[nrf noup] boot: Improve bootloader request handling

tomchy · nordicjm · commit 4292905fb054 · 2025-09-09T08:00:04.000+01:00
nrf-squash! [nrf noup] bootloader: Add bootloader requests

Improve logic that handles sending bootloader requests as a result of
issuing the MCUmgr commands.

Signed-off-by: Tomasz Chyrowicz &lt;tomasz.chyrowicz@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_public.c b/boot/bootutil/src/bootutil_public.c
@@ -510,18 +510,25 @@ boot_write_copy_done(const struct flash_area *fap)
 
 #ifdef SEND_BOOT_REQUEST
 static int
-send_boot_request(uint8_t magic, bool confirm, int image_id, uint32_t slot_id)
+send_boot_request(uint8_t magic, uint8_t image_ok, bool confirm, int image_id,
+                  uint32_t slot_id)
 {
     int rc = BOOT_EBADIMAGE;
 
     /* Handle write-protected active image. */
     if ((magic == BOOT_MAGIC_GOOD) || (magic == BOOT_MAGIC_UNSET)) {
         if (confirm) {
             BOOT_LOG_DBG("Confirm image: %d, %d", image_id, slot_id);
-            rc = boot_request_confirm_slot(image_id, slot_id);
+            if ((image_ok != BOOT_FLAG_SET) || (magic != BOOT_MAGIC_GOOD)) {
+                rc = boot_request_confirm_slot(image_id, slot_id);
+            } else {
+                rc = 0;
+            }
+#ifdef CONFIG_NCS_MCUBOOT_BOOT_REQUEST_TEST_SETS_BOOT_PREFERENCE
         } else {
             BOOT_LOG_DBG("Set image preference: %d, %d", image_id, slot_id);
             rc = boot_request_set_preferred_slot(image_id, slot_id);
+#endif /* CONFIG_NCS_MCUBOOT_BOOT_REQUEST_TEST_SETS_BOOT_PREFERENCE */
         }
         if (rc != 0) {
             rc = BOOT_EBADIMAGE;
@@ -594,7 +601,8 @@ boot_set_next(const struct flash_area *fa, bool active, bool confirm)
     image_id = flash_area_to_image_slot(fa, &slot_id);
 
 #ifdef SEND_BOOT_REQUEST
-    rc = send_boot_request(slot_state.magic, confirm, image_id, slot_id);
+    rc = send_boot_request(slot_state.magic, slot_state.image_ok, confirm,
+                           image_id, slot_id);
     if ((rc != 0) || active) {
         return rc;
     }
@@ -686,7 +694,8 @@ boot_set_next(const struct flash_area *fa, bool active, bool confirm)
 #ifdef SEND_BOOT_REQUEST
     image_id = flash_area_to_image_slot(fa, &slot_id);
 
-    rc = send_boot_request(slot_state.magic, confirm, image_id, slot_id);
+    rc = send_boot_request(slot_state.magic, slot_state.image_ok, confirm,
+                           image_id, slot_id);
     if ((rc != 0) || active) {
         return rc;
     }
diff --git a/boot/zephyr/Kconfig b/boot/zephyr/Kconfig
@@ -1372,4 +1372,15 @@ config NCS_MCUBOOT_IMG_VALIDATE_ATTEMPT_WAIT_MS
 	  Time between image validation attempts, in milliseconds.
 	  Allows for recovery from transient bit flips or similar situations.
 
+config NCS_MCUBOOT_BOOT_REQUEST_TEST_SETS_BOOT_PREFERENCE
+	bool "Set boot preference if a slot is marked for test"
+	help
+	  This option allows to verify boot preference requests through issuing
+	  the image test.
+	  Using this option is not recommended in production systems, because
+	  it will boot any newly transferred image, even if it has a lower
+	  version than the current one.
+	  The rollback protection (using security counters) will still be
+	  effective.
+
 source "Kconfig.zephyr"
