Infineon: Add cyw20829 platform, shared slot feature, json memory map, psoc6 xip
Based in 1.8.0 release of MCUBoot library
This commit adds CYW20829 Infineon platform support with following capabilities:
1. Overwrite and swap upgrade mode support
2. Multi-image with up to 4 images
3. Hardware security counter is supported for CYW20829 platform
Add XIP support for PSOC6 platform - place BOOT slot in external memory and execute it in place using SMIF in XIP mode
and some new features for Infineon devices.
1. Shared upgrade slot feature - use one shared area for upgrade slots of multiple images
2. Memory map defined using JSON file - define memory regions for bootloader and user app in conventional way using JSON file
diff --git a/sim/mcuboot-sys/csupport/run.c b/sim/mcuboot-sys/csupport/run.c
index fd21bfd..fd6c3ca 100644
--- a/sim/mcuboot-sys/csupport/run.c
+++ b/sim/mcuboot-sys/csupport/run.c
@@ -22,7 +22,9 @@
#include "mbedtls/nist_kw.h"
#endif
+#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR
#include <bootutil/bootutil_log.h>
+#include "bootutil/crypto/common.h"
#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
@@ -90,15 +92,15 @@
return -6;
}
- if (mbedtls_asn1_get_mpi(p, end, &ctx->N) != 0) {
+ if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(N)) != 0) {
return -7;
}
- if (mbedtls_asn1_get_mpi(p, end, &ctx->E) != 0) {
+ if (mbedtls_asn1_get_mpi(p, end, &ctx->MBEDTLS_CONTEXT_MEMBER(E)) != 0) {
return -8;
}
- ctx->len = mbedtls_mpi_size(&ctx->N);
+ ctx->MBEDTLS_CONTEXT_MEMBER(len) = mbedtls_mpi_size(&ctx->MBEDTLS_CONTEXT_MEMBER(N));
if (*p != end) {
return -9;
@@ -140,7 +142,12 @@
mbedtls_platform_set_calloc_free(calloc, free);
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+ mbedtls_rsa_init(&ctx);
+ mbedtls_rsa_set_padding(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+#else
mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
+#endif
cp = (uint8_t *)pubkey;
cpend = cp + pubkey_len;
@@ -150,8 +157,13 @@
goto done;
}
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+ rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL,
+ NULL, 0, seckey_len, seckey, encbuf);
+#else
rc = mbedtls_rsa_rsaes_oaep_encrypt(&ctx, fake_rng, NULL, MBEDTLS_RSA_PUBLIC,
NULL, 0, seckey_len, seckey, encbuf);
+#endif
if (rc) {
goto done;
}
@@ -173,6 +185,15 @@
int kw_encrypt_(const uint8_t *kek, const uint8_t *seckey, uint8_t *encbuf)
{
#ifdef MCUBOOT_ENCRYPT_KW
+#ifdef MCUBOOT_AES_256
+ int key_len = 256;
+ int out_size = 40;
+ int in_len = 32;
+#else
+ int key_len = 128;
+ int out_size = 24;
+ int in_len = 16;
+#endif
mbedtls_nist_kw_context kw;
size_t olen;
int rc;
@@ -181,13 +202,13 @@
mbedtls_nist_kw_init(&kw);
- rc = mbedtls_nist_kw_setkey(&kw, MBEDTLS_CIPHER_ID_AES, kek, 128, 1);
+ rc = mbedtls_nist_kw_setkey(&kw, MBEDTLS_CIPHER_ID_AES, kek, key_len, 1);
if (rc) {
goto done;
}
- rc = mbedtls_nist_kw_wrap(&kw, MBEDTLS_KW_MODE_KW, seckey, 16, encbuf,
- &olen, 24);
+ rc = mbedtls_nist_kw_wrap(&kw, MBEDTLS_KW_MODE_KW, seckey, in_len, encbuf,
+ &olen, out_size);
done:
mbedtls_nist_kw_free(&kw);
@@ -201,9 +222,9 @@
#endif
}
-uint16_t flash_area_align(const struct flash_area *area)
+size_t flash_area_align(const struct flash_area *area)
{
- return sim_flash_align(area->fa_device_id);
+ return (size_t)sim_flash_align(area->fa_device_id);
}
uint8_t flash_area_erased_val(const struct flash_area *area)
@@ -223,14 +244,16 @@
uint32_t num_slots;
};
-int invoke_boot_go(struct sim_context *ctx, struct area_desc *adesc)
+int invoke_boot_go(struct sim_context *ctx, struct area_desc *adesc,
+ struct boot_rsp *rsp)
{
int res;
- struct boot_rsp rsp;
struct boot_loader_state *state;
#if defined(MCUBOOT_SIGN_RSA) || \
- (defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS))
+ (defined(MCUBOOT_SIGN_EC256) && defined(MCUBOOT_USE_MBED_TLS)) ||\
+ (defined(MCUBOOT_ENCRYPT_EC256) && defined(MCUBOOT_USE_MBED_TLS)) ||\
+ (defined(MCUBOOT_ENCRYPT_X25519) && defined(MCUBOOT_USE_MBED_TLS))
mbedtls_platform_set_calloc_free(calloc, free);
#endif
@@ -241,7 +264,7 @@
sim_set_context(ctx);
if (setjmp(ctx->boot_jmpbuf) == 0) {
- res = context_boot_go(state, &rsp);
+ res = context_boot_go(state, rsp);
sim_reset_flash_areas();
sim_reset_context();
free(state);
@@ -261,53 +284,30 @@
return malloc(size);
}
-void os_free(void *mem)
-{
- free(mem);
-}
-
-void *os_realloc(void *ptr, size_t size)
-{
- return realloc(ptr, size);
-}
-
int flash_area_id_from_multi_image_slot(int image_index, int slot)
{
switch (slot) {
case 0: return FLASH_AREA_IMAGE_PRIMARY(image_index);
case 1: return FLASH_AREA_IMAGE_SECONDARY(image_index);
case 2: return FLASH_AREA_IMAGE_SCRATCH;
-
- // case 7: return FLASH_AREA_IMAGE_SWAP_STATUS;
}
- printf("Image flash area ID not found, image=%d, slot=%d\n", image_index, slot);
+ printf("Image flash area ID not found\n");
return -1; /* flash_area_open will fail on that */
}
-int flash_area_id_from_image_slot(int slot)
-{
- return flash_area_id_from_multi_image_slot(0, slot);
-}
-
int flash_area_open(uint8_t id, const struct flash_area **area)
{
uint32_t i;
struct area_desc *flash_areas;
- // BOOT_LOG_SIM("%s: area id=%d, num_slots=%d", __func__, id, sim_get_flash_areas()->num_slots);
-
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
- // BOOT_LOG_SIM(" * flash_areas->slots[%d].id=%d", i, flash_areas->slots[i].id);
if (flash_areas->slots[i].id == id)
- {
- // BOOT_LOG_SIM(" * found, i=%d, id=%d", i, id);
break;
- }
}
if (i == flash_areas->num_slots) {
- printf("Unsupported area id=%d\n", id);
+ printf("Unsupported area\n");
abort();
}
@@ -354,6 +354,15 @@
ctx->jumped++;
longjmp(ctx->boot_jmpbuf, 1);
}
+
+// Align offset and length to sector size
+#ifdef MCUBOOT_SWAP_USING_STATUS
+ uint32_t sect_off = off / CY_FLASH_ALIGN * CY_FLASH_ALIGN;
+ len = ((off + len - 1) / CY_FLASH_ALIGN + 1) * CY_FLASH_ALIGN - sect_off;
+ off = sect_off;
+ BOOT_LOG_SIM("%s: erase with aligment at area=%d, off=%x, len=%x", __func__, area->fa_id, off, len);
+#endif
+
return sim_flash_erase(area->fa_device_id, area->fa_off + off, len);
}
@@ -363,22 +372,20 @@
struct area *slot;
struct area_desc *flash_areas;
- // BOOT_LOG_SIM("%s: idx=%d", __func__, idx);
-
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == idx)
break;
}
if (i == flash_areas->num_slots) {
- printf("flash_area_to_sectors: Unsupported area = %d\n", idx);
+ printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
if (slot->num_areas > (uint32_t)*cnt) {
- printf("Too many areas in slot: %d > %d\n", slot->num_areas, *cnt);
+ printf("Too many areas in slot\n");
abort();
}
@@ -395,22 +402,20 @@
struct area *slot;
struct area_desc *flash_areas;
- // BOOT_LOG_SIM("%s: area id=%d", __func__, fa_id);
-
flash_areas = sim_get_flash_areas();
for (i = 0; i < flash_areas->num_slots; i++) {
if (flash_areas->slots[i].id == fa_id)
break;
}
if (i == flash_areas->num_slots) {
- printf("flash_area_get_sectors: Unsupported area = %d\n", fa_id);
+ printf("Unsupported area\n");
abort();
}
slot = &flash_areas->slots[i];
if (slot->num_areas > *count) {
- printf("Too many areas in slot: %d > %d\n", slot->num_areas, *count);
+ printf("Too many areas in slot\n");
abort();
}
@@ -433,10 +438,20 @@
return 1;
}
- printf("Unsupported image area ID=%d\n", area_id);
+ printf("Unsupported image area ID\n");
abort();
}
+uint8_t flash_area_get_device_id(const struct flash_area *fa)
+{
+ return fa->fa_device_id;
+}
+
+int flash_area_id_from_image_slot(int slot) {
+ /* For single image cases, just use the first image. */
+ return flash_area_id_from_multi_image_slot(0, slot);
+}
+
void sim_assert(int x, const char *assertion, const char *file, unsigned int line, const char *function)
{
if (!(x)) {
@@ -463,28 +478,3 @@
{
return BOOT_MAGIC_SZ;
}
-
-void mbedtls_platform_zeroize( void *buf, size_t len )
-{
- memset( buf, 0, len );
-}
-
-int flash_area_read_is_empty(const struct flash_area *fa, uint32_t off,
- void *dst, uint32_t len)
-{
- uint8_t *mem_dest;
- int rc;
-
- mem_dest = (uint8_t *)dst;
- rc = flash_area_read(fa, off, dst, len);
- if (rc) {
- return -1;
- }
-
- for (uint8_t i = 0; i < len; i++) {
- if (mem_dest[i] != flash_area_erased_val(fa)) {
- return 0;
- }
- }
- return 1;
-}