TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 554c52e64c6037f3cdc91c790d5a1d7952269dfe
commit554c52e64c6037f3cdc91c790d5a1d7952269dfe[log] [tgz]
authorDavid Brown <david.brown@linaro.org>Fri Jun 30 16:01:07 2017 -0600
committerDavid Brown <davidb@davidb.org>Thu Jul 13 17:52:20 2017 -0600
treedd9163edcc07b7f5985fdfdb6153b12e5987801f
parent046a0a62249136de164e6e31b7cf5f00e4184e7a [diff]
Always validate slot 0 when requested

The MCUBOOT_VALIDATE_SLOT0 feature only verifies the signature when
there is no swapping happening.  The assumption was that if there is a
swap being done, the code will verify the signature of slot 1 before
doing the slot.

However, either due to bugs, or intentional trickery, it may be possible
to confuse the code into continuing a swap operation.  If the data is
modified before this, the bootloader can be tricked into booting the
resulting image in slot 0 without having verified the signature.

Fix this by always verifying slot 0's signature before booting it.

JIRA: MCUB-64
Signed-off-by: David Brown <david.brown@linaro.org>
1 file changed
tree: dd9163edcc07b7f5985fdfdb6153b12e5987801f
  1. boot/
  2. doc/
  3. samples/
  4. scripts/
  5. sim/
  6. .gitignore
  7. .gitmodules
  8. .travis.yml
  9. build_boot.sh
  10. Makefile
  11. project.yml
  12. README-zephyr.rst
  13. README.md
  14. repository.yml
  15. root-ec-p256.pem
  16. root-rsa-2048.pem
  17. sign.sh
README.md

mcuboot

Overview

MCUBoot is a secure bootloader for 32-bit MCUs. The goal of MCUBoot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables easy software upgrade.

MCUboot is operating system and hardware independent, and relies on hardware porting layers from the operating system it works with. Currently mcuboot works with both the Apache Mynewt, and Zephyr operating systems, but more ports are planned in the future.

Roadmap

The MCUBoot project was originally taken from the Apache Mynewt operating system, which had secure boot and software upgrade functionality instrinsic to it. Currently development is heads down on a first release of MCUboot that works across both the Zephyr operating system and Apache Mynewt operating system.

For more information on what's being planned, and worked on, please visit:

https://runtimeco.atlassian.net/projects/MCUB/summary

Browsing

Information and documentation on the bootloader is stored within the source, and on confluence:

https://runtimeco.atlassian.net/wiki/discover/all-updates

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome! To join in the discussion, please join the developer mailing list:

http://lists.runtime.co/mailman/listinfo/dev-mcuboot_lists.runtime.co