sim: Added test for over-sized image bootstrap

nvlsianpu · nvlsianpu · commit 26d19d330aef · 2022-10-04T23:02:36.000+02:00
Added test for check whether the bootstrap will fail for too big
image.

Signed-off-by: Andrzej Puzdrowski &lt;andrzej.puzdrowski@nordicsemi.no&gt;
diff --git a/sim/src/image.rs b/sim/src/image.rs
@@ -335,6 +335,28 @@ impl ImagesBuilder {
         }
     }
 
+    pub fn make_oversized_bootstrap_image(self) -> Images {
+        let mut flash = self.flash;
+        let ram = self.ram.clone(); // TODO: Avoid this clone.
+        let images = self.slots.into_iter().enumerate().map(|(image_num, slots)| {
+            let dep = BoringDep::new(image_num, &NO_DEPS);
+            let primaries = install_no_image();
+            let upgrades = install_image(&mut flash, &slots[1],
+                ImageSize::Oversized, &ram, &dep, false);
+            OneImage {
+                slots,
+                primaries,
+                upgrades,
+            }}).collect();
+        Images {
+            flash,
+            areadesc: self.areadesc,
+            images,
+            total_count: None,
+            ram: self.ram,
+        }
+    }
+
     /// Build the Flash and area descriptor for a given device.
     pub fn make_device(device: DeviceName, align: usize, erased_val: u8) -> (SimMultiFlash, AreaDesc, &'static [Caps]) {
         match device {
@@ -512,6 +534,39 @@ impl Images {
         fails > 0
     }
 
+    pub fn run_oversized_bootstrap(&self) -> bool {
+        let mut flash = self.flash.clone();
+        let mut fails = 0;
+
+        if Caps::Bootstrap.present() {
+            info!("Try bootstraping image in the primary");
+
+            let boot_result = c::boot_go(&mut flash, &self.areadesc, None, None, false).interrupted();
+
+            if boot_result {
+                warn!("Failed first boot");
+                fails += 1;
+            }
+
+            if self.verify_images(&flash, 0, 1) {
+                warn!("Image in the first slot was not bootstrapped");
+                fails += 1;
+            }
+
+            if self.verify_trailers(&flash, 0, BOOT_MAGIC_GOOD,
+                                     BOOT_FLAG_SET, BOOT_FLAG_SET) {
+                warn!("Mismatched trailer for the primary slot");
+                fails += 1;
+            }
+        }
+
+        if fails > 0 {
+            error!("Expected trailer on secondary slot to be erased");
+        }
+
+        fails > 0
+    }
+
 
     /// Test a simple upgrade, with dependencies given, and verify that the
     /// image does as is described in the test.
@@ -1485,11 +1540,12 @@ enum ImageSize {
     Given(usize),
     /// Make the image as large as it can be for the partition/device.
     Largest,
+    /// Make the image quite larger than it can be for the partition/device/
+    Oversized,
 }
 
 #[cfg(not(feature = "max-align-32"))]
 fn tralier_estimation(dev: &dyn Flash) -> usize {
-
     c::boot_trailer_sz(dev.align() as u32) as usize
 }
 
@@ -1501,6 +1557,25 @@ fn tralier_estimation(dev: &dyn Flash) -> usize {
     align_up(c::boot_trailer_sz(dev.align() as u32), sector_size) as usize
 }
 
+fn image_largest_trailer(dev: &dyn Flash) -> usize {
+            // Using the header size we know, the trailer size, and the slot size, we can compute
+            // the largest image possible.
+            let trailer = if Caps::OverwriteUpgrade.present() {
+                // This computation is incorrect, and we need to figure out the correct size.
+                // c::boot_status_sz(dev.align() as u32) as usize
+                16 + 4 * dev.align()
+            } else if Caps::SwapUsingMove.present() {
+                let sector_size = dev.sector_iter().next().unwrap().size as u32;
+                align_up(c::boot_trailer_sz(dev.align() as u32), sector_size) as usize
+            } else if Caps::SwapUsingScratch.present() {
+                tralier_estimation(dev)
+            } else {
+                panic!("The maximum image size can't be calculated.")
+            };
+
+            trailer
+}
+
 /// Install a "program" into the given image.  This fakes the image header, or at least all of the
 /// fields used by the given code.  Returns a copy of the image that was written.
 fn install_image(flash: &mut SimMultiFlash, slot: &SlotInfo, len: ImageSize,
@@ -1530,26 +1605,22 @@ fn install_image(flash: &mut SimMultiFlash, slot: &SlotInfo, len: ImageSize,
     let len = match len {
         ImageSize::Given(size) => size,
         ImageSize::Largest => {
-            // Using the header size we know, the trailer size, and the slot size, we can compute
-            // the largest image possible.
-            let trailer = if Caps::OverwriteUpgrade.present() {
-                // This computation is incorrect, and we need to figure out the correct size.
-                // c::boot_status_sz(dev.align() as u32) as usize
-                16 + 4 * dev.align()
-            } else if Caps::SwapUsingMove.present() {
-                let sector_size = dev.sector_iter().next().unwrap().size as u32;
-                align_up(c::boot_trailer_sz(dev.align() as u32), sector_size) as usize
-            } else if Caps::SwapUsingScratch.present() {
-                tralier_estimation(dev)
-            } else {
-                panic!("The maximum image size can't be calculated.")
-            };
+            let trailer = image_largest_trailer(dev);
             let tlv_len = tlv.estimate_size();
             info!("slot: 0x{:x}, HDR: 0x{:x}, trailer: 0x{:x}",
                 slot_len, HDR_SIZE, trailer);
             slot_len - HDR_SIZE - trailer - tlv_len
-
+        },
+        ImageSize::Oversized => {
+            let trailer = image_largest_trailer(dev);
+            let tlv_len = tlv.estimate_size();
+            info!("slot: 0x{:x}, HDR: 0x{:x}, trailer: 0x{:x}",
+                slot_len, HDR_SIZE, trailer);
+            // the overflow size is rougly estimated to work for all
+            // configurations. It might be precise if tlv_len will be maked precise.
+            slot_len - HDR_SIZE - trailer - tlv_len + dev.align()*4
         }
+
     };
 
     // Generate a boot header.  Note that the size doesn't include the header.
diff --git a/sim/tests/core.rs b/sim/tests/core.rs
@@ -49,6 +49,7 @@ macro_rules! sim_test {
 sim_test!(bad_secondary_slot, make_bad_secondary_slot_image(), run_signfail_upgrade());
 sim_test!(secondary_trailer_leftover, make_erased_secondary_image(), run_secondary_leftover_trailer());
 sim_test!(bootstrap, make_bootstrap_image(), run_bootstrap());
+sim_test!(oversized_bootstrap, make_oversized_bootstrap_image(), run_oversized_bootstrap());
 sim_test!(norevert_newimage, make_no_upgrade_image(&NO_DEPS), run_norevert_newimage());
 sim_test!(basic_revert, make_image(&NO_DEPS, true), run_basic_revert());
 sim_test!(revert_with_fails, make_image(&NO_DEPS, false), run_revert_with_fails());
