Infineon: Add secure mode smif encryption feature for CYW20829 devices

.gitmodules

@@ -1,19 +1,20 @@
-
-[submodule "boot/cypress/libs/cmsis"]
-	path = boot/cypress/libs/cmsis
-	url = https://github.com/Infineon/cmsis.git
 [submodule "boot/cypress/libs/core-lib"]
 	path = boot/cypress/libs/core-lib
 	url = https://github.com/Infineon/core-lib.git
-[submodule "boot/cypress/libs/mtb-pdl-cat1"]
-	path = boot/cypress/libs/mtb-pdl-cat1
-	url = https://github.com/Infineon/mtb-pdl-cat1.git
-[submodule "boot/cypress/libs/mtb-hal-cat1"]
-	path = boot/cypress/libs/mtb-hal-cat1
-	url = https://github.com/Infineon/mtb-hal-cat1.git
 [submodule "boot/cypress/libs/cy-mbedtls-acceleration"]
 	path = boot/cypress/libs/cy-mbedtls-acceleration
 	url = https://github.com/Infineon/cy-mbedtls-acceleration.git
+	branch = c5f703d0354c69611e6c8226a609cead96e1f8a6
+[submodule "boot/cypress/libs/mtb-hal-cat1"]
+	path = boot/cypress/libs/mtb-hal-cat1
+	url = https://github.com/Infineon/mtb-hal-cat1.git
+[submodule "boot/cypress/libs/mtb-pdl-cat1"]
+	path = boot/cypress/libs/mtb-pdl-cat1
+	url = https://github.com/Infineon/mtb-pdl-cat1.git
+	branch = 4eb815bb8c6f455b0c516ec86b2e16b02bd367d7
+[submodule "boot/cypress/libs/cmsis"]
+	path = boot/cypress/libs/cmsis
+	url = https://github.com/Infineon/cmsis.git
 [submodule "ext/cddl-gen"]
 	path = ext/cddl-gen
 	url = https://github.com/NordicSemiconductor/cddl-gen.git

boot/bootutil/src/bootutil_misc.c

@@ -202,7 +202,7 @@ boot_magic_decode(const uint8_t *magic)
     return BOOT_MAGIC_BAD;
 }
 
-static inline uint32_t
+uint32_t
 boot_magic_off(const struct flash_area *fap)
 {
     return flash_area_get_size(fap) - BOOT_MAGIC_SZ;

boot/bootutil/src/bootutil_priv.h

@@ -276,7 +276,9 @@ uint32_t boot_status_sz(uint32_t min_write_sz);
 uint32_t boot_trailer_sz(uint32_t min_write_sz);
 int boot_status_entries(int image_index, const struct flash_area *fap);
 uint32_t boot_status_off(const struct flash_area *fap);
+uint32_t boot_magic_off(const struct flash_area *fap);
 int boot_write_magic(const struct flash_area *fap);
+int boot_clear_magic(const struct flash_area *fap);
 int boot_write_status(const struct boot_loader_state *state, struct boot_status *bs);
 int boot_write_copy_done(const struct flash_area *fap);
 int boot_write_image_ok(const struct flash_area *fap);

boot/bootutil/src/bootutil_public.c

@@ -126,7 +126,7 @@ static const struct boot_swap_table boot_swap_tables[] = {
         .image_ok_secondary_slot =  BOOT_FLAG_ANY,
         .copy_done_primary_slot =   BOOT_FLAG_SET,
         .swap_type =                BOOT_SWAP_TYPE_REVERT,
-    },
+    }
 };
 
 #define BOOT_SWAP_TABLES_COUNT \
@@ -153,11 +153,6 @@ boot_flag_decode(uint8_t flag)
 }
 
 #ifndef MCUBOOT_SWAP_USING_STATUS
-static inline uint32_t
-boot_magic_off(const struct flash_area *fap)
-{
-    return flash_area_get_size(fap) - BOOT_MAGIC_SZ;
-}
 
 static inline uint32_t
 boot_image_ok_off(const struct flash_area *fap)
@@ -325,6 +320,42 @@ boot_read_swap_state_by_id(int flash_area_id, struct boot_swap_state *state)
 
 #ifndef MCUBOOT_SWAP_USING_STATUS
 
+int
+boot_clear_magic(const struct flash_area *fap)
+{
+    uint32_t off;
+    uint32_t pad_off;
+    int rc;
+    uint8_t magic[BOOT_MAGIC_ALIGN_SIZE];
+    uint8_t erased_val;
+
+    off = boot_magic_off(fap);
+
+    /* image_trailer structure was modified with additional padding such that
+     * the pad+magic ends up in a flash minimum write region. The address
+     * returned by boot_magic_off() is the start of magic which is not the
+     * start of the flash write boundary and thus writes to the magic will fail.
+     * To account for this change, write to magic is first padded with 0xFF
+     * before writing to the trailer.
+     */
+    pad_off = ALIGN_DOWN(off, BOOT_MAX_ALIGN);
+
+    erased_val = flash_area_erased_val(fap);
+
+    (void)memset(&magic[0], erased_val, sizeof(magic));
+
+    BOOT_LOG_DBG("clearing magic; fa_id=%u off=0x%" PRIx32
+                 " (0x%" PRIx32 ")", (unsigned)flash_area_get_id(fap),
+                 off, flash_area_get_off(fap) + off);
+    rc = flash_area_write(fap, pad_off, &magic[0], BOOT_MAGIC_ALIGN_SIZE);
+
+    if (rc != 0) {
+        return BOOT_EFLASH;
+    }
+
+    return 0;
+}
+
 int
 boot_write_magic(const struct flash_area *fap)
 {

boot/bootutil/src/loader.c

@@ -1753,6 +1753,9 @@ boot_perform_update(struct boot_loader_state *state, struct boot_status *bs)
 
     if (BOOT_IS_UPGRADE(swap_type)) {
         rc = swap_set_copy_done(BOOT_CURR_IMG(state));
+#if defined(MCUBOOT_ENC_IMAGES_SMIF)
+        rc |= swap_clear_magic_upgrade(BOOT_CURR_IMG(state));
+#endif
         if (rc != 0) {
             BOOT_SWAP_TYPE(state) = BOOT_SWAP_TYPE_PANIC;
         }

boot/bootutil/src/swap_misc.c

@@ -87,7 +87,7 @@ swap_status_init(const struct boot_loader_state *state,
                  const struct flash_area *fap,
                  const struct boot_status *bs)
 {
-    struct boot_swap_state swap_state;
+    struct boot_swap_state swap_state = {0};
     uint8_t image_index;
     int rc;
 
@@ -127,7 +127,7 @@ swap_status_init(const struct boot_loader_state *state,
     rc = boot_write_magic(fap);
     assert(rc == 0);
 
-    return 0;
+    return rc;
 }
 
 int
@@ -205,6 +205,21 @@ swap_set_copy_done(uint8_t image_index)
     return rc;
 }
 
+int swap_clear_magic_upgrade(uint8_t image_index)
+{
+    const struct flash_area *fap = NULL;
+    int rc;
+
+    rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap);
+    if (rc != 0) {
+        return BOOT_EFLASH;
+    }
+
+    rc = boot_clear_magic(fap);
+    flash_area_close(fap);
+    return rc;
+}
+
 int
 swap_set_image_ok(uint8_t image_index)
 {

boot/bootutil/src/swap_priv.h

@@ -71,6 +71,11 @@ int swap_read_status_bytes(const struct flash_area *fap,
  */
 int swap_set_copy_done(uint8_t image_index);
 
+/**
+ * Marks the image in the secondary slot as upgraded.
+ */
+int swap_clear_magic_upgrade(uint8_t image_index);
+
 /**
  * Marks a reverted image in the primary slot as confirmed. This is necessary to
  * ensure the status bytes from the image revert operation don't get processed

boot/bootutil/src/swap_status_misc.c

@@ -69,7 +69,7 @@ boot_flag_decode(uint8_t flag)
 }
 
 /* Offset Section */
-static inline uint32_t
+uint32_t
 boot_magic_off(const struct flash_area *fap)
 {
     (void)fap;
@@ -246,6 +246,25 @@ boot_write_magic(const struct flash_area *fap)
     return 0;
 }
 
+int
+boot_clear_magic(const struct flash_area *fap)
+{
+    uint32_t off;
+    int rc;
+    uint8_t tmp[BOOT_MAGIC_SZ];
+
+    off = fap->fa_size - BOOT_MAGIC_SZ;
+
+    (void) memset(tmp, flash_area_erased_val(fap), BOOT_MAGIC_SZ);
+
+    rc = flash_area_write(fap, off, tmp, BOOT_MAGIC_ALIGN_SIZE);
+
+    if (rc != 0) {
+        return -1;
+    }
+    return 0;
+}
+
 /**
  * Writes the supplied boot status to the flash file system.  The boot status
  * contains the current state of an in-progress image copy operation.

boot/cypress/BlinkyApp/BlinkyApp.md

@@ -4,17 +4,7 @@
 
 Implements a simple Blinky LED application to demonstrate the MCUBootApp bootloader application operation for the boot and upgrade processes.
 
-This demo supports PSoC™ 6 chips with the 1M-, 2M-, and 512K-flash on board; XMC7200, XMC7100; CYW20829/CYW89829 chips with no internal flash.
-The evaluation kits are:
-* `CY8CPROTO-062-4343W`
-* `CY8CKIT-062-WIFI-BT`
-* `CY8CPROTO-062S3-4343W`
-* `CYW920829M2EVB-01`
-* `CYW989829M2EVB-01`
-* `CYBLE-416045-EVAL`
-* `CY8CPROTO-063-BLE`
-* `CY8CKIT-062-BLE`
-* `KIT_XMC72_EVK`
+It is validated and started by MCUBootApp, which is running on the CM0p core of PSoC™ 6 devices, or CM33 core for the CYW20829/CYW89829 devices.
 
 Functionality:
 
@@ -97,7 +87,7 @@ These jobs also remove auto-generated files 'memorymap.mk' and 'memory.h', which
 `MCUBootApp` can upgrade an image either by overwriting the image from a secondary slot to a primary slot or by swapping the two images.  
 To build `BlinkyApp` for different upgrade modes choose flash map JSON file with the corresponding suffix - either `_swap_` or `_overwrite_`.  
 But hold in the mind, that `MCUBootApp` and `BlinkyApp` should use the same flash map file!  
-For example: to building `MCUBootApp` and `BlinkyApp` in the 'single overwride' mode use the flash map file:   
+For example: to building `MCUBootApp` and `BlinkyApp` in the 'single overwrite' mode use the flash map file:   
 `FLASH_MAP=platforms/memory/PSOC6/flashmap/psoc6_overwrite_single.json`  
 
 **Single-image**
@@ -265,7 +255,7 @@ To erase the swap status partition area in MCUBootApp with multi-image configura
 
     $OPENOCD_PATH/bin/openocd -s "$OPENOCD_PATH/scripts" -f "$OPENOCD_PATH/ scripts/interface/kitprog3.cfg" -f "$OPENOCD_PATH/scripts/target/psoc6_2m.cfg" -c "init; reset init" -c "flash erase_address 0x10078000 0x2000" -c "reset; shutdown"
 
-In both cases, it is easier to erase the whole device flash or all flash after MCUBootApp. This command erases all flash after MCUBootApp, including the primary, secondary, and swap status partiton:
+In both cases, it is easier to erase the whole device flash or all flash after MCUBootApp. This command erases all flash after MCUBootApp, including the primary, secondary, and swap status partition:
 
     $OPENOCD_PATH/bin/openocd -s "$OPENOCD_PATH/scripts" -f "$OPENOCD_PATH/ scripts/interface/kitprog3.cfg" -f "$OPENOCD_PATH/scripts/target/psoc6_2m.cfg" -c "init; reset init" -c "flash erase_address 0x10018000 0x1E8000" -c "reset; shutdown"
 

boot/cypress/MCUBootApp/ExternalMemory.md

@@ -80,7 +80,7 @@ This repository provides default flash map files with suffix _xip_ to be used fo
 
 External memory is enabled when `make` flag `USE_EXTERNAL_FLASH` is set to `1`. Value of this flag is set in auto-generated `memorymap.mk` files when field `"external_flash"` is present in JSON file. 
 
-Default flash maps with suffix _smif_ are provided in `platforms/memory/PSOC6/flashmap` folder for PSoC™ 6 devices, where presense of external memory in system is optional.
+Default flash maps with suffix _smif_ are provided in `platforms/memory/PSOC6/flashmap` folder for PSoC™ 6 devices, where presence of external memory in system is optional.
 
 Build MCUBootApp as described in the [MCUBootApp.md](MCUBootApp.md) file.
 

boot/cypress/MCUBootApp/MCUBootApp.md

@@ -11,7 +11,7 @@ This solution demonstrates the operation of MCUboot on Cypress PSoC™ 6 and CYW
 * Revert bad upgrade images
 * Secondary slots located in external flash
 
-This demo supports PSoC™ 6 chips with the 1M-, 2M-, and 512K-flash on board; XMC7200, XMC7100; CYW20829/CYW89829 chips with no internal flash.
+This demo supports PSoC™ 6 chips with the 1M-, 2M-, and 512K-flash on board, and the CYW20829/CYW89829 chips with no internal flash.
 The evaluation kits are:
 * `CY8CPROTO-062-4343W`
 * `CY8CKIT-062-WIFI-BT`
@@ -23,7 +23,7 @@ The evaluation kits are:
 * `CY8CKIT-062-BLE`
 * `KIT_XMC72_EVK`
 
-### Platfrom specifics
+### Platform specifics
 
 MCUBootApp can be built for different platforms. So, the main application makefile `MCUBootApp.mk` operates with common build variables and flags. Most of them can be passed to the build system as a `make` command parameter and each platform defines the default value prefixed with `PLATFORM_` in the corresponding makefile - `PSOC6.mk` or `CYW20829.mk`. The build flags and variables are described in detail in the following paragraphs.
 
@@ -153,6 +153,8 @@ Insufficient swap status area - suggested size 0x3800
 ```
 To calculate the minimal correct size of the status partition, one could specify `"value": "0"` for the `"status_size"`. After the intentional `make` failure, copy the correct size from the error message.
 
+To improve boot time user may specify build variables `MCUBOOT_SWAP_STATUS_FAST_BOOT=1` `USE_BOOTSTRAP=0` and comment out `MCUBOOT_VALIDATE_PRIMARY_SLOT` in "mcuboot_config.h" to achieve faster boot.
+
 ###### External flash
 If external flash memory is used, one should specify its parameters. The first way is to specify the exact model:
 
@@ -583,9 +585,6 @@ When an improper address is specified, `make` will fail with a message like:
 Misaligned application_1 (secondary slot) - suggested address 0x18030200
 ```
 This gives the nearest larger address that satisfies the slot location requirements. Other errors, such as overlapping flash areas, are also checked and reported.
-
-To improve boot time user may specify build variables `MCUBOOT_SWAP_STATUS_FAST_BOOT=1` `USE_BOOTSTRAP=0` and comment out `MCUBOOT_VALIDATE_PRIMARY_SLOT` in "mcuboot_config.h" to achieve faser boot.
-
 ### Hardware limitations
 
 This application is created to demonstrate the MCUboot library features and not as a reference example. So, some considerations are taken.

boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h

@@ -57,8 +57,10 @@
  * Uncomment which is needed. */
 #define MCUBOOT_SWAP_USING_SCRATCH  1
 /* #define MCUBOOT_SWAP_USING_MOVE     1 */
+#ifdef USE_SWAP_STATUS
 #define MCUBOOT_SWAP_USING_STATUS   1
 #endif
+#endif
 
 /* This definition is used in boot_copy_region function to define 
  * minimum size of data chunk to be copied. This most likely is equal

boot/cypress/MCUBootApp/main.c

@@ -377,9 +377,11 @@ int main(void)
             * reset will be initiated by watchdog timer and swap revert operation started
             * to roll back to operable image.
             */
-            cyhal_wdt_t *wdt = NULL;
+            cyhal_wdt_t wdt_obj;
 
-            rc = cyhal_wdt_init(wdt, WDT_TIME_OUT_MS);
+            rc = cyhal_wdt_init(&wdt_obj, WDT_TIME_OUT_MS);
+
+            cyhal_wdt_start(&wdt_obj);
 
             if (CY_RSLT_SUCCESS == rc) {