As part of ongoing work to move away from TinyCrypt and towards PSA
(#43712), introduce a PSA option and remove the TinyCrypt one for the
SHA-256 implementation.
The Mbed TLS implementation is modified to use `mbedtls_sha256`
directly for smaller code size.
The reliance of mgmt/updatehub on storage/flash_map's configuration
(`FLASH_AREA_CHECK_INTEGRITY_BACKEND`) is removed.
The choice of which implementation to use is made automatically,
based on whether a PSA API provider is present (`PSA_CRYPTO_CLIENT`).
This commit also add a test case with PSA (based on Mbed TLS)
in samples/subsys/mgmt/updatehub/sample.yaml.
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Namespaced the generated headers with `zephyr` to prevent
potential conflict with other headers.
Introduce a temporary Kconfig `LEGACY_GENERATED_INCLUDE_PATH`
that is enabled by default. This allows the developers to
continue the use of the old include paths for the time being
until it is deprecated and eventually removed. The Kconfig will
generate a build-time warning message, similar to the
`CONFIG_TIMER_RANDOM_GENERATOR`.
Updated the includes path of in-tree sources accordingly.
Most of the changes here are scripted, check the PR for more
info.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
After the changes introduced by #50816 the UpdateHub could not decode
anymore the JSON object. This introduce missing parsing definitions
to allow JSON parser undertood the correct UpdateHub probe object.
Fixes#69297
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The library should be using internal socket API functions
so that we do not need to depend on POSIX_API.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
Move the syscall_handler.h header, used internally only to a dedicated
internal folder that should not be used outside of Zephyr.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This adds a few line use zephyr_syscall_header() to include
headers containing syscall function prototypes.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Changes Kconfig symbols to depend on symbols rather than selecting
them, this avoids a cmake dependency loop.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The updatehub shell cmd_info allocate memory but not checks function
return. This add missing checks and proper error handle.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The current updatehub version forces user application to run in kernel
mode. This add necessary api syscalls to isolate userspace from kernel.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
This add storage abstraction to allow switch between different flash
APIs. This remove the erase command at updatehub core and move it to
storage init phase.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently MCUboot and system reset are invoked directly in the sample
applicatiion. This introduce 2 new methods to isolate system from
application.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Move header includes to source file. Currently firmware source files
have a hardcode partition identificator. This moves identificators
to updatehub core.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The TinyCrypt is the current library used by UpdateHub to perform
SHA-256 integrity check. This refactor code and add support to
mbedTLS library. It changes default library to mbedTLS to use
hardware accelerator when available.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The commit switches flash area access from FLASH_AREA_ macros
to FIXED_PARTITION_ macros and to usage of DTS node labels,
to identify partitions, instead of label property.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
We noticed that in the master branch, updatehub fails to start.
That is because of the behaviour change in bin2hex caused by
commit f2affbd ("os: lib: bin2hex: fix memory overwrite").
Fixes: f2affbd973 ("os: lib: bin2hex: fix memory overwrite")
Signed-off-by: Yudong Zhang <mtwget@gmail.com>
Logging v1 has been removed and log_strdup wrapper function is no
longer needed. Removing the function and its use in the tree.
Signed-off-by: Krzysztof Chruscinski <krzysztof.chruscinski@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The #36758 fixes coap_packet_get_payload function by normalizing
offset value in the library. That change create a regression on
UpdateHub. However, the UpdateHub can now use coap_packet_get_payload
function instead manually compute payload start and payload size.
This refactors the current code in favor of coap_packet_get_payload
and fixes the regression.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Reboot functionality has nothing to do with PM, so move it out to the
subsys/os folder.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Replace all existing deprecated API with the recommended alternative.
Fixes: #34101
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
hwinfo_get_define_id returns and ssize_t. Positive value with the
size of the copied id in success or a negative value in case
of error.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This patch replaces magic numbers with COAP_TOKEN_MAX_LEN value and
removes unnecessary castings of token buffer type.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
RFC 7252 (CoAP) specifies value of the Version (Ver) field in the
protocol header to value 1. This patch defines value of the Version
field to make packet initialization easier. All samples and tests
are updated to use the new COAP_VERSION_1 field when initializing
a CoAP packet.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
CoAP protocol defines registry of Content-Format option values.
This patch adds this enumeration to coap header file to make it
available to all applications using CoAP protocol. It modifies
code using CoAP service to use new enumeration.
Signed-off-by: Hubert Miś <hubert.mis@nordicsemi.no>
Remove NET_CONFIG_SETTINGS Kconfig option. The net settings should
be enabled from now at project config or at any overlay. This is
necessary to allow better control when application should start.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Current logs only prints default logs level. Add LOG_LEVEL at updatehub
to switch to another variation based on CONFIG_UPDATEHUB_LOG_LEVEL.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Put everything inside an if, we should not see anything related to
updatehub in generated .config if it is not enabled.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Currently updatehub trust on MCUboot to test a new image. The process
is executed on next boot after a validate the downloaded image. To
have a more reliable system, is recommended run the SHA-256 algorithm
to attest that firmware was properly stored on the flash memory. This
implements the use of flash_img_check to achieve that, and as a
consequence, add a new level of trust that avoids an useless reboot
on the system.
Updatehub uses two SHA-256 verification. One is used to check the
data stream at download. The second one, realise the verification
reading from flash. Users have the possibility to chose only one
option or keep both verifications. However, it is adviced keep
always both verifications enabled to get consistent reports on
back end.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently SHA-256 uses a temporary hash digest to calc final sha sum.
This moves temporary variable from local scope to updatehub context.
The motivation is to use the hash digest on future flash validation.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
There are several references to objects[1] at updatehub_probe function.
The structures are decoded from json, and have a maximum length of 2.
However, if the returned json only has a single element in this array,
this objects[1] value will be uninitialized. Because the structure
contains pointers, these will be uninitialized, causing the code to
reference uninitialized memory as pointers.
Add zeroing memory before passing it to the JSON API and do check if
objects_len field is two.
Fixes#27718.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Zephyr introduced subsys/mgmt folder for MCU management. Move UpdateHub
to this newly and dedicated space.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
