Skip to content

Series of commits that exposes control over TLV allow list #2410

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Series of commits that exposes control over TLV allow list #2410

wants to merge 4 commits into from

Conversation

de-nordic
Copy link
Collaborator

Previously allow list was controller with define ALLOW_ROGUE_TLVS; this commit changes the name to MCUBOOT_USE_TLV_ALLOW_LIST and reverses the logic.
The config has been added to each mcuboot_config.h, with value set 1, to keep existing behaviour.
Zephyr has now Kconfig that can be used to disable the list, it is enabled by default.

Disabling the allow list reduces slightly MCUboot size.
Builds with allow list:

west build -p -d builds/nrf52_mcuboot -b nrf52840dk/nrf52840 bootloader/mcuboot/boot/zephyr/
...
Memory region         Used Size  Region Size  %age Used
           FLASH:       33252 B        48 KB     67.65%
             RAM:       22464 B       256 KB      8.57%
        IDT_LIST:          0 GB        32 KB      0.00%

and without

west build -p -d builds/nrf52_mcuboot_nolist -b nrf52840dk/nrf52840 bootloader/mcuboot/boot/zephyr/ -DCONFIG_MCUBOOT_USE_TLV_ALLOW_LIST=n
...
Memory region         Used Size  Region Size  %age Used
           FLASH:       33156 B        48 KB     67.46%
             RAM:       22464 B       256 KB      8.57%
        IDT_LIST:          0 GB        32 KB      0.00%

nordicjm
nordicjm requested changes Aug 1, 2025
View reviewed changes
docs/design.md Outdated
@@ -136,6 +136,14 @@ The `ih_hdr_size` field indicates the length of the header, and therefore the
offset of the image itself. This field provides for backwards compatibility in
case of changes to the format of the image header.

## [TLV allow list](#tlv-allow)

While reading TLVs from an image, MCUboot will try to match them against list
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

*unprotected

nordicjm
nordicjm reviewed Aug 1, 2025
View reviewed changes
@de-nordic de-nordic force-pushed the tlv-allow-list-control branch 4 times, most recently from f14b7b4 to ae94217 Compare August 1, 2025 13:46
@de-nordic de-nordic requested a review from nordicjm August 1, 2025 14:58
@de-nordic de-nordic force-pushed the tlv-allow-list-control branch 2 times, most recently from ffff23f to d20c3e1 Compare August 7, 2025 14:09
@de-nordic
bootutil: Add MCUBOOT_USE_TLV_ALLOW_LIST
b9fb4a6 
The ALLOW_ROGUE_TLVS is used to turn off TLV filtering in
code, basically to prevent processing TLVs that MCUboot is not
compiled to serve anyway.
The commit replaces identifier ALLOW_ROGUE_TLVS with
MCUBOOT_USE_TLV_ALLOW_LIST and reverse the logic around it, as
it now means opposite to the original.
This gives the feature an identifier in style of the
mcuboot_config.h defined identifiers.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic
zephyr: Kconfig to control MCUBOOT_USE_TLV_ALLOW_LIST
3e2c9ea 
The commit adds Kconfig MCUBOOT_USE_TLV_ALLOW_LIST that allows
to control MCUboot config option MCUBOOT_USE_TLV_ALLOW_LIST.
The Kconfig is set to y, by default, to keep legacy behaviour.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic
sys: Add MCUBOOT_USE_TLV_ALLOW_LIST to mcuboot_config.h
268bfc9 
Add #define MCUBOOT_USE_TLV_ALLOW_LIST 1, to keep
behaviour where TLVs are matched against list of allowed TLVs,
before being processed.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic
doc: Add information on TLV allow list
d84226d 
Add information on TLV allow list and MCUBOOT_USE_TLV_ALLOW_LIST,
MCUboot configuration identifier that controls its usage.

Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
@de-nordic de-nordic force-pushed the tlv-allow-list-control branch from d20c3e1 to d84226d Compare August 13, 2025 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@almir-okato almir-okato Awaiting requested review from almir-okato almir-okato is a code owner

@romanjoe romanjoe Awaiting requested review from romanjoe romanjoe is a code owner

@davidvincze davidvincze Awaiting requested review from davidvincze davidvincze is a code owner

@d3zd3z d3zd3z Awaiting requested review from d3zd3z d3zd3z is a code owner

@nordicjm nordicjm Awaiting requested review from nordicjm nordicjm is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@de-nordic @nordicjm