ab_split: Enable boot preference persistance

Add additional region to keep the value of boot preference across
reboots.

Ref: NCSDK-35479

Signed-off-by: Tomasz Chyrowicz <[email protected]>

Author: tomchy

samples/dfu/ab_split/README.rst

@@ -83,7 +83,9 @@ The following conditions decide which slot is considered *active* and is booted
 #. For all other images, the same slot is selected.
 
 You can set the preferred slot using the ``boot_request_set_preferred_slot`` function.
-Currently, this only sets the boot preference for a single reboot.
+If the :kconfig:option:`CONFIG_NRF_MCUBOOT_BOOT_REQUEST_PREFERENCE_KEEP` option is enabled, the slot preference remains persistent across reboots..
+Otherwise, the slot preference is cleared on reboot.
+To enable the persistence of a preferred slot, define a backup region for the bootloader request area by using the ``nrf,bootloader-request-backup`` chosen node in the devicetree.
 
 Identifying the active slot
 ---------------------------

samples/dfu/ab_split/prj.conf

@@ -41,14 +41,9 @@ CONFIG_MCUBOOT_UTIL_LOG_LEVEL_WRN=y
 # Disable debug logging
 CONFIG_LOG_MAX_LEVEL=3
 
-# Enable boot requests through retained memory.
-CONFIG_RETAINED_MEM=y
-CONFIG_RETENTION=y
+# Enable boot requests.
 CONFIG_NRF_MCUBOOT_BOOT_REQUEST=y
 
-CONFIG_RETENTION_BOOT_MODE=y
-CONFIG_MCUMGR_GRP_OS_RESET_BOOT_MODE=y
-
 # Enable DK LED/button library
 CONFIG_DK_LIBRARY=y
 
@@ -102,5 +97,7 @@ CONFIG_DEVMEM_SHELL=n
 CONFIG_FLASH_SHELL=n
 
 # Read bootloader version and security counters values from the retained RAM
+CONFIG_RETAINED_MEM=y
+CONFIG_RETENTION=y
 CONFIG_RETENTION_BOOTLOADER_INFO=y
 CONFIG_RETENTION_BOOTLOADER_INFO_TYPE_MCUBOOT=y

samples/dfu/ab_split/src/ab_utils.c

@@ -14,15 +14,11 @@
 
 LOG_MODULE_DECLARE(ab_sample);
 
-#define ACTIVE_IMAGE 0
-
 #define CODE_PARTITION DT_CHOSEN(zephyr_code_partition)
 #define CODE_PARTITION_OFFSET FIXED_PARTITION_NODE_OFFSET(CODE_PARTITION)
 
 #define SLOT_A_PARTITION cpuapp_slot0_partition
 #define SLOT_B_PARTITION cpuapp_slot1_partition
-#define CPURAD_SLOT_A_PARTITION cpurad_slot0_partition
-#define CPURAD_SLOT_B_PARTITION cpurad_slot1_partition
 
 #define SLOT_A_OFFSET FIXED_PARTITION_OFFSET(SLOT_A_PARTITION)
 #define SLOT_B_OFFSET FIXED_PARTITION_OFFSET(SLOT_B_PARTITION)
@@ -31,8 +27,6 @@ LOG_MODULE_DECLARE(ab_sample);
 
 #define SLOT_A_FLASH_AREA_ID FIXED_PARTITION_ID(SLOT_A_PARTITION)
 #define SLOT_B_FLASH_AREA_ID FIXED_PARTITION_ID(SLOT_B_PARTITION)
-#define CPURAD_SLOT_A_FLASH_AREA_ID FIXED_PARTITION_ID(CPURAD_SLOT_A_PARTITION)
-#define CPURAD_SLOT_B_FLASH_AREA_ID FIXED_PARTITION_ID(CPURAD_SLOT_B_PARTITION)
 
 #define IS_SLOT_A                                                                                  \
 	(CODE_PARTITION_OFFSET >= SLOT_A_OFFSET &&                                                 \
@@ -45,12 +39,6 @@ LOG_MODULE_DECLARE(ab_sample);
 #define STATUS_LEDS_THREAD_PRIORITY (CONFIG_NUM_PREEMPT_PRIORITIES - 1)
 K_THREAD_STACK_DEFINE(status_leds_thread_stack_area, STATUS_LEDS_THREAD_STACK_SIZE);
 
-enum ab_boot_slot {
-	SLOT_A = 0,
-	SLOT_B = 1,
-	SLOT_INVALID,
-};
-
 /** @brief Radio firmware self test
  *
  * @details
@@ -78,44 +66,79 @@ static bool app_domain_healthy(void)
 	return true;
 }
 
-static enum ab_boot_slot active_boot_slot_get(void)
+static enum boot_slot active_boot_slot_get(void)
 {
-	enum ab_boot_slot active_slot = SLOT_INVALID;
+	enum boot_slot active_slot = BOOT_SLOT_NONE;
 
 	if (IS_SLOT_A) {
-		active_slot = SLOT_A;
+		active_slot = BOOT_SLOT_PRIMARY;
 	} else if (IS_SLOT_B) {
-		active_slot = SLOT_B;
+		active_slot = BOOT_SLOT_SECONDARY;
 	} else {
 		LOG_ERR("Cannot determine current slot");
 	}
 
 	return active_slot;
 }
 
-static void device_healthcheck(void)
+static bool slot_confirmed(enum boot_slot slot)
 {
-	int err;
-	char *img_set = NULL;
+	struct boot_swap_state state;
 	const struct flash_area *fa;
 	int area_id = -1;
-	int cpurad_area_id = -1;
-	enum ab_boot_slot active_slot = active_boot_slot_get();
-
-	if (active_slot == SLOT_INVALID) {
-		return;
-	}
+	char *img_set = NULL;
+	bool confirmed = false;
+	int ret;
 
-	/* Confirming only in non-degraded boot states
-	 */
-	if (active_slot == SLOT_A) {
+	if (slot == BOOT_SLOT_PRIMARY) {
 		img_set = "A";
 		area_id = SLOT_A_FLASH_AREA_ID;
-		cpurad_area_id = CPURAD_SLOT_A_FLASH_AREA_ID;
-	} else if (active_slot == SLOT_B) {
+	} else if (slot == BOOT_SLOT_SECONDARY) {
 		img_set = "B";
 		area_id = SLOT_B_FLASH_AREA_ID;
-		cpurad_area_id = CPURAD_SLOT_B_FLASH_AREA_ID;
+	} else {
+		LOG_ERR("Cannot determine slot to check for confirmation");
+		return false;
+	}
+
+	if (flash_area_open(area_id, &fa) != 0) {
+		LOG_ERR("Cannot open flash area for slot %s", img_set);
+		return false;
+	}
+
+	ret = boot_read_swap_state(fa, &state);
+	if (ret != 0) {
+		LOG_ERR("Cannot read swap state for slot %s", img_set);
+	} else if (state.image_ok == BOOT_FLAG_SET) {
+		confirmed = true;
+	} else {
+		confirmed = false;
+	}
+
+	flash_area_close(fa);
+
+	return confirmed;
+}
+
+static void device_healthcheck(void)
+{
+	int err;
+	char *img_set = NULL;
+	enum boot_slot active_slot = active_boot_slot_get();
+
+	/* Confirming only in non-degraded boot states */
+	if (active_slot == BOOT_SLOT_PRIMARY) {
+		img_set = "A";
+	} else if (active_slot == BOOT_SLOT_SECONDARY) {
+		img_set = "B";
+	} else {
+		LOG_ERR("Cannot determine active slot for health check");
+		return;
+	}
+
+	if (slot_confirmed(active_slot)) {
+		LOG_INF("Slot %s already confirmed, no action needed", img_set);
+		return;
 	}
 
 	LOG_INF("Testing image set %s...", img_set);
@@ -139,54 +162,40 @@ static void device_healthcheck(void)
 
 	LOG_INF("Confirming...");
 
-	if (flash_area_open(area_id, &fa) != 0) {
-		LOG_ERR("Cannot open flash area for application slot %s", img_set);
-		return;
-	}
-
-	err = boot_set_next(fa, true, true);
-
-	flash_area_close(fa);
-	if (err == 0) {
-		LOG_INF("Application confirmed\n");
-	} else {
-		LOG_ERR("Failed to confirm application, err: %d", err);
-	}
-
-	if (flash_area_open(cpurad_area_id, &fa) != 0) {
-		LOG_ERR("Cannot open flash area for radio slot %s", img_set);
-		return;
-	}
-
-	err = boot_set_next(fa, true, true);
-
-	flash_area_close(fa);
+	err = boot_request_confirm_slot(CONFIG_NCS_MCUBOOT_MANIFEST_IMAGE_INDEX, active_slot);
 	if (err == 0) {
-		LOG_INF("Radio confirmed\n");
+		LOG_INF("Confirmed\n");
 	} else {
-		LOG_ERR("Failed to confirm radio, err: %d", err);
+		LOG_ERR("Failed to confirm, err: %d", err);
 	}
 }
 
-static void select_slot_for_single_boot(enum ab_boot_slot slot)
+static void select_slot_for_single_boot(enum boot_slot slot)
 {
 	int err = 0;
-	char active_slot = (active_boot_slot_get() == SLOT_A) ? 'A' : 'B';
-	enum boot_slot new_slot = BOOT_SLOT_NONE;
+	char active_slot = (active_boot_slot_get() == BOOT_SLOT_PRIMARY) ? 'A' : 'B';
 
-	if (slot == SLOT_A) {
+#ifdef CONFIG_NRF_MCUBOOT_BOOT_REQUEST_PREFERENCE_KEEP
+	if (slot == BOOT_SLOT_PRIMARY) {
+		LOG_INF("Switching slots (%c -> A)", active_slot);
+	} else if (slot == BOOT_SLOT_SECONDARY) {
+		LOG_INF("Switching slots (%c -> B)", active_slot);
+	} else {
+		LOG_ERR("Cannot determine active slot, cannot toggle");
+		return;
+	}
+#else
+	if (slot == BOOT_SLOT_PRIMARY) {
 		LOG_INF("Temporarily switching slots (%c -> A)", active_slot);
-		new_slot = BOOT_SLOT_PRIMARY;
-	} else if (slot == SLOT_B) {
+	} else if (slot == BOOT_SLOT_SECONDARY) {
 		LOG_INF("Temporarily switching slots (%c -> B)", active_slot);
-		new_slot = BOOT_SLOT_SECONDARY;
 	} else {
 		LOG_ERR("Cannot determine active slot, cannot toggle");
 		return;
 	}
+#endif
 
-	err = boot_request_set_preferred_slot(ACTIVE_IMAGE, new_slot);
-
+	err = boot_request_set_preferred_slot(CONFIG_NCS_MCUBOOT_MANIFEST_IMAGE_INDEX, slot);
 	if (err == 0) {
 		LOG_INF("Slot toggled, restart the device to enforce");
 	} else {
@@ -196,11 +205,11 @@ static void select_slot_for_single_boot(enum ab_boot_slot slot)
 
 static void boot_state_report(void)
 {
-	enum ab_boot_slot active_slot = active_boot_slot_get();
+	enum boot_slot active_slot = active_boot_slot_get();
 
-	if (active_slot == SLOT_A) {
+	if (active_slot == BOOT_SLOT_PRIMARY) {
 		LOG_INF("Booted from slot A");
-	} else if (active_slot == SLOT_B) {
+	} else if (active_slot == BOOT_SLOT_SECONDARY) {
 		LOG_INF("Booted from slot B");
 	} else {
 		LOG_INF("Cannot determine active slot");
@@ -210,9 +219,9 @@ static void boot_state_report(void)
 static void button_handler(uint32_t button_state, uint32_t has_changed)
 {
 	if ((has_changed & DK_BTN1_MSK) && (button_state & DK_BTN1_MSK)) {
-		select_slot_for_single_boot(SLOT_A);
+		select_slot_for_single_boot(BOOT_SLOT_PRIMARY);
 	} else if ((has_changed & DK_BTN2_MSK) && (button_state & DK_BTN2_MSK)) {
-		select_slot_for_single_boot(SLOT_B);
+		select_slot_for_single_boot(BOOT_SLOT_SECONDARY);
 	}
 }
 
@@ -221,11 +230,11 @@ struct k_thread status_leds_thread_data;
 static void status_leds_thread_entry_point(void *p1, void *p2, void *p3)
 {
 	int blinking_led = DK_LED1;
-	enum ab_boot_slot active_slot = active_boot_slot_get();
+	enum boot_slot active_slot = active_boot_slot_get();
 
-	if (active_slot == SLOT_A) {
+	if (active_slot == BOOT_SLOT_PRIMARY) {
 		blinking_led = DK_LED1;
-	} else if (active_slot == SLOT_B) {
+	} else if (active_slot == BOOT_SLOT_SECONDARY) {
 		blinking_led = DK_LED2;
 	} else {
 		return;

samples/dfu/ab_split/sysbuild/mcuboot/prj.conf

@@ -1,6 +1,5 @@
-# Enable boot requests through retained memory.
-CONFIG_RETAINED_MEM=y
-CONFIG_RETENTION=y
+# Enable boot requests.
+CONFIG_CRC=y
 CONFIG_NRF_MCUBOOT_BOOT_REQUEST=y
 
 CONFIG_NRF_SECURITY=y
@@ -32,6 +31,8 @@ CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=0
 CONFIG_NCS_APPLICATION_BOOT_BANNER_STRING="MCUboot"
 
 # Expose bootloader version and security counter through retention
+CONFIG_RETAINED_MEM=y
+CONFIG_RETENTION=y
 CONFIG_BOOT_SHARE_DATA=y
 CONFIG_BOOT_SHARE_DATA_BOOTINFO=y
 CONFIG_BOOT_SHARE_BACKEND_RETENTION=y

samples/dfu/ab_split/sysbuild/nrf54h20dk_nrf54h20_memory_map.dtsi

@@ -7,35 +7,24 @@
 / {
 	chosen {
 		nrf,bootloader-request = &boot_request;
+		nrf,bootloader-request-backup = &boot_request_backup;
 		zephyr,bootloader-info = &boot_info0;
 	};
 };
 
-/ {
-	reserved-memory {
-		cpuapp_retained_mem: memory@e1ad000 {
-			compatible = "zephyr,memory-region";
-			reg = <0xe1ad000 DT_SIZE_K(4)>;
-			zephyr,memory-region = "RetainedNvm";
-			status = "okay";
-
-			retainedmem {
-				compatible = "zephyr,retained-ram";
-				status = "okay";
-				#address-cells = <1>;
-				#size-cells = <1>;
+&mram1x {
+	partitions {
+		boot_request: partition@1ad000 {
+			reg = <0x1ad000 16>;
+		};
 
-				boot_request: boot_request@0 {
-					compatible = "zephyr,retention";
-					status = "okay";
-					reg = <0x0 16>;
-					prefix = [0B 01];
-					checksum = <4>;
-				};
-			};
+		boot_request_backup: partition@1ad010 {
+			reg = <0x1ad010 16>;
 		};
 	};
+};
 
+/ {
 	sram@22007FC0 {
 		compatible = "zephyr,memory-region", "mmio-sram";
 		reg = <0x22007FC0 0x40>;