applications: nrf_desktop: dfu: add support for MCUboot RAM load

Added support for the RAM load mode of the MCUboot bootloader to
the nRF Desktop application DFU module.

Added a linker script with the assert statement that prevents the
executable RAM region of the application image to overflow the
standard RAM region of the MCUboot image.

Ref: NCSDK-35506

Signed-off-by: Kamil Piszczek <[email protected]>

Author: kapi-no

applications/nrf_desktop/CMakeLists.txt

@@ -54,4 +54,7 @@ if(CONFIG_DESKTOP_CONFIG_CHANNEL_ENABLE)
                                   INPUT "config_channel_modules"
                                   SYMBOLS __start_config_channel_modules __stop_config_channel_modules
                                   KEEP SORT NAME)
+  if(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD)
+    zephyr_linker_sources(RODATA linker/config_channel_dfu_ram_load.ld)
+  endif()
 endif()

applications/nrf_desktop/linker/config_channel_dfu_ram_load.ld

@@ -0,0 +1,3 @@
+/* Validate that the executable RAM region does not overlap with the MCUboot RAM region. */
+ASSERT(__rom_region_end <= CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD_MCUBOOT_RAM_START_ADDR,
+	"The executable RAM region overlaps with the MCUboot RAM region");

applications/nrf_desktop/src/modules/Kconfig.config_channel

@@ -73,10 +73,18 @@ config DESKTOP_CONFIG_CHANNEL_DFU_SYNC_BUFFER_SIZE
 	  The host must perform progress synchronization at least
 	  every synchronization buffer bytes count.
 
-config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP
-	bool "Device uses MCUboot bootloader in direct-xip mode"
+choice DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT
+	prompt "Adjust the DFU module to be compatible with the specific mode of MCUboot"
 	depends on BOOTLOADER_MCUBOOT
-	default y if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
+	default DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP if MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
+	default DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD if MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
+	default DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_UNSPECIFIED
+	help
+	  Adjust the DFU module behavior to the MCUboot bootloader mode. The choice options are
+	  only available for the bootloader modes that require adjustments.
+
+config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP
+	bool "Adjust the DFU module to be compatible with the direct-xip mode of MCUboot"
 	help
 	  The option informs the DFU module that the MCUboot bootloader supports
 	  direct-xip mode. In this mode, the image is booted directly from the
@@ -88,6 +96,46 @@ config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP
 	  the image with a higher version. The module does not mark the newly
 	  uploaded image as pending nor confirm it after a successful boot.
 
+config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+	bool "Adjust the DFU module to be compatible with the RAM load mode of MCUboot"
+	depends on USE_DT_CODE_PARTITION
+	depends on $(dt_nodelabel_exists,cpuapp_sram_mcuboot_ram_region)
+	select EXPERIMENTAL
+	help
+	  The option informs the DFU module that the MCUboot bootloader supports
+	  RAM load mode. In this mode, the image with the higher version is copied to
+	  the RAM and booted from there.
+
+	  The DFU module assumes that MCUboot RAM load bootloader simply copies
+	  the image with a higher version and boots it from there. The module does not
+	  mark the newly uploaded image as pending nor confirm it after a successful boot.
+
+	  This option also requires the definition of the cpuapp_sram_mcuboot_ram_region DTS node
+	  to indicate the RAM region reserved for the MCUboot image. This information is used to
+	  validate if the executable RAM region of the application image does not overlap with
+	  the RAM region of the MCUboot image.
+
+config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_UNSPECIFIED
+	bool "Use this option when the bootloader mode does not require any adjustments"
+	help
+	  Use this option when the bootloader mode does not require any adjustments. For example,
+	  the bootloader in the swap mode defaults to this option as it does not require any
+	  adjustments.
+
+endchoice
+
+if DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+
+config DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD_MCUBOOT_RAM_START_ADDR
+	hex
+	default $(dt_nodelabel_reg_addr_hex,cpuapp_sram_mcuboot_ram_region)
+	help
+	  The start address of the MCUboot RAM region. The Kconfig option is used to validate
+	  if the executable RAM region of the application image (also called the ROM section)
+	  does not overlap with the RAM region of the MCUboot image.
+
+endif # DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+
 config DESKTOP_CONFIG_CHANNEL_DFU_VID
 	hex "Configuration channel Vendor ID"
 	range 0 0XFFFF

applications/nrf_desktop/src/modules/dfu.c

@@ -72,6 +72,15 @@ LOG_MODULE_REGISTER(MODULE, CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_LOG_LEVEL);
 		#define BOOTLOADER_NAME "MCUBOOT"
 	#endif
 
+	/* Validate the MCUboot bootloader mode compatibility with this DFU module. */
+	#if CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
+		BUILD_ASSERT(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP);
+	#elif CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD
+		BUILD_ASSERT(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD);
+	#else
+		BUILD_ASSERT(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_UNSPECIFIED);
+	#endif
+
 	#if CONFIG_PARTITION_MANAGER_ENABLED
 		#include <pm_config.h>
 
@@ -123,18 +132,28 @@ LOG_MODULE_REGISTER(MODULE, CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_LOG_LEVEL);
 		#define MCUBOOT_PRIMARY_SLOT_ID   DT_FIXED_PARTITION_ID(MCUBOOT_PRIMARY_NODE)
 		#define MCUBOOT_SECONDARY_SLOT_ID DT_FIXED_PARTITION_ID(MCUBOOT_SECONDARY_NODE)
 
-		/* Use range check to allow for placing MCUboot header in a separate partition,
-		 * so the application code partition is not an alias for the MCUboot partition,
-		 * but a subpartition of the MCUboot partition.
-		 */
-		#if (CODE_PARTITION_START_ADDR >= MCUBOOT_PRIMARY_START_ADDR) && \
-		    (CODE_PARTITION_START_ADDR < MCUBOOT_PRIMARY_END_ADDR)
-			#define DFU_SLOT_ID MCUBOOT_SECONDARY_SLOT_ID
-		#elif (CODE_PARTITION_START_ADDR >= MCUBOOT_SECONDARY_START_ADDR) && \
-		      (CODE_PARTITION_START_ADDR < MCUBOOT_SECONDARY_END_ADDR)
-			#define DFU_SLOT_ID MCUBOOT_PRIMARY_SLOT_ID
+
+		#if CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+			/* Use the macro alias for the DFU slot ID that needs to be set in runtime
+			 * when the MCUboot is configured for the RAM load mode.
+			 */
+			#define DFU_SLOT_ID_INVALID (0xFF)
+			static uint8_t dfu_slot_id = DFU_SLOT_ID_INVALID;
+			#define DFU_SLOT_ID (dfu_slot_id)
 		#else
-			#error Missing partition definitions in DTS.
+			/* Use range check to allow for placing MCUboot header in a separate
+			 * partition,so the application code partition is not an alias for the
+			 * MCUboot partition, but a subpartition of the MCUboot partition.
+			 */
+			#if (CODE_PARTITION_START_ADDR >= MCUBOOT_PRIMARY_START_ADDR) && \
+			(CODE_PARTITION_START_ADDR < MCUBOOT_PRIMARY_END_ADDR)
+				#define DFU_SLOT_ID MCUBOOT_SECONDARY_SLOT_ID
+			#elif (CODE_PARTITION_START_ADDR >= MCUBOOT_SECONDARY_START_ADDR) && \
+			(CODE_PARTITION_START_ADDR < MCUBOOT_SECONDARY_END_ADDR)
+				#define DFU_SLOT_ID MCUBOOT_PRIMARY_SLOT_ID
+			#else
+				#error Missing partition definitions in DTS.
+			#endif
 		#endif
 	#else
 		#error Unsupported partitioning scheme.
@@ -143,6 +162,15 @@ LOG_MODULE_REGISTER(MODULE, CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_LOG_LEVEL);
 	#error Bootloader not supported.
 #endif
 
+/* This value denotes whether the revert feature is supported by the bootloader.
+ * Currently, the revert feature is only supported by the MCUboot bootloader that
+ * is not configured for the standard direct-xip or RAM load mode.
+ */
+#define DFU_REVERT_FEATURE_IS_SUPPORTED                            \
+	(CONFIG_BOOTLOADER_MCUBOOT) &&                             \
+	!(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP) && \
+	!(CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD)
+
 static struct k_work_delayable dfu_timeout;
 static struct k_work_delayable reboot_request;
 static struct k_work_delayable background_erase;
@@ -357,7 +385,7 @@ static void complete_dfu_data_store(void)
 
 	if (cur_offset == img_length) {
 		LOG_INF("DFU image written");
-#if CONFIG_BOOTLOADER_MCUBOOT && !CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP
+#if DFU_REVERT_FEATURE_IS_SUPPORTED
 		int err = boot_request_upgrade(false);
 		if (err) {
 			LOG_ERR("Cannot request the image upgrade (err:%d)", err);
@@ -879,6 +907,26 @@ static void fetch_config(const uint8_t opt_id, uint8_t *data, size_t *size)
 	}
 }
 
+#if CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+static void dfu_slot_id_runtime_init(void)
+{
+	uint8_t active_slot_id;
+
+	__ASSERT_NO_MSG(dfu_slot_id == DFU_SLOT_ID_INVALID);
+
+	active_slot_id = boot_fetch_active_slot();
+	dfu_slot_id = (active_slot_id == MCUBOOT_SECONDARY_SLOT_ID) ?
+		MCUBOOT_PRIMARY_SLOT_ID : MCUBOOT_SECONDARY_SLOT_ID;
+
+	__ASSERT_NO_MSG(dfu_slot_id != DFU_SLOT_ID_INVALID);
+	__ASSERT_NO_MSG((active_slot_id == MCUBOOT_PRIMARY_SLOT_ID) ||
+			(active_slot_id == MCUBOOT_SECONDARY_SLOT_ID));
+
+	LOG_INF("DFU slot configured in runtime for the %s slot",
+		dfu_slot_id == MCUBOOT_PRIMARY_SLOT_ID ? "primary" : "secondary");
+}
+#endif
+
 static bool app_event_handler(const struct app_event_header *aeh)
 {
 	if (is_hid_report_event(aeh)) {
@@ -902,7 +950,12 @@ static bool app_event_handler(const struct app_event_header *aeh)
 
 		if (check_state(event, MODULE_ID(main), MODULE_STATE_READY)) {
 			int err;
-#if CONFIG_BOOTLOADER_MCUBOOT && !CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_DIRECT_XIP
+
+#if CONFIG_DESKTOP_CONFIG_CHANNEL_DFU_MCUBOOT_RAM_LOAD
+			dfu_slot_id_runtime_init();
+#endif
+
+#if DFU_REVERT_FEATURE_IS_SUPPORTED
 			err = boot_write_img_confirmed();
 
 			if (err) {