BOOT_MAGIC_SZ and BOOT_MAX_ALIGN were used in the header without
including bootutil/bootutil_public.h. This change remove the need of
the inclusion by making the dependency private.
Fixes#52095
Signed-off-by: Guillaume Lager <g.lager@innoseis.com>
In case of initial/pre-programed image.
Such image can neither be reverted nor physically confirmed.
Image like this should be recognized as confirmed by the
boot_is_img_confirmed() for consistency.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This header provides original BOOT_MAX_ALIGN definition.
This definition is used directly on indirectly by the code this
patch modifies.
Let's use it instead of copy from mcuboot.h
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The write block size has been gathered from device pointed by
chosen 'zephyr,flash', while it should be taken from a device
a target image flash area resides on.
The write block size has been used to check if write buffer
is properly aligned.
The check is only possible on devices that have write-block-size
property in DTS, so in case of SPI connected devices this property
may not be available - when device does not have the property,
the check is not performed.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
In order to bring consistency in-tree, migrate all subsystems code to
the new prefix <zephyr/...>. Note that the conversion has been scripted,
refer to zephyrproject-rtos#45388 for more details.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
According to Kconfig guidelines, boolean prompts must not start with
"Enable...". The following command has been used to automate the changes
in this patch:
sed -i "s/bool \"[Ee]nables\? \(\w\)/bool \"\U\1/g" **/Kconfig*
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
This option is deciding whether bootutil_public library supports
multi-image procedures. MCUboot have its own definition which is
unavailable zephyr application. Introduced option declares similar
option for the application.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add boot_write_confirm_multi() and boot_request_upgrade_multi() APIs so
that the user can set the image with given index as pending, confirmed.
This is needed for enabling the mcuboot multi-mage boot feature by
the zephyr.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The bootutil_public.h, as a part of mcuboot interface, has been
providing the same definitions as mcuboot_priv.h
The commit removed the redundancy.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Some parts of subsys/dfu/boot code are re-implementations of
what is implemented in the MCUBoot repository.
Mcuboot's repository already provide implementation of function
required for application for interact with the MCUboot.
This patch introduces new MCUBOOT_BOOTUTIL module which covers
common code which is used in the bootloader and the chainnloaded
application.
dfu/boot: use MCUBoot's source code
Module was reworked so it start using MCUBoot's
bootutil_public API instead of copied code.
Reworked boot_is_img_confirmed() used MCUBoot's API
for determine image_ok flag.
mcuboot_shell switchd to use MCUboot's boot_read_swap_state_by_id()
This is MCUBoot function, use it for avoid linking conflict.
test/subsys/mcuboot: fix `test_write_confirm`
dfu/boot library was reworked so it uses MCUboot's bootutil_public
library whenever it can.
The library required that image was marked as copy-done before it
can be pending.
This patch adds such mark which fixes the test.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Add new shell module for mcuboot enabled application. It provides
information about image slots and allows to perform such operations as:
confirm, erase and request upgrade.
Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
Use rather MCUBoot implementation of some function than
zephyr's implementations once avielabel.
Zephyr implementations are needed while compiling application
supposed to be chainloaded by the MCUBoot or when they are
tested.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
It is possible that dfu libraries are used by MCUBoot
itself while it has enabled CONFIG_SINGLE_APPLICATIO_SLOT.
In this mode only application slot is the primary slot.
Patch is required for supports USB DFU class in mentioned
MCUBoot's mode.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Added flash_area_erased_val() function for get value of erased
byte of memory which is under flash area.
This function already exist in MCUBoot and zephyr dfu subsystem
which makes simultaneous usage of both impossible.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Replace all calls to the assert macro that comes from libc by calls to
__ASSERT_NO_MSG(). This is usefull as the former might be different
depending on the libc used and the later can be customized to reduce
flash footprint.
Signed-off-by: Xavier Chapron <xavier.chapron@stimio.fr>
Flash memory can be write but there is no way to check flash integrity.
Add flash_img_check method that verify flash integrity. This is useful
to avoid firmware reboot and test. Another use is ensure that firmware
upgrade routines from internet server to flash slot are performing
properly. This uses flash_area_check_int_sha256 method to check a
SHA-256 hash. On sucess match, zero is returned, otherwise a negative
errno value.
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
Now that device_api attribute is unmodified at runtime, as well as all
the other attributes, it is possible to switch all device driver
instance to be constant.
A coccinelle rule is used for this:
@r_const_dev_1
disable optional_qualifier
@
@@
-struct device *
+const struct device *
@r_const_dev_2
disable optional_qualifier
@
@@
-struct device * const
+const struct device *
Fixes#27399
Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
The `TEXT_SECTION_OFFSET` symbol is used to specify the offset between
the beginning of the ROM area and the address of the first ROM section.
This commit renames `TEXT_SECTION_OFFSET` to `ROM_START_OFFSET` because
the first ROM section is not always the `.text` section.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
Convert with a combo of scripts and by hand fixups:
git grep -l DT_FLASH_AREA_.*_ID | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_ID/FLASH_AREA_ID(\L\1)/'
git grep -l DT_FLASH_AREA_.*_OFFSET | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_OFFSET/FLASH_AREA_OFFSET(\L\1)/'
git grep -l DT_FLASH_AREA_.*_SIZE | \
xargs sed -i -r 's/DT_FLASH_AREA_(.*)_SIZE/FLASH_AREA_SIZE(\L\1)/'
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace:
DT_FLASH_ERASE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), erase_block_size)
DT_FLASH_WRITE_BLOCK_SIZE ->
DT_PROP(DT_CHOSEN(zephyr_flash), write_block_size)
As this allows us to phase out the old generator.
Signed-off-by: Kumar Gala <kumar.gala@linaro.org>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This reverts commit 8739517107.
Pull Request #23437 was merged by mistake with an invalid manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Replace all occurences of BUILD_ASSERT_MSG() with BUILD_ASSERT()
as a result of merging BUILD_ASSERT() and BUILD_ASSERT_MSG().
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
This allows flash_img.c to be used outside of mcuboot scope.
Add new call to not break existing code.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
I think people might be reading differences into 'if' and 'depends on'
that aren't there, like maybe 'if' being needed to "hide" a symbol,
while 'depends on' just adds a dependency.
There are no differences between 'if' and 'depends on'. 'if' is just a
shorthand for 'depends on'. They work the same when it comes to creating
implicit menus too.
The way symbols get "hidden" is through their dependencies not being
satisfied ('if'/'depends on' get copied up as a dependency on the
prompt).
Since 'if' and 'depends on' are the same, an 'if' with just a single
symbol in it can be replaced with a 'depends on'. IMO, it's best to
avoid 'if' there as a style choice too, because it confuses people into
thinking there's deep Kconfig magic going on that requires 'if'.
Going for 'depends on' can also remove some nested 'if's, which
generates nicer symbol information and docs, because nested 'if's really
are so simple/dumb that they just add the dependencies from both 'if's
to all symbols within.
Replace a bunch of single-symbol 'if's with 'depends on' to despam the
Kconfig files a bit and make it clearer how things work. Also do some
other minor related dependency refactoring.
The replacement isn't complete. Will fix up the rest later. Splitting it
a bit to make it more manageable.
(Everything above is true for choices, menus, and comments as well.)
Detected by tweaking the Kconfiglib parsing code. It's impossible to
detect after parsing, because 'if' turns into 'depends on'.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
generated_dts_board.h is pretty redundant and confusing as a name. Call
it devicetree.h instead.
dts.h would be another option, but DTS stands for "devicetree source"
and is the source code format, so it's a bit confusing too.
The replacement was done by grepping for 'generated_dts_board' and
'GENERATED_DTS_BOARD'.
Two build diagram and input-output SVG files were updated as well, along
with misc. documentation.
hal_ti, mcuboot, and ci-tools updates are included too, in the west.yml
update.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When no scratch parition was defined in the DTS file, just assume that
MCUBoot was built to use swap with move strategy, and never touch
scratch.
Signed-off-by: Fabio Utzig <utzig@apache.org>
flash_sector_from_off fetched sector data of page
in relation to the flash memory beginning instead of the flash
area beginning.
Issue was invisible as on most devices all sectors looks similar.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Currently the error codes returne from this function is ignored.
Add error reporting to allow users to handle what is reported.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
Use this short header style in all Kconfig files:
# <description>
# <copyright>
# <license>
...
Also change all <description>s from
# Kconfig[.extension] - Foo-related options
to just
# Foo-related options
It's clear enough that it's about Kconfig.
The <description> cleanup was done with this command, along with some
manual cleanup (big letter at the start, etc.)
git ls-files '*Kconfig*' | \
xargs sed -i -E '1 s/#\s*Kconfig[\w.-]*\s*-\s*/# /'
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Clean up space errors and use a consistent style throughout the Kconfig
files. This makes reading the Kconfig files more distraction-free, helps
with grepping, and encourages the same style getting copied around
everywhere (meaning another pass hopefully won't be needed).
Go for the most common style:
- Indent properties with a single tab, including for choices.
Properties on choices work exactly the same syntactically as
properties on symbols, so not sure how the no-indentation thing
happened.
- Indent help texts with a tab followed by two spaces
- Put a space between 'config' and the symbol name, not a tab. This
also helps when grepping for definitions.
- Do '# A comment' instead of '#A comment'
I tweaked Kconfiglib a bit to find most of the stuff.
Some help texts were reflowed to 79 columns with 'gq' in Vim as well,
though not all, because I was afraid I'd accidentally mess up
formatting.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
This commit fixes following issues in printf formatting
- cast values of type off_t to long to remove warnings generated when
compiling with Newlib and CONFIG_IMG_ERASE_PROGRESSIVELY is enabled
- cast values of type off_t always to long and not u32_t
- use 'z' modifier (as in "%zu") to print values of type size_t
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
flash_img subsystem writes data to flash only when the amount of data to
be written is larger than available buffer space. This commit modifies
this behavior to write data to flash as soon as the buffer is full.
Signed-off-by: Piotr Mienkowski <piotr.mienkowski@gmail.com>
move misc/byteorder.h to sys/byteorder.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move misc/__assert.h to sys/__assert.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash.h to drivers/flash.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
move flash_map.h to storage/flash_map.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Swap_type field implementation is the new mcuboot's trailer field.
This patch makes using of it optional which keeps possibility of being
compatible with older versions of MCUBoot.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Mcuboot changed TLV in PR: Fix double swap on interrupted revert
(https://github.com/JuulLabs-OSS/mcuboot/pull/485)
Above bugfix changes a little way for upgrade request.
This path introduces re-formatted original mcuboot bootutil_misc.c
code as much as it was reasonable which includes the bugfix
adaptation and support for devices witch have bite erased sate different
than 1 as well.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This menu contains just the IMG_MANAGER symbol and its children. Remove
one menu level by making IMG_MANAGER a top-level 'menuconfig' symbol
instead.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
In non-secure Trustzone application dedicated flash non-secure
partition are used instead of regular one, which become secure
partition in Trustzone collaboration model.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Fixed format error when compiling with gcc and newlib.
Used standard formats (%u) instead of inttypes formats (PRIxxx)
since Zephyr redefines the standard formats, that way it should always
be in line with the Zephyr types.
Compiled with and without newlib using gcc.
Signed-off-by: Dennis Wildmark <dennis.wildmark@assaabloy.com>
Patch adds option for progressive erase of firmware image.
When using this, flash is erased as necessary when receiving
new firmware, instead of erasing the whole image slot at once.
This is useful on some hardware (like nRF52840) that has
long erase times, to prevent long wait times at the beginning
of the DFU process.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>