mcuboot icon indicating copy to clipboard operation
mcuboot copied to clipboard

Published 20 hours ago verified publisher icon mcu-tools

boot_copy_region uses boot_encrypt before boot_enc_init if a swap is continued

Open Olstyle opened this issue 10 months ago • 5 comments

swap_run will reach down to boot_copy_region which always calls boot_encrypt for encrypted images, but the AES context is only initialized via boot_enc_load if a swap was NOT ongoing. This effectively breaks swap continuation for encoded images if the used crypto library relies on initialization. Which is the case for mbedtls_aes_init and will pretty much always be the case for HW based implementations.

The following screenshots show my HW implementation failing, but according to my review, mbedtls will fail at the same point!

Image Image

Olstyle avatar Jan 21 '25 14:01 Olstyle

What about loop doing the boot_enc_init here https://github.com/mcu-tools/mcuboot/blob/06747985eee7c27d891f2529c58e18f4a84ea6a3/boot/bootutil/src/loader.c#L1625-L1635

de-nordic avatar Jan 21 '25 15:01 de-nordic

What about loop doing the boot_enc_init here

mcuboot/boot/bootutil/src/loader.c

Lines 1625 to 1635 in 0674798

     if (bs->enckey[slot][i] != 0xff) { 
         break; 
     } 
 } 

 boot_enc_init(BOOT_CURR_ENC(state), slot); 

 if (i != BOOT_ENC_KEY_SIZE) { 
     boot_enc_set_key(BOOT_CURR_ENC(state), slot, bs); 
 }

}

Your are right, this seems to be the fixed in main, but only recently https://github.com/mcu-tools/mcuboot/commit/7e3a1cecd73d30ee1e63e111344f03dd7a1b27ec I am working on the latest release 2.1.0, which still had that issue. So actually you already fixed it but didn't make a bugfix release out of it.

Olstyle avatar Jan 21 '25 15:01 Olstyle

Your are right, this seems to be the fixed in main, but only recently 7e3a1ce I am working on the latest release 2.1.0, which still had that issue. So actually you already fixed it but didn't make a bugfix release out of it.

True. My bad.

de-nordic avatar Jan 23 '25 08:01 de-nordic

Can we close the issue?

de-nordic avatar Jan 23 '25 16:01 de-nordic

Swap continuation with the favored crypto library (since tinycrypt is discontinued) is broken in the release version. To me this sounds like a patch release would be reasonable. At least that's what I would do in my project. From the pure POV of main this issue it can be considered solved.

Olstyle avatar Jan 23 '25 16:01 Olstyle

This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time.

github-actions[bot] avatar Jul 23 '25 02:07 github-actions[bot]