bootutil: Support for logical sectors

de-nordic · de-nordic · commit c5bc7b931162 · 2025-10-03T16:24:45.000+02:00
The commit adds support for logical/software sectors. User can
select size of sector by which image will be moved using
configuration identifier MCUBOOT_LOGICAL_SECTOR_SIZE.
Non-0 value set to MCUBOOT_LOGICAL_SECTOR_SIZE will be used
as sector size for image swap algorithms. Note that the value provided
here should be aligned to hardware erase page of device(s) used
and may not be smaller than of such a device.
There is also additional option provided, MCUBOOT_VERIFY_LOGICAL_SECTORS,
that allows to enable validation of selected logical sector against
true layout of a device.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
@@ -56,13 +56,15 @@ BOOT_LOG_MODULE_DECLARE(mcuboot);
 /* Currently only used by imgmgr */
 int boot_current_slot;
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #if (!defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)) || \
 defined(MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO)
 /* Used for holding static buffers in multiple functions to work around issues
  * in older versions of gcc (e.g. 4.8.4)
  */
 static struct boot_sector_buffer sector_buffers;
 #endif
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
 /**
  * @brief Determine if the data at two memory addresses is equal
@@ -625,6 +627,7 @@ boot_erase_region(const struct flash_area *fa, uint32_t off, uint32_t size, bool
 
 #if (!defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)) || \
 defined(MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO)
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 int
 boot_initialize_area(struct boot_loader_state *state, int flash_area)
 {
@@ -665,6 +668,139 @@ boot_initialize_area(struct boot_loader_state *state, int flash_area)
     return 0;
 }
 
+#else /* defined(MCUBOOT_LOGICAL_SECTOR_SIZE) && MCUBOOT_LOGICAL_SECTOR_SIZE != 0 */
+#if defined(MCUBOOT_VERIFY_LOGICAL_SECTORS)
+/* Validation can only run once all flash areas are open and pointers to
+ * flash area objects are stored in state.
+ */
+static int
+boot_verify_logical_sectors(int faid, const struct flash_area *fa)
+{
+    uint32_t slot_size;
+    uint32_t slot_off;
+    uint32_t sect_off = 0;
+    int rc;
+    int final_rc = 0;
+    bool device_with_erase;
+    uint32_t wbs;
+
+    assert(fa != NULL);
+    assert(faid != 0);
+
+    slot_off = (uint32_t)flash_area_get_off(fa);
+    slot_size = (uint32_t)flash_area_get_size(fa);
+
+    wbs = flash_area_align(fa);
+
+    device_with_erase = device_requires_erase(fa);
+    /* Go till all verifications are complete or we face issue that does not allow
+     * to precede with further tests.
+     */
+    BOOT_LOG_INF("boot_verify_logical_sectors: verify flash area %p", fa);
+    BOOT_LOG_INF("boot_verify_logical_sectors: MCUBOOT_LOGICAL_SECTOR_SIZE == 0x%x",
+                 MCUBOOT_LOGICAL_SECTOR_SIZE);
+    BOOT_LOG_INF("boot_verify_logical_sectors: slot offset == 0x%x", slot_off);
+    if (slot_size != 0) {
+        BOOT_LOG_INF("boot_verify_logical_sectors: slot size == 0x%x", slot_size);
+    } else {
+        BOOT_LOG_ERR("boot_verify_logical_sectors: 0 size slot");
+        return BOOT_EFLASH;
+    }
+    BOOT_LOG_INF("boot_verify_logical_sectors: write block size %u", wbs);
+    BOOT_LOG_INF("boot_verify_logical_sectors: device with%s erase",
+                 device_with_erase ? "" : "out");
+
+    /* We are expecting slot size to be multiple of logical sector size.
+     * Note though that we do not check alignment of the slot to logical sector.
+     * as it does not matter, only alignment of slot to a real erase page
+     * matters.
+     */
+    if (slot_size % MCUBOOT_LOGICAL_SECTOR_SIZE) {
+        BOOT_LOG_ERR("boot_verify_logical_sectors: area size not aligned");
+        final_rc = BOOT_EFLASH;
+    }
+
+    BOOT_LOG_INF("boot_verify_logical_sectors: max %d logical sectors",
+                 slot_size / MCUBOOT_LOGICAL_SECTOR_SIZE);
+
+    if (device_with_erase) {
+        size_t total_scanned = 0;
+
+        /* Check all logical sectors pages against erase pages of a device */
+        while (total_scanned < slot_size) {
+            struct flash_sector fas;
+
+            MCUBOOT_WATCHDOG_FEED();
+
+            BOOT_LOG_INF("boot_verify_logical_sectors: page 0x%x:0x%x ", slot_off, sect_off);
+            rc = flash_area_get_sector(fa, sect_off, &fas);
+            if (rc < 0) {
+                BOOT_LOG_ERR("boot_verify_logical_sectors: query err %d", rc);
+                final_rc = BOOT_EFLASH;
+                continue;
+            }
+
+            /* Jumping by logical sector size should align us with real erase page
+             * each time.
+             */
+            if (sect_off != flash_sector_get_off(&fas)) {
+                BOOT_LOG_ERR("boot_verify_logical_sectors: misaligned offset (0x%x)",
+                             (uint32_t)flash_sector_get_off(&fas));
+                final_rc = BOOT_EFLASH;
+            }
+
+            /* Jumping by logical sector size */
+            sect_off += MCUBOOT_LOGICAL_SECTOR_SIZE;
+            total_scanned += MCUBOOT_LOGICAL_SECTOR_SIZE;
+        }
+    } else {
+        /* Devices with no-explicit erase require alignment to write block size */
+
+        if (MCUBOOT_LOGICAL_SECTOR_SIZE % wbs) {
+            BOOT_LOG_ERR("boot_verify_logical_sectors: sector size not aligned to write block");
+            final_rc = BOOT_EFLASH;
+        }
+
+        if (slot_off % wbs) {
+            BOOT_LOG_ERR("boot_verify_logical_sectors: slot not aligned to write block");
+            final_rc = BOOT_EFLASH;
+        }
+    }
+
+    BOOT_LOG_INF("boot_verify_logical_sectors: completed (%d)", final_rc);
+
+    return final_rc;
+}
+#endif /* MCUBOOT_LOGICAL_SECTOR_VALIDATION */
+
+static int
+boot_initialize_area(struct boot_loader_state *state, int flash_area)
+{
+    size_t area_size;
+    uint32_t *out_num_sectors;
+
+    if (flash_area == FLASH_AREA_IMAGE_PRIMARY(BOOT_CURR_IMG(state))) {
+        area_size = flash_area_get_size(BOOT_IMG_AREA(state, BOOT_SLOT_PRIMARY));
+        out_num_sectors = &BOOT_IMG(state, BOOT_SLOT_PRIMARY).num_sectors;
+    } else if (flash_area == FLASH_AREA_IMAGE_SECONDARY(BOOT_CURR_IMG(state))) {
+        area_size = flash_area_get_size(BOOT_IMG_AREA(state, BOOT_SLOT_SECONDARY));
+        out_num_sectors = &BOOT_IMG(state, BOOT_SLOT_SECONDARY).num_sectors;
+#if MCUBOOT_SWAP_USING_SCRATCH
+    } else if (flash_area == FLASH_AREA_IMAGE_SCRATCH) {
+        area_size = flash_area_get_size(state->scratch.area);
+        out_num_sectors = &state->scratch.num_sectors;
+#endif
+    } else {
+        return BOOT_EFLASH;
+    }
+
+    *out_num_sectors = area_size / MCUBOOT_LOGICAL_SECTOR_SIZE;
+
+    return 0;
+}
+
+#endif /* defined(MCUBOOT_LOGICAL_SECTOR_SIZE) && MCUBOOT_LOGICAL_SECTOR_SIZE != 0 */
+
 static uint32_t
 boot_write_sz(struct boot_loader_state *state)
 {
@@ -694,12 +830,13 @@ boot_read_sectors(struct boot_loader_state *state, struct boot_sector_buffer *se
     uint8_t image_index;
     int rc;
 
+    image_index = BOOT_CURR_IMG(state);
+
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
     if (sectors == NULL) {
         sectors = &sector_buffers;
     }
 
-    image_index = BOOT_CURR_IMG(state);
-
     BOOT_IMG(state, BOOT_SLOT_PRIMARY).sectors =
         sectors->primary[image_index];
 #if BOOT_NUM_SLOTS > 1
@@ -709,6 +846,9 @@ boot_read_sectors(struct boot_loader_state *state, struct boot_sector_buffer *se
     state->scratch.sectors = sectors->scratch;
 #endif
 #endif
+#else
+    (void)sectors;
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
     rc = boot_initialize_area(state, FLASH_AREA_IMAGE_PRIMARY(image_index));
     if (rc != 0) {
@@ -732,6 +872,28 @@ boot_read_sectors(struct boot_loader_state *state, struct boot_sector_buffer *se
 
     BOOT_WRITE_SZ(state) = boot_write_sz(state);
 
+#if defined(MCUBOOT_VERIFY_LOGICAL_SECTORS)
+    BOOT_LOG_INF("boot_read_sectors: verify image %d slots", image_index);
+    BOOT_LOG_INF("boot_read_sectors: BOOT_SLOT_PRIMARY");
+    if (boot_verify_logical_sectors(FLASH_AREA_IMAGE_PRIMARY(image_index),
+        BOOT_IMG_AREA(state, BOOT_SLOT_PRIMARY)) != 0) {
+        rc = BOOT_EFLASH;
+    }
+
+    BOOT_LOG_INF("boot_read_sectors: BOOT_SLOT_SECONDARY");
+    if (boot_verify_logical_sectors(FLASH_AREA_IMAGE_SECONDARY(image_index),
+        BOOT_IMG_AREA(state, BOOT_SLOT_SECONDARY)) != 0) {
+        rc = BOOT_EFLASH_SEC;
+    }
+
+#if MCUBOOT_SWAP_USING_SCRATCH
+    BOOT_LOG_INF("boot_read_sectors: SCRATCH");
+    if (boot_verify_logical_sectors(FLASH_AREA_IMAGE_SCRATCH, state->scratch.area) != 0) {
+        rc = BOOT_EFLASH;
+    }
+#endif /* MCUBOOT_SWAP_USING_SCRATCH */
+#endif /* defined(MCUBOOT_LOGICAL_SECTOR_VALIDATION) */
+
     return 0;
 }
 #endif
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
@@ -240,14 +240,18 @@ struct boot_loader_state {
     struct {
         struct image_header hdr;
         const struct flash_area *area;
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
         boot_sector_t *sectors;
+#endif
         uint32_t num_sectors;
     } imgs[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
 
 #if MCUBOOT_SWAP_USING_SCRATCH
     struct {
         const struct flash_area *area;
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
         boot_sector_t *sectors;
+#endif
         uint32_t num_sectors;
     } scratch;
 #endif
@@ -510,6 +514,7 @@ boot_img_slot_off(struct boot_loader_state *state, size_t slot)
     return flash_area_get_off(BOOT_IMG_AREA(state, slot));
 }
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #ifndef MCUBOOT_USE_FLASH_AREA_GET_SECTORS
 
 static inline size_t
@@ -549,6 +554,32 @@ boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
 }
 
 #endif  /* !defined(MCUBOOT_USE_FLASH_AREA_GET_SECTORS) */
+#else
+static inline size_t
+boot_img_sector_size(const struct boot_loader_state *state,
+                     size_t slot, size_t sector)
+{
+    (void)state;
+    (void)slot;
+    (void)sector;
+
+    return MCUBOOT_LOGICAL_SECTOR_SIZE;
+}
+
+/*
+ * Offset of the sector from the beginning of the image, NOT the flash
+ * device.
+ */
+static inline uint32_t
+boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
+                    size_t sector)
+{
+    (void)state;
+    (void)slot;
+
+    return MCUBOOT_LOGICAL_SECTOR_SIZE * sector;
+}
+#endif
 
 #ifdef MCUBOOT_RAM_LOAD
 #   ifdef __BOOTSIM__
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
@@ -702,6 +702,7 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr,
 }
 
 #if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 static fih_ret
 split_image_check(struct image_header *app_hdr,
                   const struct flash_area *app_fap,
@@ -732,6 +733,7 @@ split_image_check(struct image_header *app_hdr,
 out:
     FIH_RET(fih_rc);
 }
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 #endif /* !MCUBOOT_DIRECT_XIP && !MCUBOOT_RAM_LOAD */
 
 /*
@@ -2210,10 +2212,12 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
 
     BOOT_LOG_DBG("context_boot_go");
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #if defined(__BOOTSIM__)
     struct boot_sector_buffer sector_buf;
     sectors = &sector_buf;
 #endif
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
     has_upgrade = false;
 
@@ -2473,6 +2477,7 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
     FIH_RET(fih_rc);
 }
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 fih_ret
 split_go(int loader_slot, int split_slot, void **entry)
 {
@@ -2538,6 +2543,7 @@ split_go(int loader_slot, int split_slot, void **entry)
 
     FIH_RET(fih_rc);
 }
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
 #else /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
 
