nrfconnect
diff --git a/‎boot/bootutil/src/loader.c‎
Lines changed: 86 additions & 43 deletions b/‎boot/bootutil/src/loader.c‎
Lines changed: 86 additions & 43 deletions
diff --git a/‎boot/bootutil/src/swap_nsib.c‎
Lines changed: 151 additions & 0 deletions b/‎boot/bootutil/src/swap_nsib.c‎
Lines changed: 151 additions & 0 deletions
diff --git a/‎boot/bootutil/src/swap_priv.h‎
Lines changed: 8 additions & 0 deletions b/‎boot/bootutil/src/swap_priv.h‎
Lines changed: 8 additions & 0 deletions
@@ -153,15 +153,15 @@ boot_read_image_headers(struct boot_loader_state *state, bool require_all,
              *
              * Failure to read any headers is a fatal error.
              */
-#ifdef PM_S1_ADDRESS
+#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
             /* Patch needed for NCS. The primary slot of the second image
              * (image 1) will not contain a valid image header until an upgrade
              * of mcuboot has happened (filling S1 with the new version).
              */
-            if (BOOT_CURR_IMG(state) == 1 && i == 0) {
+            if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER && i == 0) {
                 continue;
             }
-#endif /* PM_S1_ADDRESS */
+#endif /* CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 */
             if (i > 0 && !require_all) {
                 return 0;
             } else {
@@ -1160,7 +1160,7 @@ boot_validate_slot(struct boot_loader_state *state, int slot,
 
 #if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE) \
     && defined(CONFIG_PCD_APP) && defined(CONFIG_PCD_READ_NETCORE_APP_VERSION)
-        if (BOOT_CURR_IMG(state) == 1) {
+        if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER) {
             rc = pcd_version_cmp_net(fap, boot_img_hdr(state, BOOT_SECONDARY_SLOT));
         } else {
              rc = boot_version_cmp(
@@ -1229,36 +1229,55 @@ boot_validate_slot(struct boot_loader_state *state, int slot,
         struct image_header *secondary_hdr = boot_img_hdr(state, slot);
         uint32_t reset_value = 0;
         uint32_t reset_addr = secondary_hdr->ih_hdr_size + sizeof(reset_value);
+        uint32_t min_addr, max_addr;
+        bool check_addresses = false;
 
         rc = flash_area_read(fap, reset_addr, &reset_value, sizeof(reset_value));
         if (rc != 0) {
             fih_rc = FIH_NO_BOOTABLE_IMAGE;
             goto out;
         }
 
-        uint32_t min_addr, max_addr;
-
 #ifdef PM_CPUNET_APP_ADDRESS
         /* The primary slot for the network core is emulated in RAM.
          * Its flash_area hasn't got relevant boundaries.
          * Therfore need to override its boundaries for the check.
          */
-        if (BOOT_CURR_IMG(state) == 1) {
+        if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER) {
             min_addr = PM_CPUNET_APP_ADDRESS;
             max_addr = PM_CPUNET_APP_ADDRESS + PM_CPUNET_APP_SIZE;
-#ifdef PM_S1_ADDRESS
-        } else if (BOOT_CURR_IMG(state) == 0) {
+            check_addresses = true;
+        } else
+#endif
+#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
+        if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER) {
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
             min_addr = PM_S0_ADDRESS;
-            max_addr = pri_fa->fa_off + pri_fa->fa_size;
+            max_addr = (PM_S0_ADDRESS + PM_S0_SIZE);
+#else
+            min_addr = PM_S1_ADDRESS;
+            max_addr = (PM_S1_ADDRESS + PM_S1_SIZE);
 #endif
+            check_addresses = true;
         } else
 #endif
-        {
+        if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER) {
+#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
+            min_addr = MIN(pri_fa->fa_off, PM_S0_ADDRESS);
+            max_addr = MAX((pri_fa->fa_off + pri_fa->fa_size), (PM_S0_ADDRESS + PM_S0_SIZE));
+#else
+            min_addr = MIN(pri_fa->fa_off, PM_S1_ADDRESS);
+            max_addr = MAX((pri_fa->fa_off + pri_fa->fa_size), (PM_S1_ADDRESS + PM_S1_SIZE));
+#endif
+#else
             min_addr = pri_fa->fa_off;
             max_addr = pri_fa->fa_off + pri_fa->fa_size;
+#endif
+            check_addresses = true;
         }
 
-        if (reset_value < min_addr || reset_value> (max_addr)) {
+        if (check_addresses == true && (reset_value < min_addr || reset_value > max_addr)) {
             BOOT_LOG_ERR("Reset address of image in secondary slot is not in the primary slot");
             BOOT_LOG_ERR("Erasing image from secondary slot");
 
@@ -1364,7 +1383,7 @@ static inline void sec_slot_mark_assigned(struct boot_loader_state *state)
 }
 
 /**
- * Cleanu up all secondary slot which couldn't be assigned to any primary slot.
+ * Cleanup up all secondary slot which couldn't be assigned to any primary slot.
  *
  * This function erases content of each secondary slot which contains valid
  * header but couldn't be assigned to any of supported primary images.
@@ -1428,7 +1447,7 @@ boot_validated_swap_type(struct boot_loader_state *state,
     owner_nsib[BOOT_CURR_IMG(state)] = false;
 #endif
 
-#if defined(PM_S1_ADDRESS) || defined(CONFIG_SOC_NRF5340_CPUAPP)
+#if defined(PM_S1_ADDRESS) || defined(PM_CPUNET_B0N_ADDRESS)
     const struct flash_area *secondary_fa =
         BOOT_IMG_AREA(state, BOOT_SECONDARY_SLOT);
     struct image_header *hdr = boot_img_hdr(state, BOOT_SECONDARY_SLOT);
@@ -1466,31 +1485,45 @@ boot_validated_swap_type(struct boot_loader_state *state,
             }
 
             /* Check start and end of primary slot for current image */
-            if (reset_addr < primary_fa->fa_off) {
-#if defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE)
-		    const struct flash_area *nsib_fa;
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
+            if (reset_addr >= PM_S0_ADDRESS && PM_S0_ADDRESS <= (PM_S0_ADDRESS + PM_S0_SIZE)) {
+#else
+            if (reset_addr >= PM_S1_ADDRESS && PM_S1_ADDRESS <= (PM_S1_ADDRESS + PM_S1_SIZE)) {
+#endif
+                if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER) {
+                    /* This is not the s0/s1 upgrade image but the application image, pretend
+                     * there is no image so the NSIB update can be loaded
+                     */
+                    return BOOT_SWAP_TYPE_NONE;
+                }
+#if 0 && defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE)
+                const struct flash_area *nsib_fa;
 
-                    /* NSIB upgrade slot */
-                    rc = flash_area_open((uint32_t)_image_1_primary_slot_id,
-                                    &nsib_fa);
+                /* NSIB upgrade slot */
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
+                rc = flash_area_open(PM_S0_ID, &nsib_fa);
+#else
+                rc = flash_area_open(PM_S1_ID, &nsib_fa);
+#endif
 
-                    if (rc != 0) {
-                            return BOOT_SWAP_TYPE_FAIL;
-                    }
+                if (rc != 0) {
+                    return BOOT_SWAP_TYPE_FAIL;
+                }
 
-                    /* Image is placed before Primary and within the NSIB slot */
-                    if (reset_addr > nsib_fa->fa_off
-                        && reset_addr < (nsib_fa->fa_off + nsib_fa->fa_size)) {
-                        /* Set primary to be NSIB upgrade slot */
-                        BOOT_IMG_AREA(state, 0) = nsib_fa;
-                        owner_nsib[BOOT_CURR_IMG(state)] = true;
-                    }
+                /* Set primary to be NSIB upgrade slot */
+                BOOT_IMG_AREA(state, 0) = nsib_fa;
+#endif
+                owner_nsib[BOOT_CURR_IMG(state)] = true;
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
+            } else if (reset_addr >= PM_S1_ADDRESS && PM_S1_ADDRESS <= (PM_S1_ADDRESS + PM_S1_SIZE)) {
 #else
-                return BOOT_SWAP_TYPE_NONE;
-
+            } else if (reset_addr >= PM_S0_ADDRESS && PM_S0_ADDRESS <= (PM_S0_ADDRESS + PM_S0_SIZE)) {
 #endif
-
-            } else if (reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) {
+                /* NSIB upgrade but for the wrong slot, must be erased */
+                LOG_ERR("Image in slot is for wrong s0/s1 image");
+                flash_area_erase(secondary_fa, 0, secondary_fa->fa_size);
+                return BOOT_SWAP_TYPE_FAIL;
+            } else if (reset_addr < primary_fa->fa_off || reset_addr > (primary_fa->fa_off + primary_fa->fa_size)) {
                 /* The image in the secondary slot is not intended for any */
                 return BOOT_SWAP_TYPE_NONE;
             }
@@ -1503,7 +1536,7 @@ boot_validated_swap_type(struct boot_loader_state *state,
         sec_slot_mark_assigned(state);
     }
 
-#endif /* PM_S1_ADDRESS || CONFIG_SOC_NRF5340_CPUAPP */
+#endif /* PM_S1_ADDRESS || PM_CPUNET_B0N_ADDRESS */
 
     swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state));
     if (BOOT_IS_UPGRADE(swap_type)) {
@@ -2035,7 +2068,22 @@ boot_swap_image(struct boot_loader_state *state, struct boot_status *bs)
         flash_area_close(fap);
     }
 
-    swap_run(state, bs, copy_size);
+#if defined(PM_S1_ADDRESS) && !MCUBOOT_OVERWRITE_ONLY && CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
+    if (owner_nsib[BOOT_CURR_IMG(state)]) {
+        if (BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER) {
+            /* For NSIB, move the image instead of swapping it */
+            nsib_swap_run(state, bs);
+
+#if defined(CONFIG_REBOOT)
+            /* Should also reboot at this point so the new S0/S1 update is applied */
+            sys_reboot(SYS_REBOOT_COLD);
+#endif
+        }
+    } else
+#endif
+    {
+        swap_run(state, bs, copy_size);
+    }
 
 #ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
     extern int boot_status_fails;
@@ -2701,12 +2749,6 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
                 rc = boot_perform_update(state, &bs);
             }
             assert(rc == 0);
-#if defined(PM_S1_ADDRESS) && defined(CONFIG_REBOOT)
-            if (owner_nsib[BOOT_CURR_IMG(state)]) {
-                    sys_reboot(SYS_REBOOT_COLD);
-
-            }
-#endif
             break;
 
         case BOOT_SWAP_TYPE_FAIL:
@@ -2780,7 +2822,8 @@ context_boot_go(struct boot_loader_state *state, struct boot_rsp *rsp)
          * executing MCUBoot image, and is therefore already validated by NSIB and
          * does not need to also be validated by MCUBoot.
          */
-        bool image_validated_by_nsib = BOOT_CURR_IMG(state) == 1;
+        bool image_validated_by_nsib = BOOT_CURR_IMG(state) ==
+                                       CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER;
         if (!image_validated_by_nsib)
 #endif
         {
 
@@ -0,0 +1,151 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stddef.h>
+#include <stdbool.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include "bootutil/bootutil.h"
+#include "bootutil_priv.h"
+#include "swap_priv.h"
+#include "bootutil/bootutil_log.h"
+
+#include "mcuboot_config/mcuboot_config.h"
+
+BOOT_LOG_MODULE_DECLARE(mcuboot);
+
+#if 0
+uint32_t
+find_last_idx(struct boot_loader_state *state, uint32_t swap_size)
+{
+    uint32_t sector_sz;
+    uint32_t sz;
+    uint32_t last_idx;
+
+    sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
+    sz = 0;
+    last_idx = 0;
+    while (1) {
+        sz += sector_sz;
+        last_idx++;
+        if (sz >= swap_size) {
+            break;
+        }
+    }
+
+    return last_idx;
+}
+#endif
+
+#if 0
+static int app_max_sectors(struct boot_loader_state *state)
+{
+    uint32_t sz = 0;
+    uint32_t sector_sz;
+    uint32_t trailer_sz;
+    uint32_t first_trailer_idx;
+
+    sector_sz = boot_img_sector_size(state, BOOT_PRIMARY_SLOT, 0);
+    trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
+    first_trailer_idx = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1;
+
+    while (1) {
+        sz += sector_sz;
+        if  (sz >= trailer_sz) {
+            break;
+        }
+        first_trailer_idx--;
+    }
+
+    return first_trailer_idx;
+}
+#endif
+
+void nsib_swap_run(struct boot_loader_state *state, struct boot_status *bs)
+{
+//    uint32_t sz;
+    uint32_t sector_sz;
+//    uint32_t idx;
+//    uint32_t trailer_sz;
+//    uint32_t first_trailer_idx;
+//    uint32_t last_idx;
+    uint8_t image_index;
+    const struct flash_area *fap_pri;
+    const struct flash_area *fap_sec;
+    int rc;
+
+    BOOT_LOG_INF("Starting swap using nsib algorithm.");
+
+    sector_sz = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0);
+
+#if (CONFIG_NCS_IS_VARIANT_IMAGE)
+    rc = flash_area_open(PM_S0_ID, &fap_pri);
+#else
+    rc = flash_area_open(PM_S1_ID, &fap_pri);
+#endif
+    assert (rc == 0);
+
+    /*
+     * When starting a new swap upgrade, check that there is enough space.
+     */
+#if 0
+    if (boot_status_is_reset(bs)) {
+        sz = 0;
+        trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
+        first_trailer_idx = boot_img_num_sectors(state, BOOT_PRIMARY_SLOT) - 1;
+
+        while (1) {
+            sz += sector_sz;
+            if  (sz >= trailer_sz) {
+                break;
+            }
+            first_trailer_idx--;
+        }
+
+        if (last_idx >= first_trailer_idx) {
+            BOOT_LOG_WRN("Not enough free space to run swap upgrade");
+            BOOT_LOG_WRN("required %d bytes but only %d are available",
+                         (last_idx + 1) * sector_sz,
+                         first_trailer_idx * sector_sz);
+            bs->swap_type = BOOT_SWAP_TYPE_NONE;
+            return;
+        }
+    }
+#endif
+
+    image_index = BOOT_CURR_IMG(state);
+
+    rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_index), &fap_sec);
+    assert (rc == 0);
+
+    rc = boot_erase_region(fap_pri, 0, fap_pri->fa_size);
+    assert(rc == 0);
+
+    rc = boot_copy_region(state, fap_sec, fap_pri, 0, 0, fap_pri->fa_size);
+    assert(rc == 0);
+
+    rc = swap_erase_trailer_sectors(state, fap_sec);
+    assert(rc == 0);
+
+    rc = boot_erase_region(fap_sec, 0, MIN((fap_pri->fa_size + sector_sz), fap_sec->fa_size));
+    assert(rc == 0);
+
+    flash_area_close(fap_pri);
+    flash_area_close(fap_sec);
+}
@@ -106,4 +106,12 @@ static inline size_t boot_scratch_area_size(const struct boot_loader_state *stat
  */
 int app_max_size(struct boot_loader_state *state);
 
+#if defined(PM_S1_ADDRESS) && !defined(MCUBOOT_OVERWRITE_ONLY) && \
+(CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 || defined(LEGACY_CHILD_PARENT_S0_S1_UPDATE_ENABLED))
+/**
+ * Performs an NSIB update
+ */
+void nsib_swap_run(struct boot_loader_state *state, struct boot_status *bs);
+#endif
+
 #endif /* H_SWAP_PRIV_ */