[nrf noup] treewide: Add support for sysbuild assigned images #338
Conversation
nordicjm
force-pushed
the
imagenumberpr
branch
13 times, most recently
from
7223ba7 to
6c2d4b0
Compare
nordicjm
force-pushed
the
imagenumberpr
branch
7 times, most recently
from
9dd5358 to
08730ee
Compare
nordicjm
force-pushed
the
imagenumberpr
branch
3 times, most recently
from
bea59cd to
3a100a5
Compare
nordicjm
force-pushed
the
imagenumberpr
branch
4 times, most recently
from
76eac62 to
818f77b
Compare
nordicjm
force-pushed
the
imagenumberpr
branch
from
818f77b to
32e73bc
Compare
|
|
||
| #if (MCUBOOT_IMAGE_NUMBER == 2) && defined(PM_B0_ADDRESS) && \ | ||
| !defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE) | ||
| /* This configuration is peculiar - the one physical secondary slot is |
There was a problem hiding this comment.
It has it's own dedicated image number (present in MCUboot only, not present in the application)
| static inline void sec_slot_touch(struct boot_loader_state *state) | ||
| { | ||
| uint8_t idx = (SEC_SLOT_PHYSICAL_CNT == 1) ? 0 : BOOT_CURR_IMG(state); | ||
| #if CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 |
There was a problem hiding this comment.
now sec_slot_assignment can be marked twice. I do not understand that.
There was a problem hiding this comment.
This feature is completely broken in child/parent image as I've said many time, depending on what you have, you can get MCUboot to mark an image for upgrade, after which the cleanup code will run, then it will upgrade the primary for 4 bytes, and bricks the module. And brick meaning if access port protection is enabled, the device is irrecoverably dead, likely out in the field. This code here actually works by checking the slots properly and marking both as used if it is a shared slot. Note that all of these test cases are checked as part of sdk-mcuboot CI and pass.
The original code was added at the complete wrong point, it should have been added after the update, not before the update runs, because essentially you have the equivalent of use-after-free-pointer
boot/bootutil/src/loader.c
Outdated
| */ | ||
| return BOOT_SWAP_TYPE_NONE; | ||
| } | ||
| #if 0 && defined(CONFIG_SOC_NRF5340_CPUAPP) && defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE) |
Adds support for image IDs that are assigned by sysbuild, which allows for dynamically supporting different configurations without needing dummy images to support different modes. Also fixes multiple deficiencies with the previous code where things were not properly accounted for e.g. using the swap algorithm including all swap status parts when updating s0/s1 MCUboot image which could overwrite and corrupt the image data in the other slot Signed-off-by: Jamie McCrae <[email protected]>
fixup! [nrf noup] treewide: add NCS partition manager support Fixes an issue whereby the end address of MCUboot had no alignment requirements what-so-ever and would produce completely invalid configurations for NSIB that prevented it from being upgradeable Signed-off-by: Jamie McCrae <[email protected]>
Adds a check that will also check the s0/s1 package version of the currently running MCUboot against a MCUboot update image to ensure that an older version of MCUboot isn't loaded to the opposite slot Signed-off-by: Jamie McCrae <[email protected]>
Adds support for child and parent images back, this commit will be reverted after the NCS 2.8 release when child/parent support is dropped Signed-off-by: Jamie McCrae <[email protected]>
nordicjm
force-pushed
the
imagenumberpr
branch
from
32e73bc to
538689f
Compare
gchwier
left a comment
gchwier
left a comment
There was a problem hiding this comment.
test_sdk_mcuboot aligned on branch sdk-nrf-pr-17567.
CI is green, but this PR includes a significant number of changes. Our tests do not cover every configuration that has been modified, so please be aware that merging this PR carries some risk.
5 participants
No description provided.