add flash_img_get_upload_slot() to get current
upload slot.
when CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
is enabled, it is not based on the DT.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Moved MCUboot trailer's status erase ahead any write operation,
which is step which helps with addition of support for devices
don't require explicit pager erase.
For these kind of devices flattening of mcuboot image status in
the trailer was introduced.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Adds supporting code that allows the RAM load mode of MCUboot to
be used and for applications to build successfully with it.
Sysbuild can be used to build images for this mode
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The invocation of flash_area_erase, in boot_erase_img_bank,
has been replaced by flash_area_flatten.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Previously the boot_write_img_confirmed() function used the MCUboot
public API function boot_set_confirmed(), but this function is hardcoded
to set the confirmed flag of slot 0. This works for MCUboot swap modes
but not for Direct XIP, where applications can execute out of secondary
slots.
This commit changes boot_write_img_confirmed() to instead use
boot_set_next() which sets the confirmed flag for a given flash area
and works with Direct XIP.
DT_CHOSEN(zephyr_code_partition) is used to get the current partition.
The zephyr,code-partition chosen node must be defined.
This commit also adds the zephyr,code-partition chosen node to the
native_sim devicetree to allow the tests under tests/subsys/dfu to
build for this target.
Signed-off-by: Ben Marsh <ben.marsh@helvar.com>
Adds support for an overhead size which MCUboot can set when using
sysbuild, this can be used to check the provided size of an
application being uploaded to ensure it will fit and swap without
being rejected
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Prevents the user from potentially bricking a device by erasing
the MCUboot or currently running application flash areas with the
mcuboot erase command
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Do not enable subsystem/driver shell modules by default and stop abusing
CONFIG_SHELL_MINIMAL, which is internal to the shell subsystem, to decide
when to enable a driver shell.
The list of shell modules has grown considerably through the
years. Enabling CONFIG_SHELL for doing e.g. an interactive debug session
leads to a large number of shell modules also being enabled unless
explicitly disabled, which again leads to non-negligible increases in
RAM/ROM usage.
This commit attempts to establish a policy of subsystem/driver shell
modules being disabled by default, requiring the user/application to
explicitly enable only those needed.
Signed-off-by: Henrik Brix Andersen <hebad@vestas.com>
Adds a command which can be used to enter mcuboot's serial recovery
mode when the retention subsystem is enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
BOOT_MAGIC_SZ and BOOT_MAX_ALIGN were used in the header without
including bootutil/bootutil_public.h. This change remove the need of
the inclusion by making the dependency private.
Fixes#52095
Signed-off-by: Guillaume Lager <g.lager@innoseis.com>
In case of initial/pre-programed image.
Such image can neither be reverted nor physically confirmed.
Image like this should be recognized as confirmed by the
boot_is_img_confirmed() for consistency.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This header provides original BOOT_MAX_ALIGN definition.
This definition is used directly on indirectly by the code this
patch modifies.
Let's use it instead of copy from mcuboot.h
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The write block size has been gathered from device pointed by
chosen 'zephyr,flash', while it should be taken from a device
a target image flash area resides on.
The write block size has been used to check if write buffer
is properly aligned.
The check is only possible on devices that have write-block-size
property in DTS, so in case of SPI connected devices this property
may not be available - when device does not have the property,
the check is not performed.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
This option is deciding whether bootutil_public library supports
multi-image procedures. MCUboot have its own definition which is
unavailable zephyr application. Introduced option declares similar
option for the application.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add boot_write_confirm_multi() and boot_request_upgrade_multi() APIs so
that the user can set the image with given index as pending, confirmed.
This is needed for enabling the mcuboot multi-mage boot feature by
the zephyr.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The bootutil_public.h, as a part of mcuboot interface, has been
providing the same definitions as mcuboot_priv.h
The commit removed the redundancy.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Some parts of subsys/dfu/boot code are re-implementations of
what is implemented in the MCUBoot repository.
Mcuboot's repository already provide implementation of function
required for application for interact with the MCUboot.
This patch introduces new MCUBOOT_BOOTUTIL module which covers
common code which is used in the bootloader and the chainnloaded
application.
dfu/boot: use MCUBoot's source code
Module was reworked so it start using MCUBoot's
bootutil_public API instead of copied code.
Reworked boot_is_img_confirmed() used MCUBoot's API
for determine image_ok flag.
mcuboot_shell switchd to use MCUboot's boot_read_swap_state_by_id()
This is MCUBoot function, use it for avoid linking conflict.
test/subsys/mcuboot: fix `test_write_confirm`
dfu/boot library was reworked so it uses MCUboot's bootutil_public
library whenever it can.
The library required that image was marked as copy-done before it
can be pending.
This patch adds such mark which fixes the test.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add new shell module for mcuboot enabled application. It provides
information about image slots and allows to perform such operations as:
confirm, erase and request upgrade.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Use rather MCUBoot implementation of some function than
zephyr's implementations once avielabel.
Zephyr implementations are needed while compiling application
supposed to be chainloaded by the MCUBoot or when they are
tested.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
It is possible that dfu libraries are used by MCUBoot
itself while it has enabled CONFIG_SINGLE_APPLICATIO_SLOT.
In this mode only application slot is the primary slot.
Patch is required for supports USB DFU class in mentioned
MCUBoot's mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added flash_area_erased_val() function for get value of erased
byte of memory which is under flash area.
This function already exist in MCUBoot and zephyr dfu subsystem
which makes simultaneous usage of both impossible.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
Flash memory can be write but there is no way to check flash integrity.
Add flash_img_check method that verify flash integrity. This is useful
to avoid firmware reboot and test. Another use is ensure that firmware
upgrade routines from internet server to flash slot are performing
properly. This uses flash_area_check_int_sha256 method to check a
SHA-256 hash. On sucess match, zero is returned, otherwise a negative
errno value.
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The `TEXT_SECTION_OFFSET` symbol is used to specify the offset between
the beginning of the ROM area and the address of the first ROM section.
This commit renames `TEXT_SECTION_OFFSET` to `ROM_START_OFFSET` because
the first ROM section is not always the `.text` section.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Convert with a combo of scripts and by hand fixups:
git grep -l DT_FLASH_AREA_.*_ID | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_ID/FLASH_AREA_ID(\L\1)/'
git grep -l DT_FLASH_AREA_.*_OFFSET | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_OFFSET/FLASH_AREA_OFFSET(\L\1)/'
git grep -l DT_FLASH_AREA_.*_SIZE | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_SIZE/FLASH_AREA_SIZE(\L\1)/'
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace:
DT_FLASH_ERASE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), erase_block_size)
DT_FLASH_WRITE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
As this allows us to phase out the old generator.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This reverts commit 8739517107.
Pull Request #23437 was merged by mistake with an invalid manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This allows flash_img.c to be used outside of mcuboot scope.
Add new call to not break existing code.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
generated_dts_board.h is pretty redundant and confusing as a name. Call
it devicetree.h instead.
dts.h would be another option, but DTS stands for "devicetree source"
and is the source code format, so it's a bit confusing too.
The replacement was done by grepping for 'generated_dts_board' and
'GENERATED_DTS_BOARD'.
Two build diagram and input-output SVG files were updated as well, along
with misc. documentation.
hal_ti, mcuboot, and ci-tools updates are included too, in the west.yml
update.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When no scratch parition was defined in the DTS file, just assume that
MCUBoot was built to use swap with move strategy, and never touch
scratch.
Signed-off-by: Fabio Utzig <utzig@apache.org>
flash_sector_from_off fetched sector data of page
in relation to the flash memory beginning instead of the flash
area beginning.
Issue was invisible as on most devices all sectors looks similar.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Currently the error codes returne from this function is ignored.
Add error reporting to allow users to handle what is reported.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
