SonarQube findings resolution - WIP - DO NOT REVIEW YET, DO NOT MERGE #532
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…nto one place Make enc_key_public.h single point of definitions for key sizes, TLV indexes and so on. Upstream PR #: 2327 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 2d93958)
Use bootutil_macros.h instead. Upstream PR #: 2327 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit c1bb3a3)
…tions Cleanup. Upstream PR #: 2327 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit f4a5081)
Incorrect range check fix. Upstream PR #: 2337 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit fa17bc9)
This fixes issues when trying to compress images with no header padding requested. Upstream PR #: 2334 Signed-off-by: Michal Kozikowski <michal.kozikowski@nordicsemi.no> (cherry picked from commit 9e0bebc)
The hfwinfo returns bitmask, not single values. Upstream PR #: 2342 Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit 18e3bc8)
…erase This fixes issues when trying to erase secondary slot trailer for platforms with MCUBOOT_SUPPORT_DEV_WITHOUT_ERASE set from flash driver. Calling explicitly to 'scramble' region ensures we delete the trailer. Upstream PR #: 2341 Signed-off-by: Michal Kozikowski <michal.kozikowski@nordicsemi.no> (cherry picked from commit bb644c7)
Consolidates USB DFU entry logic by unifying GPIO and timeout-based DFU triggers under a common flag. This avoids code duplication and improves maintainability. Also improves log clarity for different DFU exit conditions. Signed-off-by: Sayooj K Karun <sayooj@aerlync.com> (cherry picked from commit 402d3f7) Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add additional log lines to allow easier tracking potential failures in image validation. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 11f9c6f)
Improve logging to make it easier to track image validation failures in development. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit c5011f2)
Fixed comments indentation. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit e56cecc)
…25519 Information on TLV and format. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit e542295)
Add support for HKDF/HMAC based on SHA512 for ECIES-X25519 key exchange. The commit adds MCUBOOT_HMAC_SHA512 that enables new TLV IMAGE_TLV_ENC_X25519_SHA512. Encryption code has been altered to support the MCUBOOT_HMAC_SHA512. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 1d83177)
The commit adds CONFIG_BOOT_HMAC_SHA512 that enables MCUboot configuration option MCUBOOT_HMAC_SHA512, that is used for switching HKDF/HMAC in ECIES key exchange to SHA512, from default SHA256. This option, currently, is only available for ECIES-X25519 with PSA as crypto backend. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 3771916)
…25519 Commit adds imgtool command line option --hmac-sha allowing to select between SHA256 and SHA512 for HMAC/HKDF. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit a36f951)
Fetch the flash base address if direct hash calculation is performed. Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit 6a178d2)
…d config This board has not been supported in a long time, remove it Upstream PR #: 2380 Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit 78ad12e)
Remove redundant application size calculations in favor of a swap-specific function, implemented inside swap_<type>.c. In this way, slot sizes use the same restrictions as image validation. Upstream PR #: 2318 Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit cf1f76c)
…configuration Remove configs that enable multithreading just because of SPI/QSPI use. Currently, nrf drivers do not depend on multithreading, so it is not needed and this change can save memory usage. Upstream PR #: 2375 Signed-off-by: Michal Kozikowski <michal.kozikowski@nordicsemi.no> (cherry picked from commit dd6b3ac)
Option to put execution in infinite loop. Meant to be used for debug. Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no> (cherry picked from commit 5eaf190)
Commit introduces BOOT_SOMETHING_USES_SHA<256,384,512> Kconfig options that can be used to control what algorithms should be compiled in with crypto backends. Upstream PR #: 2390 Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 62ee266)
Allow to depend on a specific slot while specifying the version number. This functionality is useful when the Direct XIP mode is used and the booting process of other images is done by the next stage, not the MCUboot itself. Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit dce784a)
Adds Kconfig option CONFIG_BOOT_ECDSA_PSA that allows to switch ECDSA to PSA backend. Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no> (cherry picked from commit 5ee96f5)
Use the generic commit-tags action to provide sauce tag checks. Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no> (cherry picked from commit 67c4da4)
Removes the `add_subdirectory` of nrfxlib it will still check that the nrfxlib is located outside the mcuboot directory. Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 0566363)
Add prj_minimal.conf, a Kconfig fragment to be used for minimally sized image production. The minimal fragment has been simplified for only external crypto. Move partition sizing into Kconfig to be consistent with the method used by b0. Using this fragment with prj_minimal.conf makes MCUboot < 16kB for all nRF devices (9160 still needs 32kB partition). Ref: NCSDK-6704 Signed-off-by: Stephen Stauts <stephen.stauts@nordicsemi.no> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no> (cherry picked from commit 33d3e61)
Adds project configurations for the two systems on the Thingy:91 (PCA-20035) board. The bootloader that is factory-programmed on thing91 does not support ECDSA signature type. Hence this commit also sets the signature type to RSA for applications built for Thingy:91. Signed-off-by: Bernt Johan Damslora <bernt.johan.damslora@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no> Signed-off-by: Jon Helge Nistad <jon.helge.nistad@nordicsemi.no> Signed-off-by: Balaji Srinivasan <balaji.srinivasan@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 0512d8d)
The default value of CONFIG_NRF_RTC_TIMER_USER_CHAN_COUNT for nRF52 SOCs has been changed from 0 to 3, but it makes MCUBoot get stuck on erasing flash pages when swapping two images. Restore the previous value until the RTC issue is resolved (see NCSDK-14427) Signed-off-by: Damian Krolik <damian.krolik@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 3957a30)
This patch adds board configuration for the Thingy:91 X. Signed-off-by: Maximilian Deubel <maximilian.deubel@nordicsemi.no> (cherry picked from commit 1b2d11c)
Partition Manager is an nRF Connect SDK component which uses yaml files to resolve flash partition placement with a holistic view of the device. This component's MCUboot portions began life as upstream mcuboot PR#430. This added support for being built as a sub image from the downstream Nordic patch set for a zephyr multi image build system (mcuboot 430 was combined with effor submitted to upstream zephyr as PR#13672, which was ultimately reworked after being rejected for mainline at the ELCE 2019 conference in Lyon). It has since evolved over time. This is the version that will go into NCS v1.3. It features: - page size aligned partitions for all partitions used by mcuboot. - image swaps without scratch partitions Add support for configurations where there exists two primary slots but only one secondary slot, which is shared. These two primary slots are the regular application and B1. B1 can be either S0 or S1 depending on the state of the device. Decide where an upgrade should be stored by looking at the vector table. Provide update candidates for both s0 and s1. These candidates must be signed with mcuboot after being signed by b0. Additional notes: - we make update.hex without trailer data This is needed for serial recovery to work using hex files. Prior to this the update.hex got TLV data at the end of the partition, which caused many blank pages to be included, which made it hard to use in a serial recovery scheme. Instead, make update.hex without TLV data at the end, and provide a new file test_update.hex which contains the TLV data, and can be directly flashed to test the upgrade procedure. - we use a function for signing the application as future-proofing for when other components must be signed as well - this includes an update to single image applications that enables support for partition manager; when single image DFU is used, a scratch partition is not needed. - In NCS, image 1 primary slot is the upgrade bank for mcuboot (IE S0 or S1 depending on the active slot). It is not required that this slot contains any valid data. - The nRF boards all have a single flash page size, and partition manager deals with the size of the update partitions and so on, so we must skip a boot_slots_compatible() check to avoid getting an error. - There is no need to verify the target when using partition manager. - We lock mcuboot using fprotect before jumping, to enable the secure boot property of the system. - Call fw_info_ext_api_provide() before booting if EXT_API_PROVIDE EXT_API is enabled. This is relevant only when the immutable bootloader has booted mcuboot. Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no> Signed-off-by: Øyvind Rønningstad <oyvind.ronningstad@nordicsemi.no> Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no> Signed-off-by: Sigvart Hovland <sigvart.m@gmail.com> Signed-off-by: Martí Bolívar <marti.bolivar@nordicsemi.no> Signed-off-by: Torsten Rasmussen <Torsten.Rasmussen@nordicsemi.no> Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no> Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Signed-off-by: Emil Obalski <emil.obalski@nordicsemi.no> Signed-off-by: Pawel Dunaj <pawel.dunaj@nordicsemi.no> Signed-off-by: Ioannis Glaropoulos <Ioannis.Glaropoulos@nordicsemi.no> Signed-off-by: Johann Fischer <johann.fischer@nordicsemi.no> Signed-off-by: Vidar Berg <vidar.berg@nordicsemi.no> Signed-off-by: Draus, Sebastian <sebastian.draus@nordicsemi.no> Signed-off-by: Trond Einar Snekvik <Trond.Einar.Snekvik@nordicsemi.no> Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no> Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 9554013)
Add a capability inside the Zephyr bootloader to handle memory-based bootloader requests to: - Boot recovery firmware - Boot firmware loader - Confirm an image - Set the slot preference Ref: NCSDK-34429 Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit e1f2ab3)
nrf-squash! [nrf noup] bootloader: Add bootloader requests Improve logic that handles sending bootloader requests as a result of issuing the MCUmgr commands. Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> (cherry picked from commit 4292905)
Adds support for LZMA-compressed firmware updates which also supports encrypted images and supports more than 1 updateable image Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Michal Kozikowski <michal.kozikowski@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 27758d7)
This commit aligns to the changes in the nrfcompress API, which now enables the caller to provide the expected size of the decompressed image. ref: NCSDK-32340 Signed-off-by: Michal Kozikowski <michal.kozikowski@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 002515b)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 0ae1441)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 26192ca)
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before NCSDK-30743 Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 373038b)
Disable previous generation key when update comes with new valid key and application is confirmed. Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no> Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 9dacf6d)
This configuration has the purpose of using keys provisioned to the internal trusted storage (ITS). It makes use of the already existing parts of code for MCUBOOT_BUILTIN_KEY Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no> (cherry picked from commit d69621e)
nrf-squash! [nrf noup] Added BOOT_SIGNATURE_USING_ITS for ecdsa configuration Replace NRF_BOOT_SIGNATURE_USING_ITS with NCS_BOOT_SIGNATURE_USING_ITS prefix. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no> (cherry picked from commit 4bfb139)
Thic commit introduces support for ed25519 signature verification when CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API). Signed-off-by: Michal Kozikowski <artur.hadasz@nordicsemi.no> (cherry picked from commit 391f093)
Provide an implementation for MCUboot UUID checks that specify a single, common vendor identifier and a unique class identifier for each image. Ref: NCSDK-34175 Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
nrf-squash! [nrf noup] boot: Improve bootloader request handling Setting "test" for image was failing when using bootloader requests due to an incorrect value being returned from send_boot_request. Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no>
nrf-squash! [nrf noup] bootloader: Add bootloader requests boot_request_retention.c could not be built if logs were disabled. Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no>
Lock KMU keys before passing execution to application. Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
adsz-nordic
force-pushed
the
ncsdk-35334
branch
from
84e95a5 to
5ce7e3d
Compare
Application need special support in the bootloader in order to resume for suspend to RAM. MCUboot is immediate actor which redirects execution to the application (application reset vector) when wake-up from S2RAM is detected. Detection is based on HW (NRF_RESETINFO) and hardened using additional check over independent source of truth (variable with magic value). Thanks to above the application is resuming using its routines - instead of mocking that by routines compiled in by the MCUboot. Implementation is able to support only MCUboot modes with a swap. Direct-XIP is not handled as it require a way to run-time recognization of active application slot. Signed-off-by: Karol Lasończyk <karol.lasonczyk@nordicsemi.no> Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no> Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added configuration which pre-configures MCUboot so It is able to support operation of resuming the App from S2RAM by the application itself. Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
"volatile" types should not be used in compound operations Issue link: https://sonarcloud.io/project/issues?open=AZWum4f1vizSu0tgQ8GT&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł <adam.szczygiel@nordicsemi.no>
Accessing sequence elements should not trigger an IndexError. Issue link: https://sonarcloud.io/project/issues?open=AZedPVgw78lmM2RicPGW&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł <adam.szczygiel@nordicsemi.no>
Identical sub-expressions on both sides of operator "||". Issue link: https://sonarcloud.io/project/issues?open=AZWum43evizSu0tgQ8Kq&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł <adam.szczygiel@nordicsemi.no>
Access of 'unsigned char' element in 'buf' at an overflowing index Issue link: https://sonarcloud.io/project/issues?open=AZWum4_vvizSu0tgQ8Mw&id=nrfconnect_sdk-mcuboot Ref: NCSDK-35334 Signed-off-by: Adam Szczygieł <adam.szczygiel@nordicsemi.no>
adsz-nordic
force-pushed
the
ncsdk-35334
branch
from
5ce7e3d to
b0f9777
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
27 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DO NOT REVIEW, DO NOT MERGE - attempt to launch SonarQube checks for evaluation of proposed fixes.
More changes are about to be made - work in progress...