boot: Correct MCUBOOT_DIRECT_XIP_REVERT enablement
To avoid potential errors caused by misconfiguration make sure the
conditionally compiled snippets of code surrounded by the
MCUBOOT_DIRECT_XIP_REVERT macro are only used when direct-xip mode
is selected.
Change-Id: I6178d8186a7ca05887bc7590f5fa0c8f83f3d731
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index 7120915..2a2d14a 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -67,17 +67,16 @@
/* Index of the slot chosen to be loaded */
uint32_t active_slot;
bool slot_available[BOOT_NUM_SLOTS];
-#ifdef MCUBOOT_RAM_LOAD
+#if defined(MCUBOOT_RAM_LOAD)
/* Image destination and size for the active slot */
uint32_t img_dst;
uint32_t img_sz;
-#endif /* MCUBOOT_RAM_LOAD */
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#elif defined(MCUBOOT_DIRECT_XIP_REVERT)
/* Swap status for the active slot */
struct boot_swap_state swap_state;
-#endif /* MCUBOOT_DIRECT_XIP_REVERT */
-};
#endif
+};
+#endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
/*
* This macro allows some control on the allocation of local variables.
@@ -2247,7 +2246,7 @@
}
#endif
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
/**
* Checks whether the active slot of the current image was previously selected
* to run. Erases the image if it was selected but its execution failed,
@@ -2320,7 +2319,7 @@
return rc;
}
-#endif /* MCUBOOT_DIRECT_XIP_REVERT */
+#endif /* MCUBOOT_DIRECT_XIP && MCUBOOT_DIRECT_XIP_REVERT */
#ifdef MCUBOOT_RAM_LOAD
@@ -2812,7 +2811,6 @@
slot_usage[BOOT_CURR_IMG(state)].active_slot = NO_ACTIVE_SLOT;
continue;
}
-#endif /* MCUBOOT_DIRECT_XIP */
#ifdef MCUBOOT_DIRECT_XIP_REVERT
rc = boot_select_or_erase(state, slot_usage);
@@ -2823,6 +2821,7 @@
continue;
}
#endif /* MCUBOOT_DIRECT_XIP_REVERT */
+#endif /* MCUBOOT_DIRECT_XIP */
#ifdef MCUBOOT_RAM_LOAD
/* Image is first loaded to RAM and authenticated there in order to
@@ -2877,7 +2876,7 @@
/* Update the stored security counter with the newer (active) image's
* security counter value.
*/
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
/* When the 'revert' mechanism is enabled in direct-xip mode, the
* security counter can be increased only after reboot, if the image
* has been confirmed at runtime (the image_ok flag has been set).
@@ -2892,7 +2891,7 @@
"validation.");
return rc;
}
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
}
#endif
diff --git a/docs/design.md b/docs/design.md
index a296a8f..2af0432 100644
--- a/docs/design.md
+++ b/docs/design.md
@@ -347,14 +347,14 @@
### [Revert mechanism in direct-xip mode](#direct-xip-revert)
The direct-xip mode also supports a "revert" mechanism which is the equivalent
-of the swap mode's "revert" swap. It can be enabled with the
-MCUBOOT_DIRECT_XIP_REVERT config option and an image trailer must also be added
-to the signed images (the "--pad" option of the `imgtool` script must be used).
-For more information on this please read the [Image Trailer](#image-trailer)
-section and the [imgtool](imgtool.md) documentation. Making the images permanent
-(marking them as confirmed in advance) is also supported just like in swap mode.
-The individual steps of the direct-xip mode's "revert" mechanism are the
-following:
+of the swap mode's "revert" swap. When the direct-xip mode is selected it can be
+enabled with the MCUBOOT_DIRECT_XIP_REVERT config option and an image trailer
+must also be added to the signed images (the "--pad" option of the `imgtool`
+script must be used). For more information on this please read the
+[Image Trailer](#image-trailer) section and the [imgtool](imgtool.md)
+documentation. Making the images permanent (marking them as confirmed in
+advance) is also supported just like in swap mode. The individual steps of the
+direct-xip mode's "revert" mechanism are the following:
1. Select the slot which holds the newest potential image.
2. Was the image previously selected to run (during a previous boot)?