| commit | d82afbfaa839f2d4b86b883fc570f4955a9bec0e | [log] [tgz] |
|---|---|---|
| author | George Beckstein <becksteing@embeddedplanet.com> | Thu Oct 29 17:32:11 2020 -0400 |
| committer | Fabio Utzig <utzig@utzig.org> | Tue Nov 03 19:16:46 2020 -0300 |
| tree | 23996ffee54e2463760cc713a87171db6f3dbb61 | |
| parent | ea30ef3ca7f6e96cc8c99bfa83a012323003cee5 [diff] |
Mbed-OS porting layer implementation for mcuboot This PR provides a porting layer implementation and framework for building an mcuboot-based bootloader with Mbed-OS. Some symbols are not provided by the Mbed-OS port within mcuboot, namely: - The secondary storage device (see below) - The signing keys - The encryption keys, if used Use of this port is demonstrated by the following projects: - https://github.com/AGlass0fMilk/mbed-mcuboot-demo (a complete mcuboot/Mbed-OS-based bootloader) - https://github.com/AGlass0fMilk/mbed-mcuboot-blinky (example showing how to make an Mbed-OS application that is bootable by mcuboot) Memory porting implementation: The underlying implemenation uses Mbed's BlockDevice API as the storage backend for mcuboot's memory operations. This provides a very flexible way of configuring the location and layout of the secondary flash storage area. To build an mcuboot-based bootloader with Mbed-OS, the user must implement a hook function, mbed::BlockDevice* get_secondary_bd(), to provide the secondary BlockDevice that mcuboot will use. The signing and encryption keys must also be provided by the user. They can be generated using the existing imgtool utility in the same manner used by Zephyr. There are no automated build steps currently provided by Mbed-OS to sign/encrypt build artifacts. Known limitations: The update candidate encryption features have not yet been fully tested. A truly secure implementation will require integration with Mbed's TRNG API in the future to inhibit side-channel attacks on the decryption process. The TinyCrypt backend is currently only supported for Mbed-OS builds when building with the GCC toolchain. The new cmake-based Mbed-OS build system will fix the underlying issue (file name uniqueness). Signed-off-by: George Beckstein <becksteing@embeddedplanet.com> Signed-off-by: Evelyne Donnaes <evelyne.donnaes@arm.com> Signed-off-by: Lingkai Dong <lingkai.dong@arm.com> Co-authored-by: Lingkai Dong <lingkai.dong@arm.com> Co-authored-by: Fabio Utzig <fabio.utzig@nordicsemi.no>
- .mbedignore[Added - diff]
- boot/mbed/app_enc_keys.c[Added - diff]
- boot/mbed/include/flash_map_backend/flash_map_backend.h[Added - diff]
- boot/mbed/include/flash_map_backend/secondary_bd.h[Added - diff]
- boot/mbed/include/mcuboot_config/mcuboot_assert.h[Added - diff]
- boot/mbed/include/mcuboot_config/mcuboot_config.h[Added - diff]
- boot/mbed/include/mcuboot_config/mcuboot_logging.h[Added - diff]
- boot/mbed/include/os/os_malloc.h[Added - diff]
- boot/mbed/include/sysflash/sysflash.h[Added - diff]
- boot/mbed/mbed_lib.json[Added - diff]
- boot/mbed/mcuboot_main.cpp[Added - diff]
- boot/mbed/src/flash_map_backend.cpp[Added - diff]
- docs/index.md[diff]
- docs/readme-mbed.md[Added - diff]
- mbed-os.lib[Added - diff]
- .github/
- boot/
- ci/
- docs/
- ext/
- ptest/
- samples/
- scripts/
- sim/
- testplan/
- zephyr/
- .gitignore
- .gitmodules
- .mbedignore
- .travis.yml
- enc-aes128kw.b64
- enc-ec256-priv.pem
- enc-ec256-pub.pem
- enc-rsa2048-priv.pem
- enc-rsa2048-pub.pem
- enc-x25519-priv.pem
- enc-x25519-pub.pem
- go.mod
- LICENSE
- mbed-os.lib
- NOTICE
- project.yml
- README.md
- repository.yml
- root-ec-p256-pkcs8.pem
- root-ec-p256.pem
- root-ed25519.pem
- root-rsa-2048.pem
- root-rsa-3072.pem
mcuboot
This is mcuboot version 1.7.0-rc1
MCUboot is a secure bootloader for 32-bit MCUs. The goal of MCUboot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables simple software upgrades.
MCUboot is operating system and hardware independent and relies on hardware porting layers from the operating. Currently, mcuboot works with both the Apache Mynewt and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.
Using MCUboot
Instructions for different operating systems can be found here:
Roadmap
The issues being planned and worked on are tracked using GitHub issues. To participate please visit:
Issues were previously tracked on MCUboot JIRA , but it is now deprecated.
Browsing
Information and documentation on the bootloader are stored within the source.
It was previously also documented on confluence: MCUBoot Confluence however, it is now deprecated and not currently maintained
For more information in the source, here are some pointers:
- boot/bootutil: The core of the bootloader itself.
- boot/boot_serial: Support for serial upgrade within the bootloader itself.
- boot/zephyr: Port of the bootloader to Zephyr
- boot/mynewt: Mynewt bootloader app
- imgtool: A tool to securely sign firmware images for booting by mcuboot.
- sim: A bootloader simulator for testing and regression
Joining
Developers welcome!
- Our developer mailing list: https://groups.io/g/mcuboot
- Our Slack channel: https://mcuboot.slack.com/
Get your invite here! - Our IRC channel: http://irc.freenode.net, #mcuboot