bootutil: Support for logical sectors

de-nordic · de-nordic · commit f01bf1254af2 · 2025-06-26T16:36:30.000Z
The commit adds support for logical/software sectors. User can
select size of sector by which image will be moved using
configuration identifier MCUBOOT_LOGICAL_SECTOR_SIZE.
Non-0 value set to MCUBOOT_LOGICAL_SECTOR_SIZE will be used
as sector size for image swap algorithms. Note that the value provided
here should be aligned to hardware erase page of device(s) used
and may not be smaller than of such a device.
There is also additional option provided, MCUBOOT_LOGICAL_SECTOR_VALIDATE,
that allows to enable validation of selected logical sector against
true layout of a device.

Signed-off-by: Dominik Ermel &lt;dominik.ermel@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
@@ -235,14 +235,18 @@ struct boot_loader_state {
     struct {
         struct image_header hdr;
         const struct flash_area *area;
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
         boot_sector_t *sectors;
+#endif
         uint32_t num_sectors;
     } imgs[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
 
 #if MCUBOOT_SWAP_USING_SCRATCH
     struct {
         const struct flash_area *area;
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
         boot_sector_t *sectors;
+#endif
         uint32_t num_sectors;
     } scratch;
 #endif
@@ -283,12 +287,14 @@ struct boot_loader_state {
 #endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
 };
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 struct boot_sector_buffer {
     boot_sector_t primary[BOOT_IMAGE_NUMBER][BOOT_MAX_IMG_SECTORS];
     boot_sector_t secondary[BOOT_IMAGE_NUMBER][BOOT_MAX_IMG_SECTORS];
 #if MCUBOOT_SWAP_USING_SCRATCH
     boot_sector_t scratch[BOOT_MAX_IMG_SECTORS];
 #endif
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 };
 
 /* The function is intended for verification of image hash against
@@ -508,6 +514,7 @@ boot_img_slot_off(struct boot_loader_state *state, size_t slot)
     return flash_area_get_off(BOOT_IMG_AREA(state, slot));
 }
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #ifndef MCUBOOT_USE_FLASH_AREA_GET_SECTORS
 
 static inline size_t
@@ -546,7 +553,43 @@ boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
            flash_sector_get_off(&BOOT_IMG(state, slot).sectors[0]);
 }
 
+static inline int
+boot_img_sector_size_fa(const struct flash_area *fa, size_t off, size_t *size)
+{
+    struct flash_sector sector;
+    int ret;
+
+    assert(size != NULL);
+    assert(fa != NULL);
+
+    ret = flash_area_get_sector(fa, off, &sector);
+
+    if (ret >= 0) {
+        *size = flash_sector_get_size(&sector);
+    }
+
+    return ret;
+}
 #endif  /* !defined(MCUBOOT_USE_FLASH_AREA_GET_SECTORS) */
+#else
+static inline size_t
+boot_img_sector_size(const struct boot_loader_state *state,
+                     size_t slot, size_t sector)
+{
+    return MCUBOOT_LOGICAL_SECTOR_SIZE;
+}
+
+/*
+ * Offset of the sector from the beginning of the image, NOT the flash
+ * device.
+ */
+static inline uint32_t
+boot_img_sector_off(const struct boot_loader_state *state, size_t slot,
+                    size_t sector)
+{
+    return MCUBOOT_LOGICAL_SECTOR_SIZE * sector;
+}
+#endif
 
 #ifdef MCUBOOT_RAM_LOAD
 #   ifdef __BOOTSIM__
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
@@ -68,13 +68,15 @@ static struct boot_loader_state boot_data;
 static struct image_max_size image_max_sizes[BOOT_IMAGE_NUMBER] = {0};
 #endif
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #if (!defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)) || \
 defined(MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO)
 /* Used for holding static buffers in multiple functions to work around issues
  * in older versions of gcc (e.g. 4.8.4)
  */
 static struct boot_sector_buffer sector_buffers;
 #endif
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
 #if (BOOT_IMAGE_NUMBER > 1)
 #define IMAGES_ITER(x) for ((x) = 0; (x) < BOOT_IMAGE_NUMBER; ++(x))
@@ -296,6 +298,7 @@ boot_version_cmp(const struct image_version *ver1,
 }
 #endif
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #if (!defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)) || \
 defined(MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO)
 static int
@@ -336,6 +339,111 @@ boot_initialize_area(struct boot_loader_state *state, int flash_area)
     return 0;
 }
 #endif
+#else /* defined(MCUBOOT_LOGICAL_SECTOR_SIZE) && MCUBOOT_LOGICAL_SECTOR_SIZE != 0 */
+#if defined(MCUBOOT_LOGICAL_SECTOR_VALIDATION)
+/* Validation can only run once all flash areaa area open and pointers to
+ * flash area objects area stored in state.
+ */
+static int
+boot_validate_logical_sectors(const struct boot_loader_state *state, int faid, const struct flash_area *fa)
+{
+    uint32_t num_sectors = BOOT_MAX_IMG_SECTORS;
+    size_t slot_size;
+    size_t slot_off;
+    size_t sect_off = 0;
+    int rc;
+    int final_rc = 0;
+
+    assert(fa != NULL);
+    assert(faid != 0);
+
+    slot_off = flash_area_get_off(fa);
+    slot_size = flash_area_get_size(fa);
+
+
+    /* Go till all validations are complete or we face issue that does not allow
+     * to proceede with further tests.
+     */
+    BOOT_LOG_INF("boot_validate_logical_sectors: validating flash area %p", fa);
+    BOOT_LOG_INF("boot_validate_logical_sectors: MCUBOOT_LOGICAL_SECTOR_SIZE == 0x%x",
+                 MCUBOOT_LOGICAL_SECTOR_SIZE);
+    BOOT_LOG_INF("boot_validate_logical_sectors: slot offset == 0x%x", slot_off);
+    if (slot_size != 0) {
+        BOOT_LOG_INF("boot_validate_logical_sectors: slot size == 0x%x", slot_size);
+    } else {
+        BOOT_LOG_ERR("boot_validate_logical_sectors: 0 size slot");
+        return BOOT_EFLASH;
+    }
+
+    BOOT_LOG_INF("boot_validate_logical_sectors: max %d logical sectors",
+                 slot_size / MCUBOOT_LOGICAL_SECTOR_SIZE);
+
+    if (slot_off % MCUBOOT_LOGICAL_SECTOR_SIZE) {
+        BOOT_LOG_ERR("boot_validate_logical_sectors: area offset not aligned");
+        final_rc = BOOT_EFLASH;
+    }
+
+    if (slot_size % MCUBOOT_LOGICAL_SECTOR_SIZE) {
+        BOOT_LOG_ERR("boot_validate_logical_sectors: area size not aligned");
+        final_rc = BOOT_EFLASH;
+    }
+
+    /* Check all hardware specific pages against erase pages of a device */
+    for (size_t i = 0; i < num_sectors; i++) {
+        struct flash_sector fas;
+
+        MCUBOOT_WATCHDOG_FEED();
+
+        BOOT_LOG_INF("boot_validate_logical_sectors: page 0x%x:0x%x ", slot_off, sect_off);
+        rc = flash_area_get_sector(fa, sect_off, &fas);
+        if (rc < 0) {
+            BOOT_LOG_ERR("boot_validate_logical_sectors: query err %d", rc);
+            final_rc = BOOT_EFLASH;
+            continue;
+        }
+
+
+        if (flash_sector_get_off(&fas) % MCUBOOT_LOGICAL_SECTOR_SIZE) {
+            BOOT_LOG_ERR("boot_validate_logical_sectors: misaligned offset");
+            final_rc = BOOT_EFLASH;
+        }
+
+        sect_off += flash_sector_get_size(&fas);
+    }
+
+    BOOT_LOG_INF("boot_validate_logical_sectors: done %d", final_rc);
+
+    return final_rc;
+}
+#endif /* MCUBOOT_LOGICAL_SECTOR_VALIDATION */
+
+static int
+boot_initialize_area(struct boot_loader_state *state, int flash_area)
+{
+    size_t area_size;
+    uint32_t *out_num_sectors;
+
+    if (flash_area == FLASH_AREA_IMAGE_PRIMARY(BOOT_CURR_IMG(state))) {
+        area_size = flash_area_get_size(BOOT_IMG_AREA(state, BOOT_PRIMARY_SLOT));
+        out_num_sectors = &BOOT_IMG(state, BOOT_PRIMARY_SLOT).num_sectors;
+    } else if (flash_area == FLASH_AREA_IMAGE_SECONDARY(BOOT_CURR_IMG(state))) {
+        area_size = flash_area_get_size(BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT));
+        out_num_sectors = &BOOT_IMG(state, BOOT_SECONDARY_SLOT).num_sectors;
+#if MCUBOOT_SWAP_USING_SCRATCH
+    } else if (flash_area == FLASH_AREA_IMAGE_SCRATCH) {
+        area_size = flash_area_get_size(state->scratch.area);
+        out_num_sectors = &state->scratch.num_sectors;
+#endif
+    } else {
+        return BOOT_EFLASH;
+    }
+
+    *out_num_sectors = area_size / MCUBOOT_LOGICAL_SECTOR_SIZE;
+
+    return 0;
+}
+
+#endif /* defined(MCUBOOT_LOGICAL_SECTOR_SIZE) && MCUBOOT_LOGICAL_SECTOR_SIZE != 0 */
 
 #if defined(MCUBOOT_SERIAL_IMG_GRP_SLOT_INFO)
 static int
@@ -652,6 +760,29 @@ boot_read_sectors(struct boot_loader_state *state, struct boot_sector_buffer *se
 
     BOOT_WRITE_SZ(state) = boot_write_sz(state);
 
+#if defined(MCUBOOT_LOGICAL_SECTOR_VALIDATION)
+    BOOT_LOG_INF("boot_read_sectors: validate image %d slots", image_index);
+    BOOT_LOG_INF("boot_read_sectors: BOOT_PRIMARY_SLOT");
+    if (boot_validate_logical_sectors(state, FLASH_AREA_IMAGE_PRIMARY(image_index),
+		BOOT_IMG_AREA(state, BOOT_PRIMARY_SLOT)) != 0) {
+        rc = BOOT_EFLASH;
+    }
+
+    BOOT_LOG_INF("boot_read_sectors: BOOT_SECONDARY_SLOT");
+    if(boot_validate_logical_sectors(state, FLASH_AREA_IMAGE_SECONDARY(image_index),
+		BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT)) != 0) {
+        rc = BOOT_EFLASH_SEC;
+    }
+
+#if MCUBOOT_SWAP_USING_SCRATCH
+    BOOT_LOG_INF("boot_read_sectors: SCRATCH");
+    if(boot_validate_logical_sectors(state, FLASH_AREA_IMAGE_SCRATCH,
+		state->scratch.area) != 0) {
+        rc = BOOT_EFLASH;
+    }
+#endif /* MCUBOOT_SWAP_USING_SCRATCH */
+#endif /* defined(MCUBOOT_LOGICAL_SECTOR_VALIDATION) */
+
     return 0;
 }
 
@@ -789,6 +920,7 @@ boot_image_check(struct boot_loader_state *state, struct image_header *hdr,
 }
 
 #if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD)
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 static fih_ret
 split_image_check(struct image_header *app_hdr,
                   const struct flash_area *app_fap,
@@ -819,6 +951,7 @@ split_image_check(struct image_header *app_hdr,
 out:
     FIH_RET(fih_rc);
 }
+#endif /* defined(MCUBOOT_LOGICAL_SECTOR_SIZE) && MCUBOOT_LOGICAL_SECTOR_SIZE != 0 */
 #endif /* !MCUBOOT_DIRECT_XIP && !MCUBOOT_RAM_LOAD */
 
 /*
@@ -2297,10 +2430,12 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
 
     BOOT_LOG_DBG("context_boot_go");
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 #if defined(__BOOTSIM__)
     struct boot_sector_buffer sector_buf;
     sectors = &sector_buf;
 #endif
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
     has_upgrade = false;
 
@@ -2560,6 +2695,7 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
     FIH_RET(fih_rc);
 }
 
+#if !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0
 fih_ret
 split_go(int loader_slot, int split_slot, void **entry)
 {
@@ -2625,6 +2761,7 @@ split_go(int loader_slot, int split_slot, void **entry)
 
     FIH_RET(fih_rc);
 }
+#endif /* !defined(MCUBOOT_LOGICAL_SECTOR_SIZE) || MCUBOOT_LOGICAL_SECTOR_SIZE == 0 */
 
 #else /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
 
