FIH Profile HIGH crashes due to missing fih_delay_init() call in Zephyr main.c

[aakkds]

Bug Description

MCUboot with CONFIG_BOOT_FIH_PROFILE_HIGH=y crashes with Usage Fault (pc: 0x0) due to uninitialized mbedTLS entropy contexts.

Root Cause

The fih_delay_init() function is defined in fault_injection_hardening_delay_rng_mbedtls.c but never
called from boot/zephyr/main.c, leaving mbedTLS contexts uninitialized when FIH Profile HIGH tries to
generate random delays (in mbedtls_ctr_drbg_reseed_internal()).

Reproduction

1. Enable CONFIG_BOOT_FIH_PROFILE_HIGH=y, I used this addition in my prj.conf:

diff --git a/boot/zephyr/prj.conf b/boot/zephyr/prj.conf
index aeed83a1..f84df462 100644
--- a/boot/zephyr/prj.conf
+++ b/boot/zephyr/prj.conf
@@ -15,13 +15,13 @@ CONFIG_FLASH=y
 
 ### Various Zephyr boards enable features that we don't want.
 # CONFIG_BT is not set
-# CONFIG_BT_CTLR is not set
+#CONFIG_BT_CTLR is not set <--- I just saw there was a PR merged recently to get rid of this
 # CONFIG_I2C is not set
 
 CONFIG_LOG=y
 CONFIG_LOG_MODE_MINIMAL=y
 ### Ensure Zephyr logging changes don't use more resources
-CONFIG_LOG_DEFAULT_LEVEL=0
+CONFIG_LOG_DEFAULT_LEVEL=3
 ### Use info log level by default
 CONFIG_MCUBOOT_LOG_LEVEL_INF=y
 ### Decrease footprint by ~4 KB in comparison to CBPRINTF_COMPLETE=y
@@ -30,3 +30,17 @@ CONFIG_CBPRINTF_NANO=y
 CONFIG_PICOLIBC=y
 ### Disable malloc arena because we don't need it
 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=0
+
+# Enable fault injection hardening with hardware RNG
+CONFIG_BOOT_FIH_PROFILE_HIGH=y
+
+# Enable hardware entropy/RNG
+CONFIG_ENTROPY_GENERATOR=y
+CONFIG_ENTROPY_STM32_RNG=y
+
+# Enable mbedTLS entropy support
+CONFIG_MBEDTLS=y
+CONFIG_MBEDTLS_BUILTIN=y
+CONFIG_MBEDTLS_ENTROPY_C=y
+CONFIG_MBEDTLS_CTR_DRBG_ENABLED=y
+CONFIG_MBEDTLS_CIPHER_AES_ENABLED=y

2. Configure hardware RNG (tested on a nucleo_l432kc), with the following dts overlay:

/ {
	chosen {
		zephyr,code-partition = &boot_partition;
	};
};

&flash0 {
	partitions {
		compatible = "fixed-partitions";
		#address-cells = <1>;
		#size-cells = <1>;

		/* MCUboot bootloader - 64KB */
		boot_partition: partition@0 {
			label = "mcuboot";
			reg = <0x00000000 0x10000>;
		};

		/* Primary slot - 96KB */
		slot0_partition: partition@10000 {
			label = "image-0";
			reg = <0x00010000 0x18000>;
		};

		/* Secondary slot - 96KB */
		slot1_partition: partition@28000 {
			label = "image-1";
			reg = <0x00028000 0x18000>;
		};
	};
};

&clk_hsi48 {
	status = "okay";
};

&rng {
	status = "okay";
};

3. Build and flash - results in Usage Fault at boot:
   west build -p always -b nucleo_l432kc -- -DDTC_OVERLAY_FILE="nucleo_l432kc_mcuboot.overlay" && west flash --runner=openocd

[2025-08-16 19:58:09.528] *** Booting MCUboot v2.2.0-100-g4e108f702b53 ***
[2025-08-16 19:58:09.532] *** Using Zephyr OS build v4.2.0-1758-g6639d78355f3 ***
[2025-08-16 19:58:09.537] I: Starting bootloader
[2025-08-16 19:58:38.291] *** Booting MCUboot v2.2.0-100-g4e108f702b53 ***
[2025-08-16 19:58:38.296] *** Using Zephyr OS build v4.2.0-1758-g6639d78355f3 ***
[2025-08-16 19:58:38.301] I: Starting bootloader
[2025-08-16 19:58:38.303] E: ***** USAGE FAULT *****
[2025-08-16 19:58:38.306] E:   Illegal use of the EPSR
[2025-08-16 19:58:38.308] E: r0/a1:  0x0  r1/a2:  0x200077e0  r2/a3:  0x0
[2025-08-16 19:58:38.313] E: r3/a4:  0x0 r12/ip:  0x20001930 r14/lr:  0x8008dab
[2025-08-16 19:58:38.317] E:  xpsr:  0x60000000
[2025-08-16 19:58:38.319] E: Faulting instruction address (r15/pc): 0x0
[2025-08-16 19:58:38.323] E: >>> ZEPHYR FATAL ERROR 35: Unknown error on CPU 0
[2025-08-16 19:58:38.328] E: Current thread: 0x200001a8 (unknown)
[2025-08-16 19:58:38.332] E: Halting system

Investigation & Proposed Fix

breaking in mbedtls_ctr_drbg_reseed() & stepping, we see that ctx->f_entropy() is NULL in zephyrproject/modules/crypto/mbedtls/library/ctr_drbg.c:469:

ctx->f_entropy() is set from mbedtls_ctr_drbg_seed() (line 552).
mbedtls_ctr_drbg_seed() is called from fih_delay_init() in zephyrproject/bootloader/mcuboot/boot/bootutil/src/fault_injection_hardening_delay_rng_mbedtls.c, but fih_delay_init() is never called.

The proposed fix is therefore:

diff --git a/boot/zephyr/main.c b/boot/zephyr/main.c
index 3e85e704..c5e94253 100644
--- a/boot/zephyr/main.c
+++ b/boot/zephyr/main.c
@@ -45,6 +45,7 @@
 #include "bootutil/bootutil.h"
 #include "bootutil/boot_hooks.h"
 #include "bootutil/fault_injection_hardening.h"
+#include "bootutil/fault_injection_hardening_delay_rng.h"
 #include "bootutil/mcuboot_status.h"
 #include "flash_map_backend/flash_map_backend.h"

@@ -513,6 +514,10 @@ int main(void)
     io_led_init();
 #endif

+#ifdef CONFIG_BOOT_FIH_PROFILE_HIGH
+    fih_delay_init();
+#endif
+
     os_heap_init();

     ZEPHYR_BOOT_LOG_START();

Validation

With the proposed fix, and flashing an app (example with a dummy "samples/basic/blinky" signed for mcuboot)

[2025-08-16 19:46:08.860] *** Booting MCUboot v2.2.0-100-g4e108f702b53 ***
[2025-08-16 19:46:08.865] *** Using Zephyr OS build v4.2.0-1758-g6639d78355f3 ***
[2025-08-16 19:46:08.870] I: Starting bootloader
[2025-08-16 19:46:08.872] E: CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE is 0
[2025-08-16 19:46:08.878] I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[2025-08-16 19:46:08.884] I: Secondary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
[2025-08-16 19:46:08.891] I: Boot source: none
[2025-08-16 19:46:08.893] I: Image index: 0, Swap type: none
[2025-08-16 19:46:09.004] I: Bootloader chainload address offset: 0x10000
[2025-08-16 19:46:09.008] I: Image version: v0.0.0
*** Booting Zephyr OS build v4.2.0-1758-g6639d78355f3 ***lot
[2025-08-16 19:46:09.018] LED state: OFF
[2025-08-16 19:46:10.019] LED state: ON
[2025-08-16 19:46:11.019] LED state: OFF

Let me know if you think it makes sense and if a pull request is welcomed for this or if I missed something.
Cheers!