The application code may need inside information about the host command
e.g. the thread id. Add a function that returns the main host command
structure which contains such data.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Image list will only report active flag for active image and pending
flag for other slot, but only if image in that slot has higher
version than currently running image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Converts the list of functions for registering an MCUmgr SMP
transport from function arguments to a single list which contains
the function pointers.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a new map to responses that command handlers can use to
return result codes of functions themselves, unrelated to SMP
error codes. This is achieved by adding an optional "ret" map
which contains a 16-bit "group" and 16-bit "rc" error code,
this map will not be included if the "ret rc" is 0 (which
implies success).
In order to allow this, a new version of the protocol has been
which can be indicated for use by setting a bit in the header.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
It is no longer possible to select image for test or confirm
when MCUboot has been configured for DirectXIP.
MCUboot flags, in image trailer, are now ignored in DirectXIP
mode allowing to use entire slot for image upload.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Image management is now disabled by default if MCUboot
is configured for single application mode.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_set_next_boot_slot function which uses
boot_set_next, from MCUboot/bootutil, to set application slot
for next boot.
The img_mgmt_set_next_boot_slot is intended to replace
img_mgmt_state_confirm and img_mgmt_state_set_pending.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_active_slot() which allows to get
active (running) slot for given application image.
Added img_mgmt_active_image() allows to get number of image running
on current MCU core.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Since conn_mgr is a subsystem rather than a library, relocate it
directly into subsys/net rather than subsys/net/lib/
Rename header files to better match their function.
Remove net_ prefix from conn_mgr types, API, and files, since it is
unnecessary.
Signed-off-by: Georges Oates_Larsen <georges.larsen@nordicsemi.no>
Prevents verifying the image has been uploaded successfully using
the hash provided at the start of the upload if the hash is not
the correct length of an SHA256 hash.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Change fixes check for upgrade-only to ensure that the the new image
version is greater than version of the currently running image.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
In case when CONFIG_MCUMGR_SMP_LEGACY_RC_BEHAVIOUR=n then
the image erase command would incorrectly return MGMT_ERR_EMSGSIZE,
even though no such error occurred.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The function should be used to reset map decoding state
between calls to zcbor_map_decode_bulk, while using the same map
for different buffers.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Due to broken logic in img_mgmt_state_confirm failure to confirm
was not reported to caller.
If hooks were enabled confirmation event would be passed regardless
whether it has been successful.
Fixes#56617
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The dummy header was an opt-in feature to allow testing without a
real image but since we support testing on Qemu in CI which
supports flash partitions, there isn't a need for this option. Not
being deprecated as Kconfig would only have been used as part of
CI, not user applications.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Function allows to check whether given key has been found
during map decoding with zcbor_map_decode_bulk.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The init infrastructure, found in `init.h`, is currently used by:
- `SYS_INIT`: to call functions before `main`
- `DEVICE_*`: to initialize devices
They are all sorted according to an initialization level + a priority.
`SYS_INIT` calls are really orthogonal to devices, however, the required
function signature requires a `const struct device *dev` as a first
argument. The only reason for that is because the same init machinery is
used by devices, so we have something like:
```c
struct init_entry {
int (*init)(const struct device *dev);
/* only set by DEVICE_*, otherwise NULL */
const struct device *dev;
}
```
As a result, we end up with such weird/ugly pattern:
```c
static int my_init(const struct device *dev)
{
/* always NULL! add ARG_UNUSED to avoid compiler warning */
ARG_UNUSED(dev);
...
}
```
This is really a result of poor internals isolation. This patch proposes
a to make init entries more flexible so that they can accept sytem
initialization calls like this:
```c
static int my_init(void)
{
...
}
```
This is achieved using a union:
```c
union init_function {
/* for SYS_INIT, used when init_entry.dev == NULL */
int (*sys)(void);
/* for DEVICE*, used when init_entry.dev != NULL */
int (*dev)(const struct device *dev);
};
struct init_entry {
/* stores init function (either for SYS_INIT or DEVICE*)
union init_function init_fn;
/* stores device pointer for DEVICE*, NULL for SYS_INIT. Allows
* to know which union entry to call.
*/
const struct device *dev;
}
```
This solution **does not increase ROM usage**, and allows to offer clean
public APIs for both SYS_INIT and DEVICE*. Note that however, init
machinery keeps a coupling with devices.
**NOTE**: This is a breaking change! All `SYS_INIT` functions will need
to be converted to the new signature. See the script offered in the
following commit.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
init: convert SYS_INIT functions to the new signature
Conversion scripted using scripts/utils/migrate_sys_init.py.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
manifest: update projects for SYS_INIT changes
Update modules with updated SYS_INIT calls:
- hal_ti
- lvgl
- sof
- TraceRecorderSource
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: devicetree: devices: adjust test
Adjust test according to the recently introduced SYS_INIT
infrastructure.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: kernel: threads: adjust SYS_INIT call
Adjust to the new signature: int (*init_fn)(void);
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Secure Channel Base Key (SCBK) is a secret key used to derive the session
keys used to encrypt and decrypt OSDP packets. Secure coding practice
requires us to clear such sensitive data from stack once we are done
needing it. This patch addresses this issue.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP secure channel message blocks are terminated with a 0x80. This means
that even for zero length messages, we would have at least one block of
encrypted data to decrypt (since message blocks are rounded up to the next
16 byte boundary). The current length assertion checks for 16 byte
alignment but a malicious peer could send a specially crafted packet with
zero length blocks. Fix this issue by adding check for length == 0 case.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
HID readers are responding to a KEYSET command with an ACK in plaintext
instead of using the current session keys to acknowledge this command
(which is the reasonable thing to do as the command itself was received
encrypted with the old key). Since the spec doesn't say anything about
this, both methods are technically correct.
Make changes to CP so it allows ACKs in plaintext for KEYSET command in
particular and make the PD implementation do this too as it makes the code
look cleaner there (perhaps HID did it for the same reasons :D).
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
If command or reply has no data, PD "should" use secure message types
SCS_15 or SCS_16. But some PD seem to not implement this correctly. We
will be tolerant towards those faulty implementations.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP command KEYSET is used to set the secure channel base key for all
connected PDs. This key is then used to derive the session keys for each
secure channel session. When the app wants to set the this key, it has
to issue a command and then both the CP/PD has to be notified of this
change so they can store this key in a non-volatile medium for future
operations across power cycles.
The current implementation of OSDP had limited support for key
management. This patch adds all the bells and whistles needed to handle
keyset command/event in the CP/PD application.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Hoisting a `length--` helps simplify a lot of code which has ad-hoc -1s
in a bunch of places. Also, fix some formatting issues and remove
unnecessary log lines.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Add a new backend for Host Commands that uses UART. The backend bases
asynchronous UART API.
The UART backend is mainly used by FPMCU.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
This vastly increases the performance of file transfers using the
fs_mgmt group over MCUmgr by allowing the file handle to remain open
between commands instead of having to open, feek, read/write then
close the file handle for each invocation.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
As name suggest upgrade only should allow image upgrades onlu, but due
to greater or eqal sign used in version comparison, upgrade actually
also accepted current version.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds an optional feature that can be used to time out a partially
received MCUmgr packet over the shell interface. Prior to this
change, if a header was received, then the whole shell would be
unavailable until the module is rebooted or additional full MCUmgr
packet was sent.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fix a memory issue when calling boot_read_bank_header the length should be
the size of `struct mcuboot_img_header`.
Fixes#54459.
Signed-off-by: Joel Guittet <joelguittet@gmail.com>
Changes Kconfig symbols to depend on symbols rather than selecting
them, this avoids a cmake dependency loop.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Changes Kconfig symbols to depend on symbols rather than selecting
them, this avoids a cmake dependency loop.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Rework the Host Command support. It includes:
-change API to backend
-change a way of defining rx and tx buffers
-fix synchronization between the handler and backend layer
-simplify the HC handler
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Follow naming pattern in the subsystems(logging or shell) and name
the layer between generic handler and peripheral driver "backend".
The name doesn't suit that well to the SHI backend, because there isn't
SHI API itself and the SHI interface is used only for the host
communication. So the backend code includes the peripheral driver itself.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
The Host Commands can be used with different transport layers e.g. SHI
or eSPI. The code that provides the peripheral API and allows sending
and receiving Host Commands via different transport layers is not
actually drivers of a peripheral, so move it to the
subsys/mgmt/ec_host_cmd folder.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
cp_build_command returns the length of the built packet and early
returns for errors. This means there is no need to keep track of return
code in a separate variable -- if we reached the end, we succeeded.
Along with this change, some more changes to enhance maintainability and
readability are also done.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
With changes to the phy layer and the way we build and dispatch
commands, we can now simplify some parts of CP state machine. This patch
builds on previous patches to reduce some state transitions and fixes
some bugs in those paths.
While at it, also implement an exponential back-off for PD offline after
a timeout. This is useful when there is a transient PD timeout but the
PD itself is not totally dead.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
After the check_packet() split from decode_packet() for handling multiple
packets in the RX buffer, PD state machine needed to me modified to
start handling it correctly. While at it, simplify the states as PD does
not have as much state anyways.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The method send_command was building the packet and also sending it.
This is a problem because even command build failures are reported as
command send failures; although the former can be mitigated by changing
kconfig parameters depending on use cases.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
To handle multiple packets in RX buffer, we need to perform checks on
the buffer first and determine the length of one packet and extact only
that many bytes from the RX buffer instead of pulling everything at
once and failing if there are bytes from the next packet in the buffer.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
When a PD is set online, we need to do other actions along with it. To
make this easier in future, move cp_set_state(pd, OSDP_CP_STATE_ONLINE)
to it's own method cp_set_online(pd).
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Select in Kconfig causes many issues with dependency loops, this
resolves the issue by replacing most select with depends on for
MCUmgr, including updates to the sample smp_svr application and
tests.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This patch replaces many instances where raw loops were used to copy bytes
with memcpy calls.
No functional change intended.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Do not check or send the first entry in the pd->cp[] device capability
table which is for function code 0 which is not a defined function code.
Signed-off-by: David Vucich <dave@alcatraz.ai>
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
By default, on errors, pd_decode_command replies with osdp_NAK with
sub-error code set to OSDP_PD_NAK_CMD_LEN (achieved using the ret ==
OSDP_PD_ERR_GENERIC check before return). This is works for all packet
framing errors; but when a more specific error code needs to be sent, ret
has to be set to something other than OSDP_PD_ERR_GENERIC (a suitable error
code happens to be OSDP_PD_ERR_REPLY) to prevent the tail check from
overwriting the error info.
In CMD_KEYSET, we fill a more specific error code but do not set the ret to
OSDP_PD_ERR_REPLY. It causes this error to be reported as a framing
error hence loosing some extended info about the error. Fix this issue by
reordering the checks a bit.
Fixes: 7f4d2c741b "mgmt/osdp: Add support for Secure Channel"
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Initially, subsys/mgmt had its own STR() macro for string pasting which was
replaced with the zephry provided STRINGIFY(). The definition of this macro
seems to have lingered on so remove it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
During handshake, only certain types of secure block types (<= SCS_14)
are allowed. A rouge CP/PD can try to bypass the handshake by directly
sending a secure block type ahead of the sequence and gain a secure
channel. Fix this by adding a check in packet decode time.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP specification section 5.7 states that a transmitting device has to
drive the transmission line to a marking state for a period of one char
in the current baud rate. This can be achieved by sending 0xFF. Since
this is not mentioned in the packet structure definition, many commercial
implementations of OSDP out in the wild do not send/expect this byte.
To work with such non-conforming devices, we will try to be as flexible
as possible in the PD: send mark byte only if the other side sent one. In
case of CP, we have no option but to send the mark byte to be as close
to the specification as possible. If a particular use case needs the CP
to not send it, we will provide a Kconfig option to disable it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Now that we have the necessary infrastructure to collect events from PD
apps, we can use them to translate it to OSDP packet sequence for card
reads and key press events.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP compliant devices communicate their capabilities and discover what
their peer can and cannot do. Right now, PD advertises these capabilities
and expects CP to honor them. Although this is not known to cause any
issues, it is not desirable to allow such accesses.
Add a check of incoming commands to to validate that the corresponding
capability was enabled and advertised.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Since cmd_data member is used by both commands and events to store the
contents of current transaction, rename it to ephemeral_data which
better reflects the purpose of the variable.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Bluetooth does not need to be enabled to register services,
therefore the newly introduced automatic bluetooth SMP transport
registration system can be simplified by returning enabling of
bluetooth back to the application.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The updatehub shell cmd_info allocate memory but not checks function
return. This add missing checks and proper error handle.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The current updatehub version forces user application to run in kernel
mode. This add necessary api syscalls to isolate userspace from kernel.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The img_mgmt_flash_area_id would add processing of
slot2_partition and slot3_partition if they only exist, even if
not used at all.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This changes some of the MCUmgr transport CMake select statements
to depends on, this is to align with other in-tree symbols that
do not pull in whole subsystems and instead only allow selection
if those subsystems are already enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
BOOT_MAGIC_SZ and BOOT_MAX_ALIGN were used in the header without
including bootutil/bootutil_public.h. This change remove the need of
the inclusion by making the dependency private.
Fixes#52095
Signed-off-by: Guillaume Lager <g.lager@innoseis.com>
This add storage abstraction to allow switch between different flash
APIs. This remove the erase command at updatehub core and move it to
storage init phase.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently MCUboot and system reset are invoked directly in the sample
applicatiion. This introduce 2 new methods to isolate system from
application.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Move header includes to source file. Currently firmware source files
have a hardcode partition identificator. This moves identificators
to updatehub core.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The CP app sends PD a "command" and the PD responds to it. Some times,
the PD has something that it wants to tell the PD which it does so in
response to POLL command. Both CP and PD apps need a way to exchange
these info over the OSDP bus. To archive this we will introduce what are
called "events" that allow the PD app to enqueue and CP app to get
notified.
This is analogous to the incumbent "commands" abstraction where, the CP
app enqueues a command and the PD app gets notified of it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
For all commands and replies, the buffer length needed to build or the
length of data needed to decode needs to be checked and asserted. Right now
we do this by ad-hoc if-s. Add macros that do this at a common location.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The raw, flags check has become a bit excessive and has begun to affect
code readability. Provide inline functions for those accesses that are
frequent. Also, get rid of `struct osdp_cp` as it can be fully represented
by `struct osdp` itself.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
CP has an array of PDs and pd->offset was the position of the PD in CP's
list. Since offset has many meanings, rename it to pd->idx.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Partial packets in the RX buffers cause the subsequent packet to be
treated as malformed. The RX buffer can have partial data if the sender
is too slow in sending the packet of if there is an interruption in
transmission mid-way.
To avoid any issues due to such partials, flush the uart channel before
sending the command/response.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The log lines in CP and PD had a prefix such as "CP: " and "PD: " that
does not add too much value as a given device an either be CP or PD
only. This patch removes those and enhances some other log lines while
at it.
It also adds a enum for return values throughout the module to improve
code quality.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
This commit adds the support for host commands being transported
by the Serial Host Interface on the NPCX SoC.
Signed-off-by: Michał Barnaś <mb@semihalf.com>
This prevents a configuration error by selecting the console if
the UART MCUmgr transport is used, which is actually a dependency
for this transport.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue whereby event ID was not checked properly, meaning
that OR'd events would not work as one would expect.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The TinyCrypt is the current library used by UpdateHub to perform
SHA-256 integrity check. This refactor code and add support to
mbedTLS library. It changes default library to mbedTLS to use
hardware accelerator when available.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Fixes an issue with a missing variable when
CONFIG_IMG_MGMT_REJECT_DIRECT_XIP_MISMATCHED_SLOT is enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
After Kconfig options got renamed, some of the no longer fit
to files they have been defined in.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Will check an uploaded image's hash against the hash that was
originally supplied before the upload began and return the result to
the client to know if the upload was successful or if there was an
error during upload. Requires CONFIG_IMG_ENABLE_IMAGE_CHECK be
enabled for functionality to be available.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This moves the UDP and Bluetooth initialisation for MCUmgr to be
performed automatically with the new hander registration feature.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Makes group registration functions for MCUmgr handlers static as
they are registered automatically at startup.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This replaces the requirement for applications to manually
register MCUmgr handlers by having an iterable section which
then automatically registers the handlers at boot time.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This change changes the previous mcumgr behaviour of return result
codes when the status is 0 (OK) to being legacy behaviour, instead
it will skip the rc field for these responses. If there is only an
rc field with status 0 to return, then mcumgr will now instead just
return an empty map.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This fixes an issue whilst investigating using iterable sections,
which cannot be used when the non-zephyr prefixed functions are
used. It also resolves a possible critical bug intoduced with the
MCUmgr rework whereby functions or elements seem to have silently
dropped.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The CBOR encoding allows strings to have white spaces, and as string
may be used as key it should also be allowed to use space in key.
The commit provides ZCBOR_MAP_DECODE_KEY_DECODER macro, which is
intended to replace ZCBOR_MAP_DECODE_KEY_VAL macro, that allows
to use string keys with spaces in it.
Both macros are available for now.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes an issue with large packets being received, these packets are
chunked into 127-byte frames for the serial transport but this system
is not needed for the dummy transport as it has a fixed size buffer.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The device information handler can be used to retrieve information about
the configuration of the configured device such as board name, board
revision, firmware version and build date.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The shell_mgmt_config.h and stat_mgmt_config.h as they have been only
providing alternative identifiers for Kconfig options.
Now the Kconfig options are directly used in code and the headers
have been removed.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add CONFIG_CRC for building CRC related routines.
CRC routines are now being built for each application, whether used or
not and are add in the build system unconditionally.
Keep CONFIG_CRC enabled by default for now and until all users have
converted to use the new option.
Partial fix for #50654
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Fixes accesses a renamed variable when a specific Kconfig is
active that would cause a compile error.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Moves the zephyr group ID defines to the mgmt header file as it is
with other group IDs and moves the zephyr basic group command IDs
to the the same header-location style as other groups.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This aligns the naming of files in fs_mgmt so that files and
functions relating to hash/checksum are prefixed with fs_mgmt.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Add missing fields in structure containing the arguments used by
the host commands handlers and change the order of parameters
in macro used for defining the handlers.
Signed-off-by: Michał Barnaś <mb@semihalf.com>
This commit increases the stack size for thread handling the host
commands requests. It was required due to the stack being
corrupted using earlier default size. The thread priority is now
configurable using the Kconfig.
It also adds alignment to the tx_buffer since the npcx MCU requires it
to work correctly and removes clearing the buffer before use due to
the hard time requirements. Tests checking if buffers are cleared
are also removed.
Signed-off-by: Michał Barnaś <mb@semihalf.com>
Move the header file to corresponding directory which refers to
submodule name instead of root of drivers directory.
Signed-off-by: Michał Barnaś <mb@semihalf.com>
The commit moves MCUmgr SMP transport documentation from
subsys/mgmt/mcumgr/lib to doc/services/device_mgmt.
Documentation have been rewritten for that purpose.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit reworks mgmt/mcumgr subsystem source code to remove
lib subdirectory and make it a little bit more flat.
It also moves all API interface files, which are supposed to be
visible by applications using MCUMgr, to interface sub-directories,
and exposes them with full paths; for example to include general
MCUMgr support, group registration and so on, user would now include:
<mgmt/mcumgr/mgmt/mgmt.h>
to additionally have control on File System group management
registration user would need:
<mgmt/mcumgr/mgmt/grp/fs_mgmt.h>
All internal headers have been removed from interface.
CMAkeLists.txt get significant rework and various MCUMgr subsystems
have been divided into separate sub-libraries.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Incorrectly hash_checksum_mgmt_handler_fn has been referenced
in documentation for hash_checksum_mgmt_list_cb, causing
documentation generation error, because parameter list does
not match.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Rounded up struct smp_bt_user_data takes 8 bytes; this fixes
static assert failing with message:
CONFIG_MCUMGR_BUF_USER_DATA_SIZE not large enough to fit Bluetooth
user data
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Switches to the new event callback system for the os_mgmt
functionality and removes the old code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches to the new event callback system for the img_mgmt
functionality and removes the old code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches to the new event callback system for the fs_mgmt
functionality and removes the old code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an access denied error code that can be used to signal to the
mcumgr client that the requested access to a specific resource or
command/functionality has been denied.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Reworks the event callback system to use a linked list to allow for
chained handlers and support passing a status back to the handler to
indicate if the request should be rejected or allowed. This also
removes the old base callback functionality.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a new mcumgr command for returning information on all supported
hash/checksum types that the firmware supports.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This fixes issues with the Bluetooth SMP transport whereby deadlocks
could arise from connection references being held in long-lasting
mcumgr command processing functions.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This replaces an intermediatory structure with a different one which
allows command functions to access the full contents of the streamer
structure that would be otherwise unavailable. This is a foundation
for allowing asynchronous mcumgr messages from the server.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue introduced with a recent change that wrongly uses the
source packet header size for the output instead of the supplied
size.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
It is only needed to be known by SMP protocol processing
and in some cases by transport, for example reassembly.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
These two-liners have been only used by SMP protocol processing,
and there is no reason to have them available as public functions.
Code from these functions have been moved directly where they
have been used and they have been removed.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
zephyr_ prefix is now redundant as there are no other OSes supported.
The commit also moves functions, after renaming them, and makes
them static, as they no longer have to be shared between compilation
units.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
It is no longer needed to have "system specific" API for FS management.
The commit removes fs_mgmt_impl.h and moves Zephyr specific
functions that implement the fs_mgmt_impl.h declared functions
into fs_mgmt.c
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This fixes an issue whereby the image state of an upload is present
even after an image erase command, which would instruct a client to
continue uploading at an offset that has no preceeding data.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
In order to avoid using multiple sources of truth for the platfom's
endianness, convert the in-tree code to use the (BIG|LITTLE)_ENDIAN
Kconfig variables exclusively, instead of the compiler's
__BYTE_ORDER__.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
buf.c have been providing net_buf pool allocator and dealocator
for SMP packets: mcumgr_buf_alloc and mcumgr_buf_free.
The functions have been moved to smp.c and renamed
smp_packet_alloc and smp_packet_free, respectively.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
SMP buffer allocation functions have been moved to smp/smp.h,
and buf.h has been removed.
Definitions of cbor_nb_reader and cbor_nb_writer have also been moved.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit moves functions used for initialization of CBOR encoding
and decoding to the only unit that is supposed to use them.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This fixes an issue with the bluetooth transport whereby if a device
drops the connection prior to receiving all the output data it could
cause a deadlock.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The commit removes zephyr_ and _impl_ from function names in image
management group, and renames img_mgmt_impl.* source files to
img_mgmt_priv and merges img_mgmt_priv.h headers.
The zephyr_ and _impl_ have been removed because they no longer make
sense, as the mcugr is internal part of Zephyr, and removal makes
function names shorter.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit removes some leftover code from feature that has been
supposed to log image upload events with use of SMP, but has never
been actually implemented.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Cosmetic change: the zst was short for zephyr_smp_transport,
now it is just smp_transport so smpt makes more sense.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The MCUMgr library is now part of Zephyr, so there is no point
to prefix SMP functions with Zephyr.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Some minor housekeeping prior to adding an http server
implementation. There are already a number of http headers
and that number will likely increase with subsequent work.
Moving them into a common directory cleans up the
`include/net` directory a bit.
Signed-off-by: Christopher Friedt <cfriedt@meta.com>
If a file write was attempted with a file that does not exist, over
the shell/UART when logging was enabled, it would output a fs_unlink
error, this works around the issue by checking if the file exists and
needs truncating before performing that action. It also imrproves
flash endurance slightly by performing a truncate operation instead
of a delete, but will fall back to a delete if the truncation
operation fails. This issue can be also be mitigated by altering
logging settings or adjusting the SMP thread priority.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
No longer needed, since smp_streamer has smpt pointer to
zephyr_smp_transport, it can directly call smpt->zst_output.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
There are no more functions directly using the type, so it
has been removed and its contents have been moved to
smp_streamer.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit removes declaration of functions
mgmt_streamer_trim_front and mgmt_streamer_init_reader
as they no longer have definitions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit drops empty parameter from img_mgmt_flash_check_empty
and img_mgmt_flash_check_empty_inner and uses the return code
instead.
Both functions now use negative errno codes instead of MGMT_ERR_
type codes.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This adds a hash check when the CONFIG_IMG_ENABLE_IMAGE_CHECK Kconfig
option is enabled that will check the underlying image hash to see if
it is the same as the one provided by the mcumgr client, and if so,
will prevent erasure/uploading the same image data.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This adds the dummy shell buffer size to the shell_mgmt
configuration to allow ease of changing it.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The img_mgmt_erase could return MGMT_ERR_EOK even when
img_mgmt_impl_erase_slot failed.
Fixes#50522
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes an issue with img_mgmt whereby the if check for a slot3
partition is using the wrong case for the partition name.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Moves a .h file added outside of the zephyr include folder to be
within the zephyr include folder.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This header provides original BOOT_MAX_ALIGN definition.
This definition is used indirectly by the code this
patch modifies.
Let's use it instead of copy from mcuboot.h
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
The options should enable verbose responses in error responses
to SMP command processing, but has been broen when the code
has been ported to zcbor.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
If the is no update from the server, the _links will be NULL.
Check if it is NULL before trying to LOG these strings.
Signed-off-by: Yong Cong Sin <yongcong.sin@gmail.com>
There are warnings when building fs_mgmt with hash/checksum
functionality enabled due to array access and a wrong variable type
being used.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
zcbor supports native zcbor_size_ functions for some time now,
so there is no need to have local zcbor_size_ definitions.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes an issue with outgoing mcumgr frames that are larger than the
transport MTU size whereby they would wrongly be split up into multiple
frames with multiple start frame headers, which affected SMP over
console transports.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The lib/transport directory has been moved up, directly under the
subsys/mgmt/mcumgr, and all transport files have been moved to
that directory.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fixes an issue introduced when the mcumgr code was simplified whereby
the newer compressed free function call wrongly passes a pointer to a
pointer instead of the pointer itself.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue with the connection reference not being decremented
at the end of the outgoing notification function resulting in an
ever-increasing connection count.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The static function img_mgmt_flash_check_empty is only used if
CONFIG_IMG_ERASE_PROGRESSIVELY isn't set.
Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
This adds a dummy SMP backend which can be used for unit testing or
virtual interface purposes.
Signed-off-by: Jamie McCrae <jamie.mccrae@lairdconnect.com>
Adds the runtime tick count of threads to mcumgr's taskstat response,
if CONFIG_SCHED_THREAD_USAGE is enabled, which reports the number of
execution cycles that each thread has been running for.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue with Bluetooth notification sending whereby it does
not wait for buffers to become available and can error out if
unable to get a buffer once.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issues where the system work queue can become a source of
contention and cause a deadlock by moving MCUMGR SMP processing to its
own dedicated work queue.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The Kconfig for MCUMgr management source code (service registration,
group registration, and so on) has been moved to the sub-dir with
the code.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
By default, thread priorities in mcumgr task stat responses are
unsigned, whilst in zephyr, thread priorities are signed. This means
that clients get obscenely large numbers for priorities that make no
sense. The fork of mcumgr has been in zephyr long enough now that
this should be changed to use signed thread priorities by default
instead of sticking with the old mcumgr default.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The commit removes declarations of:
zephyr_smp_rx_req, zephyr_smp_alloc_rsp, zephyr_smp_free_buf
from include/zephyr/mgmt/mcumgr/smp.h, as these are MCUMgr internal
functions used in SMP processing and should be not exposed
from header file that provides interface for SMP transports.
The declarations have been moved to smp_internal.h, which is
visible within MCUMgr.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Use c99 format specifier macros to remove build warnings when building
for `native_posix[_64]`.
Signed-off-by: Marc Lasch <marc.lasch@husqvarnagroup.com>
The commit switches flash area access from FLASH_AREA_ macros
to FIXED_PARTITION_ macros and to usage of DTS node labels,
to identify partitions, instead of label property.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit switches flash area access from FLASH_AREA_ macros
to FIXED_PARTITION_ macros and to usage of DTS node labels,
to identify partitions, instead of label property.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The conditional block linking mbedTLS for checksum calculation
in FS commands have been moved to CMakeLists.txt responsible
for compiling these commands.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
As of today <zephyr/zephyr.h> is 100% equivalent to <zephyr/kernel.h>.
This patch proposes to then include <zephyr/kernel.h> instead of
<zephyr/zephyr.h> since it is more clear that you are including the
Kernel APIs and (probably) nothing else. <zephyr/zephyr.h> sounds like a
catch-all header that may be confusing. Most applications need to
include a bunch of other things to compile, e.g. driver headers or
subsystem headers like BT, logging, etc.
The idea of a catch-all header in Zephyr is probably not feasible
anyway. Reason is that Zephyr is not a library, like it could be for
example `libpython`. Zephyr provides many utilities nowadays: a kernel,
drivers, subsystems, etc and things will likely grow. A catch-all header
would be massive, difficult to keep up-to-date. It is also likely that
an application will only build a small subset. Note that subsystem-level
headers may use a catch-all approach to make things easier, though.
NOTE: This patch is **NOT** removing the header, just removing its usage
in-tree. I'd advocate for its deprecation (add a #warning on it), but I
understand many people will have concerns.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Fix include order to avoid redefinition of `ARRAY_SIZE`, because
`sys/util.h` and `zcbor_common.h` both define it, but `sys/util.h` does
not protect against redefinition.
Signed-off-by: Fabio Utzig <utzig@tumenibits.com>
Allows selecting which slot will be erased, will default back to
slot 1 as it would do in previous versions if the optional parameter
is not provided
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This prevents the shell command response code conflicting with the
mcumgr response code, which are 2 distinct variable types
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes a race condition when listing task status using mcumgr whereby
if a thread status changes, it could cause unpredictable output for
the command.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Reduces the level of indirection for functions by calling the zephyr
functions directly as support for multiple operating systems is no
longer required with mcumgr being forked and placed into the zephyr
tree. Saves 60 bytes flash when compiling smp_svr on an ARM Cortex
M4 board.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Switches to using Zephyr's single linked list implementation for
group management objects instead of duplicating functionality for
mcumgr only.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Resolves an issue with processors that do not support unaligned memory
access when using img_mgmt functions, e.g. ARM Cortex M0, by marking
structures as packed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Many device pointers are initialized at compile and never changed. This
means that the device pointer can be constified (immutable).
Automated using:
```
perl -i -pe 's/const struct device \*(?!const)(.*)= DEVICE/const struct
device *const $1= DEVICE/g' **/*.c
```
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
