boot: bootutil: image_validate: Add error on security counter fail (0c1950df) · Commits · Wenxi XU / Mcuboot

Adds an error log output showing the version of the image security counter and the monotonic counter value when the image has too low a count to be booted Note: This PR has been modified from the upstream commit due to a merge failure from other changes that are not being brought into Zephyr 3.7 Signed-off-by:

Jamie McCrae <jamie.mccrae@nordicsemi.no> (cherry picked from commit )

boot/bootutil/src/image_validate.c

+5 −0

Original line number	Diff line number	Diff line
		@@ -41,6 +41,9 @@
		#include "bootutil/fault_injection_hardening.h"

		#include "mcuboot_config/mcuboot_config.h"
		#include "bootutil/bootutil_log.h"

		BOOT_LOG_MODULE_DECLARE(mcuboot);

		#ifdef MCUBOOT_ENC_IMAGES
		#include "bootutil/enc_key.h"
		@@ -572,6 +575,8 @@ bootutil_img_validate(struct boot_loader_state *state,
		fih_rc = fih_ret_encode_zero_equality(img_security_cnt <
		(uint32_t)fih_int_decode(security_cnt));
		if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
		BOOT_LOG_ERR("Image security counter value %u lower than monotonic value %u",
		img_security_cnt, (uint32_t)fih_int_decode(security_cnt));
		FIH_SET(fih_rc, FIH_FAILURE);
		goto out;
		}

Admin message