TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 63eb4566d01652346e3da7d2cd36b451907c0b85
commit63eb4566d01652346e3da7d2cd36b451907c0b85[log] [tgz]
authorDavid Vincze <david.vincze@arm.com>Tue Mar 24 07:51:27 2020 +0100
committerDávid Vincze <david.vincze@arm.com>Thu Mar 26 12:23:36 2020 +0100
tree549a7bdbf13177ad15614dcc730b70cbc065701c
parent1cf11b5feba8115af5e2c8dac0b4d4821cc15696 [diff]
boot: Add boot status record to shared data area

Implement the functions declared in boot_record.h and add
each BOOT_RECORD TLV's CBOR encoded binary data (one TLV entry per
image) to a shared data area between the bootloader and the runtime SW.
These data units are stored in a TLV format (in the shared area too) and
contain certain attributes of the given image / SW component such as:
- SW type (role of the software component)
- SW version
- Signer ID (identifies the signing authority)
- Measurement value (hash of the image)
- Measurement type (algorithm used to calculate the measurement value)

Preserving all these image attributes from the boot stage for use by
later runtime services is known as a measured boot. The list of the
shared attributes is based on the recommendations of Arm's Platform
Security Architecture (PSA).
The main purpose of this patch is to create the prerequisites of an
attestation service by providing these measurements.

The boot_record.c and boot_status.h (originally tfm_boot_status.h) files
were copied (with modifications) from the Trusted Firmware-M project
(https://www.trustedfirmware.org/about/).
Hash of the source commit: 08d5572b4bcee306d8cf709c2200359a22d5b72c.

Change-Id: I37a8e7b10d5bf80a581651ffaf65b3cba45eaff2
Signed-off-by: David Vincze <david.vincze@arm.com>
2 files changed
tree: 549a7bdbf13177ad15614dcc730b70cbc065701c
  1. boot/
  2. ci/
  3. docs/
  4. ext/
  5. ptest/
  6. samples/
  7. scripts/
  8. sim/
  9. testplan/
  10. zephyr/
  11. .gitignore
  12. .gitmodules
  13. .travis.yml
  14. enc-aes128kw.b64
  15. enc-ec256-priv.pem
  16. enc-ec256-pub.pem
  17. enc-rsa2048-priv.pem
  18. enc-rsa2048-pub.pem
  19. LICENSE
  20. NOTICE
  21. project.yml
  22. README.md
  23. repository.yml
  24. root-ec-p256-pkcs8.pem
  25. root-ec-p256.pem
  26. root-ed25519.pem
  27. root-rsa-2048.pem
  28. root-rsa-3072.pem
  29. version.yml
README.md

mcuboot

Coverity Scan Build Status Build/Test

This is mcuboot version 1.5.0

MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables simple software upgrades.

MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating. Currently, mcuboot works with both the Apache Mynewt and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.

Using MCUboot

Instructions for different operating systems can be found here:

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To participate please visit:

MCUBoot GitHub Issues

Issues were previously tracked on MCUboot JIRA , but it is now deprecated.

Browsing

Information and documentation on the bootloader are stored within the source.

It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • boot/mynewt: Mynewt bootloader app
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome!