mcuboot/sim/mcuboot-sys/src/api.rs

// Copyright (c) 2017-2021 Linaro LTD
// Copyright (c) 2018-2019 JUUL Labs
// Copyright (c) 2023 Arm Limited
//
// SPDX-License-Identifier: Apache-2.0

//! HAL api for MyNewt applications

use crate::area::CAreaDesc;
use log::{Level, log_enabled, warn};
use simflash::{Result, Flash, FlashPtr};
use std::{
    cell::RefCell,
    collections::HashMap,
    mem,
    ptr,
    slice,
};

/// A FlashMap maintain a table of [device_id -> Flash trait]
pub type FlashMap = HashMap<u8, FlashPtr>;

pub struct FlashParamsStruct {
    align: u32,
    erased_val: u8,
}

pub type FlashParams = HashMap<u8, FlashParamsStruct>;

/// The `boot_rsp` structure used by boot_go.
#[repr(C)]
#[derive(Debug)]
pub struct BootRsp {
    pub br_hdr: *const ImageHeader,
    pub flash_dev_id: u8,
    pub image_off: u32,
}

// TODO: Don't duplicate this image header declaration.
#[repr(C)]
#[derive(Debug)]
pub struct ImageHeader {
    magic: u32,
    load_addr: u32,
    hdr_size: u16,
    protect_tlv_size: u16,
    img_size: u32,
    flags: u32,
    ver: ImageVersion,
    _pad2: u32,
}

#[repr(C)]
#[derive(Debug)]
pub struct ImageVersion {
    pub major: u8,
    pub minor: u8,
    pub revision: u16,
    pub build_num: u32,
}

pub struct CAreaDescPtr {
   pub ptr: *const CAreaDesc,
}

pub struct FlashContext {
    flash_map: FlashMap,
    flash_params: FlashParams,
    flash_areas: CAreaDescPtr,
}

impl FlashContext {
    pub fn new() -> FlashContext {
        FlashContext {
            flash_map: HashMap::new(),
            flash_params: HashMap::new(),
            flash_areas: CAreaDescPtr{ptr: ptr::null()},
        }
    }
}

impl Default for FlashContext {
    fn default() -> FlashContext {
        FlashContext {
            flash_map: HashMap::new(),
            flash_params: HashMap::new(),
            flash_areas: CAreaDescPtr{ptr: ptr::null()},
        }
    }
}

#[repr(C)]
#[derive(Debug)]
pub struct CSimContext {
    pub flash_counter: libc::c_int,
    pub jumped: libc::c_int,
    pub c_asserts: u8,
    pub c_catch_asserts: u8,
    // NOTE: Always leave boot_jmpbuf declaration at the end; this should
    // store a "jmp_buf" which is arch specific and not defined by libc crate.
    // The size below is enough to store data on a x86_64 machine.
    pub boot_jmpbuf: [u64; 48],
}

impl Default for CSimContext {
    fn default() -> Self {
        CSimContext {
            flash_counter: 0,
            jumped: 0,
            c_asserts: 0,
            c_catch_asserts: 0,
            boot_jmpbuf: [0; 48],
        }
    }
}

pub struct CSimContextPtr {
   pub ptr: *const CSimContext,
}

impl CSimContextPtr {
    pub fn new() -> CSimContextPtr {
        CSimContextPtr {
            ptr: ptr::null(),
        }
    }
}

impl Default for CSimContextPtr {
    fn default() -> CSimContextPtr {
        CSimContextPtr {
            ptr: ptr::null(),
        }
    }
}

/// This struct describes the RAM layout of the current device.  It will be stashed, per test
/// thread, and queried by the C code.
#[repr(C)]
#[derive(Debug, Default)]
pub struct BootsimRamInfo {
    pub start: u32,
    pub size: u32,
    pub base: usize,
}

/// This struct stores the non-volatile security counter per image. It will be stored per test thread,
/// and the C code will set / get the values here.
#[repr(C)]
#[derive(Debug, Default)]
pub struct NvCounterStorage {
    pub storage: Vec<u32>,
}

impl NvCounterStorage {
    pub fn new() -> Self {
        let count = if cfg!(feature = "multiimage") {
            2
        } else {
            1
        };
        Self {
            storage: vec![0; count]
        }
    }
}

thread_local! {
    pub static THREAD_CTX: RefCell<FlashContext> = RefCell::new(FlashContext::new());
    pub static SIM_CTX: RefCell<CSimContextPtr> = RefCell::new(CSimContextPtr::new());
    pub static RAM_CTX: RefCell<BootsimRamInfo> = RefCell::new(BootsimRamInfo::default());
    pub static NV_COUNTER_CTX: RefCell<NvCounterStorage> = RefCell::new(NvCounterStorage::new());
}

/// Set the flash device to be used by the simulation.  The pointer is unsafely stashed away.
///
/// # Safety
///
/// This uses mem::transmute to stash a Rust pointer into a C value to
/// retrieve later.  It should be safe to use this.
pub fn set_flash(dev_id: u8, dev: &mut dyn Flash) {
    THREAD_CTX.with(|ctx| {
        ctx.borrow_mut().flash_params.insert(dev_id, FlashParamsStruct {
            align: dev.align() as u32,
            erased_val: dev.erased_val(),
        });
        unsafe {
            let dev: &'static mut dyn Flash = mem::transmute(dev);
            ctx.borrow_mut().flash_map.insert(
                dev_id, FlashPtr{ptr: dev as *mut dyn Flash});
        }
    });
}

pub fn clear_flash(dev_id: u8) {
    THREAD_CTX.with(|ctx| {
        ctx.borrow_mut().flash_map.remove(&dev_id);
    });
}

// This isn't meant to call directly, but by a wrapper.

#[no_mangle]
pub extern "C" fn sim_get_flash_areas() -> *const CAreaDesc {
    THREAD_CTX.with(|ctx| {
        ctx.borrow().flash_areas.ptr
    })
}

#[no_mangle]
pub extern "C" fn sim_set_flash_areas(areas: *const CAreaDesc) {
    THREAD_CTX.with(|ctx| {
        ctx.borrow_mut().flash_areas.ptr = areas;
    });
}

#[no_mangle]
pub extern "C" fn sim_reset_flash_areas() {
    THREAD_CTX.with(|ctx| {
        ctx.borrow_mut().flash_areas.ptr = ptr::null();
    });
}

#[no_mangle]
pub extern "C" fn sim_get_context() -> *const CSimContext {
    SIM_CTX.with(|ctx| {
        ctx.borrow().ptr
    })
}

#[no_mangle]
pub extern "C" fn sim_set_context(ptr: *const CSimContext) {
    SIM_CTX.with(|ctx| {
        ctx.borrow_mut().ptr = ptr;
    });
}

#[no_mangle]
pub extern "C" fn sim_reset_context() {
    SIM_CTX.with(|ctx| {
        ctx.borrow_mut().ptr = ptr::null();
    });
}

#[no_mangle]
pub extern "C" fn bootsim_get_ram_info() -> *const BootsimRamInfo {
    RAM_CTX.with(|ctx| {
        if ctx.borrow().base == 0 {
            // Option is messier to get a pointer out of, so just check if the base has been set to
            // anything.
            panic!("ram info not set, but being used");
        }
        ctx.as_ptr()
    })
}

/// Store a copy of this RAM info.
pub fn set_ram_info(info: BootsimRamInfo) {
    RAM_CTX.with(|ctx| {
        ctx.replace(info);
    });
}

/// Clear out the ram info.
pub fn clear_ram_info() {
    RAM_CTX.with(|ctx| {
        ctx.borrow_mut().base = 0;
    });
}

#[no_mangle]
pub extern "C" fn sim_flash_erase(dev_id: u8, offset: u32, size: u32) -> libc::c_int {
    let mut rc: libc::c_int = -19;
    THREAD_CTX.with(|ctx| {
        if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
            let dev = unsafe { &mut *(flash.ptr) };
            rc = map_err(dev.erase(offset as usize, size as usize));
        }
    });
    rc
}

#[no_mangle]
pub extern "C" fn sim_flash_read(dev_id: u8, offset: u32, dest: *mut u8, size: u32) -> libc::c_int {
    let mut rc: libc::c_int = -19;
    THREAD_CTX.with(|ctx| {
        if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
            let mut buf: &mut[u8] = unsafe { slice::from_raw_parts_mut(dest, size as usize) };
            let dev = unsafe { &mut *(flash.ptr) };
            rc = map_err(dev.read(offset as usize, &mut buf));
        }
    });
    rc
}

#[no_mangle]
pub extern "C" fn sim_flash_write(dev_id: u8, offset: u32, src: *const u8, size: u32) -> libc::c_int {
    let mut rc: libc::c_int = -19;
    THREAD_CTX.with(|ctx| {
        if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) {
            let buf: &[u8] = unsafe { slice::from_raw_parts(src, size as usize) };
            let dev = unsafe { &mut *(flash.ptr) };
            rc = map_err(dev.write(offset as usize, &buf));
        }
    });
    rc
}

#[no_mangle]
pub extern "C" fn sim_flash_align(id: u8) -> u32 {
    THREAD_CTX.with(|ctx| {
        ctx.borrow().flash_params.get(&id).unwrap().align
    })
}

#[no_mangle]
pub extern "C" fn sim_flash_erased_val(id: u8) -> u8 {
    THREAD_CTX.with(|ctx| {
        ctx.borrow().flash_params.get(&id).unwrap().erased_val
    })
}

fn map_err(err: Result<()>) -> libc::c_int {
    match err {
        Ok(()) => 0,
        Err(e) => {
            warn!("{}", e);
            -1
        },
    }
}

/// Called by C code to determine if we should log at this level.  Levels are defined in
/// bootutil/bootutil_log.h.  This makes the logging from the C code controlled by bootsim::api, so
/// for example, it can be enabled with something like:
///     RUST_LOG=bootsim::api=info cargo run --release runall
/// or
///     RUST_LOG=bootsim=info cargo run --release runall
#[no_mangle]
pub extern "C" fn sim_log_enabled(level: libc::c_int) -> libc::c_int {
    let res = match level {
        1 => log_enabled!(Level::Error),
        2 => log_enabled!(Level::Warn),
        3 => log_enabled!(Level::Info),
        4 => log_enabled!(Level::Debug),
        5 => log_enabled!(Level::Trace), // log level == SIM
        _ => false,
    };
    if res {
        1
    } else {
        0
    }
}

#[no_mangle]
pub extern "C" fn sim_set_nv_counter_for_image(image_index: u32, security_counter_value: u32) -> libc::c_int {
    let mut rc = 0;
    NV_COUNTER_CTX.with(|ctx| {
        let mut counter_storage = ctx.borrow_mut();
        if image_index as usize >= counter_storage.storage.len() {
            rc = -1;
            return;
        }
        if counter_storage.storage[image_index as usize] > security_counter_value {
            rc = -2;
            warn!("Failed to set security counter value ({}) for image index {}", security_counter_value, image_index);
            return;
        }

        counter_storage.storage[image_index as usize] = security_counter_value;
    });

    return rc;
}

#[no_mangle]
pub extern "C" fn sim_get_nv_counter_for_image(image_index: u32, security_counter_value: *mut u32) -> libc::c_int {
    let mut rc = 0;
    NV_COUNTER_CTX.with(|ctx| {
        let counter_storage = ctx.borrow();
        if image_index as usize >= counter_storage.storage.len() {
            rc = -1;
            return;
        }
        unsafe { *security_counter_value = counter_storage.storage[image_index as usize] };

    });
    return rc;
}