Skip to content

Commit 9dd5358

Browse files
nordicjmnordicjm
committed
[nrf noup] boot: bootutil: loader: Add s0/s1 checking of MCUboot image
Adds a check that will also check the s0/s1 package version of the currently running MCUboot against a MCUboot update image to ensure that an older version of MCUboot isn't loaded to the opposite slot Signed-off-by: Jamie McCrae <[email protected]>
1 parent 652fa0a commit 9dd5358

File tree

1 file changed

+28
-0
lines changed

1 file changed

+28
-0
lines changed

boot/bootutil/src/loader.c

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -105,6 +105,16 @@ static struct sector_buffer_t sector_buffers;
105105
#endif
106106
#endif
107107

108+
#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
109+
/* s0/s1 package version of the current MCUboot image */
110+
static const struct image_version mcuboot_s0_s1_image_version = {
111+
.iv_major = CONFIG_MCUBOOT_MCUBOOT_S0_S1_MCUBOOT_VERSION_MAJOR,
112+
.iv_minor = CONFIG_MCUBOOT_MCUBOOT_S0_S1_MCUBOOT_VERSION_MINOR,
113+
.iv_revision = CONFIG_MCUBOOT_MCUBOOT_S0_S1_MCUBOOT_VERSION_REVISION,
114+
.iv_build_num = CONFIG_MCUBOOT_MCUBOOT_S0_S1_MCUBOOT_VERSION_BUILD_NUMBER,
115+
};
116+
#endif
117+
108118
#if (BOOT_IMAGE_NUMBER > 1)
109119
#define IMAGES_ITER(x) for ((x) = 0; (x) < BOOT_IMAGE_NUMBER; ++(x))
110120
#else
@@ -1182,6 +1192,24 @@ boot_validate_slot(struct boot_loader_state *state, int slot,
11821192
rc = boot_version_cmp(
11831193
&boot_img_hdr(state, BOOT_SECONDARY_SLOT)->ih_ver,
11841194
&boot_img_hdr(state, BOOT_PRIMARY_SLOT)->ih_ver);
1195+
1196+
#if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1
1197+
if (rc >= 0 && BOOT_CURR_IMG(state) == CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER) {
1198+
/* Also check the new version of MCUboot against that of the current s0/s1 MCUboot
1199+
* trailer version to prevent downgrades
1200+
*/
1201+
int version_check;
1202+
1203+
version_check = boot_version_cmp(&boot_img_hdr(state, BOOT_SECONDARY_SLOT)->ih_ver,
1204+
&mcuboot_s0_s1_image_version);
1205+
1206+
/* Only update rc if the currently running version is newer */
1207+
if (version_check < rc) {
1208+
rc = version_check;
1209+
}
1210+
}
1211+
#endif
1212+
11851213
#endif
11861214
if (rc < 0 && boot_check_header_erased(state, BOOT_PRIMARY_SLOT)) {
11871215
BOOT_LOG_ERR("insufficient version in secondary slot");

0 commit comments

Comments
 (0)