| /mcuboot-3.4.0/docs/ |
| D | testplan-mynewt.md | 8 with wrong key images are not swapped to, and image signed with correct key
12 key_<sign-algo>.pem, key_<sign-algo>_2.pem. And a keys file with the C public
35 Build and load image in slot 1 with no signing, signed with
36 key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as
37 test image and check that swap only happens for image signed with
45 ### Image signed with more than one key
59 Build and load image in slot 1 with no signing, signed with
60 key_<sign-algo>_2.pem and signed with key_<sign-algo>.pem. Mark each one as
61 test image and check that swap only happens for image signed with
86 Build/load blinky2 both with bad and good key, followed by a permanent swap
[all …]
|
| D | release-notes.md | 16 - Workflow improvements with Zephyr CI.
27 - Add a new flash api `flash_area_get_sector`, along with support for each
41 support on some recent targets, and adds support for devices with a
50 been tested with a `BOOT_MAX_ALIGN` up to 32 bytes.
60 - Add support for clear image generation with encryption capability to
144 This release of MCUboot works with the Zephyr "main" at the time of the
146 works with the Zephyr v2.4.0, however it is recommended to enable
170 - Various fixes to work with the latest Zephyr version.
190 ECIES with secp256r1 as an Elliptic Curve alternative to RSA-OAEP. A
198 should work with no changes for little-endian targets, but will
[all …]
|
| D | encrypted_images.md | 5 - distributed with this work for additional information
9 - with the License. You may obtain a copy of the License at
31 a TLV with the key must be present in the image. When upgrading the
62 The image is encrypted using AES-CTR-128 or AES-CTR-256, with a counter
70 but randomizing a 16-byte block with a TRNG should make it highly
77 For RSA-OAEP a new TLV with value `0x30` is added to the image, for
78 AES-KW a new TLV with value `0x31` is added to the image, for
79 ECIES-P256 a new TLV with value `0x32` is added, and for ECIES-X25519 a
80 newt TLV with value `0x33` is added. The contents of those TLVs
100 * The key is encrypted with AES-128-CTR or AES-256-CTR and a `nonce` of 0 using
[all …]
|
| D | readme-riot.md | 1 # Building and using MCUboot with RIOT
12 signature check it is necessary to re-compile it either with Mynewt
23 with a valid formatted value. The format is `major.minor.patch+other`
29 also expects an image padded with some specific headers containing the
30 version information, and trailer type-length-value records (TLVs) with
36 The application will be automatically signed with the provided key.
|
| D | readme-espressif.md | 1 # [Building and using MCUboot with Espressif's chips](#building-and-using-mcuboot-with-espressifs-c…
18 1. Install additional packages required for development with MCUboot:
57 *Replace `<TARGET>` with the target ESP32 family (like `esp32`, `esp32s2` and others).*
83 …/dev/ttyUSB0`) and baud rate `<BAUD>` (like `2000000`) according to the connection with your board.
108 1. Images can be regularly signed with the `scripts/imgtool.py` script:
127 For signing with a crypto key and guarantee the authenticity of the image being booted, see the sec…
144 MCUboot will then verify and compare the new image version number with the current one before perfo…
146 Version number is added to the image when signing it with `imgtool` (`-v` parameter, e.g. `-v 1.0.0…
148 ### [Downgrade prevention with security counter](#downgrade-prevention-with-security-counter)
150 It is also possible to rely on a security counter, also added to the image when signing with `imgto…
[all …]
|
| D | release.md | 3 This page describes the release process used with MCUboot.
8 follow a `MAJOR.MINOR.PATCH` format with the following guidelines on
54 suffix `rcN` (with no dash) is accepted only for the pre-release versions
64 `repository.yml` in the root directory; it must be updated with the
72 `boot/zephyr/VERSION`. For alignment with Zephyr versions, development
84 in the top-level `README.md`, and create a commit, with just this
85 change, with a commit text similar to "Bump to version a.b.c".
87 easier to find, as each release has a commit associated with it, and
90 Once this is done, the release should create a signed tag with the
|
| D | readme-zephyr.md | 1 # Building and using MCUboot with Zephyr
34 file named `boards/<arch>/<board>/<board>.dts`. An example `.dts` file with
41 Install additional packages required for development with MCUboot:
90 a simple application with everything you need. You can try it on your
100 With this, build the application as your normally would.
106 To make development easier, MCUboot is distributed with some example
111 Images can be signed with the `scripts/imgtool.py` script. It is best
116 The application itself can flashed with regular flash tools, but will
140 Generating a keypair with imgtool is a matter of running the keygen
172 with a sector size of 512 bytes and secondar slot in external off-chip flash
[all …]
|
| D | ecdsa.md | 24 However, this will also break compatibility with older versions,
25 because images generated with newer tools will not
26 work with older versions of MCUboot.
34 Without this argument, the images are padded with the
35 existing scheme. With this argument, the ECDSA is encoded
40 The existing EC256 implementations will still work (with or
66 ECDSA signatures are encoded as ASN.1, notably with the signature
|
| D | readme-mynewt.md | 1 # Running mynewt apps with MCUboot
4 when building an app that will be run with MCUboot as the bootloader and
40 # Boot serial functionality with Mynewt
42 Building with `BOOT_SERIAL: 1` enables some basic management functionality
|
| /mcuboot-3.4.0/sim/mcuboot-sys/src/ |
| D | api.rs | 147 THREAD_CTX.with(|ctx| { in set_flash()
161 THREAD_CTX.with(|ctx| { in clear_flash()
170 THREAD_CTX.with(|ctx| { in sim_get_flash_areas()
177 THREAD_CTX.with(|ctx| { in sim_set_flash_areas()
184 THREAD_CTX.with(|ctx| { in sim_reset_flash_areas()
191 SIM_CTX.with(|ctx| { in sim_get_context()
198 SIM_CTX.with(|ctx| { in sim_set_context()
205 SIM_CTX.with(|ctx| { in sim_reset_context()
212 RAM_CTX.with(|ctx| { in bootsim_get_ram_info()
224 RAM_CTX.with(|ctx| { in set_ram_info()
[all …]
|
| /mcuboot-3.4.0/testplan/mynewt/ |
| D | Makefile | 48 @echo "* Building mcuboot with RSA... \c"
53 @echo "* Building mcuboot with RSA/PSS... \c"
58 @echo "* Building mcuboot with EC... \c"
63 @echo "* Building mcuboot with EC256... \c"
69 @echo "* Building mcuboot with RSA + EC... \c"
74 @echo "* Building mcuboot with primary slot validation... \c"
79 @echo "* Building mcuboot with overwrite only upgrade... \c"
|
| /mcuboot-3.4.0/boot/cypress/MCUBootApp/ |
| D | README.md | 1 ### Port of MCUboot library to be used with Cypress targets
11 Cypress boards, that can be used with this evaluation example:
29 MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature veri…
53 Now define and initialize `struct flash_area *boot_area_descs[]` with flash memory addresses and si…
55 __Note:__ for both options make sure you have updated `MCUBOOT_MAX_IMG_SECTORS` appropriatery with …
122 …er among available Cypress PSoC 6 kits. If you try to use custom hardware with this application - …
124 …Y8PROTO-062S3-4343W, CY8CKIT-062-4343W. If you try to use custom hardware with this application - …
152 * To Build MCUBootApp with external memory support - pass `USE_EXTERNAL_FLASH=1` flag to `make` com…
158 …om unwanted read - Upgrade Image Encryption can be applied. The ECDH/HKDF with EC256 scheme is use…
160 To enable image encryption support use `ENC_IMG=1` build flag (BlinkyApp should also be built with …
[all …]
|
| /mcuboot-3.4.0/boot/cypress/BlinkyApp/ |
| D | Readme.md | 11 * Blinks RED led with 2 different rates, depending on type of image - BOOT or UPGRADE.
25 …on among available Cypress PSoC 6 kits. If you try to use custom hardware with this application - …
26 …on among available Cypress PSoC 6 kits. If you try to use custom hardware with this application - …
68 To get appropriate artifacts to use with multi image MCUBootApp, makefile flag `HEADER_OFFSET=` can…
86 To prepare MCUBootApp for work with external memory please refer to `MCUBootApp/ExternalMemory.md`.
104 To prepare MCUBootApp for work with encrypted upgrade image please refer to `MCUBootApp/Readme.md`.
126 `BlinkyApp` built to run with `MCUBootApp` produces files with name BlinkyApp.hex in `boot` directo…
140 … image, `1` - build encrypted upgrade image (MCUBootApp should also be built with this flash set 1)
154 [BlinkyApp] Red led blinks with 1 sec period
165 [BlinkyApp] Red led blinks with 0.25 sec period
|
| /mcuboot-3.4.0/ext/mbedtls-asn1/include/mbedtls/ |
| D | asn1.h | 11 * not use this file except in compliance with the License.
58 * These constants comply with the DER encoded ASN.1 type tags.
225 * with the requested tag.
246 * \return An ASN.1 error code if the input does not start with
265 * \return An ASN.1 error code if the input does not start with
286 * \return An ASN.1 error code if the input does not start with
309 * \return An ASN.1 error code if the input does not start with
328 * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the input starts with
329 * a valid BIT STRING with a nonzero number of unused bits.
330 * \return An ASN.1 error code if the input does not start with
[all …]
|
| D | md.h | 13 * not use this file except in compliance with the License.
79 * Fields can be accessed with #mbedtls_md_get_size,
104 * \note The list starts with the strongest available hashes.
115 * associated with the given digest name.
119 * \return The message-digest information associated with \p md_name.
126 * associated with the given digest type.
130 * \return The message-digest information associated with \p md_type.
173 * or non-zero: HMAC is used with this context.
241 * with mbedtls_md_setup(), and before passing data with
276 * Afterwards, you may either clear the context with
[all …]
|
| D | pk.h | 11 * not use this file except in compliance with the License.
53 #define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00 /**< Type mismatch, eg attempt to encrypt with …
150 * \brief Types for interfacing with the debug module
241 * \brief Return information associated with the given PK type
245 * \return The PK info associated with the type or NULL if not found.
263 * \note For contexts that have been set up with
289 * \brief Initialize a PK context with the information given
391 * cleared with mbedtls_pk_free().
430 * return early and restart according to the limit set with
453 * \brief Verify signature, with options.
[all …]
|
| /mcuboot-3.4.0/boot/cypress/ |
| D | README.md | 1 ### Port of MCUBoot library for evaluation with Cypress PSoC 6 chips
5 Given solution is included in `MCUboot` repository with purpose to demonstrate basic consepts and f…
7 Examples provided to use with **ModusToolbox® Software Environment** are a recommended reference po…
12 2. MCUboot-Based Bootloader with Rollback to Factory App in External Flash [mtb-example-anycloud-mc…
32 MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature veri…
44 To retrieve source code with subsequent submodules pull:
|
| /mcuboot-3.4.0/ext/tinycrypt/lib/include/tinycrypt/ |
| D | ecc_dsa.h | 7 * Redistribution and use in source and binary forms, with or without
15 * and/or other materials provided with the distribution.
33 * Redistribution and use in source and binary forms, with or without
41 * documentation and/or other materials provided with the distribution.
70 * recommended) and pass it in to ecdsa_sign function along with your
74 * the same hash as the signer and pass it to this function along with
95 * @param p_signature OUT -- Will be filled in with the signature value. Must be
101 * recommended) and pass it in to this function along with your private key.
129 * signer and pass it to this function along with the signer's public key and
|
| D | ecc_dh.h | 7 * Redistribution and use in source and binary forms, with or without
15 * and/or other materials provided with the distribution.
32 * Redistribution and use in source and binary forms, with or without
40 * documentation and/or other materials provided with the distribution.
83 * @param p_public_key OUT -- Will be filled in with the public key. Must be at
86 * @param p_private_key OUT -- Will be filled in with the private key. Must be as
114 * @param p_secret OUT -- Will be filled in with the shared secret value. Must be
|
| /mcuboot-3.4.0/ |
| D | LICENSE | 17 control with that entity. For the purposes of this definition,
81 with the Work to which such Contribution(s) was submitted. If You
90 Work or Derivative Works thereof in any medium, with or without
113 documentation, if provided along with the Derivative Works; or,
127 reproduction, and distribution of the Work otherwise complies with
136 with Licensor regarding such Contributions.
151 risks associated with Your exercise of permissions under this License.
168 or other liability obligations and/or rights consistent with this
181 boilerplate notice, with the fields enclosed by brackets "{}"
182 replaced with your own identifying information. (Don't include
[all …]
|
| /mcuboot-3.4.0/ci/fih_test_docker/ |
| D | run_fi_test.sh | 6 # you may not use this file except in compliance with the License.
32 # strings in the image with a different string. This causes the signature check
47 echo "Failed to damage image $IMAGE with param $DAMAGE_TYPE" 1>&2
61 # join START and END lines together with a comma seperator.
81 # Run the run_test function with each skip length between min and max in turn.
85 echo "Run tests with skip size $size" 1>&2
|
| /mcuboot-3.4.0/boot/bootutil/include/bootutil/ |
| D | image.h | 12 * distributed with this work for additional information
16 * with the License. You may obtain a copy of the License at
70 * ECSDA224 is with NIST P-224
71 * ECSDA256 is with NIST P-256
92 #define IMAGE_TLV_ENC_RSA2048 0x30 /* Key encrypted with RSA-OAEP-2048 */
93 #define IMAGE_TLV_ENC_KW 0x31 /* Key encrypted with AES-KW 128 or 256*/
94 #define IMAGE_TLV_ENC_EC256 0x32 /* Key encrypted with ECIES-EC256 */
95 #define IMAGE_TLV_ENC_X25519 0x33 /* Key encrypted with ECIES-X25519 */
|
| /mcuboot-3.4.0/ext/fiat/ |
| D | README.md | 11 `make src/Specific/solinas32_2e255m19_10limbs/femul.c` (replacing `femul` with
16 unsigned integers with a single carry chain and two wraparound carries" where
20 The 64-bit implementation uses 5 limbs of radix 2^51 with instruction scheduling
40 ## Working With Fiat Crypto Field Arithmetic
46 There is work ongoing to replace the entire specialization mechanism with
|
| /mcuboot-3.4.0/ci/ |
| D | compare_versions.py | 4 # you may not use this file except in compliance with the License.
24 # exit with 0 if --new is equal to --old
25 # exit with 1 on errors
26 # exit with 2 if --new is newer than --old
27 # exit with 3 if --new is older than --old
|
| /mcuboot-3.4.0/boot/zcbor/include/ |
| D | zcbor_decode.h | 59 /** Consume and expect a pint/nint with a certain value. */
66 /** Consume and expect a pint/nint with a certain value, within a union.
81 /** Consume and expect a bstr/tstr with the value of the provided string literal.
101 /** Consume and expect a bstr/tstr with the value of the provided string literal.
112 /** Consume and expect a bstr/tstr with the value of the provided null-terminated string.
123 /** Consume and expect a bstr/tstr with the value of the provided char array literal.
153 * @param[in] unused Unused parameter to maintain signature parity with
162 * @param[in] unused Unused parameter to maintain signature parity with
254 /** Decode 0 or more elements with the same type and constraints.
276 * The @ref zcbor_decoder_t type is designed to be compatible with all single-
[all …]
|
