suit: Introduce helper functions for exec states

Add a few helper functions to check if the execution state matches three
common groups of states.

Ref: NCSDK-NONE

Signed-off-by: Tomasz Chyrowicz <[email protected]>

Author: tomchy

subsys/suit/execution_mode/Kconfig

@@ -6,3 +6,7 @@
 
 config SUIT_EXECUTION_MODE
 	bool "Enable SUIT execution mode module"
+
+config APP_LINK_WITH_SUIT_EXECUTION_MODE
+	bool
+	default y

subsys/suit/execution_mode/include/suit_execution_mode.h

@@ -7,6 +7,7 @@
 #ifndef SUIT_EXECUTION_MODE_H__
 #define SUIT_EXECUTION_MODE_H__
 
+#include <stdbool.h>
 #include <suit_plat_err.h>
 
 #ifdef __cplusplus
@@ -27,6 +28,7 @@ typedef enum {
 	EXECUTION_MODE_FAIL_MPI_UNSUPPORTED,
 	EXECUTION_MODE_FAIL_INVOKE_RECOVERY,
 	EXECUTION_MODE_FAIL_INSTALL_NORDIC_TOP,
+	EXECUTION_MODE_FAIL_STARTUP,
 } suit_execution_mode_t;
 
 /**
@@ -46,6 +48,69 @@ suit_execution_mode_t suit_execution_mode_get(void);
  */
 suit_plat_err_t suit_execution_mode_set(suit_execution_mode_t mode);
 
+/**
+ * @brief Update execution mode as a result of interrupted startup procedure.
+ *
+ * @details The main purpose of this API is to get out of the non-final state
+ *          (i.e. update candidate is detected and the orchestrator entry will
+ *          start processing it) if the startup procedure is interrupted
+ *          between suit_orchestrator_init(), which schedules processing of
+ *          manifests and suit_orchestrator_entry(), which executes scheduled
+ *          operations. This situation may occur as a result of BICR or UICR
+ *          misconfiguration.
+ *          Since execution mode value is used to check if the it is allowed to
+ *          modify memory regions, the mode should be changed to one of the
+ *          FAILED states in such case to unblock device recovery procedures.
+ *
+ * @note This API will set the execution mode to EXECUTION_MODE_FAIL_STARTUP
+ *          only if the current mode indicates a transient state.
+ */
+void suit_execution_mode_startup_failed(void);
+
+/**
+ * @brief Check if SUIT is processing installed manifests.
+ *
+ * @details Certain operations are not available if the SUIT orchestrator is
+ *          actively using the SUIT processor (and SUIT decoder) states.
+ *          Moreover, modifying manifests while they are processed might result
+ *          in security bridges.
+ *          To allow external modules (i.e. memory lease mechanisms) to check
+ *          if the SUIT orchestrator is booting manifests without exposing all
+ *          of the details about execution mode, this API may be used.
+ */
+bool suit_execution_mode_booting(void);
+
+/**
+ * @brief Check if SUIT is processing an update candidate.
+ *
+ * @details Certain operations are not available if the SUIT orchestrator is
+ *          actively using the SUIT processor (and SUIT decoder) states.
+ *          Moreover, modifying DFU partition while update canidates they are
+ *          processed might result in security bridges.
+ *          To allow external modules (i.e. memory lease mechanisms) to check
+ *          if the SUIT orchestrator is updating manifests without exposing all
+ *          of the details about execution mode, this API may be used.
+ */
+bool suit_execution_mode_updating(void);
+
+/**
+ * @brief Check if SUIT failed to process OEM manifests.
+ *
+ * @details Certain operations must be enabled or disabled if SUIT orchestrator
+ *          logic fails to initialize.
+ *          The most common reason for such failure is the misconfiguration of
+ *          the MPI area.
+ *          Although this failure modifies the execution mode, it is not
+ *          reflected by the suit_orchestrator_init() return code, so the rest
+ *          of the system (UICR allocation, ADAC server) can take place.
+ *          Due to that, some modules must rely on the execution mode to set
+ *          the permissions for their operation. To allow them to check
+ *          if the SUIT orchestrator is in one of the FAILED states without
+ *          exposing all of the details about execution mode, this API may be
+ *          used.
+ */
+bool suit_execution_mode_failed(void);
+
 #ifdef __cplusplus
 }
 #endif

subsys/suit/execution_mode/src/suit_execution_mode.c

@@ -23,3 +23,162 @@ suit_plat_err_t suit_execution_mode_set(suit_execution_mode_t mode)
 
 	return SUIT_PLAT_ERR_INVAL;
 }
+
+void suit_execution_mode_startup_failed(void)
+{
+	switch (current_execution_mode) {
+	/* SUIT boot or update not yet started. */
+	case EXECUTION_MODE_STARTUP:
+	/* System is unprovisioned, SUIT updates Nordic components. */
+	case EXECUTION_MODE_FAIL_INSTALL_NORDIC_TOP:
+	/* SUIT processes update candiadate. */
+	case EXECUTION_MODE_INSTALL:
+	/* SUIT processes recovery update. */
+	case EXECUTION_MODE_INSTALL_RECOVERY:
+	/* SUIT boots from root manifest. */
+	case EXECUTION_MODE_INVOKE:
+	/* SUIT boots from recovery manifest. */
+	case EXECUTION_MODE_INVOKE_RECOVERY:
+		current_execution_mode = EXECUTION_MODE_FAIL_STARTUP;
+		break;
+
+	/* System not booted, application MPI missing. */
+	case EXECUTION_MODE_FAIL_NO_MPI:
+	/* System not booted, invalid MPI format. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID:
+	/* System not booted, Nordic and root class IDs not configured. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID_MISSING:
+	/* System not booted, MPI misconfigured. */
+	case EXECUTION_MODE_FAIL_MPI_UNSUPPORTED:
+	/* System not booted, unable to boot recovery manifest. */
+	case EXECUTION_MODE_FAIL_INVOKE_RECOVERY:
+	/* System booted from root manifest. */
+	case EXECUTION_MODE_POST_INVOKE:
+	/* System booted from recovery manifest. */
+	case EXECUTION_MODE_POST_INVOKE_RECOVERY:
+	/* System failed before invoking SUIT orchestrator. */
+	case EXECUTION_MODE_FAIL_STARTUP:
+		break;
+		/* default case deliberately excluded to get warnings if missing an enum case. */
+	}
+}
+
+bool suit_execution_mode_booting(void)
+{
+	switch (current_execution_mode) {
+	/* SUIT processes update candiadate. */
+	case EXECUTION_MODE_INSTALL:
+	/* SUIT processes recovery update. */
+	case EXECUTION_MODE_INSTALL_RECOVERY:
+	/* System is unprovisioned, SUIT updates Nordic components. */
+	case EXECUTION_MODE_FAIL_INSTALL_NORDIC_TOP:
+	/* System booted from root manifest. */
+	case EXECUTION_MODE_POST_INVOKE:
+	/* System booted from recovery manifest. */
+	case EXECUTION_MODE_POST_INVOKE_RECOVERY:
+	/* System not booted, application MPI missing. */
+	case EXECUTION_MODE_FAIL_NO_MPI:
+	/* System not booted, invalid MPI format. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID:
+	/* System not booted, Nordic and root class IDs not configured. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID_MISSING:
+	/* System not booted, MPI misconfigured. */
+	case EXECUTION_MODE_FAIL_MPI_UNSUPPORTED:
+	/* System not booted, unable to boot recovery manifest. */
+	case EXECUTION_MODE_FAIL_INVOKE_RECOVERY:
+	/* System failed before invoking SUIT orchestrator. */
+	case EXECUTION_MODE_FAIL_STARTUP:
+		return false;
+
+	/* SUIT boot or update not yet started. */
+	case EXECUTION_MODE_STARTUP:
+	/* SUIT boots from root manifest. */
+	case EXECUTION_MODE_INVOKE:
+	/* SUIT boots from recovery manifest. */
+	case EXECUTION_MODE_INVOKE_RECOVERY:
+		break;
+		/* default case deliberately excluded to get warnings if missing an enum case. */
+	}
+
+	return true;
+}
+
+bool suit_execution_mode_updating(void)
+{
+	switch (current_execution_mode) {
+	/* SUIT boots from root manifest. */
+	case EXECUTION_MODE_INVOKE:
+	/* SUIT boots from recovery manifest. */
+	case EXECUTION_MODE_INVOKE_RECOVERY:
+	/* System booted from root manifest. */
+	case EXECUTION_MODE_POST_INVOKE:
+	/* System booted from recovery manifest. */
+	case EXECUTION_MODE_POST_INVOKE_RECOVERY:
+	/* System not booted, application MPI missing. */
+	case EXECUTION_MODE_FAIL_NO_MPI:
+	/* System not booted, invalid MPI format. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID:
+	/* System not booted, Nordic and root class IDs not configured. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID_MISSING:
+	/* System not booted, MPI misconfigured. */
+	case EXECUTION_MODE_FAIL_MPI_UNSUPPORTED:
+	/* System not booted, unable to boot recovery manifest. */
+	case EXECUTION_MODE_FAIL_INVOKE_RECOVERY:
+	/* System failed before invoking SUIT orchestrator. */
+	case EXECUTION_MODE_FAIL_STARTUP:
+		return false;
+
+	/* SUIT boot or update not yet started. */
+	case EXECUTION_MODE_STARTUP:
+	/* SUIT processes update candiadate. */
+	case EXECUTION_MODE_INSTALL:
+	/* SUIT processes recovery update. */
+	case EXECUTION_MODE_INSTALL_RECOVERY:
+	/* System is unprovisioned, SUIT updates Nordic components. */
+	case EXECUTION_MODE_FAIL_INSTALL_NORDIC_TOP:
+		break;
+		/* default case deliberately excluded to get warnings if missing an enum case. */
+	}
+
+	return true;
+}
+
+bool suit_execution_mode_failed(void)
+{
+	switch (current_execution_mode) {
+	/* SUIT boot or update not yet started. */
+	case EXECUTION_MODE_STARTUP:
+	/* SUIT processes update candiadate. */
+	case EXECUTION_MODE_INSTALL:
+	/* SUIT processes recovery update. */
+	case EXECUTION_MODE_INSTALL_RECOVERY:
+	/* SUIT boots from root manifest. */
+	case EXECUTION_MODE_INVOKE:
+	/* SUIT boots from recovery manifest. */
+	case EXECUTION_MODE_INVOKE_RECOVERY:
+	/* System booted from root manifest. */
+	case EXECUTION_MODE_POST_INVOKE:
+	/* System booted from recovery manifest. */
+	case EXECUTION_MODE_POST_INVOKE_RECOVERY:
+	/* System is unprovisioned, SUIT updates Nordic components. */
+	case EXECUTION_MODE_FAIL_INSTALL_NORDIC_TOP:
+		return false;
+
+	/* System not booted, application MPI missing. */
+	case EXECUTION_MODE_FAIL_NO_MPI:
+	/* System not booted, invalid MPI format. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID:
+	/* System not booted, Nordic and root class IDs not configured. */
+	case EXECUTION_MODE_FAIL_MPI_INVALID_MISSING:
+	/* System not booted, MPI misconfigured. */
+	case EXECUTION_MODE_FAIL_MPI_UNSUPPORTED:
+	/* System not booted, unable to boot recovery manifest. */
+	case EXECUTION_MODE_FAIL_INVOKE_RECOVERY:
+	/* System failed before invoking SUIT orchestrator. */
+	case EXECUTION_MODE_FAIL_STARTUP:
+		break;
+		/* default case deliberately excluded to get warnings if missing an enum case. */
+	}
+
+	return true;
+}