Re-tab run.c to match the rest of the files in the system. This was
indented using Zephyr conventions (tabs for indent). Re-indent using
spaces, with a 4-space indent level.
Signed-off-by: David Brown <david.brown@linaro.org>
Extend the flash emulation in the simulator to verify that the
bootloader explicitly erases flash before writing to it for a second
time.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Implement the new flash sector query API for the simulator. This is
generated from the data for the deprecated API. Once the old API is
removed, the flash simulator can be changed to just return the new data
directly.
Signed-off-by: David Brown <david.brown@linaro.org>
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
The boot response returns a flash offset, not a flash address. This is
causing confusion and leading to crashes on some platforms which don't
have flash at address 0.
Rename the field to make it more clear what its purpose is; future
patches can start fixing up usages.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Before this change, trailer was handled as part of the binary image,
which during a swap was just copied around together with the image.
This had issues if some fault happened while the trailer copy was
underway.
This patch changes how trailer is handled by making by non-copying.
The trailer is now updated step-by-step based on the current status.
Magic, copy_done and image_ok are also handled by writing them
individually, not by copying.
The trailer on scratch area was reduced to include at most swap state for
one sector, since it is only used temporarily while erasing the last
sector of the slot that stores the final trailer.
Many other small fixes were applied.
Change the C logging code, when in the simulator, to query what the rust
logging level is set to. This allows the level of logging from the C
code to be set through the environment. For example
RUST_LOG=bootsim=info cargo run --release runall
will enable logging at the "info" level for all of the C code as well as
the simulator code. The C code's logging can be selected specifically
by using bootsim::api instead of just bootsim in the above.
Add a configuration option "BOOTUTIL_OVERWRITE_ONLY" that avoids using
the image swap code. Instead, when an upgrade is detected in slot 1, it
is copied directly onto slot 0. As long as the image in slot 1 is
valid, this should work robustly (it will redo it if power is lost
during the upgrade).
This doesn't protect against the case of deploying an image that fails
to boot on some devices. But, the behavior is similar to the swap
upgrade approach when the slot 1 image is marked initially as "image
ok", but without the complexity (or need of a swap partition) of the
swap code.
Add a simple function to query the bootloader for capabilities.
Ultimately, this API should be available to the running app, but the
simulator can use this to determine what to test.
Add logging support for when running in the simulator. Log messages are
still based on compile-time determinations, and log using printf.
Based on a patch from Marti Bolivar <marti.bolivar@linaro.org>.
In change
commit bb5635e074
Author: Fabio Utzig <utzig@utzig.org>
Date: Mon Apr 10 09:07:02 2017 -0300
Add test of multiple random resets while upgrading
in addition to adding the try_random_fails, it shuffled the order that
the initial interruption test ran. However, this test always clones
the flash device, so it doesn't matter what order the tests are run.
Revert this part of the change to avoid unnecessary complexity in the
code.
There are some instances of hard-coded offsets, which break if the
simulated device doesn't have the same configuration. Query these
from the flash descriptor rather than hard-coding them.
Although this contains a phantom pointer, because it is passed to C,
this generates a warning on every compile. Until this is fixed,
remove the lifetime declarations from the structures. The user will
have to make sure that the pointed-to structures remain until the C
structure is completed. For the common case of generating the C
structures just to make a call, this should be safe.
To make the images easier to identify during analysis, set the version
number. The major number tries to be set to the slot number, and the
build number is the byte offset.
Use the Rust logging so that normal messaging isn't overwhelmed by
messages printed. The default level is 'error' which will only print
full errors (including the failures at the end).
To run with warnings:
RUST_LOG=warn ./target/release/bootsim ...
This will print warnings, showing the particular failures in mind.
Using 'info' instead of 'warn' will print lots of progress as it runs.
'sim' is a small simulator for the bootloader's update code. It tests
untimely powerdowns to ensure that the bootloader will recover from a
power loss or reset at any time during the boot.
Note that, as of this commit, there are some failures in the test that
need to be investigated.
Also note that this build script does not output proper dependencies for
source files outside of the simulator directory, and won't rebuild the C
files if they or headers are modified.
David Brown