doc: Fixed consistency of Mbed term (582367cf) · Commits · Wenxi XU / Mcuboot

boot/cypress/MCUBootApp/README.md

+4 −4

Original line number	Diff line number	Diff line
		@@ -26,7 +26,7 @@ Single-image mode.

		Size of slots `0x10000` - 64kb

		MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature verification and uses completely SW implementation of cryptographic functions based on mbedTLS Library.
		MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature verification and uses completely SW implementation of cryptographic functions based on Mbed TLS Library.

		Important: make sure primary, secondary slot and bootloader app sizes are appropriate and correspond to flash area size defined in Applications' linker files.

		@@ -35,7 +35,7 @@ Memory (stack) corruption of CM0p application can cause failure if SystemCall-se

		### Hardware cryptography acceleration

		Cypress PSOC6 MCU family supports hardware acceleration of cryptography based on mbedTLS Library via shim layer. Implementation of this layer is supplied as separate submodule `cy-mbedtls-acceleration`. HW acceleration of cryptography shortens boot time more then 4 times, comparing to software implementation (observation results).
		Cypress PSOC6 MCU family supports hardware acceleration of cryptography based on Mbed TLS Library via shim layer. Implementation of this layer is supplied as separate submodule `cy-mbedtls-acceleration`. HW acceleration of cryptography shortens boot time more then 4 times, comparing to software implementation (observation results).

		To enable hardware acceleration in `MCUBootApp` pass flag `USE_CRYPTO_HW=1` to `make` while build.

		@@ -131,7 +131,7 @@ There is a set assets required:
		* MCUBooot Library (root repository)
		* PSoC6 HAL Library
		* PSoC6 Peripheral Drivers Library (PDL)
		* mbedTLS Cryptographic Library
		* Mbed TLS Cryptographic Library

		To get submodules - run the following command:

		@@ -155,7 +155,7 @@ Root directory for build is boot/cypress.

		Encrypted Image Support

		To protect user image from unwanted read - Upgrade Image Encryption can be applied. The ECDH/HKDF with EC256 scheme is used in a given solution as well as mbedTLS as a crypto provider.
		To protect user image from unwanted read - Upgrade Image Encryption can be applied. The ECDH/HKDF with EC256 scheme is used in a given solution as well as Mbed TLS as a crypto provider.

		To enable image encryption support use `ENC_IMG=1` build flag (BlinkyApp should also be built with this flash set 1).

boot/cypress/README.md

+2 −2

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ The flash map is defined through sysflash.h and cy_flash_map.c.
		It is also possible to place secondary (upgrade) slots in external memory module. In this case primary slot can be doubled in size.
		For more details about External Memory usage, please refer to separate guiding document `MCUBootApp/ExternalMemory.md`.

		MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature verification and uses either completely software implementation of cryptographic functions or accelerated by hardware - both based on mbedTLS Library.
		MCUBootApp checks image integrity with SHA256, image authenticity with EC256 digital signature verification and uses either completely software implementation of cryptographic functions or accelerated by hardware - both based on Mbed TLS Library.

		### Downloading Solution's Assets

		@@ -37,7 +37,7 @@ There is a set assets required:

		* MCUBooot Library (root repository)
		* PSoC6 Peripheral Drivers Library (PDL)
		* mbedTLS Cryptographic Library
		* Mbed TLS Cryptographic Library

		Those are represented as submodules.

docs/PORTING.md

+6 −6

Original line number	Diff line number	Diff line
		@@ -14,7 +14,7 @@ This document describes the requirements and necessary steps required to port

		* `MCUboot` doesn't bundle a cryptographic library, which means the target
		OS must already have it bundled. The supported libraries at the moment are
		either `mbed TLS` or the set `tinycrypt` + `mbed TLS` (where `mbed TLS` is
		either `Mbed TLS` or the set `tinycrypt` + `Mbed TLS` (where `Mbed TLS` is
		used to provide functionality not existing in `tinycrypt`).

		# Steps to port
		@@ -170,21 +170,21 @@ int flash_area_id_to_multi_image_slot(int image_index, int area_id);

		Note: As of writing, it is possible that MCUboot will open a flash area multiple times simultaneously (through nested calls to `flash_area_open`). As a result, MCUboot may call `flash_area_close` on a flash area that is still opened by another part of MCUboot. As a workaround when porting, it may be necessary to implement a counter of the number of times a given flash area has been opened by MCUboot. The `flash_area_close` implementation should only fully deinitialize the underlying flash area when the open counter is decremented to 0. See [this GitHub PR](https://github.com/mcu-tools/mcuboot/pull/894/) for a more detailed discussion.

		## Memory management for mbed TLS
		## Memory management for Mbed TLS

		`mbed TLS` employs dynamic allocation of memory, making use of the pair
		`calloc/free`. If `mbed TLS` is to be used for crypto, your target RTOS
		`Mbed TLS` employs dynamic allocation of memory, making use of the pair
		`calloc/free`. If `Mbed TLS` is to be used for crypto, your target RTOS
		needs to provide this pair of function.

		To configure the what functions are called when allocating/deallocating
		memory `mbed TLS` uses the following call:
		memory `Mbed TLS` uses the following call:

		```
		int mbedtls_platform_set_calloc_free (void (calloc_func)(size_t, size_t),
		void (free_func)(void ));
		```

		For reference see [mbed TLS platform.h](https://tls.mbed.org/api/platform_8h.html).
		For reference see [Mbed TLS platform.h](https://tls.mbed.org/api/platform_8h.html).
		If your system already provides functions with compatible signatures, those can
		be used directly here, otherwise create new functions that glue to your
		`calloc/free` implementations.

docs/ecdsa.md

+2 −2

Original line number	Diff line number	Diff line
		@@ -4,7 +4,7 @@ When ECDSA SECP256R1 (EC256) signature support was added to MCUboot, a
		shortcut was taken, and these signatures were padded to make them
		always a fixed length. Unfortunately, this padding was done in a way
		that is not easily reversible. Some crypto libraries are fairly
		strict about the formatting of the ECDSA signature (specifically, mbed
		strict about the formatting of the ECDSA signature (specifically, Mbed
		TLS). This currently means that the ECDSA SECP224R1 (EC) signature
		checking code will fail to boot about 1 out of every 256 images,
		because the signature itself will end in a 0x00 byte, and the code
		@@ -43,7 +43,7 @@ period.
		without padding), and the existing EC implementation will begin
		accepting padded and unpadded signatures.

		- An mbed TLS implementation of EC256 can be added, but will require
		- An Mbed TLS implementation of EC256 can be added, but will require
		the `--no-pad-sig` signature to be able to boot all generated
		images (without the argument 3 of out 4 images generated will have
		padding, and be considered invalid).

docs/readme-espressif.md

+1 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ The current port is available for use in the following SoCs within the OSes:
		git submodule update --init --recursive --checkout boot/espressif/hal/esp-idf
		```

		3. Next, get the mbedtls submodule required by MCUboot.
		3. Next, get the Mbed TLS submodule required by MCUboot.
		```
		git submodule update --init --recursive ext/mbedtls
		```

Admin message