| commit | 641af4530cf0de1990a539d76590b97fd0e272f2 | [log] [tgz] |
|---|---|---|
| author | David Brown <david.brown@linaro.org> | Fri Feb 19 12:16:48 2021 -0700 |
| committer | David Brown <davidb@davidb.org> | Tue Feb 23 10:29:31 2021 -0700 |
| tree | 3587d65340750e2ed21ebd4f37d16502220eda81 | |
| parent | 0c8c8d53257be7454a066e18014b4bedcd545c32 [diff] |
boot: Support Mbed TLS ECDSA for signatures Add Mbed TLS ECDSA signature verification as an option (in addition to Tinycrypt and the CC310 hardware version). Although the Mbed TLS ECDSA verification code is both larger and slower, this will still save space if there is another reason that the Mbed TLS code is already being brought in for another reason (such as certificate management, for example). Mbed TLS's ECDSA verification works at a different level than the other two libraries, so this takes a bit of reworking. There are some additional parameters passed to the various functions, and a new define MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification wants the original ASN1 signature, not a decoded key. This adds the boot changes and simulator support to test this configuration. Signed-off-by: David Brown <david.brown@linaro.org>
- boot/bootutil/include/bootutil/crypto/ecdsa_p256.h[diff]
- boot/bootutil/src/image_ec256.c[diff]
- boot/zephyr/include/config-ecdsa.h[Added - diff]
- sim/Cargo.toml[diff]
- sim/mcuboot-sys/Cargo.toml[diff]
- sim/mcuboot-sys/build.rs[diff]
- sim/mcuboot-sys/csupport/run.c[diff]
- .github/
- boot/
- ci/
- docs/
- ext/
- ptest/
- samples/
- scripts/
- sim/
- testplan/
- zephyr/
- .gitignore
- .gitmodules
- .mbedignore
- .travis.yml
- enc-aes128kw.b64
- enc-ec256-priv.pem
- enc-ec256-pub.pem
- enc-rsa2048-priv.pem
- enc-rsa2048-pub.pem
- enc-x25519-priv.pem
- enc-x25519-pub.pem
- go.mod
- LICENSE
- NOTICE
- project.yml
- README.md
- repository.yml
- root-ec-p256-pkcs8.pem
- root-ec-p256.pem
- root-ed25519.pem
- root-rsa-2048.pem
- root-rsa-3072.pem
mcuboot
This is mcuboot version 1.8.0-dev
MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables simple software upgrades.
MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating. Currently, mcuboot works with both the Apache Mynewt and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.
Using MCUboot
Instructions for different operating systems can be found here:
Roadmap
The issues being planned and worked on are tracked using GitHub issues. To participate please visit:
Issues were previously tracked on MCUboot JIRA , but it is now deprecated.
Browsing
Information and documentation on the bootloader are stored within the source.
It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained
For more information in the source, here are some pointers:
- boot/bootutil: The core of the bootloader itself.
- boot/boot_serial: Support for serial upgrade within the bootloader itself.
- boot/zephyr: Port of the bootloader to Zephyr
- boot/mynewt: Mynewt bootloader app
- imgtool: A tool to securely sign firmware images for booting by mcuboot.
- sim: A bootloader simulator for testing and regression
Joining
Developers welcome!
- Our developer mailing list: https://groups.io/g/mcuboot
- Our Slack channel: https://mcuboot.slack.com/
Get your invite here! - Our IRC channel: http://irc.freenode.net, #mcuboot