Replace seldom occurrences of FLASH_DRIVER_NAME by equivalent
and commonly used FLASH_DEV_NAME.
Fixes#5919.
Signed-off-by: Erwan Gouriou <erwan.gouriou@linaro.org>
This is an accessor function for the MCUboot image header of an image
bank. The interface may seem a little cumbersome, but it is
future-proof against MCUboot feature and incompatible header version
changes.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Applications chainloaded by MCUboot may want to change their behavior
based on whether or not they are confirmed.
Here are some examples:
- performing a built-in self test (BIST) if the image is not yet
confirmed, and marking it OK if it passes (this enables reverting
to an older working image if the BIST fails, and allows future
resets to skip the BIST if it passes to improve boot time)
- interacting with persistent metadata related to image state on
other flash partitions during test upgrades (these are required in
cases when the update source provides runtime metadata, such as
monotonic counters, related to an upgrade attempt which must be
used to report results)
To enable these use cases, add boot_is_img_confirmed(), which reads
the "image OK" field for the current firmware image and returns true
if and only if it is set.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
The current implementation of boot_write_img_confirmed() does not
write the image OK byte in flash bank 0 if the magic "request upgrade"
bytes in that bank are "good". This is not robust behavior.
The MCUboot design document has this to say about the image OK byte:
Upgrading an old image with a new one by swapping can be a two-step
process. In this process, mcuboot performs a "test" swap of image
data in flash and boots the new image. The new image can then
update the contents of flash at runtime to mark itself "OK", and
mcuboot will then still choose to run it during the next boot.
[...]
4. Image OK: A single byte indicating whether the image in this
slot has been confirmed as good by the user (0x01=confirmed;
0xff=not confirmed).
This says nothing about the magic bytes, so it'd be better not to make
assumptions about their effect here.
Further, MCUboot itself does not use the magic field when marking the
only known-good image on flash "OK" after either reverting a failed
upgrade or refusing to boot an upgrade iamge with an invalid
signature: instead, it unconditionally ensures the Image OK byte is
set to 0x01.
For consistency with MCUboot's design and implementation, remove the
lines that look at the magic bytes from boot_write_img_confirmed().
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Use the define generated by the DTS instead of using the FLASH_ALIGN
alias. The latter is an internal mcuboot name. We shouldn't need it in
Zephyr itself.
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
mcuboot_constraints.h had FLASH information related to the SoC that
should be maintained as part of the SoC and not in the subsystem. Also
fixed Makefiles to check for IMG_UTIL Kconfig and not MCUBOOT.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
read, update status
trigger flashing
erase image bank
Module is intended to be use by a higher-level
image management protocol module.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Erwan Gouriou