MCUboot release notes

  • Table of Contents {:toc}

Version 2.1.0

  • Boot serial: Add response to echo command if support is not enabled, previously the command would have been accepted but no response indicating that the command is not supported would have been sent.

  • Added support for using builtin keys for image validation (available with the PSA Crypto API based crypto backend for ECDSA signatures).

  • Enforce that TLV entries that should be protected are. This can be disabled by defining ALLOW_ROGUE_TLVS

  • bootutil: Fixed issue with comparing sector sizes for compatibility, this now also checks against the number of usable sectors (which is the slot size minus the swap status and moved up by one sector).

  • bootutil: Added debug logging to show write location of swap status and details on sectors including if slot sizes are not optimal for a given board.

  • Update ptest to support test selection. Ptest can now be invoked with list to show the available tests and run to run them. The -t argument will select specific tests to run.

  • Allow sim tests to skip slow tests. By setting MCUBOOT_SKIP_SLOW_TESTS in the environment, the sim will skip two tests that are very slow. In one instance this reduces the test time from 2 hours to about 5 minutes. These slow tests are useful, in that they test bad powerdown recovery, but are inconvenient when testing other areas.

  • Zephyr: Fixes support for disabling instruction/data caches prior to chain-loading an application, this will be automatically enabled if one or both of these caches are present. This feature can be disabled by setting CONFIG_BOOT_DISABLE_CACHES to n.

  • Zephyr: Fix issue with single application slot mode, serial recovery and encryption whereby an encrypted image is loaded and being wrongly treated as encrypted after decryption.

  • Zephyr: Add estimated image footer size to cache in sysbuild.

  • Added firmware loader configuration type support for Zephyr, this allows for a single application slot and firmware loader image in the secondary slot which is used to update the primary image (loading it in any way it sees fit e.g. via Bluetooth).

  • Zephyr: Remove deprecated ZEPHYR_TRY_MASS_ERASE Kconfig option.

  • Zephyr: Prevent MBEDTLS Kconfig selection when tinycrypt is used.

  • Zephyr: Add USB CDC serial recovery check that now causes a build failure if console is enabled and device is the same as the USB CDC device.

  • Zephyr: Add USB CDC serial recovery check that now causes a build failure if the main thread priority is below 0 (cooperative thread), this would prevent USB CDC from working as the driver would not have been able to fire callbacks.

  • Use general flash operations to determine the flash reset vector. This improves support a bit for some configurations of external flash.

  • fix a memory leak in the HKDF implementation.

  • Zephyr: Added a MCUboot banner which displays the version of MCUboot being used and the version of zephyr. This can be disabled by setting CONFIG_MCUBOOT_BOOT_BANNER=n which will revert back to the default zephyr boot banner.

Version 2.0.0

Note that this release, 2.0.0 is a new major number, and contains a small API change in the interface between mcuboot and the platform. All platforms contained within the MCUboot tree have been updated, but any external platforms will have to be adjusted. The following commit makes the API change, in the function boot_save_shared_data.

commit 3016d00cd765e7c09a14af55fb4dcad945e4b982
Author: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Date:   Tue Mar 14 12:35:51 2023 +0000

    bootutil: Add active slot number and max app size to shared data

About this release

  • Add error when flash device fails to open.

  • Panic bootloader when flash device fails to open.

  • Fixed issue with serial recovery not showing image details for decrypted images.

  • Fixes issue with serial recovery in single slot mode wrongly iterating over 2 image slots.

  • CDDL auto-generated function code has been replaced with zcbor function calls, this now allows the parameters to be supplied in any order.

  • Added currently running slot ID and maximum application size to shared data function definition.

  • Make the ECDSA256 TLV curve agnostic and rename it to ECDSA_SIG.

  • imgtool: add P384 support along with SHA384.

  • espressif: refactor after removing IDF submodule

  • espressif: add ESP32-C6, ESP32-C2 and ESP32-H2 new chips support

  • espressif: adjustments after IDF v5.1 compatibility, secure boot build and memory map organization

  • Serial recovery image state and image set state optional commands added

  • imgtool: add ‘dumpinfo’ command for signed image parsing.

  • imgtool: add ‘getpubhash’ command to dump the sha256 hash of the public key

  • imgtool’s getpub can print the output to a file

  • imgtool can dump the raw versions of the public keys

  • Drop ECDSA P224 support

  • Fixed an issue with boot_serial repeats not being processed when output was sent, this would lead to a divergence of commands whereby later commands being sent would have the previous command output sent instead.

  • Fixed an issue with the boot_serial zcbor setup encoder function wrongly including the buffer address in the size which caused serial recovery to fail on some platforms.

  • zcbor library files have been updated to version 0.7.0

  • Reworked boot serial extensions so that they can be used by modules or from user repositories by switching to iterable sections.

  • Removed Zephyr custom img list boot serial extension support.

  • (Zephyr) Adds support for sharing boot information with application via retention subsystem

  • Zephyr no longer builds in optimize for debug mode, this saves a significant amount of flash space.

  • Reworked image encryption support for Zephyr, static dummy key files are no longer in the code, a pem file must be supplied to extract the private and public keys. The Kconfig menu has changed to only show a single option for enabling encryption and selecting the key file.

  • Serial recovery can now read and handle encrypted seondary slot partitions.

  • Serial recovery with MBEDTLS no longer has undefined operations which led to usage faults when the secondary slot image was encrypted.

  • espressif: allow the use of a different toolchain for building

Version 1.10.0

The 1.10.0 release of MCUboot contains…

About this release

  • Various fixes to boot serial.

  • Various fixes to the mbed target.

  • Various fixes to the Espressif native target.

  • Various fixes to the Zephyr target.

  • Workflow improvements with Zephyr CI.

  • Add multi image support to the espressif esp32 target.

  • Improvements and corrections to the simulator.

  • Improve imgtool, including adding 3rd party signing support.

  • Various fixes to the mynewt target.

  • Various fixes to the nuttx target.

  • Dates to dependencies for doc generation.

  • Add downgrade prevention for modes using swap.

  • Various general fixes to the boot code.

  • Prefer swap move on zephyr if the scratch partition is not enabled.

  • Upgrade fault-injection hardening, improving cases injections are detected.

  • Add a new flash api flash_area_get_sector, along with support for each target, that replaces flash_area_sector_from_off. This is a step in cleaning up the flash API used by MCUboot.

Security fixes

There are no security vulnerabilities reported on the MCUboot code for this release. There have been several updates to the dependencies in the Ruby code used to generate the documentation. This should only affect users that generate their own documentation.

Version 1.9.0

The 1.9.0 release of MCUboot contains various bug fixes, improves support on some recent targets, and adds support for devices with a write alignment larger than 8.

This change introduces a potentially incompatible change to the format of the image trailer. If BOOT_MAX_ALIGN is kept at 8, the trailer format does not change. However, to support larger write alignments, this value can be increased, which will result in a different magic number value. These targets were previously unsupported in MCUboot, so this change should not affect any existing targets. The change has been tested with a BOOT_MAX_ALIGN up to 32 bytes.

About this release

  • Add native flash encryption to Espressif targets

  • Numerous documentation improvements

  • Increase coverage of large images in the simulator

  • Add stm32 watchdog support

  • Add support for the mimxrt685_evk board

  • Add support for “partial multi-image booting”

  • Add support for clear image generation with encryption capability to imgtool

  • Fix Zephyr when CONFIG_BOOT_ENCRYPTION_KEY_FILE is not defined

  • Remove zephyr example test running in shell. The Go version is primary and much more featureful.

  • imgtool: make --max-align default reasonable in most cases.

  • Implement the mcumgr echo command in serial boot mode

Security fixes

Version 1.8.0

The 1.8.0 release of MCUboot contains numerous fixes, and adds support for the NuttX RTOS, and the Espressif ESP32 SDK.

About this release

  • Add support for the NuttX RTOS.

  • Add support for the Espressif ESP32 SDK.

  • boot_serial changed to use cddl-gen, which removes the dependency on tinycbor.

  • Add various hooks to be able to change how image data is accessed.

  • Cypress supports Mbed TLS for encryption.

  • Support using Mbed TLS for ECDSA. This can be useful if Mbed TLS is brought in for another reason.

  • Add simulator support for testing direct-XIP and ramload.

  • Support Mbed TLS 3.0. Updates the submodule for Mbed TLS to 3.0.

  • Enable direct-xip mode in Mbed-OS port.

  • extract bootutil_public library, a common interface for MCUboot and the application.

  • Allow to boot primary image if secondary one is unreachable.

  • Add AES256 image encryption support.

  • Add Multiimage boot for direct-xip and ram-load mode.

  • Cargo files moved to top level, now cargo test can be run from the top level directory.

  • Fault injection tests use updated TF-M.

  • Thingy:53 now supports multi-image DFU.

  • ram load and image encryption can be used together, allowing the entire contents of flash to always remain encrypted.

Security fixes

  • GHSA-gcxh-546h-phg4 has been published. There is not a fix at this time, but a caution to be sure to follow the instructions carefully, and make sure that the development keys in the repo are never used in a production system.

Version 1.7.0

The 1.7.0 release of MCUboot adds support for the Mbed-OS platform, Equal slots (direct-xip) upgrade mode, RAM loading upgrade mode, hardening against hardware level fault injection and timing attacks and single image mode. There are bug fixes, and associated imgtool updates as well.

About this release

  • Initial support for the Mbed-OS platform.

  • Added possibility to enter deep sleep mode after MCUboot app execution for cypress platform.

  • Added hardening against hardware level fault injection and timing attacks.

  • Introduced Abstract crypto primitives to simplify porting.

  • Added RAM-load upgrade mode.

  • Renamed single-image mode to single-slot mode.

  • Allow larger primary slot in swap-move

  • Fixed boostrapping in swap-move mode.

  • Fixed issue causing that interrupted swap-move operation might brick device if the primary image was padded.

  • Abstracting MCUboot crypto functions for cleaner porting

  • Droped flash_area_read_is_empty() porting API.

  • boot/zephyr: Added watchdog feed on nRF devices. See CONFIG_BOOT_WATCHDOG_FEED option.

  • boot/zephyr: Added patch for turning off cache for Cortex M7 before chain-loading.

  • boot/zephyr: added option to relocate interrupts to application

  • boot/zephyr: clean ARM core configuration only when selected by user

  • boot/boot_serial: allow nonaligned last image data chunk

  • imgtool: added custom TLV support.

  • imgtool: added possibility to set confirm flag for hex files as well.

  • imgtool: Print image digest during verify.

Zephyr-RTOS compatibility

This release of MCUboot works with the Zephyr “main” at the time of the release. It was tested as of has 7a3b253ce. This version of MCUboot also works with the Zephyr v2.4.0, however it is recommended to enable CONFIG_MCUBOOT_CLEANUP_ARM_CORE while using that version.

Version 1.6.0

The 1.6.0 release of MCUboot adds support for the PSOC6 platform, X25519 encrypted images, rollback protection, hardware keys, and a shared boot record to communicate boot attestation information to later boot stages. There are bug fixes, and associated imgtool updates as well.

About this release

  • Initial support for the Cypress PSOC6 plaformt. This platform builds using the Cypress SDK, which has been added as submodules.

  • CBOR decoding in serial recovery replaced by code generated from a CDDL description.

  • Add support for X25519 encrypted images.

  • Add rollback protection. There is support for a HW rollback counter (which must be provided as part of the platform), as well as a SW solution that protects against some types of rollback.

  • Add an optional boot record in shared memory to communicate boot attributes to later-run code.

  • Add support for hardware keys.

  • Various fixes to work with the latest Zephyr version.

Security issues addressed

  • CVE-2020-7595 “xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.” Fix by updating a dependency in documentation generation.

Zephyr-RTOS compatibility

This release of MCUboot works the Zephyr “main” at the time of the release. It was tested as of has 1a89ca1238. When Zephyr v2.3.0 is released, there will be a possible 1.6.1 or similar release of Zephyr if needed to address any issues. There also may be branch releases of MCUboot specifically for the current version of Zephyr, e.g. v1.6.0-zephyr-2.2.1.

Version 1.5.0

The 1.5.0 release of MCUboot adds support for encrypted images using ECIES with secp256r1 as an Elliptic Curve alternative to RSA-OAEP. A new swap method was added which allows for upgrades without using a scratch partition. There are also lots of bug fixes, extra simulator testing coverage and some imgtool updates.

About this release

  • TLVs were updated to use 16-bit lengths (from previous 8). This should work with no changes for little-endian targets, but will break compatibility with big-endian targets.

  • A benchmark framework was added to Zephyr

  • ed25519 signature validation can now build without using Mbed TLS by relying on a bundled tinycrypt based sha-512 implementation.

  • imgtool was updated to correctly detect trailer overruns by image.

  • Encrypted image TLVs can be saved in swap metadata during a swap upgrade instead of the plain AES key.

  • imgtool can dump private keys in C format (getpriv command), which can be added as decryption keys. Optionally can remove superfluous fields from the ASN1 by passing it --minimal.

  • Lots of other smaller bugs fixes.

  • Added downgrade prevention feature (available when the overwrite-based image update strategy is used)

Known issues

  • TLV size change breaks compatibility with big-endian targets.

Version 1.4.0

The 1.4.0 release of MCUboot primarily adds support for multi-image booting. With this release, MCUboot can manage two images that can be updated independently. With this, it also supports additions to the TLV that allow these dependencies to be specified.

Multi-image support adds backward-incompatible changes to the format of the images: specifically adding support for protected TLV entries. If multiple images and dependencies are not used, the images will be compatible with previous releases of MCUboot.

About this release

  • Fixed CVE-2019-5477, and CVE-2019-16892. These fix issue with dependencies used in the generation of the documentation on github.

  • Numerous code cleanups and refactorings

  • Documentation updates for multi-image features

  • Update imgtool.py to support the new features

  • Updated the Mbed TLS submodule to current stable version 2.16.3

  • Moved the Mbed TLS submodule from within sim/mcuboot-sys to ext. This will make it easier for other board supports to use this code.

  • Added some additional overflow and bound checks to data in the image header, and TLV data.

  • Add a -x (or --hex_addr) flag to imgtool to set the base address written to a hex-format image. This allows the image to be flashed at an offset, without having to use additional tools to modify the image.

Version 1.3.1

The 1.3.1 release of MCUboot consists mostly of small bug fixes and updates. There are no breaking changes in functionality. This release should work with Mynewt 1.6.0 and up, and any Zephyr main after sha f51e3c296040f73bca0e8fe1051d5ee63ce18e0d.

About this release

  • Fixed a revert interruption bug

  • Added ed25519 signing support

  • Added RSA-3072 signing support

  • Allow ec256 to run on CC310 interface

  • Some preparation work was done to allow for multi image support, which should land in 1.4.0. This includes a simulator update for testing multi-images, and a new name for slot0/slot1 which are now called “primary slot” and “secondary slot”.

  • Other minor bugfixes and improvements

Version 1.3.0

The 1.3.0 release of MCUboot brings in many fixes and updates. There are no breaking changes in functionality. Many of the changes are refactorings that will make the code easier to maintain going forward. In addition, support has been added for encrypted images. See the docs for more information.

About this release

  • Modernize the Zephyr build scripts.

  • Add a ptest utility to help run the simulator in different configurations.

  • Migrate the simulator to Rust 2018 edition. The sim now requires at least Rust 1.32 to build.

  • Simulator cleanups. The simulator code is now built the same way for every configuration, and queries the MCUboot code for how it was compiled.

  • Abstract logging in MCUboot. This was needed to support the new logging system used in Zephyr.

  • Add multiple flash support. Allows slot1/scratch to be stored in an external flash device.

  • Add support for encrypted images.

  • Add support for flash devices that read as ‘0’ when erased.

  • Add support to Zephyr for the nrf52840_pca10059. This board supports serial recovery over USB with CDC ACM.

  • imgtool is now also available as a python package on pypi.org.

  • Add an option to erase flash pages progressively during recovery to avoid possible timeouts (required especially by serial recovery using USB with CDC ACM).

  • imgtool: big-endian support

  • imgtool: saves in intel-hex format when output filename has .hex extension; otherwise saves in binary format.

Version 1.2.0

The 1.2.0 release of MCUboot brings a lot of fixes/updates, where much of the changes were on the boot serial functionality and imgtool utility. There are no breaking changes in MCUboot functionality, but some of the CLI parameters in imgtool were changed (either removed or added or updated).

About this release

  • imgtool accepts .hex formatted input

  • Logging system is now configurable

  • Most Zephyr configuration has been switched to Kconfig

  • Build system accepts .pem files in build system to autogenerate required key arrays used internally

  • Zephyr build switched to using built-in flash_map and TinyCBOR modules

  • Serial boot has substantially decreased in space usage after refactorings

  • Serial boot build doesn’t require newlib-c anymore on Zephyr

  • imgtool updates:

    • “create” subcommand can be used as an alias for “sign”

    • To allow imgtool to always perform the check that firmware does not overflow the status area, --slot-size was added and --pad was updated to act as a flag parameter.

    • --overwrite-only can be passed if not using swap upgrades

    • --max-sectors can be used to adjust the maximum amount of sectors that a swap can handle; this value must also be configured for the bootloader

    • --pad-header substitutes --included-header with reverted semantics, so it’s not required for firmware built by Zephyr build system

Known issues

None

Version 1.1.0

The 1.1.0 release of MCUboot brings a lot of fixes/updates to its inner workings, specially to its testing infrastructure which now enables a more thorough quality assurance of many of the available options. As expected of the 1.x.x release cycle, no breaking changes were made. From the tooling perpective the main addition is newt/imgtool support for password protected keys.

About this release

  • serial recovery functionality support under Zephyr

  • simulator: lots of refactors were applied, which result in the simulator now leveraging the Rust testing infrastructure; testing of ecdsa (secp256r1) was added

  • imgtool: removed PKCS1.5 support, added support for password protected keys

  • tinycrypt 0.2.8 and the Mbed TLS ASN1 parser are now bundled with MCUboot (eg secp256r1 is now free of external dependencies!)

  • Overwrite-only mode was updated to erase/copy only sectors that actually store firmware

  • A lot of small code and documentation fixes and updates.

Known issues

None

Version 1.0.0

The 1.0.0 release of MCUboot introduces a format change. It is important to either use the imgtool.py also from this release, or pass the -2 to recent versions of the newt tool in order to generate image headers with the new format. There should be no incompatible format changes throughout the 1.x.y release series.

About this release

  • Header format change. This change was made to move all of the information about signatures out of the header and into the TLV block appended to the image. This allows

    • The signature to be replaced without changing the image.

    • Multiple signatures to be applied. This can be used, for example, to sign an image with two algorithms, to support different bootloader configurations based on these image.

    • The public key is referred to by its SHA1 hash (or a prefix of the hash), instead of an index that has to be maintained with the bootloader.

    • Allow new types of signatures in the future.

  • Support for PKCS#1 v1.5 signatures has been dropped. All RSA signatures should be made with PSS. The tools have been changed to reflect this.

  • The source for Tinycrypt has been placed in the MCUboot tree. A recent version of Tinycrypt introduced breaking API changes. To allow MCUboot to work across various platforms, we stop using the Tinycrypt bundled with the OS platform, and use our own version. A future release of MCUboot will update the Tinycrypt version.

  • Support for some new targets:

    • Nordic nRF51 and nRF52832 dev kits

    • Hexiwear K64

  • Clearer sample applications have been added under samples.

  • Test plans for zephyr, and mynewt.

  • The simulator is now able to test RSA signatures.

  • There is an unimplemented load_addr header for future support for RAM loading in the bootloader.

  • Numerous documentation.

Known issues

None

Version 0.9.0

This is the first release of MCUboot, a secure bootloader for 32-bit MCUs. It is designed to be operating system-agnostic and works over any transport - wired or wireless. It is also hardware independent, and relies on hardware porting layers from the operating system it works with. For the first release, we have support for three open source operating systems: Apache Mynewt, Zephyr and RIOT.

About this release

  • This release supports building with and running Apache Mynewt and Zephyr targets.

  • RIOT is supported as a running target.

  • Image integrity is provided with SHA256.

  • Image originator authenticity is provided supporting the following signature algorithms:

    • RSA 2048 and RSA PKCS#1 v1.5 or v2.1

    • Elliptic curve DSA with secp224r1 and secp256r1

  • Two firmware upgrade algorithms are provided:

    • An overwrite only which upgrades slot 0 with the image in slot 1.

    • A swapping upgrade which enables image test, allowing for rollback to a previous known good image.

  • Supports both Mbed TLS and tinycrypt as backend crypto libraries. One of them must be defined and the chosen signing algorithm will require a particular library according to this list:

    • RSA 2048 needs Mbed TLS

    • ECDSA secp224r1 needs Mbed TLS

    • ECDSA secp256r1 needs tinycrypt as well as the ASN.1 code from Mbed TLS (so still needs that present).

Known issues

  • The image header and TLV formats are planned to change with release 1.0: https://runtimeco.atlassian.net/browse/MCUB-66