From 6cfb1efbcad084373430002a64f054cb58f95823 Mon Sep 17 00:00:00 2001 From: Michal Kozikowski Date: Wed, 6 Aug 2025 15:12:20 +0200 Subject: [PATCH 1/2] [nrf fromlist] bootutil: Fix PureEdDSA when flash base is not 0x0 This commit introduces fix for PureEdDSA signature verification when the flash base address is not 0x0. The issue was that the flash base address was not taken into account when passing the image address to the signature verification function. Upstream PR #: 2414 Signed-off-by: Michal Kozikowski --- boot/bootutil/src/image_validate.c | 10 +++++++++- docs/release-notes.d/fix-pure-eddsa-base-address.md | 2 ++ 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 docs/release-notes.d/fix-pure-eddsa-base-address.md diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index 522e5da2d..98f842b8c 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -544,6 +544,9 @@ bootutil_img_validate(struct boot_loader_state *state, #endif int rc = 0; FIH_DECLARE(fih_rc, FIH_FAILURE); +#if defined(MCUBOOT_SIGN_PURE) + uintptr_t base = 0; +#endif #ifdef MCUBOOT_HW_ROLLBACK_PROT fih_int security_cnt = fih_int_encode(INT_MAX); uint32_t img_security_cnt = 0; @@ -788,11 +791,16 @@ bootutil_img_validate(struct boot_loader_state *state, FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash), buf, len, key_id); #else + rc = flash_device_base(flash_area_get_device_id(fap), &base); + if (rc != 0) { + goto out; + } + /* Directly check signature on the image, by using the mapping of * a device to memory. The pointer is beginning of image in flash, * so offset of area, the range is header + image + protected tlvs. */ - FIH_CALL(bootutil_verify_img, valid_signature, (void *)flash_area_get_off(fap), + FIH_CALL(bootutil_verify_img, valid_signature, (void *)(base + flash_area_get_off(fap)), hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size, buf, len, key_id); #endif diff --git a/docs/release-notes.d/fix-pure-eddsa-base-address.md b/docs/release-notes.d/fix-pure-eddsa-base-address.md new file mode 100644 index 000000000..4fe226792 --- /dev/null +++ b/docs/release-notes.d/fix-pure-eddsa-base-address.md @@ -0,0 +1,2 @@ + - Fixed issue in image_validate when `BOOT_SIGNATURE_TYPE_PURE` is enabled + for platforms with NVM memory that does not start at 0x00. From 4c1bdf0c83f0015b7c7040c1a86dd764c96c7962 Mon Sep 17 00:00:00 2001 From: Michal Kozikowski Date: Thu, 7 Aug 2025 15:31:02 +0200 Subject: [PATCH 2/2] [nrf fromlist] zephyr: Fix FLASH_DEVICE_ID for nRF54H20 platform FLASH_DEVICE_ID was incorrectly set to spi related flash id instead of SoC related. Upstream PR #: 2414 Signed-off-by: Michal Kozikowski --- boot/zephyr/flash_map_extended.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boot/zephyr/flash_map_extended.c b/boot/zephyr/flash_map_extended.c index 3b95b1fd7..ac9ceba0b 100644 --- a/boot/zephyr/flash_map_extended.c +++ b/boot/zephyr/flash_map_extended.c @@ -38,7 +38,7 @@ BOOT_LOG_MODULE_DECLARE(mcuboot); #elif (defined(CONFIG_SOC_SERIES_NRF54HX) && DT_HAS_CHOSEN(zephyr_flash)) -#define FLASH_DEVICE_ID SPI_FLASH_0_ID +#define FLASH_DEVICE_ID SOC_FLASH_0_ID #define FLASH_DEVICE_BASE CONFIG_FLASH_BASE_ADDRESS #define FLASH_DEVICE_NODE DT_CHOSEN(zephyr_flash)