TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / a36082664ecc6b62ceea10aa617c546491c3093d
commita36082664ecc6b62ceea10aa617c546491c3093d[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Thu Dec 12 15:35:31 2019 -0700
committerDavid Brown <davidb@davidb.org>Wed Dec 18 11:53:25 2019 -0700
treeb94b80f5d7d1156d6f2cf903405b9b1f357d1dc2
parent3639aca07136048b6b239b6bd699cffd3e55d655 [diff]
ecdsa: Allow ECDSA signatures to be actual length

ECDSA signatures are variable length.  They are also encoded as ASN.1.
The ASN.1 parser we use is given the length, and will return a decoding
error if the signature block is not sufficiently long.  Instead of
requiring the signature block be padded to the longest possible length a
signature can be, allow them to be their natural length.

This allows image signing tools to be able to generate signatures that
don't have this padding.  Along with removing the pad removal code from
the EC224 code, this will allow this code to correctly validate all
signatures, not just 255 out of 256.

Signed-off-by: David Brown <david.brown@linaro.org>
1 file changed
tree: b94b80f5d7d1156d6f2cf903405b9b1f357d1dc2
  1. boot/
  2. ci/
  3. docs/
  4. ext/
  5. ptest/
  6. samples/
  7. scripts/
  8. sim/
  9. testplan/
  10. zephyr/
  11. .gitignore
  12. .gitmodules
  13. .travis.yml
  14. enc-aes128kw.b64
  15. enc-ec256-priv.pem
  16. enc-ec256-pub.pem
  17. enc-rsa2048-priv.pem
  18. enc-rsa2048-pub.pem
  19. LICENSE
  20. NOTICE
  21. project.yml
  22. README.md
  23. repository.yml
  24. root-ec-p256-pkcs8.pem
  25. root-ec-p256.pem
  26. root-ed25519.pem
  27. root-rsa-2048.pem
  28. root-rsa-3072.pem
  29. version.yml
README.md

mcuboot

Coverity Scan Build Status Build/Test

This is mcuboot version 1.4.0

MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables simple software upgrades.

MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating. Currently, mcuboot works with both the Apache Mynewt and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.

Using MCUboot

Instructions for different operating systems can be found here:

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To participate please visit:

MCUBoot GitHub Issues

Issues were previously tracked on MCUboot JIRA , but it is now deprecated.

Browsing

Information and documentation on the bootloader are stored within the source.

It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • boot/mynewt: Mynewt bootloader app
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome!