sim: Use non-equal security counters when testing upgrades

taltenbach · d3zd3z · commit 1cac1eb97335 · 2025-05-22T08:05:51.000-06:00
When testing upgrades, the simulator was always using two images having
the same security counter. This was preventing to test that the security
counters are updated at the right time in the scenarios where a revert
is possible. The upgrade image is now generated with a higher security
counter than the original image, enabling to detect e.g. the issue fixed
by the previous commit.

Signed-off-by: Thomas Altenbach &lt;thomas.altenbach@legrand.com&gt;
diff --git a/sim/mcuboot-sys/src/api.rs b/sim/mcuboot-sys/src/api.rs
@@ -388,3 +388,13 @@ pub extern "C" fn sim_get_nv_counter_for_image(image_index: u32, security_counte
     });
     return rc;
 }
+
+pub fn sim_reset_nv_counters() {
+    NV_COUNTER_CTX.with(|ctx| {
+        let mut counter_storage = ctx.borrow_mut();
+
+        for i in 0..counter_storage.storage.len() {
+            counter_storage.storage[i] = 0;
+        }
+    });
+}
diff --git a/sim/mcuboot-sys/src/c.rs b/sim/mcuboot-sys/src/c.rs
@@ -166,6 +166,10 @@ pub fn get_security_counter(image_index: u32) -> u32 {
     return counter_val;
 }
 
+pub fn reset_security_counters() {
+    api::sim_reset_nv_counters();
+}
+
 mod raw {
     use crate::area::CAreaDesc;
     use crate::api::{BootRsp, CSimContext};
diff --git a/sim/src/image.rs b/sim/src/image.rs
@@ -239,7 +239,7 @@ impl ImagesBuilder {
                 let upgr   = match deps.depends[image_num] {
                     DepType::NoUpgrade => install_no_image(),
                     _ => install_image(&mut flash, &self.areadesc, &slots, 1,
-                        maximal(46928), &ram, &*dep, ImageManipulation::BadSignature, Some(0))
+                        maximal(46928), &ram, &*dep, ImageManipulation::BadSignature, Some(1))
                 };
                 (prim, upgr)
             } else {
@@ -248,7 +248,7 @@ impl ImagesBuilder {
                 let upgr = match deps.depends[image_num] {
                         DepType::NoUpgrade => install_no_image(),
                         _ => install_image(&mut flash, &self.areadesc, &slots, 1,
-                            maximal(46928), &ram, &*dep, img_manipulation, Some(0))
+                            maximal(46928), &ram, &*dep, img_manipulation, Some(1))
                     };
                 (prim, upgr)
             };
@@ -289,6 +289,10 @@ impl ImagesBuilder {
                 }
         };
 
+        // As a side effect, the upgrade performed above has updated the security counters. Reset
+        // them to their original value.
+        c::reset_security_counters();
+
         images.total_count = Some(total_count);
         images
     }
diff --git a/sim/tests/core.rs b/sim/tests/core.rs
@@ -21,6 +21,7 @@ use std::{
     env,
     sync::atomic::{AtomicUsize, Ordering},
 };
+use mcuboot_sys::c;
 
 /// A single test, after setting up logging and such.  Within the $body,
 /// $arg will be bound to each device.
@@ -90,6 +91,7 @@ test_shell!(dependency_combos, r, {
         let image = r.clone().make_image(&dep, true);
         dump_image(&image, "dependency_combos");
         assert!(!image.run_check_deps(&dep));
+        c::reset_security_counters();
     }
 });
 
