dfu: mcuboot: don't use magic when confirming image
The current implementation of boot_write_img_confirmed() does not
write the image OK byte in flash bank 0 if the magic "request upgrade"
bytes in that bank are "good". This is not robust behavior.
The MCUboot design document has this to say about the image OK byte:
Upgrading an old image with a new one by swapping can be a two-step
process. In this process, mcuboot performs a "test" swap of image
data in flash and boots the new image. The new image can then
update the contents of flash at runtime to mark itself "OK", and
mcuboot will then still choose to run it during the next boot.
[...]
4. Image OK: A single byte indicating whether the image in this
slot has been confirmed as good by the user (0x01=confirmed;
0xff=not confirmed).
This says nothing about the magic bytes, so it'd be better not to make
assumptions about their effect here.
Further, MCUboot itself does not use the magic field when marking the
only known-good image on flash "OK" after either reverting a failed
upgrade or refusing to boot an upgrade iamge with an invalid
signature: instead, it unconditionally ensures the Image OK byte is
set to 0x01.
For consistency with MCUboot's design and implementation, remove the
lines that look at the magic bytes from boot_write_img_confirmed().
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
This commit is contained in:
Marti Bolivar
Anas Nashif
parent
c3a9f8d4f8
commit
389060fb00
1 changed files with 0 additions and 46 deletions
|
|
@ -162,38 +162,6 @@ static int boot_magic_write(u32_t bank_offs)
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int boot_magic_code_check(const u32_t *magic)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (memcmp(magic, boot_img_magic, sizeof(boot_img_magic)) == 0) {
|
|
||||||
return BOOT_MAGIC_GOOD;
|
|
||||||
}
|
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(boot_img_magic); i++) {
|
|
||||||
if (magic[i] != 0xffffffff) {
|
|
||||||
return BOOT_MAGIC_BAD;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return BOOT_MAGIC_UNSET;
|
|
||||||
}
|
|
||||||
|
|
||||||
static int boot_magic_state_read(u32_t bank_offs)
|
|
||||||
{
|
|
||||||
u32_t magic[4];
|
|
||||||
u32_t offs;
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
offs = MAGIC_OFFS(bank_offs);
|
|
||||||
rc = flash_read(flash_dev, offs, magic, sizeof(magic));
|
|
||||||
if (rc != 0) {
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
|
|
||||||
return boot_magic_code_check(magic);
|
|
||||||
}
|
|
||||||
|
|
||||||
int boot_request_upgrade(int permanent)
|
int boot_request_upgrade(int permanent)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
@ -210,20 +178,6 @@ int boot_write_img_confirmed(void)
|
||||||
{
|
{
|
||||||
int rc;
|
int rc;
|
||||||
|
|
||||||
switch (boot_magic_state_read(FLASH_BANK0_OFFSET)) {
|
|
||||||
case BOOT_MAGIC_GOOD:
|
|
||||||
/* Confirm needed; proceed. */
|
|
||||||
break;
|
|
||||||
|
|
||||||
case BOOT_MAGIC_UNSET:
|
|
||||||
/* Already confirmed. */
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
case BOOT_MAGIC_BAD:
|
|
||||||
/* Unexpected state. */
|
|
||||||
return -EFAULT;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (boot_image_ok_read(FLASH_BANK0_OFFSET) != BOOT_FLAG_UNSET) {
|
if (boot_image_ok_read(FLASH_BANK0_OFFSET) != BOOT_FLAG_UNSET) {
|
||||||
/* Already confirmed. */
|
/* Already confirmed. */
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue