| commit | 0eaf6668189d9001ca5b94dba4e3d8051e7bbe83 | [log] [tgz] |
|---|---|---|
| author | Thomas Altenbach <thomas.altenbach@legrand.com> | Wed Apr 23 10:59:48 2025 +0200 |
| committer | David Brown <davidb@davidb.org> | Thu May 22 08:05:51 2025 -0600 |
| tree | a2d09fc5ec3461278675cccc62f9fd1449dde01e | |
| parent | 792d411d1f8348fa2d7cd177d10bfc8b70fa6dc8 [diff] |
boot: bootutil: Only update the security counter for confirmed images When an upgrade is performed, the security counter must only be updated after the upgrade has been confirmed, to make possible to rollback if needed. To that end, the security counter was only updated for a given image if the swap type is BOOT_SWAP_TYPE_NONE, meaning in most cases that no update has been performed by MCUboot at this run. However, the swap type is also set to BOOT_SWAP_TYPE_NONE after an interrupted upgrade is completed, so at the time boot_update_hw_rollback_protection is called, having a "none" swap type doesn't guarantee that no upgrade is waiting for confirmation. This means MCUboot was wrongly updating the security counter immediately after the completion of a resumed upgrade, preventing any rollback in that case. Instead, the boot_update_hw_rollback_protection now checks the trailer of the primary image to determine if the security counter has to be updated. The update occurs only if the trailer is empty (no update has ever been made) or if the "image-ok" flag is set (the image has been confirmed). Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
- .github/
- boot/
- ci/
- docs/
- ext/
- ptest/
- samples/
- scripts/
- sim/
- testplan/
- zephyr/
- .gitignore
- .gitmodules
- .mbedignore
- .travis.yml-disabled
- Cargo.lock
- Cargo.toml
- CODE_OF_CONDUCT.md
- CODEOWNERS
- enc-aes128kw.b64
- enc-aes256kw.b64
- enc-ec256-priv.pem
- enc-ec256-pub.pem
- enc-rsa2048-priv.pem
- enc-rsa2048-pub.pem
- enc-x25519-priv.pem
- enc-x25519-pub.pem
- go.mod
- LICENSE
- NOTICE
- project.yml
- README.md
- repository.yml
- root-ec-p256-pkcs8.pem
- root-ec-p256.pem
- root-ec-p384-pkcs8.pem
- root-ec-p384.pem
- root-ed25519.pem
- root-rsa-2048.pem
- root-rsa-3072.pem
MCUboot
This is MCUboot version 2.2.0-rc1
MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a common infrastructure for the bootloader and the system flash layout on microcontroller systems, and provides a secure bootloader that enables easy software upgrade.
MCUboot is not dependent on any specific operating system and hardware and relies on hardware porting layers from the operating system it works with. Currently, MCUboot works with the following operating systems and SoCs:
RIOT is supported only as a boot target. We will accept any new port contributed by the community once it is good enough.
MCUboot How-tos
See the following pages for instructions on using MCUboot with different operating systems and SoCs:
There are also instructions for the Simulator.
Roadmap
The issues being planned and worked on are tracked using GitHub issues. To give your input, visit MCUboot GitHub Issues.
Source files
You can find additional documentation on the bootloader in the source files. For more information, use the following links:
- boot/bootutil - The core of the bootloader itself.
- boot/boot_serial - Support for serial upgrade within the bootloader itself.
- boot/zephyr - Port of the bootloader to Zephyr.
- boot/mynewt - Bootloader application for Apache Mynewt.
- boot/nuttx - Bootloader application and port of MCUboot interfaces for Apache NuttX.
- boot/mbed - Port of the bootloader to Mbed OS.
- boot/espressif - Bootloader application and MCUboot port for Espressif SoCs.
- boot/cypress - Bootloader application and MCUboot port for Cypress/Infineon SoCs.
- imgtool - A tool to securely sign firmware images for booting by MCUboot.
- sim - A bootloader simulator for testing and regression.
Joining the project
Developers are welcome!
Use the following links to join or see more about the project: