If slots have equal version, but a secondary slot is the active one, the
next boot will switch to the primary slot.
Expose this through SMP commands by marking the primary slot as pending.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
Partially reverts commit 7d2fb6c013,
it was originally thought that this commit added a method of saving
one specific key using the value that the device already has set,
but has been found to actually save the value that the user has
provided, bypassing the current value that the device has, which is
not compliant with the settings mgmt protocol, therefore remove
this change and it will need to be reworked in future to function
properly by saving one specific value from the device's current
configuration, not a user-specified value
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
DIRECT_XIP requires different images based on
the slot where there it is saved, in hawkbit we
currently have no way of telling the server that or
chosing a image to download based on it, so
make sure it is not used.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
The long-term goal of Zephyr is to rely exclusively on PSA Crypto API for
crypto support. At the same time Mbed TLS is going to remove legacy crypto
support starting from the next relase (v4.0).
Therefore this commit removes usage of legacy Mbed TLS crypto in favor
of PSA Crypto API. Mbed TLS will still be used in case of a build where
TF-M is not enabled.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Current implementation forces confirmation of current boot image and
second slot erase at hawkbit_init() and it is impossible to communicate
with hawkBit server without running it. This makes impossible to notify
update failures to server (#71750)
Add option HAWKBIT_CONFIRM_IMG_ON_INIT to allow disabling the auto image
confirmation and HAWKBIT_ERASE_SECOND_SLOT_ON_CONFIRM to select if the
second partition slot shall be erased or not.
Disable those to handle of these behaviors on application code.
Signed-off-by: Matheus Marques <code@matheusmbar.com>
Following the removal of legacy crypto support the code could be further
simplified so this commit accomplish to this part.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The long-term Zephyr's goal is rely only on PSA Crypto API for crypto
support in Zephyr and at the same time Mbed TLS will remove this support
from the next release.
Therefore this commit removes usage of legacy crypto hash support from
updatehub.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Fixes an issue in a board using ethernet that faults with the
default 512 byte size by doubling the default to 1KiB. The actual
size of the thread depends upon the device and application
configuration so needs to be fine tined for each application
anyhow
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Extend the save command to allow passing name/val pair to save a
subtree or individual setting to persistent storage.
Resolves zephyrproject-rtos#90407
Co-authored-by: Jamie <40387179+nordicjm@users.noreply.github.com>
Signed-off-by: Rami Saad <rami.saad@morgansolar.com>
It is possible to add MCUboot header through --pad-header option.
In such cases, the FLASH_LOAD_OFFSET does not point to the beginning of
the slot, but to the beginning of the executable area, thus the check
for the active slot should use ranges instead of exact values.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
Uses the full hwmv2 board target for the hardware platform output,
seemingly this was missed in the hwmv2 migration and it was using
the board name only. Adds a deprecated Kconfig to restore to the
previous behaviour
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
It is essential for the overwrite mode to allow confirming the secondary
slot to provide the permanent update.
This types of updates is the only mode in which the application may be
upgraded.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
Fix the incorrect usage of Kconfig symbols and revert back the default
behavior to allow for non-active slot confirmation.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
In Direct XIP with revert, it should be possible to block confirmation
of the non-active slot, so only a bootable binaries are marked as valid.
Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
Add missing `.key` designator.
This also fixes a compile error:
> error: either all initializer clauses should be designated or none of
them should be
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
Add a new ec_host_cmd backend based on USB. The backend uses the new USB
device stack.
The backend implements a vendor-specific (Google) USB interface. It uses
three endpoints:
- bulk OUT to transfer a host command request
- bulk IN to transfer a host command response
- interrupt IN to signal an event and readiness of the response
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
move variable declaration out of if,
because it will be optimized away, when
optimisation is enabled and leads to
undefined and unwanted behavior.
In my case `send_buf` of `http_client_req`
was put at the same address and the
http request was malformed.
Signed-off-by: Fin Maaß <f.maass@vogl-electronic.com>
Some applications might require cleanup prior to performing a system
reboot. Add an option that disables hawkbits automatic reboots so that
it can be postponed until the application is ready.
Signed-off-by: Mandus Börjesson <borjessonmandus@gmail.com>
Introduce a new Kconfig option CPU_CORTEX_A78 to enable support for the
Arm Cortex-A78 CPU architecture within Zephyr. This configuration can be
selected by boards or SoCs that utilize the Cortex-A78 core, enabling
architecture-specific features and optimizations as needed.
Signed-off-by: Appana Durga Kedareswara rao <appana.durga.kedareswara.rao@amd.com>
Adds support for images signed with SHA512.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
When the SHI driver receives data from the host and finds it is invalid
(due to a checksum error or an unsupported protocol version),
it currently resets the state machine, initializes the output buffer,
and waits for CS de-assertion. Upon CS de-assertion, the driver resets
the state machine and initializes the output buffer again. This commit
removes the first redundant reset and re-initialization in the function
`shi_npcx_bad_received_data()`, improving the driver’s efficiency.
Signed-off-by: Jun Lin <CHLin56@nuvoton.com>
It was observed in a project that when an error transaction occurs,
printing the error message can delay resetting the SHI state machine and
initializing the output buffer, which may cause the subsequent
transaction to fail, especially during stress tests involving heavy host
command communication.
This commit changes some error log level from ERR to DBG to prevent the
condition above from happening.
Also change the default debug level for the SHI driver to LOG_LEVEL_ERR.
Signed-off-by: Jun Lin <CHLin56@nuvoton.com>
Allows returning image information for the firmware loader image
slot, showing version of the application and flags
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Add initial support for the Cortex-M52 Core which is an implementation
of the Armv8.1-M mainline architecture.
The support is based on the Cortex-M55 support that already exists in
Zephyr.
Signed-off-by: Jisheng Zhang <jszhang@kernel.org>
We should not block erasing pending images when using ramload with
revert mode, because uploading multiple confirmed images with the same
version would brick the device (preventing future FW updates). Update
the dependencies of img_mgmt_slot_in_use to account for this.
Signed-off-by: Daniel DeGrasse <ddegrasse@tenstorrent.com>
As struct sockaddr have now alignment of 4 bytes, net_ipaddr_copy()
gives the following error if used for sockaddr:
error: alignment 1 of ‘struct <anonymous>’ is less than 4
[-Werror=packed-not-aligned]
Just use memcpy() instead, net_ipaddr_copy() was intended to use with IP
addresses, not socket related structs.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
This commit fixes the content of the log messages that appear when an
error occurs while applying the pinctrl.
Signed-off-by: Jun Lin <CHLin56@nuvoton.com>
Utilize a code spell-checking tool to scan for and correct spelling errors
in `Kconfig` files within the `soc` and `subsys` directory.
Additionally, incorporates a fix recommended by the reviewer.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Call updatehub_report_error() when detecting an unconfirmed image in
autohandler to ensure the server is notified of the failure before
triggering a rollback.
Signed-off-by: Adrien Maillard <adrien.maillard@edu.hefr.ch>
Report the error state to the UpdateHub server before triggering a rollback
in autohandler mode. This prevents the server from redeploying the same
(failed) update after rollback, avoiding update loops. Also exposes a new
public syscall: updatehub_report_error(), allowing manual mode users to
report an error explicitly.
Signed-off-by: Adrien Maillard <adrien.maillard@edu.hefr.ch>
Adds an optional boot mode field which can be used to boot into a
specific image or mode using MCUmgr's OS mgmt reset command
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Instead of using 32 bit enum values for event numbers, convert
the code to use 64 bit long bit fields. This means that the
user API is changed to use 64 bit event values instead of 32
bit event values.
Signed-off-by: Jukka Rissanen <jukka.rissanen@nordicsemi.no>
See Discussion https://github.com/zephyrproject-rtos/zephyr/discussions/83659
for information about the purpose of this change.
Modifies run actions of hierarchical state machines
to return a value indicating if the event was handled
by the run action or should be propagated up to the
parent run action. Flat state machines are not affected,
and their run action returns void.
smf_set_handled() has been removed and replaced by
this return value. smf_set_state() will not propagate
events regardless of the return value as the transition
is considered to have occurred.
Documentation, tests, samples, has been updated.
USB-C and hawkBit use SMF and have been updated to use
the new return codes.
Signed-off-by: Glenn Andrews <glenn.andrews.42@gmail.com>
This commit changes how the controllerId is generated based on device
id, and disentangles the two. The controllerId is what hawkbit uses to
uniquely identify a device, and is not necessarily the same as the
device id, and should be fully customizeable by the user if needed.
Previously, all custom device ids were being prepended with
`CONFIG_BOARD`. When a user selects `CONFIG_HAWKBIT_CUSTOM_DEVICE_ID`,
they should be able to specify the full controllerId used with hawkbit,
without a forced prepend.
Signed-off-by: Neal Jackson <neal@blueirislabs.com>
Previously, hawkbit interface only supported a url/hostname and a port,
and internally it resolves to an IP address. This does not work for
network layers that rely on NAT64, like OpenThread. Zephyr's
implementation of `getaddrinfo` is not aware of NAT64. DNS will resolve
an IPV4 address that needs to be converted to IPV6 with the NAT64
prefix.
This commit alters the Hawkbit interface to allow providing an explicit
domain name as a string via `server_domain`, and an already resolved IP
address as `server_addr`.
This commit changes the usage of `hawkbit_runtime_config.server_addr` to
point to either an IP address or domain name. It adds a new Kconfig
(`HAWKBIT_USE_DOMAIN_NAME`) to specify an explicit domain name and adds
a new variable `hawkbit_runtime_config.server_domain`. If
`HAWKBIT_USE_DOMAIN_NAME` is enabled and a user provides an IP address
to `server_addr`, the user must provide a domain name to
`server_domain`.
Signed-off-by: Neal Jackson <neal@blueirislabs.com>
This commit removes the requirement for DNS_RESOLVER. If DNS_RESOLVER is
enabled, hawkbit uses `CONFIG_DNS_RESOLVER_MAX_QUERY_LEN` for the
server_addr buffer, if disabled it uses `CONFIG_INET6_ADDRSTRLEN`.
This adheres to #89533 which removes the requirement for DNS_RESOLVER.
Signed-off-by: Neal Jackson <neal@blueirislabs.com>
This commit adds a `strnlen` length check for `server_addr` to ensure that
it will not be truncated and result in a silent failure. Instead, the
call to `hawkbit_set_config` will return -EINVAL if the supplied
`server_addr` is too long for the internal buffer.
Signed-off-by: Neal Jackson <neal@blueirislabs.com>
The hawkbit subsystem was erroneously using DNS_MAX_NAME_SIZE as the
maximum query length. This limited query strings to only 20 bytes,
truncating many domain names.
Signed-off-by: Neal Jackson <neal@blueirislabs.com>
