Lines Matching +full:- +full:a

3 - Table of Contents
8 - Boot serial: Add response to echo command if support is not
12 - Added support for using builtin keys for image validation
14 - Enforce that TLV entries that should be protected are.
16 - bootutil: Fixed issue with comparing sector sizes for
20 - bootutil: Added debug logging to show write location of swap status
22 a given board.
23 - Update ptest to support test selection. Ptest can now be invoked with `list`
24 to show the available tests and `run` to run them. The `-t` argument will
26 - Allow sim tests to skip slow tests. By setting `MCUBOOT_SKIP_SLOW_TESTS` in
31 - Zephyr: Fixes support for disabling instruction/data caches prior
32 to chain-loading an application, this will be automatically
35 - Zephyr: Fix issue with single application slot mode, serial
38 - Zephyr: Add estimated image footer size to cache in sysbuild.
39 - Added firmware loader configuration type support for Zephyr, this
40 allows for a single application slot and firmware loader image in
43 - Zephyr: Remove deprecated ZEPHYR_TRY_MASS_ERASE Kconfig option.
44 - Zephyr: Prevent MBEDTLS Kconfig selection when tinycrypt is used.
45 - Zephyr: Add USB CDC serial recovery check that now causes a build
48 - Zephyr: Add USB CDC serial recovery check that now causes a build
52 - Use general flash operations to determine the flash reset vector. This
53 improves support a bit for some configurations of external flash.
54 - fix a memory leak in the HKDF implementation.
55 - Zephyr: Added a MCUboot banner which displays the version of
62 Note that this release, 2.0.0 is a new major number, and contains a small API
76 - Add error when flash device fails to open.
77 - Panic bootloader when flash device fails to open.
78 - Fixed issue with serial recovery not showing image details for
80 - Fixes issue with serial recovery in single slot mode wrongly
82 - CDDL auto-generated function code has been replaced with zcbor function
84 - Added currently running slot ID and maximum application size to
86 - Make the ECDSA256 TLV curve agnostic and rename it to ECDSA_SIG.
87 - imgtool: add P384 support along with SHA384.
88 - espressif: refactor after removing IDF submodule
89 - espressif: add ESP32-C6, ESP32-C2 and ESP32-H2 new chips support
90 - espressif: adjustments after IDF v5.1 compatibility, secure boot build and memory map organization
91 - Serial recovery image state and image set state optional commands added
92 - imgtool: add 'dumpinfo' command for signed image parsing.
93 - imgtool: add 'getpubhash' command to dump the sha256 hash of the public key
94 - imgtool's getpub can print the output to a file
95 - imgtool can dump the raw versions of the public keys
96 - Drop ECDSA P224 support
97 - Fixed an issue with boot_serial repeats not being processed when
98 output was sent, this would lead to a divergence of commands
101 - Fixed an issue with the boot_serial zcbor setup encoder function
104 - zcbor library files have been updated to version 0.7.0
105 - Reworked boot serial extensions so that they can be used by modules
107 - Removed Zephyr custom img list boot serial extension support.
108 - (Zephyr) Adds support for sharing boot information with
110 - Zephyr no longer builds in optimize for debug mode, this saves a
112 - Reworked image encryption support for Zephyr, static dummy key files
113 are no longer in the code, a pem file must be supplied to extract
115 show a single option for enabling encryption and selecting the key
117 - Serial recovery can now read and handle encrypted seondary slot
119 - Serial recovery with MBEDTLS no longer has undefined operations which
121 - espressif: allow the use of a different toolchain for building
129 - Various fixes to boot serial.
130 - Various fixes to the mbed target.
131 - Various fixes to the Espressif native target.
132 - Various fixes to the Zephyr target.
133 - Workflow improvements with Zephyr CI.
134 - Add multi image support to the espressif esp32 target.
135 - Improvements and corrections to the simulator.
136 - Improve imgtool, including adding 3rd party signing support.
137 - Various fixes to the mynewt target.
138 - Various fixes to the nuttx target.
139 - Dates to dependencies for doc generation.
140 - Add downgrade prevention for modes using swap.
141 - Various general fixes to the boot code.
142 - Prefer swap move on zephyr if the scratch partition is not enabled.
143 - Upgrade fault-injection hardening, improving cases injections are detected.
144 - Add a new flash api `flash_area_get_sector`, along with support for each
145 target, that replaces `flash_area_sector_from_off`. This is a step in cleaning
158 support on some recent targets, and adds support for devices with a
161 This change introduces a potentially incompatible change to the format
164 this value can be increased, which will result in a different magic
167 been tested with a `BOOT_MAX_ALIGN` up to 32 bytes.
171 - Add native flash encryption to Espressif targets
172 - Numerous documentation improvements
173 - Increase coverage of large images in the simulator
174 - Add stm32 watchdog support
175 - Add support for the `mimxrt685_evk` board
176 - Add support for "partial multi-image booting"
177 - Add support for clear image generation with encryption capability to
179 - Fix Zephyr when `CONFIG_BOOT_ENCRYPTION_KEY_FILE` is not defined
180 - Remove zephyr example test running in shell. The Go version is
182 - imgtool: make `--max-align` default reasonable in most cases.
183 - Implement the mcumgr echo command in serial boot mode
194 - Add support for the NuttX RTOS.
195 - Add support for the Espressif ESP32 SDK.
196 - `boot_serial` changed to use cddl-gen, which removes the dependency
198 - Add various hooks to be able to change how image data is accessed.
199 - Cypress supports Mbed TLS for encryption.
200 - Support using Mbed TLS for ECDSA. This can be useful if Mbed TLS is
202 - Add simulator support for testing direct-XIP and ramload.
203 - Support Mbed TLS 3.0. Updates the submodule for Mbed TLS to 3.0.
204 - Enable direct-xip mode in Mbed-OS port.
205 - extract `bootutil_public` library, a common interface for MCUboot
207 - Allow to boot primary image if secondary one is unreachable.
208 - Add AES256 image encryption support.
209 - Add Multiimage boot for direct-xip and ram-load mode.
210 - Cargo files moved to top level, now `cargo test` can be run from the
212 - Fault injection tests use updated TF-M.
213 - Thingy:53 now supports multi-image DFU.
214 - ram load and image encryption can be used together, allowing the
219 - [GHSA-gcxh-546h-phg4](https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-gcxh-546h-phg…
220 has been published. There is not a fix at this time, but a caution
222 the development keys in the repo are never used in a production
227 The 1.7.0 release of MCUboot adds support for the Mbed-OS platform,
228 Equal slots (direct-xip) upgrade mode, RAM loading upgrade mode,
235 - Initial support for the Mbed-OS platform.
236 - Added possibility to enter deep sleep mode after MCUboot app execution
238 - Added hardening against hardware level fault injection and timing attacks.
239 - Introduced Abstract crypto primitives to simplify porting.
240 - Added RAM-load upgrade mode.
241 - Renamed single-image mode to single-slot mode.
242 - Allow larger primary slot in swap-move
243 - Fixed boostrapping in swap-move mode.
244 - Fixed issue causing that interrupted swap-move operation might brick device
246 - Abstracting MCUboot crypto functions for cleaner porting
247 - Droped flash_area_read_is_empty() porting API.
248 - boot/zephyr: Added watchdog feed on nRF devices.
250 - boot/zephyr: Added patch for turning off cache for Cortex M7 before
251 chain-loading.
252 - boot/zephyr: added option to relocate interrupts to application
253 - boot/zephyr: clean ARM core configuration only when selected by user
254 - boot/boot_serial: allow nonaligned last image data chunk
255 - imgtool: added custom TLV support.
256 - imgtool: added possibility to set confirm flag for hex files as well.
257 - imgtool: Print image digest during verify.
259 ### Zephyr-RTOS compatibility
269 X25519 encrypted images, rollback protection, hardware keys, and a
276 - Initial support for the Cypress PSOC6 plaformt. This platform
278 - CBOR decoding in serial recovery replaced by code generated from a
280 - Add support for X25519 encrypted images.
281 - Add rollback protection. There is support for a HW rollback counter
282 (which must be provided as part of the platform), as well as a SW
284 - Add an optional boot record in shared memory to communicate boot
285 attributes to later-run code.
286 - Add support for hardware keys.
287 - Various fixes to work with the latest Zephyr version.
291 - CVE-2020-7595 "xmlStringLenDecodeEntities in parser.c in libxml2
292 2.9.10 has an infinite loop in a certain end-of-file situation." Fix
293 by updating a dependency in documentation generation.
295 ### Zephyr-RTOS compatibility
299 released, there will be a possible 1.6.1 or similar release of Zephyr
302 v1.6.0-zephyr-2.2.1.
307 ECIES with secp256r1 as an Elliptic Curve alternative to RSA-OAEP. A
308 new swap method was added which allows for upgrades without using a
314 - TLVs were updated to use 16-bit lengths (from previous 8). This
315 should work with no changes for little-endian targets, but will
316 break compatibility with big-endian targets.
317 - A benchmark framework was added to Zephyr
318 - ed25519 signature validation can now build without using Mbed TLS
319 by relying on a bundled tinycrypt based sha-512 implementation.
320 - imgtool was updated to correctly detect trailer overruns by image.
321 - Encrypted image TLVs can be saved in swap metadata during a swap
323 - imgtool can dump private keys in C format (getpriv command), which
325 fields from the ASN1 by passing it `--minimal`.
326 - Lots of other smaller bugs fixes.
327 - Added downgrade prevention feature (available when the overwrite-based
332 - TLV size change breaks compatibility with big-endian targets.
336 The 1.4.0 release of MCUboot primarily adds support for multi-image
341 Multi-image support adds backward-incompatible changes to the format
348 - Fixed CVE-2019-5477, and CVE-2019-16892. These fix issue with
350 - Numerous code cleanups and refactorings
351 - Documentation updates for multi-image features
352 - Update imgtool.py to support the new features
353 - Updated the Mbed TLS submodule to current stable version 2.16.3
354 - Moved the Mbed TLS submodule from within sim/mcuboot-sys to ext.
356 - Added some additional overflow and bound checks to data in the image
358 - Add a `-x` (or `--hex_addr`) flag to imgtool to set the base address
359 written to a hex-format image. This allows the image to be flashed
372 - Fixed a revert interruption bug
373 - Added ed25519 signing support
374 - Added RSA-3072 signing support
375 - Allow ec256 to run on CC310 interface
376 - Some preparation work was done to allow for multi image support, which
377 should land in 1.4.0. This includes a simulator update for testing
378 multi-images, and a new name for slot0/slot1 which are now called
380 - Other minor bugfixes and improvements
392 - Modernize the Zephyr build scripts.
393 - Add a `ptest` utility to help run the simulator in different
395 - Migrate the simulator to Rust 2018 edition. The sim now requires at
397 - Simulator cleanups. The simulator code is now built the same way
400 - Abstract logging in MCUboot. This was needed to support the new
402 - Add multiple flash support. Allows slot1/scratch to be stored in an
404 - Add support for [encrypted images](encrypted_images.md).
405 - Add support for flash devices that read as '0' when erased.
406 - Add support to Zephyr for the `nrf52840_pca10059`. This board
408 - imgtool is now also available as a python package on pypi.org.
409 - Add an option to erase flash pages progressively during recovery to
412 - imgtool: big-endian support
413 - imgtool: saves in intel-hex format when output filename has `.hex`
418 The 1.2.0 release of MCUboot brings a lot of fixes/updates, where much of the
425 - imgtool accepts .hex formatted input
426 - Logging system is now configurable
427 - Most Zephyr configuration has been switched to Kconfig
428 - Build system accepts .pem files in build system to autogenerate required
430 - Zephyr build switched to using built-in flash_map and TinyCBOR modules
431 - Serial boot has substantially decreased in space usage after refactorings
432 - Serial boot build doesn't require newlib-c anymore on Zephyr
433 - imgtool updates:
436 overflow the status area, `--slot-size` was added and `--pad` was updated
437 to act as a flag parameter.
438 + `--overwrite-only` can be passed if not using swap upgrades
439 + `--max-sectors` can be used to adjust the maximum amount of sectors that
440 a swap can handle; this value must also be configured for the bootloader
441 + `--pad-header` substitutes `--included-header` with reverted semantics,
450 The 1.1.0 release of MCUboot brings a lot of fixes/updates to its
452 enables a more thorough quality assurance of many of the available
459 - serial recovery functionality support under Zephyr
460 - simulator: lots of refactors were applied, which result in the
463 - imgtool: removed PKCS1.5 support, added support for password
465 - tinycrypt 0.2.8 and the Mbed TLS ASN1 parser are now bundled with
467 - Overwrite-only mode was updated to erase/copy only sectors that
469 - A lot of small code and documentation fixes and updates.
477 The 1.0.0 release of MCUboot introduces a format change. It is
479 pass the `-2` to recent versions of the `newt` tool in order to
485 - Header format change. This change was made to move all of the
488 - The signature to be replaced without changing the image.
489 - Multiple signatures to be applied. This can be used, for example,
492 - The public key is referred to by its SHA1 hash (or a prefix of the
495 - Allow new types of signatures in the future.
496 - Support for PKCS#1 v1.5 signatures has been dropped. All RSA
499 - The source for Tinycrypt has been placed in the MCUboot tree. A
502 Tinycrypt bundled with the OS platform, and use our own version. A
504 - Support for some new targets:
505 - Nordic nRF51 and nRF52832 dev kits
506 - Hexiwear K64
507 - Clearer sample applications have been added under `samples`.
508 - Test plans for [zephyr](testplan-zephyr.md), and
509 [mynewt](testplan-mynewt.md).
510 - The simulator is now able to test RSA signatures.
511 - There is an unimplemented `load_addr` header for future support for
513 - Numerous documentation.
521 This is the first release of MCUboot, a secure bootloader for 32-bit MCUs.
522 It is designed to be operating system-agnostic and works over any transport -
530 - This release supports building with and running Apache Mynewt and Zephyr
532 - RIOT is supported as a running target.
533 - Image integrity is provided with SHA256.
534 - Image originator authenticity is provided supporting the following
536 - RSA 2048 and RSA PKCS#1 v1.5 or v2.1
537 - Elliptic curve DSA with secp224r1 and secp256r1
538 - Two firmware upgrade algorithms are provided:
539 - An overwrite only which upgrades slot 0 with the image in slot 1.
540 - A swapping upgrade which enables image test, allowing for rollback to a
542 - Supports both Mbed TLS and tinycrypt as backend crypto libraries. One of them
543 must be defined and the chosen signing algorithm will require a particular
545 - RSA 2048 needs Mbed TLS
546 - ECDSA secp224r1 needs Mbed TLS
547 - ECDSA secp256r1 needs tinycrypt as well as the ASN.1 code from Mbed TLS
552 - The image header and TLV formats are planned to change with release 1.0:
553 https://runtimeco.atlassian.net/browse/MCUB-66