Some parts of subsys/dfu/boot code are re-implementations of
what is implemented in the MCUBoot repository.
Mcuboot's repository already provide implementation of function
required for application for interact with the MCUboot.
This patch introduces new MCUBOOT_BOOTUTIL module which covers
common code which is used in the bootloader and the chainnloaded
application.
dfu/boot: use MCUBoot's source code
Module was reworked so it start using MCUBoot's
bootutil_public API instead of copied code.
Reworked boot_is_img_confirmed() used MCUBoot's API
for determine image_ok flag.
mcuboot_shell switchd to use MCUboot's boot_read_swap_state_by_id()
This is MCUBoot function, use it for avoid linking conflict.
test/subsys/mcuboot: fix `test_write_confirm`
dfu/boot library was reworked so it uses MCUboot's bootutil_public
library whenever it can.
The library required that image was marked as copy-done before it
can be pending.
This patch adds such mark which fixes the test.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Flash memory can be write but there is no way to check flash integrity.
Add flash_img_check method that verify flash integrity. This is useful
to avoid firmware reboot and test. Another use is ensure that firmware
upgrade routines from internet server to flash slot are performing
properly. This uses flash_area_check_int_sha256 method to check a
SHA-256 hash. On sucess match, zero is returned, otherwise a negative
errno value.
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com>
This allows flash_img.c to be used outside of mcuboot scope.
Add new call to not break existing code.
Signed-off-by: Håkon Øye Amundsen <haakon.amundsen@nordicsemi.no>
I ran into a build failure trying to use Zephyr's MCUmgr. It was a
missing symbol at link time, and since I am using C++, I looked to see
if it was a name mangling issue. The mcuboot.h header file was missing
`extern "C"` guards, which was the root cause of the issue.
This commit adds C++ support to mcuboot.h by adding in `extern "C"`
guards. I validated this change by building and running my DFU
application with MCUmgr successfully.
Signed-off-by: Brooks Prumo <brooks@prumo.org>
Consistently place C++ use of extern "C" after all include directives,
within the negative branch of _ASMLANGUAGE if used.
Background from issue #17997:
Declarations that use C linkage should be placed within extern "C"
so the language linkage is correct when the header is included by
a C++ compiler.
Similarly #include directives should be outside the extern "C" to
ensure the language-specific default linkage is applied to any
declarations provided by the included header.
See: https://en.cppreference.com/w/cpp/language/language_linkage
Signed-off-by: Peter Bigot <peter.bigot@nordicsemi.no>
move flash_map.h to storage/flash_map.h and
create a shim for backward-compatibility.
No functional changes to the headers.
A warning in the shim can be controlled with CONFIG_COMPAT_INCLUDES.
Related to #16539
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Patch adds option for progressive erase of firmware image.
When using this, flash is erased as necessary when receiving
new firmware, instead of erasing the whole image slot at once.
This is useful on some hardware (like nRF52840) that has
long erase times, to prevent long wait times at the beginning
of the DFU process.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
This function conflicts with a function of the same name in mcuboot.
This happens when building USB DFU support into mcuboot.
DFU over USB uses image manager and mcuboot internals to manage images
downloaded to the device.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Patch introduces flash_map subsystem to operate on flash
image instead of direct operation using flash_driver API.
Changes allows to support operation on the image in any flash
device.
flash_map was not available when this subsystem was introduced.
Signed-off-by: Findlay Feng <i@fengch.me>
Patch introduces flash_map subsystem to operate on flash
footprint instead of direct operation using flash_driver API.
Flash area ID is used in API instead of direct flash-bank-offsets.
Changes allows to support operation on the partition in any flash
device.
flash_map was not available when this subsystem was introduced.
Signed-off-by: Findlay Feng <i@fengch.me>
Any word started with underscore followed by and uppercase letter or a
second underscore is a reserved word according with C99.
Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Duplicate code to query was mistakenly added in commit
2ad7ccdb2d. This code is redundant; the
existing `boot_read_bank_header()` function can read the version from
both image banks.
Signed-off-by: Christopher Collins <ccollins@apache.org>
Exposes the operation that MCUboot will perform on the next reboot
(e.g., stay on current image, swap to alternate image, etc.).
Signed-off-by: Christopher Collins <ccollins@apache.org>
This is an accessor function for the MCUboot image header of an image
bank. The interface may seem a little cumbersome, but it is
future-proof against MCUboot feature and incompatible header version
changes.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Applications chainloaded by MCUboot may want to change their behavior
based on whether or not they are confirmed.
Here are some examples:
- performing a built-in self test (BIST) if the image is not yet
confirmed, and marking it OK if it passes (this enables reverting
to an older working image if the BIST fails, and allows future
resets to skip the BIST if it passes to improve boot time)
- interacting with persistent metadata related to image state on
other flash partitions during test upgrades (these are required in
cases when the update source provides runtime metadata, such as
monotonic counters, related to an upgrade attempt which must be
used to report results)
To enable these use cases, add boot_is_img_confirmed(), which reads
the "image OK" field for the current firmware image and returns true
if and only if it is set.
Signed-off-by: Marti Bolivar <marti@opensourcefoundries.com>
Store image in sequence of certain blocks.
Module is intended to be use by a higher-level
image management protocol module
Signed-off-by: Michael Scott <michael.scott@linaro.org>
Signed-off-by: Marti Bolivar <marti.bolivar@linaro.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
read, update status
trigger flashing
erase image bank
Module is intended to be use by a higher-level
image management protocol module.
Signed-off-by: Fabio Utzig <utzig@apache.org>
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Andrzej Puzdrowski