app: src: modules: fota: erase slot1 trailer before download

Adds `erase_secondary_trailer()` to wipe the last 4 KiB of the
MCUboot secondary slot before a FOTA download starts. This fixes
a failure case where a stale swap magic left by a J-Link flash of
internal flash causes `boot_set_pending()` to fail.

Updates the fota unit test to mock the flash area API and adds the
missing `CONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE` compile definition.

Signed-off-by: Simen S. Røstad <simen.rostad@nordicsemi.no>

Author: simensrostad

app/src/modules/fota/fota.c

@@ -12,6 +12,7 @@
 #include <net/nrf_cloud_fota_poll.h>
 #include <zephyr/sys/reboot.h>
 #include <zephyr/dfu/mcuboot.h>
+#include <zephyr/storage/flash_map.h>
 #include <zephyr/task_wdt/task_wdt.h>
 #include <nrf_cloud_fota.h>
 #include <zephyr/smf.h>
@@ -474,11 +475,40 @@ static enum smf_state_result state_polling_for_update_run(void *obj)
 	return SMF_EVENT_PROPAGATE;
 }
 
+/* Erase the MCUboot trailer page (last 4 KiB of slot1 on external SPI-NOR).
+ * stream_flash only erases written sectors, so a stale trailer survives J-Link
+ * flashes of internal flash; boot_set_pending() then fails on the swap magic.
+ */
+static void erase_secondary_trailer(void)
+{
+	const struct flash_area *fa;
+	int err = flash_area_open(PARTITION_ID(slot1_partition), &fa);
+
+	if (err) {
+		LOG_WRN("flash_area_open(slot1) failed: %d, skipping trailer erase", err);
+		return;
+	}
+
+	const size_t page_size = CONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE;
+	const off_t trailer_off = fa->fa_size - page_size;
+
+	err = flash_area_erase(fa, trailer_off, page_size);
+	if (err) {
+		LOG_WRN("flash_area_erase(slot1 trailer) failed: %d", err);
+	} else {
+		LOG_DBG("Erased slot1 trailer page at offset 0x%lx", (long)trailer_off);
+	}
+
+	flash_area_close(fa);
+}
+
 static void state_downloading_update_entry(void *obj)
 {
 	ARG_UNUSED(obj);
 
 	LOG_DBG("%s", __func__);
+
+	erase_secondary_trailer();
 }
 
 static enum smf_state_result state_downloading_update_run(void *obj)

tests/module/fota/CMakeLists.txt

@@ -26,6 +26,7 @@ zephyr_include_directories(${ZEPHYR_BASE}/include/zephyr/)
 zephyr_include_directories(${ZEPHYR_BASE}/subsys/testsuite/include)
 zephyr_include_directories(${ZEPHYR_BASE}/../nrfxlib/nrf_modem/include)
 
+zephyr_include_directories(${NRF_DIR}/include)
 zephyr_include_directories(${NRF_DIR}/include/net)
 zephyr_include_directories(${NRF_DIR}/subsys/net/lib/nrf_cloud/include)
 zephyr_include_directories(${NRF_DIR}/subsys/net/lib/nrf_cloud/common/include)
@@ -54,4 +55,5 @@ target_compile_definitions(app PRIVATE
 	-DCONFIG_COAP_CLIENT_BLOCK_SIZE=64
 	-DCONFIG_COAP_CLIENT_MAX_EXTRA_OPTIONS=2
 	-DCONFIG_COAP_CLIENT_MAX_PATH_LENGTH=128
+	-DCONFIG_SPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096
 )

tests/module/fota/src/fota_module_test.c

@@ -8,6 +8,9 @@
 #include <zephyr/zbus/zbus.h>
 #include <zephyr/task_wdt/task_wdt.h>
 #include <zephyr/logging/log.h>
+#include <zephyr/storage/flash_map.h>
+#include <dfu/dfu_target.h>
+#include <net/nrf_cloud.h>
 #include <net/nrf_cloud_fota_poll.h>
 
 #include "app_common.h"
@@ -22,8 +25,23 @@ FAKE_VALUE_FUNC(int, nrf_cloud_fota_poll_process_pending, struct nrf_cloud_fota_
 FAKE_VALUE_FUNC(int, nrf_cloud_fota_poll_process, struct nrf_cloud_fota_poll_ctx *);
 FAKE_VALUE_FUNC(int, nrf_cloud_fota_poll_update_apply, struct nrf_cloud_fota_poll_ctx *);
 FAKE_VALUE_FUNC(int, fota_download_cancel);
+FAKE_VALUE_FUNC(int, flash_area_open, uint8_t, const struct flash_area **);
+FAKE_VALUE_FUNC(int, flash_area_erase, const struct flash_area *, off_t, size_t);
+FAKE_VOID_FUNC(flash_area_close, const struct flash_area *);
 FAKE_VOID_FUNC1(callback_t, int);
 
+static struct flash_area fake_slot1_area = {
+	.fa_size = 800 * 1024,
+};
+
+static int flash_area_open_fake_impl(uint8_t id, const struct flash_area **fa)
+{
+	ARG_UNUSED(id);
+
+	*fa = &fake_slot1_area;
+	return 0;
+}
+
 ZBUS_MSG_SUBSCRIBER_DEFINE(fota_subscriber);
 ZBUS_CHAN_ADD_OBS(fota_chan, fota_subscriber, 0);
 
@@ -63,6 +81,12 @@ void setUp(void)
 	RESET_FAKE(nrf_cloud_fota_poll_process);
 	RESET_FAKE(nrf_cloud_fota_poll_update_apply);
 	RESET_FAKE(fota_download_cancel);
+	RESET_FAKE(flash_area_open);
+	RESET_FAKE(flash_area_erase);
+	RESET_FAKE(flash_area_close);
+
+	flash_area_open_fake.custom_fake = flash_area_open_fake_impl;
+	flash_area_erase_fake.return_val = 0;
 
 	FFF_RESET_HISTORY();