Infineon: Add support for cyw20829 b0 revision of device, update libs versions
diff --git a/boot/cypress/BlinkyApp/BlinkyApp.mk b/boot/cypress/BlinkyApp/BlinkyApp.mk
index 18cbfcf..d7769cf 100644
--- a/boot/cypress/BlinkyApp/BlinkyApp.mk
+++ b/boot/cypress/BlinkyApp/BlinkyApp.mk
@@ -40,8 +40,14 @@
CUR_APP_PATH = $(PRJ_DIR)/$(APP_NAME)
ifneq ($(FLASH_MAP), )
+#to compare NV-counters for each images with number of images on CYW20829
+ifeq ($(PLATFORM), CYW20829)
+$(CUR_APP_PATH)/flashmap.mk:
+ $(PYTHON_PATH) scripts/flashmap.py -p $(PLATFORM) -i $(FLASH_MAP) -o $(PRJ_DIR)/platforms/cy_flash_pal/cy_flash_map.h -d $(IMG_ID) -c $(PRJ_DIR)/policy/policy_reprovisioning_secure.json > $(CUR_APP_PATH)/flashmap.mk
+else
$(CUR_APP_PATH)/flashmap.mk:
$(PYTHON_PATH) scripts/flashmap.py -p $(PLATFORM) -m -i $(FLASH_MAP) -o $(PRJ_DIR)/platforms/cy_flash_pal/cy_flash_map.h -d $(IMG_ID) > $(CUR_APP_PATH)/flashmap.mk
+endif
include $(CUR_APP_PATH)/flashmap.mk
DEFINES_APP := -DCY_FLASH_MAP_JSON
endif
diff --git a/boot/cypress/BlinkyApp/linker/BlinkyApp_CM33_template_xip.ld b/boot/cypress/BlinkyApp/linker/BlinkyApp_CM33_template_xip.ld
index bf7ea08..4b8b0d8 100644
--- a/boot/cypress/BlinkyApp/linker/BlinkyApp_CM33_template_xip.ld
+++ b/boot/cypress/BlinkyApp/linker/BlinkyApp_CM33_template_xip.ld
@@ -50,8 +50,8 @@
FLASH_START_ADDR_CBUS = 0x08000000 + USER_APP_START_ADDR;
RAM_START_ADDR_SAHB = 0x20000000;
RAM_START_ADDR_CBUS = 0x04000000;
-RAM_END_ADDR_SAHB = 0x20020000; /* 128K */
-RAM_END_ADDR_CBUS = 0x04020000; /* 128K */
+RAM_END_ADDR_SAHB = 0x20040000; /* 256K */
+RAM_END_ADDR_CBUS = 0x04040000; /* 256K */
FLASH_END_ADDR_SAHB = 0x60080000; /* 512K */
BOOTSTRAP_OFFSET_FLASH = 0x00000050; /* toc2=0x10, l1_desc=0x1C, sign_header=0x20, padding=0x4 (encrypted data should be aligned to 0x10 boundary) */
@@ -85,7 +85,7 @@
/* size of XIP region */
XIP_SIZE = FLASH_END_ADDR_SAHB - XIP_LMA;
/* Total size of SRAM */
-RAM_SIZE = RAM_END_ADDR_SAHB - RAM_START_ADDR_SAHB; /* 0x00020000 */
+RAM_SIZE = RAM_END_ADDR_SAHB - RAM_START_ADDR_SAHB; /* 0x00040000 */
/* Size of Bootstrap data is kept same as BOOTSTRAP_SIZE */
DATA_BS_SIZE = BOOTSTRAP_SIZE;
diff --git a/boot/cypress/MCUBootApp/MCUBootApp.mk b/boot/cypress/MCUBootApp/MCUBootApp.mk
index e2dae9f..a90e488 100644
--- a/boot/cypress/MCUBootApp/MCUBootApp.mk
+++ b/boot/cypress/MCUBootApp/MCUBootApp.mk
@@ -34,8 +34,14 @@
CUR_APP_PATH = $(PRJ_DIR)/$(APP_NAME)
ifneq ($(FLASH_MAP), )
+#to 'Bit_per_cnt' generation for CYW20829
+ifeq ($(PLATFORM), CYW20829)
+$(CUR_APP_PATH)/flashmap.mk:
+ $(PYTHON_PATH) scripts/flashmap.py -p $(PLATFORM) -i $(FLASH_MAP) -o $(PRJ_DIR)/platforms/cy_flash_pal/cy_flash_map.h -c $(PRJ_DIR)/policy/policy_secure.json > $(CUR_APP_PATH)/flashmap.mk
+else
$(CUR_APP_PATH)/flashmap.mk:
$(PYTHON_PATH) scripts/flashmap.py -p $(PLATFORM) -m -i $(FLASH_MAP) -o $(PRJ_DIR)/platforms/cy_flash_pal/cy_flash_map.h > $(CUR_APP_PATH)/flashmap.mk
+endif
include $(CUR_APP_PATH)/flashmap.mk
DEFINES_APP := -DCY_FLASH_MAP_JSON
endif
diff --git a/boot/cypress/MCUBootApp/MCUBootApp_CM33.ld b/boot/cypress/MCUBootApp/MCUBootApp_CM33.ld
index e98f9e5..db3671f 100644
--- a/boot/cypress/MCUBootApp/MCUBootApp_CM33.ld
+++ b/boot/cypress/MCUBootApp/MCUBootApp_CM33.ld
@@ -48,8 +48,8 @@
FLASH_START_ADDR_CBUS = 0x08000000;
RAM_START_ADDR_SAHB = 0x20000000;
RAM_START_ADDR_CBUS = 0x04000000;
-RAM_END_ADDR_SAHB = 0x20020000; /* 128K */
-RAM_END_ADDR_CBUS = 0x04020000; /* 128K */
+RAM_END_ADDR_SAHB = 0x20040000; /* 256K */
+RAM_END_ADDR_CBUS = 0x04040000; /* 256K */
FLASH_END_ADDR_SAHB = 0x60080000; /* 512K */
BOOTSTRAP_OFFSET_FLASH = 0x00000050; /* toc2=0x10, l1_desc=0x1C, sign_header=0x20, padding=0x4 (encrypted data should be aligned to 0x10 boundary) */
@@ -83,7 +83,7 @@
/* size of XIP region */
XIP_SIZE = FLASH_END_ADDR_SAHB - XIP_LMA;
/* Total size of SRAM */
-RAM_SIZE = RAM_END_ADDR_SAHB - RAM_START_ADDR_SAHB; /* 0x00020000 */
+RAM_SIZE = RAM_END_ADDR_SAHB - RAM_START_ADDR_SAHB; /* 0x00040000 */
/* Size of Bootstrap data is kept same as BOOTSTRAP_SIZE */
DATA_BS_SIZE = BOOTSTRAP_SIZE;
diff --git a/boot/cypress/MCUBootApp/main.c b/boot/cypress/MCUBootApp/main.c
index b54e7e5..8a78193 100644
--- a/boot/cypress/MCUBootApp/main.c
+++ b/boot/cypress/MCUBootApp/main.c
@@ -36,7 +36,7 @@
#if defined APP_CM0P || defined CM4
#include "cyw_platform_utils.h"
#endif /* defined APP_CM0P || defined CM4 */
-#endif /* defined CYW20829 || defined EXPLORER */
+#endif /* defined CYW20829 */
#if defined(CY_BOOT_USE_EXTERNAL_FLASH) || defined(CYW20829)
#include "flash_qspi.h"
@@ -167,7 +167,7 @@
#error "Application should run on Cortex-M33"
#endif /* APP_CM33 */
-#else /* defined CYW20829 || defined EXPLORER */
+#else /* defined CYW20829 */
#ifdef USE_XIP
BOOT_LOG_DBG("XIP: Switch to SMIF XIP mode");
diff --git a/boot/cypress/libs/cy-mbedtls-acceleration b/boot/cypress/libs/cy-mbedtls-acceleration
index b61f07e..a9a4aef 160000
--- a/boot/cypress/libs/cy-mbedtls-acceleration
+++ b/boot/cypress/libs/cy-mbedtls-acceleration
@@ -1 +1 @@
-Subproject commit b61f07e62037c00eabf60afbf048ee254bc99a1e
+Subproject commit a9a4aef9153e4890379690d8d695e96a9d864762
diff --git a/boot/cypress/libs/mtb-hal-cat1 b/boot/cypress/libs/mtb-hal-cat1
index ac09163..282ef6e 160000
--- a/boot/cypress/libs/mtb-hal-cat1
+++ b/boot/cypress/libs/mtb-hal-cat1
@@ -1 +1 @@
-Subproject commit ac0916378f819a273a44165784effed839cba95c
+Subproject commit 282ef6e565290f097e02a7afbe6dcde30c0f4028
diff --git a/boot/cypress/libs/mtb-pdl-cat1 b/boot/cypress/libs/mtb-pdl-cat1
index e851dc2..8ed7d45 160000
--- a/boot/cypress/libs/mtb-pdl-cat1
+++ b/boot/cypress/libs/mtb-pdl-cat1
@@ -1 +1 @@
-Subproject commit e851dc2c1a9f7acaf29aad83c7e65ccd48cec453
+Subproject commit 8ed7d4526dcc8d1c2efb96f7f56da8d5dc043227
diff --git a/boot/cypress/libs/retarget-io b/boot/cypress/libs/retarget-io
index a61cd7c..3072757 160000
--- a/boot/cypress/libs/retarget-io
+++ b/boot/cypress/libs/retarget-io
@@ -1 +1 @@
-Subproject commit a61cd7c5f4b2808c949248f05287c09e6578abfc
+Subproject commit 30727575b7bdd69df69d47c74e4fb56ced3633c4
diff --git a/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_start_cyw20829.c b/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_start_cyw20829.c
index 77d11a3..832ff88 100644
--- a/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_start_cyw20829.c
+++ b/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_start_cyw20829.c
@@ -37,13 +37,13 @@
#include "cmsis_compiler.h"
CY_MISRA_FP_BLOCK_START('MISRA C-2012 Rule 8.6', 3, \
-'Checked manually. The definition is a part of linker script or application.');
+'Checked manually. The definition is a part of linker script or application.')
CY_MISRA_DEVIATE_BLOCK_START('ARRAY_VS_SINGLETON', 1, \
-'Checked manually. Using pointer as an array will not corrupt or misinterpret adjacent memory locations.');
+'Checked manually. Using pointer as an array will not corrupt or misinterpret adjacent memory locations.')
CY_MISRA_DEVIATE_BLOCK_START('MISRA C-2012 Rule 18.1', 3, \
-'Checked manually. Dereferencing a pointer to one beyond the end of an array will not result in undefined behaviour.');
+'Checked manually. Dereferencing a pointer to one beyond the end of an array will not result in undefined behaviour.')
CY_MISRA_DEVIATE_BLOCK_START('MISRA C-2012 Rule 18.3', 1, \
-'Checked manually. Attempting to make comparisons between pointers will not result in undefined behaviour.');
+'Checked manually. Attempting to make comparisons between pointers will not result in undefined behaviour.')
#if defined (__ARMCC_VERSION)
extern uint32_t Region$$Table$$Base;
@@ -477,9 +477,9 @@
__PROGRAM_START();
}
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.3');
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.1');
-CY_MISRA_BLOCK_END('ARRAY_VS_SINGLETON');
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 8.6');
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.3')
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.1')
+CY_MISRA_BLOCK_END('ARRAY_VS_SINGLETON')
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 8.6')
#endif /* defined (CY_DEVICE_CYW20829) */
diff --git a/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_system_cyw20829.c b/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_system_cyw20829.c
index 2594560..2a9083d 100644
--- a/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_system_cyw20829.c
+++ b/boot/cypress/platforms/BSP/CYW20829/system/COMPONENT_CM33/ns_system_cyw20829.c
@@ -34,13 +34,13 @@
#include "cy_syspm.h"
CY_MISRA_DEVIATE_BLOCK_START('ARRAY_VS_SINGLETON', 1, \
-'Checked manually. Using pointer as an array will not corrupt or misinterpret adjacent memory locations.');
+'Checked manually. Using pointer as an array will not corrupt or misinterpret adjacent memory locations.')
CY_MISRA_DEVIATE_BLOCK_START('MISRA C-2012 Rule 18.1', 1, \
-'Checked manually. Dereferencing a pointer to one beyond the end of an array will not result in undefined behaviour.');
+'Checked manually. Dereferencing a pointer to one beyond the end of an array will not result in undefined behaviour.')
CY_MISRA_DEVIATE_BLOCK_START('MISRA C-2012 Rule 18.3', 1, \
-'Checked manually. Attempting to make comparisons between pointers will not result in undefined behaviour.');
+'Checked manually. Attempting to make comparisons between pointers will not result in undefined behaviour.')
CY_MISRA_FP_BLOCK_START('MISRA C-2012 Rule 8.6', 2, \
-'Checked manually. The definition is a part of linker script or application.');
+'Checked manually. The definition is a part of linker script or application.')
/*******************************************************************************
* SystemCoreClockUpdate()
@@ -146,6 +146,85 @@
SystemCoreClockUpdate();
}
+CY_SECTION_RAMFUNC_BEGIN
+/*******************************************************************************
+* Function Name: SystemInit_Warmboot_CAT1B_CM33
+****************************************************************************//**
+*
+* Prepares the system to work after warmboot:
+* - Intializes Vector Table
+* - Enables all the IP's through Slave Control Registers
+* - Unfreezes the IO's
+*
+*******************************************************************************/
+void SystemInit_Warmboot_CAT1B_CM33()
+{
+ SCB->VTOR = (uint32_t)__ns_vector_table_rw;
+ (void)Cy_SysClk_PeriGroupSetSlaveCtl(1, CY_SYSCLK_PERI_GROUP_SL_CTL2, 0x0U);
+ (void)Cy_SysClk_PeriGroupSetSlaveCtl(2, CY_SYSCLK_PERI_GROUP_SL_CTL2, 0x0U);
+ (void)Cy_SysClk_PeriGroupSetSlaveCtl(1, CY_SYSCLK_PERI_GROUP_SL_CTL, 0xFFFFFFFFU);
+ (void)Cy_SysClk_PeriGroupSetSlaveCtl(2, CY_SYSCLK_PERI_GROUP_SL_CTL, 0xFFFFFFFFU);
+ (void)Cy_SysClk_PeriGroupSetSlaveCtl(3, CY_SYSCLK_PERI_GROUP_SL_CTL, 0xFFFFFFFFU);
+
+ if (Cy_SysPm_DeepSleepIoIsFrozen())
+ {
+ Cy_SysPm_DeepSleepIoUnfreeze();
+ }
+}
+CY_SECTION_RAMFUNC_END
+
+#define CY_NVIC_REG_COUNT 3U
+#define CY_NVIC_IPR_REG_COUNT 69U
+
+uint32_t nvicStoreRestore[CY_NVIC_REG_COUNT];
+uint32_t nvicIPRStoreRestore[CY_NVIC_IPR_REG_COUNT];
+uint32_t scbSHPR3StoreRestore;
+#define SCB_SHPR3_REG ( *( ( volatile uint32_t * ) 0xe000ed20 ) )
+
+/*******************************************************************************
+* Function Name: System_Store_NVIC_Reg
+****************************************************************************//**
+*
+* Stores the NVIC register before Deepsleep RAM:
+*
+*******************************************************************************/
+void System_Store_NVIC_Reg(void)
+{
+ for (uint32_t idx = 0; idx < CY_NVIC_REG_COUNT; idx++)
+ {
+ nvicStoreRestore[idx] = NVIC->ISER[idx];
+ }
+
+ for (uint32_t idx = 0; idx < CY_NVIC_IPR_REG_COUNT; idx++)
+ {
+ nvicIPRStoreRestore[idx] = NVIC->IPR[idx];
+ }
+
+ scbSHPR3StoreRestore = SCB_SHPR3_REG;
+}
+
+
+/*******************************************************************************
+* Function Name: System_Restore_NVIC_Reg
+****************************************************************************//**
+*
+* Restores the NVIC register After Deepsleep RAM Wakeup i.e. Warmboot:
+*
+*******************************************************************************/
+void System_Restore_NVIC_Reg(void)
+{
+ for (uint32_t idx = 0; idx < CY_NVIC_REG_COUNT; idx++)
+ {
+ NVIC->ISER[idx] = nvicStoreRestore[idx];
+ }
+
+ for (uint32_t idx = 0; idx < CY_NVIC_IPR_REG_COUNT; idx++)
+ {
+ NVIC->IPR[idx] = nvicIPRStoreRestore[idx];
+ }
+
+ SCB_SHPR3_REG = scbSHPR3StoreRestore;
+}
void SystemInit(void)
{
SystemInit_CAT1B_CM33();
@@ -202,10 +281,10 @@
cy_AhbFreqHz = Cy_SysClk_ClkHfGetFrequency(0UL);
}
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 8.6');
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.3');
-CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.1');
-CY_MISRA_BLOCK_END('ARRAY_VS_SINGLETON');
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 8.6')
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.3')
+CY_MISRA_BLOCK_END('MISRA C-2012 Rule 18.1')
+CY_MISRA_BLOCK_END('ARRAY_VS_SINGLETON')
#endif /* defined (CY_DEVICE_CYW20829) */
/* [] END OF FILE */
diff --git a/boot/cypress/platforms/BSP/CYW20829/system/startup_cat1b.h b/boot/cypress/platforms/BSP/CYW20829/system/startup_cat1b.h
index 9bd6e46..953b5a1 100644
--- a/boot/cypress/platforms/BSP/CYW20829/system/startup_cat1b.h
+++ b/boot/cypress/platforms/BSP/CYW20829/system/startup_cat1b.h
@@ -27,10 +27,6 @@
#ifndef STARTUP_CAT1B_H_
#define STARTUP_CAT1B_H_
-#if defined (CY_DEVICE_CYW20829) /* Declarations for CYW20829 */
-
-#include "cyw20829_config.h"
-
#define CM33_FIXED_EXP_NR (15u)
#define VECTORTABLE_SIZE (MXCM33_SYSTEM_INT_NR + CM33_FIXED_EXP_NR + 1u) /* +1 is for Stack pointer */
#define VECTORTABLE_ALIGN (512) /* alignment for 85 entries (85x4=340) is 512 bytes */
@@ -54,7 +50,6 @@
#error "An unsupported toolchain"
#endif /* (__ARMCC_VERSION) */
extern ExecFuncPtr __ns_vector_table[]; /**< Non-secure vector table in non-secure SRAM */
-#endif /* CY_DEVICE_CYW20829 */
#endif /* STARTUP_CAT1B_H_ */
diff --git a/boot/cypress/platforms/BSP/CYW20829/system/system_cyw20829.h b/boot/cypress/platforms/BSP/CYW20829/system/system_cyw20829.h
index b422865..f136e81 100644
--- a/boot/cypress/platforms/BSP/CYW20829/system/system_cyw20829.h
+++ b/boot/cypress/platforms/BSP/CYW20829/system/system_cyw20829.h
@@ -272,6 +272,9 @@
/** \cond */
void SystemInit(void);
+void SystemInit_Warmboot_CAT1B_CM33(void);
+void System_Store_NVIC_Reg(void);
+void System_Restore_NVIC_Reg(void);
extern void SystemCoreClockUpdate(void);
extern void Cy_SystemInit(void);
diff --git a/boot/cypress/platforms/CYW20829.md b/boot/cypress/platforms/CYW20829.md
index 420d337..79694e9 100644
--- a/boot/cypress/platforms/CYW20829.md
+++ b/boot/cypress/platforms/CYW20829.md
@@ -116,19 +116,43 @@
"reprovisioning":
{
"nv_counter": {
- "description": "Anti-rollback counter (supports up to 32 updates)",
- "value": 0
+ "description": "Anti-rollback counter. Each item of the 'value' array defines counter for each next application. Each 'bits_per_cnt' item defines number of bits for the next application counter (total bits number 32). IMPORTANT: 'bits_per_cnt' in the provisioning and reprovisioning policy files MUST BE the same",
+ "value": [0],
+ "bits_per_cnt": [32]
},
-If the `nv_counter` value is left untouched, any image with counters higher than 0 and less than (or equal to) 32 can be programmed into the chip.
+or
+
+ "reprovisioning":
+ {
+ "nv_counter": {
+ "description": "Anti-rollback counter. Each item of the 'value' array defines counter for each next application. Each 'bits_per_cnt' item defines number of bits for the next application counter (total bits number 32). IMPORTANT: 'bits_per_cnt' in the provisioning and reprovisioning policy files MUST BE the same",
+ "value": [0, 0],
+ "bits_per_cnt": [24, 8]
+ },
+
+for multi-image case (2 images).
+
+If the `nv_counter` value is left untouched, any image with counters higher than 0 and less than value defined by `bits_per_cnt` (or equal to) can be programmed into the chip.
+
+`bits_per_cnt` also defines a distribution of eFuse among images in system. For example, in first case MCUBootApp is considered to be single image configuration with all 32 available eFuses dedicated to this one image.
+
+In second case MCUBootApp is considered to be multi-image configuration with 2 images. 24 bits of 32 available eFuses are dedicated to image id 1, and 8 bits to image id 2.
+
+This distribusion can be changed by user at initial provisioning stage and SHOULD NOT be changed at later reprovisioning stages.
+
+`"value": [2, 3]` filed sets corresponding value for image ids. Here `4` would be assigned to image id `1` and `5` to image id `2`.
+
If the `nv_counter` value is encreased in `policy/policy_secure.json` at the provisioning stage, the `nv_counter` value in `policy/policy_reprovisioning_secure.json` must start from the value not less than the value in `policy/policy_secure.json` file.
More details about provisioning and reprovisioning processes you can find in [README_CYW20829.md](https://github.com/Infineon/cysecuretools/blob/master/docs/README_CYW20829.md#command-provision-device)
-When preparing an image for MCUBootApp with the rollback counter support, the `cysecuretools` sign it with `policy/policy_secure.json` in the post-build stage of 'make'. The `nv_counter` value remains the same as one in the chip or sets higher. When `cysecuretools` signs an image, it places the `nv-counter` value and the reprovisioning packet in TLVs with tags 0x50 (plain value of the counter) and 0x51 (reprovisioning packet). MCUBootApp then parses these tags and compares the value supplied with the image against the one stored in the Efuse counter.
+When preparing an image for MCUBootApp with the rollback counter support, the `cysecuretools` signs it with `policy/policy_secure.json` in the post-build stage of `make`. The `nv_counter` value remains the same as one in the chip or sets higher. When `cysecuretools` signs an image, it places the `nv-counter` value and the reprovisioning packet in TLVs with tags 0x50 (bit mask representation of the counter) and 0x51 (reprovisioning packet). MCUBootApp then parses these tags and compares the value supplied with the image against the one stored in the Efuse counter.
+
+If image counter value is set to higher then defined for this image by `bits_per_cnt` filed in policy, for example, image id 1 is provisioned to have 16 bits for its counter, but image programmed has nv counter value of 20 embedded in TLVs - MCUBootApp would discard it as invalid.
### Building MCUBootApp and BlinkyApp with rollback protection
-Examples of the build command with the rollback counter support for a single image and 'Overwride' mode:
+Examples of the build command with the rollback counter support for a `single image` and **OVERWRITE** mode:
for MCUBootApp:
make clean app APP_NAME=MCUBootApp PLATFORM=CYW20829 APP_DEFAULT_POLICY=./policy/policy_secure.json BUILDCFG=Debug FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single.json LCS=SECURE
@@ -136,11 +160,11 @@
for BlinkyApp with TLVs containing rollback counter data:
- BOOT slot:
- make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single.json
+ make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single.json
- UPGRADE slot:
- make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single.json
+ make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single.json
#### NV-counter update
@@ -190,11 +214,9 @@
**Multi-image case**
-Since there is only one physical security counter available on `CYW20829` in a multi-image use case, all images in the system should have the same value of security counter.
+See **Rollback protection Support** section for description.
-For example, two images are programmed to their corresponding BOOT slots with a security counter value of 2. The value of the security counter stored in the chip is also 2. In case one of the images requires an update and its value of the security counter is increased to 3 - the second image should also be updated with a counter value of 3. This is required because `BootROM` will update the security image counter stored in the chip to 3 per first upgrade image. After that - the second image would become invalid since it still contains a security counter of 2. These restrictions will be removed in the release of MCUBoot version 1.8.3.
-
-Examples of the build command with the rollback counter support for the multi-image case, swap mode:
+Examples of the build command with the rollback counter support for the `multi-image case`, **SWAP** upgrade mode:
for MCUBootApp:
@@ -203,18 +225,18 @@
for BlinkyApp with TLVs containing rollback counter data:
- BOOT slot, IMG_ID=1:
- make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=1
+ make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=1
- UPGRADE slot, IMG_ID=1:
- make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=1
+ make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=1
- BOOT slot, IMG_ID=2:
- make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=2
+ make clean_boot app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=BOOT APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=2
- UPGRADE slot, IMG_ID=2:
- make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=2
+ make clean_upgrade app APP_NAME=BlinkyApp PLATFORM=CYW20829 IMG_TYPE=UPGRADE APP_DEFAULT_POLICY=./policy/policy_reprovisioning_secure.json FLASH_MAP=platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2.json IMG_ID=2
**Attention!** Don't omit `clean_boot` and `clean_upgrade` to avoid any issues!
diff --git a/boot/cypress/platforms/CYW20829.mk b/boot/cypress/platforms/CYW20829.mk
index 727a83b..d72f804 100644
--- a/boot/cypress/platforms/CYW20829.mk
+++ b/boot/cypress/platforms/CYW20829.mk
@@ -36,7 +36,7 @@
# MCU device selection, based on target device.
# Default chips are used for supported platforms
# This can be redefined in case of other chip usage
-DEVICE ?= CYW20829A0LKML
+DEVICE ?= CYW20829B0LKML
# If PSVP build is required
ifeq ($(CYW20829_PSVP), 1)
SERVICE_APP_PLATFORM_SUFFIX := _psvp
@@ -196,7 +196,8 @@
PLATFORM_DEFAULT_IMG_VER_ARG ?= 1.0.0
-PLATFORM_SIGN_ARGS := --image-format $(SIGN_TYPE) -i $(OUT_CFG)/$(APP_NAME).final.bin -o $(OUT_CFG)/$(APP_NAME)$(UPGRADE_SUFFIX).bin --key-path $(PRJ_DIR)/keys/cypress-test-ec-p256.pem --update-key-path $(PRJ_DIR)/keys/priv_oem_0.pem --slot-size $(SLOT_SIZE) --align 1
+SIGN_IMG_ID = $(shell expr $(IMG_ID) - 1)
+PLATFORM_SIGN_ARGS := --image-format $(SIGN_TYPE) -i $(OUT_CFG)/$(APP_NAME).final.bin -o $(OUT_CFG)/$(APP_NAME)$(UPGRADE_SUFFIX).bin --key-path $(PRJ_DIR)/keys/cypress-test-ec-p256.pem --update-key-path $(PRJ_DIR)/keys/priv_oem_0.pem --slot-size $(SLOT_SIZE) --align 1 --image-id $(SIGN_IMG_ID)
# Use encryption and random initial vector for image
ifeq ($(ENC_IMG), 1)
@@ -210,6 +211,8 @@
$(info [TOC2_Generate] - Execute toc2 generator script for $(APP_NAME))
$(shell $(PRJ_DIR)/run_toc2_generator.sh $(LCS) $(OUT_CFG) $(APP_NAME) $(APPTYPE) $(PRJ_DIR) $(SMIF_CRYPTO_CONFIG) $(TOOLCHAIN_PATH))
+ $(info SIGN_ARGS <-> $(SIGN_ARGS))
+
$(shell cysecuretools -q -t cyw20829 -p $(APP_DEFAULT_POLICY) sign-image $(SIGN_ARGS))
$(GCC_PATH)/bin/arm-none-eabi-objcopy --change-address=$(HEADER_OFFSET) -I binary -O ihex $(OUT_CFG)/$(APP_NAME)$(UPGRADE_SUFFIX).bin $(OUT_CFG)/$(APP_NAME)$(UPGRADE_SUFFIX).hex
diff --git a/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/cy_flash_map.c b/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/cy_flash_map.c
index 21b9e60..3ea5773 100644
--- a/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/cy_flash_map.c
+++ b/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/cy_flash_map.c
@@ -37,6 +37,13 @@
#include "bootutil/bootutil_public.h"
#include "cy_flash.h"
+
+#ifdef NEED_MAX_COUNTERS
+#undef NEED_MAX_COUNTERS
+#endif
+
+#define NEED_FLASH_MAP /*must be before "cy_flash_map.h"*/
+
#include "cy_flash_map.h"
#include "cy_smif_cyw20829.h"
diff --git a/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_swap_shared_psvp.json b/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_swap_shared_psvp.json
deleted file mode 100644
index 40593c3..0000000
--- a/boot/cypress/platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_swap_shared_psvp.json
+++ /dev/null
@@ -1,81 +0,0 @@
-{
- "external_flash": [
- {
- "model": "FM25W04",
- "mode": "XIP"
- }
- ],
- "boot_and_upgrade":
- {
- "bootloader": {
- "address": {
- "description": "Address of the bootloader",
- "value": "0x60000000"
- },
- "size": {
- "description": "Size of the bootloader",
- "value": "0x20000"
- },
- "scratch_address": {
- "description": "Address of the scratch area",
- "value": "0x6007E000"
- },
- "scratch_size": {
- "description": "Size of the scratch area",
- "value": "0x2000"
- },
- "status_address": {
- "description": "Address of the swap status partition",
- "value": "0x6005C000"
- },
- "status_size": {
- "description": "Size of the swap status partition",
- "value": "0x1C000"
- }
- },
- "application_1": {
- "address": {
- "description": "Address of the application primary slot",
- "value": "0x60020000"
- },
- "size": {
- "description": "Size of the application primary slot",
- "value": "0x10000"
- },
- "shared_slot": {
- "description": "Using shared secondary slot",
- "value": true
- },
- "upgrade_address": {
- "description": "Address of the application secondary slot",
- "value": "0x60040000"
- },
- "upgrade_size": {
- "description": "Size of the application secondary slot",
- "value": "0x10000"
- }
- },
- "application_2": {
- "address": {
- "description": "Address of the application primary slot",
- "value": "0x60030000"
- },
- "size": {
- "description": "Size of the application primary slot",
- "value": "0x10000"
- },
- "shared_slot": {
- "description": "Using shared secondary slot",
- "value": true
- },
- "upgrade_address": {
- "description": "Address of the application secondary slot",
- "value": "0x60041000"
- },
- "upgrade_size": {
- "description": "Size of the application secondary slot",
- "value": "0x10000"
- }
- }
- }
-}
\ No newline at end of file
diff --git a/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.c b/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.c
index d0a86a9..c460034 100644
--- a/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.c
+++ b/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.c
@@ -16,7 +16,7 @@
*/
#include <stdint.h>
-
+#include "bootutil/bootutil_log.h"
#include "cy_security_cnt_platform.h"
#include "cy_service_app.h"
#include "sysflash/sysflash.h"
@@ -24,49 +24,123 @@
#if defined MCUBOOT_HW_ROLLBACK_PROT
+#ifdef NEED_FLASH_MAP
+#undef NEED_FLASH_MAP
+#endif
+
+#define NEED_MAX_COUNTERS
+#include "cy_flash_map.h"
+
#define TEST_BIT(var, pos) (0U != ((var) & (1UL << (pos))))
#define NV_COUNTER_EFUSE_OFFSET 0x60
-/**
- * Efuse stores nv counter value as a consequent bits. This means
- * NV counter set to 5 in policy would be written as 0x1F. This function
- * converts efuse value to integer value.
- *
- * @param val Value of security counter from which came from efuse
- * which needs to converted in a number
- *
- * @return Security counter value in number form encoded in complex type on success;
- * FIH_FAILURE on failure.
- */
-static fih_uint convert_efuse_val(fih_uint val)
+static uint8_t get_array_member(uint32_t image_id)
{
- uint32_t i = 0U;
- uint32_t j = MAX_SEC_COUNTER_VAL - 1U;
+ uint8_t start_bit_for_image_id = 0;
+ uint32_t arr_size = sizeof(bits_per_cnt)/sizeof(bits_per_cnt[0]);
- while (TEST_BIT(fih_uint_decode(val), i++)) {
- j--;
+ for (uint32_t j = 0; j < image_id && j < arr_size; ++j) {
+ start_bit_for_image_id += bits_per_cnt[j];
}
- if ((MAX_SEC_COUNTER_VAL - j) == i) {
- return fih_uint_encode(i - 1U);
+ return start_bit_for_image_id;
+}
+
+static fih_uint counter_extract(uint32_t image_id, fih_uint nv_counter)
+{
+ uint32_t res = 0U;
+ uint8_t start_bit_for_image_id = get_array_member(image_id);
+ uint8_t bits_for_current_image = bits_per_cnt[image_id];
+
+ while (TEST_BIT(fih_uint_decode(nv_counter), start_bit_for_image_id) &&
+ bits_for_current_image != 0U)
+ {
+ ++res;
+ ++start_bit_for_image_id;
+ --bits_for_current_image;
}
- else {
- return (fih_uint)FIH_FAILURE;
- }
+
+ return fih_uint_encode(res);
}
/**
- * Reads a data corresponding to security counter which is stored in
- * efuses of chip and converts it actual value of security counter
+ * Extracts security counter for the desired image from full NV
+ * counter and converts it to integer value.
+ * Efuse stores nv counter value as a consequent bits. This means
+ * NV counter set to 5 in policy would be written as 0x1F.
+ * Only one security counter is available in system. Maximum value is 32.
+ * Since more than one image can be used, 32 bits of NV counter are divided into
+ * number of images (it's on a user decision how many bits for each image).
*
- * @param security_cnt Pointer to a variable, where security counter value would be stored
+ * @param image_id Index of the image (from 0)
*
- * @return FIH_SUCESS on success; FIH_FAILURE on failure.
+ * @param nv_counter Full security counter to get specific efuse value for desired image
+ *
+ * @param extracted_img_cnt Pointer to a variable, where extracted counter for the 'image_id'
+ * would be stored
+ *
+ * @return FIH_FAILURE on failure, otherwise FIH_SUCCESS.
+ *
*/
-fih_int platform_security_counter_get(fih_uint *security_cnt) {
+fih_int platform_security_counter_check_extract(uint32_t image_id, fih_uint nv_counter, fih_uint *extracted_img_cnt)
+{
fih_int fih_ret = FIH_FAILURE;
+ uint32_t arr_size = sizeof(bits_per_cnt)/sizeof(bits_per_cnt[0]);
+
+ if (image_id > (arr_size-1U)) {
+ BOOT_LOG_ERR("Incorrect input parameter Image ID");
+ FIH_RET(fih_ret);
+ }
+
+ uint8_t start_bit_for_image_id = get_array_member(image_id);
+ uint8_t bits_for_current_image = bits_per_cnt[image_id];
+ uint32_t bit_mask_to_check_others_images = 0U;
+
+ /* Check if full NV-counter has any bits of others image_id */
+ /* Set up the number of bits equal to bits_for_current_image */
+ for (uint32_t j = 0; j < bits_for_current_image; ++j)
+ {
+ bit_mask_to_check_others_images <<= 1U;
+ bit_mask_to_check_others_images |= 1U;
+ }
+ /* Move bit_mask_to_check_others_images at place for image_id */
+ bit_mask_to_check_others_images <<= start_bit_for_image_id;
+
+ /* Return an error if recieved full NV-counter has any bits of others image_id */
+ if( !(~bit_mask_to_check_others_images & fih_uint_decode(nv_counter)) )
+ {
+ /* Extract number of set bits from full NV-counter in the upgrade image */
+ *extracted_img_cnt = counter_extract(image_id, nv_counter);
+
+ fih_ret = FIH_SUCCESS;
+ }
+
+ FIH_RET(fih_ret);
+}
+
+/**
+ * Reads the security counter data from chip's EFUSEs and converts it to the actual value of
+ * security counter for each image.
+ *
+ * @param image_id The image number for which you want to get a security counter,
+ * saved in EFUSE
+ * @param security_cnt Pointer to a variable, where security counter value for the 'image_id'
+ * would be stored
+ *
+ * @return FIH_SUCESS on success; FIH_FAILURE on failure.
+ */
+fih_int platform_security_counter_get(uint32_t image_id, fih_uint *security_cnt) {
+
+ fih_int fih_ret = FIH_FAILURE;
+ uint32_t arr_size = sizeof(bits_per_cnt)/sizeof(bits_per_cnt[0]);
+
+ if (image_id > (arr_size-1U)) {
+ BOOT_LOG_ERR("Incorrect input parameter Image ID");
+ FIH_RET(fih_ret);
+ }
+
cy_en_efuse_status_t efuse_stat = CY_EFUSE_ERR_UNC;
uint32_t nv_counter = 0;
fih_uint nv_counter_secure = (fih_uint)FIH_FAILURE;
@@ -88,9 +162,9 @@
if (fih_uint_eq(nv_counter_secure, fih_uint_encode(nv_counter))) {
- *security_cnt = convert_efuse_val(nv_counter);
- fih_ret = FIH_SUCCESS;
+ *security_cnt = counter_extract(image_id, nv_counter);
+ fih_ret = FIH_SUCCESS;
}
}
@@ -102,34 +176,43 @@
}
/**
- * Updates the stored value of a given image's security counter with a new
+ * Updates the stored value of a given security counter with a new
* security counter value if the new one is greater.
+ * Only one security counter is available in system. Maximum value is 32.
+ * Since more than one image can be used, 32 bits of NV counter are divided into
+ * number of images (it's on a user decision how many bits for each image).
*
- * @param reprov_packet Pointer to a reprovisioning packet containing NV counter.
- * @param packet_len Length of a packet
- * @param img_security_cnt Security counter value of image
- *
+ * @param image_id The image number for which you want to get a security counter,
+ * saved in EFUSE (from 0)
+ * @param img_security_cnt Full new NV security counter
+ * @param reprov_packet Pointer to a reprovisioning packet containing new NV counter.
* @return 0 on success; nonzero on failure.
*/
-int32_t platform_security_counter_update(uint32_t img_security_cnt, uint8_t * reprov_packet)
+int32_t platform_security_counter_update(uint32_t image_id, uint32_t img_security_cnt, uint8_t * reprov_packet)
{
int32_t rc = -1;
- fih_uint security_cnt = (fih_uint) FIH_FAILURE;
fih_int fih_rc = FIH_FAILURE;
+ fih_uint efuse_img_counter = (fih_uint)FIH_FAILURE;
+ fih_uint packet_img_counter = counter_extract(image_id, img_security_cnt);
/* Read value of security counter stored in chips efuses.
* Only one security counter is available in system. Maximum value is 32.
*/
- FIH_CALL(platform_security_counter_get, fih_rc, &security_cnt);
+ FIH_CALL(platform_security_counter_get, fih_rc, image_id, &efuse_img_counter);
- if (true == fih_eq(fih_rc, FIH_SUCCESS)) {
+ if (FIH_TRUE == fih_eq(fih_rc, FIH_SUCCESS)) {
/* Compare the new image's security counter value against the
- * stored security counter value.
+ * stored security counter value for that image index.
*/
- if ( (img_security_cnt > fih_uint_decode(security_cnt)) &&
- (img_security_cnt <= MAX_SEC_COUNTER_VAL) ) {
-
+
+ BOOT_LOG_DBG("image_id = %u, packet_img_counter = %u, efuse_img_counter = %u \n",
+ image_id, packet_img_counter, fih_uint_decode(efuse_img_counter));
+
+ if ((packet_img_counter > fih_uint_decode(efuse_img_counter)) &&
+ (packet_img_counter <= MAX_SEC_COUNTER_VAL)) {
+
+ BOOT_LOG_INF("service_app is called\n", __func__ );
/* Attention: This function initiates system reset */
call_service_app(reprov_packet);
/* Runtime should never get here. Panic statement added to secure
diff --git a/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.h b/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.h
index 578e689..c64eadd 100644
--- a/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.h
+++ b/boot/cypress/platforms/security_counter/CYW20829/cy_security_cnt_platform.h
@@ -23,25 +23,55 @@
#define MAX_SEC_COUNTER_VAL (32U)
/**
- * Reads a data corresponding to security counter which is stored in
- * efuses of chip and converts it actual value of security conter
- *
- * @param security_cnt Pointer to a variable, where security conter value would be stored
+ * Reads the security counter data from chip's EFUSEs and converts it to the actual value of
+ * security counter for each image.
+ *
+ * @param image_id The image number for which you want to get a security counter,
+ * saved in EFUSE (from 0)
+ * @param security_cnt Pointer to a variable, where security conter value would be stored
*
* @return FIH_SUCESS on success; FIH_FAILURE on failure.
*/
-fih_int platform_security_counter_get(fih_uint *security_cnt);
+fih_int platform_security_counter_get(uint32_t image_id, fih_uint *security_cnt);
+
/**
* Updates the stored value of a given image's security counter with a new
- * security counter value if the new one is greater.
+ * security counter value if the new one is greater.
+ * Only one security counter is available in system. Maximum value is 32.
+ * Since more than one image can be used, 32 bits of NV counter are divided into
+ * number of images (it's on a user decision how many bits for each image).
*
+ * @param image_id The image number for which you want to get a security counter,
+ * saved in EFUSE (from 0)
+ * @param img_security_cnt Security counter value of image: appropriated bit array inside of 32bits
* @param reprov_packet Pointer to a reprovisioning packet containing NV counter.
- * @param packet_len Length of a packet
- * @param img_security_cnt Security conter value of image
- *
* @return 0 on success; nonzero on failure.
*/
-int32_t platform_security_counter_update(uint32_t img_security_cnt, uint8_t * reprov_packet);
+
+int32_t platform_security_counter_update(uint32_t image_id, uint32_t img_security_cnt, uint8_t * reprov_packet);
+
+
+/**
+ * Extracts security counter for the desired image from full NV
+ * counter and converts it to integer value.
+ * Efuse stores nv counter value as a consequent bits. This means
+ * NV counter set to 5 in policy would be written as 0x1F.
+ * Only one security counter is available in system. Maximum value is 32.
+ * Since more than one image can be used, 32 bits of NV counter are divided into
+ * number of images (it's on a user decision how many bits for each image).
+ *
+ * @param image_id Index of the image (from 0)
+ *
+ * @param nv_counter Full security counter to get specific efuse value for desired image
+ *
+ * @param extracted_img_cnt Pointer to a variable, where extracted counter for the 'image_id'
+ * would be stored
+ *
+ * @return FIH_FAILURE on failure, otherwise FIH_SUCCESS.
+ *
+ */
+
+fih_int platform_security_counter_check_extract(uint32_t image_id, fih_uint nv_counter, fih_uint *extracted_img_cnt);
#endif /* CY_SECURITY_CNT_PLATFORM_H */
diff --git a/boot/cypress/platforms/security_counter/cy_security_cnt.c b/boot/cypress/platforms/security_counter/cy_security_cnt.c
index 56b92a4..17ede62 100644
--- a/boot/cypress/platforms/security_counter/cy_security_cnt.c
+++ b/boot/cypress/platforms/security_counter/cy_security_cnt.c
@@ -31,11 +31,10 @@
fih_int
boot_nv_security_counter_get(uint32_t image_id, fih_uint *security_cnt)
{
- (void)image_id;
fih_int fih_ret = FIH_FAILURE;
if (NULL != security_cnt) {
- FIH_CALL(platform_security_counter_get, fih_ret, security_cnt);
+ FIH_CALL(platform_security_counter_get, fih_ret, image_id, security_cnt);
}
FIH_RET(fih_ret);
@@ -44,9 +43,8 @@
int32_t
boot_nv_security_counter_update(uint32_t image_id, uint32_t img_security_cnt, void * custom_data)
{
- (void)image_id;
- int32_t rc = platform_security_counter_update(img_security_cnt, (uint8_t *)custom_data);
+ int32_t rc = platform_security_counter_update(image_id, img_security_cnt, (uint8_t *)custom_data);
/* Do nothing. */
return rc;
diff --git a/boot/cypress/scripts/find_cysectools.py b/boot/cypress/scripts/find_cysectools.py
index 7bea0fc..9aae88e 100644
--- a/boot/cypress/scripts/find_cysectools.py
+++ b/boot/cypress/scripts/find_cysectools.py
@@ -17,7 +17,7 @@
import subprocess
import sys
-package = 'cysecuretools'
+package = 'cysecuretools'
def find_cysectools(package_name):
diff --git a/boot/cypress/scripts/flashmap.py b/boot/cypress/scripts/flashmap.py
index 0cb0805..856e430 100644
--- a/boot/cypress/scripts/flashmap.py
+++ b/boot/cypress/scripts/flashmap.py
@@ -435,10 +435,14 @@
try:
with open(params.out_file, "w", encoding='UTF-8') as out_f:
out_f.write('/* AUTO-GENERATED FILE, DO NOT EDIT.'
- ' ALL CHANGES WILL BE LOST! */\n\n'
- '#ifndef CY_FLASH_MAP_H\n#define CY_FLASH_MAP_H\n')
- out_f.write(f'\n/* Platform: {params.plat_id} */\n')
- out_f.write(f'\nstatic struct flash_area {c_array}[] = {{\n')
+ ' ALL CHANGES WILL BE LOST! */\n')
+ out_f.write(f'/* Platform: {params.plat_id} */\n')
+ out_f.write("#ifndef CY_FLASH_MAP_H\n")
+ out_f.write("#define CY_FLASH_MAP_H\n\n")
+
+ if self.plat.get('bitsPerCnt'):
+ out_f.write('#ifdef NEED_FLASH_MAP\n')
+ out_f.write(f'static struct flash_area {c_array}[] = {{\n')
comma = len(self.areas)
area_count = 0
for area in self.areas:
@@ -458,7 +462,21 @@
'struct flash_area *boot_area_descs[] = {\n')
for area_index in range(area_count):
out_f.write(f' &{c_array}[{area_index}U],\n')
- out_f.write(' NULL\n};\n\n#endif /* CY_FLASH_MAP_H */\n')
+ out_f.write(' NULL\n};\n')
+
+ if self.plat.get('bitsPerCnt'):
+ out_f.write('#endif /* NEED_FLASH_MAP */\n')
+ out_f.close()
+
+ # inserted here to fix misra 'header guard'
+ list_counters = process_policy_20829(params.policy)
+ if list_counters is not None:
+ form_max_counter_array(list_counters, params.out_file)
+ with open(params.out_file, "a", encoding='UTF-8') as out_f:
+ out_f.write("#endif /* CY_FLASH_MAP_H */\n")
+ else:
+ out_f.write("#endif /* CY_FLASH_MAP_H */\n")
+
except (FileNotFoundError, OSError):
print('Cannot create', params.out_file, file=sys.stderr)
sys.exit(4)
@@ -684,6 +702,83 @@
return app_core, app_count, slot_sectors_max, apps_flash_map, any_shared
+def process_policy_20829(in_policy):
+ """Process policy file to get data of NV-counter"""
+ list_counters = None
+
+ try:
+ with open(in_policy, encoding='UTF-8') as in_f:
+ try:
+ policy = json.load(in_f)
+ except ValueError:
+ print('\nERROR: Cannot parse', in_policy,'\n', file=sys.stderr)
+ sys.exit(4)
+ finally:
+ in_f.close()
+ except (FileNotFoundError, OSError):
+ print('Cannot open', in_policy, file=sys.stderr)
+ sys.exit(4)
+
+ try:
+ nv_cnt = policy["device_policy"]['reprovisioning']['nv_counter']
+ list_values = nv_cnt["value"]
+ list_counters = nv_cnt["bits_per_cnt"]
+ except KeyError:
+ print("\nERROR: Check path to 'nv_counter' and its correctness in policy file", in_policy,
+ ".\n", file=sys.stderr)
+ sys.exit(2)
+
+ #Check correctness of NV-counter
+ try:
+ len_list_value = len(list_values)
+ len_list_counters = len(list_counters)
+ except TypeError:
+ print("\nERROR: Fields 'value' and 'bits_per_cnt' of 'nv_counter' in policy file",
+ in_policy,"must be arrays.\n", file=sys.stderr)
+ sys.exit(2)
+
+ if len_list_value != len_list_counters:
+ print("\nERROR: Fields 'value' and 'bits_per_cnt' of 'nv_counter' in policy file",
+ in_policy,"must have the same size.\n", file=sys.stderr)
+ sys.exit(2)
+
+ sum_all_counters = 0
+ for i in range(len_list_value):
+ sum_all_counters += list_counters[i]
+ if list_values[i] > list_counters[i]:
+ print("\nERROR: Field 'value' cannot be more then 'bits_per_cnt'.", file=sys.stderr)
+ print("Check 'nv_counter' in policy file", in_policy,"\n", file=sys.stderr)
+ sys.exit(2)
+
+ sum_all_bit_nv_counter = 32
+ if sum_all_counters != sum_all_bit_nv_counter:
+ print("\nERROR: The sum of all 'bits_per_cnt' must be equal to 32.", file=sys.stderr)
+ print("Check 'nv_counter' in policy file", in_policy,"\n", file=sys.stderr)
+ sys.exit(2)
+
+ return list_counters
+
+
+def form_max_counter_array(in_list, out_file):
+ '''Write bit_per_count array to output file
+ There is expected, that "out_file" already exists'''
+
+ out_array_str = "\n#ifdef NEED_MAX_COUNTERS\nstatic const uint8_t bits_per_cnt[] = {"
+
+ #in_list is checked in prior function 'process_policy()'
+ for i, list_member in enumerate(in_list):
+ out_array_str += str(list_member)
+ if i < len(in_list) - 1:
+ out_array_str += ", "
+ out_array_str += "};\n#endif\n"
+
+ try:
+ with open(out_file, "a", encoding='UTF-8') as out_f:
+ out_f.write(out_array_str)
+ except (FileNotFoundError, OSError):
+ print('\nERROR: Cannot open ', out_file, file=sys.stderr)
+ sys.exit(7)
+
def main():
"""Flash map converter"""
@@ -782,6 +877,19 @@
'FLASH_AREA_IMAGE_SCRATCH',
scratch.fa_addr, scratch.fa_size)
+ # Compare size 'bit_per_cnt' and number of images.
+ # 'service_app' is used only when HW rollback counter exists
+ if plat.get('bitsPerCnt') is not None and service_app is not None:
+ plat['bitsPerCnt'] = True
+ list_counters = process_policy_20829(params.policy)
+ if list_counters is not None and len(list_counters) != app_count:
+ print("\nERROR: 'bits_per_cnt' must be present for each image!",
+ file=sys.stderr)
+ print("Please, check secure provisioning and reprovisioning policies.\n",
+ file=sys.stderr)
+ sys.exit(7)
+
+
# Image id parameter is not used for MCUBootApp
if params.img_id is None:
area_list.generate_c_source(params)
diff --git a/boot/cypress/scripts/github_pr_cleaner.py b/boot/cypress/scripts/github_pr_cleaner.py
deleted file mode 100644
index df221f0..0000000
--- a/boot/cypress/scripts/github_pr_cleaner.py
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/usr/bin/env python
-
-import shutil
-from os import remove
-from sys import argv
-
-shutil.rmtree('../cppcheck')
-shutil.rmtree('../coverity')
-shutil.rmtree('../manifests')
-remove('../../../.gitlab-ci.yml')
-remove('../BlinkyApp/BlinkyApp_CM4_Debug.launch')
-remove('../MCUBootApp/MCUBootApp_CM0P_Debug.launch')
-remove('../MCUBootApp/MCUBootApp_CYW20829_Debug.launch')
-remove('./cppcheck.sh')
-remove('./cppcheck-htmlreport.py')
-remove('./rbc_policy_and_cert_revision_modify.py')
-remove('../platforms/BSP/CYW20829/cyw20829_psvp.h')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_swap_single_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_swap_multi2_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_overwrite_single_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/cyw20829_xip_overwrite_multi2_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_single_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_swap_multi2_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_single_psvp.json')
-remove('../platforms/cy_flash_pal/flash_cyw20829/flashmap/hw_rollback_prot/cyw20829_xip_overwrite_multi2_psvp.json')
-remove(argv[0])
-
-print('Cleanup complete')