sdk-mcuboot/boot/zephyr/include/sysflash/sysflash.h at 231ba725bc93c3ff226a8087219e5de12b53c556 · de-nordic/sdk-mcuboot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
/*
 * Copyright (c) 2023-2024 Nordic Semiconductor ASA
 *
 * SPDX-License-Identifier: Apache-2.0
 */

#ifdef CONFIG_FPROTECT
/* Round up to next CONFIG_FPROTECT_BLOCK_SIZE boundary.
 * This is used for backwards compatibility, as some applications
 * use MCUBoot size unaligned to CONFIG_FPROTECT_BLOCK_SIZE.
 * However, even in these cases, the start of the next area
 * was still aligned to CONFIG_FPROTECT_BLOCK_SIZE and the
 * remaining space was filled by an EMPTY section by partition manager.
 */
#define FPROTECT_ALIGN_UP(x) \
    ((((x) + CONFIG_FPROTECT_BLOCK_SIZE - 1) / CONFIG_FPROTECT_BLOCK_SIZE) * \
     CONFIG_FPROTECT_BLOCK_SIZE)
#endif

#if USE_PARTITION_MANAGER
#include <pm_config.h>
/* Blocking the rest of the file */
#define __SYSFLASH_H__
#include <sysflash/pm_sysflash.h>

#endif

/* Here starts non-Partition Manager configuration */

#ifndef __SYSFLASH_H__
#define __SYSFLASH_H__

#include <mcuboot_config/mcuboot_config.h>
#include <zephyr/devicetree.h>
#include <zephyr/storage/flash_map.h>
#include <zephyr/sys/util_macro.h>

#ifndef SOC_FLASH_0_ID
#define SOC_FLASH_0_ID 0
#endif

#ifndef SPI_FLASH_0_ID
#define SPI_FLASH_0_ID 1
#endif

/* Support for NETCPU application image updates */
#if CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1
#define NETCPU_APP_SLOT_OFFSET  PCD_NET_CORE_APP_ADDRESS
#define NETCPU_APP_SLOT_SIZE    PCD_NET_CORE_APP_SIZE
#define NETCPU_APP_SLOT_END     (NETCPU_APP_SLOT_OFFSET + NETCPU_APP_SLOT_SIZE)
#endif

/* This is workaround because of bootutil public interface also requiring this
 * file. In reality application is supposed to maintain flash area access,
 * but bootutil uses own definitions, taken directly from DTS, which includes
 * this file. So every logic that is MCUboot specific, and will not apply
 * to an application has to be filtered out; therefore, if we are MCUboot,
 * for a build, only then we care to be a second stage bootloader.
 */
#if !defined(CONFIG_MCUBOOT)
#undef MCUBOOT_IS_SECOND_STAGE
#endif

#if !defined(CONFIG_SINGLE_APPLICATION_SLOT) && !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_SINGLE_APP)

#ifdef MCUBOOT_IS_SECOND_STAGE
/* Defined when building MCUboot for S1 */
/* We should be able to figure out which partition MCUboot is running from by
 * comparing zephyr,code-partition to either.
 */
#if DT_NODE_EXISTS(DT_NODELABEL(s0_partition)) && \
  DT_SAME_NODE(DT_NODELABEL(s0_partition), DT_CHOSEN(zephyr_code_partition))
#define SECOND_STAGE_MCUBOOT_RUNNING_FROM_S0
#define SECOND_STAGE_ACTIVE_PARTITION           s0_partition
#define SECOND_STAGE_INACTIVE_PARTITION         s1_partition
#elif DT_NODE_EXISTS(DT_NODELABEL(s1_partition)) && \
  DT_SAME_NODE(DT_NODELABEL(s1_partition), DT_CHOSEN(zephyr_code_partition))
#define SECOND_STAGE_MCUBOOT_RUNNING_FROM_S1
#define SECOND_STAGE_ACTIVE_PARTITION           s1_partition
#define SECOND_STAGE_INACTIVE_PARTITION         s0_partition
#else
#error "Failed to match MCUboot partition"
#endif

/* Header size within MCUboot bootable application image */
#define PROTECTED_REGION_START_SKIP CONFIG_NCS_MCUBOOT_DISABLE_SELF_RWX_SKIP_SIZE

#define SECOND_STAGE_ACTIVE_MCUBOOT_OFFSET      \
    PARTITION_OFFSET(SECOND_STAGE_ACTIVE_PARTITION)

#define SECOND_STAGE_ACTIVE_MCUBOOT_SIZE        \
    PARTITION_SIZE(SECOND_STAGE_ACTIVE_PARTITION)

#define SECOND_STAGE_ACTIVE_MCUBOOT_ID          \
    PARTITION_ID(SECOND_STAGE_ACTIVE_PARTITION)

#define SECOND_STAGE_INACTIVE_MCUBOOT_OFFSET      \
    PARTITION_OFFSET(SECOND_STAGE_INACTIVE_PARTITION)

#define SECOND_STAGE_INACTIVE_MCUBOOT_SIZE        \
    PARTITION_SIZE(SECOND_STAGE_INACTIVE_PARTITION)

#define SECOND_STAGE_INACTIVE_MCUBOOT_ID          \
    PARTITION_ID(SECOND_STAGE_INACTIVE_PARTITION)

/* FPROTECT region covers both S0 and S1 slots. Assumption here is
 * that they precede PRIMARY application image partition, in flash
 * layout.
 */
#ifdef CONFIG_FPROTECT
#define FPROTECT_REGION_OFFSET  PARTITION_OFFSET(s0_partition)
#define FPROTECT_REGION_SIZE    \
    (PARTITION_SIZE(s0_partition) + PARTITION_SIZE(s1_partition))
#endif

/* RWX protection regions: the currently executing MCUboot is protecting itself */
#if CONFIG_NCS_MCUBOOT_DISABLE_SELF_RWX
/* Note: The CONFIG_ROM_START_OFFSET is removed to save RWX bits on space
 * that do not require protection. When MCUboot is Second Stage bootloader
 * it does have header added, but it is not used by the NSIB.
 */
#define PROTECTED_REGION_START \
    (SECOND_STAGE_ACTIVE_MCUBOOT_OFFSET + PROTECTED_REGION_START_SKIP)
#define PROTECTED_REGION_SIZE  \
    (SECOND_STAGE_ACTIVE_MCUBOOT_SIZE - PROTECTED_REGION_START_SKIP)
#endif /* CONFIG_NCS_MCUBOOT_DISABLE_SELF_RWX */

/* Normally MCUboot needs one pair of slots per image it is able to process,
 * to be able to pre-allocate proper number of support objects;
 * same number is used to define number of slot pairs, one per image.
 *
 * Exception here is MCUBoot that serves as second stage image, because
 * in this configuration it brings one own pair and requires one set
 * of objects for it, so we set it one less to than number of images,
 * to bring one less default pair.
 */
#define MCUBOOT_NEEDED_SLOT_PAIRS      (MCUBOOT_IMAGE_NUMBER - 1)

#else /* !MCUBOOT_IS_SECOND_STAGE */

/* We need one pair of slots per image */
#define MCUBOOT_NEEDED_SLOT_PAIRS      MCUBOOT_IMAGE_NUMBER

#endif /* MCUBOOT_IS_SECOND_STAGE */

static inline uint32_t __flash_area_ids_for_slot(int img, int slot)
{
    static const int all_slots[] = {
        PARTITION_ID(slot0_partition), PARTITION_ID(slot1_partition),
#if MCUBOOT_NEEDED_SLOT_PAIRS > 1
        PARTITION_ID(slot2_partition), PARTITION_ID(slot3_partition),
#endif
#if MCUBOOT_NEEDED_SLOT_PAIRS > 2
        PARTITION_ID(slot4_partition), PARTITION_ID(slot5_partition),
#endif
#ifdef MCUBOOT_IS_SECOND_STAGE
/* MCUboot as a second stage bootloader brings in two additional slots;
 * one slot is slot that it can update itself to and the other is source
 * of update. At this point source slot is, by default, secondary slot
 * of primary image.
 */
        SECOND_STAGE_INACTIVE_MCUBOOT_ID, PARTITION_ID(slot1_partition)
#endif
    };
    return all_slots[img * 2 + slot];
};

#define FLASH_AREA_IMAGE_PRIMARY(x) __flash_area_ids_for_slot(x, 0)
#define FLASH_AREA_IMAGE_SECONDARY(x) __flash_area_ids_for_slot(x, 1)

#if !defined(CONFIG_BOOT_SWAP_USING_MOVE) && !defined(CONFIG_BOOT_SWAP_USING_OFFSET)
#define FLASH_AREA_IMAGE_SCRATCH    PARTITION_ID(scratch_partition)
#endif

#else /* !CONFIG_SINGLE_APPLICATION_SLOT && !CONFIG_MCUBOOT_BOOTLOADER_MODE_SINGLE_APP */

#define FLASH_AREA_IMAGE_PRIMARY(x)	PARTITION_ID(slot0_partition)
#define FLASH_AREA_IMAGE_SECONDARY(x)	PARTITION_ID(slot0_partition)

#endif /* CONFIG_SINGLE_APPLICATION_SLOT */

/* Here are protection ranges for primary stage MCUboot */
#ifndef MCUBOOT_IS_SECOND_STAGE
/* Protecting MCUboot partition */
#ifdef CONFIG_FPROTECT
#define FPROTECT_REGION_OFFSET  PARTITION_OFFSET(boot_partition)
#define FPROTECT_REGION_SIZE    PARTITION_SIZE(boot_partition)
#endif

/* RWX protection regions, MCUboot is protecting itself */
#if CONFIG_NCS_MCUBOOT_DISABLE_SELF_RWX
#define PROTECTED_REGION_START  PARTITION_OFFSET(boot_partition)
#define PROTECTED_REGION_SIZE   PARTITION_SIZE(boot_partition)
#endif /* CONFIG_NCS_MCUBOOT_DISABLE_SELF_RWX */
#endif

#endif /* __SYSFLASH_H__ */