boot: bootutil: image_validate: Add error on security counter fail

nordicjm · de-nordic · commit fc8477e55196 · 2025-07-31T18:01:36.000+02:00
Adds an error log output showing the version of the image security
counter and the monotonic counter value when the image has too low
a count to be booted

Signed-off-by: Jamie McCrae &lt;jamie.mccrae@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
@@ -740,6 +740,8 @@ bootutil_img_validate(struct boot_loader_state *state,
             fih_rc = fih_ret_encode_zero_equality(img_security_cnt <
                                    (uint32_t)fih_int_decode(security_cnt));
             if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
+                BOOT_LOG_ERR("Image security counter value %u lower than monotonic value %u",
+                             img_security_cnt, (uint32_t)fih_int_decode(security_cnt));
                 FIH_SET(fih_rc, FIH_FAILURE);
                 goto out;
             }

Original file line number	Diff line number	Diff line change
`@@ -740,6 +740,8 @@ bootutil_img_validate(struct boot_loader_state *state,`
`740`	`740`	`fih_rc = fih_ret_encode_zero_equality(img_security_cnt <`
`741`	`741`	`(uint32_t)fih_int_decode(security_cnt));`
`742`	`742`	`if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {`
	`743`	`+ BOOT_LOG_ERR("Image security counter value %u lower than monotonic value %u",`
	`744`	`+ img_security_cnt, (uint32_t)fih_int_decode(security_cnt));`
`743`	`745`	`FIH_SET(fih_rc, FIH_FAILURE);`
`744`	`746`	`goto out;`
`745`	`747`	`}`