[2/2] incubator-mynewt-core git commit: boot loader - Update design doc.
boot loader - Update design doc. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/bd9cb1c3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/bd9cb1c3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/bd9cb1c3 Branch: refs/heads/develop Commit: bd9cb1c3dd51be994febf05c045b0787889db54a Parents: 4e7f485 Author: Christopher Collins Authored: Tue Dec 6 15:40:38 2016 -0800 Committer: Christopher Collins Committed: Tue Dec 6 15:41:34 2016 -0800 -- boot/bootutil/design.txt | 750 -- 1 file changed, 436 insertions(+), 314 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bd9cb1c3/boot/bootutil/design.txt -- diff --git a/boot/bootutil/design.txt b/boot/bootutil/design.txt index a39759b..41065e4 100644 --- a/boot/bootutil/design.txt +++ b/boot/bootutil/design.txt @@ -17,42 +17,37 @@ # under the License. # -** BOOTUTIL +** BOOT LOADER *** SUMMARY -The bootutil library performs most of the functions of a boot loader. In -particular, the piece that is missing is the final step of actually jumping to -the main image. This last step should instead be implemented in an -architecture-specific project. Boot loader functionality is separated in this -manner for the following two reasons: +The Mynewt bootloader comprises two packages: -1. By keeping architecture-dependent code separate, the bootutil library can be - reused among several boot loaders. +* The bootutil library (boot/bootutil) +* The boot application (apps/boot) -2. By excluding the last boot step from the library, the rest of the code can - be tested in a sim environment. - -There is a boot loader project specific to the olimex_stm32-e407 devboard -called "boot." This project provides an example of how the bootutil library -should be used. +The bootutil library performs most of the functions of a boot loader. In +particular, the piece that is missing is the final step of actually jumping to +the main image. This last step is instead implemented by the boot application. +Boot loader functionality is separated in this manner to enable unit testing of +the boot loader. A library can be unit tested, but an application can't. +Therefore, functionality is delegated to the bootutil library when possible. *** LIMITATIONS The boot loader currently only supports images with the following characteristics: * Built to run from flash. -* Build to run from a fixed location (i.e., position-independent). - -These limitations will likely be addressed soon. - +* Build to run from a fixed location (i.e., not position-independent). *** IMAGE FORMAT -The following definitions describe the image header format. +The following definitions describe the image format. #define IMAGE_MAGIC 0x96f3b83c +#define IMAGE_HEADER_SIZE 32 + struct image_version { uint8_t iv_major; uint8_t iv_minor; @@ -63,351 +58,478 @@ struct image_version { /** Image header. All fields are in little endian byte order. */ struct image_header { uint32_t ih_magic; -uint32_t ih_crc32; /* Covers remainder of header and all of image body. */ -uint32_t ih_hdr_size; +uint16_t ih_tlv_size; /* Combined size of trailing TLVs (bytes). */ +uint8_t ih_key_id; /* Which key image is signed with (0xff=unsigned). */ +uint8_t _pad1; +uint16_t ih_hdr_size; /* Size of image header (bytes). */ +uint16_t _pad2; uint32_t ih_img_size; /* Does not include header. */ -uint32_t ih_flags; +uint32_t ih_flags;/* IMAGE_F_[...] */ struct image_version ih_ver; +uint32_t _pad3; }; -At this time, no flags have been defined. +/** Image trailer TLV format. All fields in little endian. */ +struct image_tlv { +uint8_t it_type; /* IMAGE_TLV_[...]. */ +uint8_t _pad; +uint16_t it_len /* Data length (not including TLV header). */ +}; + +/* + * Image header flags. + */ +#define IMAGE_F_PIC 0x0001 /* Not currently supported. */ +#define IMAGE_F_SHA2560x0002 /* Image contains hash TLV */ +#define IMAGE_F_PKCS15_RSA2048_SHA256 0x0004 /* PKCS15 w/RSA and SHA */ +#define IMAGE_F_ECDSA224_SHA256 0x0008 /* ECDSA256 over SHA256 */ +#define IMAGE_F_NON_BOOTABLE 0x0010 /* Split image app. */ + +/* + * Image trailer TLV types. + */ +#define IMAGE_TLV_SHA2561 /* SHA256 of image hdr and body */ +#define IMAGE_TLV_RSA2048 2 /* RSA2048 of hash output */ +#define IMAGE_TLV_ECDSA224 3 /* ECDSA of hash output */ + +Optional type-length-value records (TLVs) con
[2/2] incubator-mynewt-core git commit: Boot loader update
Boot loader update 1. Increase copy magic number from 4 bytes to 16. 2. Ensure magic, status, and swap state get written sequentially within a sector. 3. Standardize on the flash_map API (flash_area_open(), etc.). Previously, we were using both the flash map API and direct HAL flash reads. 4. Remove boot request; now boot loader calculates flash information on its own. 5. Remove boot_req and boot_state global variables. Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/f855c453 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/f855c453 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/f855c453 Branch: refs/heads/develop Commit: f855c453f9d0e8fe8289f81e200c04bb30ce8304 Parents: dbb7803 Author: Christopher Collins Authored: Wed Oct 19 17:23:37 2016 -0700 Committer: Christopher Collins Committed: Thu Oct 20 19:16:19 2016 -0700 -- apps/boot/src/boot.c| 13 +- boot/boot_serial/src/boot_serial.c | 4 +- boot/bootutil/include/bootutil/bootutil.h | 43 +- boot/bootutil/include/bootutil/image.h | 15 +- boot/bootutil/signed_images.md | 8 +- boot/bootutil/src/bootutil_misc.c | 315 -- boot/bootutil/src/bootutil_priv.h | 55 +- boot/bootutil/src/image_validate.c | 34 +- boot/bootutil/src/loader.c | 962 ++- boot/bootutil/syscfg.yml| 2 - boot/bootutil/test/src/boot_test.h | 3 +- boot/bootutil/test/src/boot_test_utils.c| 67 +- .../test/src/testcases/boot_test_invalid_hash.c | 10 +- .../src/testcases/boot_test_no_flag_has_hash.c | 10 +- .../test/src/testcases/boot_test_no_hash.c | 10 +- .../test/src/testcases/boot_test_nv_bs_10.c | 10 +- .../test/src/testcases/boot_test_nv_bs_11.c | 13 +- .../src/testcases/boot_test_nv_bs_11_2areas.c | 11 +- .../test/src/testcases/boot_test_nv_ns_01.c | 10 +- .../test/src/testcases/boot_test_nv_ns_10.c | 10 +- .../test/src/testcases/boot_test_nv_ns_11.c | 10 +- .../test/src/testcases/boot_test_revert.c | 10 +- .../src/testcases/boot_test_revert_continue.c | 11 +- .../test/src/testcases/boot_test_vb_ns_11.c | 10 +- .../test/src/testcases/boot_test_vm_ns_01.c | 10 +- .../test/src/testcases/boot_test_vm_ns_10.c | 10 +- .../src/testcases/boot_test_vm_ns_11_2areas.c | 10 +- .../test/src/testcases/boot_test_vm_ns_11_a.c | 10 +- .../test/src/testcases/boot_test_vm_ns_11_b.c | 10 +- sys/flash_map/include/flash_map/flash_map.h | 2 +- sys/flash_map/src/flash_map.c | 5 +- 31 files changed, 908 insertions(+), 795 deletions(-) -- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/f855c453/apps/boot/src/boot.c -- diff --git a/apps/boot/src/boot.c b/apps/boot/src/boot.c index 6a25b57..966e453 100755 --- a/apps/boot/src/boot.c +++ b/apps/boot/src/boot.c @@ -50,14 +50,6 @@ static os_stack_t boot_ser_stack[BOOT_SER_STACK_SZ]; int main(void) { -struct flash_area descs[AREA_DESC_MAX]; -/** Areas representing the beginning of image slots. */ -uint8_t img_starts[2]; -struct boot_req req = { -.br_area_descs = descs, -.br_slot_areas = img_starts, -}; - struct boot_rsp rsp; int rc; @@ -68,9 +60,6 @@ main(void) hal_bsp_init(); #endif -rc = boot_build_request(&req, AREA_DESC_MAX); -assert(rc == 0); - #if MYNEWT_VAL(BOOT_SERIAL) /* * Configure a GPIO as input, and compare it against expected value. @@ -84,7 +73,7 @@ main(void) os_start(); } #endif -rc = boot_go(&req, &rsp); +rc = boot_go(&rsp); assert(rc == 0); system_start((void *)(rsp.br_image_addr + rsp.br_hdr->ih_hdr_size)); http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/f855c453/boot/boot_serial/src/boot_serial.c -- diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c index 564fb41..fdc2d2e 100644 --- a/boot/boot_serial/src/boot_serial.c +++ b/boot/boot_serial/src/boot_serial.c @@ -110,8 +110,8 @@ bs_list(char *buf, int len) flash_area_read(fap, 0, &hdr, sizeof(hdr)); if (hdr.ih_magic == IMAGE_MAGIC && - bootutil_img_validate(&hdr, fap->fa_device_id, fap->fa_off, -tmpbuf, sizeof(tmpbuf), NULL, 0, NULL) == 0) { + bootutil_img_validate(&hdr, fap, tmpbuf, sizeof(tmpbuf), +NULL, 0, NULL) == 0) { good_img = 1; } else {