bootutil: Allow larger minimum flash write
[kristine.jassmann@renesas.com: Allow larger minimum flash write]
[michael.thomas@renesas.com: Add changes for 1.8]
[michael.thomas@renesas.com: Add magic alignment fix]
[gustavo.nihei@espressif.com: bootutil: Address issues from PR 949]
Co-authored-by: Kristine Jassmann <kristine.jassmann@renesas.com>
Co-authored-by: Michael Thomas <michael.thomas@renesas.com>
Co-authored-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Signed-off-by: Kristine Jassmann <kristine.jassmann@renesas.com>
Signed-off-by: Michael Thomas <michael.thomas@renesas.com>
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 4ae27b2..f0b4a5d 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -108,12 +108,12 @@
# if MCUBOOT_SWAP_SAVE_ENCTLV
BOOT_ENC_TLV_ALIGN_SIZE * 2 +
# else
- BOOT_ENC_KEY_SIZE * 2 +
+ BOOT_ENC_KEY_ALIGN_SIZE * 2 +
# endif
#endif
/* swap_type + copy_done + image_ok + swap_size */
BOOT_MAX_ALIGN * 4 +
- BOOT_MAGIC_SZ
+ BOOT_MAGIC_ALIGN_SIZE
);
}
@@ -190,6 +190,15 @@
return flash_area_get_size(fap) - off_from_end;
}
+static int
+boot_magic_decode(const uint32_t *magic)
+{
+ if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) == 0) {
+ return BOOT_MAGIC_GOOD;
+ }
+ return BOOT_MAGIC_BAD;
+}
+
static inline uint32_t
boot_magic_off(const struct flash_area *fap)
{
@@ -199,7 +208,7 @@
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
{
- return boot_magic_off(fap) - BOOT_MAX_ALIGN;
+ return ALIGN_DOWN(boot_magic_off(fap) - BOOT_MAX_ALIGN, BOOT_MAX_ALIGN);
}
static inline uint32_t
@@ -219,10 +228,9 @@
boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
{
#if MCUBOOT_SWAP_SAVE_ENCTLV
- return boot_swap_size_off(fap) - ((slot + 1) *
- ((((BOOT_ENC_TLV_SIZE - 1) / BOOT_MAX_ALIGN) + 1) * BOOT_MAX_ALIGN));
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_TLV_ALIGN_SIZE);
#else
- return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_SIZE);
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_ALIGN_SIZE);
#endif
}
#endif
@@ -272,7 +280,7 @@
return rc;
}
- if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) == 0) {
+ if (BOOT_MAGIC_GOOD == boot_magic_decode(magic)) {
return 0;
}
@@ -327,7 +335,7 @@
}
}
#else
- rc = flash_area_read(fap, off, bs->enckey[slot], BOOT_ENC_KEY_SIZE);
+ rc = flash_area_read(fap, off, bs->enckey[slot], BOOT_ENC_KEY_ALIGN_SIZE);
#endif
flash_area_close(fap);
}
@@ -375,7 +383,7 @@
#if MCUBOOT_SWAP_SAVE_ENCTLV
rc = flash_area_write(fap, off, bs->enctlv[slot], BOOT_ENC_TLV_ALIGN_SIZE);
#else
- rc = flash_area_write(fap, off, bs->enckey[slot], BOOT_ENC_KEY_SIZE);
+ rc = flash_area_write(fap, off, bs->enckey[slot], BOOT_ENC_KEY_ALIGN_SIZE);
#endif
if (rc != 0) {
return BOOT_EFLASH;
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 10a6e02..1ba292f 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -82,7 +82,7 @@
uint8_t swap_type; /* The type of swap in effect */
uint32_t swap_size; /* Total size of swapped image */
#ifdef MCUBOOT_ENC_IMAGES
- uint8_t enckey[BOOT_NUM_SLOTS][BOOT_ENC_KEY_SIZE];
+ uint8_t enckey[BOOT_NUM_SLOTS][BOOT_ENC_KEY_ALIGN_SIZE];
#if MCUBOOT_SWAP_SAVE_ENCTLV
uint8_t enctlv[BOOT_NUM_SLOTS][BOOT_ENC_TLV_ALIGN_SIZE];
#endif
@@ -109,16 +109,28 @@
* | Encryption key 0 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | 0xff padding as needed |
+ * | (BOOT_MAX_ALIGN minus 16 octets from Encryption key 0) [*] |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encryption key 1 (16 octets) [*] |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | 0xff padding as needed |
+ * | (BOOT_MAX_ALIGN minus 16 octets from Encryption key 1) [*] |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Swap size (4 octets) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Swap info | 0xff padding (7 octets) |
+ * | 0xff padding as needed |
+ * | (BOOT_MAX_ALIGN minus 4 octets from Swap size) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Copy done | 0xff padding (7 octets) |
+ * | Swap info | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- * | Image OK | 0xff padding (7 octets) |
+ * | Copy done | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Image OK | 0xff padding (BOOT_MAX_ALIGN minus 1 octet) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | 0xff padding as needed |
+ * | (BOOT_MAX_ALIGN minus 16 octets from MAGIC) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | MAGIC (16 octets) |
* | |
diff --git a/boot/bootutil/src/bootutil_public.c b/boot/bootutil/src/bootutil_public.c
index 15cdb0e..63092f2 100644
--- a/boot/bootutil/src/bootutil_public.c
+++ b/boot/bootutil/src/bootutil_public.c
@@ -146,7 +146,7 @@
static inline uint32_t
boot_image_ok_off(const struct flash_area *fap)
{
- return boot_magic_off(fap) - BOOT_MAX_ALIGN;
+ return ALIGN_DOWN(boot_magic_off(fap) - BOOT_MAX_ALIGN, BOOT_MAX_ALIGN);
}
static inline uint32_t
@@ -198,10 +198,9 @@
boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
{
#if MCUBOOT_SWAP_SAVE_ENCTLV
- return boot_swap_size_off(fap) - ((slot + 1) *
- ((((BOOT_ENC_TLV_SIZE - 1) / BOOT_MAX_ALIGN) + 1) * BOOT_MAX_ALIGN));
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_TLV_ALIGN_SIZE);
#else
- return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_SIZE);
+ return boot_swap_size_off(fap) - ((slot + 1) * BOOT_ENC_KEY_ALIGN_SIZE);
#endif
}
#endif
@@ -316,14 +315,32 @@
boot_write_magic(const struct flash_area *fap)
{
uint32_t off;
+ uint32_t pad_off;
int rc;
+ uint8_t magic[BOOT_MAGIC_ALIGN_SIZE];
+ uint8_t erased_val;
off = boot_magic_off(fap);
+ /* image_trailer structure was modified with additional padding such that
+ * the pad+magic ends up in a flash minimum write region. The address
+ * returned by boot_magic_off() is the start of magic which is not the
+ * start of the flash write boundary and thus writes to the magic will fail.
+ * To account for this change, write to magic is first padded with 0xFF
+ * before writing to the trailer.
+ */
+ pad_off = ALIGN_DOWN(off, BOOT_MAX_ALIGN);
+
+ erased_val = flash_area_erased_val(fap);
+
+ memset(&magic[0], erased_val, sizeof(magic));
+ memcpy(&magic[BOOT_MAGIC_ALIGN_SIZE - BOOT_MAGIC_SZ], boot_img_magic, BOOT_MAGIC_SZ);
+
BOOT_LOG_DBG("writing magic; fa_id=%d off=0x%lx (0x%lx)",
flash_area_get_id(fap), (unsigned long)off,
(unsigned long)(flash_area_get_off(fap) + off));
- rc = flash_area_write(fap, off, boot_img_magic, BOOT_MAGIC_SZ);
+ rc = flash_area_write(fap, pad_off, &magic[0], BOOT_MAGIC_ALIGN_SIZE);
+
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -346,7 +363,7 @@
int rc;
align = flash_area_align(fap);
- align = (inlen + align - 1) & ~(align - 1);
+ align = ALIGN_UP(inlen, align);
if (align > BOOT_MAX_ALIGN) {
return -1;
}
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index a26159c..10bd5c6 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -36,6 +36,7 @@
#include <stdlib.h>
#include <string.h>
#include "bootutil/bootutil.h"
+#include "bootutil/bootutil_public.h"
#include "bootutil/image.h"
#include "bootutil_priv.h"
#include "swap_priv.h"
@@ -79,6 +80,12 @@
#define TARGET_STATIC
#endif
+#if BOOT_MAX_ALIGN > 1024
+#define BUF_SZ BOOT_MAX_ALIGN
+#else
+#define BUF_SZ 1024
+#endif
+
static int
boot_read_image_headers(struct boot_loader_state *state, bool require_all,
struct boot_status *bs)
@@ -379,7 +386,7 @@
boot_status_reset(struct boot_status *bs)
{
#ifdef MCUBOOT_ENC_IMAGES
- memset(&bs->enckey, 0xff, BOOT_NUM_SLOTS * BOOT_ENC_KEY_SIZE);
+ memset(&bs->enckey, 0xff, BOOT_NUM_SLOTS * BOOT_ENC_KEY_ALIGN_SIZE);
#if MCUBOOT_SWAP_SAVE_ENCTLV
memset(&bs->enctlv, 0xff, BOOT_NUM_SLOTS * BOOT_ENC_TLV_ALIGN_SIZE);
#endif
@@ -944,7 +951,7 @@
uint8_t image_index;
#endif
- TARGET_STATIC uint8_t buf[1024] __attribute__((aligned(4)));
+ TARGET_STATIC uint8_t buf[BUF_SZ] __attribute__((aligned(4)));
#if !defined(MCUBOOT_ENC_IMAGES)
(void)state;
@@ -1254,7 +1261,7 @@
rc = 0;
}
} else {
- memset(bs->enckey[0], 0xff, BOOT_ENC_KEY_SIZE);
+ memset(bs->enckey[0], 0xff, BOOT_ENC_KEY_ALIGN_SIZE);
}
#endif
@@ -1278,7 +1285,7 @@
rc = 0;
}
} else {
- memset(bs->enckey[1], 0xff, BOOT_ENC_KEY_SIZE);
+ memset(bs->enckey[1], 0xff, BOOT_ENC_KEY_ALIGN_SIZE);
}
#endif