bootutil: Expose hardware security counter (2bc36d0f) · Commits · Wenxi XU / Mcuboot

boot/bootutil/include/bootutil/boot_status.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -119,6 +119,11 @@ extern "C" {
		#define BLINFO_MAX_APPLICATION_SIZE_IMAGE_2 0x07
		#define BLINFO_MAX_APPLICATION_SIZE_IMAGE_3 0x08
		#define BLINFO_MAX_APPLICATION_SIZE_IMAGE_4 0x09
		#define BLINFO_SECURITY_COUNTER_IMAGE_0 0x10
		#define BLINFO_SECURITY_COUNTER_IMAGE_1 0x11
		#define BLINFO_SECURITY_COUNTER_IMAGE_2 0x12
		#define BLINFO_SECURITY_COUNTER_IMAGE_3 0x13
		#define BLINFO_SECURITY_COUNTER_IMAGE_4 0x14

		enum mcuboot_mode {
		MCUBOOT_MODE_SINGLE_SLOT,

boot/bootutil/src/boot_record.c

+31 −1

Original line number	Diff line number	Diff line
		@@ -24,6 +24,9 @@

		#include "mcuboot_config/mcuboot_config.h"
		#include "bootutil/crypto/sha.h"
		#ifdef MCUBOOT_HW_ROLLBACK_PROT
		#include "bootutil/security_cnt.h"
		#endif

		#if defined(MCUBOOT_MEASURED_BOOT) \|\| defined(MCUBOOT_DATA_SHARING)
		#include "bootutil/boot_record.h"
		@@ -242,6 +245,10 @@ int boot_save_shared_data(const struct image_header *hdr, const struct flash_are
		int rc;
		#if !defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
		uint8_t image = 0;
		#ifdef MCUBOOT_HW_ROLLBACK_PROT
		uint32_t security_cnt;
		FIH_DECLARE(fih_rc, FIH_FAILURE);
		#endif
		#endif

		#if defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
		@@ -346,14 +353,37 @@ int boot_save_shared_data(const struct image_header *hdr, const struct flash_are
		}
		#endif

		#if !defined(MCUBOOT_SINGLE_APPLICATION_SLOT) && defined(MCUBOOT_HW_ROLLBACK_PROT)
		image = 0;
		while (image < BOOT_IMAGE_NUMBER && !rc) {
		FIH_CALL(boot_nv_security_counter_get, fih_rc, image, &security_cnt);
		if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
		/* Some platforms support only a single security counter. */
		continue;
		}

		rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
		BLINFO_SECURITY_COUNTER_IMAGE_0 + image,
		sizeof(security_cnt),
		(void *)&security_cnt);
		if (!rc) {
		break;
		}
		++image;
		}
		#endif /* !defined(MCUBOOT_SINGLE_APPLICATION_SLOT) && defined(MCUBOOT_HW_ROLLBACK_PROT) */

		#if !defined(MCUBOOT_SINGLE_APPLICATION_SLOT)
		image = 0;
		while (image < BOOT_IMAGE_NUMBER && !rc) {
		if (max_app_sizes[image].calculated == true) {
		rc = boot_add_data_to_shared_area(TLV_MAJOR_BLINFO,
		(BLINFO_MAX_APPLICATION_SIZE + image),
		sizeof(max_app_sizes[image].max_size),
		(void *)&max_app_sizes[image].max_size);

		if (!rc) {
		break;
		}
		}

		++image;

Admin message