You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mynewt.apache.org by st...@apache.org on 2016/09/29 01:34:37 UTC
[30/49] incubator-mynewt-core git commit: directory re-org
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/design.txt
----------------------------------------------------------------------
diff --git a/libs/bootutil/design.txt b/libs/bootutil/design.txt
deleted file mode 100644
index a39759b..0000000
--- a/libs/bootutil/design.txt
+++ /dev/null
@@ -1,413 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-****** BOOTUTIL
-
-*** SUMMARY
-
-The bootutil library performs most of the functions of a boot loader. In
-particular, the piece that is missing is the final step of actually jumping to
-the main image. This last step should instead be implemented in an
-architecture-specific project. Boot loader functionality is separated in this
-manner for the following two reasons:
-
-1. By keeping architecture-dependent code separate, the bootutil library can be
- reused among several boot loaders.
-
-2. By excluding the last boot step from the library, the rest of the code can
- be tested in a sim environment.
-
-There is a boot loader project specific to the olimex_stm32-e407 devboard
-called "boot." This project provides an example of how the bootutil library
-should be used.
-
-*** LIMITATIONS
-
-The boot loader currently only supports images with the following
-characteristics:
- * Built to run from flash.
- * Build to run from a fixed location (i.e., position-independent).
-
-These limitations will likely be addressed soon.
-
-
-*** IMAGE FORMAT
-
-The following definitions describe the image header format.
-
-#define IMAGE_MAGIC 0x96f3b83c
-
-struct image_version {
- uint8_t iv_major;
- uint8_t iv_minor;
- uint16_t iv_revision;
- uint32_t iv_build_num;
-};
-
-/** Image header. All fields are in little endian byte order. */
-struct image_header {
- uint32_t ih_magic;
- uint32_t ih_crc32; /* Covers remainder of header and all of image body. */
- uint32_t ih_hdr_size;
- uint32_t ih_img_size; /* Does not include header. */
- uint32_t ih_flags;
- struct image_version ih_ver;
-};
-
-At this time, no flags have been defined.
-
-The ih_hdr_size field indicates the length of the header, and therefore the
-offset of the image itself. This field provides for backwards compatibility in
-case of changes to the format of the image header.
-
-When security is added, security data will likely go in a footer at the end of
-the image.
-
-
-*** FLASH AREAS
-
-Bootutil uses the same concept of "flash areas" as the nffs file system.
-Briefly, an area is a region of disk with the following properties:
- (1) An area can be fully erased without affecting any other areas.
- (2) A write to one area does not restrict writes to other areas.
-
-The areas used for image data must not be used for anything else. In
-particular, these areas must be kept separate from the nffs file system.
-
-
-*** IMAGE SLOTS
-
-A portion of the flash memory is partitioned into two image slots: a primary
-slot and a secondary slot. The boot loader will only run an image from the
-primary slot, so images must be built such that they can run from that fixed
-location in flash. If the boot loader needs to run the image resident in the
-secondary slot, it must swap the two images in flash prior to booting.
-
-In addition to the two image slots, the boot loader requires a scratch area to
-allow for reliable image swapping.
-
-All areas used by image data (including the scratch area) must be the same
-size.
-
-
-*** BOOT VECTOR
-
-Bootutil determines which image it should boot into by reading the contents of
-the boot vector. The boot vector comprises the following files in the flash
-file system:
-
-#define BOOT_PATH_MAIN "/boot/main"
-#define BOOT_PATH_TEST "/boot/test"
-
-Each file, if present, must contain a 64-bit image version. This version is
-simply a "binary dump" of an image_version struct. The test file is used to
-indicate that an image is being "tested out," and should only be booted once.
-The main file indicates the "last known good" image which should be booted
-repeatedly.
-
-The boot loader uses the following procedure to determine which image to boot:
-
-1) If the test file is present and contains a valid image version:
- * Delete the test file.
- * Boot into the specified image.
-
-2) Else if the main file is present and contains a valid image version:
- * Boot into the specified image.
-
-3) Else:
- * Just boot into whichever image is in the primary slot. If there is no
- image in the primary slot, boot into the image in the secondary slot.
-
-If a vector file contains a version which doesn't correspond to an image
-actually present in flash, the boot loader deletes the file and procedes as
-though the file was not present.
-
-
-*** BOOT STATUS
-
-The boot status file allows the boot loader to recover in case it was reset
-while in the middle of an image swap operation. Image swapping is discussed
-later in this document; the structure of the boot status file is presented
-here. To ensure recovery is always possible, bootutil updates the status file
-at each step throughout the image swap process. The boot status is contained
-in the following file:
-
-#define BOOT_PATH_STATUS "/boot/status"
-
-The contents of the boot status file are defined below.
-
-struct boot_status {
- uint32_t bs_img1_length;
- uint32_t bs_img2_length;
- /* Followed by sequence of boot status entries; file size indicates number
- * of entries.
- */
-};
-
-struct boot_status_entry {
- uint8_t bse_image_num;
- uint8_t bse_part_num;
-};
-
-#define BOOT_IMAGE_NUM_NONE 0xff
-
-There is a separate boot status entry for each flash area used by the boot
-loader (i.e., each area in the two slots, plus one for the scratch area). The
-entries are placed in the file in the same order as their corresponding areas
-in flash. Each entry indicates which image part is resident in the
-corresponding flash area. If a flash area does not contain any image data, its
-corresponding entry will have a bse_image_num value of BOOT_IMAGE_NUM_NONE.
-
-Consider the following example:
-
-Five flash areas are dedicated to image data, as follows:
-
- Area 0: slot 0, 0/1
- Area 1: slot 0, 1/1
- Area 2: slot 1, 0/1
- Area 3: slot 1, 1/1
- Area 4: scratch
-
-The following array of boot status entries is read from the status file:
-
- [0] = {
- .bse_image_num = 0,
- .bse_part_num = 0,
- },
- [1] = {
- .bse_image_num = 0,
- .bse_part_num = 1,
- },
- [2] = {
- .bse_image_num = 1,
- .bse_part_num = 0,
- },
- [3] = {
- .bse_image_num = 1,
- .bse_part_num = 1,
- },
- [4] = {
- .bse_image_num = 0xff,
- .bse_part_num = 0xff,
- },
-
-This status file indicates the following image placement:
-
- Area 0: image 0, part 0
- Area 1: image 0, part 1
- Area 2: image 1, part 0
- Area 3: image 1, part 1
- Scratch area: empty
-
-Images don't have an instrinsic image number. When a swap operation is
-started, the image initially in the primary slot is labelled image 0, and the
-image in the secondary slot is labelled image 1. All swap operations end with
-image 1 in the primary slot, and image 0 in the secondary slot.
-
-The boot status header containing the image sizes is necessary so that bootutil
-can determine how many flash areas each image occupies. Without this
-information, bootutil would need to swap the full contents of the image slots,
-including useless data after the end of each image.
-
-The status file is always deleted upon successful boot.
-
-
-*** IMAGE SWAPPING
-
-If the boot vector indicates that the image in the secondary slot should be
-run, the boot loader needs to copy it to the primary slot. The image currently
-in the primary slot also needs to be retained in flash so that it can be used
-later. Furthermore, both images need to be recoverable if the boot loader
-resets in the middle of the process. The two images are swapped according to
-the following procedure:
-
- 1. Determine how many flash areas are required to hold the desired image.
- 2. For each required area in the primary slot ("destination area"):
- a. Identify the flash area in the secondary slot which contains the
- required image data ("source area").
- b. Erase scratch area.
- c. Copy destination area to scratch area.
- d. Write updated boot status to the file system.
- e. Erase destination area.
- f. Copy source area to destination area.
- g. Write updated boot status to the file system.
- h. Erase source area.
- i. Copy scratch area to source area.
- j. Write updated boot status to the file system.
- 3. Determine how many flash areas are required to hold image 1.
- 4. For each required area in the secondary slot ("destination area"):
- a. If the destination area already contains the required image data,
- advance to the next image part.
- b. Else, identify the flash area in the primary slot which contains the
- required image data ("source area").
- c. Repeat steps b through j from step 2.
-
-This procedure ensures that the contents of the boot status file are always
-accurate, so the boot loader can recover after an unexpected reset.
-
-Step 4 is necessary in case the two images do not occupy the same number of
-flash areas.
-
-
-*** RESET RECOVERY
-
-If the boot loader resets in the middle of a swap operation, the two images may
-be discontiguous in flash. Bootutil recovers from this condition by using the
-boot status file to determine how the image parts are placed in flash.
-
-If the boot status file indicates that the images are not contiguous, bootutil
-completes the swap operation that was in progress when the system was reset.
-In other words, it applies the procedure defined in the previous section,
-moving image 1 into slot 0 and image 0 into slot 1. If the boot status file
-indicates that an image part is present in the scratch area, this part is
-copied into the correct location by starting at step e or step h in the
-area-swap procedure, depending on whether the part belongs to image 0 or image
-1.
-
-After the swap operation has been completed, the boot loader proceeds as though
-it had just been started.
-
-
-*** API
-
-The API consists of a single function:
-
-/**
- * Prepares the booting process. Based on the information provided in the
- * request object, this function moves images around in flash as appropriate,
- * and tells you what address to boot from.
- *
- * @param req Contains information about the flash layout.
- * @param rsp On success, indicates how booting should occur.
- *
- * @return 0 on success; nonzero on failure.
- */
-int boot_go(const struct boot_req *req, struct boot_rsp *rsp)
-
-The request and response structures are defined as follows:
-
-/** A request object instructing the boot loader how to proceed. */
-struct boot_req {
- /**
- * Array of area descriptors indicating the layout of internal flash; must
- * be terminated with a 0-length element.
- */
- struct nffs_area_desc *br_area_descs;
-
- /**
- * Array of indices of elements in the br_area_descs array; indicates which
- * areas hold image data.
- */
- uint8_t *br_image_areas;
-
- /**
- * Array of indices of elements in the br_area_descs array; indicates which
- * areas represent the beginning of an image slot. This should be a subset
- * of the br_image_areas array.
- */
- uint8_t *br_slot_areas;
-
- /**
- * The number of image areas (i.e., the size of the br_image_areas array).
- */
- uint8_t br_num_image_areas;
-
- /** The index of the area to use as the image scratch area. */
- uint8_t br_scratch_area_idx;
-};
-
-/**
- * A response object provided by the boot loader code; indicates where to jump
- * to execute the main image.
- */
-struct boot_rsp {
- /** A pointer to the header of the image to be executed. */
- const struct image_header *br_hdr;
-
- /**
- * The flash offset of the image to execute. Indicates the position of
- * the image header.
- */
- uint32_t br_image_addr;
-};
-
-
-*** EXAMPLE USAGE
-
-In this example, each image slot consists of three flash areas.
-
-/** Internal flash layout. */
-static struct nffs_area_desc boot_area_descs[] = {
- [0] = { 0x08000000, 16 * 1024 },
- [1] = { 0x08004000, 16 * 1024 },
- [2] = { 0x08008000, 16 * 1024 },
- [3] = { 0x0800c000, 16 * 1024 },
- [4] = { 0x08010000, 64 * 1024 },
- [5] = { 0x08020000, 128 * 1024 }, /* Image data; 0,0. */
- [6] = { 0x08040000, 128 * 1024 }, /* Image data; 0,1. */
- [7] = { 0x08060000, 128 * 1024 }, /* Image data; 0,2. */
- [8] = { 0x08080000, 128 * 1024 }, /* Image data; 1,0. */
- [9] = { 0x080a0000, 128 * 1024 }, /* Image data; 1,1. */
- [10] = { 0x080c0000, 128 * 1024 }, /* Image data; 1,2. */
- [11] = { 0x080e0000, 128 * 1024 }, /* Image scratch area. */
- { 0, 0 },
-};
-
-/** Contains indices of the areas which can contain image data. */
-static uint8_t boot_img_areas[] = {
- 5, 6, 7, 8, 9, 10, 11,
-};
-
-/** Areas representing the beginning of image slots. */
-static uint8_t boot_slot_areas[] = {
- 5, 8,
-};
-
-#define BOOT_NUM_IMG_AREAS \
- ((int)(sizeof boot_img_areas / sizeof boot_img_areas[0]))
-
-/** The scratch area to use during an image swap operation. */
-#define BOOT_AREA_IDX_SCRATCH 11
-
-int
-main(void)
-{
- struct boot_rsp rsp;
- int rc;
-
- const struct boot_req req = {
- .br_area_descs = boot_area_descs,
- .br_image_areas = boot_img_areas,
- .br_slot_areas = boot_slot_areas,
- .br_num_image_areas = BOOT_NUM_IMG_AREAS,
- .br_scratch_area_idx = BOOT_AREA_IDX_SCRATCH,
- };
-
- rc = boot_go(&req, &rsp);
- assert(rc == 0);
-
- /* Perform jump to address indicated by the response object. */
-
- return 0;
-}
-
-
-*** DEPENDENCIES
- * nffs (for the boot vector and boot status files).
- * os (for os_malloc() and os_free()).
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/include/bootutil/bootutil_misc.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/bootutil_misc.h b/libs/bootutil/include/bootutil/bootutil_misc.h
deleted file mode 100644
index 2e3049d..0000000
--- a/libs/bootutil/include/bootutil/bootutil_misc.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef __BOOTUTIL_MISC_H_
-#define __BOOTUTIL_MISC_H_
-
-int boot_vect_read_test(int *slot);
-int boot_vect_read_main(int *slot);
-int boot_vect_write_test(int slot);
-int boot_vect_write_main(void);
-
-#endif /* __BOOTUTIL_MISC_H_ */
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/include/bootutil/bootutil_test.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/bootutil_test.h b/libs/bootutil/include/bootutil/bootutil_test.h
deleted file mode 100644
index 55c8a67..0000000
--- a/libs/bootutil/include/bootutil/bootutil_test.h
+++ /dev/null
@@ -1,25 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef H_BOOTUTIL_TEST_
-#define H_BOOTUTIL_TEST_
-
-int boot_test_all(void);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/include/bootutil/image.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/image.h b/libs/bootutil/include/bootutil/image.h
deleted file mode 100644
index 0974d5b..0000000
--- a/libs/bootutil/include/bootutil/image.h
+++ /dev/null
@@ -1,89 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef H_IMAGE_
-#define H_IMAGE_
-
-#include <inttypes.h>
-
-#define IMAGE_MAGIC 0x96f3b83c
-#define IMAGE_MAGIC_NONE 0xffffffff
-
-/*
- * Image header flags.
- */
-#define IMAGE_F_PIC 0x00000001
-#define IMAGE_F_SHA256 0x00000002 /* Image contains hash TLV */
-#define IMAGE_F_PKCS15_RSA2048_SHA256 0x00000004 /* PKCS15 w/RSA and SHA */
-#define IMAGE_F_ECDSA224_SHA256 0x00000008 /* ECDSA256 over SHA256 */
-#define IMAGE_F_NON_BOOTABLE 0x00000010
-#define IMAGE_HEADER_SIZE 32
-
-/*
- * Image trailer TLV types.
- */
-#define IMAGE_TLV_SHA256 1 /* SHA256 of image hdr and body */
-#define IMAGE_TLV_RSA2048 2 /* RSA2048 of hash output */
-#define IMAGE_TLV_ECDSA224 3 /* ECDSA of hash output */
-
-struct image_version {
- uint8_t iv_major;
- uint8_t iv_minor;
- uint16_t iv_revision;
- uint32_t iv_build_num;
-};
-
-#define IMAGE_SIZE(hdr) \
- ((hdr)->ih_tlv_size + (hdr)->ih_hdr_size + (hdr)->ih_img_size)
-
-/** Image header. All fields are in little endian byte order. */
-struct image_header {
- uint32_t ih_magic;
- uint16_t ih_tlv_size; /* Trailing TLVs */
- uint8_t ih_key_id;
- uint8_t _pad1;
- uint16_t ih_hdr_size;
- uint16_t _pad2;
- uint32_t ih_img_size; /* Does not include header. */
- uint32_t ih_flags;
- struct image_version ih_ver;
- uint32_t _pad3;
-};
-
-/** Image trailer TLV format. All fields in little endian. */
-struct image_tlv {
- uint8_t it_type;
- uint8_t _pad;
- uint16_t it_len;
-};
-
-struct boot_image_location {
- uint8_t bil_flash_id;
- uint32_t bil_address;
-};
-
-
-_Static_assert(sizeof(struct image_header) == IMAGE_HEADER_SIZE,
- "struct image_header not required size");
-
-int bootutil_img_validate(struct image_header *hdr, uint8_t flash_id,
- uint32_t addr, uint8_t *tmp_buf, uint32_t tmp_buf_sz,
- uint8_t *seed, int seed_len, uint8_t *out_hash);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/include/bootutil/loader.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/loader.h b/libs/bootutil/include/bootutil/loader.h
deleted file mode 100644
index 75e0d01..0000000
--- a/libs/bootutil/include/bootutil/loader.h
+++ /dev/null
@@ -1,84 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef H_LOADER_
-#define H_LOADER_
-
-#include <inttypes.h>
-struct image_header;
-
-/** A request object instructing the boot loader how to proceed. */
-struct boot_req {
- /**
- * Array of area descriptors indicating the layout of flash(es); must
- * be terminated with a 0-length element.
- */
- struct flash_area *br_area_descs;
-
- /**
- * Array of indices of elements in the br_area_descs array; indicates which
- * areas represent the beginning of an image slot. These are indices
- * to br_area_descs array.
- */
- uint8_t *br_slot_areas;
-
- /**
- * The number of image areas (i.e., the size of the br_image_areas array).
- */
- uint8_t br_num_image_areas;
-
- /** The area to use as the image scratch area, index is
- index to br_area_descs array, of the */
- uint8_t br_scratch_area_idx;
-
- /** Size of the image slot */
- uint32_t br_img_sz;
-};
-
-/**
- * A response object provided by the boot loader code; indicates where to jump
- * to execute the main image.
- */
-struct boot_rsp {
- /** A pointer to the header of the image to be executed. */
- const struct image_header *br_hdr;
-
- /**
- * The flash offset of the image to execute. Indicates the position of
- * the image header.
- */
- uint8_t br_flash_id;
- uint32_t br_image_addr;
-};
-
-/* you must have pre-allocated all the entries within this structure */
-int
-boot_build_request(struct boot_req *preq, int area_descriptor_max);
-
-int
-boot_go(const struct boot_req *req, struct boot_rsp *rsp);
-
-
-#define SPLIT_GO_OK (0)
-#define SPLIT_GO_NON_MATCHING (-1)
-#define SPLIT_GO_ERR (-2)
-int
-split_go(int loader_slot, int split_slot, void **entry);
-
-#endif
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/include/bootutil/sign_key.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/include/bootutil/sign_key.h b/libs/bootutil/include/bootutil/sign_key.h
deleted file mode 100644
index 5ccda90..0000000
--- a/libs/bootutil/include/bootutil/sign_key.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef __BOOTUTIL_SIGN_KEY_H_
-#define __BOOTUTIL_SIGN_KEY_H_
-
-#include <stdint.h>
-
-struct bootutil_key {
- const uint8_t *key;
- const unsigned int *len;
-};
-
-extern const struct bootutil_key bootutil_keys[];
-extern const int bootutil_key_cnt;
-
-#endif /* __BOOTUTIL_SIGN_KEY_H_ */
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/pkg.yml
----------------------------------------------------------------------
diff --git a/libs/bootutil/pkg.yml b/libs/bootutil/pkg.yml
deleted file mode 100644
index 390610a..0000000
--- a/libs/bootutil/pkg.yml
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-
-pkg.name: libs/bootutil
-pkg.description: The bootutil library performs most of the functions of a boot loader.
-pkg.author: "Apache Mynewt <de...@mynewt.incubator.apache.org>"
-pkg.homepage: "http://mynewt.apache.org/"
-pkg.keywords:
- - boot
- - bootloader
-
-pkg.deps:
- - hw/hal
- - crypto/mbedtls
- - libs/os
-
-pkg.syscfg_defs:
- BOOTUTIL_SIGN_RSA:
- description: 'TBD'
- value: '0'
- BOOTUTIL_SIGN_EC:
- description: 'TBD'
- value: '0'
-pkg.cflags.IMAGE_KEYS_RSA: -DIMAGE_SIGNATURES_RSA
-pkg.cflags.IMAGE_KEYS_EC: -DIMAGE_SIGNATURES_EC
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/signed_images.md
----------------------------------------------------------------------
diff --git a/libs/bootutil/signed_images.md b/libs/bootutil/signed_images.md
deleted file mode 100644
index 39792ea..0000000
--- a/libs/bootutil/signed_images.md
+++ /dev/null
@@ -1,91 +0,0 @@
-<!--
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
--->
-
-## Image signing
-
-This signs the image by computing hash over the image, and then
-signing that hash. Signature is computed by newt tool when it's
-creating the image. This signature is placed in the image trailer.
-
-The public key of this keypair must be included in the bootloader,
-as it verifies it before allowing the image to run.
-
-This facility allows you to use multiple signing keys. This would
-be useful when you want to prevent production units from booting
-development images, but want development units to be able to boot
-both production images and development images.
-
-## Creating signing keys
-First you need a keypair to use for signing. You can create
-one with openssl command line tool.
-
-openssl genrsa -out image_sign.pem 2048
-
-This created a file which contains both the private and public key,
-and will be used when signing images.
-
-Then you need to extract the public key from this to include it
-in the bootloader. Bootloader need to keep key parsing minimal,
-so it expects simple key format.
-
-openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSAPublicKey_out
-
-Now the public key is in file called image_sign_pub.der.
-
-## Creating a key package
-
-xxd -i image_sign_pub.der image_sign_pub.c.import
-
-Then you need to create a package containing this key, or keys.
-In the pkg.yml for this package, you advertise feature IMAGE_KEYS_RSA or
-IMAGE_KEYS_EC.
-Once this is done, bootloader will expect keys to be filled in
-'bootutil_keys', and the number of keys to be in 'bootutil_key_cnt'.
-
-## Sample pkg.yml
-This gets bootutil to turn on image signature validation.
-
- pkg.name: libs/mykeys
- pkg.deps:
- - libs/bootutil
- pkg.features.bootloader:
- - IMAGE_KEYS_RSA
-
-## Sample source file
-This exports the keys.
-
- #include <bootutil/sign_key.h>
-
- #include "image_sign_pub.c.import"
-
- const struct bootutil_key bootutil_keys[] = {
- [0] = {
- .key = image_sign_pub_der,
- .len = &image_sign_pub_der_len,
- }
- };
-
- const int bootutil_key_cnt = sizeof(bootutil_keys) / sizeof(bootutil_keys[0]);
-
-## Building bootloader
-
-After you've created the key package, you must include it in the build
-for bootloader. So modify the pkg.yml for apps/boot to include it.
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/bootutil_misc.c
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/bootutil_misc.c b/libs/bootutil/src/bootutil_misc.c
deleted file mode 100644
index f64d2a4..0000000
--- a/libs/bootutil/src/bootutil_misc.c
+++ /dev/null
@@ -1,319 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <assert.h>
-#include <string.h>
-#include <inttypes.h>
-
-#include "syscfg/syscfg.h"
-#include "hal/hal_bsp.h"
-#include "hal/hal_flash.h"
-#include "hal/flash_map.h"
-#include "os/os.h"
-#include "bootutil/image.h"
-#include "bootutil/loader.h"
-#include "bootutil/bootutil_misc.h"
-#include "bootutil_priv.h"
-
-/*
- * Read the image trailer from a given slot.
- */
-static int
-boot_vect_read_img_trailer(int slot, struct boot_img_trailer *bit)
-{
- int rc;
- const struct flash_area *fap;
- uint32_t off;
-
- rc = flash_area_open(slot, &fap);
- if (rc) {
- return rc;
- }
- off = fap->fa_size - sizeof(struct boot_img_trailer);
- rc = flash_area_read(fap, off, bit, sizeof(*bit));
- flash_area_close(fap);
-
- return rc;
-}
-
-/**
- * Retrieves from the slot number of the test image (i.e.,
- * the image that has not been proven stable, and which will only run once).
- *
- * @param slot On success, the slot number of image to boot.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_vect_read_test(int *slot)
-{
- struct boot_img_trailer bit;
- int i;
- int rc;
-
- for (i = FLASH_AREA_IMAGE_0; i <= FLASH_AREA_IMAGE_1; i++) {
- if (i == bsp_imgr_current_slot()) {
- continue;
- }
- rc = boot_vect_read_img_trailer(i, &bit);
- if (rc) {
- continue;
- }
- if (bit.bit_copy_start == BOOT_IMG_MAGIC) {
- *slot = i;
- return 0;
- }
- }
- return -1;
-}
-
-/**
- * Retrieves from the slot number of the main image. If this is
- * different from test image slot, next restart will revert to main.
- *
- * @param out_ver On success, the main version gets written here.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_vect_read_main(int *slot)
-{
- int rc;
- struct boot_img_trailer bit;
-
- rc = boot_vect_read_img_trailer(FLASH_AREA_IMAGE_0, &bit);
- assert(rc == 0);
-
- if (bit.bit_copy_start != BOOT_IMG_MAGIC || bit.bit_img_ok != 0xff) {
- /*
- * If there never was copy that took place, or if the current
- * image has been marked good, we'll keep booting it.
- */
- *slot = FLASH_AREA_IMAGE_0;
- } else {
- *slot = FLASH_AREA_IMAGE_1;
- }
- return 0;
-}
-
-/**
- * Write the test image version number from the boot vector.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_vect_write_test(int slot)
-{
- const struct flash_area *fap;
- uint32_t off;
- uint32_t magic;
- int rc;
-
- rc = flash_area_open(slot, &fap);
- if (rc) {
- return rc;
- }
-
- off = fap->fa_size - sizeof(struct boot_img_trailer);
- magic = BOOT_IMG_MAGIC;
-
- rc = flash_area_write(fap, off, &magic, sizeof(magic));
- flash_area_close(fap);
-
- return rc;
-}
-
-/**
- * Deletes the main image version number from the boot vector.
- * This must be called by the app to confirm that it is ok to keep booting
- * to this image.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_vect_write_main(void)
-{
- const struct flash_area *fap;
- uint32_t off;
- int rc;
- uint8_t val;
-
- /*
- * Write to slot 0.
- */
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
- if (rc) {
- return rc;
- }
-
- off = fap->fa_size - sizeof(struct boot_img_trailer);
- off += (sizeof(uint32_t) + sizeof(uint8_t));
- rc = flash_area_read(fap, off, &val, sizeof(val));
- if (!rc && val == 0xff) {
- val = 0;
- rc = flash_area_write(fap, off, &val, sizeof(val));
- }
- return rc;
-}
-
-/**
- * Reads the header of image present in flash. Header corresponding to
- * empty image slot is filled with 0xff bytes.
- *
- * @param out_headers Points to an array of image headers. Each
- * element is filled with the header of the
- * corresponding image in flash.
- * @param addresses An array containing the flash addresses of each
- * image slot.
- * @param num_addresses The number of headers to read. This should
- * also be equal to the lengths of the
- * out_headers and addresses arrays.
- */
-int
-boot_read_image_header(struct boot_image_location *loc,
- struct image_header *out_hdr)
-{
- int rc;
-
- rc = hal_flash_read(loc->bil_flash_id, loc->bil_address, out_hdr,
- sizeof *out_hdr);
- if (rc != 0) {
- rc = BOOT_EFLASH;
- } else if (out_hdr->ih_magic != IMAGE_MAGIC) {
- rc = BOOT_EBADIMAGE;
- }
-
- if (rc) {
- memset(out_hdr, 0xff, sizeof(*out_hdr));
- }
- return rc;
-}
-
-/*
- * How far has the copy progressed?
- */
-static void
-boot_read_status_bytes(struct boot_status *bs, uint8_t flash_id, uint32_t off)
-{
- uint8_t status;
-
- assert(bs->elem_sz);
- off -= bs->elem_sz * 2;
- while (1) {
- hal_flash_read(flash_id, off, &status, sizeof(status));
- if (status == 0xff) {
- break;
- }
- off -= bs->elem_sz;
- if (bs->state == 2) {
- bs->idx++;
- bs->state = 0;
- } else {
- bs->state++;
- }
- }
-}
-
-/**
- * Reads the boot status from the flash. The boot status contains
- * the current state of an interrupted image copy operation. If the boot
- * status is not present, or it indicates that previous copy finished,
- * there is no operation in progress.
- */
-int
-boot_read_status(struct boot_status *bs)
-{
- struct boot_img_trailer bit;
- uint8_t flash_id;
- uint32_t off;
-
- /*
- * Check if boot_img_trailer is in scratch, or at the end of slot0.
- */
- boot_slot_magic(0, &bit);
- if (bit.bit_copy_start == BOOT_IMG_MAGIC && bit.bit_copy_done == 0xff) {
- boot_magic_loc(0, &flash_id, &off);
- boot_read_status_bytes(bs, flash_id, off);
- return 1;
- }
- boot_scratch_magic(&bit);
- if (bit.bit_copy_start == BOOT_IMG_MAGIC && bit.bit_copy_done == 0xff) {
- boot_scratch_loc(&flash_id, &off);
- boot_read_status_bytes(bs, flash_id, off);
- return 1;
- }
- return 0;
-}
-
-
-/**
- * Writes the supplied boot status to the flash file system. The boot status
- * contains the current state of an in-progress image copy operation.
- *
- * @param bs The boot status to write.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_write_status(struct boot_status *bs)
-{
- uint32_t off;
- uint8_t flash_id;
- uint8_t val;
-
- if (bs->idx == 0) {
- /*
- * Write to scratch
- */
- boot_scratch_loc(&flash_id, &off);
- } else {
- /*
- * Write to slot 0;
- */
- boot_magic_loc(0, &flash_id, &off);
- }
- off -= ((3 * bs->elem_sz) * bs->idx + bs->elem_sz * (bs->state + 1));
-
- val = bs->state;
- hal_flash_write(flash_id, off, &val, sizeof(val));
-
- return 0;
-}
-
-/**
- * Finalizes the copy-in-progress status on the flash. The boot status
- * contains the current state of an in-progress image copy operation. By
- * clearing this, it is implied that there is no copy operation in
- * progress.
- */
-void
-boot_clear_status(void)
-{
- uint32_t off;
- uint8_t val = 0;
- uint8_t flash_id;
-
- /*
- * Write to slot 0; boot_img_trailer is the 8 bytes within image slot.
- * Here we say that copy operation was finished.
- */
- boot_magic_loc(0, &flash_id, &off);
- off += sizeof(uint32_t);
- hal_flash_write(flash_id, off, &val, sizeof(val));
-}
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/bootutil_priv.h
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/bootutil_priv.h b/libs/bootutil/src/bootutil_priv.h
deleted file mode 100644
index e5b231c..0000000
--- a/libs/bootutil/src/bootutil_priv.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#ifndef H_BOOTUTIL_PRIV_
-#define H_BOOTUTIL_PRIV_
-
-#include "bootutil/image.h"
-
-#define BOOT_EFLASH 1
-#define BOOT_EFILE 2
-#define BOOT_EBADIMAGE 3
-#define BOOT_EBADVECT 4
-#define BOOT_EBADSTATUS 5
-#define BOOT_ENOMEM 6
-#define BOOT_EBADARGS 7
-
-#define BOOT_TMPBUF_SZ 256
-
-
-
-/*
- * Maintain state of copy progress.
- */
-struct boot_status {
- uint32_t idx; /* Which area we're operating on */
- uint8_t elem_sz; /* Size of the status element to write in bytes */
- uint8_t state; /* Which part of the swapping process are we at */
-};
-
-/*
- * End-of-image slot data structure.
- */
-#define BOOT_IMG_MAGIC 0x12344321
-struct boot_img_trailer {
- uint32_t bit_copy_start;
- uint8_t bit_copy_done;
- uint8_t bit_img_ok;
- uint16_t _pad;
-};
-
-int bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
- uint8_t key_id);
-
-int boot_read_image_header(struct boot_image_location *loc,
- struct image_header *out_hdr);
-int boot_write_status(struct boot_status *bs);
-int boot_read_status(struct boot_status *bs);
-void boot_clear_status(void);
-
-void boot_magic_loc(int slot_num, uint8_t *flash_id, uint32_t *off);
-void boot_scratch_loc(uint8_t *flash_id, uint32_t *off);
-void boot_slot_magic(int slot_num, struct boot_img_trailer *bit);
-void boot_scratch_magic(struct boot_img_trailer *bit);
-
-struct boot_req;
-void boot_req_set(struct boot_req *req);
-
-#endif
-
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/image_ec.c
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/image_ec.c b/libs/bootutil/src/image_ec.c
deleted file mode 100644
index f3adfcf..0000000
--- a/libs/bootutil/src/image_ec.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include "syscfg/syscfg.h"
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
-#include "bootutil/sign_key.h"
-
-#include "mbedtls/sha256.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/asn1.h"
-
-#include "bootutil_priv.h"
-
-/*
- * Declaring these like this adds NULL termination.
- */
-static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
-static const uint8_t ec_secp224r1_oid[] = MBEDTLS_OID_EC_GRP_SECP224R1;
-
-/*
- * Parse the public key used for signing. Simple RSA format.
- */
-static int
-bootutil_parse_eckey(mbedtls_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
-{
- size_t len;
- mbedtls_asn1_buf alg;
- mbedtls_asn1_buf param;
-
- if (mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
- return -1;
- }
- end = *p + len;
-
- if (mbedtls_asn1_get_alg(p, end, &alg, ¶m)) {
- return -2;
- }
- if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
- memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
- return -3;
- }
- if (param.len != sizeof(ec_secp224r1_oid) - 1||
- memcmp(param.p, ec_secp224r1_oid, sizeof(ec_secp224r1_oid) - 1)) {
- return -4;
- }
-
- if (mbedtls_ecp_group_load_secp224r1(&ctx->grp)) {
- return -5;
- }
-
- if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
- return -6;
- }
- if (*p + len != end) {
- return -7;
- }
-
- if (mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, *p, end - *p)) {
- return -8;
- }
-
- if (mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q)) {
- return -9;
- }
- return 0;
-}
-
-static int
-bootutil_cmp_sig(mbedtls_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
- uint8_t *sig, int slen)
-{
- return mbedtls_ecdsa_read_signature(ctx, hash, hlen, sig, slen);
-}
-
-int
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
- uint8_t key_id)
-{
- int rc;
- uint8_t *cp;
- uint8_t *end;
- mbedtls_ecdsa_context ctx;
-
- mbedtls_ecdsa_init(&ctx);
-
- cp = (uint8_t *)bootutil_keys[key_id].key;
- end = cp + *bootutil_keys[key_id].len;
-
- rc = bootutil_parse_eckey(&ctx, &cp, end);
- if (rc) {
- return -1;
- }
-
- while (sig[slen - 1] == '\0') {
- slen--;
- }
- rc = bootutil_cmp_sig(&ctx, hash, hlen, sig, slen);
- mbedtls_ecdsa_free(&ctx);
-
- return rc;
-}
-#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC) */
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/image_rsa.c
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/image_rsa.c b/libs/bootutil/src/image_rsa.c
deleted file mode 100644
index e556092..0000000
--- a/libs/bootutil/src/image_rsa.c
+++ /dev/null
@@ -1,144 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include "syscfg/syscfg.h"
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
-#include "bootutil/sign_key.h"
-
-#include "mbedtls/rsa.h"
-#include "mbedtls/asn1.h"
-
-#include "bootutil_priv.h"
-
-static const uint8_t sha256_oid[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20
-};
-
-/*
- * Parse the public key used for signing. Simple RSA format.
- */
-static int
-bootutil_parse_rsakey(mbedtls_rsa_context *ctx, uint8_t **p, uint8_t *end)
-{
- int rc;
- size_t len;
-
- if ((rc = mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
- return -1;
- }
-
- if (*p + len != end) {
- return -2;
- }
-
- if ((rc = mbedtls_asn1_get_mpi(p, end, &ctx->N)) != 0 ||
- (rc = mbedtls_asn1_get_mpi(p, end, &ctx->E)) != 0) {
- return -3;
- }
-
- if (*p != end) {
- return -4;
- }
-
- if ((rc = mbedtls_rsa_check_pubkey(ctx)) != 0) {
- return -5;
- }
-
- ctx->len = mbedtls_mpi_size(&ctx->N);
-
- return 0;
-}
-
-/*
- * PKCS1.5 using RSA2048 computed over SHA256.
- */
-static int
-bootutil_cmp_rsasig(mbedtls_rsa_context *ctx, uint8_t *hash, uint32_t hlen,
- uint8_t *sig)
-{
- uint8_t buf[MBEDTLS_MPI_MAX_SIZE];
- uint8_t *p;
-
- if (ctx->len != 256) {
- return -1;
- }
-
- if (mbedtls_rsa_public(ctx, sig, buf)) {
- return -1;
- }
-
- p = buf;
-
- if (*p++ != 0 || *p++ != MBEDTLS_RSA_SIGN) {
- return -1;
- }
-
- while (*p != 0) {
- if (p >= buf + ctx->len - 1 || *p != 0xFF) {
- return -1;
- }
- p++;
- }
- p++;
-
- if ((p - buf) + sizeof(sha256_oid) + hlen != ctx->len) {
- return -1;
- }
-
- if (memcmp(p, sha256_oid, sizeof(sha256_oid))) {
- return -1;
- }
- p += sizeof(sha256_oid);
-
- if (memcmp(p, hash, hlen)) {
- return -1;
- }
-
- return 0;
-}
-
-int
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
- uint8_t key_id)
-{
- mbedtls_rsa_context ctx;
- int rc;
- uint8_t *cp;
- uint8_t *end;
-
- mbedtls_rsa_init(&ctx, 0, 0);
-
- cp = (uint8_t *)bootutil_keys[key_id].key;
- end = cp + *bootutil_keys[key_id].len;
-
- rc = bootutil_parse_rsakey(&ctx, &cp, end);
- if (rc || slen != ctx.len) {
- mbedtls_rsa_free(&ctx);
- return rc;
- }
- rc = bootutil_cmp_rsasig(&ctx, hash, hlen, sig);
- mbedtls_rsa_free(&ctx);
-
- return rc;
-}
-#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_RSA) */
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/image_validate.c
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/image_validate.c b/libs/bootutil/src/image_validate.c
deleted file mode 100644
index 3793948..0000000
--- a/libs/bootutil/src/image_validate.c
+++ /dev/null
@@ -1,198 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <inttypes.h>
-#include <string.h>
-
-#include "syscfg/syscfg.h"
-#include "hal/hal_flash.h"
-#include "bootutil/image.h"
-#include "bootutil/sign_key.h"
-
-#include "mbedtls/sha256.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/asn1.h"
-
-#include "bootutil_priv.h"
-
-/*
- * Compute SHA256 over the image.
- */
-static int
-bootutil_img_hash(struct image_header *hdr, uint8_t flash_id, uint32_t addr,
- uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result, uint8_t *seed, int seed_len)
-{
- mbedtls_sha256_context sha256_ctx;
- uint32_t blk_sz;
- uint32_t size;
- uint32_t off;
- int rc;
-
- mbedtls_sha256_init(&sha256_ctx);
- mbedtls_sha256_starts(&sha256_ctx, 0);
-
- /* in some cases (split image) the hash is seeded with data from
- * the loader image */
- if(seed && (seed_len > 0)) {
- mbedtls_sha256_update(&sha256_ctx, seed, seed_len);
- }
-
- size = hdr->ih_img_size + hdr->ih_hdr_size;
-
- /*
- * Hash is computed over image header and image itself. No TLV is
- * included ATM.
- */
- size = hdr->ih_img_size + hdr->ih_hdr_size;
- for (off = 0; off < size; off += blk_sz) {
- blk_sz = size - off;
- if (blk_sz > tmp_buf_sz) {
- blk_sz = tmp_buf_sz;
- }
- rc = hal_flash_read(flash_id, addr + off, tmp_buf, blk_sz);
- if (rc) {
- return rc;
- }
- mbedtls_sha256_update(&sha256_ctx, tmp_buf, blk_sz);
- }
- mbedtls_sha256_finish(&sha256_ctx, hash_result);
-
- return 0;
-}
-
-/*
- * Verify the integrity of the image.
- * Return non-zero if image could not be validated/does not validate.
- */
-int
-bootutil_img_validate(struct image_header *hdr, uint8_t flash_id, uint32_t addr,
- uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *seed, int seed_len, uint8_t *out_hash)
-{
- uint32_t off;
- uint32_t size;
- uint32_t sha_off = 0;
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC)
- uint32_t sig_off = 0;
- uint32_t sig_len = 0;
-#endif
- struct image_tlv tlv;
- uint8_t buf[256];
- uint8_t hash[32];
- int rc;
-
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
- if ((hdr->ih_flags & IMAGE_F_PKCS15_RSA2048_SHA256) == 0) {
- return -1;
- }
-#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
- if ((hdr->ih_flags & IMAGE_F_ECDSA224_SHA256) == 0) {
- return -1;
- }
-#endif
- if ((hdr->ih_flags & IMAGE_F_SHA256) == 0) {
- return -1;
- }
-
- rc = bootutil_img_hash(hdr, flash_id, addr, tmp_buf, tmp_buf_sz, hash, seed, seed_len);
- if (rc) {
- return rc;
- }
-
- if(out_hash) {
- memcpy(out_hash, hash, 32);
- }
-
- /*
- * After image there's TLVs.
- */
- off = hdr->ih_img_size + hdr->ih_hdr_size;
- size = off + hdr->ih_tlv_size;
-
- for (; off < size; off += sizeof(tlv) + tlv.it_len) {
- rc = hal_flash_read(flash_id, addr + off, &tlv, sizeof(tlv));
- if (rc) {
- return rc;
- }
- if (tlv.it_type == IMAGE_TLV_SHA256) {
- if (tlv.it_len != sizeof(hash)) {
- return -1;
- }
- sha_off = addr + off + sizeof(tlv);
- }
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA)
- if (tlv.it_type == IMAGE_TLV_RSA2048) {
- if (tlv.it_len != 256) { /* 2048 bits */
- return -1;
- }
- sig_off = addr + off + sizeof(tlv);
- sig_len = tlv.it_len;
- }
-#endif
-#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
- if (tlv.it_type == IMAGE_TLV_ECDSA224) {
- if (tlv.it_len < 64) { /* oids + 2 * 28 bytes */
- return -1;
- }
- sig_off = addr + off + sizeof(tlv);
- sig_len = tlv.it_len;
- }
-#endif
- }
- if (hdr->ih_flags & IMAGE_F_SHA256) {
- if (!sha_off) {
- /*
- * Header said there should be hash TLV, no TLV found.
- */
- return -1;
- }
- rc = hal_flash_read(flash_id, sha_off, buf, sizeof(hash));
- if (rc) {
- return rc;
- }
- if (memcmp(hash, buf, sizeof(hash))) {
- return -1;
- }
- }
-#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC)
- if (!sig_off) {
- /*
- * Header said there should be PKCS1.v5 signature, no TLV
- * found.
- */
- return -1;
- }
- rc = hal_flash_read(flash_id, sig_off, buf, sig_len);
- if (rc) {
- return -1;
- }
-
- if (hdr->ih_key_id >= bootutil_key_cnt) {
- return -1;
- }
- rc = bootutil_verify_sig(hash, sizeof(hash), buf, sig_len, hdr->ih_key_id);
- if (rc) {
- return -1;
- }
-#endif
- return 0;
-}
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/src/loader.c
----------------------------------------------------------------------
diff --git a/libs/bootutil/src/loader.c b/libs/bootutil/src/loader.c
deleted file mode 100644
index e2d4cfa..0000000
--- a/libs/bootutil/src/loader.c
+++ /dev/null
@@ -1,652 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <assert.h>
-#include <stddef.h>
-#include <inttypes.h>
-#include <stdlib.h>
-#include <string.h>
-#include <hal/flash_map.h>
-#include <hal/hal_flash.h>
-#include <os/os_malloc.h>
-#include "bootutil/loader.h"
-#include "bootutil/image.h"
-#include "bootutil/bootutil_misc.h"
-#include "bootutil_priv.h"
-
-/** Number of image slots in flash; currently limited to two. */
-#define BOOT_NUM_SLOTS 2
-
-/** The request object provided by the client. */
-static const struct boot_req *boot_req;
-
-/** Info about image slots. */
-static struct boot_img {
- struct image_header hdr;
- struct boot_image_location loc;
- uint32_t area;
-} boot_img[BOOT_NUM_SLOTS];
-
-static struct boot_status boot_state;
-
-static int boot_erase_area(int area_idx, uint32_t sz);
-static uint32_t boot_copy_sz(int max_idx, int *cnt);
-
-
-int
-boot_build_request(struct boot_req *preq, int area_descriptor_max)
-{
- int cnt;
- int total;
- int rc;
- const struct flash_area *fap;
- struct flash_area *descs = preq->br_area_descs;
- uint8_t *img_starts = preq->br_slot_areas;
-
- cnt = area_descriptor_max;
- rc = flash_area_to_sectors(FLASH_AREA_IMAGE_0, &cnt, descs);
- img_starts[0] = 0;
- total = cnt;
-
- flash_area_open(FLASH_AREA_IMAGE_0, &fap);
- preq->br_img_sz = fap->fa_size;
-
- cnt = area_descriptor_max - total;
- if( cnt < 0) {
- return -1;
- }
-
- rc = flash_area_to_sectors(FLASH_AREA_IMAGE_1, &cnt, &descs[total]);
- if(rc != 0) {
- return -2;
- }
- img_starts[1] = total;
- total += cnt;
-
- cnt = area_descriptor_max - total;
- if( cnt < 0) {
- return -3;
- }
-
- rc = flash_area_to_sectors(FLASH_AREA_IMAGE_SCRATCH, &cnt, &descs[total]);
- if(rc != 0) {
- return -4;
- }
-
- preq->br_scratch_area_idx = total;
- total += cnt;
- preq->br_num_image_areas = total;
- return 0;
-}
-
-void
-boot_req_set(struct boot_req *req)
-{
- boot_req = req;
-}
-
-/**
- * Calculates the flash offset of the specified image slot.
- *
- * @param slot_num The number of the slot to calculate.
- * @param loc The flash location of the slot.
- *
- */
-static void
-boot_slot_addr(int slot_num, struct boot_image_location *loc)
-{
- const struct flash_area *area_desc;
- uint8_t area_idx;
-
- area_idx = boot_req->br_slot_areas[slot_num];
- area_desc = boot_req->br_area_descs + area_idx;
- loc->bil_flash_id = area_desc->fa_flash_id;
- loc->bil_address = area_desc->fa_off;
-}
-
-/*
- * Status about copy-in-progress is either in slot0 (target slot) or
- * in scratch area. It is in scratch area if the process is currently
- * moving the last sector within image.
- *
- * If the copy-in-progress status is within the image slot, it will
- * be at the end of the area.
- * If the sector containing the boot copy status is in scratch, it's
- * offset from beginning of scratch depends on how much of the image
- * fits inside the scratch area.
- *
- * We start copy from the end of image, so boot-copy-status is in
- * scratch when the first area is being moved. Otherwise it will be
- * in slot 0.
- */
-void
-boot_magic_loc(int slot_num, uint8_t *flash_id, uint32_t *off)
-{
- struct boot_img *b;
-
- b = &boot_img[slot_num];
- *flash_id = b->loc.bil_flash_id;
- *off = b->area + b->loc.bil_address - sizeof(struct boot_img_trailer);
-}
-
-void
-boot_scratch_loc(uint8_t *flash_id, uint32_t *off)
-{
- struct flash_area *scratch;
- int cnt;
-
- scratch = &boot_req->br_area_descs[boot_req->br_scratch_area_idx];
- *flash_id = scratch->fa_flash_id;
-
- /*
- * Calculate where the boot status would be, if it was copied to scratch.
- */
- *off = boot_copy_sz(boot_req->br_slot_areas[1], &cnt);
- *off += (scratch->fa_off - sizeof(struct boot_img_trailer));
-}
-
-void
-boot_slot_magic(int slot_num, struct boot_img_trailer *bit)
-{
- uint32_t off;
- uint8_t flash_id;
-
- boot_magic_loc(slot_num, &flash_id, &off);
- memset(bit, 0xff, sizeof(*bit));
- hal_flash_read(flash_id, off, bit, sizeof(*bit));
-}
-
-void
-boot_scratch_magic(struct boot_img_trailer *bit)
-{
- uint32_t off;
- uint8_t flash_id;
-
- boot_scratch_loc(&flash_id, &off);
- memset(bit, 0xff, sizeof(*bit));
- hal_flash_read(flash_id, off, bit, sizeof(*bit));
-}
-
-/*
- * Gather info about image in a given slot.
- */
-void
-boot_image_info(void)
-{
- int i;
- struct boot_img *b;
- struct flash_area *scratch;
-
- for (i = 0; i < BOOT_NUM_SLOTS; i++) {
- b = &boot_img[i];
- boot_slot_addr(i, &b->loc);
- boot_read_image_header(&b->loc, &b->hdr);
- b->area = boot_req->br_img_sz;
- }
-
- /*
- * Figure out what size to write update status update as.
- * The size depends on what the minimum write size is for scratch
- * area, active image slot. We need to use the bigger of those 2
- * values.
- */
- boot_state.elem_sz = hal_flash_align(boot_img[0].loc.bil_flash_id);
-
- scratch = &boot_req->br_area_descs[boot_req->br_scratch_area_idx];
- i = hal_flash_align(scratch->fa_flash_id);
- if (i > boot_state.elem_sz) {
- boot_state.elem_sz = i;
- }
-}
-
-static int
-boot_image_bootable(struct image_header *hdr) {
- return ((hdr->ih_flags & IMAGE_F_NON_BOOTABLE) == 0);
-}
-
-/*
- * Validate image hash/signature in a slot.
- */
-static int
-boot_image_check(struct image_header *hdr, struct boot_image_location *loc)
-{
- static void *tmpbuf;
-
- if (!tmpbuf) {
- tmpbuf = malloc(BOOT_TMPBUF_SZ);
- if (!tmpbuf) {
- return BOOT_ENOMEM;
- }
- }
- if (bootutil_img_validate(hdr, loc->bil_flash_id, loc->bil_address,
- tmpbuf, BOOT_TMPBUF_SZ, NULL, 0, NULL)) {
- return BOOT_EBADIMAGE;
- }
- return 0;
-}
-
-
-static int
-split_image_check(struct image_header *app_hdr, struct boot_image_location *app_loc,
- struct image_header *loader_hdr, struct boot_image_location *loader_loc)
-{
- static void *tmpbuf;
- uint8_t loader_hash[32];
-
- if (!tmpbuf) {
- tmpbuf = malloc(BOOT_TMPBUF_SZ);
- if (!tmpbuf) {
- return BOOT_ENOMEM;
- }
- }
- if (bootutil_img_validate(loader_hdr, loader_loc->bil_flash_id, loader_loc->bil_address,
- tmpbuf, BOOT_TMPBUF_SZ, NULL, 0, loader_hash)) {
- return BOOT_EBADIMAGE;
- }
-
- if (bootutil_img_validate(app_hdr, app_loc->bil_flash_id, app_loc->bil_address,
- tmpbuf, BOOT_TMPBUF_SZ, loader_hash, 32, NULL)) {
- return BOOT_EBADIMAGE;
- }
- return 0;
-}
-
-/**
- * Selects a slot number to boot from.
- *
- * @return The slot number to boot from on success;
- * -1 if an appropriate slot could not be
- * determined.
- */
-static int
-boot_select_image_slot(void)
-{
- /*
- * Check for swap magic. Check the integrity of the suggested image.
- */
- int rc;
- int i;
- struct boot_img *b;
- struct boot_img_trailer bit;
-
- boot_slot_magic(0, &bit);
- if (bit.bit_copy_start == BOOT_IMG_MAGIC && bit.bit_copy_done != 0xff &&
- bit.bit_img_ok == 0xff) {
- /*
- * Copied the image successfully, but image was not confirmed as good.
- * We need to go back to another image.
- */
- boot_vect_write_test(FLASH_AREA_IMAGE_1);
- }
- for (i = 1; i < BOOT_NUM_SLOTS; i++) {
- b = &boot_img[i];
- boot_slot_magic(i, &bit);
- if (bit.bit_copy_start == BOOT_IMG_MAGIC) {
- if (b->hdr.ih_magic == IMAGE_MAGIC_NONE) {
- continue;
- }
- if (!boot_image_bootable(&b->hdr)) {
- continue;
- }
- rc = boot_image_check(&b->hdr, &b->loc);
- if (rc) {
- /*
- * Image fails integrity check. Erase it.
- */
- boot_erase_area(boot_req->br_slot_areas[i], b->area);
- } else {
- return i;
- }
- }
- }
- return 0;
-}
-
-static int
-boot_status_sz(void)
-{
- return sizeof(struct boot_img_trailer) + 32 * sizeof(uint32_t);
-}
-
-/*
- * How many sectors starting from sector[idx] can fit inside scratch.
- *
- */
-static uint32_t
-boot_copy_sz(int max_idx, int *cnt)
-{
- int i;
- uint32_t sz;
- static uint32_t scratch_sz = 0;
-
- if (!scratch_sz) {
- for (i = boot_req->br_scratch_area_idx;
- i < boot_req->br_num_image_areas;
- i++) {
- scratch_sz += boot_req->br_area_descs[i].fa_size;
- }
- }
- sz = 0;
- *cnt = 0;
- for (i = max_idx - 1; i >= 0; i--) {
- if (sz + boot_req->br_area_descs[i].fa_size > scratch_sz) {
- break;
- }
- sz += boot_req->br_area_descs[i].fa_size;
- *cnt = *cnt + 1;
- }
- return sz;
-}
-
-/**
- * Erase one area. The destination area must
- * be erased prior to this function being called.
- *
- * @param area_idx The index of the area.
- * @param sz The number of bytes to erase.
- *
- * @return 0 on success; nonzero on failure.
- */
-static int
-boot_erase_area(int area_idx, uint32_t sz)
-{
- const struct flash_area *area_desc;
- int rc;
-
- area_desc = boot_req->br_area_descs + area_idx;
- rc = hal_flash_erase(area_desc->fa_flash_id, area_desc->fa_off, sz);
- if (rc != 0) {
- return BOOT_EFLASH;
- }
- return 0;
-}
-
-/**
- * Copies the contents of one area to another. The destination area must
- * be erased prior to this function being called.
- *
- * @param from_area_idx The index of the source area.
- * @param to_area_idx The index of the destination area.
- * @param sz The number of bytes to move.
- *
- * @return 0 on success; nonzero on failure.
- */
-static int
-boot_copy_area(int from_area_idx, int to_area_idx, uint32_t sz)
-{
- const struct flash_area *from_area_desc;
- const struct flash_area *to_area_desc;
- uint32_t from_addr;
- uint32_t to_addr;
- uint32_t off;
- int chunk_sz;
- int rc;
-
- static uint8_t buf[1024];
-
- from_area_desc = boot_req->br_area_descs + from_area_idx;
- to_area_desc = boot_req->br_area_descs + to_area_idx;
-
- assert(to_area_desc->fa_size >= from_area_desc->fa_size);
-
- off = 0;
- while (off < sz) {
- if (sz - off > sizeof buf) {
- chunk_sz = sizeof buf;
- } else {
- chunk_sz = sz - off;
- }
-
- from_addr = from_area_desc->fa_off + off;
- rc = hal_flash_read(from_area_desc->fa_flash_id, from_addr, buf,
- chunk_sz);
- if (rc != 0) {
- return rc;
- }
-
- to_addr = to_area_desc->fa_off + off;
- rc = hal_flash_write(to_area_desc->fa_flash_id, to_addr, buf,
- chunk_sz);
- if (rc != 0) {
- return rc;
- }
-
- off += chunk_sz;
- }
-
- return 0;
-}
-
-/**
- * Swaps the contents of two flash areas belonging to images.
- *
- * @param area_idx The index of first slot to exchange. This area
- * must be part of the first image slot.
- * @param sz The number of bytes swap.
- *
- * @param end_area Boolean telling whether this includes this
- * area has last slots.
- *
- * @return 0 on success; nonzero on failure.
- */
-static int
-boot_swap_areas(int idx, uint32_t sz, int end_area)
-{
- int area_idx_1;
- int area_idx_2;
- int rc;
-
- area_idx_1 = boot_req->br_slot_areas[0] + idx;
- area_idx_2 = boot_req->br_slot_areas[1] + idx;
- assert(area_idx_1 != area_idx_2);
- assert(area_idx_1 != boot_req->br_scratch_area_idx);
- assert(area_idx_2 != boot_req->br_scratch_area_idx);
-
- if (boot_state.state == 0) {
- rc = boot_erase_area(boot_req->br_scratch_area_idx, sz);
- if (rc != 0) {
- return rc;
- }
-
- rc = boot_copy_area(area_idx_2, boot_req->br_scratch_area_idx, sz);
- if (rc != 0) {
- return rc;
- }
-
- boot_state.state = 1;
- (void)boot_write_status(&boot_state);
- }
- if (boot_state.state == 1) {
- rc = boot_erase_area(area_idx_2, sz);
- if (rc != 0) {
- return rc;
- }
-
- rc = boot_copy_area(area_idx_1, area_idx_2,
- end_area ? (sz - boot_status_sz()) : sz);
- if (rc != 0) {
- return rc;
- }
-
- boot_state.state = 2;
- (void)boot_write_status(&boot_state);
- }
- if (boot_state.state == 2) {
- rc = boot_erase_area(area_idx_1, sz);
- if (rc != 0) {
- return rc;
- }
-
- rc = boot_copy_area(boot_req->br_scratch_area_idx, area_idx_1, sz);
- if (rc != 0) {
- return rc;
- }
-
- boot_state.idx++;
- boot_state.state = 0;
- (void)boot_write_status(&boot_state);
- }
- return 0;
-}
-
-/**
- * Swaps the two images in flash. If a prior copy operation was interrupted
- * by a system reset, this function completes that operation.
- *
- * @return 0 on success; nonzero on failure.
- */
-static int
-boot_copy_image(void)
-{
- uint32_t sz;
- int i;
- int end_area = 1;
- int cnt;
- int cur_idx;
-
- for (i = boot_req->br_slot_areas[1], cur_idx = 0; i > 0; cur_idx++) {
- sz = boot_copy_sz(i, &cnt);
- i -= cnt;
- if (cur_idx >= boot_state.idx) {
- boot_swap_areas(i, sz, end_area);
- }
- end_area = 0;
- }
- boot_clear_status();
-
- return 0;
-}
-
-/**
- * Prepares the booting process. Based on the information provided in the
- * request object, this function moves images around in flash as appropriate,
- * and tells you what address to boot from.
- *
- * @param req Contains information about the flash layout.
- * @param rsp On success, indicates how booting should occur.
- *
- * @return 0 on success; nonzero on failure.
- */
-int
-boot_go(const struct boot_req *req, struct boot_rsp *rsp)
-{
- int slot;
- int rc;
-
- /* Set the global boot request object. The remainder of the boot process
- * will reference the global.
- */
- boot_req = req;
-
- /* Attempt to read an image header from each slot. */
- boot_image_info();
-
- /* Read the boot status to determine if an image copy operation was
- * interrupted (i.e., the system was reset before the boot loader could
- * finish its task last time).
- */
- if (boot_read_status(&boot_state)) {
- /* We are resuming an interrupted image copy. */
- rc = boot_copy_image();
- if (rc != 0) {
- /* We failed to put the images back together; there is really no
- * solution here.
- */
- return rc;
- }
- }
-
- /*
- * Check if we should initiate copy, or revert back to earlier image.
- *
- */
- slot = boot_select_image_slot();
- if (slot == -1) {
- return BOOT_EBADIMAGE;
- }
-
- if (slot) {
- boot_state.idx = 0;
- boot_state.state = 0;
- rc = boot_copy_image();
- if (rc) {
- return rc;
- }
- }
-
- /* Always boot from the primary slot. */
- rsp->br_flash_id = boot_img[0].loc.bil_flash_id;
- rsp->br_image_addr = boot_img[0].loc.bil_address;
- rsp->br_hdr = &boot_img[slot].hdr;
-
- return 0;
-}
-
-#define SPLIT_AREA_DESC_MAX (255)
-
-int
-split_go(int loader_slot, int split_slot, void **entry)
-{
- int rc;
- /** Areas representing the beginning of image slots. */
- uint8_t img_starts[2];
- struct flash_area *descs;
- uint32_t entry_val;
- struct boot_req req = {
- .br_slot_areas = img_starts,
- };
-
- descs = calloc(SPLIT_AREA_DESC_MAX, sizeof(struct flash_area));
- if (descs == NULL) {
- return SPLIT_GO_ERR;
- }
-
- req.br_area_descs = descs;
-
- rc = boot_build_request(&req, SPLIT_AREA_DESC_MAX);
- if (rc != 0) {
- rc = SPLIT_GO_ERR;
- goto split_app_go_end;
- }
-
- boot_req = &req;
-
- boot_image_info();
-
- /* Don't check the bootable image flag because we could really
- * call a bootable or non-bootable image. Just validate that
- * the image check passes which is distinct from the normal check */
- rc = split_image_check(&boot_img[split_slot].hdr,
- &boot_img[split_slot].loc,
- &boot_img[loader_slot].hdr,
- &boot_img[loader_slot].loc);
- if (rc != 0) {
- rc = SPLIT_GO_NON_MATCHING;
- goto split_app_go_end;
- }
-
- entry_val = (uint32_t) boot_img[split_slot].loc.bil_address +
- (uint32_t) boot_img[split_slot].hdr.ih_hdr_size;
- *entry = (void*) entry_val;
- rc = SPLIT_GO_OK;
-
-split_app_go_end:
- free(descs);
- return rc;
-}
http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/6a7432f4/libs/bootutil/test/pkg.yml
----------------------------------------------------------------------
diff --git a/libs/bootutil/test/pkg.yml b/libs/bootutil/test/pkg.yml
deleted file mode 100644
index 6f6718b..0000000
--- a/libs/bootutil/test/pkg.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-pkg.name: libs/bootutil/test
-pkg.type: unittest
-pkg.description: "Bootutil unit tests."
-pkg.author: "Apache Mynewt <de...@mynewt.incubator.apache.org>"
-pkg.homepage: "http://mynewt.apache.org/"
-pkg.keywords:
-
-pkg.deps:
- - libs/bootutil
- - libs/testutil
-
-pkg.deps.SELFTEST:
- - libs/console/stub