Make mcuboot less mynewt style
Remove most of mynewt specific stuff to a separate port package. This
should make mcuboot less "mynewt'y" and slightly easier to port to.
- Mynewt specific stuff moved to boot/mynewt.
- Sample app moved from apps/boot to boot/mynewt.
- Use MYNEWT_VAL macro only on mynewt port.
- BOOTUTIL_* and MYNEWT_VAL() usage moved to MCUBOOT_ defines.
diff --git a/Makefile b/Makefile
index eedae1f..1f3283f 100644
--- a/Makefile
+++ b/Makefile
@@ -10,16 +10,16 @@
# RSA
CONF_FILE = boot/zephyr/prj.conf
-CFLAGS += -DBOOTUTIL_SIGN_RSA -DBOOTUTIL_USE_MBED_TLS
+CFLAGS += -DMCUBOOT_SIGN_RSA -DMCUBOOT_USE_MBED_TLS
# ECDSA P-256
#CONF_FILE = boot/zephyr/prj-p256.conf
-#CFLAGS += -DBOOTUTIL_SIGN_EC256 -DBOOTUTIL_USE_TINYCRYPT
+#CFLAGS += -DMCUBOOT_SIGN_EC256 -DMCUBOOT_USE_TINYCRYPT
# Enable this option to have the bootloader verify the signature of
# the primary image upon every boot. Without it, signature
# verification only happens on upgrade.
-CFLAGS += -DBOOTUTIL_VALIDATE_SLOT0
+CFLAGS += -DMCUBOOT_VALIDATE_SLOT0
# Enable this option to not use the swapping code and just overwrite
# the image on upgrade.
diff --git a/README-zephyr.rst b/README-zephyr.rst
index c90c549..49526ec 100644
--- a/README-zephyr.rst
+++ b/README-zephyr.rst
@@ -58,7 +58,7 @@
-----------------------
In order to upgrade to an image (or even boot it, if
-``BOOTUTIL_VALIDATE_SLOT0`` is enabled), the images must be signed.
+``MCUBOOT_VALIDATE_SLOT0`` is enabled), the images must be signed.
To make development easier, mcuboot is distributed with some example
keys. It is important to stress that these should never be used for
production, since the private key is publically available in this
diff --git a/boot/bootutil/include/bootutil/sha256.h b/boot/bootutil/include/bootutil/sha256.h
index 9bc366c..6dd02c7 100644
--- a/boot/bootutil/include/bootutil/sha256.h
+++ b/boot/bootutil/include/bootutil/sha256.h
@@ -21,29 +21,37 @@
* This module provides a thin abstraction over some of the crypto
* primitives to make it easier to swap out the used crypto library.
*
- * At this point, there are two choices: BOOTUTIL_USE_MBED_TLS, or
- * BOOTUTIL_USE_TINYCRYPT. It is a compile error there is not exactly
+ * At this point, there are two choices: MCUBOOT_USE_MBED_TLS, or
+ * MCUBOOT_USE_TINYCRYPT. It is a compile error there is not exactly
* one of these defined.
*/
#ifndef __BOOTUTIL_CRYPTO_H_
#define __BOOTUTIL_CRYPTO_H_
-#if defined(BOOTUTIL_USE_MBED_TLS) && defined(BOOTUTIL_USE_TINYCRYPT)
+/* FIXME: The test below will only work as long as the app name is
+ * "mynewt", building for mynewt could export some __linux__, __APPLE__
+ * style macro!
+ */
+#ifdef APP_mynewt
+#include "mynewt/config.h"
+#endif
+
+#if defined(MCUBOOT_USE_MBED_TLS) && defined(MCUBOOT_USE_TINYCRYPT)
#error "Cannot define both MBED_TLS and TINYCRYPT"
#endif
-#if !defined(BOOTUTIL_USE_MBED_TLS) && !defined(BOOTUTIL_USE_TINYCRYPT)
+#if !defined(MCUBOOT_USE_MBED_TLS) && !defined(MCUBOOT_USE_TINYCRYPT)
#error "One of MBED_TLS or TINYCRYPT must be defined"
#endif
-#ifdef BOOTUTIL_USE_MBED_TLS
+#ifdef MCUBOOT_USE_MBED_TLS
#include <mbedtls/sha256.h>
-#endif /* BOOTUTIL_USE_MBED_TLS */
+#endif /* MCUBOOT_USE_MBED_TLS */
-#ifdef BOOTUTIL_USE_TINYCRYPT
+#ifdef MCUBOOT_USE_TINYCRYPT
#include <tinycrypt/sha256.h>
-#endif /* BOOTUTIL_USE_TINYCRYPT */
+#endif /* MCUBOOT_USE_TINYCRYPT */
#include <stdint.h>
@@ -51,7 +59,7 @@
extern "C" {
#endif
-#ifdef BOOTUTIL_USE_MBED_TLS
+#ifdef MCUBOOT_USE_MBED_TLS
typedef mbedtls_sha256_context bootutil_sha256_context;
static inline void bootutil_sha256_init(bootutil_sha256_context *ctx)
@@ -72,9 +80,9 @@
{
mbedtls_sha256_finish(ctx, output);
}
-#endif /* BOOTUTIL_USE_MBED_TLS */
+#endif /* MCUBOOT_USE_MBED_TLS */
-#ifdef BOOTUTIL_USE_TINYCRYPT
+#ifdef MCUBOOT_USE_TINYCRYPT
typedef struct tc_sha256_state_struct bootutil_sha256_context;
static inline void bootutil_sha256_init(bootutil_sha256_context *ctx)
{
@@ -93,7 +101,7 @@
{
tc_sha256_final(output, ctx);
}
-#endif /* BOOTUTIL_USE_TINYCRYPT */
+#endif /* MCUBOOT_USE_TINYCRYPT */
#ifdef __cplusplus
}
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 153d56b..902fe77 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -21,7 +21,6 @@
#include <string.h>
#include <inttypes.h>
-#include "syscfg/syscfg.h"
#include "sysflash/sysflash.h"
#include "hal/hal_bsp.h"
#include "hal/hal_flash.h"
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 85fa178..e8c8a8f 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -20,7 +20,6 @@
#ifndef H_BOOTUTIL_PRIV_
#define H_BOOTUTIL_PRIV_
-#include "syscfg/syscfg.h"
#include "bootutil/image.h"
#ifdef __cplusplus
diff --git a/boot/bootutil/src/image_ec.c b/boot/bootutil/src/image_ec.c
index de08b13..fc4c7f0 100644
--- a/boot/bootutil/src/image_ec.c
+++ b/boot/bootutil/src/image_ec.c
@@ -19,9 +19,7 @@
#include <string.h>
-#include "syscfg/syscfg.h"
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
+#ifdef MCUBOOT_SIGN_EC
#include "bootutil/sign_key.h"
#include "mbedtls/ecdsa.h"
@@ -119,4 +117,4 @@
return rc;
}
-#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC) */
+#endif /* MCUBOOT_SIGN_EC */
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
index 1e7354e..615fb9f 100644
--- a/boot/bootutil/src/image_ec256.c
+++ b/boot/bootutil/src/image_ec256.c
@@ -19,9 +19,7 @@
#include <string.h>
-#include "syscfg/syscfg.h"
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#ifdef MCUBOOT_SIGN_EC256
#include "bootutil/sign_key.h"
#include "mbedtls/oid.h"
@@ -176,4 +174,4 @@
return -2;
}
}
-#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC256) */
+#endif /* MCUBOOT_SIGN_EC256 */
diff --git a/boot/bootutil/src/image_rsa.c b/boot/bootutil/src/image_rsa.c
index 4890f46..3ea1a89 100644
--- a/boot/bootutil/src/image_rsa.c
+++ b/boot/bootutil/src/image_rsa.c
@@ -19,9 +19,7 @@
#include <string.h>
-#include "syscfg/syscfg.h"
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#ifdef MCUBOOT_SIGN_RSA
#include "bootutil/sign_key.h"
#include "mbedtls/rsa.h"
@@ -143,4 +141,4 @@
return rc;
}
-#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_RSA) */
+#endif /* MCUBOOT_SIGN_RSA */
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 0e78407..9413d31 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -22,17 +22,16 @@
#include <inttypes.h>
#include <string.h>
-#include "syscfg/syscfg.h"
#include "hal/hal_flash.h"
#include "flash_map/flash_map.h"
#include "bootutil/image.h"
#include "bootutil/sha256.h"
#include "bootutil/sign_key.h"
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#ifdef MCUBOOT_SIGN_RSA
#include "mbedtls/rsa.h"
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC) || MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/ecdsa.h"
#endif
#include "mbedtls/asn1.h"
@@ -96,8 +95,8 @@
uint32_t off;
uint32_t size;
uint32_t sha_off = 0;
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) || \
- MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#if defined(MCUBOOT_SIGN_RSA) || defined(MCUBOOT_SIGN_EC) || \
+ defined(MCUBOOT_SIGN_EC256)
uint32_t sig_off = 0;
uint32_t sig_len = 0;
#endif
@@ -106,17 +105,17 @@
uint8_t hash[32];
int rc;
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#ifdef MCUBOOT_SIGN_RSA
if ((hdr->ih_flags & IMAGE_F_PKCS15_RSA2048_SHA256) == 0) {
return -1;
}
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
+#ifdef MCUBOOT_SIGN_EC
if ((hdr->ih_flags & IMAGE_F_ECDSA224_SHA256) == 0) {
return -1;
}
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#ifdef MCUBOOT_SIGN_EC256
if ((hdr->ih_flags & IMAGE_F_ECDSA256_SHA256) == 0) {
return -1;
}
@@ -150,7 +149,7 @@
}
sha_off = off + sizeof(tlv);
}
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#ifdef MCUBOOT_SIGN_RSA
if (tlv.it_type == IMAGE_TLV_RSA2048) {
if (tlv.it_len != 256) { /* 2048 bits */
return -1;
@@ -159,7 +158,7 @@
sig_len = tlv.it_len;
}
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
+#ifdef MCUBOOT_SIGN_EC
if (tlv.it_type == IMAGE_TLV_ECDSA224) {
if (tlv.it_len < 64) { /* oids + 2 * 28 bytes */
return -1;
@@ -168,7 +167,7 @@
sig_len = tlv.it_len;
}
#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#ifdef MCUBOOT_SIGN_EC256
if (tlv.it_type == IMAGE_TLV_ECDSA256) {
if (tlv.it_len < 72) { /* oids + 2 * 32 bytes */
return -1;
@@ -193,8 +192,8 @@
return -1;
}
}
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) || \
- MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#if defined(MCUBOOT_SIGN_RSA) || defined(MCUBOOT_SIGN_EC) || \
+ defined(MCUBOOT_SIGN_EC256)
if (!sig_off) {
/*
* Header said there should be PKCS1.v5 signature, no TLV
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index dc6d9cb..95a1572 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -1265,7 +1265,7 @@
switch (swap_type) {
case BOOT_SWAP_TYPE_NONE:
-#ifdef BOOTUTIL_VALIDATE_SLOT0
+#ifdef MCUBOOT_VALIDATE_SLOT0
rc = boot_validate_slot(0);
assert(rc == 0);
if (rc != 0) {
diff --git a/boot/bootutil/syscfg.yml b/boot/bootutil/syscfg.yml
deleted file mode 100644
index 80fca9f..0000000
--- a/boot/bootutil/syscfg.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-# Package: boot/bootutil
-
-syscfg.defs:
- BOOTUTIL_SIGN_RSA:
- description: 'Images are signed using RSA2048.'
- value: '0'
- BOOTUTIL_SIGN_EC:
- description: 'Images are signed using ECDSA NIST P-224.'
- value: '0'
- BOOTUTIL_SIGN_EC256:
- description: 'Images are signed using ECDSA NIST P-256.'
- value: '0'
diff --git a/apps/boot/README.md b/boot/mynewt/README.md
similarity index 100%
rename from apps/boot/README.md
rename to boot/mynewt/README.md
diff --git a/boot/mynewt/include/mynewt/config.h b/boot/mynewt/include/mynewt/config.h
new file mode 100644
index 0000000..9be051d
--- /dev/null
+++ b/boot/mynewt/include/mynewt/config.h
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+#ifndef __BOOT_CONFIG_H__
+#define __BOOT_CONFIG_H__
+
+#include "syscfg/syscfg.h"
+
+#if MYNEWT_VAL(BOOT_SERIAL)
+#define MCUBOOT_SERIAL 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_VALIDATE_SLOT0)
+#define MCUBOOT_VALIDATE_SLOT0 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256)
+#define MCUBOOT_SIGN_EC256 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
+#define MCUBOOT_SIGN_RSA 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
+#define MCUBOOT_SIGN_EC 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_USE_MBED_TLS)
+#define MCUBOOT_USE_MBED_TLS 1
+#endif
+#if MYNEWT_VAL(BOOTUTIL_USE_TINYCRYPT)
+#define MCUBOOT_USE_TINYCRYPT 1
+#endif
+
+#endif /* __BOOT_CONFIG_H__ */
diff --git a/apps/boot/pkg.yml b/boot/mynewt/pkg.yml
similarity index 89%
rename from apps/boot/pkg.yml
rename to boot/mynewt/pkg.yml
index c3af3e8..c1c0cc7 100644
--- a/apps/boot/pkg.yml
+++ b/boot/mynewt/pkg.yml
@@ -6,7 +6,7 @@
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
@@ -17,10 +17,10 @@
# under the License.
#
-pkg.name: apps/boot
+pkg.name: boot/mynewt
pkg.type: app
-pkg.description: Boot loader application.
-pkg.author: "Apache Mynewt <dev@mynewt.incubator.apache.org>"
+pkg.description: "Mynewt port of mcuboot"
+pkg.author: "Fabio Utzig <utzig@apache.org>"
pkg.homepage: "http://mynewt.apache.org/"
pkg.keywords:
- loader
diff --git a/apps/boot/src/boot.c b/boot/mynewt/src/main.c
similarity index 94%
rename from apps/boot/src/boot.c
rename to boot/mynewt/src/main.c
index fbc4b7d..9cf4737 100755
--- a/apps/boot/src/boot.c
+++ b/boot/mynewt/src/main.c
@@ -27,7 +27,7 @@
#include <hal/hal_bsp.h>
#include <hal/hal_system.h>
#include <hal/hal_flash.h>
-#if MYNEWT_VAL(BOOT_SERIAL)
+#ifdef MCUBOOT_SERIAL
#include <hal/hal_gpio.h>
#include <boot_serial/boot_serial.h>
#include <sysinit/sysinit.h>
@@ -39,7 +39,7 @@
#define BOOT_AREA_DESC_MAX (256)
#define AREA_DESC_MAX (BOOT_AREA_DESC_MAX)
-#if MYNEWT_VAL(BOOT_SERIAL)
+#ifdef MCUBOOT_SERIAL
#define BOOT_SER_CONS_INPUT 128
#endif
@@ -49,14 +49,14 @@
struct boot_rsp rsp;
int rc;
-#if MYNEWT_VAL(BOOT_SERIAL)
+#ifdef MCUBOOT_SERIAL
sysinit();
#else
flash_map_init();
hal_bsp_init();
#endif
-#if MYNEWT_VAL(BOOT_SERIAL)
+#ifdef MCUBOOT_SERIAL
/*
* Configure a GPIO as input, and compare it against expected value.
* If it matches, await for download commands from serial.
diff --git a/apps/boot/syscfg.yml b/boot/mynewt/syscfg.yml
similarity index 63%
rename from apps/boot/syscfg.yml
rename to boot/mynewt/syscfg.yml
index 9ff2cbc..de4f190 100644
--- a/apps/boot/syscfg.yml
+++ b/boot/mynewt/syscfg.yml
@@ -16,7 +16,7 @@
# under the License.
#
-# Package: apps/boot
+# Package: boot/mynewt
syscfg.defs:
BOOT_LOADER:
@@ -25,6 +25,24 @@
BOOT_SERIAL:
description: 'Support image upgrade over serial within bootloader'
value: 0
+ BOOTUTIL_VALIDATE_SLOT0:
+ description: 'Validate image at slot 0 on each boot.'
+ value: 0
+ BOOTUTIL_SIGN_RSA:
+ description: 'Images are signed using RSA2048.'
+ value: 0
+ BOOTUTIL_SIGN_EC:
+ description: 'Images are signed using ECDSA NIST P-224.'
+ value: 0
+ BOOTUTIL_SIGN_EC256:
+ description: 'Images are signed using ECDSA NIST P-256.'
+ value: 0
+ BOOTUTIL_USE_MBED_TLS:
+ description: 'Use mbed TLS for crypto operations.'
+ value: 0
+ BOOTUTIL_USE_TINYCRYPT:
+ description: 'Use tinycrypt for crypto operations.'
+ value: 0
syscfg.vals:
SYSINIT_CONSTRAIN_INIT: 0
diff --git a/boot/zephyr/include/syscfg/syscfg.h b/boot/zephyr/include/syscfg/syscfg.h
deleted file mode 100644
index ad58eed..0000000
--- a/boot/zephyr/include/syscfg/syscfg.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef __SYSCFG_H__
-#define __SYSCFG_H__
-
-#define MYNEWT_VAL(x) (x)
-
-#endif /* __SYSCFG_H__ */
diff --git a/boot/zephyr/keys.c b/boot/zephyr/keys.c
index 9d2f36b..56b78df 100644
--- a/boot/zephyr/keys.c
+++ b/boot/zephyr/keys.c
@@ -19,7 +19,7 @@
#include <bootutil/sign_key.h>
-#if defined(BOOTUTIL_SIGN_RSA)
+#if defined(MCUBOOT_SIGN_RSA)
const unsigned char root_pub_der[] = {
0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0x06, 0x08,
0x1a, 0x18, 0x44, 0x2c, 0x18, 0xe8, 0xfb, 0xfd, 0xf7, 0x0d, 0xa3, 0x4f,
@@ -46,7 +46,7 @@
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
};
const unsigned int root_pub_der_len = 270;
-#elif defined(BOOTUTIL_SIGN_EC256)
+#elif defined(MCUBOOT_SIGN_EC256)
const unsigned char root_pub_der[] = {
0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
@@ -65,6 +65,7 @@
#error "No public key available for given signing algorithm."
#endif
+#if defined(MCUBOOT_SIGN_RSA) || defined(MCUBOOT_SIGN_EC256)
const struct bootutil_key bootutil_keys[] = {
{
.key = root_pub_der,
@@ -72,3 +73,4 @@
},
};
const int bootutil_key_cnt = 1;
+#endif
diff --git a/doc/signed_images.md b/doc/signed_images.md
index 80bac7b..b56aa58 100644
--- a/doc/signed_images.md
+++ b/doc/signed_images.md
@@ -90,14 +90,14 @@
## Building bootloader
-Enable the BOOTUTIL_SIGN_RSA syscfg setting in your app or target syscfg.yml
+Enable the MCUBOOT_SIGN_RSA syscfg setting in your app or target syscfg.yml
file
syscfg.vals:
- BOOTUTIL_SIGN_RSA: 1
+ MCUBOOT_SIGN_RSA: 1
After you've created the key package, you must include it in the build
for bootloader. So modify the pkg.yml for apps/boot to include it.
-The syscfg variable to enable ECDSA224 is BOOTUTIL_SIGN_EC, and
-BOOTUTIL_SIGN_EC256 for ECDS256.
+The syscfg variable to enable ECDSA224 is MCUBOOT_SIGN_EC, and
+MCUBOOT_SIGN_EC256 for ECDS256.