Skip to content

boot/mcuboot: update MCUBoot version #3200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

boot/mcuboot: update MCUBoot version #3200

wants to merge 1 commit into from
+4 −2

Conversation

@fdcavalcanti
Copy link
Contributor

@fdcavalcanti fdcavalcanti commented Oct 30, 2025
edited
Loading

Summary

  • boot/mcuboot: update MCUBoot version
    Updates default MCUBoot hash.

This PR updates the default hash for MCUBoot.

Here is a summary of changes (AI assisted).

MCUboot Changes Summary (fefc398 → 8a07053)

Overall Statistics

  • 404 files changed
  • 19,536 insertions, 6,494 deletions

NuttX-Specific Changes

File: boot/nuttx/include/mcuboot_config/mcuboot_config.h

Added configuration definitions:

  • MCUBOOT_DEV_WITH_ERASE - Enables flash erase operations with device drivers
  • MCUBOOT_USE_TLV_ALLOW_LIST 1 - Enables non-protected TLV allow list validation

Core Changes Affecting NuttX

New Bootutil APIs

  • boot_get_loader_state() - Get bootloader state
  • boot_get_image_max_sizes() - Get image maximum sizes array
  • boot_get_max_app_size() - Get maximum application size
  • boot_fetch_slot_state_sizes() - Fetch slot state sizes
  • boot_get_state_secondary_offset() - Get secondary slot offset from state

New Structures

  • struct image_max_size - Structure to store calculated max size information

Boot Serial Encryption

  • Added boot_serial_encryption.h and boot_serial_encryption.c
  • Enhanced encrypted image handling in serial recovery mode

Other Relevant Changes

  • Boot hooks API updates
  • Boot record improvements
  • Security counter enhancements
  • UUID VID/CID support added
  • Crypto API improvements (SHA abstraction, ECDSA, RSA)

Key Commits

  • ae2d0d61 - sys: Add MCUBOOT_USE_TLV_ALLOW_LIST to mcuboot_config.h
  • a13624f0 - bootutil: Add MCUBOOT_USE_TLV_ALLOW_LIST
  • f6e1af89 - doc: Add information on TLV allow list
  • 94ad4d44 - boot: Add VID and CID checks
  • 82bd4a76 - boot: bootutil: Fix pure image validation check with offset swap

Impact on NuttX Integration

These changes introduce:

  1. Flash erase control - MCUBOOT_DEV_WITH_ERASE provides better control over flash erase operations
  2. TLV validation - MCUBOOT_USE_TLV_ALLOW_LIST enables allow list checking for non-protected TLV entries
  3. Enhanced APIs - New bootutil functions for better state and size management
  4. Improved encryption support - Better handling of encrypted images in serial recovery

Impact

  • Impact on user: No.
  • Impact on build: No.
  • Impact on hardware: No.
  • Impact on documentation: No.
  • Impact on security: No.
  • Impact on compatibility: No.

Testing

Tested with mcuboot_update_agent defconfig of ESP32.

Building

Build the mcuboot_update_agent defconfig or use SD card to locally run an update.
Tested with and without flash encryption.

  • ./tools/configure.sh esp32-devkitc:mcuboot_update_agent
  • Enable EXAMPLES_MCUBOOT_LOCAL_AGENT and add SD Card support (this also works the same on OTA).
  • make and flash

After flashing, change target slot to slot 1 and build again. Then, I moved the new binary a SD Card and mounted to /mnt.
Used to SD Card update app.

Results

nsh> mcuboot_local_agent /mnt/nuttx.bin
MCUBoot Local Update Agent
Firmware file: /mnt/nuttx.bin
Firmware file size: 1048576 bytes
Erasing secondary flash slot...
Progress: 4096/1048576 bytes [0%]
Progress: 8192/1048576 bytes [0%]
Progress: 12288/1048576 bytes [1%]
Progress: 16384/1048576 bytes [1%]
....
Firmware copy completed successfully!
Firmware successfully copied to secondary slot!
Update scheduled for next boot. Restarting...
reboot status=0

@fdcavalcanti fdcavalcanti requested a review from tmedicci October 30, 2025 07:32
@cederom
Copy link
Contributor

cederom commented Oct 30, 2025

Thank you @fdcavalcanti :-) CI job failed, restarted :-)

Do we use a releases or just master branch for mcuboot? Would it be possible to add version comparison and changelog to make sure there are no breaking changes for users? :-)

@xiaoxiang781216
Copy link
Contributor

xiaoxiang781216 commented Oct 30, 2025

@fdcavalcanti please fix the spelling error:

/home/runner/work/nuttx-apps/nuttx-apps/apps/boot/mcuboot/Kconfig:29: compatability ==> compatibility

@fdcavalcanti
Copy link
Contributor Author

fdcavalcanti commented Nov 3, 2025

Thank you @fdcavalcanti :-) CI job failed, restarted :-)

Do we use a releases or just master branch for mcuboot? Would it be possible to add version comparison and changelog to make sure there are no breaking changes for users? :-)

Hey @cederom, sure I will summarize the changelog.
I can't tell you there will be no breaking changes. I expect MCUBoot has a good grasp on its own testing. That hash I updated, I was able to test with Espressif devices just fine.
Here are the tags between those commits:

  • v2.0.0 (2023-10-22) - 304fd419 - mynewt: update to release 2.0.0
  • v2.1.0 (2024-05-06) - 9c99326b - Preps for 2.1.0 release
  • v2.2.0 (2025-06-09) - 2d61c318 - Updates for 2.2.0 release

@fdcavalcanti fdcavalcanti force-pushed the feature/upgrade-mcuboot-version branch from 9c85efd to b9cec58 Compare November 3, 2025 02:31
xiaoxiang781216
xiaoxiang781216 previously approved these changes Nov 3, 2025
View reviewed changes
@cederom
Copy link
Contributor

cederom commented Nov 3, 2025

Thanks @fdcavalcanti :-) Lets try to stick to a release unless there are some important fixes introduced between releases :-) We seem to be good to go except still there was CI build error :-P

@fdcavalcanti fdcavalcanti force-pushed the feature/upgrade-mcuboot-version branch from b9cec58 to edfa27c Compare November 4, 2025 01:23
@fdcavalcanti
boot/mcuboot: update MCUBoot version
fe83bc5 
Updates default MCUBoot hash.

Signed-off-by: Filipe Cavalcanti <[email protected]>
@fdcavalcanti fdcavalcanti force-pushed the feature/upgrade-mcuboot-version branch from edfa27c to fe83bc5 Compare November 4, 2025 01:30
@fdcavalcanti
Copy link
Contributor Author

fdcavalcanti commented Nov 4, 2025

Seems those boards are setting a custom MCUBoot version, but will fail to build due because this PR adds a new source file.

- ./boards/arm/nrf52/nrf52840-dk/configs/mcuboot_loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/nrf52/nrf52832-dk/configs/mcuboot_loader_minimal
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/nrf52/nrf52832-dk/configs/mcuboot_loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/imxrt/imxrt1064-evk/configs/mcuboot-loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/stm32h7/nucleo-h743zi/configs/mcuboot-loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39

Not sure how we can approach this. Any ideas?

@cederom
Copy link
Contributor

cederom commented Nov 4, 2025

@fdcavalcanti: Seems those boards are setting a custom MCUBoot version, but will fail to build due because this PR adds a new source file.

- ./boards/arm/nrf52/nrf52840-dk/configs/mcuboot_loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/nrf52/nrf52832-dk/configs/mcuboot_loader_minimal
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"
- ./boards/arm/nrf52/nrf52832-dk/configs/mcuboot_loader
defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"

@raiden00pl ? :-)

  • ./boards/arm/imxrt/imxrt1064-evk/configs/mcuboot-loader
    defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39"

@JianyuWang0623 @hujun260 @jturnsek ? :-)

  • ./boards/arm/stm32h7/nucleo-h743zi/configs/mcuboot-loader
    defconfig:CONFIG_MCUBOOT_VERSION="414ac87cfd8d9cedeb781f812ad6f5072e6d8a39

@JianyuWang0623 @raiden00pl @davids5 @xiaoxiang781216 @tito97sp ? :-)

Not sure how we can approach this. Any ideas?

I guess we should use common version for all boards as you propose @fdcavalcanti, but maybe there are exceptions for some boards, maybe these are just leftovers where was not common mcuboot yet?

If committers of the code have insight and board at hand and could verify if the updated project wide mcuboot version fits these specific boards then we could remove board/config specific mcuboot versions and use one common version.

I have nRF52832-DK, nRF52840-DK, and NUCLEO-h755ZI, but no imxrt1064-evk (~200EUR).

@raiden00pl
Copy link
Member

raiden00pl commented Nov 4, 2025

I think we can remove these hardcoded CONFIG_MCUBOOT_VERSION and use default version from Kconfig. These hardcoded hashes are just copy-paste from one configuration

@fdcavalcanti fdcavalcanti mentioned this pull request Nov 5, 2025
Merged
cederom
cederom approved these changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@cederom cederom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @fdcavalcanti for this MCUBoot version update and the apache/nuttx#17281 fixes :-)

Lets just wait for CI to complete it should go smooth right now :-)

@simbit18
Copy link
Contributor

simbit18 commented Nov 5, 2025
edited
Loading

@fdcavalcanti errors with

  • same70-xplained:mcuboot-loader
  • same70-qmtech/mcuboot-loader
====================================================================================
Configuration/Tool: same70-xplained/mcuboot-loader,CONFIG_ARM_TOOLCHAIN_GNU_EABI
2025-11-05 12:19:08
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Disabling CONFIG_ARM_TOOLCHAIN_GNU_EABI
  Enabling CONFIG_ARM_TOOLCHAIN_GNU_EABI
  Building NuttX...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

100 1807k    0 1807k    0     0  3662k      0 --:--:-- --:--:-- --:--:-- 3662k
In file included from /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/crypto/sha.h:25,
                 from mcuboot/boot/bootutil/src/bootutil_img_hash.c:32:
mcuboot/boot/bootutil/src/bootutil_img_hash.c: In function 'bootutil_img_hash':
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~
mcuboot/boot/bootutil/src/bootutil_img_hash.c:173:13: note: in expansion of macro 'BOOT_LOG_DBG'
  173 |             BOOT_LOG_DBG("bootutil_img_validate Error %d reading data chunk %p %u %u",
      |             ^~~~~~~~~~~~
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~
mcuboot/boot/bootutil/src/bootutil_img_hash.c:173:13: note: in expansion of macro 'BOOT_LOG_DBG'
  173 |             BOOT_LOG_DBG("bootutil_img_validate Error %d reading data chunk %p %u %u",
      |             ^~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [/github/workspace/sources/apps/Application.mk:239: mcuboot/boot/bootutil/src/bootutil_img_hash.c.github.workspace.sources.apps.boot.mcuboot.o] Error 1
In file included from /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:31,
                 from mcuboot/boot/bootutil/src/bootutil_misc.c:40:
mcuboot/boot/bootutil/src/bootutil_misc.c: In function 'boot_erase_region':
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%d' expects argument of type 'int', but argument 5 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~

Linux (arm-07)

cederom
cederom requested changes Nov 5, 2025
View reviewed changes
Copy link
Contributor

@cederom cederom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more fixes required :-P

@fdcavalcanti
Copy link
Contributor Author

fdcavalcanti commented Nov 6, 2025
edited
Loading

@fdcavalcanti errors with

* same70-xplained:mcuboot-loader

* same70-qmtech/mcuboot-loader

====================================================================================
Configuration/Tool: same70-xplained/mcuboot-loader,CONFIG_ARM_TOOLCHAIN_GNU_EABI
2025-11-05 12:19:08
------------------------------------------------------------------------------------
  Cleaning...
  Configuring...
  Disabling CONFIG_ARM_TOOLCHAIN_GNU_EABI
  Enabling CONFIG_ARM_TOOLCHAIN_GNU_EABI
  Building NuttX...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0

100 1807k    0 1807k    0     0  3662k      0 --:--:-- --:--:-- --:--:-- 3662k
In file included from /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/crypto/sha.h:25,
                 from mcuboot/boot/bootutil/src/bootutil_img_hash.c:32:
mcuboot/boot/bootutil/src/bootutil_img_hash.c: In function 'bootutil_img_hash':
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%u' expects argument of type 'unsigned int', but argument 6 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~
mcuboot/boot/bootutil/src/bootutil_img_hash.c:173:13: note: in expansion of macro 'BOOT_LOG_DBG'
  173 |             BOOT_LOG_DBG("bootutil_img_validate Error %d reading data chunk %p %u %u",
      |             ^~~~~~~~~~~~
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%u' expects argument of type 'unsigned int', but argument 7 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~
mcuboot/boot/bootutil/src/bootutil_img_hash.c:173:13: note: in expansion of macro 'BOOT_LOG_DBG'
  173 |             BOOT_LOG_DBG("bootutil_img_validate Error %d reading data chunk %p %u %u",
      |             ^~~~~~~~~~~~
cc1: all warnings being treated as errors
make[2]: *** [/github/workspace/sources/apps/Application.mk:239: mcuboot/boot/bootutil/src/bootutil_img_hash.c.github.workspace.sources.apps.boot.mcuboot.o] Error 1
In file included from /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:31,
                 from mcuboot/boot/bootutil/src/bootutil_misc.c:40:
mcuboot/boot/bootutil/src/bootutil_misc.c: In function 'boot_erase_region':
Error: /github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/nuttx/include/mcuboot_config/mcuboot_logging.h:46:23: error: format '%d' expects argument of type 'int', but argument 5 has type 'uint32_t' {aka 'long unsigned int'} [-Werror=format=]
   46 |     syslog(LOG_DEBUG, "%s: " format "\n", __FUNCTION__, ##__VA_ARGS__)
      |                       ^~~~~~
/github/workspace/sources/apps/boot/mcuboot/mcuboot/boot/bootutil/include/bootutil/bootutil_log.h:36:27: note: in expansion of macro 'MCUBOOT_LOG_DBG'
   36 | #define BOOT_LOG_DBG(...) MCUBOOT_LOG_DBG(__VA_ARGS__)
      |                           ^~~~~~~~~~~~~~~

Linux (arm-07)

Seems those warnings are being treated as errors, just a type mismatching.
This can be fixed (hidden) by disabling CONFIG_MCUBOOT_ENABLE_LOGGING on the defconfig, only those two defconfigs are using it.

The alternative is a patch on MCUBoot, which I'm unable to do. You guys okay with the defconfig change?
@pkarashchenko

@pkarashchenko
Copy link
Contributor

pkarashchenko commented Nov 6, 2025

In the past I've been submitting patch with fix to MCUboot repo instead of masking error at NuttX repo. My personal take is to add temporary patch that fixes an issue and submit fix to MCUboot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cederom cederom cederom requested changes

@jerpelea jerpelea jerpelea approved these changes

@xiaoxiang781216 xiaoxiang781216 xiaoxiang781216 approved these changes

@simbit18 simbit18 simbit18 approved these changes

@tmedicci tmedicci Awaiting requested review from tmedicci

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

Area: Boot Size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@fdcavalcanti @cederom @xiaoxiang781216 @raiden00pl @simbit18 @pkarashchenko @jerpelea