TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 1a7a6905c5ebc6cb4324d7426a6e1bb1c695912b
commit1a7a6905c5ebc6cb4324d7426a6e1bb1c695912b[log] [tgz]
authorDavid Vincze <david.vincze@arm.com>Tue Feb 18 15:05:16 2020 +0100
committerDavid Brown <davidb@davidb.org>Tue Feb 25 23:43:12 2020 +0100
treed6a083781822a51a96742996bfe8424332e53ee0
parent19df5c44de6a842a800866f780f62c1a24576176 [diff]
imgtool: Add security counter to image manifest

Optionally add new security counter TLV to the protected image manifest
and also introduce a new command line option for the imgtool to specify
the value of this counter. The security counter can be used in rollback
protection to compare the new image's security counter against the
active counter value. Its value can be independent from the image
version, but if the 'auto' keyword is passed in the argument list of the
script then it will be generated from the version number (not including
the build number).

The value of the security counter is security critical data. Therefore,
it must be part of the protected TLV area.

Change-Id: I45926d22364d0528164f50fa379abf050bdf65ff
Signed-off-by: David Vincze <david.vincze@arm.com>
3 files changed
tree: d6a083781822a51a96742996bfe8424332e53ee0
  1. boot/
  2. ci/
  3. docs/
  4. ext/
  5. ptest/
  6. samples/
  7. scripts/
  8. sim/
  9. testplan/
  10. zephyr/
  11. .gitignore
  12. .gitmodules
  13. .travis.yml
  14. enc-aes128kw.b64
  15. enc-ec256-priv.pem
  16. enc-ec256-pub.pem
  17. enc-rsa2048-priv.pem
  18. enc-rsa2048-pub.pem
  19. LICENSE
  20. NOTICE
  21. project.yml
  22. README.md
  23. repository.yml
  24. root-ec-p256-pkcs8.pem
  25. root-ec-p256.pem
  26. root-ed25519.pem
  27. root-rsa-2048.pem
  28. root-rsa-3072.pem
  29. version.yml
README.md

mcuboot

Coverity Scan Build Status Build/Test

This is mcuboot version 1.5.0

MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables simple software upgrades.

MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating. Currently, mcuboot works with both the Apache Mynewt and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.

Using MCUboot

Instructions for different operating systems can be found here:

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To participate please visit:

MCUBoot GitHub Issues

Issues were previously tracked on MCUboot JIRA , but it is now deprecated.

Browsing

Information and documentation on the bootloader are stored within the source.

It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • boot/mynewt: Mynewt bootloader app
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome!