add flash_img_get_upload_slot() to get current
upload slot.
when CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
is enabled, it is not based on the DT.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Adds supporting code that allows the RAM load mode of MCUboot to
be used and for applications to build successfully with it.
Sysbuild can be used to build images for this mode
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The invocation of flash_area_erase, in boot_erase_img_bank,
has been replaced by flash_area_flatten.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Previously the boot_write_img_confirmed() function used the MCUboot
public API function boot_set_confirmed(), but this function is hardcoded
to set the confirmed flag of slot 0. This works for MCUboot swap modes
but not for Direct XIP, where applications can execute out of secondary
slots.
This commit changes boot_write_img_confirmed() to instead use
boot_set_next() which sets the confirmed flag for a given flash area
and works with Direct XIP.
DT_CHOSEN(zephyr_code_partition) is used to get the current partition.
The zephyr,code-partition chosen node must be defined.
This commit also adds the zephyr,code-partition chosen node to the
native_sim devicetree to allow the tests under tests/subsys/dfu to
build for this target.
Signed-off-by: Ben Marsh <ben.marsh@helvar.com>
Prevents the user from potentially bricking a device by erasing
the MCUboot or currently running application flash areas with the
mcuboot erase command
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a command which can be used to enter mcuboot's serial recovery
mode when the retention subsystem is enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
BOOT_MAGIC_SZ and BOOT_MAX_ALIGN were used in the header without
including bootutil/bootutil_public.h. This change remove the need of
the inclusion by making the dependency private.
Fixes#52095
Signed-off-by: Guillaume Lager <g.lager@innoseis.com>
In case of initial/pre-programed image.
Such image can neither be reverted nor physically confirmed.
Image like this should be recognized as confirmed by the
boot_is_img_confirmed() for consistency.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Add boot_write_confirm_multi() and boot_request_upgrade_multi() APIs so
that the user can set the image with given index as pending, confirmed.
This is needed for enabling the mcuboot multi-mage boot feature by
the zephyr.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The bootutil_public.h, as a part of mcuboot interface, has been
providing the same definitions as mcuboot_priv.h
The commit removed the redundancy.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Some parts of subsys/dfu/boot code are re-implementations of
what is implemented in the MCUBoot repository.
Mcuboot's repository already provide implementation of function
required for application for interact with the MCUboot.
This patch introduces new MCUBOOT_BOOTUTIL module which covers
common code which is used in the bootloader and the chainnloaded
application.
dfu/boot: use MCUBoot's source code
Module was reworked so it start using MCUBoot's
bootutil_public API instead of copied code.
Reworked boot_is_img_confirmed() used MCUBoot's API
for determine image_ok flag.
mcuboot_shell switchd to use MCUboot's boot_read_swap_state_by_id()
This is MCUBoot function, use it for avoid linking conflict.
test/subsys/mcuboot: fix `test_write_confirm`
dfu/boot library was reworked so it uses MCUboot's bootutil_public
library whenever it can.
The library required that image was marked as copy-done before it
can be pending.
This patch adds such mark which fixes the test.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add new shell module for mcuboot enabled application. It provides
information about image slots and allows to perform such operations as:
confirm, erase and request upgrade.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Use rather MCUBoot implementation of some function than
zephyr's implementations once avielabel.
Zephyr implementations are needed while compiling application
supposed to be chainloaded by the MCUBoot or when they are
tested.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
It is possible that dfu libraries are used by MCUBoot
itself while it has enabled CONFIG_SINGLE_APPLICATIO_SLOT.
In this mode only application slot is the primary slot.
Patch is required for supports USB DFU class in mentioned
MCUBoot's mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added flash_area_erased_val() function for get value of erased
byte of memory which is under flash area.
This function already exist in MCUBoot and zephyr dfu subsystem
which makes simultaneous usage of both impossible.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
The `TEXT_SECTION_OFFSET` symbol is used to specify the offset between
the beginning of the ROM area and the address of the first ROM section.
This commit renames `TEXT_SECTION_OFFSET` to `ROM_START_OFFSET` because
the first ROM section is not always the `.text` section.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Convert with a combo of scripts and by hand fixups:
git grep -l DT_FLASH_AREA_.*_ID | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_ID/FLASH_AREA_ID(\L\1)/'
git grep -l DT_FLASH_AREA_.*_OFFSET | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_OFFSET/FLASH_AREA_OFFSET(\L\1)/'
git grep -l DT_FLASH_AREA_.*_SIZE | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_SIZE/FLASH_AREA_SIZE(\L\1)/'
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace:
DT_FLASH_ERASE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), erase_block_size)
DT_FLASH_WRITE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
As this allows us to phase out the old generator.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
When no scratch parition was defined in the DTS file, just assume that
MCUBoot was built to use swap with move strategy, and never touch
scratch.
Signed-off-by: Fabio Utzig <utzig@apache.org>
move misc/byteorder.h to sys/byteorder.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash.h to drivers/flash.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash_map.h to storage/flash_map.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Swap_type field implementation is the new mcuboot's trailer field.
This patch makes using of it optional which keeps possibility of being
compatible with older versions of MCUBoot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Mcuboot changed TLV in PR: Fix double swap on interrupted revert
(https://github.com/JuulLabs-OSS/mcuboot/pull/485)
Above bugfix changes a little way for upgrade request.
This path introduces re-formatted original mcuboot bootutil_misc.c
code as much as it was reasonable which includes the bugfix
adaptation and support for devices witch have bite erased sate different
than 1 as well.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Patch adds option for progressive erase of firmware image.
When using this, flash is erased as necessary when receiving
new firmware, instead of erasing the whole image slot at once.
This is useful on some hardware (like nRF52840) that has
long erase times, to prevent long wait times at the beginning
of the DFU process.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
In non-secure Trustzone application dedicated flash non-secure
partition are used instead of regular one, which become secure
partition in Trustzone collaboration model.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Update the files which contain no license information with the
'Apache-2.0' SPDX license identifier. Many source files in the tree are
missing licensing information, which makes it harder for compliance
tools to determine the correct license.
By default all files without license information are under the default
license of Zephyr, which is Apache version 2.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This function conflicts with a function of the same name in mcuboot.
This happens when building USB DFU support into mcuboot.
DFU over USB uses image manager and mcuboot internals to manage images
downloaded to the device.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Use DT_FLASH_WRITE_BLOCK_SIZE prefixed defined instead of
FLASH_WRITE_BLOCK_SIZE as the non-DT version is deprecated.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Patch introduces flash_map subsystem to operate on flash
footprint instead of direct operation using flash_driver API.
Flash area ID is used in API instead of direct flash-bank-offsets.
Changes allows to support operation on the partition in any flash
device.
flash_map was not available when this subsystem was introduced.
Signed-off-by: Findlay Feng <i@fengch.me>
These changes were obtained by running a script created by
Ulf Magnusson <Ulf.Magnusson@nordicsemi.no> for the following
specification:
1. Read the contents of all dts_fixup.h files in Zephyr
2. Check the left-hand side of the #define macros (i.e. the X in
#define X Y)
3. Check if that name is also the name of a Kconfig option
3.a If it is, then do nothing
3.b If it is not, then replace CONFIG_ with DT_ or add DT_ if it
has neither of these two prefixes
4. Replace the use of the changed #define in the code itself
(.c, .h, .ld)
Additionally, some tweaks had to be added to this script to catch some
of the macros used in the code in a parameterized form, e.g.:
- CONFIG_GPIO_STM32_GPIO##__SUFFIX##_BASE_ADDRESS
- CONFIG_UART_##idx##_TX_PIN
- I2C_SBCON_##_num##_BASE_ADDR
and to prevent adding DT_ prefix to the following symbols:
- FLASH_START
- FLASH_SIZE
- SRAM_START
- SRAM_SIZE
- _ROM_ADDR
- _ROM_SIZE
- _RAM_ADDR
- _RAM_SIZE
which are surprisingly also defined in some dts_fixup.h files.
Finally, some manual corrections had to be done as well:
- name##_IRQ -> DT_##name##_IRQ in uart_stm32.c
Signed-off-by: Andrzej Głąbek <andrzej.glabek@nordicsemi.no>
The return of memset is never checked. This patch explicitly ignore
the return to avoid MISRA-C violations.
The only directory excluded directory was ext/* since it contains
only imported code.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Duplicate code to query was mistakenly added in commit
2ad7ccdb2d. This code is redundant; the
existing `boot_read_bank_header()` function can read the version from
both image banks.
Signed-off-by: Christopher Collins <ccollins@apache.org>
Exposes the operation that MCUboot will perform on the next reboot
(e.g., stay on current image, swap to alternate image, etc.).
Signed-off-by: Christopher Collins <ccollins@apache.org>
