Bootloader firmware validation¶
The bootloader firmware validation library provides the function that the nRF Secure Immutable Bootloader uses to validate a firmware image before booting it.
The API is public because applications that are booted by the immutable bootloader can call the function from this library via the bootloader’s code, through external APIs. See External APIs for more information. Using this mechanism can be useful when the application receives a DFU package and wants to determine whether it will be accepted by the bootloader.
Validation¶
The bl_validate_firmware()
function validates the following information:
The digest and the signature of the whole image (see
bl_root_of_trust_verify()
)The fields of the
fw_info
struct that is part of the firmware image (see Firmware information)
API documentation¶
include/bl_validation.h
subsys/bootloader/bl_validation/
-
group
bl_validation
Typedefs
-
typedef bool (*
bl_validate_firmware_t
)(uint32_t fw_dst_address, uint32_t fw_src_address)¶
Functions
-
bool
bl_validate_firmware
(uint32_t fw_dst_address, uint32_t fw_src_address)¶ Function for validating firmware.
This will run a series of checks on the
fw_src_address
contents, then locate the validation info and check the signature of the image.- Parameters
fw_dst_address – [in] Address where the firmware will be written.
fw_src_address – [in] Address of the firmware to be validated.
- Returns true
if the image is valid
- Returns false
if the image is invalid
-
bool
bl_validate_firmware_available
(void)¶ Whether bl_validate_firmware() is available.
This is only relevant when
CONFIG_BL_VALIDATE_FW_EXT_API_OPTIONAL
is set.- Returns true
bl_validate_firmware() can be called and should work correctly.
- Returns false
bl_validate_firmware() is unavailable and will always return false because the undelying EXT_API is unavailable.
-
bool
bl_validate_firmware_local
(uint32_t fw_address, const struct fw_info *fwinfo)¶ Function for validating firmware in place.
See bl_validate_firmware for more details.
Note
This function is only available to the bootloader.
-
int
set_monotonic_version
(uint16_t version, uint16_t slot)¶ Write version and slot to monotonic counter.
The version is left-shifted 1 bit, and the slot is place as the LSB.
- Parameters
version – [in] Firmware version.
slot – [in] Slot where firmware is located. Must be 0 or 1.
- Returns
-
uint16_t
get_monotonic_version
(uint16_t *slot_out)¶ Read version and slot from monotonic counter.
- Parameters
slot_out – [out] Slot where firmware is located. Can be NULL.
- Returns
Firmware version
-
struct
bl_validate_fw_ext_api
¶ - #include <bl_validation.h>
Structure describing the BL_VALIDATE_FW EXT_API.
-
typedef bool (*