_MAX_IMG_SECTORS=256 11 | 12 | # MCUboot serial recovery 13 | CONFIG_MCUBOOT_SERIAL=y 14 | CONFIG_BOOT_SERIAL_DETECT_DELAY=450 15 | CONFIG_MCUBOOT_INDICATION_LED=y 16 | -------------------------------------------------------------------------------- /boot/zephyr/boards/conexio_stratus_pro.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | CONFIG_CONSOLE_HANDLER=n 4 | CONFIG_UART_CONSOLE=n 5 | 6 | # Multithreading 7 | CONFIG_MULTITHREADING=y 8 | 9 | # MCUBoot settings 10 | CONFIG_BOOT_MAX_IMG_SECTORS=256 11 | 12 | # MCUboot serial recovery 13 | CONFIG_MCUBOOT_SERIAL=y 14 | CONFIG_MCUBOOT_INDICATION_LED=y 15 | -------------------------------------------------------------------------------- /boot/zephyr/boards/ctcc_nrf52840.conf: -------------------------------------------------------------------------------- 1 | # Disable logging 2 | CONFIG_LOG=n 3 | CONFIG_CONSOLE=n 4 | CONFIG_UART_CONSOLE=n 5 | 6 | # MCUBoot serial configuration 7 | CONFIG_MCUBOOT_SERIAL=y 8 | CONFIG_BOOT_SERIAL_ENTRANCE_GPIO=n 9 | CONFIG_BOOT_SERIAL_CDC_ACM=y 10 | CONFIG_BOOT_SERIAL_WAIT_FOR_DFU=y 11 | CONFIG_BOOT_SERIAL_NO_APPLICATION=y 12 | CONFIG_BOOT_SERIAL_WAIT_FOR_DFU_TIMEOUT=5000 13 | CONFIG_BOOT_USB_DFU_WAIT=n 14 | 15 | # Required by USB 16 | CONFIG_MULTITHREADING=y 17 | 18 | # USB 19 | CONFIG_USB_DEVICE_STACK=y 20 | CONFIG_USB_DEVICE_REMOTE_WAKEUP=n 21 | -------------------------------------------------------------------------------- /boot/zephyr/boards/ctcc_nrf9161.conf: -------------------------------------------------------------------------------- 1 | # Disable logging 2 | CONFIG_LOG=n 3 | CONFIG_CONSOLE=n 4 | CONFIG_UART_CONSOLE=n 5 | 6 | # MCUboot serial configuration 7 | CONFIG_MCUBOOT_SERIAL=y 8 | CONFIG_BOOT_SERIAL_UART=y 9 | CONFIG_BOOT_SERIAL_ENTRANCE_GPIO=n 10 | CONFIG_BOOT_SERIAL_WAIT_FOR_DFU=y 11 | CONFIG_BOOT_SERIAL_NO_APPLICATION=y 12 | CONFIG_BOOT_SERIAL_WAIT_FOR_DFU_TIMEOUT=5000 13 | 14 | # SPI NOR 15 | CONFIG_SPI_NOR=n 16 | -------------------------------------------------------------------------------- /boot/zephyr/boards/disco_l475_iot1_stm32l475xx.conf: -------------------------------------------------------------------------------- 1 | CONFIG_BOOT_MAX_IMG_SECTORS=256 2 | CONFIG_WATCHDOG=y 3 | -------------------------------------------------------------------------------- /boot/zephyr/boards/flash_sim_driver.conf: -------------------------------------------------------------------------------- 1 | CONFIG_FLASH_SIMULATOR=y 2 | CONFIG_FLASH_SIMULATOR_UNALIGNED_READ=y 3 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_k64f_mk64f12.conf: -------------------------------------------------------------------------------- 1 | CONFIG_WATCHDOG=y 2 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_mcxa156.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #MCXA156 does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_mcxn236.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2025 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #MCXN236 does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_mcxn947_mcxn947_cpu0.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #MCXN94x does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_mcxn947_mcxn947_cpu0_qspi.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_UPGRADE_ONLY=y 5 | -------------------------------------------------------------------------------- /boot/zephyr/boards/frdm_mcxn947_mcxn947_cpu0_qspi.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2023 NXP 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | / { 8 | chosen { 9 | zephyr,flash = &flash; 10 | zephyr,code-partition = &boot_partition; 11 | }; 12 | }; 13 | 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/lpcxpresso55s06_lpc55s06.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #LPC does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/lpcxpresso55s16_lpc55s16.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #LPC does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/lpcxpresso55s28_lpc55s28.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #LPC does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/lpcxpresso55s36_lpc55s36.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #LPC does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/lpcxpresso55s69_lpc55s69_cpu0.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2023 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #LPC does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/m5stack_cores3_esp32s3_procpu.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 TOKITA Hiroshi 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | &aw9523b { 8 | status = "disabled"; 9 | }; 10 | 11 | &aw9523b_gpio { 12 | status = "disabled"; 13 | }; 14 | 15 | &ft6336_touch { 16 | status = "disabled"; 17 | }; 18 | -------------------------------------------------------------------------------- /boot/zephyr/boards/m5stack_cores3_esp32s3_procpu_se.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 TOKITA Hiroshi 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | &aw9523b { 8 | status = "disabled"; 9 | }; 10 | 11 | &aw9523b_gpio { 12 | status = "disabled"; 13 | }; 14 | 15 | &ft6336_touch { 16 | status = "disabled"; 17 | }; 18 | -------------------------------------------------------------------------------- /boot/zephyr/boards/mcx_n9xx_evk_mcxn947_cpu0.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2025 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | #MCXN94x does not support the MCUBoot swap mode. 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/mcx_n9xx_evk_mcxn947_cpu0_qspi.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2025 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_UPGRADE_ONLY=y 5 | -------------------------------------------------------------------------------- /boot/zephyr/boards/mcx_n9xx_evk_mcxn947_cpu0_qspi.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2025 NXP 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | / { 8 | chosen { 9 | zephyr,flash = &flash; 10 | zephyr,code-partition = &boot_partition; 11 | }; 12 | }; 13 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf51dk_nrf51822.conf: -------------------------------------------------------------------------------- 1 | # Due the small boot partition, we can't enable logging or the debug 2 | # optimization level out off the box. You need to increase the boot 3 | # partition size with a zephyr DTS overlay to make MCUboot's debug 4 | # builds fit. 5 | CONFIG_LOG=n 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840_big.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | /delete-node/ &boot_partition; 8 | /delete-node/ &slot0_partition; 9 | /delete-node/ &slot1_partition; 10 | 11 | &flash0 { 12 | partitions { 13 | compatible = "fixed-partitions"; 14 | #address-cells = <1>; 15 | #size-cells = <1>; 16 | 17 | boot_partition: partition@0 { 18 | label = "mcuboot"; 19 | reg = <0x000000000 0x00010000>; 20 | }; 21 | slot0_partition: partition@10000 { 22 | label = "image-0"; 23 | reg = <0x000010000 0x000074000>; 24 | }; 25 | slot1_partition: partition@75000 { 26 | label = "image-1"; 27 | reg = <0x00084000 0x000074000>; 28 | }; 29 | }; 30 | }; 31 | 32 | &zephyr_udc0 { 33 | cdc_acm_uart0 { 34 | compatible = "zephyr,cdc-acm-uart"; 35 | }; 36 | }; 37 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840_single_slot.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | /delete-node/ &boot_partition; 8 | /delete-node/ &slot0_partition; 9 | /delete-node/ &slot1_partition; 10 | 11 | &flash0 { 12 | partitions { 13 | compatible = "fixed-partitions"; 14 | #address-cells = <1>; 15 | #size-cells = <1>; 16 | 17 | boot_partition: partition@0 { 18 | label = "mcuboot"; 19 | reg = <0x000000000 0x00010000>; 20 | }; 21 | slot0_partition: partition@10000 { 22 | label = "image-0"; 23 | reg = <0x000010000 0x0000E8000>; 24 | }; 25 | }; 26 | }; 27 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dk_hooks_sample_overlay.conf: -------------------------------------------------------------------------------- 1 | CONFIG_UPDATEABLE_IMAGE_NUMBER=2 2 | 3 | CONFIG_FLASH_SIMULATOR=y 4 | CONFIG_FLASH_SIMULATOR_UNALIGNED_READ=y 5 | 6 | CONFIG_BOOT_IMAGE_ACCESS_HOOKS=y 7 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dk_nrf52840.conf: -------------------------------------------------------------------------------- 1 | # Ensure that the qspi driver is disabled by default 2 | CONFIG_NORDIC_QSPI_NOR=n 3 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dk_qspi_nor.conf: -------------------------------------------------------------------------------- 1 | CONFIG_NORDIC_QSPI_NOR=y 2 | CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 3 | CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16 4 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dk_qspi_nor_secondary.overlay: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | /delete-node/ &boot_partition; 8 | /delete-node/ &slot0_partition; 9 | /delete-node/ &slot1_partition; 10 | 11 | &flash0 { 12 | partitions { 13 | boot_partition: partition@0 { 14 | label = "mcuboot"; 15 | reg = <0x000000000 0x00010000>; 16 | }; 17 | slot0_partition: partition@10000 { 18 | label = "image-0"; 19 | reg = <0x000010000 0x0000e8000>; 20 | }; 21 | }; 22 | }; 23 | 24 | &mx25r64 { 25 | partitions { 26 | compatible = "fixed-partitions"; 27 | #address-cells = <1>; 28 | #size-cells = <1>; 29 | 30 | slot1_partition: partition@0 { 31 | label = "image-1"; 32 | reg = <0x000000000 0x0000e8000>; 33 | }; 34 | }; 35 | }; 36 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dk_qspi_secondary_boot.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MULTITHREADING=y 2 | CONFIG_BOOT_MAX_IMG_SECTORS=256 3 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf52840dongle_nrf52840.conf: -------------------------------------------------------------------------------- 1 | # The UART is used for Serial Recovery, so logging requires 2 | # an RTT console, which is not available out of the box on this board. 3 | # Disable logging. 4 | CONFIG_LOG=n 5 | 6 | # Serial 7 | CONFIG_CONSOLE=n 8 | CONFIG_SERIAL=y 9 | CONFIG_UART_NRFX=n 10 | CONFIG_UART_INTERRUPT_DRIVEN=y 11 | CONFIG_UART_LINE_CTRL=y 12 | 13 | # MCUBoot serial 14 | CONFIG_GPIO=y 15 | CONFIG_MCUBOOT_SERIAL=y 16 | CONFIG_BOOT_SERIAL_CDC_ACM=y 17 | 18 | # Required by USB 19 | CONFIG_MULTITHREADING=y 20 | 21 | # USB 22 | CONFIG_USB_DEVICE_STACK=y 23 | CONFIG_USB_DEVICE_REMOTE_WAKEUP=n 24 | CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" 25 | 26 | CONFIG_NORDIC_QSPI_NOR=n 27 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf5340dk_nrf5340_cpuapp_minimal.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2021 Nordic Semiconductor ASA 3 | # 4 | # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | # 6 | 7 | # CC3xx is currently not used for nrf53 8 | CONFIG_HW_CC3XX=n 9 | CONFIG_NRF_CC3XX_PLATFORM=n 10 | 11 | # Required for kernel operation 12 | CONFIG_CLOCK_CONTROL=y 13 | CONFIG_SYS_CLOCK_EXISTS=y 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54h20dk_nrf54h20_cpuapp_iron.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | # Ensure that the SPI NOR driver is disabled by default 7 | CONFIG_SPI_NOR=n 8 | 9 | # TODO: below are not yet supported and need fixing 10 | CONFIG_FPROTECT=n 11 | 12 | CONFIG_BOOT_WATCHDOG_FEED=n 13 | 14 | CONFIG_MULTITHREADING=y 15 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15dk_nrf54l05_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # Ensure that the SPI NOR driver is disabled by default 8 | CONFIG_SPI_NOR=n 9 | 10 | CONFIG_FPROTECT=y 11 | 12 | CONFIG_BOOT_WATCHDOG_FEED=n 13 | 14 | # Ensure the fastest RRAM write operations 15 | CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 16 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15dk_nrf54l10_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # Ensure that the SPI NOR driver is disabled by default 8 | CONFIG_SPI_NOR=n 9 | 10 | CONFIG_FPROTECT=y 11 | 12 | CONFIG_BOOT_WATCHDOG_FEED=n 13 | 14 | # Ensure the fastest RRAM write operations 15 | CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 16 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15dk_nrf54l15_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # Ensure that the SPI NOR driver is disabled by default 8 | CONFIG_SPI_NOR=n 9 | 10 | # TODO: below are not yet supported and need fixing 11 | CONFIG_FPROTECT=n 12 | 13 | CONFIG_BOOT_WATCHDOG_FEED=n 14 | 15 | # Ensure the fastest RRAM write operations 16 | CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 17 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15dk_nrf54l15_cpuapp_ext_flash.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MULTITHREADING=y 2 | CONFIG_SPI=y 3 | CONFIG_SPI_NOR=y 4 | CONFIG_FLASH=y 5 | CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x14000 6 | CONFIG_MAIN_STACK_SIZE=20480 7 | CONFIG_BOOT_MAX_IMG_SECTORS=512 8 | CONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 9 | # Ensure that the qspi driver is disabled by default 10 | CONFIG_NORDIC_QSPI_NOR=n 11 | 12 | # TODO: below are not yet supported and need fixing 13 | CONFIG_FPROTECT=n 14 | 15 | CONFIG_BOOT_WATCHDOG_FEED=n 16 | 17 | # Ensure the fastest RRAM write operations 18 | CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 19 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15dk_nrf54l15_cpuapp_ext_flash.overlay: -------------------------------------------------------------------------------- 1 | / { 2 | chosen { 3 | nordic,pm-ext-flash = &mx25r64; 4 | zephyr,code-partition = &boot_partition; 5 | }; 6 | }; 7 | 8 | /delete-node/ &boot_partition; 9 | /delete-node/ &slot0_partition; 10 | /delete-node/ &slot1_partition; 11 | 12 | /delete-node/ &slot0_ns_partition; 13 | /delete-node/ &slot1_ns_partition; 14 | 15 | /delete-node/ &storage_partition; 16 | 17 | &cpuapp_rram { 18 | reg = < 0x0 DT_SIZE_K(1524) >; 19 | partitions { 20 | boot_partition: partition@0 { 21 | label = "mcuboot"; 22 | reg = <0x000000000 0x00014000>; 23 | }; 24 | slot0_partition: partition@14000 { 25 | label = "image-0"; 26 | reg = <0x000014000 0x0015A000>; 27 | }; 28 | storage_partition: partition@16E000 { 29 | label = "storage"; 30 | reg = < 0x16E000 0x9000 >; 31 | }; 32 | }; 33 | }; 34 | 35 | &mx25r64 { 36 | status = "okay"; 37 | partitions { 38 | compatible = "fixed-partitions"; 39 | #address-cells = <1>; 40 | #size-cells = <1>; 41 | 42 | slot1_partition: partition@0 { 43 | label = "image-1"; 44 | reg = <0x000000000 0x0015A000>; 45 | }; 46 | }; 47 | }; 48 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15pdk_nrf54l15_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # Ensure that the SPI NOR driver is disabled by default 8 | CONFIG_SPI_NOR=n 9 | 10 | # TODO: below are not yet supported and need fixing 11 | CONFIG_FPROTECT=n 12 | 13 | CONFIG_BOOT_WATCHDOG_FEED=n 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15pdk_nrf54l15_cpuapp_ext_flash.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MULTITHREADING=y 2 | CONFIG_SPI=y 3 | CONFIG_SPI_NOR=y 4 | CONFIG_FLASH=y 5 | CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x14000 6 | CONFIG_MAIN_STACK_SIZE=20480 7 | CONFIG_BOOT_MAX_IMG_SECTORS=512 8 | CONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 9 | # Ensure that the qspi driver is disabled by default 10 | CONFIG_NORDIC_QSPI_NOR=n 11 | 12 | # TODO: below are not yet supported and need fixing 13 | CONFIG_FPROTECT=n 14 | 15 | CONFIG_BOOT_WATCHDOG_FEED=n 16 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54l15pdk_nrf54l15_cpuapp_ext_flash.overlay: -------------------------------------------------------------------------------- 1 | / { 2 | chosen { 3 | nordic,pm-ext-flash = &mx25r64; 4 | zephyr,code-partition = &boot_partition; 5 | }; 6 | }; 7 | 8 | /delete-node/ &boot_partition; 9 | /delete-node/ &slot0_partition; 10 | /delete-node/ &slot1_partition; 11 | 12 | /delete-node/ &slot0_ns_partition; 13 | /delete-node/ &slot1_ns_partition; 14 | 15 | /delete-node/ &storage_partition; 16 | 17 | &cpuapp_rram { 18 | reg = < 0x0 DT_SIZE_K(1524) >; 19 | partitions { 20 | boot_partition: partition@0 { 21 | label = "mcuboot"; 22 | reg = <0x000000000 0x00014000>; 23 | }; 24 | slot0_partition: partition@14000 { 25 | label = "image-0"; 26 | reg = <0x000014000 0x0015A000>; 27 | }; 28 | storage_partition: partition@16E000 { 29 | label = "storage"; 30 | reg = < 0x16E000 0x9000 >; 31 | }; 32 | }; 33 | }; 34 | 35 | &mx25r64 { 36 | status = "okay"; 37 | partitions { 38 | compatible = "fixed-partitions"; 39 | #address-cells = <1>; 40 | #size-cells = <1>; 41 | 42 | slot1_partition: partition@0 { 43 | label = "image-1"; 44 | reg = <0x000000000 0x0015A000>; 45 | }; 46 | }; 47 | }; 48 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf54lm20pdk_nrf54lm20a_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2025 Nordic Semiconductor ASA 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | CONFIG_BOOT_MAX_IMG_SECTORS=256 6 | 7 | # Ensure that the SPI NOR driver is disabled by default 8 | CONFIG_SPI_NOR=n 9 | 10 | # TODO: below are not yet supported and need fixing 11 | CONFIG_FPROTECT=n 12 | 13 | CONFIG_BOOT_WATCHDOG_FEED=n 14 | 15 | CONFIG_PSA_CRYPTO_DRIVER_CRACEN=n 16 | CONFIG_PSA_CRYPTO_DRIVER_OBERON=y 17 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf7002dk_nrf5340_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # By default no external SPI device is used for image storage, 2 | # so SPI-NOR is not needed. This reduces size of MCUboot, remember 3 | # though that when external image is needed the CONFIG_SPI_NOR 4 | # has to be enabled. 5 | CONFIG_SPI_NOR=n 6 | -------------------------------------------------------------------------------- /boot/zephyr/boards/nrf9161dk_nrf9161_0_7_0.conf: -------------------------------------------------------------------------------- 1 | CONFIG_SPI_NOR=n 2 | -------------------------------------------------------------------------------- /boot/zephyr/boards/odroid_go_esp32_procpu.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_REGULATOR=n 5 | -------------------------------------------------------------------------------- /boot/zephyr/boards/pinnacle_100_dvk_nrf52840.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MULTITHREADING=y 2 | # Enable QSPI (MX25R64) - Slot 1 in QSPI 3 | CONFIG_NORDIC_QSPI_NOR=y 4 | CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 5 | CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=4 6 | CONFIG_BOOT_MAX_IMG_SECTORS=256 7 | -------------------------------------------------------------------------------- /boot/zephyr/boards/sparkfun_thing_plus_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | 4 | # Multithreading 5 | CONFIG_MULTITHREADING=y 6 | 7 | # MCUBoot settings 8 | CONFIG_BOOT_MAX_IMG_SECTORS=256 9 | 10 | # MCUboot serial recovery 11 | CONFIG_MCUBOOT_SERIAL=y 12 | CONFIG_BOOT_SERIAL_DETECT_DELAY=450 13 | CONFIG_MCUBOOT_INDICATION_LED=y 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/thingy52_nrf52832.conf: -------------------------------------------------------------------------------- 1 | CONFIG_GPIO_SX1509B=n 2 | -------------------------------------------------------------------------------- /boot/zephyr/boards/thingy91_nrf52840.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_LOG=n 3 | CONFIG_CONSOLE=n 4 | CONFIG_CONSOLE_HANDLER=n 5 | CONFIG_UART_CONSOLE=n 6 | 7 | # The build won't fit on the partition allocated for it without size 8 | # optimizations. 9 | CONFIG_SIZE_OPTIMIZATIONS=y 10 | CONFIG_PM_PARTITION_SIZE_MCUBOOT=0x12000 11 | 12 | # Serial 13 | CONFIG_SERIAL=y 14 | CONFIG_UART_NRFX=y 15 | CONFIG_UART_INTERRUPT_DRIVEN=y 16 | CONFIG_UART_LINE_CTRL=y 17 | 18 | # MCUboot serial recovery 19 | CONFIG_GPIO=y 20 | CONFIG_MCUBOOT_SERIAL=y 21 | CONFIG_BOOT_SERIAL_CDC_ACM=y 22 | 23 | # Required by USB 24 | CONFIG_MULTITHREADING=y 25 | 26 | # USB 27 | CONFIG_USB_DEVICE_STACK=y 28 | CONFIG_USB_DEVICE_PRODUCT="MCUBOOT" 29 | CONFIG_USB_CDC_ACM=y 30 | CONFIG_USB_COMPOSITE_DEVICE=y 31 | CONFIG_USB_MASS_STORAGE=n 32 | CONFIG_USB_DEVICE_MANUFACTURER="Nordic Semiconductor" 33 | CONFIG_USB_DEVICE_VID=0x1915 34 | CONFIG_USB_DEVICE_PID=0x520F 35 | -------------------------------------------------------------------------------- /boot/zephyr/boards/thingy91_nrf9160.conf: -------------------------------------------------------------------------------- 1 | # Disable Zephyr console 2 | CONFIG_CONSOLE=n 3 | CONFIG_CONSOLE_HANDLER=n 4 | CONFIG_UART_CONSOLE=n 5 | 6 | # Disable Flash protection 7 | CONFIG_FPROTECT=n 8 | 9 | # MCUBoot settings 10 | CONFIG_BOOT_MAX_IMG_SECTORS=256 11 | 12 | # MCUboot serial recovery 13 | CONFIG_MCUBOOT_SERIAL=y 14 | -------------------------------------------------------------------------------- /boot/zephyr/boards/thingy91x_nrf9151.conf: -------------------------------------------------------------------------------- 1 | # MCUBoot settings 2 | CONFIG_BOOT_MAX_IMG_SECTORS=512 3 | 4 | CONFIG_SPI=y 5 | CONFIG_SPI_NOR=y 6 | CONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096 7 | CONFIG_SPI_NOR_SFDP_DEVICETREE=y 8 | CONFIG_MULTITHREADING=y 9 | 10 | # Disable Zephyr console and use UART for MCUboot serial recovery instead 11 | CONFIG_CONSOLE=n 12 | CONFIG_CONSOLE_HANDLER=n 13 | CONFIG_UART_CONSOLE=n 14 | CONFIG_MCUBOOT_SERIAL=y 15 | CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y 16 | CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y 17 | 18 | CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y 19 | CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y 20 | 21 | CONFIG_FW_INFO_FIRMWARE_VERSION=2 22 | -------------------------------------------------------------------------------- /boot/zephyr/boards/thingy91x_nrf9151.overlay: -------------------------------------------------------------------------------- 1 | &uart0 { 2 | status = "okay"; 3 | current-speed = < 1000000 >; 4 | }; 5 | -------------------------------------------------------------------------------- /boot/zephyr/boards/tlsr9518adk80d_tlsr9518.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2022 Telink Semiconductor 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=4096 5 | -------------------------------------------------------------------------------- /boot/zephyr/boards/vmu_rt1170_mimxrt1176_cm7.conf: -------------------------------------------------------------------------------- 1 | # Copyright 2024 NXP 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=1024 5 | CONFIG_BOOT_ERASE_PROGRESSIVELY=y 6 | -------------------------------------------------------------------------------- /boot/zephyr/boot_serial_extensions.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2021-2023 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | 9 | #include "bootutil/bootutil_log.h" 10 | #include "../boot_serial/src/boot_serial_priv.h" 11 | #include 12 | #include 13 | 14 | BOOT_LOG_MODULE_DECLARE(mcuboot); 15 | 16 | int bs_peruser_system_specific(const struct nmgr_hdr *hdr, const char *buffer, 17 | int len, zcbor_state_t *cs) 18 | { 19 | int mgmt_rc = MGMT_ERR_ENOTSUP; 20 | 21 | STRUCT_SECTION_FOREACH(mcuboot_bs_custom_handlers, function) { 22 | if (function->handler) { 23 | mgmt_rc = function->handler(hdr, buffer, len, cs); 24 | 25 | if (mgmt_rc != MGMT_ERR_ENOTSUP) { 26 | break; 27 | } 28 | } 29 | } 30 | 31 | if (mgmt_rc == MGMT_ERR_ENOTSUP) { 32 | zcbor_map_start_encode(cs, 10); 33 | zcbor_tstr_put_lit(cs, "rc"); 34 | zcbor_uint32_put(cs, mgmt_rc); 35 | zcbor_map_end_encode(cs, 10); 36 | } 37 | 38 | return MGMT_ERR_OK; 39 | } 40 | -------------------------------------------------------------------------------- /boot/zephyr/external_crypto.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2021 Nordic Semiconductor ASA 3 | # 4 | # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | # 6 | 7 | # These configurations should be used when using nrf/samples/bootloader 8 | # as the immutable bootloader (B0), and MCUBoot as the second stage updateable 9 | # bootloader. 10 | 11 | # Set ECDSA as signing mechanism 12 | CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y 13 | 14 | # Use crypto backend from B0 15 | CONFIG_BOOT_NRF_EXTERNAL_CRYPTO=y 16 | CONFIG_SECURE_BOOT_CRYPTO=y 17 | CONFIG_SB_CRYPTO_CLIENT_ECDSA_SECP256R1=y 18 | CONFIG_SB_CRYPTO_CLIENT_SHA256=y 19 | CONFIG_BL_SHA256_EXT_API_REQUIRED=y 20 | CONFIG_BL_SECP256R1_EXT_API_REQUIRED=y 21 | -------------------------------------------------------------------------------- /boot/zephyr/include/arm_cleanup.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * Copyright (c) 2020 Nordic Semiconductor ASA 4 | * 5 | * SPDX-License-Identifier: Apache-2.0 6 | */ 7 | 8 | #ifndef H_ARM_CLEANUP_ 9 | #define H_ARM_CLEANUP_ 10 | 11 | /** 12 | * Cleanup interrupt priority and interupt enable registers. 13 | */ 14 | void cleanup_arm_nvic(void); 15 | 16 | #if defined(CONFIG_CPU_HAS_ARM_MPU) || defined(CONFIG_CPU_HAS_NXP_MPU) 17 | /** 18 | * Cleanup all ARM MPU region configuration 19 | */ 20 | void z_arm_clear_arm_mpu_config(void); 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /boot/zephyr/include/boot_serial/boot_serial.ld: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | 9 | ITERABLE_SECTION_ROM(mcuboot_bs_custom_handlers, 4) 10 | -------------------------------------------------------------------------------- /boot/zephyr/include/mcuboot-mbedtls-cfg.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2018 Open Source Foundries Limited 3 | * SPDX-License-Identifier: Apache-2.0 4 | */ 5 | 6 | #ifndef _MCUBOOT_MBEDTLS_CONFIG_ 7 | #define _MCUBOOT_MBEDTLS_CONFIG_ 8 | 9 | /** 10 | * @file 11 | * 12 | * This is the top-level mbedTLS configuration file for MCUboot. The 13 | * configuration depends on the signature type, so this file just 14 | * pulls in the right header depending on that setting. 15 | */ 16 | 17 | /* 18 | * IMPORTANT: 19 | * 20 | * If you put any "generic" definitions in here, make sure to update 21 | * the simulator build.rs accordingly. 22 | */ 23 | 24 | #if defined(CONFIG_BOOT_SIGNATURE_TYPE_RSA) || defined(CONFIG_BOOT_ENCRYPT_RSA) 25 | #include "config-rsa.h" 26 | #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256) || \ 27 | defined(CONFIG_BOOT_ENCRYPT_EC256) || \ 28 | (defined(CONFIG_BOOT_ENCRYPT_X25519) && !defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519)) 29 | #include "config-asn1.h" 30 | #elif defined(CONFIG_BOOT_SIGNATURE_TYPE_ED25519) 31 | #include "config-ed25519.h" 32 | #else 33 | #error "Cannot configure mbedTLS; signature type is unknown." 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /boot/zephyr/include/mcuboot_config/mcuboot_logging.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018 Runtime Inc 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef __MCUBOOT_LOGGING_H__ 8 | #define __MCUBOOT_LOGGING_H__ 9 | 10 | /* 11 | * When building for targets running Zephyr, delegate to its native 12 | * logging subsystem. 13 | */ 14 | #ifdef CONFIG_MCUBOOT 15 | #define MCUBOOT_LOG_MODULE_DECLARE(domain) LOG_MODULE_DECLARE(domain, CONFIG_MCUBOOT_LOG_LEVEL) 16 | #define MCUBOOT_LOG_MODULE_REGISTER(domain) LOG_MODULE_REGISTER(domain, CONFIG_MCUBOOT_LOG_LEVEL) 17 | #else 18 | #define MCUBOOT_LOG_MODULE_DECLARE(domain) LOG_MODULE_DECLARE(domain, CONFIG_MCUBOOT_UTIL_LOG_LEVEL) 19 | #define MCUBOOT_LOG_MODULE_REGISTER(domain) LOG_MODULE_REGISTER(domain, CONFIG_MCUBOOT_UTIL_LOG_LEVEL) 20 | #endif 21 | 22 | #define MCUBOOT_LOG_ERR(...) LOG_ERR(__VA_ARGS__) 23 | #define MCUBOOT_LOG_WRN(...) LOG_WRN(__VA_ARGS__) 24 | #define MCUBOOT_LOG_INF(...) LOG_INF(__VA_ARGS__) 25 | #define MCUBOOT_LOG_DBG(...) LOG_DBG(__VA_ARGS__) 26 | #define MCUBOOT_LOG_SIM(...) IGNORE(__VA_ARGS__) 27 | 28 | #include 29 | 30 | #endif /* __MCUBOOT_LOGGING_H__ */ 31 | -------------------------------------------------------------------------------- /boot/zephyr/include/nrf_cleanup.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2020 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | */ 6 | 7 | #ifndef H_NRF_CLEANUP_ 8 | #define H_NRF_CLEANUP_ 9 | 10 | /** 11 | * Perform cleanup on some peripheral resources used by MCUBoot prior chainload 12 | * the application. 13 | * 14 | * This function disables all RTC instances and UARTE instances. 15 | * It Disables their interrupts signals as well. 16 | */ 17 | void nrf_cleanup_peripheral(void); 18 | 19 | /** 20 | * Perform cleanup of non-secure RAM that may have been used by MCUBoot. 21 | */ 22 | void nrf_cleanup_ns_ram(void); 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /boot/zephyr/include/os/os.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nrfconnect/sdk-mcuboot/b37f58b7fa7221fe2fd4e9d0ca0a2567e5279bc0/boot/zephyr/include/os/os.h -------------------------------------------------------------------------------- /boot/zephyr/include/os/os_heap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | #ifndef H_OS_HEAP_ 21 | #define H_OS_HEAP_ 22 | 23 | #include 24 | 25 | #ifdef __cplusplus 26 | extern "C" { 27 | #endif 28 | 29 | void *os_malloc(size_t size); 30 | void os_free(void *mem); 31 | void *os_realloc(void *ptr, size_t size); 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /boot/zephyr/include/serial_adapter/serial_adapter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2017 Nordic Semiconductor ASA 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #ifndef H_SERIAL_ADAPTER 18 | #define H_SERIAL_ADAPTER 19 | 20 | int 21 | console_out(int c); 22 | 23 | void 24 | console_write(const char *str, int cnt); 25 | 26 | int 27 | boot_console_init(void); 28 | 29 | int 30 | console_read(char *str, int str_cnt, int *newline); 31 | 32 | #endif // SERIAL_ADAPTER 33 | -------------------------------------------------------------------------------- /boot/zephyr/nrf52840dk_nrf52840_cc310_ecdsa.conf: -------------------------------------------------------------------------------- 1 | CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y 2 | CONFIG_BOOT_ECDSA_CC310=y 3 | -------------------------------------------------------------------------------- /boot/zephyr/prj_minimal.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2021 Nordic Semiconductor ASA 3 | # 4 | # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause 5 | # 6 | 7 | CONFIG_MAIN_STACK_SIZE=10240 8 | CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h" 9 | 10 | CONFIG_FLASH=y 11 | CONFIG_FPROTECT=y 12 | CONFIG_PM=n 13 | 14 | CONFIG_BOOT_SWAP_SAVE_ENCTLV=n 15 | CONFIG_BOOT_ENCRYPT_IMAGE=n 16 | 17 | CONFIG_BOOT_BOOTSTRAP=n 18 | CONFIG_BOOT_UPGRADE_ONLY=n 19 | 20 | ### Minimal Configurations ### 21 | CONFIG_BOOT_USE_MIN_PARTITION_SIZE=y 22 | CONFIG_ASSERT=n 23 | CONFIG_BOOT_BANNER=n 24 | CONFIG_CLOCK_CONTROL=n 25 | CONFIG_CONSOLE=n 26 | CONFIG_CONSOLE_HANDLER=n 27 | CONFIG_GPIO=n 28 | CONFIG_KERNEL_MEM_POOL=n 29 | CONFIG_LOG=n 30 | CONFIG_MINIMAL_LIBC_CALLOC=n 31 | CONFIG_MINIMAL_LIBC_MALLOC=n 32 | CONFIG_MINIMAL_LIBC_REALLOCARRAY=n 33 | CONFIG_NCS_SAMPLES_DEFAULTS=n 34 | CONFIG_NO_RUNTIME_CHECKS=y 35 | CONFIG_NRF_RTC_TIMER=n 36 | CONFIG_PRINTK=n 37 | CONFIG_SERIAL=n 38 | CONFIG_SIZE_OPTIMIZATIONS=y 39 | CONFIG_SYS_CLOCK_EXISTS=n 40 | CONFIG_UART_CONSOLE=n 41 | -------------------------------------------------------------------------------- /boot/zephyr/ram_load.conf: -------------------------------------------------------------------------------- 1 | # Enables RAM load mode and specifies 16 MB of memory from 0x80000000 2 | # as a valid location for the firmware to be loaded into. 3 | 4 | CONFIG_BOOT_RAM_LOAD=y 5 | CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START=0x80000000 6 | CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_SIZE=16777216 -------------------------------------------------------------------------------- /boot/zephyr/serial_recovery.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MCUBOOT_SERIAL=y 2 | CONFIG_BOOT_SERIAL_UART=y 3 | CONFIG_UART_CONSOLE=n 4 | -------------------------------------------------------------------------------- /boot/zephyr/single_slot.conf: -------------------------------------------------------------------------------- 1 | CONFIG_SINGLE_APPLICATION_SLOT=y 2 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32_procpu.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_HEAP_MEM_POOL_SIZE=4096 19 | CONFIG_MINIMAL_LIBC=y 20 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32c2.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_XIP=n 19 | CONFIG_HEAP_MEM_POOL_SIZE=4096 20 | CONFIG_MINIMAL_LIBC=y 21 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32c3.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_XIP=n 19 | CONFIG_HEAP_MEM_POOL_SIZE=4096 20 | CONFIG_MINIMAL_LIBC=y 21 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32c6.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_XIP=n 19 | CONFIG_HEAP_MEM_POOL_SIZE=4096 20 | CONFIG_MINIMAL_LIBC=y 21 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32s2.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_HEAP_MEM_POOL_SIZE=4096 19 | CONFIG_MINIMAL_LIBC=y 20 | -------------------------------------------------------------------------------- /boot/zephyr/socs/esp32s3_procpu.conf: -------------------------------------------------------------------------------- 1 | # SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD 2 | # SPDX-License-Identifier: Apache-2.0 3 | 4 | CONFIG_BOOT_MAX_IMG_SECTORS=512 5 | CONFIG_BOOT_UPGRADE_ONLY=y 6 | CONFIG_BOOT_VALIDATE_SLOT0=n 7 | CONFIG_BOOT_SIGNATURE_TYPE_NONE=y 8 | CONFIG_BOOT_BANNER=n 9 | 10 | CONFIG_UART_CONSOLE=n 11 | CONFIG_CONSOLE=n 12 | CONFIG_SERIAL=n 13 | 14 | CONFIG_MCUBOOT_LOG_LEVEL_OFF=y 15 | CONFIG_LOG_DEFAULT_LEVEL=0 16 | CONFIG_DEBUG=n 17 | 18 | CONFIG_HEAP_MEM_POOL_SIZE=4096 19 | CONFIG_MINIMAL_LIBC=y 20 | -------------------------------------------------------------------------------- /boot/zephyr/socs/nrf54l15_cpuapp.conf: -------------------------------------------------------------------------------- 1 | # Link Time Optimizations 2 | CONFIG_ISR_TABLES_LOCAL_DECLARATION=y 3 | CONFIG_LTO=y 4 | -------------------------------------------------------------------------------- /boot/zephyr/swap_offset.conf: -------------------------------------------------------------------------------- 1 | CONFIG_BOOT_SWAP_USING_OFFSET=y 2 | -------------------------------------------------------------------------------- /boot/zephyr/usb_cdc_acm.overlay: -------------------------------------------------------------------------------- 1 | &zephyr_udc0 { 2 | cdc_acm_uart0 { 3 | compatible = "zephyr,cdc-acm-uart"; 4 | }; 5 | }; 6 | -------------------------------------------------------------------------------- /boot/zephyr/usb_cdc_acm_log_recovery.conf: -------------------------------------------------------------------------------- 1 | CONFIG_LOG=y 2 | 3 | # Serial 4 | CONFIG_UART_CONSOLE=n 5 | CONFIG_CONSOLE=n 6 | CONFIG_SERIAL=y 7 | CONFIG_UART_LINE_CTRL=y 8 | 9 | # MCUBoot serial 10 | CONFIG_MCUBOOT_SERIAL=y 11 | CONFIG_BOOT_SERIAL_CDC_ACM=y 12 | -------------------------------------------------------------------------------- /boot/zephyr/usb_cdc_acm_recovery.conf: -------------------------------------------------------------------------------- 1 | CONFIG_MCUBOOT_SERIAL=y 2 | CONFIG_BOOT_SERIAL_CDC_ACM=y 3 | CONFIG_UART_CONSOLE=n 4 | -------------------------------------------------------------------------------- /ci/espressif_install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | set -eo pipefail 6 | 7 | install_imgtool() { 8 | pip install imgtool 9 | } 10 | 11 | install_idf() { 12 | pushd $HOME 13 | git clone --depth=1 https://github.com/espressif/esp-idf.git --branch v5.1.4 14 | [[ $? -ne 0 ]] && exit 1 15 | 16 | $HOME/esp-idf/install.sh 17 | [[ $? -ne 0 ]] && exit 1 18 | 19 | popd 20 | } 21 | 22 | install_imgtool 23 | install_idf 24 | -------------------------------------------------------------------------------- /ci/fih-tests_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Copyright (c) 2020 Arm Limited 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -e 18 | 19 | source $(dirname "$0")/fih-tests_version.sh 20 | 21 | DOCKER_DIR=docker 22 | 23 | IMAGE=fih-test:$FIH_IMAGE_VERSION 24 | 25 | CACHED_IMAGE=$DOCKER_DIR/$IMAGE 26 | 27 | [[ -f $CACHED_IMAGE ]] && (gzip -dc $CACHED_IMAGE | docker load) 28 | 29 | if [[ $? -ne 0 ]]; then 30 | docker pull mcuboot/$IMAGE 31 | if [[ $GITHUB_ACTIONS != true ]]; then 32 | docker save mcuboot/$IMAGE | gzip > $CACHED_IMAGE 33 | fi 34 | fi 35 | -------------------------------------------------------------------------------- /ci/fih-tests_version.sh: -------------------------------------------------------------------------------- 1 | FIH_IMAGE_VERSION=0.0.3 2 | -------------------------------------------------------------------------------- /ci/fih_test_docker/docker-build/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Copyright (c) 2020 Arm Limited 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -e 18 | 19 | trap cleanup_exit INT TERM EXIT 20 | 21 | cleanup_exit() 22 | { 23 | rm -f *.list *.key 24 | } 25 | 26 | export LANG=C 27 | 28 | image=mcuboot/fih-test 29 | docker build --pull --tag=$image . 30 | -------------------------------------------------------------------------------- /ci/fih_test_docker/paths.sh: -------------------------------------------------------------------------------- 1 | WORK_PATH=/root/work/tfm 2 | MCUBOOT_PATH=$WORK_PATH/mcuboot 3 | TFM_PATH=$WORK_PATH/trusted-firmware-m 4 | TFM_TESTS_PATH=$WORK_PATH/tf-m-tests 5 | TFM_SPE_BUILD_PATH=$TFM_PATH/build_spe 6 | TFM_BUILD_PATH=$TFM_PATH/build 7 | BOOTLOADER_AXF_PATH=$TFM_SPE_BUILD_PATH/bin/bl2.axf 8 | TFM_IMAGE_NAME=tfm_s_ns_signed.bin 9 | TFM_IMAGE_OUTPUT_PATH=$TFM_BUILD_PATH 10 | TFM_IMAGE_PATH=$TFM_IMAGE_OUTPUT_PATH/$TFM_IMAGE_NAME 11 | -------------------------------------------------------------------------------- /ci/imgtool_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | if [[ $TRAVIS == "true" ]]; then 16 | if [[ $TRAVIS_PULL_REQUEST != "false" || $TRAVIS_BRANCH != "main" ]]; then 17 | echo "Either a PR or not \"main\" branch, exiting" 18 | exit 0 19 | fi 20 | fi 21 | 22 | pip install setuptools twine packaging wheel 23 | pip install --pre imgtool 24 | -------------------------------------------------------------------------------- /ci/mynewt_keys/enc_kw/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: keys/enc_kw 21 | pkg.author: "Apache Mynewt " 22 | pkg.homepage: "http://mynewt.apache.org/" 23 | -------------------------------------------------------------------------------- /ci/mynewt_keys/enc_kw/src/keys.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Licensed to the Apache Software Foundation (ASF) under one 3 | * or more contributor license agreements. See the NOTICE file 4 | * distributed with this work for additional information 5 | * regarding copyright ownership. The ASF licenses this file 6 | * to you under the Apache License, Version 2.0 (the 7 | * "License"); you may not use this file except in compliance 8 | * with the License. You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, 13 | * software distributed under the License is distributed on an 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | * KIND, either express or implied. See the License for the 16 | * specific language governing permissions and limitations 17 | * under the License. 18 | */ 19 | 20 | #include 21 | #include 22 | unsigned char enc_key[] = { 23 | 0x96, 0x69, 0xd2, 0xcf, 0x0e, 0xb1, 0xc6, 0x56, 0xf2, 0xa0, 0x1f, 0x46, 24 | 0x06, 0xd3, 0x49, 0x31, 25 | }; 26 | static unsigned int enc_key_len = 16; 27 | const struct bootutil_key bootutil_enc_key = { 28 | .key = enc_key, 29 | .len = &enc_key_len, 30 | }; 31 | -------------------------------------------------------------------------------- /ci/mynewt_keys/enc_rsa/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: keys/enc_rsa 21 | pkg.author: "Apache Mynewt " 22 | pkg.homepage: "http://mynewt.apache.org/" 23 | -------------------------------------------------------------------------------- /ci/mynewt_run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Licensed to the Apache Software Foundation (ASF) under one 4 | # or more contributor license agreements. See the NOTICE file 5 | # distributed with this work for additional information 6 | # regarding copyright ownership. The ASF licenses this file 7 | # to you under the Apache License, Version 2.0 (the 8 | # "License"); you may not use this file except in compliance 9 | # with the License. You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, 14 | # software distributed under the License is distributed on an 15 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | # KIND, either express or implied. See the License for the 17 | # specific language governing permissions and limitations 18 | # under the License. 19 | 20 | export PATH=$HOME/bin:$PATH 21 | pwd 22 | 23 | for target in $(ls ci/mynewt_targets); do 24 | newt build $target 25 | [[ $? -ne 0 ]] && exit 1 26 | done 27 | 28 | mkdir targets 29 | cp -r repos/apache-mynewt-core/targets/unittest targets 30 | newt test boot/boot_serial 31 | [[ $? -ne 0 ]] && exit 1 32 | 33 | exit 0 34 | -------------------------------------------------------------------------------- /ci/mynewt_targets/basic/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/basic" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/basic/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | -------------------------------------------------------------------------------- /ci/mynewt_targets/bootserial/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/bootserial" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/bootserial/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOT_SERIAL: 1 24 | UART_0: 1 25 | -------------------------------------------------------------------------------- /ci/mynewt_targets/bootserial/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/ecdsa" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 1 25 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-ec-p256.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa_kw/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/ecdsa_kw" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | - "@mcuboot/keys/enc_kw" 29 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa_kw/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 1 25 | BOOTUTIL_ENCRYPT_KW: 1 26 | -------------------------------------------------------------------------------- /ci/mynewt_targets/ecdsa_kw/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-ec-p256.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/rsa" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 0 25 | BOOTUTIL_SIGN_RSA: 1 26 | BOOTUTIL_USE_MBED_TLS: 1 27 | BOOTUTIL_USE_TINYCRYPT: 0 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-rsa-2048.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_kw/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/rsa_kw" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | - "@mcuboot/keys/enc_kw" 29 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_kw/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 0 25 | BOOTUTIL_SIGN_RSA: 1 26 | BOOTUTIL_USE_MBED_TLS: 1 27 | BOOTUTIL_USE_TINYCRYPT: 0 28 | BOOTUTIL_ENCRYPT_KW: 1 29 | MBEDTLS_NIST_KW_C: 1 30 | MBEDTLS_CIPHER_MODE_CTR: 1 31 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_kw/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-rsa-2048.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_overwriteonly/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/rsa_overwriteonly" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_overwriteonly/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 0 25 | BOOTUTIL_SIGN_RSA: 1 26 | BOOTUTIL_USE_MBED_TLS: 1 27 | BOOTUTIL_USE_TINYCRYPT: 0 28 | BOOTUTIL_OVERWRITE_ONLY: 1 29 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_overwriteonly/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-rsa-2048.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep/pkg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | pkg.name: "targets/rsa_rsaoaep" 20 | pkg.type: "target" 21 | pkg.description: 22 | pkg.author: 23 | pkg.homepage: 24 | 25 | pkg.deps: 26 | - "@mcuboot/boot/mynewt" 27 | - "@mcuboot/keys/enc_rsa" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 0 25 | BOOTUTIL_SIGN_RSA: 1 26 | BOOTUTIL_USE_MBED_TLS: 1 27 | BOOTUTIL_USE_TINYCRYPT: 0 28 | BOOTUTIL_ENCRYPT_RSA: 1 29 | MBEDTLS_CIPHER_MODE_CTR: 1 30 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-rsa-2048.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep_bootstrap/pkg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | pkg.name: "targets/rsa_rsaoaep_bootstrap" 20 | pkg.type: "target" 21 | pkg.description: 22 | pkg.author: 23 | pkg.homepage: 24 | 25 | pkg.deps: 26 | - "@mcuboot/boot/mynewt" 27 | - "@mcuboot/keys/enc_rsa" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep_bootstrap/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | $import: 20 | - '@mcuboot/ci/mynewt_targets/basic/syscfg.yml' 21 | 22 | syscfg.vals: 23 | BOOTUTIL_VALIDATE_SLOT0: 1 24 | BOOTUTIL_SIGN_EC256: 0 25 | BOOTUTIL_SIGN_RSA: 1 26 | BOOTUTIL_USE_MBED_TLS: 1 27 | BOOTUTIL_USE_TINYCRYPT: 0 28 | BOOTUTIL_ENCRYPT_RSA: 1 29 | BOOTUTIL_BOOTSTRAP: 1 30 | MBEDTLS_CIPHER_MODE_CTR: 1 31 | -------------------------------------------------------------------------------- /ci/mynewt_targets/rsa_rsaoaep_bootstrap/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | target.key_file: "@mcuboot/root-rsa-2048.pem" 24 | -------------------------------------------------------------------------------- /ci/mynewt_targets/swap_move/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: "targets/swap_move" 21 | pkg.type: "target" 22 | pkg.description: 23 | pkg.author: 24 | pkg.homepage: 25 | 26 | pkg.deps: 27 | - "@mcuboot/boot/mynewt" 28 | -------------------------------------------------------------------------------- /ci/mynewt_targets/swap_move/target.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | target.app: "@mcuboot/boot/mynewt" 21 | target.bsp: "@apache-mynewt-core/hw/bsp/nordic_pca10056" 22 | target.build_profile: "optimized" 23 | -------------------------------------------------------------------------------- /ci/requirements.txt: -------------------------------------------------------------------------------- 1 | tomli 2 | -------------------------------------------------------------------------------- /ci/sim_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | pip3 install --user -r ci/requirements.txt 16 | 17 | pushd sim && cargo fetch 18 | [[ $? -ne 0 ]] && exit 1 19 | popd 20 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | .sass-cache/ 2 | _site/ 3 | -------------------------------------------------------------------------------- /docs/CNAME: -------------------------------------------------------------------------------- 1 | docs.mcuboot.com -------------------------------------------------------------------------------- /docs/Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | # Hello! This is where you manage which Jekyll version is used to run. 4 | # When you want to use a different version, change it below, save the 5 | # file and run `bundle install`. Run Jekyll with `bundle exec`, like so: 6 | # 7 | # bundle exec jekyll serve 8 | 9 | # This is the default theme for new Jekyll sites. You may change this to anything you like. 10 | # gem "jekyll-theme-cayman", "~> 0.1" 11 | 12 | # If you want to use GitHub Pages, remove the "gem "jekyll"" above and 13 | # uncomment the line below. To upgrade, run `bundle update github-pages`. 14 | gem "github-pages", group: :jekyll_plugins 15 | 16 | # If you have any plugins, put them here! 17 | # group :jekyll_plugins do 18 | # gem "jekyll-feed", "~> 0.6" 19 | # end 20 | 21 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 22 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] 23 | 24 | gem "jemoji", "~> 0.12.0" 25 | 26 | gem "webrick", "~> 1.8" 27 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-cayman 2 | plugins: 3 | - jemoji 4 | -------------------------------------------------------------------------------- /docs/images/decomp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nrfconnect/sdk-mcuboot/b37f58b7fa7221fe2fd4e9d0ca0a2567e5279bc0/docs/images/decomp.png -------------------------------------------------------------------------------- /docs/release-notes.d/00readme.md: -------------------------------------------------------------------------------- 1 | # Pending release notes directory 2 | 3 | This directory contains release note entries that have not been merged 4 | into the main release-notes.md document. 5 | 6 | Generally a release note entry should be created for changes that: 7 | 8 | - Fix bugs in the code. 9 | - Implement new features. 10 | - Change existing behavior. 11 | 12 | Release notes are generally not needed for: 13 | 14 | - Some documentation improvements. 15 | - Strictly internal changes to the code that won't be visible to users 16 | of the code. 17 | 18 | ## Release note format 19 | 20 | Release notes are included in files under this `docs/release-notes.d` 21 | directory and have a name of `*.md`. They will be included in the 22 | `release-notes.md` file, and should be formatted as a Markdown list 23 | entry. (A script will be developed to collect these, ordered by when 24 | the commits were added to the tree.) 25 | 26 | Choose a filename that is related to what this change does. The names 27 | are not used for anything in particular, but to keep the files 28 | distinct so that there isn't a concern with merge conflicts as 29 | different pull requests merge in different orders. 30 | -------------------------------------------------------------------------------- /enc-aes128kw.b64: -------------------------------------------------------------------------------- 1 | 0VoElcTCqP8weM5Jtfyy3Q== 2 | -------------------------------------------------------------------------------- /enc-aes256kw.b64: -------------------------------------------------------------------------------- 1 | 5FxRRtIcgjXMGhmvofKqIMiMf0Bs2yKqarXLqvixW7Q= 2 | -------------------------------------------------------------------------------- /enc-ec256-priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg9h5Rnfj63aG32alk 3 | ZDtU0D3QH+V42ReYpSjKzGtnngahRANCAASKRHMAlMmAJzENIzZr6Wmfy8V8yEQa 4 | k+bufYamrl6TcnTZ4Vocm2UaK2FBKAJzhBKXOi2ioGd3AtpnGkvd13HM 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /enc-ec256-pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEikRzAJTJgCcxDSM2a+lpn8vFfMhE 3 | GpPm7n2Gpq5ek3J02eFaHJtlGithQSgCc4QSlzotoqBndwLaZxpL3ddxzA== 4 | -----END PUBLIC KEY----- 5 | -------------------------------------------------------------------------------- /enc-rsa2048-pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCYUST0WEzptnISpi2oQ 3 | IGHvSASkSyTzADKsIuAwJ3AY5VXIuAU0A7D4pZbSSFjvcLAJ2+NYYu+ZYwGyicSz 4 | 9p5iv03CitDJTUOj2OUd7GJjCOIgpfx40D50yKQbNq179QauTVGbQM4wT2zq+el0 5 | 6gbunOQUaCC5PecRFIslo/9MivNT7ms+7zTNaj9iaMD/eEyww+aWYfwfGPF6guKP 6 | NagrhhakRvusfkHbAgWRbd/B3hOVnPmeXnK6pyWT+9zoq4ZFiEct7e7ul57OXZsE 7 | BEB8y3w9LHSrpMxko1yVPdSi3JKyyBjL+QA5gY+PQMLfmSmsisI72KTyra90wBHH 8 | mQIDAQAB 9 | -----END PUBLIC KEY----- 10 | -------------------------------------------------------------------------------- /enc-x25519-priv.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VuBCIEICiAL+/vgpVQ8UGTA2wbuUlsUeUmh493B/i0HwRFbYRP 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /enc-x25519-pub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MCowBQYDK2VuAyEApnrfU1lvc6n45HmsC6ogwvmJkv+Wltehx3CxYYsqD3A= 3 | -----END PUBLIC KEY----- 4 | -------------------------------------------------------------------------------- /ext/fiat/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015-2016 the fiat-crypto authors (see 4 | https://github.com/mit-plv/fiat-crypto/blob/master/AUTHORS). 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in all 14 | copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 | SOFTWARE. 23 | -------------------------------------------------------------------------------- /ext/fiat/METADATA: -------------------------------------------------------------------------------- 1 | name: "fiat" 2 | description: "Fiat-Crypto: Synthesizing Correct-by-Construction Code for Cryptographic Primitives." 3 | 4 | third_party { 5 | url { 6 | type: GIT 7 | value: "https://github.com/mit-plv/fiat-crypto" 8 | } 9 | version: "4441785fb44b88bb6943ddbf639d872c8c903281" 10 | last_upgrade_date { year: 2019 month: 1 day: 16 } 11 | 12 | local_modifications: "Fiat-generated code has been integrated into existing BoringSSL code" 13 | } 14 | -------------------------------------------------------------------------------- /ext/fiat/README.chromium: -------------------------------------------------------------------------------- 1 | Name: Fiat-Crypto: Synthesizing Correct-by-Construction Code for Cryptographic Primitives 2 | Short Name: fiat-crypto 3 | URL: https://github.com/mit-plv/fiat-crypto 4 | Version: git (see METADATA) 5 | License: MIT 6 | License File: LICENSE 7 | Security Critical: yes 8 | 9 | Description: 10 | See README.md and METADATA. 11 | -------------------------------------------------------------------------------- /ext/fiat/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: ext/fiat 21 | pkg.description: "MCUboot's bundled fiat-crypto" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | pkg.keywords: 25 | -------------------------------------------------------------------------------- /ext/mbedtls-asn1/README: -------------------------------------------------------------------------------- 1 | This bundles the asn1 parser from mbed-tls into mcuboot, which allows 2 | adding EC crypto (tinycrypt based) functionality for target OSes that 3 | don't bundle mbed-tls. 4 | -------------------------------------------------------------------------------- /ext/mbedtls-asn1/include/mbedtls/private_access.h: -------------------------------------------------------------------------------- 1 | /** 2 | * \file private_access.h 3 | * 4 | * \brief Macro wrapper for struct's memebrs. 5 | */ 6 | /* 7 | * Copyright The Mbed TLS Contributors 8 | * SPDX-License-Identifier: Apache-2.0 9 | * 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may 11 | * not use this file except in compliance with the License. 12 | * You may obtain a copy of the License at 13 | * 14 | * http://www.apache.org/licenses/LICENSE-2.0 15 | * 16 | * Unless required by applicable law or agreed to in writing, software 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | * See the License for the specific language governing permissions and 20 | * limitations under the License. 21 | */ 22 | 23 | #ifndef MBEDTLS_PRIVATE_ACCESS_H 24 | #define MBEDTLS_PRIVATE_ACCESS_H 25 | 26 | #ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS 27 | #define MBEDTLS_PRIVATE(member) private_##member 28 | #else 29 | #define MBEDTLS_PRIVATE(member) member 30 | #endif 31 | 32 | #endif /* MBEDTLS_PRIVATE_ACCESS_H */ 33 | -------------------------------------------------------------------------------- /ext/mbedtls-asn1/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: ext/mbedtls-asn1 21 | pkg.description: "MCUboot's bundled mbed-tls ASN1 parser" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | pkg.keywords: 25 | -------------------------------------------------------------------------------- /ext/nrf/README.md: -------------------------------------------------------------------------------- 1 | # Building MCUboot with nRF52840 CC310 enabled 2 | 3 | ## Prerequisites 4 | 5 | Clone [nrfxlib](https://github.com/NordicPlayground/nrfxlib) next to the MCUboot root folder. So that it's located `../nrfxlib` from MCUboot root folder. 6 | 7 | ## Building 8 | 9 | make sure `root-ec-p256.pem` is set as the certificate and that `CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256` is selected not `CONFIG_BOOT_SIGNATURE_TYPE_RSA` in `prj.conf` of `boot/zephyr`. 10 | Since it defaults to tinycrypt you'll have to go into `menuconfig` and change the implementation selection to `cc310` or also set this in `prj.conf`. 11 | 12 | ``` 13 | mkdir build && cd build 14 | cmake -GNinja -DBOARD=nrf52840dk/nrf52840 15 | ninja flash 16 | ``` 17 | 18 | Build a hello world example in zephyr and sign it with imgtool.py with the `root-ec-p256.pem` and flash it at `FLASH_AREA_IMAGE_0`. 19 | -------------------------------------------------------------------------------- /ext/tinycrypt-sha512/lib/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: ext/tinycrypt-sha512/lib 21 | pkg.description: "MCUboot's SHA512 for tinycrypt" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | pkg.keywords: 25 | 26 | pkg.src_dirs: 27 | - "source" 28 | 29 | pkg.cflags: 30 | - "-std=c99" 31 | -------------------------------------------------------------------------------- /ext/tinycrypt/.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *~ 3 | *.d 4 | *.exe 5 | *.a 6 | -------------------------------------------------------------------------------- /ext/tinycrypt/AUTHORS: -------------------------------------------------------------------------------- 1 | Architect: 2 | Rafael Misoczki 3 | 4 | Open Source Maintainer: 5 | Constanza Heath 6 | Rafael Misoczki 7 | 8 | Contributors: 9 | Constanza Heath 10 | Rafael Misoczki 11 | Flavio Santes 12 | Jarkko Sakkinen 13 | Chris Morrison 14 | Marti Bolivar 15 | Colin Ian King 16 | -------------------------------------------------------------------------------- /ext/tinycrypt/Makefile: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 4 | # 5 | # Global Makefile. 6 | # See lib/Makefile and tests/Makefile for further configuration. 7 | # 8 | ################################################################################ 9 | include config.mk 10 | 11 | all: 12 | $(MAKE) -C lib 13 | ifeq ($(ENABLE_TESTS),true) 14 | $(MAKE) -C tests 15 | endif 16 | 17 | clean: 18 | $(MAKE) -C lib clean 19 | $(MAKE) -C tests clean 20 | $(RM) *~ 21 | 22 | -------------------------------------------------------------------------------- /ext/tinycrypt/VERSION: -------------------------------------------------------------------------------- 1 | 0.2.8 2 | -------------------------------------------------------------------------------- /ext/tinycrypt/config.mk: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 4 | # 5 | # Global configuration Makefile. Included everywhere. 6 | # 7 | ################################################################################ 8 | 9 | # EDIT HERE: 10 | CC:=gcc 11 | CFLAGS:=-Os -std=c99 -Wall -Wextra -D_ISOC99_SOURCE -MMD -I../lib/include/ -I../lib/source/ -I../tests/include/ 12 | vpath %.c ../lib/source/ 13 | ENABLE_TESTS=true 14 | 15 | # override MinGW built-in recipe 16 | %.o: %.c 17 | $(COMPILE.c) $(OUTPUT_OPTION) $< 18 | 19 | ifeq ($(OS),Windows_NT) 20 | DOTEXE:=.exe 21 | endif 22 | 23 | # DO NOT EDIT AFTER THIS POINT: 24 | ifeq ($(ENABLE_TESTS), true) 25 | CFLAGS += -DENABLE_TESTS 26 | else 27 | CFLAGS += -DDISABLE_TESTS 28 | endif 29 | 30 | export CC 31 | export CFLAGS 32 | export VPATH 33 | export ENABLE_TESTS 34 | 35 | ################################################################################ 36 | -------------------------------------------------------------------------------- /ext/tinycrypt/lib/Makefile: -------------------------------------------------------------------------------- 1 | ################################################################################ 2 | # 3 | # Copyright (C) 2017 by Intel Corporation, All Rights Reserved. 4 | # 5 | # Cryptographic Primitives Makefile. 6 | # 7 | ################################################################################ 8 | 9 | include ../config.mk 10 | 11 | # Edit the OBJS content to add/remove primitives needed from TinyCrypt library: 12 | OBJS:=aes_decrypt.o \ 13 | aes_encrypt.o \ 14 | cbc_mode.o \ 15 | ctr_mode.o \ 16 | ctr_prng.o \ 17 | hmac.o \ 18 | hmac_prng.o \ 19 | sha256.o \ 20 | ecc.o \ 21 | ecc_dh.o \ 22 | ecc_dsa.o \ 23 | ccm_mode.o \ 24 | cmac_mode.o \ 25 | utils.o 26 | 27 | DEPS:=$(OBJS:.o=.d) 28 | 29 | all: libtinycrypt.a 30 | 31 | libtinycrypt.a: $(OBJS) 32 | $(AR) $(ARFLAGS) $@ $^ 33 | 34 | .PHONY: clean 35 | 36 | clean: 37 | -$(RM) *.exe $(OBJS) $(DEPS) *~ libtinycrypt.a 38 | 39 | -include $(DEPS) 40 | -------------------------------------------------------------------------------- /ext/tinycrypt/lib/pkg.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | pkg.name: ext/tinycrypt/lib 21 | pkg.description: "MCUboot's bundled tinycrypt" 22 | pkg.author: "Apache Mynewt " 23 | pkg.homepage: "http://mynewt.apache.org/" 24 | pkg.keywords: 25 | 26 | pkg.src_dirs: 27 | - "source" 28 | 29 | pkg.cflags: 30 | - "-std=c99" 31 | -------------------------------------------------------------------------------- /ext/tinycrypt/tests/pseudo-random-data.bin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nrfconnect/sdk-mcuboot/b37f58b7fa7221fe2fd4e9d0ca0a2567e5279bc0/ext/tinycrypt/tests/pseudo-random-data.bin -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/mcu-tools/mcuboot 2 | 3 | go 1.14 4 | -------------------------------------------------------------------------------- /project.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | project.name: "mcuboot" 21 | 22 | project.repositories: 23 | - apache-mynewt-core 24 | 25 | # Use github's distribution mechanism for core ASF libraries. 26 | # This provides mirroring automatically for us. 27 | repository.apache-mynewt-core: 28 | type: github 29 | vers: 0-dev 30 | user: apache 31 | repo: mynewt-core 32 | -------------------------------------------------------------------------------- /ptest/.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | .*.swp 3 | -------------------------------------------------------------------------------- /ptest/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "ptest" 3 | version = "0.1.0" 4 | authors = ["david.brown"] 5 | edition = "2018" 6 | 7 | [dependencies] 8 | chrono = "0.4" 9 | env_logger = "0.9.0" 10 | failure = "0.1.8" 11 | log = "0.4.17" 12 | num_cpus = "1.13.1" 13 | std-semaphore = "0.1" 14 | yaml-rust = "0.4" 15 | 16 | [dependencies.clap] 17 | version = "4.0" 18 | features = ["derive"] 19 | -------------------------------------------------------------------------------- /root-ec-p256-pkcs8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg15jVL4MBJDvTVCt+ 3 | Ve1MdGEZALD5UFqCT+Ho7AY7z/GhRANCAAQqy0A86P7tW6RJlaGpHa7o274ZN80U 4 | +y8kVzfllTmI2ZS51lrr183VMIrW/kiySmqBDuXwfYtoNMw6avxTjvrB 5 | -----END PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /root-ec-p256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEINeY1S+DASQ701QrflXtTHRhGQCw+VBagk/h6OwGO8/xoAoGCCqGSM49 3 | AwEHoUQDQgAEKstAPOj+7VukSZWhqR2u6Nu+GTfNFPsvJFc35ZU5iNmUudZa69fN 4 | 1TCK1v5IskpqgQ7l8H2LaDTMOmr8U476wQ== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /root-ec-p384-pkcs8.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDC8ZQWjooCCaLQJ9DJN 3 | KMyPoUoFcqGluXGu13Zf526RX6TdRhnkExtL1T7fC13n32ChZANiAAQMdsqucjql 4 | 6PDU8Ra1Au93oRuTYXjACSZ7O0Cc7kmF4MlP5/K6l2zzgmUULPUMczNNMueb00LM 5 | lVrl4vX0bkXg7SA1XK9SNYHU3JzjniI++z8iENpwAzetqPJI/jpgaaU= 6 | -----END PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /root-ec-p384.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MIGkAgEBBDC8ZQWjooCCaLQJ9DJNKMyPoUoFcqGluXGu13Zf526RX6TdRhnkExtL 3 | 1T7fC13n32CgBwYFK4EEACKhZANiAAQMdsqucjql6PDU8Ra1Au93oRuTYXjACSZ7 4 | O0Cc7kmF4MlP5/K6l2zzgmUULPUMczNNMueb00LMlVrl4vX0bkXg7SA1XK9SNYHU 5 | 3JzjniI++z8iENpwAzetqPJI/jpgaaU= 6 | -----END EC PRIVATE KEY----- 7 | -------------------------------------------------------------------------------- /root-ed25519.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MC4CAQAwBQYDK2VwBCIEICjJcMmhqKi8d3hoYtLnbQ1DCitXyHz8N5BLy6rIdMvY 3 | -----END PRIVATE KEY----- 4 | -------------------------------------------------------------------------------- /samples/compression_test/README.txt: -------------------------------------------------------------------------------- 1 | Independent LZMA test 2 | --------------------- 3 | 4 | This tool finds and extracts compressed stream, decompresses it and verifies if 5 | decompressed one is identical as before compression. 6 | 7 | Building and running: 8 | 9 | change directory to the top of the repos: 10 | 11 | cd $ZEPHYR_BASE 12 | cd .. 13 | 14 | build tool: 15 | 16 | g++ bootloader/mcuboot/samples/compression_test/independent_cmp.c -o indcmp 17 | 18 | build example application: 19 | 20 | west build -b nrf54l15dk/nrf54l15/cpuapp -p 21 | -s zephyr/samples/hello_world/ -- 22 | -DSB_CONFIG_BOOTLOADER_MCUBOOT=y 23 | -DSB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y 24 | -DSB_CONFIG_MCUBOOT_COMPRESSED_IMAGE_SUPPORT=y 25 | 26 | 27 | compare application image with the one carried by signed binary: 28 | 29 | ./indcmp build/hello_world/zephyr/zephyr.signed.bin 30 | build/hello_world/zephyr/zephyr.bin 31 | 32 | note: order of arguments matter. Compressed goes first. 33 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/app/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: Apache-2.0 2 | 3 | cmake_minimum_required(VERSION 3.20.0) 4 | 5 | find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) 6 | project(non_flash_backend_app) 7 | 8 | if(NOT DEFINED FROM_WHO) 9 | set(FROM_WHO Zephyr) 10 | endif() 11 | 12 | target_compile_definitions(app PRIVATE "-DMCUBOOT_HELLO_WORLD_FROM=\"${FROM_WHO}\"") 13 | 14 | target_sources(app PRIVATE src/main.c) 15 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/app/boards/frdm_k64f.overlay: -------------------------------------------------------------------------------- 1 | / { 2 | chosen { 3 | zephyr,code-partition = &slot0_partition; 4 | }; 5 | }; 6 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/app/prj.conf: -------------------------------------------------------------------------------- 1 | CONFIG_BOOTLOADER_MCUBOOT=y 2 | 3 | CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="./bootloader/mcuboot/root-rsa-2048.pem" 4 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/app/sample.yaml: -------------------------------------------------------------------------------- 1 | sample: 2 | name: Runtime source target 3 | description: Application loaded from mcuboot using runtime source hooks 4 | common: 5 | build_only: true 6 | tests: 7 | sample.zephyr.runtime_source.app: 8 | tags: samples tests runtime_source 9 | platform_allow: 10 | - frdm_k64f 11 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/app/src/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2024 Intel Corporation 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | int main(void) 11 | { 12 | printk("Hello World from %s on %s, slot %s!\n", 13 | MCUBOOT_HELLO_WORLD_FROM, CONFIG_BOARD, 14 | DT_PROP(DT_CHOSEN(zephyr_code_partition), label)); 15 | } 16 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/hooks/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | zephyr_library() 2 | zephyr_library_sources(hooks.c) 3 | zephyr_library_link_libraries(MCUBOOT_BOOTUTIL) 4 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/hooks/zephyr/module.yml: -------------------------------------------------------------------------------- 1 | name: testmod 2 | build: 3 | cmake: . 4 | -------------------------------------------------------------------------------- /samples/runtime-source/zephyr/sample.conf: -------------------------------------------------------------------------------- 1 | CONFIG_FLASH_RUNTIME_SOURCES=y 2 | CONFIG_SINGLE_APPLICATION_SLOT=y 3 | CONFIG_BOOT_SIGNATURE_TYPE_RSA=y 4 | CONFIG_TEST_RANDOM_GENERATOR=y 5 | CONFIG_ENTROPY_GENERATOR=y 6 | 7 | CONFIG_BOOT_GO_HOOKS=y 8 | CONFIG_BOOT_FLASH_AREA_HOOKS=y 9 | -------------------------------------------------------------------------------- /samples/zephyr/.gitignore: -------------------------------------------------------------------------------- 1 | *.bin 2 | test-images.zip 3 | -------------------------------------------------------------------------------- /samples/zephyr/README.md: -------------------------------------------------------------------------------- 1 | # Zephyr sample application. 2 | 3 | In order to successfully deploy an application using MCUboot, it is 4 | necessary to build at least one other binary: the application itself. 5 | It is beyond the scope of this documentation to describe what an 6 | application is able to do, however a working example is certainly 7 | useful. 8 | 9 | Please see the comments in the Makefile in this directory for more 10 | details on how to build and test this application. 11 | 12 | Note that this sample uses the "ninja" build tool, which can be 13 | installed on most systems using the system package manager, e.g., for 14 | a Debian-based distro: 15 | 16 | ``` 17 | $ sudo apt-get install ninja 18 | ``` 19 | 20 | or in Fedora: 21 | 22 | ``` 23 | $ sudo dnf install ninja 24 | ``` 25 | -------------------------------------------------------------------------------- /samples/zephyr/bad-keys/README.md: -------------------------------------------------------------------------------- 1 | # Bad keys for testing 2 | 3 | This directory contains some alternate keys that can be used for 4 | testing. Signing the images with either of these keys, but leaving 5 | the demo keys's public keys in the bootloader should result in it not 6 | upgrading, or not booting. 7 | -------------------------------------------------------------------------------- /samples/zephyr/bad-keys/bad-ec-p256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEILmqmiH6y3EGhLkTcnNtU7hZ1wnc51MIL53npseRX7vJoAoGCCqGSM49 3 | AwEHoUQDQgAEcX9ExNjZfsckp6AdutjPjVJsvP6ZZkKfLsGnRpKR+9OpO9/qmJHs 4 | ks+ZXo70SEANjWnNlxKNAVci8aUm8UskLw== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /samples/zephyr/build-boot.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Build the bootloader. 4 | 5 | # In order to build successfully, ZEPHYR_SDK_INSTALL_DIR and 6 | # ZEPHYR_GCC_VARIANT need to be set, as well as zephyr/zephyr-env.sh 7 | # must be sourced. 8 | 9 | die() { 10 | echo error: "$@" 11 | exit 1 12 | } 13 | 14 | if [ -z "$ZEPHYR_BASE" ]; then 15 | die "Please setup for a Zephyr build before running this script." 16 | fi 17 | 18 | if [ -z "$BOARD" ]; then 19 | die "Please set BOARD to a valid board before running this script." 20 | fi 21 | 22 | make BOARD=${BOARD} -j$(nproc) boot || die "Build mcuboot" 23 | -------------------------------------------------------------------------------- /samples/zephyr/build-hello.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | # Build the Sample hello program 4 | 5 | # In order to build successfully, ZEPHYR_SDK_INSTALL_DIR and 6 | # ZEPHYR_GCC_VARIANT need to be set, as well as zephyr/zephyr-env.sh 7 | # must be sourced. 8 | 9 | die() { 10 | echo error: "$@" 11 | exit 1 12 | } 13 | 14 | if [ -z "$ZEPHYR_BASE" ]; then 15 | die "Please setup for a Zephyr build before running this script." 16 | fi 17 | 18 | if [ -z "$BOARD" ]; then 19 | die "Please set BOARD to a valid board before running this script." 20 | fi 21 | 22 | make BOARD=${BOARD} -j$(nproc) hello1 || die "Build hello1" 23 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Top-level CMakeLists.txt for the skeleton application. 2 | # 3 | # Copyright (c) 2017 Open Source Foundries Limited 4 | # Copyright (c) 2018 Foundries.io Ltd 5 | # 6 | # SPDX-License-Identifier: Apache-2.0 7 | # 8 | # This provides a basic application structure suitable for loading by 9 | # mcuboot, which is easy to customize on a per-board basis. It can be 10 | # used as a starting point for new applications. 11 | 12 | cmake_minimum_required(VERSION 3.8) 13 | 14 | # find_package(Zephyr) in order to load application boilerplate: 15 | # https://docs.zephyrproject.org/latest/develop/application/index.html 16 | find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) 17 | project(NONE) 18 | 19 | # This string ends up getting printed in the device console 20 | if (NOT DEFINED FROM_WHO) 21 | set(FROM_WHO Zephyr) 22 | endif() 23 | 24 | target_compile_definitions(app PRIVATE "-DMCUBOOT_HELLO_WORLD_FROM=\"${FROM_WHO}\"") 25 | 26 | target_sources(app PRIVATE src/main.c) 27 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/README.rst: -------------------------------------------------------------------------------- 1 | This is a "Hello world" skeleton application which can be used as a 2 | starting point for Zephyr application development using mcuboot. 3 | 4 | It includes the configuration "glue" needed to make the application 5 | loadable by mcuboot in addition to a basic Zephyr hello world 6 | application's code. 7 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/boards/.gitignore: -------------------------------------------------------------------------------- 1 | *-local.conf 2 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/boards/README.rst: -------------------------------------------------------------------------------- 1 | You can place per-board configuration here. See the comments in the 2 | CMakeLists.txt for more information. 3 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/prj.conf: -------------------------------------------------------------------------------- 1 | # Print a banner on the UART on startup. 2 | CONFIG_BOOT_BANNER=y 3 | 4 | # Enable console and printk() 5 | CONFIG_PRINTK=y 6 | CONFIG_STDOUT_CONSOLE=y 7 | 8 | # Enable Zephyr application to be booted by MCUboot 9 | CONFIG_BOOTLOADER_MCUBOOT=y 10 | 11 | # Use the default MCUBoot PEM key file (BOOT_SIGNATURE_KEY_FILE) 12 | CONFIG_MCUBOOT_SIGNATURE_KEY_FILE="bootloader/mcuboot/root-rsa-2048.pem" 13 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/sample.yaml: -------------------------------------------------------------------------------- 1 | sample: 2 | name: Application Skeleton 3 | description: Basic "hello world" application, but loadable by mcuboot 4 | platforms: all 5 | common: 6 | sysbuild: true 7 | tests: 8 | - test: 9 | build_only: true 10 | tags: samples tests 11 | min_ram: 16 12 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/src/Makefile: -------------------------------------------------------------------------------- 1 | obj-y = main.o 2 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/src/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2017 Linaro, Ltd. 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | int main(void) 11 | { 12 | printk("Hello World from %s on %s!\n", 13 | MCUBOOT_HELLO_WORLD_FROM, CONFIG_BOARD); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /samples/zephyr/hello-world/sysbuild.conf: -------------------------------------------------------------------------------- 1 | # Enable the bootloader when building with sysbuild. 2 | SB_CONFIG_BOOTLOADER_MCUBOOT=y 3 | -------------------------------------------------------------------------------- /samples/zephyr/overlay-ecdsa-p256.conf: -------------------------------------------------------------------------------- 1 | # Kconfig overlay for building with ECDSA-P256 signatures 2 | CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y 3 | CONFIG_BOOT_SIGNATURE_KEY_FILE="root-ec-p256.pem" 4 | CONFIG_BOOT_SWAP_USING_MOVE=y 5 | -------------------------------------------------------------------------------- /samples/zephyr/overlay-rsa.conf: -------------------------------------------------------------------------------- 1 | # Kconfig overlay for building with RSA signatures 2 | CONFIG_BOOT_SIGNATURE_TYPE_RSA=y 3 | CONFIG_BOOT_SWAP_USING_MOVE=y 4 | -------------------------------------------------------------------------------- /samples/zephyr/overlay-skip-primary-slot-validate.conf: -------------------------------------------------------------------------------- 1 | # Kconfig overlay for building without validating primary slot. 2 | 3 | # CONFIG_BOOT_VALIDATE_SLOT0 is not set 4 | CONFIG_BOOT_SWAP_USING_MOVE=y 5 | -------------------------------------------------------------------------------- /samples/zephyr/overlay-upgrade-only.conf: -------------------------------------------------------------------------------- 1 | # Kconfig overlay for building in upgrade-only mode. 2 | CONFIG_BOOT_UPGRADE_ONLY=y 3 | -------------------------------------------------------------------------------- /samples/zephyr/run-tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Please use the new test runner: go run run-tests.go" 4 | exit 1 5 | -------------------------------------------------------------------------------- /scripts/flash.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | source $(dirname $0)/../target.sh 6 | 7 | lscript=/tmp/flash$$.jlink 8 | 9 | cat >$lscript < $gscript < {}; 14 | let 15 | # Nixpkgs has fairly recent versions of the dependencies, so we can 16 | # rely on them without having to build our own derivations. 17 | imgtoolPythonEnv = python37.withPackages ( 18 | _: [ 19 | python37.pkgs.click 20 | python37.pkgs.cryptography 21 | python37.pkgs.intelhex 22 | python37.pkgs.setuptools 23 | python37.pkgs.cbor2 24 | python37.pkgs.pyyaml 25 | ] 26 | ); 27 | in 28 | myEnvFun { 29 | name = "imgtool"; 30 | 31 | buildInputs = [ imgtoolPythonEnv ]; 32 | } 33 | -------------------------------------------------------------------------------- /scripts/imgtool.py: -------------------------------------------------------------------------------- 1 | #! /usr/bin/env python3 2 | # 3 | # Copyright 2017 Linaro Limited 4 | # 5 | # SPDX-License-Identifier: Apache-2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | 19 | from imgtool import main 20 | 21 | if __name__ == '__main__': 22 | main.imgtool() 23 | -------------------------------------------------------------------------------- /scripts/imgtool/__init__.py: -------------------------------------------------------------------------------- 1 | # Copyright 2017-2020 Linaro Limited 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | imgtool_version = "2.2.0rc1" 18 | -------------------------------------------------------------------------------- /scripts/imgtool/keys/privatebytes.py: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: Apache-2.0 2 | 3 | from cryptography.hazmat.primitives import serialization 4 | 5 | 6 | class PrivateBytesMixin(): 7 | def _get_private_bytes(self, minimal, format, exclass): 8 | if format is None: 9 | format = self._DEFAULT_FORMAT 10 | if format not in self._VALID_FORMATS: 11 | raise exclass("{} does not support {}".format( 12 | self.shortname(), format)) 13 | return format, self.key.private_bytes( 14 | encoding=serialization.Encoding.DER, 15 | format=self._VALID_FORMATS[format], 16 | encryption_algorithm=serialization.NoEncryption()) 17 | -------------------------------------------------------------------------------- /scripts/jgdb.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | source $(dirname $0)/../target.sh 6 | 7 | # Start the jlink gdb server 8 | JLinkGDBServer -if swd -device $SOC -speed auto 9 | -------------------------------------------------------------------------------- /scripts/jl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | 5 | source $(dirname $0)/../target.sh 6 | 7 | JLinkExe -speed auto -si SWD -device $SOC 8 | -------------------------------------------------------------------------------- /scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | cryptography>=40.0.0 2 | intelhex 3 | click 4 | cbor2 5 | setuptools 6 | pyyaml 7 | pytest 8 | -------------------------------------------------------------------------------- /scripts/setup.py: -------------------------------------------------------------------------------- 1 | # SPDX-License-Identifier: Apache-2.0 2 | 3 | import setuptools 4 | 5 | from imgtool import imgtool_version 6 | 7 | setuptools.setup( 8 | name="imgtool", 9 | version=imgtool_version, 10 | author="The MCUboot committers", 11 | author_email="mcuboot@groups.io", 12 | description=("MCUboot's image signing and key management"), 13 | license="Apache Software License", 14 | url="http://github.com/mcu-tools/mcuboot", 15 | packages=setuptools.find_packages(), 16 | python_requires='>=3.6', 17 | install_requires=[ 18 | 'cryptography>=40.0.0', 19 | 'intelhex>=2.2.1', 20 | 'click', 21 | 'cbor2', 22 | 'pyyaml', 23 | ], 24 | entry_points={ 25 | "console_scripts": ["imgtool=imgtool.main:imgtool"] 26 | }, 27 | classifiers=[ 28 | "Programming Language :: Python :: 3", 29 | "Development Status :: 4 - Beta", 30 | "Topic :: Software Development :: Build Tools", 31 | "License :: OSI Approved :: Apache Software License", 32 | ], 33 | ) 34 | -------------------------------------------------------------------------------- /sim/.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | .*.swp 3 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/.gitignore: -------------------------------------------------------------------------------- 1 | Cargo.lock 2 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/bootsim.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 2 | /* 3 | * Licensed to the Apache Software Foundation (ASF) under one 4 | * or more contributor license agreements. See the NOTICE file 5 | * distributed with this work for additional information 6 | * regarding copyright ownership. The ASF licenses this file 7 | * to you under the Apache License, Version 2.0 (the 8 | * "License"); you may not use this file except in compliance 9 | * with the License. You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, 14 | * software distributed under the License is distributed on an 15 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | * KIND, either express or implied. See the License for the 17 | * specific language governing permissions and limitations 18 | * under the License. 19 | */ 20 | 21 | #ifndef H_BOOTSIM_ 22 | #define H_BOOTSIM_ 23 | 24 | #include "mcuboot_config/mcuboot_assert.h" 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/config-ec-psa.h: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Copyright (c) 2023 Arm Limited 5 | */ 6 | 7 | #ifndef MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA 8 | #define MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA 9 | 10 | #if defined(MCUBOOT_USE_PSA_CRYPTO) 11 | #include "config-add-psa-crypto.h" 12 | #endif 13 | 14 | #define MBEDTLS_ECP_C 15 | #define MBEDTLS_ECP_NIST_OPTIM 16 | #define MBEDTLS_ECDSA_C 17 | 18 | /* mbed TLS modules */ 19 | #define MBEDTLS_ASN1_PARSE_C 20 | #define MBEDTLS_ASN1_WRITE_C 21 | #define MBEDTLS_AES_C 22 | #define MBEDTLS_BIGNUM_C 23 | #define MBEDTLS_MD_C 24 | #define MBEDTLS_OID_C 25 | #if defined(MCUBOOT_SIGN_EC384) 26 | #define MBEDTLS_SHA384_C 27 | #define MBEDTLS_SHA512_C 28 | #define MBEDTLS_ECP_DP_SECP384R1_ENABLED 29 | #else 30 | #define MBEDTLS_SHA256_C 31 | #define MBEDTLS_SHA224_C 32 | #define MBEDTLS_ECP_DP_SECP256R1_ENABLED 33 | #endif /* MCUBOOT_SIGN_EC384 */ 34 | 35 | #endif /* MCUBOOT_PSA_CRYPTO_CONFIG_ECDSA */ 36 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/devicetree.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | /* This file mocks zephyr's flash map / DT macro */ 8 | 9 | #ifndef __DEVICETREE_H__ 10 | #define __DEVICETREE_H__ 11 | 12 | #define FLASH_AREA_ID(x) FLASH_AREA_ID_##x 13 | 14 | #define FLASH_AREA_ID_image_0 1 15 | #define FLASH_AREA_ID_image_1 2 16 | #define FLASH_AREA_ID_image_scratch 3 17 | #define FLASH_AREA_ID_image_2 4 18 | #define FLASH_AREA_ID_image_3 5 19 | 20 | #endif /*__DEVICETREE_H__*/ 21 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/flash_map_backend/flash_map_backend.h: -------------------------------------------------------------------------------- 1 | #ifndef __FLASH_MAP_BACKEND_H__ 2 | #define __FLASH_MAP_BACKEND_H__ 3 | 4 | #include 5 | 6 | static inline uint32_t flash_area_get_off(const struct flash_area *fa) 7 | { 8 | return (uint32_t)fa->fa_off; 9 | } 10 | 11 | static inline uint32_t flash_area_get_size(const struct flash_area *fa) 12 | { 13 | return (uint32_t)fa->fa_size; 14 | } 15 | 16 | static inline uint32_t flash_sector_get_off(const struct flash_sector *fs) 17 | { 18 | return fs->fs_off; 19 | } 20 | 21 | static inline uint32_t flash_sector_get_size(const struct flash_sector *fs) 22 | { 23 | return fs->fs_size; 24 | } 25 | 26 | #define FLASH_DEVICE_ID 0 27 | 28 | static inline uint8_t flash_area_get_device_id(const struct flash_area *fa) 29 | { 30 | return fa->fa_device_id; 31 | } 32 | 33 | static inline uint8_t flash_area_get_id(const struct flash_area *fa) 34 | { 35 | return fa->fa_id; 36 | } 37 | 38 | #endif /* __FLASH_MAP_BACKEND_H__*/ 39 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_assert.h: -------------------------------------------------------------------------------- 1 | // SPDX-License-Identifier: Apache-2.0 2 | /* 3 | * Licensed to the Apache Software Foundation (ASF) under one 4 | * or more contributor license agreements. See the NOTICE file 5 | * distributed with this work for additional information 6 | * regarding copyright ownership. The ASF licenses this file 7 | * to you under the Apache License, Version 2.0 (the 8 | * "License"); you may not use this file except in compliance 9 | * with the License. You may obtain a copy of the License at 10 | * 11 | * http://www.apache.org/licenses/LICENSE-2.0 12 | * 13 | * Unless required by applicable law or agreed to in writing, 14 | * software distributed under the License is distributed on an 15 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 | * KIND, either express or implied. See the License for the 17 | * specific language governing permissions and limitations 18 | * under the License. 19 | */ 20 | 21 | #ifndef __MCUBOOT_ASSERT_H__ 22 | #define __MCUBOOT_ASSERT_H__ 23 | 24 | #include 25 | void sim_assert(int, const char *test, const char *, unsigned int, const char *); 26 | #define ASSERT(x) sim_assert((x), #x, __FILE__, __LINE__, __func__) 27 | 28 | #endif /* __MCUBOOT_ASSERT_H__ */ 29 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/mcuboot_config/mcuboot_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef __MCUBOOT_CONFIG_H__ 8 | #define __MCUBOOT_CONFIG_H__ 9 | 10 | /* 11 | * This file is included by the simulator, but we don't want to 12 | * define almost anything here. 13 | * 14 | * Instead of using mcuboot_config.h, the simulator adds MCUBOOT_xxx 15 | * configuration flags to the compiler command lines based on the 16 | * values of environment variables. However, the file still must 17 | * exist, or bootutil won't build. 18 | */ 19 | 20 | #define MCUBOOT_WATCHDOG_FEED() \ 21 | do { \ 22 | } while (0) 23 | 24 | #define MCUBOOT_CPU_IDLE() \ 25 | do { \ 26 | } while (0) 27 | 28 | #endif /* __MCUBOOT_CONFIG_H__ */ 29 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/os/os_heap.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef H_OS_HEAP_ 8 | #define H_OS_HEAP_ 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/os/os_malloc.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2022 Nordic Semiconductor ASA 3 | * 4 | * SPDX-License-Identifier: Apache-2.0 5 | */ 6 | 7 | #ifndef H_OS_MALLOC_ 8 | #define H_OS_MALLOC_ 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /sim/mcuboot-sys/csupport/psa_crypto_init_stub.c: -------------------------------------------------------------------------------- 1 | /* 2 | * SPDX-License-Identifier: Apache-2.0 3 | * 4 | * Copyright (c) 2023 Arm Limited 5 | */ 6 | 7 | /* This file, and the methods within are required when PSA Crypto API is enabled 8 | * (--features psa-crypto-api), but the selected combination of features does 9 | * not rely on any PSA Crypto APIs, and will not be adding any of them to the build. 10 | */ 11 | 12 | #include 13 | 14 | int psa_crypto_init() 15 | { 16 | BOOT_LOG_SIM("psa_crypto_init() is being stubbed.\n"); 17 | return 0; 18 | } 19 | 20 | void mbedtls_test_enable_insecure_external_rng(){ 21 | BOOT_LOG_SIM("mbedtls_test_enable_insecure_external_rng() is being stubbed.\n"); 22 | } 23 | -------------------------------------------------------------------------------- /sim/simflash/.gitignore: -------------------------------------------------------------------------------- 1 | Cargo.lock 2 | -------------------------------------------------------------------------------- /sim/simflash/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "simflash" 3 | version = "0.1.0" 4 | authors = ["David Brown "] 5 | edition = "2021" 6 | 7 | [dependencies] 8 | rand = "0.8" 9 | log = "0.4" 10 | thiserror = "1.0" 11 | -------------------------------------------------------------------------------- /sim/src/ed25519_pub_key-rs.txt: -------------------------------------------------------------------------------- 1 | static ED25519_PUB_KEY: &[u8] = &[ 2 | 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 3 | 0x70, 0x03, 0x21, 0x00, 0xd4, 0xb3, 0x1b, 0xa4, 4 | 0x9a, 0x3a, 0xdd, 0x3f, 0x82, 0x5d, 0x10, 0xca, 5 | 0x7f, 0x31, 0xb5, 0x0b, 0x0d, 0xe8, 0x7f, 0x37, 6 | 0xcc, 0xc4, 0x9f, 0x1a, 0x40, 0x3a, 0x5c, 0x13, 7 | 0x20, 0xff, 0xb4, 0xe0, 8 | ]; 9 | -------------------------------------------------------------------------------- /sim/src/main.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017-2019 Linaro LTD 2 | // Copyright (c) 2017-2019 JUUL Labs 3 | // 4 | // SPDX-License-Identifier: Apache-2.0 5 | 6 | fn main() { 7 | env_logger::init(); 8 | 9 | bootsim::main(); 10 | } 11 | -------------------------------------------------------------------------------- /sim/src/testlog.rs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2017 Linaro LTD 2 | // Copyright (c) 2019 JUUL Labs 3 | // 4 | // SPDX-License-Identifier: Apache-2.0 5 | 6 | //! Logging support for the test framework. 7 | //! 8 | //! https://stackoverflow.com/questions/30177845/how-to-initialize-the-logger-for-integration-tests 9 | //! 10 | //! The test framework runs the tests, possibly simultaneously, and in various orders. This helper 11 | //! function, which should be called at the beginning of each test, will setup logging for all of 12 | //! the tests. 13 | 14 | use std::sync::Once; 15 | 16 | static INIT: Once = Once::new(); 17 | 18 | /// Setup the logging system. Intended to be called at the beginning of each test. 19 | pub fn setup() { 20 | INIT.call_once(|| { 21 | env_logger::init(); 22 | }); 23 | } 24 | -------------------------------------------------------------------------------- /sim/src/utils.rs: -------------------------------------------------------------------------------- 1 | // SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD 2 | // 3 | // SPDX-License-Identifier: Apache-2.0 4 | 5 | //! Utility functions used throughout MCUboot 6 | 7 | pub fn align_up(num: u32, align: u32) -> u32 { 8 | assert!(align.is_power_of_two()); 9 | 10 | (num + (align - 1)) & !(align - 1) 11 | } 12 | -------------------------------------------------------------------------------- /testplan/mynewt/apps/blinky/syscfg.yml: -------------------------------------------------------------------------------- 1 | syscfg.defs: 2 | BLINKY_TICKS_PER_SEC: 3 | value: 1 4 | 5 | syscfg.vals: 6 | REBOOT_LOG_ENTRY_COUNT: 0 7 | REBOOT_LOG_CONSOLE: 0 8 | SHELL_TASK: 1 9 | -------------------------------------------------------------------------------- /testplan/mynewt/apps/slinky/syscfg.yml: -------------------------------------------------------------------------------- 1 | # Licensed to the Apache Software Foundation (ASF) under one 2 | # or more contributor license agreements. See the NOTICE file 3 | # distributed with this work for additional information 4 | # regarding copyright ownership. The ASF licenses this file 5 | # to you under the Apache License, Version 2.0 (the 6 | # "License"); you may not use this file except in compliance 7 | # with the License. You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, 12 | # software distributed under the License is distributed on an 13 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 14 | # KIND, either express or implied. See the License for the 15 | # specific language governing permissions and limitations 16 | # under the License. 17 | # 18 | 19 | syscfg.defs: 20 | BLINKY_TICKS_PER_SEC: 21 | value: 1 22 | 23 | syscfg.vals: 24 | SHELL_TASK: 1 25 | STATS_NAMES: 1 26 | REBOOT_LOG_FCB: 1 27 | LOG_FCB: 1 28 | CONFIG_FCB: 1 29 | STATS_CLI: 1 30 | LOG_CLI: 1 31 | CONFIG_CLI: 1 32 | STATS_MGMT: 1 33 | LOG_MGMT: 1 34 | CONFIG_MGMT: 1 35 | -------------------------------------------------------------------------------- /testplan/mynewt/key_ec.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MGgCAQEEHKDCA+0fUA9P6MkTZvGlO4IN8kQfMbD4xyt619WgBwYFK4EEACGhPAM6 3 | AASgjFrWmCAa1bnE/X+l0wjKAJFexpJJzhjFZBftv2PQzbj3/yklNVp6IDDJJpWy 4 | V9FGDWkYE8l9sw== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /testplan/mynewt/key_ec256.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEINtq7Uc92lGcI9pcfwU7IEWfjtYKMpG3iSLy8vdn3p0poAoGCCqGSM49 3 | AwEHoUQDQgAEbmhhf9fiyT20CixtsNDO/lS4lq38YIeJQektIcg+HV7Dd/1iX7v7 4 | 2hCnWiOq/AG13HM9N8FFj5A7Zv0rlWacyQ== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /testplan/mynewt/key_ec256_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MHcCAQEEICDt9+UM3LnshnbYzo73AGTWav9ZmRYDydJAarzx4Og8oAoGCCqGSM49 3 | AwEHoUQDQgAEDv6jJOUwhCpzEH3T7yWlAOZRTLIlC0q/JMHyJR0PkPMS+eyq7fEp 4 | hOnAXbCNx5PLyVLR2NSnOU1A6QiLHW1j0A== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /testplan/mynewt/key_ec_2.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN EC PRIVATE KEY----- 2 | MGgCAQEEHCN8/JmSnXMbwvimYU61t5J3BqSog3UD9rszWEugBwYFK4EEACGhPAM6 3 | AATihCbugkqIXekQOh7iZZZPghfS/bQID5ad8FRY1xnL5rBd2nR7gFqTXxV9M9tF 4 | EJFA+MwFnIbgng== 5 | -----END EC PRIVATE KEY----- 6 | -------------------------------------------------------------------------------- /testplan/mynewt/keys/ec256/pkg.yml: -------------------------------------------------------------------------------- 1 | pkg.name: keys/ec256 2 | pkg.author: "Apache Mynewt " 3 | pkg.homepage: "http://mynewt.apache.org/" 4 | -------------------------------------------------------------------------------- /testplan/mynewt/keys/ec256/src/keys.c: -------------------------------------------------------------------------------- 1 | #include 2 | static unsigned char key[] = { 3 | 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 4 | 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 5 | 0x42, 0x00, 0x04, 0x6e, 0x68, 0x61, 0x7f, 0xd7, 0xe2, 0xc9, 0x3d, 0xb4, 6 | 0x0a, 0x2c, 0x6d, 0xb0, 0xd0, 0xce, 0xfe, 0x54, 0xb8, 0x96, 0xad, 0xfc, 7 | 0x60, 0x87, 0x89, 0x41, 0xe9, 0x2d, 0x21, 0xc8, 0x3e, 0x1d, 0x5e, 0xc3, 8 | 0x77, 0xfd, 0x62, 0x5f, 0xbb, 0xfb, 0xda, 0x10, 0xa7, 0x5a, 0x23, 0xaa, 9 | 0xfc, 0x01, 0xb5, 0xdc, 0x73, 0x3d, 0x37, 0xc1, 0x45, 0x8f, 0x90, 0x3b, 10 | 0x66, 0xfd, 0x2b, 0x95, 0x66, 0x9c, 0xc9 11 | }; 12 | static unsigned int key_len = 91; 13 | const struct bootutil_key bootutil_keys[] = { 14 | [0] = { 15 | .key = key, 16 | .len = &key_len, 17 | }, 18 | }; 19 | const int bootutil_key_cnt = 1; 20 | -------------------------------------------------------------------------------- /testplan/mynewt/keys/pkg.yml: -------------------------------------------------------------------------------- 1 | pkg.name: keys 2 | pkg.author: "Apache Mynewt " 3 | pkg.homepage: "http://mynewt.apache.org/" 4 | 5 | pkg.deps.BOOTUTIL_SIGN_RSA: 6 | - keys/rsa 7 | 8 | pkg.deps.BOOTUTIL_SIGN_EC256: 9 | - keys/ec256 10 | -------------------------------------------------------------------------------- /testplan/mynewt/keys/rsa/pkg.yml: -------------------------------------------------------------------------------- 1 | pkg.name: keys/rsa 2 | pkg.author: "Apache Mynewt " 3 | pkg.homepage: "http://mynewt.apache.org/" 4 | -------------------------------------------------------------------------------- /testplan/mynewt/project.yml: -------------------------------------------------------------------------------- 1 | # 2 | # Licensed to the Apache Software Foundation (ASF) under one 3 | # or more contributor license agreements. See the NOTICE file 4 | # distributed with this work for additional information 5 | # regarding copyright ownership. The ASF licenses this file 6 | # to you under the Apache License, Version 2.0 (the 7 | # "License"); you may not use this file except in compliance 8 | # with the License. You may obtain a copy of the License at 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, 13 | # software distributed under the License is distributed on an 14 | # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 | # KIND, either express or implied. See the License for the 16 | # specific language governing permissions and limitations 17 | # under the License. 18 | # 19 | 20 | project.name: "mcuboot-test" 21 | 22 | project.repositories: 23 | - apache-mynewt-core 24 | - mcuboot 25 | 26 | repository.apache-mynewt-core: 27 | type: github 28 | vers: 0-dev 29 | user: apache 30 | repo: mynewt-core 31 | 32 | repository.mcuboot: 33 | type: github 34 | vers: 0-dev 35 | user: mcu-tools 36 | repo: mcuboot 37 | -------------------------------------------------------------------------------- /zephyr/module.yml: -------------------------------------------------------------------------------- 1 | samples: 2 | - boot/zephyr 3 | build: 4 | cmake-ext: True 5 | kconfig-ext: True 6 | sysbuild-cmake: boot/zephyr/sysbuild 7 | package-managers: 8 | pip: 9 | requirement-files: 10 | - zephyr/requirements.txt 11 | -------------------------------------------------------------------------------- /zephyr/requirements.txt: -------------------------------------------------------------------------------- 1 | cbor>=1.0.0 2 | imgtool>=2.1.0 3 | --------------------------------------------------------------------------------