TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 5d5f04923f2df0e3c24114bcd28e2c86139e1ba8
commit5d5f04923f2df0e3c24114bcd28e2c86139e1ba8[log] [tgz]
authorThomas Altenbach <thomas.altenbach@legrand.com>Wed Sep 11 17:50:15 2024 +0200
committerJamie <40387179+nordicjm@users.noreply.github.com>Thu Sep 12 14:09:32 2024 +0100
tree0110ccda8aa5dd5c5537970b5c0d434575a12668
parentca06b9fe6d3c20a824a3f7e1196e89ab6134d08b [diff]
bootutil: Fix AES and SHA-256 contexts not zeroized with mbedTLS

For some reason, the calls to mbedtls_aes_free, mbedtls_nist_kw_free and
mbedtls_sha256_free_drop were commented out which means the AES and
SHA-256 contexts were not properly de-initialized after usage when
mbedTLS is used. In the case of AES-KW it seems that might lead to a
memory leak depending on the mbedTLS configuration, but in any case and
independently of the mbedTLS configuration, this leads to the contexts
not be zeroized after usage.

Not zeroizing a context means it stays in RAM an undefined amount of
time, which might enable an attacker to access it and to dump the
sensitive data it contains.

Signed-off-by: Thomas Altenbach <thomas.altenbach@legrand.com>
3 files changed
tree: 0110ccda8aa5dd5c5537970b5c0d434575a12668
  1. .github/
  2. boot/
  3. ci/
  4. docs/
  5. ext/
  6. ptest/
  7. samples/
  8. scripts/
  9. sim/
  10. testplan/
  11. zephyr/
  12. .gitignore
  13. .gitmodules
  14. .mbedignore
  15. .travis.yml-disabled
  16. Cargo.lock
  17. Cargo.toml
  18. CODE_OF_CONDUCT.md
  19. enc-aes128kw.b64
  20. enc-aes256kw.b64
  21. enc-ec256-priv.pem
  22. enc-ec256-pub.pem
  23. enc-rsa2048-priv.pem
  24. enc-rsa2048-pub.pem
  25. enc-x25519-priv.pem
  26. enc-x25519-pub.pem
  27. go.mod
  28. LICENSE
  29. NOTICE
  30. project.yml
  31. README.md
  32. repository.yml
  33. root-ec-p256-pkcs8.pem
  34. root-ec-p256.pem
  35. root-ec-p384-pkcs8.pem
  36. root-ec-p384.pem
  37. root-ed25519.pem
  38. root-rsa-2048.pem
  39. root-rsa-3072.pem
README.md

MCUboot

Package on PyPI Coverity Scan Build Status Build Status (Sim) Build Status (Mynewt) Build Status (Espressif) Publishing Status (imgtool) Build Status (Travis CI) Apache 2.0

This is MCUboot version 2.1.0

MCUboot is a secure bootloader for 32-bits microcontrollers. It defines a common infrastructure for the bootloader and the system flash layout on microcontroller systems, and provides a secure bootloader that enables easy software upgrade.

MCUboot is not dependent on any specific operating system and hardware and relies on hardware porting layers from the operating system it works with. Currently, MCUboot works with the following operating systems and SoCs:

RIOT is supported only as a boot target. We will accept any new port contributed by the community once it is good enough.

MCUboot How-tos

See the following pages for instructions on using MCUboot with different operating systems and SoCs:

There are also instructions for the Simulator.

Roadmap

The issues being planned and worked on are tracked using GitHub issues. To give your input, visit MCUboot GitHub Issues.

Source files

You can find additional documentation on the bootloader in the source files. For more information, use the following links:

  • boot/bootutil - The core of the bootloader itself.
  • boot/boot_serial - Support for serial upgrade within the bootloader itself.
  • boot/zephyr - Port of the bootloader to Zephyr.
  • boot/mynewt - Bootloader application for Apache Mynewt.
  • boot/nuttx - Bootloader application and port of MCUboot interfaces for Apache NuttX.
  • boot/mbed - Port of the bootloader to Mbed OS.
  • boot/espressif - Bootloader application and MCUboot port for Espressif SoCs.
  • boot/cypress - Bootloader application and MCUboot port for Cypress/Infineon SoCs.
  • imgtool - A tool to securely sign firmware images for booting by MCUboot.
  • sim - A bootloader simulator for testing and regression.

Joining the project

Developers are welcome!

Use the following links to join or see more about the project: