bootloader: Fix up lacking fprotect guards

michalek-no · rlubos · commit 78af8b69874d · 2024-11-05T15:47:53.000+01:00
Instead of just failing on compilation this commit changes fprotect
requirements so that it prints out a warning and error in log.

Signed-off-by: Mateusz Michalek &lt;mateusz.michalek@nordicsemi.no&gt;
diff --git a/samples/bootloader/src/main.c b/samples/bootloader/src/main.c
@@ -9,7 +9,11 @@
 #include <zephyr/sys/printk.h>
 #include <pm_config.h>
 #include <fw_info.h>
+#ifdef CONFIG_FPROTECT
 #include <fprotect.h>
+#else
+#warning "FPROTECT not enabled, the bootloader will be unprotected."
+#endif
 #include <bl_storage.h>
 #include <bl_boot.h>
 #include <bl_validation.h>
@@ -60,7 +64,7 @@ SYS_INIT(load_huk, PRE_KERNEL_2, 0);
 #endif
 
 
-static void validate_and_boot(const struct fw_info *fw_info, uint16_t slot)
+static void validate_and_boot(const struct fw_info *fw_info, counter_t slot)
 {
 	printk("Attempting to boot slot %d.\r\n", slot);
 
@@ -81,7 +85,8 @@ static void validate_and_boot(const struct fw_info *fw_info, uint16_t slot)
 
 	printk("Firmware version %d\r\n", fw_info->version);
 
-	uint16_t stored_version;
+	counter_t stored_version;
+
 	int err = get_monotonic_version(&stored_version);
 
 	if (err) {
@@ -123,7 +128,13 @@ static void validate_and_boot(const struct fw_info *fw_info, uint16_t slot)
 
 int main(void)
 {
-	int err = fprotect_area(PM_B0_ADDRESS, PM_B0_SIZE);
+	int err = 0;
+
+	if (IS_ENABLED(CONFIG_FPROTECT)) {
+		err = fprotect_area(PM_B0_ADDRESS, PM_B0_SIZE);
+	} else {
+		printk("Fprotect disabled. No protection applied.\n\r");
+	}
 
 	if (err) {
 		printk("Failed to protect B0 flash, cancel startup.\n\r");
diff --git a/subsys/bootloader/bl_boot/bl_boot.c b/subsys/bootloader/bl_boot/bl_boot.c
@@ -6,6 +6,7 @@
 
 #include <soc.h>
 #include <zephyr/sys/printk.h>
+#include <zephyr/kernel.h>
 #include <pm_config.h>
 #include <fw_info.h>
 #include <fprotect.h>
@@ -67,8 +68,9 @@ extern uint32_t _vector_table_pointer;
 void bl_boot(const struct fw_info *fw_info)
 {
 #if !(defined(CONFIG_SOC_SERIES_NRF91X) \
-      || defined(CONFIG_SOC_NRF5340_CPUNET) \
-      || defined(CONFIG_SOC_NRF5340_CPUAPP))
+	|| defined(CONFIG_SOC_SERIES_NRF54LX) \
+	|| defined(CONFIG_SOC_NRF5340_CPUNET) \
+	|| defined(CONFIG_SOC_NRF5340_CPUAPP))
 	/* Protect bootloader storage data after firmware is validated so
 	 * invalidation of public keys can be written into the page if needed.
 	 * Note that for some devices (for example, nRF9160 and the nRF5340
@@ -77,7 +79,13 @@ void bl_boot(const struct fw_info *fw_info)
 	 * bootloader storage data is locked together with the network core
 	 * application.
 	 */
-	int err = fprotect_area(PM_PROVISION_ADDRESS, PM_PROVISION_SIZE);
+	int err = 0;
+
+	if (IS_ENABLED(CONFIG_FPROTECT)) {
+		err = fprotect_area(PM_PROVISION_ADDRESS, PM_PROVISION_SIZE);
+	} else {
+		printk("Fprotect disabled. No protection applied.\n\r");
+	}
 
 	if (err) {
 		printk("Failed to protect bootloader storage.\n\r");
