riot-ci/RIOT
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #15110 from bergzand/pr/suit/storage_backend

Browse Source 
SUIT: Introduction of a payload storage API for SUIT manifest payloads
This commit is contained in:
Kaspar Schleiser 2020-09-30 22:47:33 +02:00 committed by GitHub
commit 3cf082d59b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 1732 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Makefile.dep
View File

@ -1049,6 +1049,10 @@ ifneq (,$(filter suit_transport_coap, $(USEMODULE)))
USEMODULE += nanocoap
endif
ifneq (,$(filter suit_storage_%, $(USEMODULE)))
USEMODULE += suit_storage
endif
ifneq (,$(filter suit_%,$(USEMODULE)))
USEMODULE += suit
endif

15
dist/tools/suit/gen_manifest.py vendored
View File

@ -51,28 +51,31 @@ def main(args):
images = []
for filename_offset in args.slotfiles:
split = filename_offset.split(":")
comp_name = ["00"]
split = filename_offset.split(":", maxsplit=2)
if len(split) == 1:
filename, offset = split[0], 0
else:
elif len(split) == 2:
filename, offset = split[0], str2int(split[1])
else:
filename, offset, comp_name = split[0], str2int(split[1]), split[2].split(":")
images.append((filename, offset))
images.append((filename, offset, comp_name))
template["components"] = []
for slot, image in enumerate(images):
filename, offset = image
filename, offset, comp_name = image
uri = os.path.join(args.urlroot, os.path.basename(filename))
component = {
"install-id": ["00"],
"install-id": comp_name,
"vendor-id": uuid_vendor.hex,
"class-id": uuid_class.hex,
"file": filename,
"uri": uri,
"bootable": True,
"bootable": False,
}
if offset:

2
examples/suit_update/Makefile
View File

@ -46,7 +46,7 @@ QUIET ?= 1
#
USEMODULE += nanocoap_sock sock_util
USEMODULE += suit suit_transport_coap
USEMODULE += suit suit_transport_coap suit_storage_flashwrite
# Display a progress bar during firmware download
USEMODULE += progress_bar

1
makefiles/pseudomodules.inc.mk
View File

@ -119,6 +119,7 @@ PSEUDOMODULES += stdio_uart_rx
PSEUDOMODULES += stm32_eth
PSEUDOMODULES += stm32_eth_link_up
PSEUDOMODULES += suit_transport_%
PSEUDOMODULES += suit_storage_%
PSEUDOMODULES += wakaama_objects_%
PSEUDOMODULES += wifi_enterprise
PSEUDOMODULES += xtimer_on_ztimer

8
sys/include/riotboot/flashwrite.h
View File

@ -132,6 +132,14 @@ static inline int riotboot_flashwrite_init(riotboot_flashwrite_t *state,
*/
int riotboot_flashwrite_putbytes(riotboot_flashwrite_t *state,
const uint8_t *bytes, size_t len, bool more);
/**
* @brief Force flush the buffer onto the flash
*
* @param[in,out] state ptr to previously used update state
*
* @returns 0 on success, <0 otherwise
*/
int riotboot_flashwrite_flush(riotboot_flashwrite_t *state);
/**
* @brief Finish a firmware update (raw version)

21
sys/include/riotboot/slot.h
View File

@ -104,6 +104,27 @@ size_t riotboot_slot_offset(unsigned slot);
*/
void riotboot_slot_dump_addrs(void);
/**
* @brief Get the size of a slot
*
* @param[in] slot slot nr to get the size from
*
* @returns The slot size in bytes
*/
static inline size_t riotboot_slot_size(unsigned slot)
{
switch(slot) {
case 0:
return SLOT0_LEN;
#if NUM_SLOTS==2
case 1:
return SLOT1_LEN;
#endif
default:
return 0;
}
}
/**
* @brief Number of configured firmware slots (incl. bootloader slot)
*/

38
sys/include/suit.h
View File

@ -36,7 +36,6 @@
#include "cose/sign.h"
#include "nanocbor/nanocbor.h"
#include "uuid.h"
#include "riotboot/flashwrite.h"
#ifdef __cplusplus
extern "C" {
@ -56,6 +55,13 @@ extern "C" {
#define CONFIG_SUIT_COMPONENT_MAX (1U)
#endif
/**
* @brief Maximum name of component, includes separator
*/
#ifndef CONFIG_SUIT_COMPONENT_MAX_NAME_LEN
#define CONFIG_SUIT_COMPONENT_MAX_NAME_LEN (32U)
#endif
/**
* @brief Current SUIT serialization format version
*
@ -100,6 +106,10 @@ typedef enum {
SUIT_ERR_SIGNATURE = -6, /**< Unable to verify signature */
SUIT_ERR_DIGEST_MISMATCH = -7, /**< Digest mismatch with COSE and SUIT */
SUIT_ERR_POLICY_FORBIDDEN = -8, /**< Denied because of policy mismatch */
SUIT_ERR_NO_MEM = -9, /**< Out of memory condition */
SUIT_ERR_STORAGE = -50, /**< Backend returned an error */
SUIT_ERR_STORAGE_EXCEEDED = -51, /**< Backend out of space */
SUIT_ERR_STORAGE_UNAVAILABLE = -52, /**< Backend location not available */
} suit_error_t;
/**
@ -189,12 +199,20 @@ typedef struct {
#define SUIT_COMPONENT_STATE_FINALIZED (1 << 3) /**< Component successfully installed */
/** @} */
/**
* @brief Forward declaration for storage struct
*
* Breaks a dependency chain
*/
typedef struct suit_storage suit_storage_ref_t;
/**
* @brief SUIT component struct as decoded from the manifest
*
* The parameters are references to CBOR-encoded information in the manifest.
*/
typedef struct {
suit_storage_ref_t *storage_backend; /**< Storage backend used */
uint16_t state; /**< Component status flags */
suit_param_ref_t identifier; /**< Component identifier */
suit_param_ref_t param_vendor_id; /**< Vendor ID */
@ -223,14 +241,12 @@ typedef struct {
suit_component_t components[CONFIG_SUIT_COMPONENT_MAX];
unsigned components_len; /**< Current number of components */
uint8_t component_current; /**< Current component index */
riotboot_flashwrite_t *writer; /**< Pointer to the riotboot flash writer */
/** Manifest validation buffer */
uint8_t validation_buf[SUIT_COSE_BUF_SIZE];
char *urlbuf; /**< Buffer containing the manifest url */
size_t urlbuf_len; /**< Length of the manifest url */
} suit_manifest_t;
/**
* @brief Component index representing all components
*
@ -296,6 +312,18 @@ static inline bool suit_component_check_flag(suit_component_t *component,
return (component->state & flag);
}
/**
* @brief Convert a component name to a string
*
* Each component part is prefixed with @p separator
*
* @return SUIT_OK if successful
* @return negative error code on error
*/
int suit_component_name_to_string(const suit_manifest_t *manifest,
const suit_component_t *component,
char separator, char *buf, size_t buf_len);
/**
* @brief Helper function for writing bytes on flash a specified offset
*
@ -308,8 +336,8 @@ static inline bool suit_component_check_flag(suit_component_t *component,
* @return 0 on success
* @return <0 on error
*/
int suit_flashwrite_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
int more);
int suit_storage_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
int more);
#ifdef __cplusplus
}

8
sys/include/suit/handlers.h
View File

@ -207,8 +207,8 @@ int suit_handle_manifest_structure_bstr(suit_manifest_t *manifest,
* @returns The offset of the nanocbor value inside the manifest
* bytestring
*/
uint16_t suit_param_ref_to_cbor(suit_manifest_t *manifest,
suit_param_ref_t *ref,
uint16_t suit_param_ref_to_cbor(const suit_manifest_t *manifest,
const suit_param_ref_t *ref,
nanocbor_value_t *val);
/**
@ -219,9 +219,9 @@ uint16_t suit_param_ref_to_cbor(suit_manifest_t *manifest,
* @param ref reference to parse
* @param val NanoCBOR value to restore
*/
void suit_param_cbor_to_ref(suit_manifest_t *manifest,
void suit_param_cbor_to_ref(const suit_manifest_t *manifest,
suit_param_ref_t *ref,
nanocbor_value_t *val);
const nanocbor_value_t *val);
#ifdef __cplusplus
}

615
sys/include/suit/storage.h Normal file
View File

@ -0,0 +1,615 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @defgroup sys_suit_storage SUIT secure firmware OTA upgrade storage
* infrastructure
* @ingroup sys_suit
* @brief SUIT firmware storage backends
*
* @{
*
* @brief Storage backend functions for SUIT manifests
* @author Koen Zandberg <koen@bergzand.net>
*
* The interface defined here specifies a generic API for SUIT OTA storage
* backends.
*
* The driver allows for creating multiple backends, each possibly servicing
* multiple locations. An example of this is a VFS storage backend. This backend
* could service multiple file locations on a filesystem.
*
* A SUIT component ID is formatted as an array of bytestrings. To make it easy
* to match and use a string, the location is supplied as string, each component
* separated by a separator provided in the driver. If no separator (`\0`) is
* set, the components are concatenated without separator. The @ref
* suit_storage_driver_t::set_active_location must be called before starting
* operations on the backend.
*
* A write sequence by the caller must start with @ref
* suit_storage_driver_t::start. The total length of the image is supplied to
* allow the backend to check if the payload fits in the available space. The
* payload data can be supplied piecewise with multiple calls to @ref
* suit_storage_driver_t::write. The caller is free to specify the offset, but
* the backend may enforce strict monotonicity on the offset and may enforce the
* gapless writes. After all bytes are supplied, the @ref
* suit_storage_driver_t::finish function must be called to signal the end of
* the write stage.
*
* Only when the @ref suit_storage_driver_t::install is called, the payload must
* be marked as valid. The mechanism for this can be backend specific. However
* in the case of a firmware image, it must not be bootable before this function
* is called. Similarly, a file payload must not be available at its provided
* path until after this function is called. The reason behind this is that the
* payload often must first be stored on the device before the image_match is
* called by the manifest.
*
* The other option is that the @ref suit_storage_driver_t::erase is called. In
* this case the not-yet-installed payload must be erased again as its contents
* might not be what is expected by the digest in the manifest. The payload must
* then be removed to prevent the possibility of storing malicious code on the
* device.
*
* A form of read access must be implemented to provide a way to read back the
* data and check the digest of the payload. @ref suit_storage_driver_t::read
* must be implemented, providing piecewise reading of the data. @ref
* suit_storage_driver_t::read_ptr is optional to implement, it can provide
* direct read access on memory-mapped storage.
*
* As the storage backend provides a mechanism to store persistent data,
* functions are added to set and retrieve the manifest sequence number. While
* not strictly required to implement, a firmware without a mechanism to
* retrieve and store sequence numbers will always fail to update.
*
* The @ref suit_storage_driver_t::match_offset function allows the manifest
* handler to check the component-offset condition against a storage backend.
*
* The usual call sequence by a manifest handler is:
*
* 1. @ref suit_storage_driver_t::init as on-boot initialization.
* 2. @ref suit_storage_driver_t::get_seq_no to determine if the manifest is
* not replayed.
* 3. @ref suit_storage_driver_t::has_location to determine if the backend
* handles the payload in the manifest.
* 4. @ref suit_storage_driver_t::set_active_location to set the active
* location for the payload.
* 5. @ref suit_storage_driver_t::start to start a payload write sequence.
* 6. At least one @ref suit_storage_driver_t::write calls to write the payload
* data.
* 7. @ref suit_storage_driver_t::finish to mark the end of the payload write.
* 8. @ref suit_storage_driver_t::read or @ref suit_storage_driver_t::read_ptr
* to read back the written payload. This to verify the digest of the
* payload with what is provided in the manifest.
* 9. @ref suit_storage_driver_t::install if the digest matches with what is
* expected and the payload can be installed or marked as valid, or:
* 10. @ref suit_storage_driver_t::erase if the digest does not match with what
* is expected and must be erased.
* 11. ref suit_storage_driver_t::set_seq_no to update the sequence number
* stored in the backend.
*
* @warning This API is by design not thread safe
*/
#ifndef SUIT_STORAGE_H
#define SUIT_STORAGE_H
#include "suit.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Forward declaration for storage struct
*/
typedef struct suit_storage suit_storage_t;
/**
* @brief SUIT storage backend driver struct
*/
typedef struct suit_storage_driver {
/**
* @brief One-time initialization function. Called at boot.
*
* @param[in] storage Storage context
*/
int (*init)(suit_storage_t *storage);
/**
* @brief Start a new payload write sequence
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
* @param[in] len Total size of the payload in bytes
*
* @returns @ref SUIT_OK on successfully starting the write
* @returns @ref suit_error_t on error
*/
int (*start)(suit_storage_t *storage, const suit_manifest_t *manifest,
size_t len);
/**
* @brief Write a new chunk of the payload to the storage backend
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
* @param[in] buf Buffer to read the payload chunk from
* @param[in] offset Offset to write at
* @param[in] len Length of the payload chunk
*
* @returns @ref SUIT_OK on successfully writing the chunk
* @returns @ref suit_error_t on error
*/
int (*write)(suit_storage_t *storage, const suit_manifest_t *manifest, const
uint8_t *buf, size_t offset, size_t len);
/**
* @brief Signal that the payload write stage done to the storage backend
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
*
* @returns @ref SUIT_OK on successfully finalizing the write
* @returns @ref suit_error_t on error
*/
int (*finish)(suit_storage_t *storage, const suit_manifest_t *manifest);
/**
* @brief Read a chunk of previously written data back.
*
* @param[in] storage Storage context
* @param[out] buf Buffer to write the read data in
* @param[in] offset Offset to read from
* @param[in] len Number of bytes to read
*
* @returns @ref SUIT_OK on successfully reading the chunk
* @returns @ref suit_error_t on error
*/
int (*read)(suit_storage_t *storage, uint8_t *buf, size_t offset,
size_t len);
/**
* @brief retrieve a direct read pointer for this storage backend
*
* @note Optional to implement
*
* @param[in] storage Storage context
* @param[out] buf Pointer to the location data
* @param[out] len Full length of the location data
*
* @returns @ref SUIT_OK on successfully providing the region
* @returns @ref suit_error_t on error
*/
int (*read_ptr)(suit_storage_t *storage,
const uint8_t **buf, size_t *len);
/**
* @brief Install the payload or mark the payload as valid
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
*
* @returns @ref SUIT_OK on successfully installing the payload
* @returns @ref suit_error_t on error
*/
int (*install)(suit_storage_t *storage, const suit_manifest_t *manifest);
/**
* @brief Erase the previously loaded payload
*
* @param[in] storage Storage context
*
* @returns @ref SUIT_OK on successfully erasing the data
* @returns @ref suit_error_t on error
*/
int (*erase)(suit_storage_t *storage);
/**
* @brief Check if this storage backend services a location
*
* @param[in] storage Storage context
* @param[in] location Location to check
*
* @returns True if this storage driver must be used for the
* supplied location
*/
bool (*has_location)(const suit_storage_t *storage, const char *location);
/**
* @brief Checks if the supplied offset is true or false for the current
* location
*
* @note Optional to implement, should not be implemented if the backend
* doesn't support the image_offset
*
* @param[in] storage Storage context
* @param[in] offset Offset to check
*
* @returns True if the location matches the offset,
* @returns False otherwise
*/
bool (*match_offset)(const suit_storage_t *storage, size_t offset);
/**
* @brief Set the active location of the storage handler
*
* A storage backend can handle multiple locations, e.g. a VFS backend
* targeting multiple files on a filesystem, setting the location selects
* the target location for writes or reads.
*
* @note Must be idempotent
*
* @param[in] storage Storage backend context
* @param[in] location The location supplied as string with components
* separated by the
* @ref suit_storage_driver_t::separator
*
* @returns SUIT_OK on success
* @returns SUIT_ERR_STORAGE_UNAVAILABLE if the location is not
* available.
*/
int (*set_active_location)(suit_storage_t *storage, const char *location);
/**
* @brief Retrieve the sequence number from the storage backend
*
* @note The sequence number must be global to the storage context, it must
* not depend on the location
*
* @param[in] storage Storage context
* @param[out] seq_no Retrieved sequence number
*
* @returns SUIT_OK on success
* @returns @ref suit_error_t if the sequence number can't be retrieved
*/
int (*get_seq_no)(const suit_storage_t *storage, uint32_t *seq_no);
/**
* @brief Set a new sequence number in the storage backend.
*
* @param[in] storage Storage context
* @param[in] seq_no Sequence number to store
*
* @returns SUIT_OK on success
* @returns @ref suit_error_t if the sequence number can't be stored.
*/
int (*set_seq_no)(suit_storage_t *storage, uint32_t seq_no);
/**
* @brief Component ID separator used by this storage driver.
*/
char separator;
} suit_storage_driver_t;
/**
* @brief Generic storage backend state.
*/
struct suit_storage {
const suit_storage_driver_t *driver; /**< Storage driver functions */
};
/**
* @brief retrieve a storage backend based on the location ID string
*
* @param[in] id ID string to match
*
* @returns The first storage driver that handles this ID
* @returns NULL if none of the storage drivers is able to handle this ID.
*/
suit_storage_t *suit_storage_find_by_id(const char *id);
/**
* @brief retrieve a storage backend based on the suit component
*
* @param[in] manifest SUIT manifest context
* @param[in] component Component to find a storage backend for
*
* @returns The first storage driver that handles this component
* @returns NULL if none of the storage drivers is able to handle this
* component.
*/
suit_storage_t *suit_storage_find_by_component(const suit_manifest_t *manifest,
const suit_component_t *component);
/**
* @brief initialize all storage backends
*/
void suit_storage_init_all(void);
/**
* @brief Get the highest sequence number among available backends
*
* @param[out] seq_no Retrieved sequence number
*
* @returns suit_ok if at least one sequence number is retrieved
* @returns @ref suit_error_t on error
*/
int suit_storage_get_highest_seq_no(uint32_t *seq_no);
/**
* @brief Set the new sequence number on all available backends
*
* @param[in] seq_no Sequence number to store
*
* @returns @ref SUIT_OK on successfully storing the sequence number on at
* least one backend
* @returns @ref suit_error_t on error
*/
int suit_storage_set_seq_no_all(uint32_t seq_no);
/**
* @name Storage driver helper functions
*
* For easy access to the @ref suit_storage_driver_t functions.
* @{
*/
/**
* @brief get the separator for a storage backend
*
* @param[in] storage Storage context
*
* @returns The separator char
*/
static inline char suit_storage_get_separator(const suit_storage_t *storage)
{
return storage->driver->separator;
}
/**
* @brief Check if the storage backend implements the @ref
* suit_storage_driver_t::read_ptr function
*
* @param[in] storage Storage context
*
* @returns True if the function is implemented,
* @returns False otherwise
*/
static inline bool suit_storage_has_readptr(const suit_storage_t *storage)
{
return (storage->driver->read_ptr);
}
/**
* @brief Check if the storage backend implements the @ref
* suit_storage_driver_t::match_offset function
*
* @param[in] storage Storage context
*
* @returns True if the function is implemented,
* @returns False otherwise
*/
static inline bool suit_storage_has_offset(const suit_storage_t *storage)
{
return (storage->driver->match_offset);
}
/**
* @brief One-time initialization function. Called at boot.
*
* @param[in] storage Storage context
*/
static inline int suit_storage_init(suit_storage_t *storage)
{
return storage->driver->init(storage);
}
/**
* @brief Start a new payload write sequence
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
* @param[in] len Total size of the payload in bytes
*
* @returns @ref SUIT_OK on successfully starting the write
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_start(suit_storage_t *storage,
const suit_manifest_t *manifest,
size_t len)
{
return storage->driver->start(storage, manifest, len);
}
/**
* @brief Write a new chunk of the payload to the storage backend
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
* @param[in] buf Buffer to read the payload chunk from
* @param[in] offset Offset to write at
* @param[in] len Length of the payload chunk
*
* @returns @ref SUIT_OK on successfully writing the chunk
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_write(suit_storage_t *storage,
const suit_manifest_t *manifest,
const uint8_t *buf, size_t offset,
size_t len)
{
return storage->driver->write(storage, manifest, buf, offset, len);
}
/**
* @brief Signal that the payload write stage done to the storage backend
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
*
* @returns @ref SUIT_OK on successfully finalizing the write
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_finish(suit_storage_t *storage,
const suit_manifest_t *manifest)
{
return storage->driver->finish(storage, manifest);
}
/**
* @brief Read a chunk of previously written data back.
*
* @param[in] storage Storage context
* @param[out] buf Buffer to write the read data in
* @param[in] offset Offset to read from
* @param[in] len Number of bytes to read
*
* @returns @ref SUIT_OK on successfully reading the chunk
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_read(suit_storage_t *storage, uint8_t *buf,
size_t offset, size_t len)
{
return storage->driver->read(storage, buf, offset, len);
}
/**
* @brief retrieve a direct read pointer for this storage backend
*
* @note Optional to implement
*
* @param[in] storage Storage context
* @param[out] buf Pointer to the location data
* @param[out] len Full length of the location data
*
* @returns @ref SUIT_OK on successfully providing the region
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_read_ptr(suit_storage_t *storage, const uint8_t
**buf, size_t *len)
{
return storage->driver->read_ptr(storage, buf, len);
}
/**
* @brief Install the payload or mark the payload as valid
*
* @param[in] storage Storage context
* @param[in] manifest The suit manifest context
*
* @returns @ref SUIT_OK on successfully installing the payload
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_install(suit_storage_t *storage,
const suit_manifest_t *manifest)
{
return storage->driver->install(storage, manifest);
}
/**
* @brief Erase the previously loaded payload
*
* @param[in] storage Storage context
*
* @returns @ref SUIT_OK on successfully erasing the data
* @returns @ref suit_error_t on error
*/
static inline int suit_storage_erase(suit_storage_t *storage)
{
return storage->driver->erase(storage);
}
/**
* @brief Check if this storage backend services a location
*
* @param[in] storage Storage context
* @param[in] location Location to check
*
* @returns True if this storage driver must be used for the
* supplied location
*/
static inline bool suit_storage_has_location(suit_storage_t *storage,
const char *location)
{
return storage->driver->has_location(storage, location);
}
/**
* @brief Checks if the supplied offset is true or false for the current
* location
*
* @note Optional to implement, should not be implemented if the backend
* doesn't support the image_offset
*
* @param[in] storage Storage context
* @param[in] offset Offset to check
*
* @returns True if the location matches the offset,
* @returns False otherwise
*/
static inline int suit_storage_match_offset(const suit_storage_t *storage,
size_t offset)
{
return storage->driver->match_offset(storage, offset);
}
/**
* @brief Set the active location of the storage handler
*
* A storage backend can handle multiple locations, e.g. a VFS backend
* targeting multiple files on a filesystem, setting the location selects
* the target location for writes or reads.
*
* @note Must be idempotent
*
* @param[in] storage Storage backend context
* @param[in] location The location supplied as string with components
* separated by the
* @ref suit_storage_driver_t::separator
*
* @returns SUIT_OK on success
* @returns SUIT_ERR_STORAGE_UNAVAILABLE if the location is not
* available.
*/
static inline int suit_storage_set_active_location(suit_storage_t *storage,
const char *location)
{
return storage->driver->set_active_location(storage, location);
}
/**
* @brief Retrieve the sequence number from the storage backend
*
* @note The sequence number must be global to the storage context, it must
* not depend on the location
*
* @param[in] storage Storage context
* @param[out] seq_no Retrieved sequence number
*
* @returns SUIT_OK on success
* @returns @ref suit_error_t if the sequence number can't be retrieved
*/
static inline int suit_storage_get_seq_no(const suit_storage_t *storage,
uint32_t *seq_no)
{
return storage->driver->get_seq_no(storage, seq_no);
}
/**
* @brief Set a new sequence number in the storage backend.
*
* @param[in] storage Storage context
* @param[in] seq_no Sequence number to store
*
* @returns SUIT_OK on success
* @returns @ref suit_error_t if the sequence number can't be stored.
*/
static inline int suit_storage_set_seq_no(suit_storage_t *storage,
uint32_t seq_no)
{
return storage->driver->set_seq_no(storage, seq_no);
}
/** @} */
#ifdef __cplusplus
}
#endif
#endif /* SUIT_STORAGE_H */
/** @} */

43
sys/include/suit/storage/flashwrite.h Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @defgroup sys_suit_storage_flashwrite riotboot flashwrite storage backend
* @ingroup sys_suit_storage
* @brief SUIT riotboot firmware storage backend
*
* @{
*
* @brief riotboot Flashwrite storage backend functions for SUIT manifests
* @author Koen Zandberg <koen@bergzand.net>
*/
#ifndef SUIT_STORAGE_FLASHWRITE_H
#define SUIT_STORAGE_FLASHWRITE_H
#include "suit.h"
#include "riotboot/flashwrite.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief riotboot flashwrite SUIT storage context
*/
typedef struct {
suit_storage_t storage; /**< parent struct */
riotboot_flashwrite_t writer; /**< Riotboot flashwriter */
} suit_storage_flashwrite_t;
#ifdef __cplusplus
}
#endif
#endif /* SUIT_STORAGE_FLASHWRITE_H */
/** @} */

89
sys/include/suit/storage/ram.h Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @defgroup sys_suit_storage_ram ram storage backend
* @ingroup sys_suit_storage
* @brief RAM blob SUIT payload storage backends
*
* @{
*
* @brief RAM-based storage backend for SUIT OTA updates
* @author Koen Zandberg <koen@bergzand.net>
*
* This module implements a RAM-backed storage interface for SUIT. The main
* purpose is mock testing the SUIT implementation, however the interface could
* also be used for to target backup ram storage by changing @ref
* CONFIG_SUIT_STORAGE_RAM_SIZE to store it in backup ram.
*
* The module uses a .ram.### structure where the number indicates the index of
* the memory region being targeted.
*
* @warning The install function is implemented as a noop. There is no
* distinction between valid content and not yet invalidated content.
*/
#ifndef SUIT_STORAGE_RAM_H
#define SUIT_STORAGE_RAM_H
#include <stdint.h>
#include "suit.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Size of each memory region
*/
#ifndef CONFIG_SUIT_STORAGE_RAM_SIZE
#define CONFIG_SUIT_STORAGE_RAM_SIZE (64U)
#endif
/**
* @brief Number of allocated regions
*/
#ifndef CONFIG_SUIT_STORAGE_RAM_REGIONS
#define CONFIG_SUIT_STORAGE_RAM_REGIONS (2U)
#endif
/**
* @brief Extra attributes for allocating the RAM struct
*/
#ifndef CONFIG_SUIT_STORAGE_RAM_ATTR
#define CONFIG_SUIT_STORAGE_RAM_ATTR
#endif
/**
* @brief Single in-memory storage region
*/
typedef struct {
size_t occupied; /**< Region space filled */
uint8_t mem[CONFIG_SUIT_STORAGE_RAM_SIZE]; /**< RAM area */
} suit_storage_ram_region_t;
/**
* @brief memory storage state
*/
typedef struct CONFIG_SUIT_STORAGE_RAM_ATTR {
suit_storage_t storage; /**< parent struct */
/**
* @brief ram storage regions
*/
suit_storage_ram_region_t regions[CONFIG_SUIT_STORAGE_RAM_REGIONS];
size_t active_region; /**< Active region to write to */
uint32_t sequence_no; /**< Ephemeral sequence number */
} suit_storage_ram_t;
#ifdef __cplusplus
}
#endif
#endif /* SUIT_STORAGE_RAM_H */
/** @} */

61
sys/include/suit/transport/mock.h Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @defgroup sys_suit_transport_mock SUIT secure firmware OTA mock transport
* @ingroup sys_suit
* @brief SUIT firmware mock transport
*
* @{
*
* @brief Mock transport backend definitions for SUIT manifests
* @author Koen Zandberg <koen@bergzand.net>
*
* The mock transport is a noop transport. Payloads are preloaded in flash and
* provided as an array of @ref suit_transport_mock_payload_t to the module.
*
* Both the array of payloads named `payloads` and the size with name
* `num_payloads` must be provided.
*/
#ifndef SUIT_TRANSPORT_MOCK_H
#define SUIT_TRANSPORT_MOCK_H
#include "suit.h"
#ifdef __cplusplus
extern "C" {
#endif
/**
* @brief Mock payload.
*/
typedef struct {
const uint8_t *buf; /**< Ptr to the memory space containing the payload */
size_t len; /**< Length of the payload in bytes */
} suit_transport_mock_payload_t;
/**
* @brief 'fetch' a payload
*
* The payload fetched from the payloads array is indicated by the @ref
* suit_manifest_t::component_current member
*
* @param[in] manifest suit manifest context
*
* @returns SUIT_OK if valid
* @returns negative otherwise
*/
int suit_transport_mock_fetch(const suit_manifest_t *manifest);
#ifdef __cplusplus
}
#endif
#endif /* SUIT_TRANSPORT_MOCK_H */
/** @} */

20
sys/riotboot/flashwrite.c
View File

@ -34,15 +34,10 @@ static inline size_t min(size_t a, size_t b)
return a <= b ? a : b;
}
size_t riotboot_flashwrite_slotsize(const riotboot_flashwrite_t *state)
size_t riotboot_flashwrite_slotsize(
const riotboot_flashwrite_t *state)
{
switch (state->target_slot) {
case 0: return SLOT0_LEN;
#if NUM_SLOTS==2
case 1: return SLOT1_LEN;
#endif
default: return 0;
}
return riotboot_slot_size(state->target_slot);
}
int riotboot_flashwrite_init_raw(riotboot_flashwrite_t *state, int target_slot,
@ -62,6 +57,15 @@ int riotboot_flashwrite_init_raw(riotboot_flashwrite_t *state, int target_slot,
return 0;
}
int riotboot_flashwrite_flush(riotboot_flashwrite_t *state)
{
if (flashpage_write_and_verify(state->flashpage, state->flashpage_buf) != FLASHPAGE_OK) {
LOG_WARNING(LOG_PREFIX "error writing flashpage %u!\n", state->flashpage);
return -1;
}
return 0;
}
int riotboot_flashwrite_putbytes(riotboot_flashwrite_t *state,
const uint8_t *bytes, size_t len, bool more)
{

4
sys/suit/Makefile
View File

@ -2,4 +2,8 @@ ifneq (,$(filter suit_transport_%,$(USEMODULE)))
DIRS += transport
endif
ifneq (,$(filter suit_storage_%,$(USEMODULE)))
DIRS += storage
endif
include $(RIOTBASE)/Makefile.base

50
sys/suit/handlers.c
View File

@ -37,8 +37,8 @@ static suit_manifest_handler_t _get_handler(int key,
return map[key];
}
uint16_t suit_param_ref_to_cbor(suit_manifest_t *manifest,
suit_param_ref_t *ref,
uint16_t suit_param_ref_to_cbor(const suit_manifest_t *manifest,
const suit_param_ref_t *ref,
nanocbor_value_t *val)
{
size_t len = manifest->len - ref->offset;
@ -47,14 +47,56 @@ uint16_t suit_param_ref_to_cbor(suit_manifest_t *manifest,
return ref->offset;
}
void suit_param_cbor_to_ref(suit_manifest_t *manifest,
void suit_param_cbor_to_ref(const suit_manifest_t *manifest,
suit_param_ref_t *ref,
nanocbor_value_t *val)
const nanocbor_value_t *val)
{
assert(val->cur >= manifest->buf);
ref->offset = val->cur - manifest->buf;
}
int suit_component_name_to_string(const suit_manifest_t *manifest,
const suit_component_t *component,
char separator, char *buf, size_t buf_len)
{
assert(buf_len);
nanocbor_value_t comp_id, arr;
suit_param_ref_to_cbor(manifest, &component->identifier, &comp_id);
if (nanocbor_enter_array(&comp_id, &arr) < 0) {
return SUIT_ERR_INVALID_MANIFEST;
}
size_t pos = 0;
while (!nanocbor_at_end(&arr)) {
const uint8_t *bstr;
size_t bstr_len;
if (separator) {
buf[pos++] = separator;
}
if (nanocbor_get_bstr(&arr, &bstr, &bstr_len) < 0) {
return SUIT_ERR_INVALID_MANIFEST;
}
if ((buf_len - pos - 1) < bstr_len) {
/* No space */
return SUIT_ERR_NO_MEM;
}
memcpy(&buf[pos], bstr, bstr_len);
pos += bstr_len;
}
buf[pos] = '\0';
LOG_INFO("Formatted component name: %s\n", buf);
return SUIT_OK;
}
int suit_handle_manifest_structure(suit_manifest_t *manifest,
nanocbor_value_t *it,
const suit_manifest_handler_t *handlers,

162
sys/suit/handlers_command_seq.c
View File

@ -26,20 +26,34 @@
#include <nanocbor/nanocbor.h>
#include <assert.h>
#include "hashes/sha256.h"
#include "kernel_defines.h"
#include "suit/conditions.h"
#include "suit/handlers.h"
#include "suit/policy.h"
#include "suit/storage.h"
#include "suit.h"
#include "riotboot/hdr.h"
#include "riotboot/slot.h"
#ifdef MODULE_SUIT_TRANSPORT_COAP
#include "suit/transport/coap.h"
#endif
#include "suit/transport/mock.h"
#include "log.h"
static int _get_component_size(suit_manifest_t *manifest,
suit_component_t *comp,
uint32_t *img_size)
{
nanocbor_value_t param_size;
if ((suit_param_ref_to_cbor(manifest, &comp->param_size, &param_size) == 0)
|| (nanocbor_get_uint32(&param_size, img_size) < 0)) { return
SUIT_ERR_INVALID_MANIFEST;
}
return SUIT_OK;
}
static suit_component_t *_get_component(suit_manifest_t *manifest)
{
/* Out-of-bounds check has been done in the _dtv_set_comp_idx, True/False
@ -126,12 +140,16 @@ static int _cond_comp_offset(suit_manifest_t *manifest,
suit_param_ref_to_cbor(manifest, &comp->param_component_offset,
&param_offset);
nanocbor_get_uint32(&param_offset, &offset);
uint32_t other_offset = (uint32_t)riotboot_slot_offset(
riotboot_slot_other());
LOG_INFO("Comparing manifest offset %"PRIx32" with other slot offset %"PRIx32"\n",
offset, other_offset);
return other_offset == offset ? SUIT_OK : SUIT_ERR_COND;
if (!suit_storage_has_offset(comp->storage_backend)) {
return SUIT_ERR_COND;
}
LOG_INFO("Comparing manifest offset %"PRIx32" with other slot offset\n",
offset);
return suit_storage_match_offset(comp->storage_backend, offset) ?
SUIT_OK : SUIT_ERR_COND;
}
static int _dtv_set_comp_idx(suit_manifest_t *manifest,
@ -156,8 +174,21 @@ static int _dtv_set_comp_idx(suit_manifest_t *manifest,
return SUIT_ERR_INVALID_MANIFEST;
}
suit_component_t *component = &manifest->components[new_index];
char name[CONFIG_SUIT_COMPONENT_MAX_NAME_LEN];
suit_storage_t *storage = component->storage_backend;
char separator = suit_storage_get_separator(storage);
/* Done this before in the component stage, shouldn't be different now */
suit_component_name_to_string(manifest, component,
separator, name, sizeof(name));
suit_storage_set_active_location(storage, name);
/* Update the manifest context */
manifest->component_current = new_index;
LOG_INFO("Setting component index to %d\n",
(int)manifest->component_current);
return 0;
@ -170,8 +201,7 @@ static int _dtv_run_seq_cond(suit_manifest_t *manifest,
(void)key;
LOG_DEBUG("Starting conditional sequence handler\n");
return suit_handle_manifest_structure_bstr(manifest, it,
suit_command_sequence_handlers,
suit_command_sequence_handlers_len);
suit_command_sequence_handlers, suit_command_sequence_handlers_len);
}
static int _dtv_try_each(suit_manifest_t *manifest,
@ -192,8 +222,8 @@ static int _dtv_try_each(suit_manifest_t *manifest,
/* `_container` should be CBOR _bstr wrapped according to the spec, but
* it is not */
res = suit_handle_manifest_structure_bstr(manifest, &_container,
suit_command_sequence_handlers,
suit_command_sequence_handlers_len);
suit_command_sequence_handlers,
suit_command_sequence_handlers_len);
nanocbor_skip(&container);
@ -262,6 +292,25 @@ static int _dtv_set_param(suit_manifest_t *manifest, int key,
return SUIT_OK;
}
static int _start_storage(suit_manifest_t *manifest, suit_component_t *comp)
{
uint32_t img_size = 0;
char name[CONFIG_SUIT_COMPONENT_MAX_NAME_LEN];
char separator = suit_storage_get_separator(comp->storage_backend);
if (_get_component_size(manifest, comp, &img_size) < 0) {
return SUIT_ERR_INVALID_MANIFEST;
}
/* Done this before in the component stage, shouldn't be different now */
suit_component_name_to_string(manifest, comp,
separator, name, sizeof(name));
suit_storage_set_active_location(comp->storage_backend, name);
return suit_storage_start(comp->storage_backend, manifest, img_size);
}
static int _dtv_fetch(suit_manifest_t *manifest, int key,
nanocbor_value_t *_it)
{
@ -299,8 +348,10 @@ static int _dtv_fetch(suit_manifest_t *manifest, int key,
LOG_DEBUG("_dtv_fetch() fetching \"%s\" (url_len=%u)\n", manifest->urlbuf,
(unsigned)url_len);
int target_slot = riotboot_slot_other();
riotboot_flashwrite_init(manifest->writer, target_slot);
if (_start_storage(manifest, comp) < 0) {
LOG_ERROR("Unable to start storage backend\n");
return SUIT_ERR_STORAGE;
}
res = -1;
@ -308,13 +359,13 @@ static int _dtv_fetch(suit_manifest_t *manifest, int key,
#ifdef MODULE_SUIT_TRANSPORT_COAP
else if (strncmp(manifest->urlbuf, "coap://", 7) == 0) {
res = suit_coap_get_blockwise_url(manifest->urlbuf, COAP_BLOCKSIZE_64,
suit_flashwrite_helper,
suit_storage_helper,
manifest);
}
#endif
#ifdef MODULE_SUIT_TRANSPORT_MOCK
else if (strncmp(manifest->urlbuf, "test://", 7) == 0) {
res = SUIT_OK;
res = suit_transport_mock_fetch(manifest);
}
#endif
else {
@ -327,7 +378,7 @@ static int _dtv_fetch(suit_manifest_t *manifest, int key,
if (res) {
suit_component_set_flag(comp, SUIT_COMPONENT_STATE_FETCH_FAILED);
/* TODO: The leftover data from a failed fetch should be purged. It
* could contain potential malicous data from an attacker */
* could contain potential malicious data from an attacker */
LOG_INFO("image download failed with code %i\n", res);
return res;
}
@ -336,7 +387,8 @@ static int _dtv_fetch(suit_manifest_t *manifest, int key,
return SUIT_OK;
}
static int _get_digest(nanocbor_value_t *bstr, const uint8_t **digest, size_t *digest_len)
static int _get_digest(nanocbor_value_t *bstr, const uint8_t **digest, size_t
*digest_len)
{
/* Bstr is a byte string with a cbor array containing the type and the
* digest */
@ -355,6 +407,46 @@ static int _get_digest(nanocbor_value_t *bstr, const uint8_t **digest, size_t *d
return nanocbor_get_bstr(&arr_it, digest, digest_len);
}
static int _validate_payload(suit_component_t *component, const uint8_t *digest,
size_t payload_size)
{
uint8_t payload_digest[SHA256_DIGEST_LENGTH];
suit_storage_t *storage = component->storage_backend;
if (suit_storage_has_readptr(storage)) {
/* Direct read possible */
const uint8_t *payload = NULL;
size_t payload_len = 0;
suit_storage_read_ptr(storage, &payload, &payload_len);
if (payload_size != payload_len) {
return SUIT_ERR_STORAGE_EXCEEDED;
}
sha256(payload, payload_len, payload_digest);
}
else {
/* Piecewise feeding */
sha256_context_t ctx;
sha256_init(&ctx);
size_t pos = 0;
while (pos < payload_size) {
uint8_t buf[64];
size_t read_len = (payload_size - pos) > sizeof(buf) ?
sizeof(buf) : payload_size - pos;
suit_storage_read(storage, buf, pos, read_len);
sha256_update(&ctx, buf, read_len);
pos += read_len;
}
sha256_final(&ctx, payload_digest);
}
return (memcmp(digest, payload_digest, SHA256_DIGEST_LENGTH) == 0) ?
SUIT_OK : SUIT_ERR_DIGEST_MISMATCH;
}
static int _dtv_verify_image_match(suit_manifest_t *manifest, int key,
nanocbor_value_t *_it)
{
@ -362,19 +454,17 @@ static int _dtv_verify_image_match(suit_manifest_t *manifest, int key,
LOG_DEBUG("dtv_image_match\n");
const uint8_t *digest;
size_t digest_len;
int target_slot = riotboot_slot_other();
suit_component_t *comp = _get_component(manifest);
uint32_t img_size;
nanocbor_value_t param_size;
if ((suit_param_ref_to_cbor(manifest, &comp->param_size, &param_size) == 0) ||
(nanocbor_get_uint32(&param_size, &img_size) < 0)) {
if (_get_component_size(manifest, comp, &img_size) < 0) {
return SUIT_ERR_INVALID_MANIFEST;
}
/* Only check the component if it is fetched, but not failed */
if (!suit_component_check_flag(comp, SUIT_COMPONENT_STATE_FETCHED) ||
suit_component_check_flag(comp, SUIT_COMPONENT_STATE_FETCH_FAILED)) {
suit_component_check_flag(comp,
SUIT_COMPONENT_STATE_FETCH_FAILED)) {
LOG_ERROR("Fetch failed, or nothing fetched, nothing to check: %u\n",
comp->state);
return SUIT_ERR_INVALID_MANIFEST;
@ -393,21 +483,20 @@ static int _dtv_verify_image_match(suit_manifest_t *manifest, int key,
return SUIT_ERR_INVALID_MANIFEST;
}
res = riotboot_flashwrite_verify_sha256(digest,
img_size,
target_slot);
if (res != 0) {
return SUIT_ERR_COND;
/* TODO: replace with generic verification (not only sha256) */
LOG_INFO("Starting digest verification against image\n");
res = _validate_payload(comp, digest, img_size);
if (res == SUIT_OK) {
LOG_INFO("Install correct payload\n");
suit_storage_install(comp->storage_backend, manifest);
}
/**
* SUIT transport mock doesn't implement the the 'finish' function. Can be
* removed as soon as there is a proper storage abstraction layer for SUIT
*/
if (!IS_ACTIVE(MODULE_SUIT_TRANSPORT_MOCK)) {
riotboot_flashwrite_finish(manifest->writer);
else {
LOG_INFO("Erasing bad payload\n");
if (comp->storage_backend->driver->erase) {
suit_storage_erase(comp->storage_backend);
}
}
return SUIT_OK;
return res;
}
/* begin{code-style-ignore} */
@ -425,4 +514,5 @@ const suit_manifest_handler_t suit_command_sequence_handlers[] = {
};
/* end{code-style-ignore} */
const size_t suit_command_sequence_handlers_len = ARRAY_SIZE(suit_command_sequence_handlers);
const size_t suit_command_sequence_handlers_len =
ARRAY_SIZE(suit_command_sequence_handlers);

22
sys/suit/handlers_common.c
View File

@ -13,8 +13,8 @@
* @file
* @brief SUIT handler implementations for the manifest Common sections
*
* This file contains functions to handle the common info sections of a manifest.
* This includes components, dependencies and command sequences.
* This file contains functions to handle the common info sections of a
* manifest. This includes components, dependencies and command sequences.
*
* @author Koen Zandberg <koen@bergzand.net>
*
@ -26,6 +26,7 @@
#include "kernel_defines.h"
#include "suit/handlers.h"
#include "suit/storage.h"
#include "suit.h"
#include "log.h"
@ -61,7 +62,9 @@ static int _component_handler(suit_manifest_t *manifest, int key,
nanocbor_get_type(it));
return SUIT_ERR_INVALID_MANIFEST;
}
suit_param_cbor_to_ref(manifest, &component->identifier, &comp);
/* The array is stored so that the number of bytestrings in the array
* can be retrieved later */
suit_param_cbor_to_ref(manifest, &component->identifier, &arr);
/* Ensure that all parts of the identifier are a bstr */
while (!nanocbor_at_end(&comp)) {
const uint8_t *identifier;
@ -72,6 +75,16 @@ static int _component_handler(suit_manifest_t *manifest, int key,
}
}
nanocbor_leave_container(&arr, &comp);
/* find storage handler for component */
suit_storage_t *storage = suit_storage_find_by_component(manifest,
component);
if (!storage) {
LOG_ERROR("No storage handler found for component\n");
return SUIT_ERR_UNSUPPORTED;
}
component->storage_backend = storage;
n++;
}
manifest->components_len = n;
@ -97,8 +110,7 @@ int _common_sequence_handler(suit_manifest_t *manifest, int key,
(void)key;
LOG_DEBUG("Starting conditional sequence handler\n");
return suit_handle_manifest_structure_bstr(manifest, it,
suit_command_sequence_handlers,
suit_command_sequence_handlers_len);
suit_command_sequence_handlers, suit_command_sequence_handlers_len);
}
/* begin{code-style-ignore} */

27
sys/suit/handlers_global.c
View File

@ -29,6 +29,7 @@
#include "suit/handlers.h"
#include "suit/policy.h"
#include "suit.h"
#include "suit/storage.h"
extern int _common_sequence_handler(suit_manifest_t *manifest, int key,
nanocbor_value_t *it);
@ -55,27 +56,25 @@ static int _seq_no_handler(suit_manifest_t *manifest, int key,
{
(void)key;
int32_t seq_nr;
uint32_t seq_nr;
if (nanocbor_get_int32(it, &seq_nr) < 0) {
if (nanocbor_get_uint32(it, &seq_nr) < 0) {
LOG_INFO("Unable to get sequence number\n");
return SUIT_ERR_INVALID_MANIFEST;
}
const riotboot_hdr_t *hdr = riotboot_slot_get_hdr(riotboot_slot_current());
if (seq_nr <= (int32_t)hdr->version) {
LOG_INFO("%" PRId32 " <= %" PRId32 "\n", seq_nr, hdr->version);
LOG_INFO("seq_nr <= running image\n)");
uint32_t stored_seq_no = 0;
if (suit_storage_get_highest_seq_no(&stored_seq_no) < 0) {
return SUIT_ERR_STORAGE;
}
LOG_INFO("Manifest seq_no: %"PRIu32", highest available: %"PRIu32"\n",
seq_nr, stored_seq_no);
if (seq_nr <= stored_seq_no) {
LOG_ERROR("seq_nr <= running image\n)");
return SUIT_ERR_SEQUENCE_NUMBER;
}
hdr = riotboot_slot_get_hdr(riotboot_slot_other());
if (riotboot_hdr_validate(hdr) == 0) {
if (seq_nr <= (int32_t)hdr->version) {
LOG_INFO("%" PRIu32 " <= %" PRIu32 "\n", seq_nr, hdr->version);
LOG_INFO("seq_nr <= other image\n)");
return SUIT_ERR_SEQUENCE_NUMBER;
}
}
LOG_INFO("suit: validated sequence number\n)");
manifest->validated |= SUIT_VALIDATED_SEQ_NR;
return SUIT_OK;

107
sys/suit/storage.c Normal file
View File

@ -0,0 +1,107 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_suit_storage
* @{
*
* @file
* @brief SUIT storage backend helpers
*
* @author Koen Zandberg <koen@bergzand.net>
*
* @}
*/
#include <string.h>
#include "kernel_defines.h"
#include "suit.h"
#include "suit/storage.h"
#ifdef MODULE_SUIT_STORAGE_FLASHWRITE
#include "suit/storage/flashwrite.h"
extern suit_storage_flashwrite_t suit_storage_flashwrite;
#endif
#ifdef MODULE_SUIT_STORAGE_RAM
#include "suit/storage/ram.h"
extern suit_storage_ram_t suit_storage_ram;
#endif
static suit_storage_t *reg[] = {
#ifdef MODULE_SUIT_STORAGE_FLASHWRITE
&suit_storage_flashwrite.storage,
#endif
#ifdef MODULE_SUIT_STORAGE_RAM
&suit_storage_ram.storage,
#endif
};
static const size_t reg_size = ARRAY_SIZE(reg);
suit_storage_t *suit_storage_find_by_id(const char *id)
{
for (size_t i = 0; i < reg_size; i++) {
if (suit_storage_has_location(reg[i], id)) {
return reg[i];
}
}
return NULL;
}
void suit_storage_init_all(void)
{
for (size_t i = 0; i < reg_size; i++) {
suit_storage_init(reg[i]);
}
}
suit_storage_t *suit_storage_find_by_component(const suit_manifest_t *manifest,
const suit_component_t *component)
{
for (size_t i = 0; i < reg_size; i++) {
char name[CONFIG_SUIT_COMPONENT_MAX_NAME_LEN];
if (suit_component_name_to_string(manifest, component,
reg[i]->driver->separator,
name, sizeof(name)) == SUIT_OK) {
if (suit_storage_has_location(reg[i], name)) {
return reg[i];
}
}
}
return NULL;
}
int suit_storage_get_highest_seq_no(uint32_t *seq_no)
{
uint32_t max_seq = 0;
int res = SUIT_ERR_STORAGE;
for (size_t i = 0; i < reg_size; i++) {
uint32_t seq_no = 0;
if (suit_storage_get_seq_no(reg[i], &seq_no) == SUIT_OK) {
res = SUIT_OK;
if (seq_no > max_seq) {
max_seq = seq_no;
}
}
}
*seq_no = max_seq;
return res;
}
int suit_storage_set_seq_no_all(uint32_t seq_no)
{
for (size_t i = 0; i < reg_size; i++) {
suit_storage_set_seq_no(reg[i], seq_no);
}
return 0;
}

5
sys/suit/storage/Makefile Normal file
View File

@ -0,0 +1,5 @@
MODULE := suit_storage
SUBMODULES := 1
BASE_MODULE := suit_storage
include $(RIOTBASE)/Makefile.base

216
sys/suit/storage/flashwrite.c Normal file
View File

@ -0,0 +1,216 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_suit_storage
* @{
*
* @file
* @brief SUIT flashwrite storage module implementation
*
* @author Koen Zandberg <koen@bergzand.net>
*
* @}
*/
#include <string.h>
#include "kernel_defines.h"
#include "log.h"
#include "suit.h"
#include "suit/storage.h"
#include "suit/storage/flashwrite.h"
#include "riotboot/flashwrite.h"
#include "riotboot/slot.h"
static inline suit_storage_flashwrite_t *_get_fw(suit_storage_t *storage)
{
return container_of(storage, suit_storage_flashwrite_t, storage);
}
static int _flashwrite_init(suit_storage_t *storage)
{
(void)storage;
return 0;
}
static int _flashwrite_start(suit_storage_t *storage,
const suit_manifest_t *manifest,
size_t len)
{
(void)manifest;
(void)len;
suit_storage_flashwrite_t *fw = _get_fw(storage);
int target_slot = riotboot_slot_other();
return riotboot_flashwrite_init(&fw->writer, target_slot);
}
static int _flashwrite_write(suit_storage_t *storage,
const suit_manifest_t *manifest,
const uint8_t *buf, size_t offset, size_t len)
{
(void)manifest;
suit_storage_flashwrite_t *fw = _get_fw(storage);
if (offset == 0) {
if (len < RIOTBOOT_FLASHWRITE_SKIPLEN) {
LOG_WARNING("_suit_flashwrite(): offset==0, len<4. aborting\n");
return -1;
}
offset = RIOTBOOT_FLASHWRITE_SKIPLEN;
buf += RIOTBOOT_FLASHWRITE_SKIPLEN;
len -= RIOTBOOT_FLASHWRITE_SKIPLEN;
}
if (offset != fw->writer.offset) {
LOG_ERROR("Unexpected offset: %u - expected: %u\n", (unsigned)offset,
(unsigned)fw->writer.offset);
return SUIT_ERR_STORAGE;
}
return riotboot_flashwrite_putbytes(&fw->writer, buf, len, 1);
}
static int _flashwrite_finish(suit_storage_t *storage,
const suit_manifest_t *manifest)
{
(void)manifest;
suit_storage_flashwrite_t *fw = _get_fw(storage);
return riotboot_flashwrite_flush(&fw->writer) <
0 ? SUIT_ERR_STORAGE : SUIT_OK;
}
static int _flashwrite_install(suit_storage_t *storage,
const suit_manifest_t *manifest)
{
(void)manifest;
suit_storage_flashwrite_t *fw = _get_fw(storage);
return riotboot_flashwrite_finish(&fw->writer);
}
static int _flashwrite_read(suit_storage_t *storage, uint8_t *buf,
size_t offset, size_t len)
{
(void)storage;
static const char _prefix[] = "RIOT";
static const size_t _prefix_len = sizeof(_prefix) - 1;
int target_slot = riotboot_slot_other();
size_t slot_size = riotboot_slot_size(target_slot);
/* Insert the "RIOT" magic number */
if (offset < (_prefix_len)) {
size_t prefix_to_copy = _prefix_len - offset;
memcpy(buf, _prefix + offset, prefix_to_copy);
len -= prefix_to_copy;
offset = _prefix_len;
buf += prefix_to_copy;
}
if (offset + len > slot_size) {
return -1;
}
uint8_t *slot = (uint8_t *)riotboot_slot_get_hdr(target_slot);
memcpy(buf, slot + offset, len);
return 0;
}
static bool _flashwrite_has_location(const suit_storage_t *storage,
const char *location)
{
(void)storage;
/* Firmware matches at zero length string */
return (location[0] == '\0');
}
static int _flashwrite_set_active_location(suit_storage_t *storage,
const char *location)
{
(void)storage;
(void)location;
return 0;
}
static bool _flashwrite_match_offset(const suit_storage_t *storage,
size_t offset)
{
(void)storage;
int target_slot = riotboot_slot_other();
uintptr_t slot_start = (intptr_t)riotboot_slot_get_hdr(target_slot);
return (slot_start == (uintptr_t)offset);
}
static int _flashwrite_get_seq_no(const suit_storage_t *storage,
uint32_t *seq_no)
{
(void)storage;
uint32_t max_seq_no = 0;
bool valid = false;
for (unsigned i = 0; i < riotboot_slot_numof; i++) {
const riotboot_hdr_t *riot_hdr = riotboot_slot_get_hdr(i);
if (riotboot_slot_validate(i)) {
/* skip slot if metadata broken */
continue;
}
if (!valid || riot_hdr->version > max_seq_no) {
max_seq_no = riot_hdr->version;
valid = true;
}
}
if (valid) {
*seq_no = max_seq_no;
return SUIT_OK;
}
return -1;
}
static int _flashwrite_set_seq_no(suit_storage_t *storage,
uint32_t seq_no)
{
(void)storage;
int target_slot = riotboot_slot_other();
const riotboot_hdr_t *hdr = riotboot_slot_get_hdr(target_slot);
if (hdr->version == seq_no) {
return SUIT_OK;
}
return -1;
}
static const suit_storage_driver_t suit_storage_flashwrite_driver = {
.init = _flashwrite_init,
.start = _flashwrite_start,
.write = _flashwrite_write,
.finish = _flashwrite_finish,
.read = _flashwrite_read,
.install = _flashwrite_install,
.has_location = _flashwrite_has_location,
.set_active_location = _flashwrite_set_active_location,
.match_offset = _flashwrite_match_offset,
.get_seq_no = _flashwrite_get_seq_no,
.set_seq_no = _flashwrite_set_seq_no,
.separator = '\0',
};
suit_storage_flashwrite_t suit_storage_flashwrite = {
.storage = {
.driver = &suit_storage_flashwrite_driver,
},
};

231
sys/suit/storage/ram.c Normal file
View File

@ -0,0 +1,231 @@
/*
* Copyright (C) 2020 Koen Zandberg
* 2020 Inria
*
* This file is subject to the terms and conditions of the GNU Lesser
* General Public License v2.1. See the file LICENSE in the top level
* directory for more details.
*/
/**
* @ingroup sys_suit_storage
* @{
*
* @file
* @brief SUIT ram storage module implementation
*
* @author Koen Zandberg <koen@bergzand.net>
*
* @}
*/
#include <string.h>
#include <inttypes.h>
#include "fmt.h"
#include "kernel_defines.h"
#include "log.h"
#include "suit.h"
#include "suit/storage.h"
#include "suit/storage/ram.h"
static inline suit_storage_ram_t *_get_ram(suit_storage_t *storage)
{
return container_of(storage, suit_storage_ram_t, storage);
}
static inline const suit_storage_ram_t *_get_ram_const(
const suit_storage_t *storage)
{
return container_of(storage, suit_storage_ram_t, storage);
}
static inline suit_storage_ram_region_t *_get_active_region(
suit_storage_ram_t *ram)
{
return &ram->regions[ram->active_region];
}
static bool _get_region_by_string(const char *location, uint32_t *val)
{
/* Matching on .ram.### */
static const char prefix[] = ".ram.";
static const size_t prefix_len = sizeof(prefix) - 1;
/* Check for prefix */
if (strncmp(prefix, location, prefix_len) == 0 &&
location[prefix_len] != '\n') {
/* Advance to the number */
location += prefix_len;
/* Check if the rest of the string is a number */
if (fmt_is_number(location)) {
/* grab the number */
*val = scn_u32_dec(location, 5);
/* Number must be smaller than the number of regions */
if (*val < CONFIG_SUIT_STORAGE_RAM_REGIONS) {
return true;
}
}
}
return false;
}
static int _ram_init(suit_storage_t *storage)
{
suit_storage_ram_t *ram = _get_ram(storage);
/* Clear the ram regions */
memset(ram->regions, 0,
sizeof(suit_storage_ram_region_t) * CONFIG_SUIT_STORAGE_RAM_REGIONS);
return SUIT_OK;
}
static int _ram_start(suit_storage_t *storage, const suit_manifest_t *manifest,
size_t len)
{
(void)manifest;
suit_storage_ram_t *ram = _get_ram(storage);
suit_storage_ram_region_t *region = _get_active_region(ram);
if (len > CONFIG_SUIT_STORAGE_RAM_SIZE) {
return SUIT_ERR_STORAGE_EXCEEDED;
}
region->occupied = 0;
return SUIT_OK;
}
static int _ram_write(suit_storage_t *storage, const suit_manifest_t *manifest,
const uint8_t *buf, size_t offset, size_t len)
{
(void)manifest;
suit_storage_ram_t *ram = _get_ram(storage);
suit_storage_ram_region_t *region = _get_active_region(ram);
if (offset + len > CONFIG_SUIT_STORAGE_RAM_SIZE) {
return SUIT_ERR_STORAGE_EXCEEDED;
}
memcpy(&region->mem[offset], buf, len);
region->occupied += len;
return SUIT_OK;
}
static int _ram_finish(suit_storage_t *storage, const suit_manifest_t *manifest)
{
(void)storage;
(void)manifest;
return SUIT_OK;
}
static int _ram_install(suit_storage_t *storage,
const suit_manifest_t *manifest)
{
(void)manifest;
(void)storage;
return SUIT_OK;
}
static int _ram_erase(suit_storage_t *storage)
{
suit_storage_ram_t *ram = _get_ram(storage);
suit_storage_ram_region_t *region = _get_active_region(ram);
memset(region->mem, 0, CONFIG_SUIT_STORAGE_RAM_SIZE);
return SUIT_OK;
}
static int _ram_read(suit_storage_t *storage, uint8_t *buf, size_t offset,
size_t len)
{
suit_storage_ram_t *ram = _get_ram(storage);
suit_storage_ram_region_t *region = _get_active_region(ram);
if (offset + len > CONFIG_SUIT_STORAGE_RAM_SIZE) {
return SUIT_ERR_STORAGE_EXCEEDED;
}
memcpy(buf, &region->mem[offset], len);
return SUIT_OK;
}
static int _ram_read_ptr(suit_storage_t *storage,
const uint8_t **buf, size_t *len)
{
suit_storage_ram_t *ram = _get_ram(storage);
suit_storage_ram_region_t *region = _get_active_region(ram);
*buf = region->mem;
*len = region->occupied;
return SUIT_OK;
}
static bool _ram_has_location(const suit_storage_t *storage,
const char *location)
{
(void)storage;
uint32_t val;
return _get_region_by_string(location, &val);
}
static int _ram_set_active_location(suit_storage_t *storage,
const char *location)
{
suit_storage_ram_t *ram = _get_ram(storage);
uint32_t region = 0;
if (!_get_region_by_string(location, &region)) {
return -1;
}
ram->active_region = region;
return SUIT_OK;
}
static int _ram_get_seq_no(const suit_storage_t *storage, uint32_t *seq_no)
{
const suit_storage_ram_t *ram = _get_ram_const(storage);
*seq_no = ram->sequence_no;
LOG_INFO("Retrieved sequence number: %" PRIu32 "\n", *seq_no);
return SUIT_OK;
}
static int _ram_set_seq_no(suit_storage_t *storage, uint32_t seq_no)
{
suit_storage_ram_t *ram = _get_ram(storage);
if (ram->sequence_no < seq_no) {
LOG_INFO("Stored sequence number: %" PRIu32 "\n", seq_no);
ram->sequence_no = seq_no;
return SUIT_OK;
}
return SUIT_ERR_SEQUENCE_NUMBER;
}
static const suit_storage_driver_t suit_storage_ram_driver = {
.init = _ram_init,
.start = _ram_start,
.write = _ram_write,
.finish = _ram_finish,
.read = _ram_read,
.read_ptr = _ram_read_ptr,
.install = _ram_install,
.erase = _ram_erase,
.has_location = _ram_has_location,
.set_active_location = _ram_set_active_location,
.get_seq_no = _ram_get_seq_no,
.set_seq_no = _ram_set_seq_no,
.separator = '.',
};
suit_storage_ram_t suit_storage_ram = {
.storage = {
.driver = &suit_storage_ram_driver,
},
};

45
sys/suit/transport/coap.c
View File

@ -37,12 +37,12 @@
#ifdef MODULE_RIOTBOOT_SLOT
#include "riotboot/slot.h"
#include "riotboot/flashwrite.h"
#endif
#ifdef MODULE_SUIT
#include "suit.h"
#include "suit/handlers.h"
#include "suit/storage.h"
#endif
#if defined(MODULE_PROGRESS_BAR)
@ -53,8 +53,8 @@
#include "debug.h"
#ifndef SUIT_COAP_STACKSIZE
/* allocate stack needed to keep a page buffer and do manifest validation */
#define SUIT_COAP_STACKSIZE (3 * THREAD_STACKSIZE_LARGE + FLASHPAGE_SIZE)
/* allocate stack needed to do manifest validation */
#define SUIT_COAP_STACKSIZE (3 * THREAD_STACKSIZE_LARGE)
#endif
#ifndef SUIT_COAP_PRIO
@ -349,11 +349,9 @@ static void _suit_handle_url(const char *url)
LOG_INFO("suit_coap: got manifest with size %u\n", (unsigned)size);
#ifdef MODULE_SUIT
riotboot_flashwrite_t writer;
suit_manifest_t manifest;
memset(&manifest, 0, sizeof(manifest));
manifest.writer = &writer;
manifest.urlbuf = _url;
manifest.urlbuf_len = SUIT_URL_MAX;
@ -384,17 +382,16 @@ static void _suit_handle_url(const char *url)
}
}
int suit_flashwrite_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
int more)
int suit_storage_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
int more)
{
suit_manifest_t *manifest = (suit_manifest_t *)arg;
riotboot_flashwrite_t *writer = manifest->writer;
uint32_t image_size;
nanocbor_value_t param_size;
size_t total = offset + len;
suit_param_ref_t *ref_size =
&manifest->components[manifest->component_current].param_size;
suit_component_t *comp = &manifest->components[manifest->component_current];
suit_param_ref_t *ref_size = &comp->param_size;
/* Grab the total image size from the manifest */
if ((suit_param_ref_to_cbor(manifest, ref_size, &param_size) == 0) ||
@ -403,28 +400,10 @@ int suit_flashwrite_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
return -1;
}
if (offset == 0) {
if (len < RIOTBOOT_FLASHWRITE_SKIPLEN) {
LOG_WARNING("_suit_flashwrite(): offset==0, len<4. aborting\n");
return -1;
}
offset = RIOTBOOT_FLASHWRITE_SKIPLEN;
buf += RIOTBOOT_FLASHWRITE_SKIPLEN;
len -= RIOTBOOT_FLASHWRITE_SKIPLEN;
}
if (writer->offset != offset) {
LOG_WARNING(
"_suit_flashwrite(): writer->offset=%u, offset==%u, aborting\n",
(unsigned)writer->offset, (unsigned)offset);
return -1;
}
if (image_size < offset + len) {
/* Extra newline at the start to compensate for the progress bar */
LOG_ERROR(
"\n_suit_flashwrite(): Image beyond size, offset + len=%u, "
"\n_suit_coap(): Image beyond size, offset + len=%u, "
"image_size=%u\n", (unsigned)(total), (unsigned)image_size);
return -1;
}
@ -437,7 +416,13 @@ int suit_flashwrite_helper(void *arg, size_t offset, uint8_t *buf, size_t len,
_print_download_progress(manifest, offset, len, image_size);
return riotboot_flashwrite_putbytes(writer, buf, len, more);
int res = suit_storage_write(comp->storage_backend, manifest, buf, offset, len);
if (!more) {
LOG_INFO("Finalizing payload store\n");
/* Finalize the write if no more data available */
res = suit_storage_finish(comp->storage_backend, manifest);
}
return res;
}
static void *_suit_coap_thread(void *arg)

73
sys/suit/transport/mock.c
View File

@ -11,71 +11,32 @@
#include <stdbool.h>
#include "kernel_defines.h"
#include "cpu_conf.h"
#include "log.h"
#include "riotboot/flashwrite.h"
#include "riotboot/hdr.h"
#include "suit.h"
#include "suit/storage.h"
#include "suit/transport/mock.h"
#define SLOT0_OFFSET 0x1000
#define SLOT1_OFFSET 0x2000
/* Must be defined by the test */
extern const suit_transport_mock_payload_t payloads[];
extern const size_t num_payloads;
static riotboot_hdr_t _riotboot_slots[] = {
{ .magic_number = RIOTBOOT_MAGIC,
.version = 1,
.start_addr=0x100000,
},
{ .magic_number = RIOTBOOT_MAGIC,
.version = 2,
.start_addr=0x200000,
},
};
const riotboot_hdr_t * const riotboot_slots[] = {
&_riotboot_slots[0],
&_riotboot_slots[1],
};
const unsigned riotboot_slot_numof = ARRAY_SIZE(riotboot_slots);
static int _current_slot;
int riotboot_slot_current(void)
static const suit_component_t *_get_component(const suit_manifest_t *manifest)
{
return _current_slot;
assert(manifest->component_current < CONFIG_SUIT_COMPONENT_MAX);
return &manifest->components[manifest->component_current];
}
int riotboot_slot_other(void)
int suit_transport_mock_fetch(const suit_manifest_t *manifest)
{
return (_current_slot == 0) ? 1 : 0;
}
size_t file = manifest->component_current;
const suit_component_t *comp = _get_component(manifest);
const riotboot_hdr_t *riotboot_slot_get_hdr(unsigned slot)
{
assert(slot < riotboot_slot_numof);
assert(file < num_payloads);
return riotboot_slots[slot];
}
LOG_INFO("Mock writing payload %d\n", (unsigned)file);
size_t riotboot_slot_offset(unsigned slot)
{
return (slot == 0) ? SLOT0_OFFSET : SLOT1_OFFSET;
}
int riotboot_flashwrite_init_raw(riotboot_flashwrite_t *state, int target_slot,
size_t offset)
{
(void)state;
(void)target_slot;
(void)offset;
puts("riotboot_flashwrite_init_raw() empty mock");
return 0;
}
int riotboot_flashwrite_verify_sha256(const uint8_t *sha256_digest,
size_t img_size, int target_slot)
{
(void)sha256_digest;
(void)img_size;
(void)target_slot;
suit_storage_write(comp->storage_backend, manifest, payloads[file].buf, 0,
payloads[file].len);
return 0;
}

6
tests/suit_manifest/Makefile
View File

@ -1,6 +1,7 @@
include ../Makefile.tests_common
USEMODULE += suit
USEMODULE += suit suit_storage_ram
USEMODULE += suit_transport_mock
USEMODULE += riotboot_hdr
USEMODULE += embunit
@ -19,7 +20,8 @@ BLOBS += $(MANIFEST_DIR)/manifest2.bin
BLOBS += $(MANIFEST_DIR)/manifest3.bin
BLOBS += $(MANIFEST_DIR)/manifest4.bin
USEMODULE += suit_transport_mock
BLOBS += $(MANIFEST_DIR)/file1.bin
BLOBS += $(MANIFEST_DIR)/file2.bin
CFLAGS += -DCONFIG_SUIT_COMPONENT_MAX=2

6
tests/suit_manifest/create_test_data.sh
View File

@ -39,13 +39,13 @@ gen_manifest "${MANIFEST_DIR}/manifest0.bin" 1 "${MANIFEST_DIR}/file1.bin:$((0x1
# manifest with invalid seqnr
sign_manifest "${MANIFEST_DIR}/manifest0.bin" "${MANIFEST_DIR}/manifest1.bin"
(BOARD=invalid gen_manifest "${MANIFEST_DIR}/manifest2.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin:$((0x1000))" "${MANIFEST_DIR}/file2.bin:$((0x2000))")
(BOARD=invalid gen_manifest "${MANIFEST_DIR}/manifest2.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin:$((0x1000)):ram:0" "${MANIFEST_DIR}/file2.bin:$((0x2000)):ram:0")
sign_manifest "${MANIFEST_DIR}/manifest2.bin".unsigned "${MANIFEST_DIR}/manifest2.bin"
# valid manifest, valid seqnr, signed
gen_manifest "${MANIFEST_DIR}/manifest3.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin:$((0x1000))" "${MANIFEST_DIR}/file2.bin:$((0x2000))"
gen_manifest "${MANIFEST_DIR}/manifest3.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin:0:ram:0"
sign_manifest "${MANIFEST_DIR}/manifest3.bin".unsigned "${MANIFEST_DIR}/manifest3.bin"
# valid manifest, valid seqnr, signed, 2 components
gen_manifest "${MANIFEST_DIR}/manifest4.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin" "${MANIFEST_DIR}/file2.bin"
gen_manifest "${MANIFEST_DIR}/manifest4.bin".unsigned 2 "${MANIFEST_DIR}/file1.bin:0:ram:0" "${MANIFEST_DIR}/file2.bin:0:ram:1"
sign_manifest "${MANIFEST_DIR}/manifest4.bin".unsigned "${MANIFEST_DIR}/manifest4.bin"

8
tests/suit_manifest/include/riotboot/flashwrite.h
View File

@ -36,6 +36,14 @@ static inline int riotboot_flashwrite_init(riotboot_flashwrite_t *state,
return 0;
}
static inline riotboot_flashwrite_verify_sha256(digest,
img_size,
target_slot) {
(void)digest;
(void)img_size;
(void)target_slot;
return 0;
}
#ifdef __cplusplus
}
#endif

22
tests/suit_manifest/main.c
View File

@ -22,6 +22,8 @@
#include "log.h"
#include "suit.h"
#include "suit/storage.h"
#include "suit/transport/mock.h"
#include "embUnit.h"
#define TEST_MANIFEST_INCLUDE(file) <blob/bin/BOARD_NAME_UNQ/manifests/file>
@ -34,6 +36,8 @@
#include TEST_MANIFEST_INCLUDE(manifest3.bin.h)
#include TEST_MANIFEST_INCLUDE(manifest4.bin.h)
#include TEST_MANIFEST_INCLUDE(file1.bin.h)
#include TEST_MANIFEST_INCLUDE(file2.bin.h)
#define SUIT_URL_MAX 128
typedef struct {
@ -53,17 +57,28 @@ const manifest_blob_t manifest_blobs[] = {
const unsigned manifest_blobs_numof = ARRAY_SIZE(manifest_blobs);
const suit_transport_mock_payload_t payloads[] = {
{
.buf = file1_bin,
.len = sizeof(file1_bin),
},
{
.buf = file2_bin,
.len = sizeof(file2_bin),
}
};
const size_t num_payloads = ARRAY_SIZE(payloads);
static int test_suit_manifest(const unsigned char *manifest_bin,
size_t manifest_bin_len)
{
char _url[SUIT_URL_MAX];
suit_manifest_t manifest;
riotboot_flashwrite_t writer;
memset(&manifest, 0, sizeof(manifest));
memset(&writer, 0, sizeof(writer));
manifest.writer = &writer;
manifest.urlbuf = _url;
manifest.urlbuf_len = SUIT_URL_MAX;
@ -79,6 +94,7 @@ static int test_suit_manifest(const unsigned char *manifest_bin,
static void test_suit_manifest_01_manifests(void)
{
suit_storage_set_seq_no_all(1);
for (unsigned i = 0; i < manifest_blobs_numof; i++) {
printf("\n--- testing manifest %u\n", i);
int res = \