Skip to content

Commit ba3bd60

Browse files
davidvinczed3zd3z
davidvincze
authored and
d3zd3z
committed
Boot: Enable multi-image boot
This patch adds the capability to handle multiple firmware images, to update them independently. Also update the design documentation. It separates the completion of aborted image swap operations and the update of images even more as these should be happening at different stages of the boot process according to the design proposal of the multiple image support: mcu-tools/mcuboot#317. Change-Id: I7eb5f632298bb08c805bfaee0359703b2ae19e9d Signed-off-by: David Vincze <[email protected]>
1 parent b75c12a commit ba3bd60

File tree

7 files changed

+564
-207
lines changed

7 files changed

+564
-207
lines changed

.travis.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ matrix:
2323
# separated by ',' and each list of values is run sequentially in the
2424
# defined order.
2525
- os: linux
26-
env: MULTI_FEATURES="sig-rsa overwrite-only,sig-ecdsa overwrite-only" TEST=sim
26+
env: MULTI_FEATURES="sig-rsa overwrite-only,sig-ecdsa overwrite-only,multiimage overwrite-only" TEST=sim
2727
- os: linux
2828
env: MULTI_FEATURES="sig-rsa validate-primary-slot,sig-ecdsa validate-primary-slot" TEST=sim
2929
- os: linux

boot/bootutil/include/bootutil/enc_key.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ int boot_enc_set_key(uint8_t slot, uint8_t *enckey);
5353
int boot_enc_load(const struct image_header *hdr, const struct flash_area *fap,
5454
uint8_t *enckey);
5555
bool boot_enc_valid(const struct flash_area *fap);
56+
void boot_enc_mark_keys_invalid(void);
5657
void boot_encrypt(const struct flash_area *fap, uint32_t off, uint32_t sz,
5758
uint32_t blk_off, uint8_t *buf);
5859
void boot_enc_zeroize(void);

boot/bootutil/src/bootutil_priv.h

Lines changed: 23 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -124,6 +124,7 @@ struct boot_status {
124124
* (`MCUBOOT_ENC_IMAGES`).
125125
*/
126126

127+
extern uint8_t current_image;
127128
extern const uint32_t boot_img_magic[4];
128129

129130
struct boot_swap_state {
@@ -202,14 +203,15 @@ struct boot_loader_state {
202203
const struct flash_area *area;
203204
boot_sector_t *sectors;
204205
size_t num_sectors;
205-
} imgs[BOOT_NUM_SLOTS];
206+
} imgs[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
206207

207208
struct {
208209
const struct flash_area *area;
209210
boot_sector_t *sectors;
210211
size_t num_sectors;
211212
} scratch;
212213

214+
uint8_t swap_type[BOOT_IMAGE_NUMBER];
213215
uint8_t write_sz;
214216
};
215217

@@ -245,20 +247,22 @@ int boot_read_enc_key(uint8_t slot, uint8_t *enckey);
245247
*/
246248

247249
/* These are macros so they can be used as lvalues. */
248-
#define BOOT_IMG_AREA(state, slot) ((state)->imgs[(slot)].area)
250+
#define BOOT_IMG(state, slot) ((state)->imgs[current_image][(slot)])
251+
#define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
249252
#define BOOT_SCRATCH_AREA(state) ((state)->scratch.area)
250253
#define BOOT_WRITE_SZ(state) ((state)->write_sz)
254+
#define BOOT_SWAP_TYPE(state) ((state)->swap_type[current_image])
251255

252256
static inline struct image_header*
253257
boot_img_hdr(struct boot_loader_state *state, size_t slot)
254258
{
255-
return &state->imgs[slot].hdr;
259+
return &BOOT_IMG(state, slot).hdr;
256260
}
257261

258262
static inline size_t
259263
boot_img_num_sectors(struct boot_loader_state *state, size_t slot)
260264
{
261-
return state->imgs[slot].num_sectors;
265+
return BOOT_IMG(state, slot).num_sectors;
262266
}
263267

264268
static inline size_t
@@ -273,7 +277,7 @@ boot_scratch_num_sectors(struct boot_loader_state *state)
273277
static inline uint32_t
274278
boot_img_slot_off(struct boot_loader_state *state, size_t slot)
275279
{
276-
return state->imgs[slot].area->fa_off;
280+
return BOOT_IMG(state, slot).area->fa_off;
277281
}
278282

279283
static inline size_t boot_scratch_area_size(struct boot_loader_state *state)
@@ -287,7 +291,7 @@ static inline size_t
287291
boot_img_sector_size(struct boot_loader_state *state,
288292
size_t slot, size_t sector)
289293
{
290-
return state->imgs[slot].sectors[sector].fa_size;
294+
return BOOT_IMG(state, slot).sectors[sector].fa_size;
291295
}
292296

293297
/*
@@ -298,8 +302,8 @@ static inline uint32_t
298302
boot_img_sector_off(struct boot_loader_state *state, size_t slot,
299303
size_t sector)
300304
{
301-
return state->imgs[slot].sectors[sector].fa_off -
302-
state->imgs[slot].sectors[0].fa_off;
305+
return BOOT_IMG(state, slot).sectors[sector].fa_off -
306+
BOOT_IMG(state, slot).sectors[0].fa_off;
303307
}
304308

305309
static inline int
@@ -310,13 +314,13 @@ boot_initialize_area(struct boot_loader_state *state, int flash_area)
310314

311315
if (flash_area == FLASH_AREA_IMAGE_PRIMARY) {
312316
rc = flash_area_to_sectors(flash_area, &num_sectors,
313-
state->imgs[BOOT_PRIMARY_SLOT].sectors);
314-
state->imgs[BOOT_PRIMARY_SLOT].num_sectors = (size_t)num_sectors;
317+
BOOT_IMG(state, BOOT_PRIMARY_SLOT).sectors);
318+
BOOT_IMG(state, BOOT_PRIMARY_SLOT).num_sectors = (size_t)num_sectors;
315319

316320
} else if (flash_area == FLASH_AREA_IMAGE_SECONDARY) {
317321
rc = flash_area_to_sectors(flash_area, &num_sectors,
318-
state->imgs[BOOT_SECONDARY_SLOT].sectors);
319-
state->imgs[BOOT_SECONDARY_SLOT].num_sectors = (size_t)num_sectors;
322+
BOOT_IMG(state, BOOT_SECONDARY_SLOT).sectors);
323+
BOOT_IMG(state, BOOT_SECONDARY_SLOT).num_sectors = (size_t)num_sectors;
320324

321325
} else if (flash_area == FLASH_AREA_IMAGE_SCRATCH) {
322326
rc = flash_area_to_sectors(flash_area, &num_sectors,
@@ -335,15 +339,15 @@ static inline size_t
335339
boot_img_sector_size(struct boot_loader_state *state,
336340
size_t slot, size_t sector)
337341
{
338-
return state->imgs[slot].sectors[sector].fs_size;
342+
return BOOT_IMG(state, slot).sectors[sector].fs_size;
339343
}
340344

341345
static inline uint32_t
342346
boot_img_sector_off(struct boot_loader_state *state, size_t slot,
343347
size_t sector)
344348
{
345-
return state->imgs[slot].sectors[sector].fs_off -
346-
state->imgs[slot].sectors[0].fs_off;
349+
return BOOT_IMG(state, slot).sectors[sector].fs_off -
350+
BOOT_IMG(state, slot).sectors[0].fs_off;
347351
}
348352

349353
static inline int
@@ -357,11 +361,11 @@ boot_initialize_area(struct boot_loader_state *state, int flash_area)
357361
num_sectors = BOOT_MAX_IMG_SECTORS;
358362

359363
if (flash_area == FLASH_AREA_IMAGE_PRIMARY) {
360-
out_sectors = state->imgs[BOOT_PRIMARY_SLOT].sectors;
361-
out_num_sectors = &state->imgs[BOOT_PRIMARY_SLOT].num_sectors;
364+
out_sectors = BOOT_IMG(state, BOOT_PRIMARY_SLOT).sectors;
365+
out_num_sectors = &BOOT_IMG(state, BOOT_PRIMARY_SLOT).num_sectors;
362366
} else if (flash_area == FLASH_AREA_IMAGE_SECONDARY) {
363-
out_sectors = state->imgs[BOOT_SECONDARY_SLOT].sectors;
364-
out_num_sectors = &state->imgs[BOOT_SECONDARY_SLOT].num_sectors;
367+
out_sectors = BOOT_IMG(state, BOOT_SECONDARY_SLOT).sectors;
368+
out_num_sectors = &BOOT_IMG(state, BOOT_SECONDARY_SLOT).num_sectors;
365369
} else if (flash_area == FLASH_AREA_IMAGE_SCRATCH) {
366370
out_sectors = state->scratch.sectors;
367371
out_num_sectors = &state->scratch.num_sectors;

boot/bootutil/src/encrypted.c

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -321,6 +321,16 @@ boot_enc_valid(const struct flash_area *fap)
321321
return enc_state[rc].valid;
322322
}
323323

324+
void
325+
boot_enc_mark_keys_invalid(void)
326+
{
327+
size_t slot;
328+
329+
for(slot = 0; slot < BOOT_NUM_SLOTS; ++slot) {
330+
enc_state[slot].valid = 0;
331+
}
332+
}
333+
324334
void
325335
boot_encrypt(const struct flash_area *fap, uint32_t off, uint32_t sz,
326336
uint32_t blk_off, uint8_t *buf)

0 commit comments

Comments
 (0)