Skip to content

Import latest python scripts and MCUBoot image #12231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 25, 2020
Merged

Import latest python scripts and MCUBoot image #12231

merged 2 commits into from
Jan 25, 2020

Conversation

urutva
Copy link
Contributor

@urutva urutva commented Jan 9, 2020
edited
Loading

Summary of changes

To help with the integration of Musca B1 into Mbed OS, python
signing scripts and MCUBoot image and RSA private key for Musca A
has been updated from latest TF-M
(https://git.trustedfirmware.org/trusted-firmware-m.git/commit/?id=6c5be4a98e4d7055ee49076ca4e515fb4b172e66).

Signed-off-by: Devaraj Ranganna [email protected]

Impact of changes

Migration actions required

Documentation

Pull request type 

[x] Patch update (Bug fix / Target update / Docs update / Test update / Refactor)
[] Feature update (New feature / Functionality change / New API)
[] Major update (Breaking change E.g. Return code change / API behaviour change)

Test results 

[] No Tests required for this change (E.g docs only update)
[x] Covered by existing mbed-os tests (Greentea or Unittest)
[] Tests / results supplied as part of this PR

Reviewers

@Patater @jainvikas8

@ciarmcom ciarmcom requested review from ashok-rao, jainvikas8, Patater and a team January 9, 2020 18:00
@ciarmcom
Copy link
Member

ciarmcom commented Jan 9, 2020

@Devran01, thank you for your changes.
@Patater @ashok-rao @jainvikas8 @ARMmbed/mbed-os-maintainers @ARMmbed/mbed-os-tools please review.

0xc0170
0xc0170 previously requested changes Jan 17, 2020
View reviewed changes
Copy link
Contributor

@0xc0170 0xc0170 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also rebase to resolve a conflict

targets/targets.json Outdated
@@ -5757,7 +5757,7 @@
"inherits": ["Target"],
"default_toolchain": "ARMC6",
"extra_labels": ["ARM_SSG", "MUSCA_A1"],
"forced_reset_timeout": 7,
"forced_reset_timeout": 13,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should be a separate commit, or even a pull request?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@0xc0170 This workaround was done to fix the bug in TF-M bootloader. But it is already fixed in the version of TF-M bootloader imported into Mbed OS. Therefore we don't need this workaround anymore.

@mergify
Copy link

mergify bot commented Jan 20, 2020

This PR cannot be merged due to conflicts. Please rebase to resolve them.

@urutva
Import latest python scripts and MCUBoot image
bc7331b 
To help with the integration of Musca B1 into Mbed OS, python
signing scripts and MCUBoot image and RSA private key for Musca A
has been updated from latest TF-M
(https://git.trustedfirmware.org/trusted-firmware-m.git/commit/?id=6c5be4a98e4d7055ee49076ca4e515fb4b172e66).

Signed-off-by: Devaraj Ranganna <[email protected]>
@urutva
Copy link
Contributor Author

urutva commented Jan 21, 2020

@0xc0170 The minimum version of cryptography python module is changed from 2.4.x to 2.5 to fix a bug. I already had a discussion with @romanjoe about this and he is ok with bumping up the minimum version.

@mergify mergify bot dismissed 0xc0170’s stale review January 21, 2020 11:14

Pull request has been modified.

mark-edgeworth
mark-edgeworth reviewed Jan 22, 2020
View reviewed changes
Copy link
Contributor

@mark-edgeworth mark-edgeworth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments in line.

requirements.txt Outdated
@@ -26,5 +26,5 @@ cmsis-pack-manager>=0.2.3,<0.3.0
pywin32==224;platform_system=='Windows'
wmi==1.4.9;platform_system=='Windows'
psutil==5.6.2
cryptography>=2.4.x,<2.5
cryptography>=2.5,<=2.8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why the upper bound is limited to 2.8? Can we not use '<3'

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

tools/psa/tfm/bin_utils/imgtool_lib/keys.py
RSA_KEY_SIZES = [2048, 3072]

# Public exponent
PUBLIC_EXPONENT = 65537
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Query: should this be 65536?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mark-edgeworth The recommended value for RSA public exponent is 65537.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok, just checking

@urutva
Bump cryptography python module version
6d6d1e6 
The requirements.txt mandates 2.4.x version of cryptography python
module which has an issue as it checks if the payload is an instance
of bytes which is actually a bytearray. This issue is fixed in 2.5
version, hence bump up minimum version to 2.5.

Signed-off-by: Devaraj Ranganna <[email protected]>
@mergify mergify bot added needs: CI and removed needs: work labels Jan 23, 2020
@Patater
Copy link
Contributor

Patater commented Jan 23, 2020

If we modified any files that are imported from TF-M, are there patches raised to TF-M to make the modifications we want (for example, adding SPDX identifiers)?

@adbridge
Copy link
Contributor

@Devran01 can you answer @Patater question ?

@urutva
Copy link
Contributor Author

urutva commented Jan 23, 2020

@Patater @adbridge This commit has more changes to imported files than just SPDX identifier addition. The reason for that is MUSCA A target support in Mbed OS hans't been updated in a while. OSS team is planning to update MUSCA A target support in Mbed OS. When that happens we can import signing scripts from TF-M without any modification. I'll create a patchset to add SPDX license identifier so that next TF-M import need not have any modifications.

@adbridge
Copy link
Contributor

CI started

@mbed-ci
Copy link

mbed-ci commented Jan 24, 2020

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 1
Build artifacts

@adbridge adbridge merged commit f45a5a7 into ARMmbed:master Jan 25, 2020
@adbridge adbridge added release-version: 6.0.0-alpha-2 Second pre-release version of 6.0.0 and removed ready for merge labels Jan 25, 2020
@mergify
Copy link

mergify bot commented Jan 25, 2020

This PR does not contain release version label after merging.

@jamesbeyond jamesbeyond mentioned this pull request Feb 3, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Patater Patater Patater approved these changes

@mark-edgeworth mark-edgeworth mark-edgeworth approved these changes

@0xc0170 0xc0170 0xc0170 left review comments

@ashok-rao ashok-rao Awaiting requested review from ashok-rao

@jainvikas8 jainvikas8 Awaiting requested review from jainvikas8

Assignees
No one assigned
Labels
release-version: 6.0.0-alpha-2 Second pre-release version of 6.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@urutva @ciarmcom @Patater @adbridge @mbed-ci @mark-edgeworth @0xc0170