bootutil: fix random upgrade failure using swap move
Fix an issue where an upgrade could fail to execute.
This happened randomly in the "perm_with_fails" test in the simulator;
for it to happen the first reset had to occur just after writing the
metadata to mark the start of a new upgrade, but before any swap happened;
if followed by a new reset happening at a point where the metadata was
erased and rewritten, it would result in an upgrade failure. The images
would still be valid though although in their original slots.
The fix stores the detected boot status source in the state. When
metadata was found in the primary slot we assume a swap has already
started (even though no sector swap has happened) and avoid
erasing/rewriting it.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index 6b298f4..bab5ec9 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -86,6 +86,7 @@
#ifdef MCUBOOT_ENC_IMAGES
uint8_t enckey[BOOT_NUM_SLOTS][BOOT_ENC_KEY_SIZE];
#endif
+ int source; /* Which slot contains swap status metadata */
};
#define BOOT_MAGIC_GOOD 1