OS management's reset is optional, therefore only imply reset
instead of selecting it, so it can optionally disabled if not
needed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Expands a bitfield name from nh_ver to nh_version so it is more
obvious what it is. Also changes the version that goes into the
response to indicate what the maximum supported version of the
protocol is for a device
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This reworks the UDP transport to resolve some issues with object
interactions and streamlines the code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
No reason to continue zcbor encoding of slot information for image
list when already failed at encoding version.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Image list should also flag pending slot as permanent.
This follows the image list for swap configuration where slot
confirmed for next boot is marked as permanent.
The difference is that in DirectXIP mode it is still possible
to erase slot marked as pending and permanent, before restart
happens.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds callback checks to other fs_mgmt group file access functions
which allows for file access control, and moves where the callback
is triggered for uploads and downloads to prevent getting the
callback multiple times for the same file. The callback struct has
been modified so applications using the previous signature will
need to be updated.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Changes the warning from being text in Kconfig for filesystem
management as a whole to being a cmake warning which is displayed
if the user has not enabled file access hooks with a link to the
documentation on how to set them up.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Add a config to decide if a new dedicated thread for Host Command is
created during initialization.
If not, the ec_host_cmd_task has to be called by another thread to
handle host commands.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Until now iterable sections APIs have been part of the toolchain
(common) headers. They are not strictly related to a toolchain, they
just rely on linker providing support for sections. Most files relied on
indirect includes to access the API, now, it is included as needed.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Uses the new error system to report an error if the user provides
an invalid format for the OS info command.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The general handler may provide buffers for a backend. Use ranges to
check if the provided buffer is used, because the backend may shift the
beginning of the buffer to make space for preamble.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Add a separate config to enable autoinitialization of the host command
subsystem, called by the chosen backend.
It allows setting the chosen backend without autoinit.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
The application code may need inside information about the host command
e.g. the thread id. Add a function that returns the main host command
structure which contains such data.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Image list will only report active flag for active image and pending
flag for other slot, but only if image in that slot has higher
version than currently running image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Converts the list of functions for registering an MCUmgr SMP
transport from function arguments to a single list which contains
the function pointers.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a new map to responses that command handlers can use to
return result codes of functions themselves, unrelated to SMP
error codes. This is achieved by adding an optional "ret" map
which contains a 16-bit "group" and 16-bit "rc" error code,
this map will not be included if the "ret rc" is 0 (which
implies success).
In order to allow this, a new version of the protocol has been
which can be indicated for use by setting a bit in the header.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
It is no longer possible to select image for test or confirm
when MCUboot has been configured for DirectXIP.
MCUboot flags, in image trailer, are now ignored in DirectXIP
mode allowing to use entire slot for image upload.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Image management is now disabled by default if MCUboot
is configured for single application mode.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_set_next_boot_slot function which uses
boot_set_next, from MCUboot/bootutil, to set application slot
for next boot.
The img_mgmt_set_next_boot_slot is intended to replace
img_mgmt_state_confirm and img_mgmt_state_set_pending.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_active_slot() which allows to get
active (running) slot for given application image.
Added img_mgmt_active_image() allows to get number of image running
on current MCU core.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Since conn_mgr is a subsystem rather than a library, relocate it
directly into subsys/net rather than subsys/net/lib/
Rename header files to better match their function.
Remove net_ prefix from conn_mgr types, API, and files, since it is
unnecessary.
Signed-off-by: Georges Oates_Larsen <georges.larsen@nordicsemi.no>
Prevents verifying the image has been uploaded successfully using
the hash provided at the start of the upload if the hash is not
the correct length of an SHA256 hash.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Change fixes check for upgrade-only to ensure that the the new image
version is greater than version of the currently running image.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
In case when CONFIG_MCUMGR_SMP_LEGACY_RC_BEHAVIOUR=n then
the image erase command would incorrectly return MGMT_ERR_EMSGSIZE,
even though no such error occurred.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The function should be used to reset map decoding state
between calls to zcbor_map_decode_bulk, while using the same map
for different buffers.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Due to broken logic in img_mgmt_state_confirm failure to confirm
was not reported to caller.
If hooks were enabled confirmation event would be passed regardless
whether it has been successful.
Fixes#56617
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The dummy header was an opt-in feature to allow testing without a
real image but since we support testing on Qemu in CI which
supports flash partitions, there isn't a need for this option. Not
being deprecated as Kconfig would only have been used as part of
CI, not user applications.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Function allows to check whether given key has been found
during map decoding with zcbor_map_decode_bulk.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The init infrastructure, found in `init.h`, is currently used by:
- `SYS_INIT`: to call functions before `main`
- `DEVICE_*`: to initialize devices
They are all sorted according to an initialization level + a priority.
`SYS_INIT` calls are really orthogonal to devices, however, the required
function signature requires a `const struct device *dev` as a first
argument. The only reason for that is because the same init machinery is
used by devices, so we have something like:
```c
struct init_entry {
int (*init)(const struct device *dev);
/* only set by DEVICE_*, otherwise NULL */
const struct device *dev;
}
```
As a result, we end up with such weird/ugly pattern:
```c
static int my_init(const struct device *dev)
{
/* always NULL! add ARG_UNUSED to avoid compiler warning */
ARG_UNUSED(dev);
...
}
```
This is really a result of poor internals isolation. This patch proposes
a to make init entries more flexible so that they can accept sytem
initialization calls like this:
```c
static int my_init(void)
{
...
}
```
This is achieved using a union:
```c
union init_function {
/* for SYS_INIT, used when init_entry.dev == NULL */
int (*sys)(void);
/* for DEVICE*, used when init_entry.dev != NULL */
int (*dev)(const struct device *dev);
};
struct init_entry {
/* stores init function (either for SYS_INIT or DEVICE*)
union init_function init_fn;
/* stores device pointer for DEVICE*, NULL for SYS_INIT. Allows
* to know which union entry to call.
*/
const struct device *dev;
}
```
This solution **does not increase ROM usage**, and allows to offer clean
public APIs for both SYS_INIT and DEVICE*. Note that however, init
machinery keeps a coupling with devices.
**NOTE**: This is a breaking change! All `SYS_INIT` functions will need
to be converted to the new signature. See the script offered in the
following commit.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
init: convert SYS_INIT functions to the new signature
Conversion scripted using scripts/utils/migrate_sys_init.py.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
manifest: update projects for SYS_INIT changes
Update modules with updated SYS_INIT calls:
- hal_ti
- lvgl
- sof
- TraceRecorderSource
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: devicetree: devices: adjust test
Adjust test according to the recently introduced SYS_INIT
infrastructure.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: kernel: threads: adjust SYS_INIT call
Adjust to the new signature: int (*init_fn)(void);
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Secure Channel Base Key (SCBK) is a secret key used to derive the session
keys used to encrypt and decrypt OSDP packets. Secure coding practice
requires us to clear such sensitive data from stack once we are done
needing it. This patch addresses this issue.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP secure channel message blocks are terminated with a 0x80. This means
that even for zero length messages, we would have at least one block of
encrypted data to decrypt (since message blocks are rounded up to the next
16 byte boundary). The current length assertion checks for 16 byte
alignment but a malicious peer could send a specially crafted packet with
zero length blocks. Fix this issue by adding check for length == 0 case.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
HID readers are responding to a KEYSET command with an ACK in plaintext
instead of using the current session keys to acknowledge this command
(which is the reasonable thing to do as the command itself was received
encrypted with the old key). Since the spec doesn't say anything about
this, both methods are technically correct.
Make changes to CP so it allows ACKs in plaintext for KEYSET command in
particular and make the PD implementation do this too as it makes the code
look cleaner there (perhaps HID did it for the same reasons :D).
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
If command or reply has no data, PD "should" use secure message types
SCS_15 or SCS_16. But some PD seem to not implement this correctly. We
will be tolerant towards those faulty implementations.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
