Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with primary/secondary
slot and replaces FLASH_AREA_IMAGE_0/1 with
FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming convention may be more
understandable, fits better to MCUs with multiple images and it is an
architecture agnostic alternative as well.
Change-Id: I655a585f6ae023852c671ee6635399efe25209c9
Signed-off-by: David Vincze <david.vincze@arm.com>
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/boot/bootutil/include/bootutil/bootutil.h b/boot/bootutil/include/bootutil/bootutil.h
index 5f65866..b674823 100644
--- a/boot/bootutil/include/bootutil/bootutil.h
+++ b/boot/bootutil/include/bootutil/bootutil.h
@@ -26,13 +26,19 @@
extern "C" {
#endif
-/** Attempt to boot the contents of slot 0. */
+/** Attempt to boot the contents of the primary slot. */
#define BOOT_SWAP_TYPE_NONE 1
-/** Swap to slot 1. Absent a confirm command, revert back on next boot. */
+/**
+ * Swap to the secondary slot.
+ * Absent a confirm command, revert back on next boot.
+ */
#define BOOT_SWAP_TYPE_TEST 2
-/** Swap to slot 1, and permanently switch to booting its contents. */
+/**
+ * Swap to the secondary slot,
+ * and permanently switch to booting its contents.
+ */
#define BOOT_SWAP_TYPE_PERM 3
/** Swap back to alternate slot. A confirm changes this state to NONE. */
diff --git a/boot/bootutil/include/bootutil/caps.h b/boot/bootutil/include/bootutil/caps.h
index 6376683..dc4ba4a 100644
--- a/boot/bootutil/include/bootutil/caps.h
+++ b/boot/bootutil/include/bootutil/caps.h
@@ -32,14 +32,14 @@
*/
uint32_t bootutil_get_caps(void);
-#define BOOTUTIL_CAP_RSA2048 (1<<0)
-#define BOOTUTIL_CAP_ECDSA_P224 (1<<1)
-#define BOOTUTIL_CAP_ECDSA_P256 (1<<2)
-#define BOOTUTIL_CAP_SWAP_UPGRADE (1<<3)
-#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<4)
-#define BOOTUTIL_CAP_ENC_RSA (1<<5)
-#define BOOTUTIL_CAP_ENC_KW (1<<6)
-#define BOOTUTIL_CAP_VALIDATE_SLOT0 (1<<7)
+#define BOOTUTIL_CAP_RSA2048 (1<<0)
+#define BOOTUTIL_CAP_ECDSA_P224 (1<<1)
+#define BOOTUTIL_CAP_ECDSA_P256 (1<<2)
+#define BOOTUTIL_CAP_SWAP_UPGRADE (1<<3)
+#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<4)
+#define BOOTUTIL_CAP_ENC_RSA (1<<5)
+#define BOOTUTIL_CAP_ENC_KW (1<<6)
+#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<7)
#ifdef __cplusplus
}
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 47b41fd..514d669 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -51,11 +51,11 @@
const uint32_t BOOT_MAX_ALIGN = MAX_FLASH_ALIGN;
struct boot_swap_table {
- uint8_t magic_slot0;
- uint8_t magic_slot1;
- uint8_t image_ok_slot0;
- uint8_t image_ok_slot1;
- uint8_t copy_done_slot0;
+ uint8_t magic_primary_slot;
+ uint8_t magic_secondary_slot;
+ uint8_t image_ok_primary_slot;
+ uint8_t image_ok_secondary_slot;
+ uint8_t copy_done_primary_slot;
uint8_t swap_type;
};
@@ -64,36 +64,37 @@
* This set of tables maps image trailer contents to swap operation type.
* When searching for a match, these tables must be iterated sequentially.
*
- * NOTE: the table order is very important. The settings in Slot 1 always
- * are priority to Slot 0 and should be located earlier in the table.
+ * NOTE: the table order is very important. The settings in the secondary
+ * slot always are priority to the primary slot and should be located
+ * earlier in the table.
*
* The table lists only states where there is action needs to be taken by
* the bootloader, as in starting/finishing a swap operation.
*/
static const struct boot_swap_table boot_swap_tables[] = {
{
- .magic_slot0 = BOOT_MAGIC_ANY,
- .magic_slot1 = BOOT_MAGIC_GOOD,
- .image_ok_slot0 = BOOT_FLAG_ANY,
- .image_ok_slot1 = BOOT_FLAG_UNSET,
- .copy_done_slot0 = BOOT_FLAG_ANY,
- .swap_type = BOOT_SWAP_TYPE_TEST,
+ .magic_primary_slot = BOOT_MAGIC_ANY,
+ .magic_secondary_slot = BOOT_MAGIC_GOOD,
+ .image_ok_primary_slot = BOOT_FLAG_ANY,
+ .image_ok_secondary_slot = BOOT_FLAG_UNSET,
+ .copy_done_primary_slot = BOOT_FLAG_ANY,
+ .swap_type = BOOT_SWAP_TYPE_TEST,
},
{
- .magic_slot0 = BOOT_MAGIC_ANY,
- .magic_slot1 = BOOT_MAGIC_GOOD,
- .image_ok_slot0 = BOOT_FLAG_ANY,
- .image_ok_slot1 = BOOT_FLAG_SET,
- .copy_done_slot0 = BOOT_FLAG_ANY,
- .swap_type = BOOT_SWAP_TYPE_PERM,
+ .magic_primary_slot = BOOT_MAGIC_ANY,
+ .magic_secondary_slot = BOOT_MAGIC_GOOD,
+ .image_ok_primary_slot = BOOT_FLAG_ANY,
+ .image_ok_secondary_slot = BOOT_FLAG_SET,
+ .copy_done_primary_slot = BOOT_FLAG_ANY,
+ .swap_type = BOOT_SWAP_TYPE_PERM,
},
{
- .magic_slot0 = BOOT_MAGIC_GOOD,
- .magic_slot1 = BOOT_MAGIC_UNSET,
- .image_ok_slot0 = BOOT_FLAG_UNSET,
- .image_ok_slot1 = BOOT_FLAG_ANY,
- .copy_done_slot0 = BOOT_FLAG_SET,
- .swap_type = BOOT_SWAP_TYPE_REVERT,
+ .magic_primary_slot = BOOT_MAGIC_GOOD,
+ .magic_secondary_slot = BOOT_MAGIC_UNSET,
+ .image_ok_primary_slot = BOOT_FLAG_UNSET,
+ .image_ok_secondary_slot = BOOT_FLAG_ANY,
+ .copy_done_primary_slot = BOOT_FLAG_SET,
+ .swap_type = BOOT_SWAP_TYPE_REVERT,
},
};
@@ -157,8 +158,8 @@
boot_status_entries(const struct flash_area *fap)
{
switch (fap->fa_id) {
- case FLASH_AREA_IMAGE_0:
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_PRIMARY:
+ case FLASH_AREA_IMAGE_SECONDARY:
return BOOT_STATUS_STATE_COUNT * BOOT_STATUS_MAX_ENTRIES;
case FLASH_AREA_IMAGE_SCRATCH:
return BOOT_STATUS_STATE_COUNT;
@@ -262,7 +263,8 @@
}
off = boot_image_ok_off(fap);
- rc = flash_area_read_is_empty(fap, off, &state->image_ok, sizeof state->image_ok);
+ rc = flash_area_read_is_empty(fap, off, &state->image_ok,
+ sizeof state->image_ok);
if (rc < 0) {
return BOOT_EFLASH;
}
@@ -286,8 +288,8 @@
switch (flash_area_id) {
case FLASH_AREA_IMAGE_SCRATCH:
- case FLASH_AREA_IMAGE_0:
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_PRIMARY:
+ case FLASH_AREA_IMAGE_SECONDARY:
rc = flash_area_open(flash_area_id, &fap);
if (rc != 0) {
return BOOT_EFLASH;
@@ -312,13 +314,13 @@
/*
* In the middle a swap, tries to locate the saved swap size. Looks
- * for a valid magic, first on Slot 0, then on scratch. Both "slots"
- * can end up being temporary storage for a swap and it is assumed
- * that if magic is valid then swap size is too, because magic is
- * always written in the last step.
+ * for a valid magic, first on the primary slot, then on scratch.
+ * Both "slots" can end up being temporary storage for a swap and it
+ * is assumed that if magic is valid then swap size is too, because
+ * magic is always written in the last step.
*/
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -332,7 +334,7 @@
if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) != 0) {
/*
- * If Slot 0 's magic is not valid, try scratch...
+ * If the primary slot's magic is not valid, try scratch...
*/
flash_area_close(fap);
@@ -372,7 +374,7 @@
const struct flash_area *fap;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -386,7 +388,7 @@
if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) != 0) {
/*
- * If Slot 0 's magic is not valid, try scratch...
+ * If the primary slot's magic is not valid, try scratch...
*/
flash_area_close(fap);
@@ -528,17 +530,18 @@
boot_swap_type(void)
{
const struct boot_swap_table *table;
- struct boot_swap_state slot0;
- struct boot_swap_state slot1;
+ struct boot_swap_state primary_slot;
+ struct boot_swap_state secondary_slot;
int rc;
size_t i;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY, &primary_slot);
if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &slot1);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY,
+ &secondary_slot);
if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
@@ -546,16 +549,16 @@
for (i = 0; i < BOOT_SWAP_TABLES_COUNT; i++) {
table = boot_swap_tables + i;
- if ((table->magic_slot0 == BOOT_MAGIC_ANY ||
- table->magic_slot0 == slot0.magic) &&
- (table->magic_slot1 == BOOT_MAGIC_ANY ||
- table->magic_slot1 == slot1.magic) &&
- (table->image_ok_slot0 == BOOT_FLAG_ANY ||
- table->image_ok_slot0 == slot0.image_ok) &&
- (table->image_ok_slot1 == BOOT_FLAG_ANY ||
- table->image_ok_slot1 == slot1.image_ok) &&
- (table->copy_done_slot0 == BOOT_FLAG_ANY ||
- table->copy_done_slot0 == slot0.copy_done)) {
+ if ((table->magic_primary_slot == BOOT_MAGIC_ANY ||
+ table->magic_primary_slot == primary_slot.magic) &&
+ (table->magic_secondary_slot == BOOT_MAGIC_ANY ||
+ table->magic_secondary_slot == secondary_slot.magic) &&
+ (table->image_ok_primary_slot == BOOT_FLAG_ANY ||
+ table->image_ok_primary_slot == primary_slot.image_ok) &&
+ (table->image_ok_secondary_slot == BOOT_FLAG_ANY ||
+ table->image_ok_secondary_slot == secondary_slot.image_ok) &&
+ (table->copy_done_primary_slot == BOOT_FLAG_ANY ||
+ table->copy_done_primary_slot == primary_slot.copy_done)) {
BOOT_LOG_INF("Swap type: %s",
table->swap_type == BOOT_SWAP_TYPE_TEST ? "test" :
table->swap_type == BOOT_SWAP_TYPE_PERM ? "perm" :
@@ -573,8 +576,8 @@
}
/**
- * Marks the image in slot 1 as pending. On the next reboot, the system will
- * perform a one-time boot of the slot 1 image.
+ * Marks the image in the secondary slot as pending. On the next reboot,
+ * the system will perform a one-time boot of the the secondary slot image.
*
* @param permanent Whether the image should be used permanently or
* only tested once:
@@ -587,21 +590,22 @@
boot_set_pending(int permanent)
{
const struct flash_area *fap;
- struct boot_swap_state state_slot1;
+ struct boot_swap_state state_secondary_slot;
int rc;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &state_slot1);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY,
+ &state_secondary_slot);
if (rc != 0) {
return rc;
}
- switch (state_slot1.magic) {
+ switch (state_secondary_slot.magic) {
case BOOT_MAGIC_GOOD:
/* Swap already scheduled. */
return 0;
case BOOT_MAGIC_UNSET:
- rc = flash_area_open(FLASH_AREA_IMAGE_1, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY, &fap);
if (rc != 0) {
rc = BOOT_EFLASH;
} else {
@@ -619,7 +623,7 @@
/* The image slot is corrupt. There is no way to recover, so erase the
* slot to allow future upgrades.
*/
- rc = flash_area_open(FLASH_AREA_IMAGE_1, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -635,7 +639,9 @@
}
/**
- * Marks the image in slot 0 as confirmed. The system will continue booting into the image in slot 0 until told to boot from a different slot.
+ * Marks the image in the primary slot as confirmed. The system will continue
+ * booting into the image in the primary slot until told to boot from a
+ * different slot.
*
* @return 0 on success; nonzero on failure.
*/
@@ -643,15 +649,16 @@
boot_set_confirmed(void)
{
const struct flash_area *fap;
- struct boot_swap_state state_slot0;
+ struct boot_swap_state state_primary_slot;
int rc;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &state_slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
if (rc != 0) {
return rc;
}
- switch (state_slot0.magic) {
+ switch (state_primary_slot.magic) {
case BOOT_MAGIC_GOOD:
/* Confirm needed; proceed. */
break;
@@ -665,19 +672,19 @@
return BOOT_EBADVECT;
}
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc) {
rc = BOOT_EFLASH;
goto done;
}
- if (state_slot0.copy_done == BOOT_FLAG_UNSET) {
+ if (state_primary_slot.copy_done == BOOT_FLAG_UNSET) {
/* Swap never completed. This is unexpected. */
rc = BOOT_EBADVECT;
goto done;
}
- if (state_slot0.image_ok != BOOT_FLAG_UNSET) {
+ if (state_primary_slot.image_ok != BOOT_FLAG_UNSET) {
/* Already confirmed. */
goto done;
}
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index bc9c61f..b6bb792 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -129,18 +129,26 @@
#endif
/** Number of image slots in flash; currently limited to two. */
-#define BOOT_NUM_SLOTS 2
+#define BOOT_NUM_SLOTS 2
/** Maximum number of image sectors supported by the bootloader. */
-#define BOOT_STATUS_STATE_COUNT 3
-#define BOOT_STATUS_MAX_ENTRIES BOOT_MAX_IMG_SECTORS
+#define BOOT_STATUS_STATE_COUNT 3
+#define BOOT_STATUS_MAX_ENTRIES BOOT_MAX_IMG_SECTORS
-#define BOOT_STATUS_SOURCE_NONE 0
-#define BOOT_STATUS_SOURCE_SCRATCH 1
-#define BOOT_STATUS_SOURCE_SLOT0 2
+#define BOOT_PRIMARY_SLOT 0
+#define BOOT_SECONDARY_SLOT 1
-#define BOOT_FLAG_IMAGE_OK 0
-#define BOOT_FLAG_COPY_DONE 1
+#define BOOT_STATUS_SOURCE_NONE 0
+#define BOOT_STATUS_SOURCE_SCRATCH 1
+#define BOOT_STATUS_SOURCE_PRIMARY_SLOT 2
+
+#define BOOT_FLAG_IMAGE_OK 0
+#define BOOT_FLAG_COPY_DONE 1
+
+#if defined(MCUBOOT_MYNEWT)
+ #define FLASH_AREA_IMAGE_PRIMARY FLASH_AREA_IMAGE_0
+ #define FLASH_AREA_IMAGE_SECONDARY FLASH_AREA_IMAGE_1
+#endif
extern const uint32_t BOOT_MAGIC_SZ;
@@ -265,16 +273,19 @@
int rc;
switch (flash_area) {
- case FLASH_AREA_IMAGE_0:
- rc = flash_area_to_sectors(flash_area, &num_sectors, state->imgs[0].sectors);
- state->imgs[0].num_sectors = (size_t)num_sectors;
+ case FLASH_AREA_IMAGE_PRIMARY:
+ rc = flash_area_to_sectors(flash_area, &num_sectors,
+ state->imgs[BOOT_PRIMARY_SLOT].sectors);
+ state->imgs[BOOT_PRIMARY_SLOT].num_sectors = (size_t)num_sectors;
break;
- case FLASH_AREA_IMAGE_1:
- rc = flash_area_to_sectors(flash_area, &num_sectors, state->imgs[1].sectors);
- state->imgs[1].num_sectors = (size_t)num_sectors;
+ case FLASH_AREA_IMAGE_SECONDARY:
+ rc = flash_area_to_sectors(flash_area, &num_sectors,
+ state->imgs[BOOT_SECONDARY_SLOT].sectors);
+ state->imgs[BOOT_SECONDARY_SLOT].num_sectors = (size_t)num_sectors;
break;
case FLASH_AREA_IMAGE_SCRATCH:
- rc = flash_area_to_sectors(flash_area, &num_sectors, state->scratch.sectors);
+ rc = flash_area_to_sectors(flash_area, &num_sectors,
+ state->scratch.sectors);
state->scratch.num_sectors = (size_t)num_sectors;
break;
default:
@@ -310,15 +321,15 @@
int rc;
switch (flash_area) {
- case FLASH_AREA_IMAGE_0:
+ case FLASH_AREA_IMAGE_PRIMARY:
num_sectors = BOOT_MAX_IMG_SECTORS;
- out_sectors = state->imgs[0].sectors;
- out_num_sectors = &state->imgs[0].num_sectors;
+ out_sectors = state->imgs[BOOT_PRIMARY_SLOT].sectors;
+ out_num_sectors = &state->imgs[BOOT_PRIMARY_SLOT].num_sectors;
break;
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_SECONDARY:
num_sectors = BOOT_MAX_IMG_SECTORS;
- out_sectors = state->imgs[1].sectors;
- out_num_sectors = &state->imgs[1].num_sectors;
+ out_sectors = state->imgs[BOOT_SECONDARY_SLOT].sectors;
+ out_num_sectors = &state->imgs[BOOT_SECONDARY_SLOT].num_sectors;
break;
case FLASH_AREA_IMAGE_SCRATCH:
num_sectors = BOOT_MAX_IMG_SECTORS;
diff --git a/boot/bootutil/src/caps.c b/boot/bootutil/src/caps.c
index 85bd6fd..43e1bf6 100644
--- a/boot/bootutil/src/caps.c
+++ b/boot/bootutil/src/caps.c
@@ -41,8 +41,8 @@
#if defined(MCUBOOT_ENCRYPT_KW)
res |= BOOTUTIL_CAP_ENC_KW;
#endif
-#if defined(MCUBOOT_VALIDATE_SLOT0)
- res |= BOOTUTIL_CAP_VALIDATE_SLOT0;
+#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
+ res |= BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT;
#endif
return res;
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index fa502fe..14cbcd5 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -233,7 +233,7 @@
uint8_t enckey_type;
int rc;
- slot = fap->fa_id - FLASH_AREA_IMAGE_0;
+ slot = fap->fa_id - FLASH_AREA_IMAGE_PRIMARY;
/* Already loaded... */
if (enc_state[slot].valid) {
@@ -305,7 +305,7 @@
int
boot_enc_valid(const struct flash_area *fap)
{
- return enc_state[fap->fa_id - FLASH_AREA_IMAGE_0].valid;
+ return enc_state[fap->fa_id - FLASH_AREA_IMAGE_PRIMARY].valid;
}
void
@@ -325,7 +325,7 @@
nonce[14] = (uint8_t)(off >> 8);
nonce[15] = (uint8_t)off;
- enc = &enc_state[fap->fa_id - FLASH_AREA_IMAGE_0];
+ enc = &enc_state[fap->fa_id - FLASH_AREA_IMAGE_PRIMARY];
assert(enc->valid == 1);
for (i = 0; i < sz; i++) {
if (i == 0 || blk_off == 0) {
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index de2aa0e..9a5fe57 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -70,8 +70,10 @@
}
#ifdef MCUBOOT_ENC_IMAGES
- /* Encrypted images only exist in slot1 */
- if (fap->fa_id == FLASH_AREA_IMAGE_1 && IS_ENCRYPTED(hdr) && !boot_enc_valid(fap)) {
+ /* Encrypted images only exist in the secondary slot */
+ if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY &&
+ IS_ENCRYPTED(hdr) &&
+ !boot_enc_valid(fap)) {
return -1;
}
#endif
@@ -101,7 +103,9 @@
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
- if (fap->fa_id == FLASH_AREA_IMAGE_1 && IS_ENCRYPTED(hdr) && off >= hdr_size) {
+ if (fap->fa_id == FLASH_AREA_IMAGE_SECONDARY &&
+ IS_ENCRYPTED(hdr) &&
+ off >= hdr_size) {
blk_off = (off - hdr_size) & 0xf;
boot_encrypt(fap, off - hdr_size, blk_sz, blk_off, tmp_buf);
}
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index af54b87..ac26bd2 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -44,7 +44,7 @@
static struct boot_loader_state boot_data;
-#if defined(MCUBOOT_VALIDATE_SLOT0) && !defined(MCUBOOT_OVERWRITE_ONLY)
+#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT) && !defined(MCUBOOT_OVERWRITE_ONLY)
static int boot_status_fails = 0;
#define BOOT_STATUS_ASSERT(x) \
do { \
@@ -57,9 +57,9 @@
#endif
struct boot_status_table {
- uint8_t bst_magic_slot0;
+ uint8_t bst_magic_primary_slot;
uint8_t bst_magic_scratch;
- uint8_t bst_copy_done_slot0;
+ uint8_t bst_copy_done_primary_slot;
uint8_t bst_status_source;
};
@@ -69,66 +69,66 @@
*/
static const struct boot_status_table boot_status_tables[] = {
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Good | Any |
- * copy-done | Set | N/A |
- * ----------+------------+------------'
- * source: none |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Good | Any |
+ * copy-done | Set | N/A |
+ * ----------+--------------+--------------'
+ * source: none |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_GOOD,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_SET,
- .bst_status_source = BOOT_STATUS_SOURCE_NONE,
+ .bst_magic_primary_slot = BOOT_MAGIC_GOOD,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_SET,
+ .bst_status_source = BOOT_STATUS_SOURCE_NONE,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Good | Any |
- * copy-done | Unset | N/A |
- * ----------+------------+------------'
- * source: slot 0 |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Good | Any |
+ * copy-done | Unset | N/A |
+ * ----------+--------------+--------------'
+ * source: primary slot |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_GOOD,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_UNSET,
- .bst_status_source = BOOT_STATUS_SOURCE_SLOT0,
+ .bst_magic_primary_slot = BOOT_MAGIC_GOOD,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
+ .bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Any | Good |
- * copy-done | Any | N/A |
- * ----------+------------+------------'
- * source: scratch |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Any | Good |
+ * copy-done | Any | N/A |
+ * ----------+--------------+--------------'
+ * source: scratch |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_ANY,
- .bst_magic_scratch = BOOT_MAGIC_GOOD,
- .bst_copy_done_slot0 = BOOT_FLAG_ANY,
- .bst_status_source = BOOT_STATUS_SOURCE_SCRATCH,
+ .bst_magic_primary_slot = BOOT_MAGIC_ANY,
+ .bst_magic_scratch = BOOT_MAGIC_GOOD,
+ .bst_copy_done_primary_slot = BOOT_FLAG_ANY,
+ .bst_status_source = BOOT_STATUS_SOURCE_SCRATCH,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Unset | Any |
- * copy-done | Unset | N/A |
- * ----------+------------+------------|
- * source: varies |
- * ------------------------------------+------------------------------+
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Unset | Any |
+ * copy-done | Unset | N/A |
+ * ----------+--------------+--------------|
+ * source: varies |
+ * ----------------------------------------+--------------------------+
* This represents one of two cases: |
* o No swaps ever (no status to read, so no harm in checking). |
- * o Mid-revert; status in slot 0. |
+ * o Mid-revert; status in primary slot. |
* -------------------------------------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_UNSET,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_UNSET,
- .bst_status_source = BOOT_STATUS_SOURCE_SLOT0,
+ .bst_magic_primary_slot = BOOT_MAGIC_UNSET,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
+ .bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
};
@@ -145,46 +145,49 @@
(state)->image_ok)
/**
- * Determines where in flash the most recent boot status is stored. The boot
+ * Determines where in flash the most recent boot status is stored. The boot
* status is necessary for completing a swap that was interrupted by a boot
* loader reset.
*
- * @return A BOOT_STATUS_SOURCE_[...] code indicating where * status should be read from.
+ * @return A BOOT_STATUS_SOURCE_[...] code indicating where status should
+ * be read from.
*/
static int
boot_status_source(void)
{
const struct boot_status_table *table;
struct boot_swap_state state_scratch;
- struct boot_swap_state state_slot0;
+ struct boot_swap_state state_primary_slot;
int rc;
size_t i;
uint8_t source;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &state_slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
assert(rc == 0);
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SCRATCH, &state_scratch);
assert(rc == 0);
- BOOT_LOG_SWAP_STATE("Image 0", &state_slot0);
+ BOOT_LOG_SWAP_STATE("Primary image", &state_primary_slot);
BOOT_LOG_SWAP_STATE("Scratch", &state_scratch);
for (i = 0; i < BOOT_STATUS_TABLES_COUNT; i++) {
table = &boot_status_tables[i];
- if ((table->bst_magic_slot0 == BOOT_MAGIC_ANY ||
- table->bst_magic_slot0 == state_slot0.magic) &&
- (table->bst_magic_scratch == BOOT_MAGIC_ANY ||
- table->bst_magic_scratch == state_scratch.magic) &&
- (table->bst_copy_done_slot0 == BOOT_FLAG_ANY ||
- table->bst_copy_done_slot0 == state_slot0.copy_done)) {
+ if ((table->bst_magic_primary_slot == BOOT_MAGIC_ANY ||
+ table->bst_magic_primary_slot == state_primary_slot.magic) &&
+ (table->bst_magic_scratch == BOOT_MAGIC_ANY ||
+ table->bst_magic_scratch == state_scratch.magic) &&
+ (table->bst_copy_done_primary_slot == BOOT_FLAG_ANY ||
+ table->bst_copy_done_primary_slot == state_primary_slot.copy_done))
+ {
source = table->bst_status_source;
BOOT_LOG_INF("Boot source: %s",
source == BOOT_STATUS_SOURCE_NONE ? "none" :
source == BOOT_STATUS_SOURCE_SCRATCH ? "scratch" :
- source == BOOT_STATUS_SOURCE_SLOT0 ? "slot 0" :
- "BUG; can't happen");
+ source == BOOT_STATUS_SOURCE_PRIMARY_SLOT ?
+ "primary slot" : "BUG; can't happen");
return source;
}
}
@@ -317,7 +320,7 @@
* on what the minimum write size is for scratch area, active image slot.
* We need to use the bigger of those 2 values.
*/
- elem_sz = flash_area_align(boot_data.imgs[0].area);
+ elem_sz = flash_area_align(boot_data.imgs[BOOT_PRIMARY_SLOT].area);
align = flash_area_align(boot_data.scratch.area);
if (align > elem_sz) {
elem_sz = align;
@@ -335,17 +338,20 @@
static int
boot_slots_compatible(void)
{
- size_t num_sectors_0;
- size_t num_sectors_1;
+ size_t num_sectors_primary;
+ size_t num_sectors_secondary;
size_t sz0, sz1;
- size_t slot0_sz, slot1_sz;
+ size_t primary_slot_sz, secondary_slot_sz;
size_t scratch_sz;
size_t i, j;
int8_t smaller;
- num_sectors_0 = boot_img_num_sectors(&boot_data, 0);
- num_sectors_1 = boot_img_num_sectors(&boot_data, 1);
- if (num_sectors_0 > BOOT_MAX_IMG_SECTORS || num_sectors_1 > BOOT_MAX_IMG_SECTORS) {
+ num_sectors_primary =
+ boot_img_num_sectors(&boot_data, BOOT_PRIMARY_SLOT);
+ num_sectors_secondary =
+ boot_img_num_sectors(&boot_data, BOOT_SECONDARY_SLOT);
+ if ((num_sectors_primary > BOOT_MAX_IMG_SECTORS) ||
+ (num_sectors_secondary > BOOT_MAX_IMG_SECTORS)) {
BOOT_LOG_WRN("Cannot upgrade: more sectors than allowed");
return 0;
}
@@ -359,18 +365,20 @@
* number of a slot's sectors are able to fit into another, which only
* excludes cases where sector sizes are not a multiple of each other.
*/
- i = sz0 = slot0_sz = 0;
- j = sz1 = slot1_sz = 0;
+ i = sz0 = primary_slot_sz = 0;
+ j = sz1 = secondary_slot_sz = 0;
smaller = 0;
- while (i < num_sectors_0 || j < num_sectors_1) {
+ while (i < num_sectors_primary || j < num_sectors_secondary) {
if (sz0 == sz1) {
- sz0 += boot_img_sector_size(&boot_data, 0, i);
- sz1 += boot_img_sector_size(&boot_data, 1, j);
+ sz0 += boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, i);
+ sz1 += boot_img_sector_size(&boot_data, BOOT_SECONDARY_SLOT, j);
i++;
j++;
} else if (sz0 < sz1) {
- sz0 += boot_img_sector_size(&boot_data, 0, i);
- /* guarantee that multiple sectors of slot1 fit into slot0 */
+ sz0 += boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, i);
+ /* Guarantee that multiple sectors of the secondary slot
+ * fit into the primary slot.
+ */
if (smaller == 2) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
@@ -378,8 +386,10 @@
smaller = 1;
i++;
} else {
- sz1 += boot_img_sector_size(&boot_data, 1, j);
- /* guarantee that multiple sectors of slot0 fit into slot1 */
+ sz1 += boot_img_sector_size(&boot_data, BOOT_SECONDARY_SLOT, j);
+ /* Guarantee that multiple sectors of the primary slot
+ * fit into the secondary slot.
+ */
if (smaller == 1) {
BOOT_LOG_WRN("Cannot upgrade: slots have non-compatible sectors");
return 0;
@@ -388,10 +398,10 @@
j++;
}
if (sz0 == sz1) {
- slot0_sz += sz0;
- slot1_sz += sz1;
- /* scratch has to fit each swap operation to the size of the larger
- * sector among slot0 and slot1
+ primary_slot_sz += sz0;
+ secondary_slot_sz += sz1;
+ /* Scratch has to fit each swap operation to the size of the larger
+ * sector among the primary slot and the secondary slot.
*/
if (sz0 > scratch_sz || sz1 > scratch_sz) {
BOOT_LOG_WRN("Cannot upgrade: not all sectors fit inside scratch");
@@ -401,7 +411,9 @@
}
}
- if (i != num_sectors_0 || j != num_sectors_1 || slot0_sz != slot1_sz) {
+ if ((i != num_sectors_primary) ||
+ (j != num_sectors_secondary) ||
+ (primary_slot_sz != secondary_slot_sz)) {
BOOT_LOG_WRN("Cannot upgrade: slots are not compatible");
return 0;
}
@@ -420,12 +432,12 @@
{
int rc;
- rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_0);
+ rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_PRIMARY);
if (rc != 0) {
return BOOT_EFLASH;
}
- rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_1);
+ rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_SECONDARY);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -499,9 +511,9 @@
*/
BOOT_LOG_ERR("Detected inconsistent status!");
-#if !defined(MCUBOOT_VALIDATE_SLOT0)
- /* With validation of slot0 disabled, there is no way to be sure the
- * swapped slot0 is OK, so abort!
+#if !defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
+ /* With validation of the primary slot disabled, there is no way
+ * to be sure the swapped primary slot is OK, so abort!
*/
assert(0);
#endif
@@ -551,8 +563,8 @@
area_id = FLASH_AREA_IMAGE_SCRATCH;
break;
- case BOOT_STATUS_SOURCE_SLOT0:
- area_id = FLASH_AREA_IMAGE_0;
+ case BOOT_STATUS_SOURCE_PRIMARY_SLOT:
+ area_id = FLASH_AREA_IMAGE_PRIMARY;
break;
default:
@@ -592,16 +604,17 @@
uint8_t erased_val;
/* NOTE: The first sector copied (that is the last sector on slot) contains
- * the trailer. Since in the last step SLOT 0 is erased, the first
- * two status writes go to the scratch which will be copied to SLOT 0!
+ * the trailer. Since in the last step the primary slot is erased, the
+ * first two status writes go to the scratch which will be copied to
+ * the primary slot!
*/
if (bs->use_scratch) {
/* Write to scratch. */
area_id = FLASH_AREA_IMAGE_SCRATCH;
} else {
- /* Write to slot 0. */
- area_id = FLASH_AREA_IMAGE_0;
+ /* Write to the primary slot. */
+ area_id = FLASH_AREA_IMAGE_PRIMARY;
}
rc = flash_area_open(area_id, &fap);
@@ -645,7 +658,7 @@
(void)bs;
(void)rc;
#else
- if (fap->fa_id == FLASH_AREA_IMAGE_1 && IS_ENCRYPTED(hdr)) {
+ if ((fap->fa_id == FLASH_AREA_IMAGE_SECONDARY) && IS_ENCRYPTED(hdr)) {
rc = boot_enc_load(hdr, fap, bs->enckey[1]);
if (rc < 0) {
return BOOT_EBADIMAGE;
@@ -746,24 +759,25 @@
hdr = boot_img_hdr(&boot_data, slot);
if (boot_check_header_erased(slot) == 0 || (hdr->ih_flags & IMAGE_F_NON_BOOTABLE)) {
- /* No bootable image in slot; continue booting from slot 0. */
+ /* No bootable image in slot; continue booting from the primary slot. */
rc = -1;
goto out;
}
if ((hdr->ih_magic != IMAGE_MAGIC || boot_image_check(hdr, fap, bs) != 0)) {
- if (slot != 0) {
+ if (slot != BOOT_PRIMARY_SLOT) {
flash_area_erase(fap, 0, fap->fa_size);
- /* Image in slot 1 is invalid. Erase the image and
- * continue booting from slot 0.
+ /* Image in the secondary slot is invalid. Erase the image and
+ * continue booting from the primary slot.
*/
}
- BOOT_LOG_ERR("Image in slot %d is not valid!", slot);
+ BOOT_LOG_ERR("Image in the %s slot is not valid!",
+ (slot == BOOT_PRIMARY_SLOT) ? "primary" : "secondary");
rc = -1;
goto out;
}
- /* Image in slot 1 is valid. */
+ /* Image in the secondary slot is valid. */
rc = 0;
out:
@@ -773,9 +787,9 @@
/**
* Determines which swap operation to perform, if any. If it is determined
- * that a swap operation is required, the image in the second slot is checked
- * for validity. If the image in the second slot is invalid, it is erased, and
- * a swap type of "none" is indicated.
+ * that a swap operation is required, the image in the secondary slot is checked
+ * for validity. If the image in the secondary slot is invalid, it is erased,
+ * and a swap type of "none" is indicated.
*
* @return The type of swap to perform (BOOT_SWAP_TYPE...)
*/
@@ -789,8 +803,10 @@
case BOOT_SWAP_TYPE_TEST:
case BOOT_SWAP_TYPE_PERM:
case BOOT_SWAP_TYPE_REVERT:
- /* Boot loader wants to switch to slot 1. Ensure image is valid. */
- if (boot_validate_slot(1, bs) != 0) {
+ /* Boot loader wants to switch to the secondary slot.
+ * Ensure image is valid.
+ */
+ if (boot_validate_slot(BOOT_SECONDARY_SLOT, bs) != 0) {
swap_type = BOOT_SWAP_TYPE_FAIL;
}
}
@@ -824,11 +840,11 @@
scratch_sz = boot_scratch_area_size(&boot_data);
for (i = last_sector_idx; i >= 0; i--) {
- new_sz = sz + boot_img_sector_size(&boot_data, 0, i);
+ new_sz = sz + boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, i);
/*
- * slot1 is not being checked here, because `boot_slots_compatible`
- * already provides assurance that the copy size will be compatible
- * with slot0 and scratch.
+ * The secondary slot is not being checked here, because
+ * `boot_slots_compatible` already provides assurance that the copy size
+ * will be compatible with the primary slot and scratch.
*/
if (new_sz > scratch_sz) {
break;
@@ -906,14 +922,14 @@
}
#ifdef MCUBOOT_ENC_IMAGES
- if (fap_src->fa_id == FLASH_AREA_IMAGE_1 ||
- fap_dst->fa_id == FLASH_AREA_IMAGE_1) {
- /* assume slot1 as src, needs decryption */
- hdr = boot_img_hdr(&boot_data, 1);
+ if ((fap_src->fa_id == FLASH_AREA_IMAGE_SECONDARY) ||
+ (fap_dst->fa_id == FLASH_AREA_IMAGE_SECONDARY)) {
+ /* assume the secondary slot as src, needs decryption */
+ hdr = boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT);
off = off_src;
- if (fap_dst->fa_id == FLASH_AREA_IMAGE_1) {
- /* might need encryption (metadata from slot0) */
- hdr = boot_img_hdr(&boot_data, 0);
+ if (fap_dst->fa_id == FLASH_AREA_IMAGE_SECONDARY) {
+ /* might need encryption (metadata from the primary slot) */
+ hdr = boot_img_hdr(&boot_data, BOOT_PRIMARY_SLOT);
off = off_dst;
}
if (IS_ENCRYPTED(hdr)) {
@@ -959,7 +975,7 @@
struct boot_swap_state swap_state;
int rc;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &swap_state);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY, &swap_state);
assert(rc == 0);
if (swap_state.image_ok == BOOT_FLAG_SET) {
@@ -998,11 +1014,11 @@
int rc;
switch (fap->fa_id) {
- case FLASH_AREA_IMAGE_0:
- slot = 0;
+ case FLASH_AREA_IMAGE_PRIMARY:
+ slot = BOOT_PRIMARY_SLOT;
break;
- case FLASH_AREA_IMAGE_1:
- slot = 1;
+ case FLASH_AREA_IMAGE_SECONDARY:
+ slot = BOOT_SECONDARY_SLOT;
break;
default:
return BOOT_EFLASH;
@@ -1041,8 +1057,8 @@
static void
boot_swap_sectors(int idx, uint32_t sz, struct boot_status *bs)
{
- const struct flash_area *fap_slot0;
- const struct flash_area *fap_slot1;
+ const struct flash_area *fap_primary_slot;
+ const struct flash_area *fap_secondary_slot;
const struct flash_area *fap_scratch;
uint32_t copy_sz;
uint32_t trailer_sz;
@@ -1053,7 +1069,7 @@
int rc;
/* Calculate offset from start of image area. */
- img_off = boot_img_sector_off(&boot_data, 0, idx);
+ img_off = boot_img_sector_off(&boot_data, BOOT_PRIMARY_SLOT, idx);
copy_sz = sz;
trailer_sz = boot_slots_trailer_sz(BOOT_WRITE_SZ(&boot_data));
@@ -1067,17 +1083,18 @@
* NOTE: `use_scratch` is a temporary flag (never written to flash) which
* controls if special handling is needed (swapping last sector).
*/
- last_sector = boot_img_num_sectors(&boot_data, 0) - 1;
- if (img_off + sz > boot_img_sector_off(&boot_data, 0, last_sector)) {
+ last_sector = boot_img_num_sectors(&boot_data, BOOT_PRIMARY_SLOT) - 1;
+ if (img_off + sz > boot_img_sector_off(&boot_data, BOOT_PRIMARY_SLOT,
+ last_sector)) {
copy_sz -= trailer_sz;
}
bs->use_scratch = (bs->idx == BOOT_STATUS_IDX_0 && copy_sz != sz);
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap_slot0);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap_primary_slot);
assert (rc == 0);
- rc = flash_area_open(FLASH_AREA_IMAGE_1, &fap_slot1);
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY, &fap_secondary_slot);
assert (rc == 0);
rc = flash_area_open(FLASH_AREA_IMAGE_SCRATCH, &fap_scratch);
@@ -1087,7 +1104,8 @@
rc = boot_erase_sector(fap_scratch, 0, sz);
assert(rc == 0);
- rc = boot_copy_sector(fap_slot1, fap_scratch, img_off, 0, copy_sz);
+ rc = boot_copy_sector(fap_secondary_slot, fap_scratch,
+ img_off, 0, copy_sz);
assert(rc == 0);
if (bs->idx == BOOT_STATUS_IDX_0) {
@@ -1098,10 +1116,10 @@
* last sector is not being used by the image data so it's
* safe to erase.
*/
- rc = boot_erase_trailer_sectors(fap_slot0);
+ rc = boot_erase_trailer_sectors(fap_primary_slot);
assert(rc == 0);
- boot_status_init(fap_slot0, bs);
+ boot_status_init(fap_primary_slot, bs);
}
}
@@ -1111,17 +1129,18 @@
}
if (bs->state == BOOT_STATUS_STATE_1) {
- rc = boot_erase_sector(fap_slot1, img_off, sz);
+ rc = boot_erase_sector(fap_secondary_slot, img_off, sz);
assert(rc == 0);
- rc = boot_copy_sector(fap_slot0, fap_slot1, img_off, img_off, copy_sz);
+ rc = boot_copy_sector(fap_primary_slot, fap_secondary_slot,
+ img_off, img_off, copy_sz);
assert(rc == 0);
if (bs->idx == BOOT_STATUS_IDX_0 && !bs->use_scratch) {
/* If not all sectors of the slot are being swapped,
- * guarantee here that only slot0 will have the state.
+ * guarantee here that only the primary slot will have the state.
*/
- rc = boot_erase_trailer_sectors(fap_slot1);
+ rc = boot_erase_trailer_sectors(fap_secondary_slot);
assert(rc == 0);
}
@@ -1131,19 +1150,20 @@
}
if (bs->state == BOOT_STATUS_STATE_2) {
- rc = boot_erase_sector(fap_slot0, img_off, sz);
+ rc = boot_erase_sector(fap_primary_slot, img_off, sz);
assert(rc == 0);
/* NOTE: also copy trailer from scratch (has status info) */
- rc = boot_copy_sector(fap_scratch, fap_slot0, 0, img_off, copy_sz);
+ rc = boot_copy_sector(fap_scratch, fap_primary_slot,
+ 0, img_off, copy_sz);
assert(rc == 0);
if (bs->use_scratch) {
scratch_trailer_off = boot_status_off(fap_scratch);
/* copy current status that is being maintained in scratch */
- rc = boot_copy_sector(fap_scratch, fap_slot0, scratch_trailer_off,
- img_off + copy_sz,
+ rc = boot_copy_sector(fap_scratch, fap_primary_slot,
+ scratch_trailer_off, img_off + copy_sz,
BOOT_STATUS_STATE_COUNT * BOOT_WRITE_SZ(&boot_data));
BOOT_STATUS_ASSERT(rc == 0);
@@ -1152,22 +1172,22 @@
assert(rc == 0);
if (swap_state.image_ok == BOOT_FLAG_SET) {
- rc = boot_write_image_ok(fap_slot0);
+ rc = boot_write_image_ok(fap_primary_slot);
assert(rc == 0);
}
- rc = boot_write_swap_size(fap_slot0, bs->swap_size);
+ rc = boot_write_swap_size(fap_primary_slot, bs->swap_size);
assert(rc == 0);
#ifdef MCUBOOT_ENC_IMAGES
- rc = boot_write_enc_key(fap_slot0, 0, bs->enckey[0]);
+ rc = boot_write_enc_key(fap_primary_slot, 0, bs->enckey[0]);
assert(rc == 0);
- rc = boot_write_enc_key(fap_slot0, 1, bs->enckey[1]);
+ rc = boot_write_enc_key(fap_primary_slot, 1, bs->enckey[1]);
assert(rc == 0);
#endif
- rc = boot_write_magic(fap_slot0);
+ rc = boot_write_magic(fap_primary_slot);
assert(rc == 0);
}
@@ -1178,16 +1198,16 @@
BOOT_STATUS_ASSERT(rc == 0);
}
- flash_area_close(fap_slot0);
- flash_area_close(fap_slot1);
+ flash_area_close(fap_primary_slot);
+ flash_area_close(fap_secondary_slot);
flash_area_close(fap_scratch);
}
#endif /* !MCUBOOT_OVERWRITE_ONLY */
/**
- * Overwrite slot 0 with the image contained in slot 1. If a prior copy
- * operation was interrupted by a system reset, this function redos the
- * copy.
+ * Overwrite primary slot with the image contained in the secondary slot.
+ * If a prior copy operation was interrupted by a system reset, this function
+ * redos the copy.
*
* @param bs The current boot status. This function reads
* this struct to determine if it is resuming
@@ -1207,30 +1227,33 @@
size_t size;
size_t this_size;
size_t last_sector;
- const struct flash_area *fap_slot0;
- const struct flash_area *fap_slot1;
+ const struct flash_area *fap_primary_slot;
+ const struct flash_area *fap_secondary_slot;
+
(void)bs;
#if defined(MCUBOOT_OVERWRITE_ONLY_FAST)
uint32_t src_size = 0;
- rc = boot_read_image_size(1, boot_img_hdr(&boot_data, 1), &src_size);
+ rc = boot_read_image_size(BOOT_SECONDARY_SLOT,
+ boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT),
+ &src_size);
assert(rc == 0);
#endif
- BOOT_LOG_INF("Image upgrade slot1 -> slot0");
- BOOT_LOG_INF("Erasing slot0");
+ BOOT_LOG_INF("Image upgrade secondary slot -> primary slot");
+ BOOT_LOG_INF("Erasing the primary slot");
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap_slot0);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap_primary_slot);
assert (rc == 0);
- rc = flash_area_open(FLASH_AREA_IMAGE_1, &fap_slot1);
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY, &fap_secondary_slot);
assert (rc == 0);
- sect_count = boot_img_num_sectors(&boot_data, 0);
+ sect_count = boot_img_num_sectors(&boot_data, BOOT_PRIMARY_SLOT);
for (sect = 0, size = 0; sect < sect_count; sect++) {
- this_size = boot_img_sector_size(&boot_data, 0, sect);
- rc = boot_erase_sector(fap_slot0, size, this_size);
+ this_size = boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, sect);
+ rc = boot_erase_sector(fap_primary_slot, size, this_size);
assert(rc == 0);
size += this_size;
@@ -1243,8 +1266,11 @@
}
#ifdef MCUBOOT_ENC_IMAGES
- if (IS_ENCRYPTED(boot_img_hdr(&boot_data, 1))) {
- rc = boot_enc_load(boot_img_hdr(&boot_data, 1), fap_slot1, bs->enckey[1]);
+ if (IS_ENCRYPTED(boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT))) {
+ rc = boot_enc_load(boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT),
+ fap_secondary_slot,
+ bs->enckey[1]);
+
if (rc < 0) {
return BOOT_EBADIMAGE;
}
@@ -1254,28 +1280,33 @@
}
#endif
- BOOT_LOG_INF("Copying slot 1 to slot 0: 0x%zx bytes", size);
- rc = boot_copy_sector(fap_slot1, fap_slot0, 0, 0, size);
+ BOOT_LOG_INF("Copying the secondary slot to the primary slot: 0x%zx bytes",
+ size);
+ rc = boot_copy_sector(fap_secondary_slot, fap_primary_slot, 0, 0, size);
/*
* Erases header and trailer. The trailer is erased because when a new
* image is written without a trailer as is the case when using newt, the
* trailer that was left might trigger a new upgrade.
*/
- rc = boot_erase_sector(fap_slot1,
- boot_img_sector_off(&boot_data, 1, 0),
- boot_img_sector_size(&boot_data, 1, 0));
+ rc = boot_erase_sector(fap_secondary_slot,
+ boot_img_sector_off(&boot_data,
+ BOOT_SECONDARY_SLOT, 0),
+ boot_img_sector_size(&boot_data,
+ BOOT_SECONDARY_SLOT, 0));
assert(rc == 0);
- last_sector = boot_img_num_sectors(&boot_data, 1) - 1;
- rc = boot_erase_sector(fap_slot1,
- boot_img_sector_off(&boot_data, 1, last_sector),
- boot_img_sector_size(&boot_data, 1, last_sector));
+ last_sector = boot_img_num_sectors(&boot_data, BOOT_SECONDARY_SLOT) - 1;
+ rc = boot_erase_sector(fap_secondary_slot,
+ boot_img_sector_off(&boot_data,
+ BOOT_SECONDARY_SLOT, last_sector),
+ boot_img_sector_size(&boot_data,
+ BOOT_SECONDARY_SLOT, last_sector));
assert(rc == 0);
- flash_area_close(fap_slot0);
- flash_area_close(fap_slot1);
+ flash_area_close(fap_primary_slot);
+ flash_area_close(fap_secondary_slot);
- /* TODO: Perhaps verify slot 0's signature again? */
+ /* TODO: Perhaps verify the primary slot's signature again? */
return 0;
}
@@ -1300,7 +1331,7 @@
uint32_t sz;
int first_sector_idx;
int last_sector_idx;
- int last_idx_slot1;
+ int last_idx_secondary_slot;
uint32_t swap_idx;
struct image_header *hdr;
#ifdef MCUBOOT_ENC_IMAGES
@@ -1310,8 +1341,8 @@
#endif
uint32_t size;
uint32_t copy_size;
- uint32_t slot0_size;
- uint32_t slot1_size;
+ uint32_t primary_slot_size;
+ uint32_t secondary_slot_size;
int rc;
/* FIXME: just do this if asked by user? */
@@ -1323,15 +1354,15 @@
* No swap ever happened, so need to find the largest image which
* will be used to determine the amount of sectors to swap.
*/
- hdr = boot_img_hdr(&boot_data, 0);
+ hdr = boot_img_hdr(&boot_data, BOOT_PRIMARY_SLOT);
if (hdr->ih_magic == IMAGE_MAGIC) {
- rc = boot_read_image_size(0, hdr, ©_size);
+ rc = boot_read_image_size(BOOT_PRIMARY_SLOT, hdr, ©_size);
assert(rc == 0);
}
#ifdef MCUBOOT_ENC_IMAGES
if (IS_ENCRYPTED(hdr)) {
- fap = BOOT_IMG_AREA(&boot_data, 0);
+ fap = BOOT_IMG_AREA(&boot_data, BOOT_PRIMARY_SLOT);
rc = boot_enc_load(hdr, fap, bs->enckey[0]);
assert(rc >= 0);
@@ -1346,16 +1377,16 @@
}
#endif
- hdr = boot_img_hdr(&boot_data, 1);
+ hdr = boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT);
if (hdr->ih_magic == IMAGE_MAGIC) {
- rc = boot_read_image_size(1, hdr, &size);
+ rc = boot_read_image_size(BOOT_SECONDARY_SLOT, hdr, &size);
assert(rc == 0);
}
#ifdef MCUBOOT_ENC_IMAGES
- hdr = boot_img_hdr(&boot_data, 1);
+ hdr = boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT);
if (IS_ENCRYPTED(hdr)) {
- fap = BOOT_IMG_AREA(&boot_data, 1);
+ fap = BOOT_IMG_AREA(&boot_data, BOOT_SECONDARY_SLOT);
rc = boot_enc_load(hdr, fap, bs->enckey[1]);
assert(rc >= 0);
@@ -1404,31 +1435,37 @@
#endif
}
- slot0_size = 0;
- slot1_size = 0;
+ primary_slot_size = 0;
+ secondary_slot_size = 0;
last_sector_idx = 0;
- last_idx_slot1 = 0;
+ last_idx_secondary_slot = 0;
/*
* Knowing the size of the largest image between both slots, here we
- * find what is the last sector in slot0 that needs swapping. Since we
- * already know that both slots are compatible, slot1's last sector is
- * not really required after this check is finished.
+ * find what is the last sector in the primary slot that needs swapping.
+ * Since we already know that both slots are compatible, the secondary
+ * slot's last sector is not really required after this check is finished.
*/
while (1) {
- if (slot0_size < copy_size || slot0_size < slot1_size) {
- slot0_size += boot_img_sector_size(&boot_data, 0, last_sector_idx);
+ if ((primary_slot_size < copy_size) ||
+ (primary_slot_size < secondary_slot_size)) {
+ primary_slot_size += boot_img_sector_size(&boot_data,
+ BOOT_PRIMARY_SLOT,
+ last_sector_idx);
}
- if (slot1_size < copy_size || slot1_size < slot0_size) {
- slot1_size += boot_img_sector_size(&boot_data, 1, last_idx_slot1);
+ if ((secondary_slot_size < copy_size) ||
+ (secondary_slot_size < primary_slot_size)) {
+ secondary_slot_size += boot_img_sector_size(&boot_data,
+ BOOT_SECONDARY_SLOT,
+ last_idx_secondary_slot);
}
- if (slot0_size >= copy_size &&
- slot1_size >= copy_size &&
- slot0_size == slot1_size) {
+ if (primary_slot_size >= copy_size &&
+ secondary_slot_size >= copy_size &&
+ primary_slot_size == secondary_slot_size) {
break;
}
last_sector_idx++;
- last_idx_slot1++;
+ last_idx_secondary_slot++;
}
swap_idx = 0;
@@ -1442,7 +1479,7 @@
swap_idx++;
}
-#ifdef MCUBOOT_VALIDATE_SLOT0
+#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
if (boot_status_fails > 0) {
BOOT_LOG_WRN("%d status write fails performing the swap", boot_status_fails);
}
@@ -1453,7 +1490,7 @@
#endif
/**
- * Marks the image in slot 0 as fully copied.
+ * Marks the image in the primary slot as fully copied.
*/
#ifndef MCUBOOT_OVERWRITE_ONLY
static int
@@ -1462,7 +1499,7 @@
const struct flash_area *fap;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -1474,13 +1511,13 @@
#endif /* !MCUBOOT_OVERWRITE_ONLY */
/**
- * Marks a reverted image in slot 0 as confirmed. This is necessary to ensure
- * the status bytes from the image revert operation don't get processed on a
- * subsequent boot.
+ * Marks a reverted image in the primary slot as confirmed. This is necessary to
+ * ensure the status bytes from the image revert operation don't get processed
+ * on a subsequent boot.
*
* NOTE: image_ok is tested before writing because if there's a valid permanent
- * image installed on slot0 and the new image to be upgrade to has a bad sig,
- * image_ok would be overwritten.
+ * image installed on the primary slot and the new image to be upgrade to has a
+ * bad sig, image_ok would be overwritten.
*/
#ifndef MCUBOOT_OVERWRITE_ONLY
static int
@@ -1490,7 +1527,7 @@
struct boot_swap_state state;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -1574,12 +1611,13 @@
* Header checks are done first because they are inexpensive.
* Since overwrite-only copies starting from offset 0, if
* interrupted, it might leave a valid header magic, so also
- * run validation on slot0 to be sure it's not OK.
+ * run validation on the primary slot to be sure it's not OK.
*/
- if (boot_check_header_erased(0) == 0 ||
- boot_validate_slot(0, &bs) != 0) {
- if (boot_img_hdr(&boot_data, 1)->ih_magic == IMAGE_MAGIC &&
- boot_validate_slot(1, &bs) == 0) {
+ if (boot_check_header_erased(BOOT_PRIMARY_SLOT) == 0 ||
+ boot_validate_slot(BOOT_PRIMARY_SLOT, &bs) != 0) {
+ if ((boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT)->ih_magic
+ == IMAGE_MAGIC ) &&
+ (boot_validate_slot(BOOT_SECONDARY_SLOT, &bs) == 0)) {
rc = boot_copy_image(&bs);
assert(rc == 0);
@@ -1618,11 +1656,11 @@
* necessary because the gcc option "-fdata-sections" doesn't seem to have
* any effect in older gcc versions (e.g., 4.8.4).
*/
- static boot_sector_t slot0_sectors[BOOT_MAX_IMG_SECTORS];
- static boot_sector_t slot1_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t primary_slot_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t secondary_slot_sectors[BOOT_MAX_IMG_SECTORS];
static boot_sector_t scratch_sectors[BOOT_MAX_IMG_SECTORS];
- boot_data.imgs[0].sectors = slot0_sectors;
- boot_data.imgs[1].sectors = slot1_sectors;
+ boot_data.imgs[BOOT_PRIMARY_SLOT].sectors = primary_slot_sectors;
+ boot_data.imgs[BOOT_SECONDARY_SLOT].sectors = secondary_slot_sectors;
boot_data.scratch.sectors = scratch_sectors;
#ifdef MCUBOOT_ENC_IMAGES
@@ -1655,7 +1693,7 @@
}
/* If the image slots aren't compatible, no swap is possible. Just boot
- * into slot 0.
+ * into the primary slot.
*/
if (boot_slots_compatible()) {
rc = boot_swap_if_needed(&swap_type);
@@ -1668,7 +1706,8 @@
* The following states need image_ok be explicitly set after the
* swap was finished to avoid a new revert.
*/
- if (swap_type == BOOT_SWAP_TYPE_REVERT || swap_type == BOOT_SWAP_TYPE_FAIL) {
+ if (swap_type == BOOT_SWAP_TYPE_REVERT ||
+ swap_type == BOOT_SWAP_TYPE_FAIL) {
#ifndef MCUBOOT_OVERWRITE_ONLY
rc = boot_set_image_ok();
if (rc != 0) {
@@ -1682,13 +1721,13 @@
switch (swap_type) {
case BOOT_SWAP_TYPE_NONE:
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
break;
case BOOT_SWAP_TYPE_TEST: /* fallthrough */
case BOOT_SWAP_TYPE_PERM: /* fallthrough */
case BOOT_SWAP_TYPE_REVERT:
- slot = 1;
+ slot = BOOT_SECONDARY_SLOT;
reload_headers = true;
#ifndef MCUBOOT_OVERWRITE_ONLY
rc = boot_set_copy_done();
@@ -1699,11 +1738,11 @@
break;
case BOOT_SWAP_TYPE_FAIL:
- /* The image in slot 1 was invalid and is now erased. Ensure we don't
- * try to boot into it again on the next reboot. Do this by pretending
- * we just reverted back to slot 0.
+ /* The image in the secondary slot was invalid and is now erased.
+ * Ensure we don't try to boot into it again on the next reboot.
+ * Do this by pretending we just reverted back to the primary slot.
*/
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
reload_headers = true;
break;
@@ -1726,33 +1765,34 @@
}
/* Since headers were reloaded, it can be assumed we just performed a
* swap or overwrite. Now the header info that should be used to
- * provide the data for the bootstrap, which previously was at Slot 1,
- * was updated to Slot 0.
+ * provide the data for the bootstrap, which previously was at the
+ * secondary slot, was updated to the primary slot.
*/
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
}
-#ifdef MCUBOOT_VALIDATE_SLOT0
- rc = boot_validate_slot(0, NULL);
+#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
+ rc = boot_validate_slot(BOOT_PRIMARY_SLOT, NULL);
if (rc != 0) {
rc = BOOT_EBADIMAGE;
goto out;
}
#else
- /* Even if we're not re-validating slot 0, we could be booting
+ /* Even if we're not re-validating the primary slot, we could be booting
* onto an empty flash chip. At least do a basic sanity check that
* the magic number on the image is OK.
*/
- if (boot_data.imgs[0].hdr.ih_magic != IMAGE_MAGIC) {
- BOOT_LOG_ERR("bad image magic 0x%lx", (unsigned long)boot_data.imgs[0].hdr.ih_magic);
+ if (boot_data.imgs[BOOT_PRIMARY_SLOT].hdr.ih_magic != IMAGE_MAGIC) {
+ BOOT_LOG_ERR("bad image magic 0x%lx",
+ (unsigned long)boot_data.imgs[BOOT_PRIMARY_SLOT].hdr.ih_magic);
rc = BOOT_EBADIMAGE;
goto out;
}
#endif
/* Always boot from the primary slot. */
- rsp->br_flash_dev_id = boot_data.imgs[0].area->fa_device_id;
- rsp->br_image_off = boot_img_slot_off(&boot_data, 0);
+ rsp->br_flash_dev_id = boot_data.imgs[BOOT_PRIMARY_SLOT].area->fa_device_id;
+ rsp->br_image_off = boot_img_slot_off(&boot_data, BOOT_PRIMARY_SLOT);
rsp->br_hdr = boot_img_hdr(&boot_data, slot);
out:
diff --git a/boot/bootutil/test/src/boot_test.h b/boot/bootutil/test/src/boot_test.h
index eec85b1..08c9c08 100644
--- a/boot/bootutil/test/src/boot_test.h
+++ b/boot/bootutil/test/src/boot_test.h
@@ -73,9 +73,9 @@
uint32_t image_addr, int img_msb);
void boot_test_util_verify_status_clear(void);
void boot_test_util_verify_flash(const struct image_header *hdr0,
- int orig_slot_0,
+ int orig_primary_slot,
const struct image_header *hdr1,
- int orig_slot_1);
+ int orig_secondary_slot);
void boot_test_util_verify_all(int expected_swap_type,
const struct image_header *hdr0,
const struct image_header *hdr1);
diff --git a/boot/bootutil/test/src/boot_test_utils.c b/boot/bootutil/test/src/boot_test_utils.c
index bf66d24..3758743 100644
--- a/boot/bootutil/test/src/boot_test_utils.c
+++ b/boot/bootutil/test/src/boot_test_utils.c
@@ -62,7 +62,7 @@
const struct flash_area *fap;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
TEST_ASSERT_FATAL(rc == 0);
return flash_area_align(fap);
@@ -130,7 +130,7 @@
return size;
}
- /* Don't include trailer in copy to second slot. */
+ /* Don't include trailer in copy to the secondary slot. */
desc = boot_test_area_descs + dst_idx;
elem_sz = boot_test_util_flash_align();
trailer_start = desc->fa_size - boot_trailer_sz(elem_sz);
@@ -202,7 +202,7 @@
int rc;
int i;
- TEST_ASSERT(slot == 0 || slot == 1);
+ TEST_ASSERT(slot == BOOT_PRIMARY_SLOT || slot == BOOT_SECONDARY_SLOT);
flash_id = boot_test_img_addrs[slot].flash_id;
off = boot_test_img_addrs[slot].address;
@@ -313,25 +313,27 @@
void
boot_test_util_mark_revert(void)
{
- struct boot_swap_state state_slot0 = {
+ struct boot_swap_state state_primary_slot = {
.magic = BOOT_MAGIC_GOOD,
.copy_done = 0x01,
.image_ok = 0xff,
};
- boot_test_util_write_swap_state(FLASH_AREA_IMAGE_0, &state_slot0);
+ boot_test_util_write_swap_state(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
}
void
boot_test_util_mark_swap_perm(void)
{
- struct boot_swap_state state_slot0 = {
+ struct boot_swap_state state_primary_slot = {
.magic = BOOT_MAGIC_GOOD,
.copy_done = 0x01,
.image_ok = 0x01,
};
- boot_test_util_write_swap_state(FLASH_AREA_IMAGE_0, &state_slot0);
+ boot_test_util_write_swap_state(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
}
void
@@ -412,20 +414,22 @@
void
boot_test_util_verify_status_clear(void)
{
- struct boot_swap_state state_slot0;
+ struct boot_swap_state state_primary_slot;
int rc;
- rc = boot_read_swap_state_img(0, &state_slot0);
+ rc = boot_read_swap_state_img(0, &state_primary_slot);
assert(rc == 0);
- TEST_ASSERT(state_slot0.magic != BOOT_MAGIC_UNSET ||
- state_slot0.copy_done != 0);
+ TEST_ASSERT(state_primary_slot.magic != BOOT_MAGIC_UNSET ||
+ state_primary_slot.copy_done != 0);
}
void
-boot_test_util_verify_flash(const struct image_header *hdr0, int orig_slot_0,
- const struct image_header *hdr1, int orig_slot_1)
+boot_test_util_verify_flash(const struct image_header *hdr0,
+ int orig_primary_slot,
+ const struct image_header *hdr1,
+ int orig_secondary_slot)
{
const struct flash_area *area_desc;
int area_idx;
@@ -440,7 +444,8 @@
}
boot_test_util_verify_area(area_desc, hdr0,
- boot_test_img_addrs[0].address, orig_slot_0);
+ boot_test_img_addrs[0].address,
+ orig_primary_slot);
area_idx++;
}
@@ -451,7 +456,8 @@
area_desc = boot_test_area_descs + area_idx;
boot_test_util_verify_area(area_desc, hdr1,
- boot_test_img_addrs[1].address, orig_slot_1);
+ boot_test_img_addrs[1].address,
+ orig_secondary_slot);
area_idx++;
}
}
@@ -461,12 +467,12 @@
const struct image_header *hdr0,
const struct image_header *hdr1)
{
- const struct image_header *slot0hdr;
- const struct image_header *slot1hdr;
+ const struct image_header *primary_slot_hdr;
+ const struct image_header *secondary_slot_hdr;
struct boot_rsp rsp;
uintptr_t flash_base;
- int orig_slot_0;
- int orig_slot_1;
+ int orig_primary_slot;
+ int orig_secondary_slot;
int num_swaps;
int rc;
int i;
@@ -484,36 +490,37 @@
if (num_swaps % 2 == 0) {
if (hdr0 != NULL) {
- slot0hdr = hdr0;
- slot1hdr = hdr1;
+ primary_slot_hdr = hdr0;
+ secondary_slot_hdr = hdr1;
} else {
- slot0hdr = hdr1;
- slot1hdr = hdr0;
+ primary_slot_hdr = hdr1;
+ secondary_slot_hdr = hdr0;
}
- orig_slot_0 = 0;
- orig_slot_1 = 1;
+ orig_primary_slot = BOOT_PRIMARY_SLOT;
+ orig_secondary_slot = BOOT_SECONDARY_SLOT;
} else {
if (hdr1 != NULL) {
- slot0hdr = hdr1;
- slot1hdr = hdr0;
+ primary_slot_hdr = hdr1;
+ secondary_slot_hdr = hdr0;
} else {
- slot0hdr = hdr0;
- slot1hdr = hdr1;
+ primary_slot_hdr = hdr0;
+ secondary_slot_hdr = hdr1;
}
- orig_slot_0 = 1;
- orig_slot_1 = 0;
+ orig_primary_slot = BOOT_SECONDARY_SLOT;
+ orig_secondary_slot = BOOT_PRIMARY_SLOT;
}
rc = flash_device_base(rsp->br_flash_dev_id, &flash_base);
TEST_ASSERT_FATAL(rc == 0);
- TEST_ASSERT(memcmp(rsp.br_hdr, slot0hdr, sizeof *slot0hdr) == 0);
+ TEST_ASSERT(memcmp(rsp.br_hdr, primary_slot_hdr,
+ sizeof *primary_slot_hdr) == 0);
TEST_ASSERT(rsp.br_flash_dev_id == boot_test_img_addrs[0].flash_id);
TEST_ASSERT(flash_base + rsp.br_image_off ==
boot_test_img_addrs[0].address);
- boot_test_util_verify_flash(slot0hdr, orig_slot_0,
- slot1hdr, orig_slot_1);
+ boot_test_util_verify_flash(primary_slot_hdr, orig_primary_slot,
+ secondary_slot_hdr, orig_secondary_slot);
boot_test_util_verify_status_clear();
if (expected_swap_type != BOOT_SWAP_TYPE_NONE) {
diff --git a/boot/bootutil/test/src/testcases/boot_test_invalid_hash.c b/boot/bootutil/test/src/testcases/boot_test_invalid_hash.c
index bac3f7e..dedde95 100644
--- a/boot/bootutil/test/src/testcases/boot_test_invalid_hash.c
+++ b/boot/bootutil/test/src/testcases/boot_test_invalid_hash.c
@@ -44,9 +44,9 @@
.it_len = 32
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
rc = hal_flash_write(boot_test_img_addrs[1].flash_id,
boot_test_img_addrs[1].address + hdr1.ih_hdr_size + hdr1.ih_img_size,
&tlv, sizeof(tlv));
diff --git a/boot/bootutil/test/src/testcases/boot_test_no_flag_has_hash.c b/boot/bootutil/test/src/testcases/boot_test_no_flag_has_hash.c
index b6a8ec5..30e098d 100644
--- a/boot/bootutil/test/src/testcases/boot_test_no_flag_has_hash.c
+++ b/boot/bootutil/test/src/testcases/boot_test_no_flag_has_hash.c
@@ -40,10 +40,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_no_hash.c b/boot/bootutil/test/src/testcases/boot_test_no_hash.c
index 13fe7e1..ff40482 100644
--- a/boot/bootutil/test/src/testcases/boot_test_no_hash.c
+++ b/boot/bootutil/test/src/testcases/boot_test_no_hash.c
@@ -40,9 +40,9 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_bs_10.c b/boot/bootutil/test/src/testcases/boot_test_nv_bs_10.c
index 1d8d50c..46548e0 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_bs_10.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_bs_10.c
@@ -30,8 +30,8 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr, 0);
- boot_test_util_write_hash(&hdr, 0);
+ boot_test_util_write_image(&hdr, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr, BOOT_PRIMARY_SLOT);
boot_test_util_swap_areas(boot_test_slot_areas[1],
BOOT_TEST_AREA_IDX_SCRATCH);
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_bs_11.c b/boot/bootutil/test/src/testcases/boot_test_nv_bs_11.c
index eae13bd..26a5989 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_bs_11.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_bs_11.c
@@ -42,10 +42,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
boot_test_util_copy_area(5, BOOT_TEST_AREA_IDX_SCRATCH);
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_bs_11_2areas.c b/boot/bootutil/test/src/testcases/boot_test_nv_bs_11_2areas.c
index ba09ea1..ae5e1c4 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_bs_11_2areas.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_bs_11_2areas.c
@@ -42,10 +42,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT_FATAL(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_ns_01.c b/boot/bootutil/test/src/testcases/boot_test_nv_ns_01.c
index 8abd90e..7fdc0fd 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_ns_01.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_ns_01.c
@@ -30,8 +30,8 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr, 1);
- boot_test_util_write_hash(&hdr, 1);
+ boot_test_util_write_image(&hdr, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr, BOOT_SECONDARY_SLOT);
boot_set_pending(0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_ns_10.c b/boot/bootutil/test/src/testcases/boot_test_nv_ns_10.c
index 429416e..d548e05 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_ns_10.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_ns_10.c
@@ -30,8 +30,8 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr, 0);
- boot_test_util_write_hash(&hdr, 0);
+ boot_test_util_write_image(&hdr, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr, BOOT_PRIMARY_SLOT);
boot_test_util_verify_all(BOOT_SWAP_TYPE_NONE, &hdr, NULL);
}
diff --git a/boot/bootutil/test/src/testcases/boot_test_nv_ns_11.c b/boot/bootutil/test/src/testcases/boot_test_nv_ns_11.c
index 971a2cf..6e7bb47 100644
--- a/boot/bootutil/test/src/testcases/boot_test_nv_ns_11.c
+++ b/boot/bootutil/test/src/testcases/boot_test_nv_ns_11.c
@@ -39,10 +39,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
boot_test_util_verify_all(BOOT_SWAP_TYPE_NONE, &hdr0, &hdr1);
}
diff --git a/boot/bootutil/test/src/testcases/boot_test_permanent.c b/boot/bootutil/test/src/testcases/boot_test_permanent.c
index 489ebd6..839e65c 100644
--- a/boot/bootutil/test/src/testcases/boot_test_permanent.c
+++ b/boot/bootutil/test/src/testcases/boot_test_permanent.c
@@ -41,10 +41,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(1);
TEST_ASSERT_FATAL(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_permanent_continue.c b/boot/bootutil/test/src/testcases/boot_test_permanent_continue.c
index 2417df0..9b5fe68 100644
--- a/boot/bootutil/test/src/testcases/boot_test_permanent_continue.c
+++ b/boot/bootutil/test/src/testcases/boot_test_permanent_continue.c
@@ -42,12 +42,12 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
- /* Indicate that the image in slot 0 is being permanently used. */
+ /* Indicate that the image in the primary slot is being permanently used. */
boot_test_util_mark_swap_perm();
boot_test_util_swap_areas(2, 5);
diff --git a/boot/bootutil/test/src/testcases/boot_test_revert.c b/boot/bootutil/test/src/testcases/boot_test_revert.c
index 4b78fb6..b44fbe1 100644
--- a/boot/bootutil/test/src/testcases/boot_test_revert.c
+++ b/boot/bootutil/test/src/testcases/boot_test_revert.c
@@ -38,12 +38,12 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
- /* Indicate that the image in slot 0 is being tested. */
+ /* Indicate that the image in the primary slot is being tested. */
boot_test_util_mark_revert();
boot_test_util_verify_all(BOOT_SWAP_TYPE_REVERT, &hdr0, &hdr1);
diff --git a/boot/bootutil/test/src/testcases/boot_test_revert_continue.c b/boot/bootutil/test/src/testcases/boot_test_revert_continue.c
index 9982646..3887f4f 100644
--- a/boot/bootutil/test/src/testcases/boot_test_revert_continue.c
+++ b/boot/bootutil/test/src/testcases/boot_test_revert_continue.c
@@ -42,12 +42,12 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
- /* Indicate that the image in slot 0 is being tested. */
+ /* Indicate that the image in the primary slot is being tested. */
boot_test_util_mark_revert();
boot_test_util_swap_areas(2, 5);
diff --git a/boot/bootutil/test/src/testcases/boot_test_vb_ns_11.c b/boot/bootutil/test/src/testcases/boot_test_vb_ns_11.c
index e9b961d..8b19f87 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vb_ns_11.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vb_ns_11.c
@@ -41,10 +41,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_vm_ns_01.c b/boot/bootutil/test/src/testcases/boot_test_vm_ns_01.c
index a539fa2..fb1983f 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vm_ns_01.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vm_ns_01.c
@@ -32,8 +32,8 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr, 1);
- boot_test_util_write_hash(&hdr, 1);
+ boot_test_util_write_image(&hdr, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_vm_ns_10.c b/boot/bootutil/test/src/testcases/boot_test_vm_ns_10.c
index d6d217e..16bf5e9 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vm_ns_10.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vm_ns_10.c
@@ -30,8 +30,8 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr, 0);
- boot_test_util_write_hash(&hdr, 0);
+ boot_test_util_write_image(&hdr, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr, BOOT_PRIMARY_SLOT);
boot_test_util_verify_all(BOOT_SWAP_TYPE_NONE, &hdr, NULL);
}
diff --git a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_2areas.c b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_2areas.c
index 24b5da2..ab1723a 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_2areas.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_2areas.c
@@ -41,10 +41,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);
diff --git a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_a.c b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_a.c
index 433be25..0d46762 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_a.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_a.c
@@ -39,10 +39,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
boot_test_util_verify_all(BOOT_SWAP_TYPE_NONE, &hdr0, &hdr1);
}
diff --git a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_b.c b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_b.c
index e1a87c7..628ca58 100644
--- a/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_b.c
+++ b/boot/bootutil/test/src/testcases/boot_test_vm_ns_11_b.c
@@ -41,10 +41,10 @@
};
boot_test_util_init_flash();
- boot_test_util_write_image(&hdr0, 0);
- boot_test_util_write_hash(&hdr0, 0);
- boot_test_util_write_image(&hdr1, 1);
- boot_test_util_write_hash(&hdr1, 1);
+ boot_test_util_write_image(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_hash(&hdr0, BOOT_PRIMARY_SLOT);
+ boot_test_util_write_image(&hdr1, BOOT_SECONDARY_SLOT);
+ boot_test_util_write_hash(&hdr1, BOOT_SECONDARY_SLOT);
rc = boot_set_pending(0);
TEST_ASSERT(rc == 0);