Merge branch 'master' into swap_tail_type

Author: danielinux

include/printf.h

@@ -40,13 +40,14 @@
     #endif
     void uart_write(const char* buf, unsigned int sz);
 
-    /* turn on small printf support */
+    /* turn on small printf support in string.c */
     #if !defined(PRINTF_ENABLED) && !defined(NO_PRINTF_UART)
         #define PRINTF_ENABLED
     #endif
 #endif
 
-#ifdef PRINTF_ENABLED
+/* support for wolfBoot_printf logging */
+#if defined(PRINTF_ENABLED) && !defined(WOLFBOOT_NO_PRINTF)
 #   include <stdio.h>
 #   if defined(DEBUG_ZYNQ) && !defined(USE_QNX)
 #       include "xil_printf.h"
@@ -62,8 +63,12 @@
 #       define wolfBoot_printf(_f_, ...) uart_printf(_f_, ##__VA_ARGS__)
 #   elif defined(__CCRX__)
 #       define wolfBoot_printf printf
-#   else
+#   elif defined(WOLFBOOT_LOG_PRINTF)
+        /* allow output to stdout */
 #       define wolfBoot_printf(_f_, ...) printf(_f_, ##__VA_ARGS__)
+#   else
+        /* use stderr by default */
+#       define wolfBoot_printf(_f_, ...) fprintf(stderr, _f_, ##__VA_ARGS__)
 #   endif
 #else
 #   define wolfBoot_printf(_f_, ...) do{}while(0)

src/image.c

@@ -861,11 +861,12 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image)
         return -1;
     }
     img->fw_size = wolfBoot_image_size(image);
-    wolfBoot_printf("Image size %d\r\n", (unsigned int)img->fw_size);
+
 #ifdef WOLFBOOT_FIXED_PARTITIONS
     if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) {
         wolfBoot_printf("Image size %d > max %d\n",
-            (unsigned int)img->fw_size, (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE));
+            (unsigned int)img->fw_size,
+            (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE));
         img->fw_size = 0;
         return -1;
     }
@@ -881,6 +882,12 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image)
     img->hdr_ok = 1;
     img->fw_base = img->hdr + IMAGE_HEADER_SIZE;
 
+    wolfBoot_printf("%s partition: %p (size %d, version 0x%x)\n",
+        (img->part == PART_BOOT) ? "Boot" : "Update",
+        img->hdr,
+        (unsigned int)img->fw_size,
+        wolfBoot_get_blob_version(image));
+
     return 0;
 }
 
@@ -962,11 +969,9 @@ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part)
 #endif
     if (part == PART_BOOT) {
         img->hdr = (void*)WOLFBOOT_PARTITION_BOOT_ADDRESS;
-        wolfBoot_printf("Boot partition: %p\n", img->hdr);
     }
     else if (part == PART_UPDATE) {
         img->hdr = (void*)WOLFBOOT_PARTITION_UPDATE_ADDRESS;
-        wolfBoot_printf("Update partition: %p\n", img->hdr);
     }
     else {
         return -1;

src/libwolfboot.c

@@ -1018,6 +1018,8 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob)
     uint32_t *volatile version_field = NULL;
     uint32_t *magic = NULL;
     uint8_t *img_bin = blob;
+    if (blob == NULL)
+        return 0;
 #if defined(EXT_ENCRYPTED) && defined(MMU)
     if (!encrypt_initialized)
         if (crypto_init() < 0)
@@ -1870,15 +1872,16 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst)
     uint32_t dst_offset = 0, iv_counter = 0;
     uint32_t magic, len;
 
-
     if (!encrypt_initialized) {
         if (crypto_init() < 0) {
+            wolfBoot_printf("Error initializing crypto!\n");
             return -1;
         }
     }
 
     /* Attempt to decrypt firmware header */
     if (decrypt_header(src) != 0) {
+        wolfBoot_printf("Error decrypting header at %p!\n", src);
         return -1;
     }
     len = *((uint32_t*)(dec_hdr + sizeof(uint32_t)));

src/update_flash.c

@@ -138,6 +138,9 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src,
     if (src == dst)
         return 0;
 
+    wolfBoot_printf("Copy sector %d (part %d->%d)\n",
+        sector, src->part, dst->part);
+
     if (src->part == PART_SWAP)
         src_sector_offset = 0;
     if (dst->part == PART_SWAP)
@@ -219,11 +222,9 @@ static int wolfBoot_swap_and_final_erase(int resume)
         WOLFBOOT_SECTOR_SIZE;
     uint32_t tmpBuffer[TRAILER_OFFSET_WORDS + 1];
 
-    /* open boot */
+    /* open partitions (ignore failure) */
     wolfBoot_open_image(boot, PART_BOOT);
-    /* open update */
     wolfBoot_open_image(update, PART_UPDATE);
-    /* open swap */
     wolfBoot_open_image(swap, PART_SWAP);
     wolfBoot_get_partition_state(PART_UPDATE, &st);
 
@@ -499,6 +500,9 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     uint32_t cur_v;
     uint32_t up_v;
 #endif
+    uint32_t cur_ver, upd_ver;
+
+    wolfBoot_printf("Staring Update (fallback allowed %d)\n", fallback_allowed);
 
 
     /* No Safety check on open: we might be in the middle of a broken update */
@@ -508,9 +512,10 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
 
     /* get total size */
     total_size = wolfBoot_get_total_size(&boot, &update);
-
-    if (total_size <= IMAGE_HEADER_SIZE)
+    if (total_size <= IMAGE_HEADER_SIZE) {
+        wolfBoot_printf("Image total size %u too large!\n", total_size);
         return -1;
+    }
     /* In case this is a new update, do the required
      * checks on the firmware update
      * before starting the swap
@@ -522,27 +527,39 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     /* Check the first sector to detect interrupted update */
     if (flag == SECT_FLAG_NEW) {
         if (((update_type & 0x000F) != HDR_IMG_TYPE_APP) ||
-                ((update_type & 0xFF00) != HDR_IMG_TYPE_AUTH))
+            ((update_type & 0xFF00) != HDR_IMG_TYPE_AUTH)) {
+            wolfBoot_printf("Invalid update type %d\n", update_type);
             return -1;
-        if (update.fw_size > MAX_UPDATE_SIZE - 1)
+        }
+        if (update.fw_size > MAX_UPDATE_SIZE - 1) {
+            wolfBoot_printf("Invalid update size %u\n", update.fw_size);
             return -1;
+        }
         if (!update.hdr_ok || (wolfBoot_verify_integrity(&update) < 0)
                 || (wolfBoot_verify_authenticity(&update) < 0)) {
+            wolfBoot_printf("Update integrity/verification failed!\n");
             return -1;
         }
         PART_SANITY_CHECK(&update);
+
+        cur_ver = wolfBoot_current_firmware_version();
+        upd_ver = wolfBoot_update_firmware_version();
+
+        wolfBoot_printf("Versions: Current 0x%x, Update 0x%x\n",
+            cur_ver, upd_ver);
+
 #ifndef ALLOW_DOWNGRADE
         if ( ((fallback_allowed==1) &&
                     (~(uint32_t)fallback_allowed == 0xFFFFFFFE)) ||
-                (wolfBoot_current_firmware_version() <
-                 wolfBoot_update_firmware_version()) ) {
+                (cur_ver < upd_ver) ) {
             VERIFY_VERSION_ALLOWED(fallback_allowed);
-        } else
+        } else {
+            wolfBoot_printf("Update version not allowed\n");
             return -1;
+        }
 #endif
     }
 
-
 #ifdef DELTA_UPDATES
     if ((update_type & 0x00F0) == HDR_IMG_TYPE_DIFF) {
         cur_v = wolfBoot_current_firmware_version();
@@ -576,12 +593,14 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     }
 #endif
 
+#ifndef DISABLE_BACKUP
+    /* Interruptible swap */
+
     hal_flash_unlock();
-#ifdef EXT_FLASH
+    #ifdef EXT_FLASH
     ext_flash_unlock();
-#endif
+    #endif
 
-#ifndef DISABLE_BACKUP
     /* Interruptible swap
      * The status is saved in the sector flags of the update partition.
      * If something goes wrong, the operation will be resumed upon reboot.
@@ -620,6 +639,7 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
                 break;
         }
         sector++;
+
         /* headers that can be in different positions depending on when the
          * power fails are now in a known state, re-read and swap fw_size
          * because the locations are correct but the metadata is now swapped
@@ -640,9 +660,9 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     /* erase to the last sector, writeonce has 2 sectors */
     while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE -
         sector_size
-#ifdef NVM_FLASH_WRITEONCE
+    #ifdef NVM_FLASH_WRITEONCE
         * 2
-#endif
+    #endif
     ) {
         wb_flash_erase(&boot, sector * sector_size, sector_size);
         wb_flash_erase(&update, sector * sector_size, sector_size);
@@ -652,37 +672,45 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
      * wolfBoot_start*/
     wolfBoot_swap_and_final_erase(0);
     /* encryption key was not erased, will be erased by success */
-#ifdef EXT_FLASH
+    #ifdef EXT_FLASH
     ext_flash_lock();
-#endif
+    #endif
     hal_flash_lock();
+
 #else /* DISABLE_BACKUP */
-#ifdef EXT_ENCRYPTED
+    /* Direct Swap without power fail saftey */
+
+    hal_flash_unlock();
+    #ifdef EXT_FLASH
+    ext_flash_unlock();
+    #endif
+
+    #ifdef EXT_ENCRYPTED
     wolfBoot_get_encrypt_key(key, nonce);
-#endif
+    #endif
 
-    /* Directly copy the content of the UPDATE partition into the BOOT partition.
-     */
+    /* Directly copy the content of the UPDATE partition into the BOOT
+     * partition. */
     while ((sector * sector_size) < total_size) {
         wolfBoot_copy_sector(&update, &boot, sector);
         sector++;
     }
-    while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) {
+    while ((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) {
         wb_flash_erase(&boot, sector * sector_size, sector_size);
         sector++;
     }
     st = IMG_STATE_SUCCESS;
     wolfBoot_set_partition_state(PART_BOOT, st);
-#ifdef EXT_FLASH
+
+    #ifdef EXT_FLASH
     ext_flash_lock();
-#endif
+    #endif
     hal_flash_lock();
 
-/* Save the encryption key after swapping */
-#ifdef EXT_ENCRYPTED
+    /* Save the encryption key after swapping */
+    #ifdef EXT_ENCRYPTED
     wolfBoot_set_encrypt_key(key, nonce);
-#endif
-
+    #endif
 #endif /* DISABLE_BACKUP */
     return 0;
 }
@@ -840,7 +868,12 @@ void RAMFUNCTION wolfBoot_start(void)
             wolfBoot_update(0);
         }
     }
-    if ((wolfBoot_open_image(&boot, PART_BOOT) < 0)
+
+    bootRet = wolfBoot_open_image(&boot, PART_BOOT);
+    wolfBoot_printf("Booting version: 0x%x\n",
+        wolfBoot_get_blob_version(boot.hdr));
+
+    if (bootRet < 0
             || (wolfBoot_verify_integrity(&boot) < 0)
             || (wolfBoot_verify_authenticity(&boot) < 0)
     ) {