bootutil: Add compressed image flags and TLV

Adds some flags to indicate if the data of an image is compressed (lzma1 and lzma2) and adds new TLVs for compressed images relating to the hash, signature and size of the decompressed image data, this allows the image to be validated before decompressing, then validated after decompression to ensure an image is always valid for a device Signed-off-by: Jamie McCrae <[email protected]>
mcu-tools · Aug 15, 2024 · e4b558b · e4b558b
1 parent ef598b1
commit e4b558b
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
@@ -71,6 +71,13 @@ struct flash_area;
  */
 #define IMAGE_F_ROM_FIXED                0x00000100
 
+/*
+ * Flags that indicate if the image data is compressed
+ */
+#define IMAGE_F_COMPRESSED_LZMA1         0x00000200
+#define IMAGE_F_COMPRESSED_LZMA2         0x00000400
+#define IMAGE_F_COMPRESSED_ARM_THUMB_FLT 0x00000800
+
 /*
  * ECSDA224 is with NIST P-224
  * ECSDA256 is with NIST P-256
@@ -101,6 +108,18 @@ struct flash_area;
 #define IMAGE_TLV_DEPENDENCY        0x40   /* Image depends on other image */
 #define IMAGE_TLV_SEC_CNT           0x50   /* security counter */
 #define IMAGE_TLV_BOOT_RECORD       0x60   /* measured boot record */
+/* The following flags relate to compressed images and are for the decompressed image data */
+#define IMAGE_TLV_COMP_SIZE         0x70   /* Decompressed image size */
+#define IMAGE_TLV_COMP_SHA          0x71   /*
+                                            * Decompressed image shaX hash, this field must match
+                                            * the format and size of the raw slot (compressed)
+                                            * shaX hash
+                                            */
+#define IMAGE_TLV_COMP_SIGNATURE    0x72   /*
+                                            * Decompressed image signature, this field must match
+                                            * the format and size of the raw slot (compressed)
+                                            * signature
+                                            */
 					   /*
 					    * vendor reserved TLVs at xxA0-xxFF,
 					    * where xx denotes the upper byte
@@ -160,6 +179,12 @@ struct image_tlv {
 #define MUST_DECRYPT(fap, idx, hdr) \
     (flash_area_get_id(fap) == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_ENCRYPTED(hdr))
 
+#define COMPRESSIONFLAGS (IMAGE_F_COMPRESSED_LZMA1 | IMAGE_F_COMPRESSED_LZMA2 \
+                          | IMAGE_F_COMPRESSED_ARM_THUMB_FLT)
+#define IS_COMPRESSED(hdr) ((hdr)->ih_flags & COMPRESSIONFLAGS)
+#define MUST_DECOMPRESS(fap, idx, hdr) \
+    (flash_area_get_id(fap) == FLASH_AREA_IMAGE_SECONDARY(idx) && IS_COMPRESSED(hdr))
+
 _Static_assert(sizeof(struct image_header) == IMAGE_HEADER_SIZE,
                "struct image_header not required size");