MCUboot Release Notes
- MCUboot Release Notes
The 1.2.0 release of MCUboot brings a lot of fixes/updates, where much of the changes were on the boot serial functionality and imgtool utility. There are no breaking changes in MCUBoot functionality, but some of the CLI parameters in imgtool were changed (either removed or added or updated).
About this release
- imgtool accepts .hex formatted input
- Logging system is now configurable
- Most Zephyr configuration has been switched to Kconfig
- Build system accepts .pem files in build system to autogenerate required key arrays used internally
- Zephyr build switched to using built-in flash_map and TinyCBOR modules
- Serial boot has substantially decreased in space usage after refactorings
- Serial boot build doesn’t require newlib-c anymore on Zephyr
- imgtool updates:
- “create” subcommand can be used as an alias for “sign”
- To allow imgtool to always perform the check that firmware does not
overflow the status area,
--slot-sizewas added and
--padwas updated to act as a flag parameter.
--overwrite-onlycan be passed if not using swap upgrades
--max-sectorscan be used to adjust the maximum amount of sectors that a swap can handle; this value must also be configured for the bootloader
--included-headerwith reverted semantics, so it’s not required for firmware built by Zephyr build system
The 1.1.0 release of MCUboot brings a lot of fixes/updates to its inner workings, specially to its testing infrastructure which now enables a more thorough quality assurance of many of the available options. As expected of the 1.x.x release cycle, no breaking changes were made. From the tooling perpective the main addition is newt/imgtool support for password protected keys.
About this release
- serial recovery functionality support under Zephyr
- simulator: lots of refactors were applied, which result in the simulator now leveraging the Rust testing infrastructure; testing of ecdsa (secp256r1) was added
- imgtool: removed PKCS1.5 support, added support for password protected keys
- tinycrypt 0.2.8 and the mbed-tls ASN1 parser are now bundled with mcuboot (eg secp256r1 is now free of external dependencies!)
- Overwrite-only mode was updated to erase/copy only sectors that actually store firmware
- A lot of small code and documentation fixes and updates.
The 1.0.0 release of MCUboot introduces a format change. It is
important to either use the
imgtool.py also from this release, or
-2 to recent versions of the
newt tool in order to
generate image headers with the new format. There should be no
incompatible format changes throughout the 1.x.y release series.
About this release
- Header format change. This change was made to move all of the
information about signatures out of the header and into the TLV
block appended to the image. This allows
- The signature to be replaced without changing the image.
- Multiple signatures to be applied. This can be used, for example, to sign an image with two algorithms, to support different bootloader configurations based on these image.
- The public key is referred to by its SHA1 hash (or a prefix of the hash), instead of an index that has to be maintained with the bootloader.
- Allow new types of signatures in the future.
- Support for PKCS#1 v1.5 signatures has been dropped. All RSA signatures should be made with PSS. The tools have been changed to reflect this.
- The source for Tinycrypt has been placed in the MCUboot tree. A recent version of Tinycrypt introduced breaking API changes. To allow MCUboot to work across various platforms, we stop using the Tinycrypt bundled with the OS platform, and use our own version. A future release of MCUboot will update the Tinycrypt version.
- Support for some new targets:
- Nordic nRF51 and nRF52832 dev kits
- Hexiwear K64
- Clearer sample applications have been added under
- Test plans for zephyr, and mynewt.
- The simulator is now able to test RSA signatures.
- There is an unimplemented
load_addrheader for future support for RAM loading in the bootloader.
- Numerous documentation.
This is the first release of MCUboot, a secure bootloader for 32-bit MCUs. It is designed to be operating system-agnostic and works over any transport - wired or wireless. It is also hardware independent, and relies on hardware porting layers from the operating system it works with. For the first release, we have support for three open source operating systems: Apache Mynewt, Zephyr and RIOT.
About this release
- This release supports building with and running Apache Mynewt and Zephyr targets.
- RIOT is supported as a running target.
- Image integrity is provided with SHA256.
- Image originator authenticity is provided supporting the following
- RSA 2048 and RSA PKCS#1 v1.5 or v2.1
- Elliptic curve DSA with secp224r1 and secp256r1
- Two firmware upgrade algorithms are provided:
- An overwrite only which upgrades slot 0 with the image in slot 1.
- A swapping upgrade which enables image test, allowing for rollback to a previous known good image.
- Supports both mbed-TLS and tinycrypt as backend crypto libraries. One of them
must be defined and the chosen signing algorithm will require a particular
library according to this list:
- RSA 2048 needs mbed TLS
- ECDSA secp224r1 needs mbed TLS
- ECDSA secp256r1 needs tinycrypt as well as the ASN.1 code from mbed TLS (so still needs that present).
- The image header and TLV formats are planned to change with release 1.0: https://runtimeco.atlassian.net/browse/MCUB-66