Merge pull request #590 from danielinux/flash-write-as-nsc

dgarske · web-flow · commit 0ce77a4d2742 · 2025-10-07T09:21:02.000-07:00
NSC functions: add helper to facilitate updates as trustzone non-secure callable
diff --git a/hal/rp2350.c b/hal/rp2350.c
@@ -224,7 +224,21 @@ void hal_prepare_boot(void)
 
 int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 {
-    flash_range_program(address - XIP_BASE, data, len);
+    uint8_t cache[WOLFBOOT_SECTOR_SIZE];
+    uint32_t written = 0;
+    uint32_t sz;
+    if (((uintptr_t)data & 0x20000000UL) == 0) {
+        /* Not in RAM: copy to cache before writing */
+        while (written < len) {
+            sz = WOLFBOOT_SECTOR_SIZE;
+            if (sz > (len - written))
+                sz = len - written;
+            memcpy(cache, data + written, sz);
+            flash_range_program(address - XIP_BASE + written, cache, sz);
+            written += sz;
+        }
+    } else
+        flash_range_program(address - XIP_BASE, data, len);
     return 0;
 }
 
diff --git a/include/wolfboot/wolfboot.h b/include/wolfboot/wolfboot.h
@@ -412,6 +412,38 @@ int wolfBoot_set_encrypt_key(const uint8_t *key, const uint8_t *nonce);
 int wolfBoot_get_encrypt_key(uint8_t *key, uint8_t *nonce);
 int wolfBoot_erase_encrypt_key(void);
 
+#if !defined(__WOLFBOOT) && defined(WOLFCRYPT_SECURE_MODE)
+
+/* Applications can access update success/trigger and flash erase/write
+ * via non-secure callable, to facilitate updates
+ */
+
+/* Call wolfBoot_success from non-secure application */
+
+__attribute__((cmse_nonsecure_entry))
+void wolfBoot_nsc_success(void);
+
+/* Call wolfBoot_update_trigger from non-secure application */
+__attribute__((cmse_nonsecure_entry))
+void wolfBoot_nsc_update_trigger(void);
+
+/* Erase one or more sectors in the update partition.
+ * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS)
+ * - len: size, in bytes
+ */
+__attribute__((cmse_nonsecure_entry))
+int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len);
+
+/* Write the content of buffer `buf` and size `len` to the update partition,
+ *  at offset address, from non-secure application
+ * - address: offset within the update partition ('0' corresponds to PARTITION_UPDATE_ADDRESS)
+ * - len: size, in bytes
+ */
+__attribute__((cmse_nonsecure_entry))
+int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len);
+
+#endif /* !__WOLFBOOT && WOLFCRYPT_SECURE_MODE */
+
 
 #ifdef __cplusplus
 }
diff --git a/src/libwolfboot.c b/src/libwolfboot.c
@@ -1999,3 +1999,40 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst)
 }
 #endif /* MMU */
 #endif /* EXT_ENCRYPTED */
+
+#if defined(__WOLFBOOT) && defined(WOLFCRYPT_SECURE_MODE)
+__attribute__((cmse_nonsecure_entry))
+void wolfBoot_nsc_success(void)
+{
+    wolfBoot_success();
+}
+
+__attribute__((cmse_nonsecure_entry))
+void wolfBoot_nsc_update_trigger(void)
+{
+    wolfBoot_update_trigger();
+}
+
+__attribute__((cmse_nonsecure_entry))
+int wolfBoot_nsc_erase_update(uint32_t address, uint32_t len)
+{
+    if (address > WOLFBOOT_PARTITION_SIZE)
+        return -1;
+    if (address + len > WOLFBOOT_PARTITION_SIZE)
+        return -1;
+    return hal_flash_erase(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, len);
+
+}
+
+__attribute__((cmse_nonsecure_entry))
+int wolfBoot_nsc_write_update(uint32_t address, const uint8_t *buf, uint32_t len)
+{
+    if (address > WOLFBOOT_PARTITION_SIZE)
+        return -1;
+    if (address + len > WOLFBOOT_PARTITION_SIZE)
+        return -1;
+    return hal_flash_write(address + WOLFBOOT_PARTITION_UPDATE_ADDRESS, buf, len);
+}
+
+#endif
+
