espressif
diff --git a/‎content/blog/2025/12/mcuboot-getting-started/assets/mcuboot-process-overview1.webp‎
15.5 KB b/‎content/blog/2025/12/mcuboot-getting-started/assets/mcuboot-process-overview1.webp‎
15.5 KB
diff --git a/‎content/blog/2025/12/mcuboot-getting-started/assets/mcuboot-process-overview2.webp‎
37.1 KB b/‎content/blog/2025/12/mcuboot-getting-started/assets/mcuboot-process-overview2.webp‎
37.1 KB
diff --git a/‎content/blog/2025/12/mcuboot-getting-started/featured-mcuboot-esp32-banner.webp‎
39.5 KB b/‎content/blog/2025/12/mcuboot-getting-started/featured-mcuboot-esp32-banner.webp‎
39.5 KB
diff --git a/‎content/blog/2025/12/mcuboot-getting-started/index.md‎
Lines changed: 386 additions & 0 deletions b/‎content/blog/2025/12/mcuboot-getting-started/index.md‎
Lines changed: 386 additions & 0 deletions
@@ -0,0 +1,386 @@
+---
+title: "MCUboot - Getting Started Guide for ESP32"
+date: 2025-12-16
+showAuthor: false
+authors:
+  - "almir-okato"
+tags: ["Bootloader", "MCUboot", "NuttX", "Zephyr"]
+---
+
+## Introduction
+
+In the embedded world, firmware updates are essential and increasingly important. As IoT solutions grow exponentially in numbers and complexity, so does the concern to make devices secure and updatable in the field efficiently.
+
+Some years ago, **MCUboot** emerged as an open source bootloader project for small and low-cost systems, designed to simplify and standardize solutions for these challenges. It started as an Apache Mynewt subproject when developers decided to separate the bootloader from OS development. Later, it was ported to **Zephyr RTOS** and became its default bootloader.
+
+**Espressif Systems** has been expanding support for other **3rd party RTOSes** like **Zephyr** and **NuttX** as attractive options for a developer adopt within its SoCs. Since then, a port for **Espressif** SoCs has been developed in the **MCUboot** project.
+
+This guide shows how to get started with **MCUboot** on your ESP32-based project (note: this is a translated and updated version of my original article in [**Embarcados** website](https://embarcados.com.br/primeiros-passos-com-esp32-utilizando-mcuboot-como-bootloader/)). It covers environment setup, required configuration in the application side, how to build the **MCUboot Espressif Port** bootloader and how to flash it into the device. The [ESP32 DevKitC](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/hw-reference/esp32/get-started-devkitc.html) board was used to prepare this guide.
+
+{{< alert icon="eye" >}}
+The MCUboot-compatible application mentioned in this guide can be either a **NuttX RTOS** application or a **Zephyr RTOS** application built for Espressif SoCs with MCUboot compatibility configuration enable.
+
+This guide assumes that you are familiar with building and configuring the chosen RTOS.
+{{< /alert >}}
+
+## What is MCUboot?
+
+As previously mentioned, **MCUboot** is an open source secure bootloader for 32-bit microcontrollers. The project defines a common infrastructure for secure boot and it covers:
+
+- **Fault-tolerant updates**: the flash organization is well defined, using the concept of slots for placing the main bootable image and update image in different flash regions, with a scratch area to help the swapping process during firmware updates. This provides mechanisms for reliable firmware updates and also allows recovering and reverting if any problem during the process.
+- **Security**: image validation through hash checking and signature verification using asymmetric key algorithms like RSA 2048/3072, ECDSA and ed25519 ensures integrity and authenticity of firmware images.
+
+The project aims to standardize these aspects comprehensively. **MCUboot** core features are independent from any operating system and hardware, relying on hardware porting layers from the target host OS.
+
+### High-level overview of the boot process
+
+{{< figure
+    default=true
+    src="./assets/mcuboot-process-overview1.webp"
+    caption="MCUboot boot process overview"
+>}}
+
+{{< figure
+    default=true
+    src="./assets/mcuboot-process-overview2.webp"
+    caption="MCUboot boot process overview"
+>}}
+
+**Important concepts:**
+
+- **Primary slot** is where the main bootable image resides, code always runs from there.
+- **Secondary slot** is used for updates; it stores the incoming image and, after the swap, stores the original image to enable recovery if needed.
+- **Scratch region** is used to help image swap when updating.
+- A header and trailer are added to the image to track general information, swapping, and update states.
+
+{{< alert icon="eye" >}}
+The booting process and concepts presented here are related to the **Espressif Port** current support to **MCUboot**. See more at the official [MCUboot documentation](https://docs.mcuboot.com/).
+{{< /alert >}}
+
+## Setting the environment
+
+First, prepare the development environment. This guide assumes the use of Linux (Ubuntu 20.04.2 LTS or later).
+
+Ensure you have **Git**, **Python3**, **pip**, **CMake** and **Ninja** installed. If you don't, you can run the following (this step is optional):
+
+```bash
+sudo apt update
+sudo apt upgrade
+sudo apt install git python3 python3-pip cmake ninja-build
+```
+
+### **MCUboot Espressif Port** HAL
+
+The **MCUboot Espressif Port** depends on HAL (Hardware Abstraction Layer) sources based on **ESP-IDF**. Then it is required to have either **ESP-IDF** itself installed, which allows building the project in a standalone way, or one of the Espressif's HAL sources used by **Zephyr RTOS** (`zephyrproject-rtos/hal_espressif/`) or **NuttX RTOS**
+(`espressif/esp-hal-3rdparty`). For both the later options, it is recommended using them only within their RTOS build system, since their sources revision may differ from what is currently expected.
+
+**Installing ESP-IDF v5.1.6**
+
+  ```bash
+  git clone --recursive https://github.com/espressif/esp-idf.git
+  ```
+
+  ```bash
+  cd <IDF_PATH>
+  git checkout v5.1.6
+  ```
+
+  ```bash
+  <IDF_PATH>/install.sh
+  ```
+
+  ```bash
+  . <IDF_PATH>/export.sh
+  ```
+
+  More information about **ESP-IDF** installation can be found [here](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html#manual-installation).
+
+### Clone and set up MCUboot
+
+1. Clone the repository into a directory of your choice (other than **ESP-IDF** installation):
+
+    ```bash
+    git clone https://github.com/mcu-tools/mcuboot.git
+    cd mcuboot
+    ```
+
+2. Install the additional dependencies needed by **MCUboot**:
+
+    ```bash
+    pip3 install -r scripts/requirements.txt
+    ```
+
+3. Update the **MbedTLS** submodule required by **MCUboot**:
+
+    ```bash
+    git submodule update --init --recursive ext/mbedtls
+    ```
+
+4. For any images you may boot with **MCUboot**, you need to sign them using `imgtool`. This tool adds the **MCUboot** expected headers and trailers to the binary, signs the firmware, and can also generate the signing keys. `imgtool` can be found at `<MCUBOOT_DIR>/scripts/imgtool.py` (where `<MCUBOOT_DIR>` is the path of the cloned repository), or you can install it as follows (optional):
+
+    ```bash
+    pip3 install imgtool
+    ```
+
+{{< alert icon="eye" >}}
+**MCUboot** repository includes some sample cryptographic keys for signing and testing the secure boot verification. It is crucial that you never use these keys in production since the private key is available in the **MCUboot** repository.
+See how to generate and manage cryptographic keys at the [imgtool documentation](https://docs.mcuboot.com/imgtool.html).
+{{< /alert >}}
+
+## Building and flashing MCUboot on ESP32
+
+With everything set, let's configure, build and flash the **MCUboot Espressif Port** bootloader.
+
+1. Firstly set the flash layout organization in the `<MCUBOOT_DIR>/boot/espressif/port/esp32/bootloader.conf` file, it must match the same flash organization as the chosen RTOS. For example:
+
+    ```text
+    CONFIG_ESP_FLASH_SIZE=4MB
+    CONFIG_ESP_BOOTLOADER_SIZE=0xF000
+    CONFIG_ESP_BOOTLOADER_OFFSET=0x1000
+    CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x20000
+    CONFIG_ESP_APPLICATION_SIZE=0x150000
+    CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x170000
+    CONFIG_ESP_SCRATCH_OFFSET=0x3E0000
+    CONFIG_ESP_SCRATCH_SIZE=0x1F000
+    ```
+
+2. Compile and generate the ELF:
+
+    ```bash
+    cd <MCUBOOT_DIR>/boot/espressif
+    cmake -DCMAKE_TOOLCHAIN_FILE=tools/toolchain-esp32.cmake -DMCUBOOT_TARGET=esp32 -DESP_HAL_PATH=<IDF_PATH> -DMCUBOOT_FLASH_PORT=/dev/ttyUSB0 -B build -GNinja
+    ```
+
+    ```bash
+    ninja -C build/
+    ```
+
+3. Erase the device's flash:
+
+    ```bash
+    esptool.py -p <PORT> erase_flash
+    ```
+
+4. Flash **MCUboot Espressif Port** bootloader to your board:
+
+    ```bash
+    ninja -C build/ flash
+    ```
+
+    Alternatively:
+
+    ```bash
+    esptool.py -p /dev/ttyUSB0 -b 921600 --before default_reset --after hard_reset --chip esp32 write_flash --flash_mode dio --flash_size detect --flash_freq 40m 0x1000 build/mcuboot_esp32.bin
+    ```
+
+    > **Note:** You may adjust the USB port (`-p /dev/ttyUSB0`) and baud rate (`-b 921600`) according to your board connection.
+
+5. Check the serial monitor on the UART port (the same port used to flash) and reset your **ESP32** board. This guide uses `picocom` tool, but any serial monitor tool can be used:
+
+    ```bash
+    picocom -b 115200 /dev/ttyUSB0
+    ```
+
+Since no image has been flashed yet, you will see **MCUboot** waiting for an application image in the primary slot.
+
+```text
+[esp32] [INF] *** Booting MCUboot build v2.3.0-rc2-3-g234c66e6 ***
+[esp32] [INF] [boot] chip revision: v3.0
+[esp32] [INF] [boot.esp32] SPI Speed      : 40MHz
+[esp32] [INF] [boot.esp32] SPI Mode       : DIO
+[esp32] [INF] [boot.esp32] SPI Flash Size : 4MB
+[esp32] [INF] [boot] Enabling RNG early entropy source...
+[esp32] [INF] Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Scratch: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Boot source: primary slot
+[esp32] [INF] Image index: 0, Swap type: none
+[esp32] [ERR] Unable to find bootable image
+```
+
+## Preparing and flashing an application
+
+You can use applications from either **Zephyr RTOS** or **NuttX RTOS**, ensuring **MCUboot** compatibility is enabled in whichever RTOS you use.
+
+This section will quickly mention the required `Kconfigs` for setting a **NuttX RTOS** and a **Zephyr RTOS** application with **MCUboot** compatibility, assuming you are familiar with how to configure and build the chosen RTOS.
+
+### NuttX RTOS
+
+Enable the `CONFIG_ESP32_APP_FORMAT_MCUBOOT` configuration and check if the following config values matches what was set in the `<MCUBOOT_DIR>/boot/espressif/port/esp32/bootloader.conf`. For the example from this guide, `menuconfig` was configured as:
+
+- System Type -> Bootloader and Image Configuration->
+    - Enable MCUboot-bootable format (`CONFIG_ESP32_APP_FORMAT_MCUBOOT`): y
+- System Type -> SPI Flash Configuration ->
+    - Application image primary slot offset (`CONFIG_ESPRESSIF_OTA_PRIMARY_SLOT_OFFSET`): 0x20000
+    - Application image secondary slot offset (`CONFIG_ESPRESSIF_OTA_SECONDARY_SLOT_OFFSET`): 0x170000
+    - Application image slot size (in bytes) (`CONFIG_ESPRESSIF_OTA_SLOT_SIZE`): 0x150000
+    - Scratch partition offset (`CONFIG_ESPRESSIF_OTA_SCRATCH_OFFSET`): 0x3E0000
+    - Scratch partition size (`CONFIG_ESPRESSIF_OTA_SCRATCH_SIZE`): 0x1F000
+
+### Zephyr RTOS
+
+Enable the `CONFIG_BOOTLOADER_MCUBOOT` configuration and check if the flash partitions on the `DTS` from your board matches what was set in the `<MCUBOOT_DIR>/boot/espressif/port/esp32/bootloader.conf`. For this example it is possible to set an overlay file with the following content:
+
+```text
+&flash0 {
+	partitions {
+		boot_partition: partition@0 {
+			label = "mcuboot";
+			reg = <0x0 DT_SIZE_K(64)>;
+		};
+
+		slot0_partition: partition@20000 {
+			label = "image-0";
+			reg = <0x20000 DT_SIZE_K(1344)>;
+		};
+
+		slot1_partition: partition@170000 {
+			label = "image-1";
+			reg = <0x170000 DT_SIZE_K(1344)>;
+		};
+
+		storage_partition: partition@3b0000 {
+			label = "storage";
+			reg = <0x3B0000 DT_SIZE_K(192)>;
+		};
+
+		scratch_partition: partition@3e0000 {
+			label = "image-scratch";
+			reg = <0x3E0000 DT_SIZE_K(124)>;
+		};
+	};
+};
+```
+
+### Signing and Flashing the Application
+
+Before flashing, sign the application binary using `imgtool`. Replace `<APP_BIN>` with your application binary (e.g., `nuttx.hex` or `zephyr.bin`), and `signed.bin` will be the output signed image:
+
+```bash
+python3 scripts/imgtool.py sign --align 4 -v 0 -H 32 --pad-header -S 0x00150000 <APP_BIN> signed.bin
+```
+
+Alternatively, if you installed **imgtool** through **pip**:
+
+```bash
+imgtool sign --align 4 -v 0 -H 32 --pad-header -S 0x00150000 <APP_BIN> signed.bin
+```
+
+> **Note:** a **Zephyr** image with **MCUboot** compatibility doesn't need the `--pad-header` parameter.
+
+Here is a quick look on what these `imgtool sign` parameters do:
+
+- `--align 4`: Specify the flash device alignment as 4 bytes (32-bit word).
+- `-v 0`: Specify the image version (in this case, `0`).
+- `-H 32`: Specify the **MCUboot** header size to be added to the image binary.
+- `--pad-header`: Indicates to `imgtool` to add the **MCUboot** header into the beginning of the image binary, instead of overwritting it (the **Zephyr** build for some platforms already pads the binary beginning with 0s and may not need this parameter).
+- `-S 0x00150000`: Indicates the slot size so the tool can add the **MCUboot** trailer properly.
+
+> **Note:** This step just adds the basic required header, however notice that we didn't add any cryptographic key for security verification yet. It will be covered in the next parts of this **MCUboot** guide series. Refer to the [imgtool documentation](https://docs.mcuboot.com/imgtool.html) for more information.
+
+Flash the signed image to the device at the primary slot address:
+
+```bash
+esptool.py -p /dev/ttyUSB0 -b 921600 --before default_reset --after hard_reset --chip esp32 write_flash --flash_mode dio --flash_size detect --flash_freq 40m 0x20000 signed.bin
+```
+
+Checking the serial monitor, **MCUboot** should now successfully load and boot the application from the primary slot.
+
+**NuttX's nsh**:
+
+```text
+[esp32] [INF] *** Booting MCUboot build v2.3.0-rc2-3-g234c66e6 ***
+[esp32] [INF] [boot] chip revision: v3.0
+[esp32] [INF] [boot.esp32] SPI Speed      : 40MHz
+[esp32] [INF] [boot.esp32] SPI Mode       : DIO
+[esp32] [INF] [boot.esp32] SPI Flash Size : 4MB
+[esp32] [INF] [boot] Enabling RNG early entropy source...
+[esp32] [INF] Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Scratch: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Boot source: primary slot
+[esp32] [INF] Image index: 0, Swap type: none
+[esp32] [INF] Disabling RNG early entropy source...
+[esp32] [INF] br_image_off = 0x20000
+[esp32] [INF] ih_hdr_size = 0x20
+[esp32] [INF] Loading image 0 - slot 0 from flash, area id: 1
+[esp32] [INF] DRAM segment: start=0x250a4, size=0xce4, vaddr=0x3ffb2010
+[esp32] [INF] IRAM segment: start=0x20080, size=0x5024, vaddr=0x40080000
+[esp32] [INF] start=0x40082048
+IROM segment aligned lma 0x00040000 vma 0x400d0000 len 0x012afc (76540)
+DROM segment aligned lma 0x00030000 vma 0x3f410000 len 0x003060 (12384)
+
+NuttShell (NSH) NuttX-10.4.0
+nsh>
+```
+
+**Zephyr's hello world**:
+
+```text
+[esp32] [INF] *** Booting MCUboot build v2.3.0-rc2-3-g234c66e6 ***
+[esp32] [INF] [boot] chip revision: v3.0
+[esp32] [INF] [boot.esp32] SPI Speed      : 40MHz
+[esp32] [INF] [boot.esp32] SPI Mode       : DIO
+[esp32] [INF] [boot.esp32] SPI Flash Size : 4MB
+[esp32] [INF] [boot] Enabling RNG early entropy source...
+[esp32] [INF] Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Scratch: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
+[esp32] [INF] Boot source: primary slot
+[esp32] [INF] Image index: 0, Swap type: none
+[esp32] [INF] Disabling RNG early entropy source...
+[esp32] [INF] br_image_off = 0x20000
+[esp32] [INF] ih_hdr_size = 0x20
+[esp32] [INF] Loading image 0 - slot 0 from flash, area id: 1
+[esp32] [INF] DRAM segment: start=0x25f10, size=0x1110, vaddr=0x3ffb0000
+[esp32] [INF] IRAM segment: start=0x20080, size=0x5e90, vaddr=0x40080000
+[esp32] [INF] start=0x400830e0
+I (327) boot: IROM      : lma=00040000h vma=400d0000h size=036D8h ( 14040) map
+I (327) boot: DROM      : lma=00030000h vma=3f400000h size=00E94h (  3732) map
+I (343) boot: libc heap size 182 kB.
+I (343) spi_flash: detected chip: generic
+I (343) spi_flash: flash io: dio
+*** Booting Zephyr OS build v4.3.0-rc2-65-g03ce83a18fd5 ***
+Hello World! esp32_devkitc/esp32/procpu
+```
+
+## Flash Organization
+
+**MCUboot** defines a flash organization where a flash area can contain multiple executable images depending on its boot and update configuration. Each image area contains two image slots: a primary and a secondary. By default, the bootloader only runs an image from the primary slot. The secondary slot is where an incoming image is staged prior to being installed; then its content will be either swapped to the primary slot or overwrite it when updating.
+
+Therefore, we can identify four types of flash areas in the layout:
+
+| AREA | ID | DESCRIPTION |
+|------|----|----|
+| Bootloader | 0 | Bootloader region (MCUboot) |
+| Primary Slot | 1 | Main bootable image |
+| Secondary Slot | 2 | Staging area for firmware updates |
+| Scratch | 3 | Temporary area for image swapping |
+
+**MCUboot** also supports multiple images, allowing you to define additional image areas with their own primary and secondary slots.
+
+The layout information is stored in the `bootloader.conf` file from the **Espressif Port**. Addresses and sizes can be modified, but the following rules must be followed:
+
+- Bootloader address must be kept since it's where **ESP32** jumps after reset by default.
+- None of the slots must overlap.
+- Primary and Secondary slots must be the same size.
+- Scratch area must be large enough to store at least the largest flash sector that will be swapped.
+- Both **MCUboot** and the application must be aware of this layout for correct operation.
+
+{{< alert icon="eye" >}}
+Flash organization is configurable and must match between **MCUboot** and the application being booted to ensure proper operation.
+{{< /alert >}}
+
+## Conclusion
+
+**MCUboot** provides a solid structure and defines a standard flow for firmware updates and secure boot. These features are already implemented in the bootloader and can be easily enabled without many modifications when developing firmware.
+
+Furthermore, as an open source project, **MCUboot** benefits from development by an interested and diverse community, resulting in faster issue resolution and active development.
+
+In this guide, we covered how to build **MCUboot** bootloader for ESP32, how to sign an image, and how to organize flash properly. For more detailed information, refer to the [official MCUboot documentation](https://docs.mcuboot.com/).
+
+The next step for this series is to understand how updates work in the **MCUboot** and use this feature appropriately.
+
+## References
+
+- https://embarcados.com.br/primeiros-passos-com-esp32-utilizando-mcuboot-como-bootloader/
+- https://docs.mcuboot.com/design.html
+- https://docs.mcuboot.com/readme-espressif.html
+- https://interrupt.memfault.com/blog/mcuboot-overview