This is a stable API treewide change changing the newly introduced
"ret" response to "err" as it was overlooked that the shell_mgmt
group already used "ret" to return the exit code of the command
and this created a collision. Since SMP version 2 was only recently
introduced, there should not be any public implementations of it
as of yet, but the original function has been kept and marked as
deprecated.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes a stray ifdef which causes a build failure if the automatic
UDP start Kconfig is not enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds the force parameter to the reset command which is now
provided to the callback hook (if enabled).
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Uses the zcbor decode bulk function instead of manually parsing the
array in the function to reduce duplicated code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Uses the zcbor decode bulk function instead of manually parsing the
array in the function to reduce duplicated code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue whereby the data packets were not checked to ensure
that the client has not attempted to write more data than the size
that was provided in the original upload packet.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fixes an issue whereby upload image size would not be checked in
the first packet of an upload, which would allow an image to be
uploaded until it reached the point of it being too large to
fit anymore.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
MCUmgr client basic implementation for support Image and OS grpup
commands.
Image Group:
* Image state read/write
* Image Upload secondary slot
* Image Erase secondary slot
OS group:
* Reset
* Echo service, disabled by default
Opeartion's are blocked call and cant't call inside worker queue.
IMG and OS need to be SMP client object for transport.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
SMP client support for generate request and handling
response message.
Updated SMP transport for send request.
Added API for register SMP transport.
Signed-off-by: Juha Heiskanen <juha.heiskanen@nordicsemi.no>
Uses the MCUboot bootutil image.h file directly instead of an
outdated copy which resides in the zephyr tree.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional callback upon image data being written, can be
used for syncing or timeout purposes.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Replaces the manual lookup function with a lookup function which
is provided when registering MCUmgr handlers which can be used to
find the function to translate error codes, allowing out of tree
MCUmgr handlers to provide error translation handlers.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The commit fixes build issue when building for two application
images in board that does not have slot0_ns_partition.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Fix conditional compilation within img_mgmt_get_other_slot,
where CONFIG_MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER has been
incorrectly checked and #endif incorrectly placed.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add a feature to suppress commands. The suppressed commands are not
logged on the command reception.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Add a user possibility to set a callback for receiving a new function.
It allows instant performing some actions, that need to be done before
context switch.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Verify validity of a received command before passing it to the general
handler.
It allows performing some actions, right after receiving the command.
The context switch is not needed. Such feature may be needed for
overloaded system, where instant reboot is required.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Add a function to signal a new host command by a backend.
Use a function instead of giving semaphore, because it allows more
actions on rx event, common for all backends.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Add a config to save the final result of a last host command that has
sent EC_HOST_CMD_IN_PROGRESS response. To get the final result use the
ec_host_cmd_send_in_progress_status function.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Fixes an issue where a variable was used without being correctly
set by other parts of the code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The sizeof is used in a wrong way which causes incorrect checking a
version of a command. Use NUM_BITS instead.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
The response buffer has to be cleared every command not to pass
unintended content e.g. response from a previous command, or stack
content.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Update the response buffer size, passed to a command handler, every
command, since a backend could change it in runtime.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Currently, it is not possible to use hawkbit with code that requires
POSIX_API to be set due to the dependency on NET_SOCKETS_POSIX_NAMES.
Since a lot of other code has already been moved to `zsock_`, this
commit does the same for hawkbit.
Co-authored-by: rojedag <r.ojeda@vogl-electronic.com>
Signed-off-by: Matthias Breithaupt <m.breithaupt@vogl-electronic.com>
Add a native way to log Host Command communication.
Use Zephyr logging system to do it. Use debug and normal levels.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Use one common function to send Host Command response. It allows
handling all response types within one function.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Adds status checking to the command status hook which allows an
application to inspect a request and, optionally, reject it.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional Kconfig that adds mutex locks to image management
group functions, this prevents collision between multiple threads
and/or transports.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This adds a few line use zephyr_syscall_header() to include
headers containing syscall function prototypes.
Signed-off-by: Daniel Leung <daniel.leung@intel.com>
Fixes wrongly declaring duplicate local variables that already
exist and hiding the previous variables definitions.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The IN_PROGRESS status is a specital status that can be sent during
handling a host command. Synchronous backends don't support it, so
an additional check is required.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
A function to send Host Command response is needed for commands that
that sends IN_PROGRESS status or doesn't return e.g. perform reboot.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
OS management's reset is optional, therefore only imply reset
instead of selecting it, so it can optionally disabled if not
needed.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Expands a bitfield name from nh_ver to nh_version so it is more
obvious what it is. Also changes the version that goes into the
response to indicate what the maximum supported version of the
protocol is for a device
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This reworks the UDP transport to resolve some issues with object
interactions and streamlines the code.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
No reason to continue zcbor encoding of slot information for image
list when already failed at encoding version.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Image list should also flag pending slot as permanent.
This follows the image list for swap configuration where slot
confirmed for next boot is marked as permanent.
The difference is that in DirectXIP mode it is still possible
to erase slot marked as pending and permanent, before restart
happens.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds callback checks to other fs_mgmt group file access functions
which allows for file access control, and moves where the callback
is triggered for uploads and downloads to prevent getting the
callback multiple times for the same file. The callback struct has
been modified so applications using the previous signature will
need to be updated.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Changes the warning from being text in Kconfig for filesystem
management as a whole to being a cmake warning which is displayed
if the user has not enabled file access hooks with a link to the
documentation on how to set them up.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Add a config to decide if a new dedicated thread for Host Command is
created during initialization.
If not, the ec_host_cmd_task has to be called by another thread to
handle host commands.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Until now iterable sections APIs have been part of the toolchain
(common) headers. They are not strictly related to a toolchain, they
just rely on linker providing support for sections. Most files relied on
indirect includes to access the API, now, it is included as needed.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Uses the new error system to report an error if the user provides
an invalid format for the OS info command.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The general handler may provide buffers for a backend. Use ranges to
check if the provided buffer is used, because the backend may shift the
beginning of the buffer to make space for preamble.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Add a separate config to enable autoinitialization of the host command
subsystem, called by the chosen backend.
It allows setting the chosen backend without autoinit.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
The application code may need inside information about the host command
e.g. the thread id. Add a function that returns the main host command
structure which contains such data.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Image list will only report active flag for active image and pending
flag for other slot, but only if image in that slot has higher
version than currently running image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Converts the list of functions for registering an MCUmgr SMP
transport from function arguments to a single list which contains
the function pointers.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds a new map to responses that command handlers can use to
return result codes of functions themselves, unrelated to SMP
error codes. This is achieved by adding an optional "ret" map
which contains a 16-bit "group" and 16-bit "rc" error code,
this map will not be included if the "ret rc" is 0 (which
implies success).
In order to allow this, a new version of the protocol has been
which can be indicated for use by setting a bit in the header.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
It is no longer possible to select image for test or confirm
when MCUboot has been configured for DirectXIP.
MCUboot flags, in image trailer, are now ignored in DirectXIP
mode allowing to use entire slot for image upload.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Image management is now disabled by default if MCUboot
is configured for single application mode.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_set_next_boot_slot function which uses
boot_set_next, from MCUboot/bootutil, to set application slot
for next boot.
The img_mgmt_set_next_boot_slot is intended to replace
img_mgmt_state_confirm and img_mgmt_state_set_pending.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The commit adds img_mgmt_active_slot() which allows to get
active (running) slot for given application image.
Added img_mgmt_active_image() allows to get number of image running
on current MCU core.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Since conn_mgr is a subsystem rather than a library, relocate it
directly into subsys/net rather than subsys/net/lib/
Rename header files to better match their function.
Remove net_ prefix from conn_mgr types, API, and files, since it is
unnecessary.
Signed-off-by: Georges Oates_Larsen <georges.larsen@nordicsemi.no>
Prevents verifying the image has been uploaded successfully using
the hash provided at the start of the upload if the hash is not
the correct length of an SHA256 hash.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Change fixes check for upgrade-only to ensure that the the new image
version is greater than version of the currently running image.
Signed-off-by: Marek Pieta <Marek.Pieta@nordicsemi.no>
In case when CONFIG_MCUMGR_SMP_LEGACY_RC_BEHAVIOUR=n then
the image erase command would incorrectly return MGMT_ERR_EMSGSIZE,
even though no such error occurred.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The function should be used to reset map decoding state
between calls to zcbor_map_decode_bulk, while using the same map
for different buffers.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Due to broken logic in img_mgmt_state_confirm failure to confirm
was not reported to caller.
If hooks were enabled confirmation event would be passed regardless
whether it has been successful.
Fixes#56617
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
The dummy header was an opt-in feature to allow testing without a
real image but since we support testing on Qemu in CI which
supports flash partitions, there isn't a need for this option. Not
being deprecated as Kconfig would only have been used as part of
CI, not user applications.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Function allows to check whether given key has been found
during map decoding with zcbor_map_decode_bulk.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
MISRA Rule 5.7 requires uniqueness of tag identifiers. Shell is
frequently problematic because many code uses `const struct shell
*shell`. This causes CI noise every time one of these shell files is
edited, so let's update all of them with `const struct shell *sh`
instead.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
The init infrastructure, found in `init.h`, is currently used by:
- `SYS_INIT`: to call functions before `main`
- `DEVICE_*`: to initialize devices
They are all sorted according to an initialization level + a priority.
`SYS_INIT` calls are really orthogonal to devices, however, the required
function signature requires a `const struct device *dev` as a first
argument. The only reason for that is because the same init machinery is
used by devices, so we have something like:
```c
struct init_entry {
int (*init)(const struct device *dev);
/* only set by DEVICE_*, otherwise NULL */
const struct device *dev;
}
```
As a result, we end up with such weird/ugly pattern:
```c
static int my_init(const struct device *dev)
{
/* always NULL! add ARG_UNUSED to avoid compiler warning */
ARG_UNUSED(dev);
...
}
```
This is really a result of poor internals isolation. This patch proposes
a to make init entries more flexible so that they can accept sytem
initialization calls like this:
```c
static int my_init(void)
{
...
}
```
This is achieved using a union:
```c
union init_function {
/* for SYS_INIT, used when init_entry.dev == NULL */
int (*sys)(void);
/* for DEVICE*, used when init_entry.dev != NULL */
int (*dev)(const struct device *dev);
};
struct init_entry {
/* stores init function (either for SYS_INIT or DEVICE*)
union init_function init_fn;
/* stores device pointer for DEVICE*, NULL for SYS_INIT. Allows
* to know which union entry to call.
*/
const struct device *dev;
}
```
This solution **does not increase ROM usage**, and allows to offer clean
public APIs for both SYS_INIT and DEVICE*. Note that however, init
machinery keeps a coupling with devices.
**NOTE**: This is a breaking change! All `SYS_INIT` functions will need
to be converted to the new signature. See the script offered in the
following commit.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
init: convert SYS_INIT functions to the new signature
Conversion scripted using scripts/utils/migrate_sys_init.py.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
manifest: update projects for SYS_INIT changes
Update modules with updated SYS_INIT calls:
- hal_ti
- lvgl
- sof
- TraceRecorderSource
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: devicetree: devices: adjust test
Adjust test according to the recently introduced SYS_INIT
infrastructure.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
tests: kernel: threads: adjust SYS_INIT call
Adjust to the new signature: int (*init_fn)(void);
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
Secure Channel Base Key (SCBK) is a secret key used to derive the session
keys used to encrypt and decrypt OSDP packets. Secure coding practice
requires us to clear such sensitive data from stack once we are done
needing it. This patch addresses this issue.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP secure channel message blocks are terminated with a 0x80. This means
that even for zero length messages, we would have at least one block of
encrypted data to decrypt (since message blocks are rounded up to the next
16 byte boundary). The current length assertion checks for 16 byte
alignment but a malicious peer could send a specially crafted packet with
zero length blocks. Fix this issue by adding check for length == 0 case.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
HID readers are responding to a KEYSET command with an ACK in plaintext
instead of using the current session keys to acknowledge this command
(which is the reasonable thing to do as the command itself was received
encrypted with the old key). Since the spec doesn't say anything about
this, both methods are technically correct.
Make changes to CP so it allows ACKs in plaintext for KEYSET command in
particular and make the PD implementation do this too as it makes the code
look cleaner there (perhaps HID did it for the same reasons :D).
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
If command or reply has no data, PD "should" use secure message types
SCS_15 or SCS_16. But some PD seem to not implement this correctly. We
will be tolerant towards those faulty implementations.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP command KEYSET is used to set the secure channel base key for all
connected PDs. This key is then used to derive the session keys for each
secure channel session. When the app wants to set the this key, it has
to issue a command and then both the CP/PD has to be notified of this
change so they can store this key in a non-volatile medium for future
operations across power cycles.
The current implementation of OSDP had limited support for key
management. This patch adds all the bells and whistles needed to handle
keyset command/event in the CP/PD application.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Hoisting a `length--` helps simplify a lot of code which has ad-hoc -1s
in a bunch of places. Also, fix some formatting issues and remove
unnecessary log lines.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Add a new backend for Host Commands that uses UART. The backend bases
asynchronous UART API.
The UART backend is mainly used by FPMCU.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
This vastly increases the performance of file transfers using the
fs_mgmt group over MCUmgr by allowing the file handle to remain open
between commands instead of having to open, feek, read/write then
close the file handle for each invocation.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
As name suggest upgrade only should allow image upgrades onlu, but due
to greater or eqal sign used in version comparison, upgrade actually
also accepted current version.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds an optional feature that can be used to time out a partially
received MCUmgr packet over the shell interface. Prior to this
change, if a header was received, then the whole shell would be
unavailable until the module is rebooted or additional full MCUmgr
packet was sent.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Fix a memory issue when calling boot_read_bank_header the length should be
the size of `struct mcuboot_img_header`.
Fixes#54459.
Signed-off-by: Joel Guittet <joelguittet@gmail.com>
Changes Kconfig symbols to depend on symbols rather than selecting
them, this avoids a cmake dependency loop.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Changes Kconfig symbols to depend on symbols rather than selecting
them, this avoids a cmake dependency loop.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Rework the Host Command support. It includes:
-change API to backend
-change a way of defining rx and tx buffers
-fix synchronization between the handler and backend layer
-simplify the HC handler
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
Follow naming pattern in the subsystems(logging or shell) and name
the layer between generic handler and peripheral driver "backend".
The name doesn't suit that well to the SHI backend, because there isn't
SHI API itself and the SHI interface is used only for the host
communication. So the backend code includes the peripheral driver itself.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
The Host Commands can be used with different transport layers e.g. SHI
or eSPI. The code that provides the peripheral API and allows sending
and receiving Host Commands via different transport layers is not
actually drivers of a peripheral, so move it to the
subsys/mgmt/ec_host_cmd folder.
Signed-off-by: Dawid Niedzwiecki <dawidn@google.com>
cp_build_command returns the length of the built packet and early
returns for errors. This means there is no need to keep track of return
code in a separate variable -- if we reached the end, we succeeded.
Along with this change, some more changes to enhance maintainability and
readability are also done.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
With changes to the phy layer and the way we build and dispatch
commands, we can now simplify some parts of CP state machine. This patch
builds on previous patches to reduce some state transitions and fixes
some bugs in those paths.
While at it, also implement an exponential back-off for PD offline after
a timeout. This is useful when there is a transient PD timeout but the
PD itself is not totally dead.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
After the check_packet() split from decode_packet() for handling multiple
packets in the RX buffer, PD state machine needed to me modified to
start handling it correctly. While at it, simplify the states as PD does
not have as much state anyways.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The method send_command was building the packet and also sending it.
This is a problem because even command build failures are reported as
command send failures; although the former can be mitigated by changing
kconfig parameters depending on use cases.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
To handle multiple packets in RX buffer, we need to perform checks on
the buffer first and determine the length of one packet and extact only
that many bytes from the RX buffer instead of pulling everything at
once and failing if there are bytes from the next packet in the buffer.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
When a PD is set online, we need to do other actions along with it. To
make this easier in future, move cp_set_state(pd, OSDP_CP_STATE_ONLINE)
to it's own method cp_set_online(pd).
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Select in Kconfig causes many issues with dependency loops, this
resolves the issue by replacing most select with depends on for
MCUmgr, including updates to the sample smp_svr application and
tests.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
This patch replaces many instances where raw loops were used to copy bytes
with memcpy calls.
No functional change intended.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Do not check or send the first entry in the pd->cp[] device capability
table which is for function code 0 which is not a defined function code.
Signed-off-by: David Vucich <dave@alcatraz.ai>
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
By default, on errors, pd_decode_command replies with osdp_NAK with
sub-error code set to OSDP_PD_NAK_CMD_LEN (achieved using the ret ==
OSDP_PD_ERR_GENERIC check before return). This is works for all packet
framing errors; but when a more specific error code needs to be sent, ret
has to be set to something other than OSDP_PD_ERR_GENERIC (a suitable error
code happens to be OSDP_PD_ERR_REPLY) to prevent the tail check from
overwriting the error info.
In CMD_KEYSET, we fill a more specific error code but do not set the ret to
OSDP_PD_ERR_REPLY. It causes this error to be reported as a framing
error hence loosing some extended info about the error. Fix this issue by
reordering the checks a bit.
Fixes: 7f4d2c741b "mgmt/osdp: Add support for Secure Channel"
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Initially, subsys/mgmt had its own STR() macro for string pasting which was
replaced with the zephry provided STRINGIFY(). The definition of this macro
seems to have lingered on so remove it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
During handshake, only certain types of secure block types (<= SCS_14)
are allowed. A rouge CP/PD can try to bypass the handshake by directly
sending a secure block type ahead of the sequence and gain a secure
channel. Fix this by adding a check in packet decode time.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP specification section 5.7 states that a transmitting device has to
drive the transmission line to a marking state for a period of one char
in the current baud rate. This can be achieved by sending 0xFF. Since
this is not mentioned in the packet structure definition, many commercial
implementations of OSDP out in the wild do not send/expect this byte.
To work with such non-conforming devices, we will try to be as flexible
as possible in the PD: send mark byte only if the other side sent one. In
case of CP, we have no option but to send the mark byte to be as close
to the specification as possible. If a particular use case needs the CP
to not send it, we will provide a Kconfig option to disable it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Now that we have the necessary infrastructure to collect events from PD
apps, we can use them to translate it to OSDP packet sequence for card
reads and key press events.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
OSDP compliant devices communicate their capabilities and discover what
their peer can and cannot do. Right now, PD advertises these capabilities
and expects CP to honor them. Although this is not known to cause any
issues, it is not desirable to allow such accesses.
Add a check of incoming commands to to validate that the corresponding
capability was enabled and advertised.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Since cmd_data member is used by both commands and events to store the
contents of current transaction, rename it to ephemeral_data which
better reflects the purpose of the variable.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Bluetooth does not need to be enabled to register services,
therefore the newly introduced automatic bluetooth SMP transport
registration system can be simplified by returning enabling of
bluetooth back to the application.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The updatehub shell cmd_info allocate memory but not checks function
return. This add missing checks and proper error handle.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The current updatehub version forces user application to run in kernel
mode. This add necessary api syscalls to isolate userspace from kernel.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The img_mgmt_flash_area_id would add processing of
slot2_partition and slot3_partition if they only exist, even if
not used at all.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
This changes some of the MCUmgr transport CMake select statements
to depends on, this is to align with other in-tree symbols that
do not pull in whole subsystems and instead only allow selection
if those subsystems are already enabled.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
BOOT_MAGIC_SZ and BOOT_MAX_ALIGN were used in the header without
including bootutil/bootutil_public.h. This change remove the need of
the inclusion by making the dependency private.
Fixes#52095
Signed-off-by: Guillaume Lager <g.lager@innoseis.com>
This add storage abstraction to allow switch between different flash
APIs. This remove the erase command at updatehub core and move it to
storage init phase.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Currently MCUboot and system reset are invoked directly in the sample
applicatiion. This introduce 2 new methods to isolate system from
application.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
Move header includes to source file. Currently firmware source files
have a hardcode partition identificator. This moves identificators
to updatehub core.
Signed-off-by: Gerson Fernando Budke <gerson.budke@ossystems.com.br>
The CP app sends PD a "command" and the PD responds to it. Some times,
the PD has something that it wants to tell the PD which it does so in
response to POLL command. Both CP and PD apps need a way to exchange
these info over the OSDP bus. To archive this we will introduce what are
called "events" that allow the PD app to enqueue and CP app to get
notified.
This is analogous to the incumbent "commands" abstraction where, the CP
app enqueues a command and the PD app gets notified of it.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
For all commands and replies, the buffer length needed to build or the
length of data needed to decode needs to be checked and asserted. Right now
we do this by ad-hoc if-s. Add macros that do this at a common location.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The raw, flags check has become a bit excessive and has begun to affect
code readability. Provide inline functions for those accesses that are
frequent. Also, get rid of `struct osdp_cp` as it can be fully represented
by `struct osdp` itself.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
CP has an array of PDs and pd->offset was the position of the PD in CP's
list. Since offset has many meanings, rename it to pd->idx.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
Partial packets in the RX buffers cause the subsequent packet to be
treated as malformed. The RX buffer can have partial data if the sender
is too slow in sending the packet of if there is an interruption in
transmission mid-way.
To avoid any issues due to such partials, flush the uart channel before
sending the command/response.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
The log lines in CP and PD had a prefix such as "CP: " and "PD: " that
does not add too much value as a given device an either be CP or PD
only. This patch removes those and enhances some other log lines while
at it.
It also adds a enum for return values throughout the module to improve
code quality.
Signed-off-by: Siddharth Chandrasekaran <sidcha.dev@gmail.com>
This commit adds the support for host commands being transported
by the Serial Host Interface on the NPCX SoC.
Signed-off-by: Michał Barnaś <mb@semihalf.com>
This prevents a configuration error by selecting the console if
the UART MCUmgr transport is used, which is actually a dependency
for this transport.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
