Infineon: Add PSoC63, PSoC61 platforms, update hw crypto acceleration, allow build on CM4 build
Release notes:
1. Added platforms PSoC63, PSoC61
2. Added possibility to build MCUBootApp for CM4 core and BlinkyApp for CM0p
3. Updated cy-mbedtls-acceleration package to support mbedtls-3.0
4. Change CY_SMIF_SYSCLK_HFCLK_DIVIDER to achieve increased SMIF clock source
5. Improved memory map configuration in json files
6. Added optional performance measurement macros
7. Improved usage of FIH types in security critical code branches
8. Updated documentation
9. Improved MISRAa nd CERT-C compliance
10. Switch to latest mtb-pdl-cat1 3.0.0
11. Fixed minor bugs
diff --git a/boot/bootutil/include/bootutil/boot_status.h b/boot/bootutil/include/bootutil/boot_status.h
index 0364870..d1be1e4 100644
--- a/boot/bootutil/include/bootutil/boot_status.h
+++ b/boot/bootutil/include/bootutil/boot_status.h
@@ -65,9 +65,9 @@
*/
/* General macros to handle TLV type */
-#define MAJOR_MASK 0xF /* 4 bit */
-#define MAJOR_POS 12 /* 12 bit */
-#define MINOR_MASK 0xFFF /* 12 bit */
+#define MAJOR_MASK 0xFu /* 4 bit */
+#define MAJOR_POS 12u /* 12 bit */
+#define MINOR_MASK 0xFFFu /* 12 bit */
#define SET_TLV_TYPE(major, minor) \
(((uint16_t)((major) & MAJOR_MASK) << MAJOR_POS) \
@@ -76,7 +76,7 @@
#define GET_MINOR(tlv_type) ((tlv_type) & MINOR_MASK)
/* Magic value which marks the beginning of shared data area in memory */
-#define SHARED_DATA_TLV_INFO_MAGIC 0x2016
+#define SHARED_DATA_TLV_INFO_MAGIC 0x2016u
/* Initial attestation specific macros */
@@ -84,28 +84,34 @@
* Major numbers (4 bit) to identify the
* consumer of shared data in runtime SW.
*/
-#define TLV_MAJOR_IAS 0x1
+#define TLV_MAJOR_IAS 0x1u
+#define TLV_MAJOR_FWU 0x2u
/* Initial attestation: Claim per SW components / SW modules */
/* Bits: 0-2 */
-#define SW_VERSION 0x00
-#define SW_SIGNER_ID 0x01
-/* Reserved 0x02 */
-#define SW_TYPE 0x03
+#define SW_VERSION 0x00u
+#define SW_SIGNER_ID 0x01u
+/* Reserved 0x02u */
+#define SW_TYPE 0x03u
/* Bits: 3-5 */
-#define SW_MEASURE_VALUE 0x08
-#define SW_MEASURE_TYPE 0x09
-#define SW_BOOT_RECORD 0x3F
+#define SW_MEASURE_VALUE 0x08u
+#define SW_MEASURE_TYPE 0x09u
+#define SW_BOOT_RECORD 0x3Fu
-#define MODULE_POS 6 /* 6 bit */
-#define CLAIM_MASK 0x3F /* 6 bit */
-#define MEASUREMENT_CLAIM_POS 3 /* 3 bit */
+#define MODULE_POS 6u /* 6 bit */
+#define MODULE_MASK 0x3Fu /* 6 bit */
+#define CLAIM_MASK 0x3Fu /* 6 bit */
+#define MEASUREMENT_CLAIM_POS 3u /* 3 bit */
#define GET_IAS_MODULE(tlv_type) ((uint16_t)GET_MINOR(tlv_type) >> MODULE_POS)
#define GET_IAS_CLAIM(tlv_type) (GET_MINOR(tlv_type) & CLAIM_MASK)
#define SET_IAS_MINOR(sw_module, claim) \
(((uint16_t)(sw_module) << MODULE_POS) | (claim))
+#define SET_FWU_MINOR(sw_module, claim) \
+ ((uint16_t)((sw_module & MODULE_MASK) << MODULE_POS) | \
+ (uint16_t)(claim & CLAIM_MASK))
+
/**
* Shared data TLV header. All fields in little endian.
*
diff --git a/boot/bootutil/include/bootutil/fault_injection_hardening.h b/boot/bootutil/include/bootutil/fault_injection_hardening.h
index a9c58ec..bccdbc2 100644
--- a/boot/bootutil/include/bootutil/fault_injection_hardening.h
+++ b/boot/bootutil/include/bootutil/fault_injection_hardening.h
@@ -88,6 +88,9 @@
extern "C" {
#endif /* __cplusplus */
+#define FIH_TRUE ((int)1)
+#define FIH_FALSE ((int)0)
+
/* Non-zero success value to defend against register resets. Zero is the most
* common value for a corrupted register so complex bit-patterns are used
*/
diff --git a/boot/bootutil/src/boot_record.c b/boot/bootutil/src/boot_record.c
index e3a2208..b6b0e50 100644
--- a/boot/bootutil/src/boot_record.c
+++ b/boot/bootutil/src/boot_record.c
@@ -24,6 +24,7 @@
#include "mcuboot_config/mcuboot_config.h"
#if defined(MCUBOOT_MEASURED_BOOT) || defined(MCUBOOT_DATA_SHARING)
+#include "bootutil/crypto/sha256.h"
#include "bootutil/boot_record.h"
#include "bootutil/boot_status.h"
#include "bootutil_priv.h"
@@ -62,6 +63,7 @@
return SHARED_MEMORY_GEN_ERROR;
}
+ /* Shared data section must be aligned as 'void*' */
assert(((uintptr_t)MCUBOOT_SHARED_DATA_BASE & 3u) == 0u);
boot_data = (struct shared_boot_data *)MCUBOOT_SHARED_DATA_BASE;
@@ -74,10 +76,6 @@
boot_data->header.tlv_tot_len = SHARED_DATA_HEADER_SIZE;
shared_memory_init_done = true;
}
- else if (boot_data->header.tlv_magic != SHARED_DATA_TLV_INFO_MAGIC ||
- boot_data->header.tlv_tot_len != SHARED_DATA_HEADER_SIZE) {
- return SHARED_MEMORY_CORRUPTED;
- }
/* Check whether TLV entry is already added.
* Get the boundaries of TLV section
@@ -236,4 +234,44 @@
return 0;
}
+
#endif /* MCUBOOT_MEASURED_BOOT */
+
+#ifdef MCUBOOT_DATA_SHARING
+
+int boot_save_shared_data(const struct image_header *hdr,
+ const struct flash_area *fap)
+{
+ uint16_t fwu_minor;
+ const struct flash_area *temp_fap;
+ uint8_t fwu_img_id = 0;
+ uint8_t i;
+
+ if (NULL == hdr || NULL == fap) {
+ return -1;
+ }
+
+ for (i = 0; i < MCUBOOT_IMAGE_NUMBER; i++) {
+ if (flash_area_open(FLASH_AREA_IMAGE_PRIMARY(i),
+ &temp_fap) != 0) {
+ return -1;
+ }
+
+ if (fap == temp_fap) {
+ fwu_img_id = i;
+ break;
+ }
+ }
+
+ if (MCUBOOT_IMAGE_NUMBER == i) {
+ return -1;
+ }
+
+ /* Currently hardcode it to 0 which indicates the full image. */
+ fwu_minor = SET_FWU_MINOR(fwu_img_id, SW_VERSION);
+ return boot_add_data_to_shared_area(TLV_MAJOR_FWU,
+ fwu_minor,
+ sizeof(hdr->ih_ver),
+ (const uint8_t *)&hdr->ih_ver);
+}
+#endif /* MCUBOOT_DATA_SHARING */
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 75e53d3..b817640 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -157,13 +157,14 @@
}
#endif
+#ifndef MCUBOOT_SWAP_USING_STATUS
+
static inline uint32_t
boot_magic_off(const struct flash_area *fap)
{
return flash_area_get_size(fap) - BOOT_MAGIC_SZ;
}
-#ifndef MCUBOOT_SWAP_USING_STATUS
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
diff --git a/boot/bootutil/src/bootutil_public.c b/boot/bootutil/src/bootutil_public.c
index f045fae..b1b4f60 100644
--- a/boot/bootutil/src/bootutil_public.c
+++ b/boot/bootutil/src/bootutil_public.c
@@ -240,13 +240,14 @@
return 0;
}
+#ifndef MCUBOOT_SWAP_USING_STATUS
+
static inline int
boot_read_copy_done(const struct flash_area *fap, uint8_t *copy_done)
{
return boot_read_flag(fap, copy_done, boot_copy_done_off(fap));
}
-#ifndef MCUBOOT_SWAP_USING_STATUS
int
boot_read_swap_state(const struct flash_area *fap,
@@ -429,9 +430,9 @@
int
boot_swap_type_multi(int image_index)
{
- const struct boot_swap_table *table;
- struct boot_swap_state primary_slot;
- struct boot_swap_state secondary_slot;
+ const struct boot_swap_table *table = NULL;
+ struct boot_swap_state primary_slot = {0};
+ struct boot_swap_state secondary_slot = {0};
int rc;
size_t i;
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
index 9f0ed3d..69cd507 100644
--- a/boot/bootutil/src/image_ec256.c
+++ b/boot/bootutil/src/image_ec256.c
@@ -79,7 +79,7 @@
return -4;
}
- if (mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1)) {
+ if (mbedtls_ecp_group_load(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), MBEDTLS_ECP_DP_SECP256R1)) {
return -5;
}
@@ -90,11 +90,14 @@
return -7;
}
- if (mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, *p, end - *p)) {
+ if (mbedtls_ecp_point_read_binary(&ctx->MBEDTLS_CONTEXT_MEMBER(grp),
+ &ctx->MBEDTLS_CONTEXT_MEMBER(Q),
+ *p, end - *p) != 0) {
return -8;
}
- if (mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q)) {
+ if (mbedtls_ecp_check_pubkey(&ctx->MBEDTLS_CONTEXT_MEMBER(grp),
+ &ctx->MBEDTLS_CONTEXT_MEMBER(Q)) != 0) {
return -9;
}
return 0;
@@ -219,7 +222,7 @@
#else
rc = bootutil_import_key(&pubkey, end);
#endif
- if (rc) {
+ if (rc != 0) {
return -1;
}
@@ -234,9 +237,7 @@
* This is simplified, as the hash length is also 32 bytes.
*/
#ifdef CY_MBEDTLS_HW_ACCELERATION
- while (sig[slen - 1] == '\0') {
- slen--;
- }
+
rc = mbedtls_ecdsa_read_signature(&ctx, hash, hlen, sig, slen);
#else /* CY_MBEDTLS_HW_ACCELERATION */
diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c
index fea6ce1..0097611 100644
--- a/boot/bootutil/src/swap_scratch.c
+++ b/boot/bootutil/src/swap_scratch.c
@@ -435,11 +435,11 @@
int
swap_status_source(struct boot_loader_state *state)
{
- const struct boot_status_table *table;
+ const struct boot_status_table *table = NULL;
#if MCUBOOT_SWAP_USING_SCRATCH
- struct boot_swap_state state_scratch;
+ struct boot_swap_state state_scratch = {0};
#endif
- struct boot_swap_state state_primary_slot;
+ struct boot_swap_state state_primary_slot = {0};
int rc;
size_t i;
uint8_t source;
diff --git a/boot/bootutil/src/swap_status_misc.c b/boot/bootutil/src/swap_status_misc.c
index 8512b02..c3f4017 100644
--- a/boot/bootutil/src/swap_status_misc.c
+++ b/boot/bootutil/src/swap_status_misc.c
@@ -242,6 +242,7 @@
const struct flash_area *fap = NULL;
uint32_t off;
uint8_t area_id;
+ uint8_t tmp_state;
int rc;
(void)state;
@@ -272,7 +273,7 @@
}
off = boot_status_off(fap) + boot_status_internal_off(bs, 1);
- uint8_t tmp_state = bs->state;
+ tmp_state = bs->state;
rc = swap_status_update(fap->fa_id, off, &tmp_state, 1);
if (rc != 0) {
@@ -591,7 +592,7 @@
const struct flash_area *fap,
const struct boot_status *bs)
{
- struct boot_swap_state swap_state;
+ struct boot_swap_state swap_state = {0};
uint8_t image_index;
int rc;