Infineon: Add secure mode smif encryption feature for CYW20829 devices
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index f9059aa..8df258a 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -202,7 +202,7 @@
return BOOT_MAGIC_BAD;
}
-static inline uint32_t
+uint32_t
boot_magic_off(const struct flash_area *fap)
{
return flash_area_get_size(fap) - BOOT_MAGIC_SZ;
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 105237a..045cacf 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -276,7 +276,9 @@
uint32_t boot_trailer_sz(uint32_t min_write_sz);
int boot_status_entries(int image_index, const struct flash_area *fap);
uint32_t boot_status_off(const struct flash_area *fap);
+uint32_t boot_magic_off(const struct flash_area *fap);
int boot_write_magic(const struct flash_area *fap);
+int boot_clear_magic(const struct flash_area *fap);
int boot_write_status(const struct boot_loader_state *state, struct boot_status *bs);
int boot_write_copy_done(const struct flash_area *fap);
int boot_write_image_ok(const struct flash_area *fap);
diff --git a/boot/bootutil/src/bootutil_public.c b/boot/bootutil/src/bootutil_public.c
index 82763d2..38b2bd1 100644
--- a/boot/bootutil/src/bootutil_public.c
+++ b/boot/bootutil/src/bootutil_public.c
@@ -126,7 +126,7 @@
.image_ok_secondary_slot = BOOT_FLAG_ANY,
.copy_done_primary_slot = BOOT_FLAG_SET,
.swap_type = BOOT_SWAP_TYPE_REVERT,
- },
+ }
};
#define BOOT_SWAP_TABLES_COUNT \
@@ -153,11 +153,6 @@
}
#ifndef MCUBOOT_SWAP_USING_STATUS
-static inline uint32_t
-boot_magic_off(const struct flash_area *fap)
-{
- return flash_area_get_size(fap) - BOOT_MAGIC_SZ;
-}
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
@@ -326,6 +321,42 @@
#ifndef MCUBOOT_SWAP_USING_STATUS
int
+boot_clear_magic(const struct flash_area *fap)
+{
+ uint32_t off;
+ uint32_t pad_off;
+ int rc;
+ uint8_t magic[BOOT_MAGIC_ALIGN_SIZE];
+ uint8_t erased_val;
+
+ off = boot_magic_off(fap);
+
+ /* image_trailer structure was modified with additional padding such that
+ * the pad+magic ends up in a flash minimum write region. The address
+ * returned by boot_magic_off() is the start of magic which is not the
+ * start of the flash write boundary and thus writes to the magic will fail.
+ * To account for this change, write to magic is first padded with 0xFF
+ * before writing to the trailer.
+ */
+ pad_off = ALIGN_DOWN(off, BOOT_MAX_ALIGN);
+
+ erased_val = flash_area_erased_val(fap);
+
+ (void)memset(&magic[0], erased_val, sizeof(magic));
+
+ BOOT_LOG_DBG("clearing magic; fa_id=%u off=0x%" PRIx32
+ " (0x%" PRIx32 ")", (unsigned)flash_area_get_id(fap),
+ off, flash_area_get_off(fap) + off);
+ rc = flash_area_write(fap, pad_off, &magic[0], BOOT_MAGIC_ALIGN_SIZE);
+
+ if (rc != 0) {
+ return BOOT_EFLASH;
+ }
+
+ return 0;
+}
+
+int
boot_write_magic(const struct flash_area *fap)
{
uint32_t off;
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index ddca260..8ede0f1 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -1753,6 +1753,9 @@
if (BOOT_IS_UPGRADE(swap_type)) {
rc = swap_set_copy_done(BOOT_CURR_IMG(state));
+#if defined(MCUBOOT_ENC_IMAGES_SMIF)
+ rc |= swap_clear_magic_upgrade(BOOT_CURR_IMG(state));
+#endif
if (rc != 0) {
BOOT_SWAP_TYPE(state) = BOOT_SWAP_TYPE_PANIC;
}
diff --git a/boot/bootutil/src/swap_misc.c b/boot/bootutil/src/swap_misc.c
index 64485db..f5a631f 100644
--- a/boot/bootutil/src/swap_misc.c
+++ b/boot/bootutil/src/swap_misc.c
@@ -87,7 +87,7 @@
const struct flash_area *fap,
const struct boot_status *bs)
{
- struct boot_swap_state swap_state;
+ struct boot_swap_state swap_state = {0};
uint8_t image_index;
int rc;
@@ -127,7 +127,7 @@
rc = boot_write_magic(fap);
assert(rc == 0);
- return 0;
+ return rc;
}
int
@@ -205,6 +205,21 @@
return rc;
}
+int swap_clear_magic_upgrade(uint8_t image_index)
+{
+ const struct flash_area *fap = NULL;
+ int rc;
+
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap);
+ if (rc != 0) {
+ return BOOT_EFLASH;
+ }
+
+ rc = boot_clear_magic(fap);
+ flash_area_close(fap);
+ return rc;
+}
+
int
swap_set_image_ok(uint8_t image_index)
{
diff --git a/boot/bootutil/src/swap_priv.h b/boot/bootutil/src/swap_priv.h
index 86d0b72..9baec58 100644
--- a/boot/bootutil/src/swap_priv.h
+++ b/boot/bootutil/src/swap_priv.h
@@ -72,6 +72,11 @@
int swap_set_copy_done(uint8_t image_index);
/**
+ * Marks the image in the secondary slot as upgraded.
+ */
+int swap_clear_magic_upgrade(uint8_t image_index);
+
+/**
* Marks a reverted image in the primary slot as confirmed. This is necessary to
* ensure the status bytes from the image revert operation don't get processed
* on a subsequent boot.
diff --git a/boot/bootutil/src/swap_status_misc.c b/boot/bootutil/src/swap_status_misc.c
index b5fc1ed..bc44feb 100644
--- a/boot/bootutil/src/swap_status_misc.c
+++ b/boot/bootutil/src/swap_status_misc.c
@@ -69,7 +69,7 @@
}
/* Offset Section */
-static inline uint32_t
+uint32_t
boot_magic_off(const struct flash_area *fap)
{
(void)fap;
@@ -246,6 +246,25 @@
return 0;
}
+int
+boot_clear_magic(const struct flash_area *fap)
+{
+ uint32_t off;
+ int rc;
+ uint8_t tmp[BOOT_MAGIC_SZ];
+
+ off = fap->fa_size - BOOT_MAGIC_SZ;
+
+ (void) memset(tmp, flash_area_erased_val(fap), BOOT_MAGIC_SZ);
+
+ rc = flash_area_write(fap, off, tmp, BOOT_MAGIC_ALIGN_SIZE);
+
+ if (rc != 0) {
+ return -1;
+ }
+ return 0;
+}
+
/**
* Writes the supplied boot status to the flash file system. The boot status
* contains the current state of an in-progress image copy operation.