bootutil: Add compressed image flags and TLV

Adds some flags to indicate if the data of an image is compressed (lzma1 and lzma2) and adds a new TLV for a sha256 hash of the compressed/encrypted image data, this would (optionally) be used for images where one or both options are enabled to be able to verify the data is correct before attempting to decrypt/decompress it Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no> Signed-off-by: Mateusz Michalek <mateusz.michalek@nordicsemi.no>
mcu-tools · Aug 16, 2024 · 15b63e0 · 15b63e0
1 parent 12906fd
commit 15b63e0
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
@@ -71,6 +71,12 @@ struct flash_area;
  */
 #define IMAGE_F_ROM_FIXED                0x00000100
 
+/*
+ * Flags that indicate if the image data is compressed
+ */
+#define IMAGE_F_COMPRESSED_LZMA1         0x00000200
+#define IMAGE_F_COMPRESSED_LZMA2         0x00000400
+
 /*
  * ECSDA224 is with NIST P-224
  * ECSDA256 is with NIST P-256
@@ -89,6 +95,11 @@ struct flash_area;
 #define IMAGE_TLV_PUBKEY            0x02   /* public key */
 #define IMAGE_TLV_SHA256            0x10   /* SHA256 of image hdr and body */
 #define IMAGE_TLV_SHA384            0x11   /* SHA384 of image hdr and body */
+#define IMAGE_TLV_RAW_SLOT_SHA256   0x18   /*
+                                            * SHA256 of compressed/encrypted image data in the slot
+                                            * which should be checked to ensure image integrity
+                                            * before decrypting/decompressing data
+                                            */
 #define IMAGE_TLV_RSA2048_PSS       0x20   /* RSA2048 of hash output */
 #define IMAGE_TLV_ECDSA224          0x21   /* ECDSA of hash output - Not supported anymore */
 #define IMAGE_TLV_ECDSA_SIG         0x22   /* ECDSA of hash output */
@@ -101,6 +112,18 @@ struct flash_area;
 #define IMAGE_TLV_DEPENDENCY        0x40   /* Image depends on other image */
 #define IMAGE_TLV_SEC_CNT           0x50   /* security counter */
 #define IMAGE_TLV_BOOT_RECORD       0x60   /* measured boot record */
+/* The following flags relate to compressed images and are for the decompressed image data */
+#define IMAGE_TLV_COMP_SIZE         0x70   /* Decompressed image size */
+#define IMAGE_TLV_COMP_SHA          0x71   /*
+                                            * Decompressed image shaX hash, this field must match
+                                            * the format and size of the raw slot (compressed)
+                                            * shaX hash
+                                            */
+#define IMAGE_TLV_COMP_SIGNATURE    0x72   /*
+                                            * Decompressed image signature, this field must match
+                                            * the format and size of the raw slot (compressed)
+                                            * signature
+                                            */
 					   /*
 					    * vendor reserved TLVs at xxA0-xxFF,
 					    * where xx denotes the upper byte