max/embassy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
551f76c700
embassy/embassy-boot/boot/src/lib.rs

269 lines
8.7 KiB
Rust
Raw Normal View History

embassy-boot: add default nightly feature, makes it possible to compile with the stable compiler
2023-03-22 16:49:49 +01:00
#![cfg_attr(feature = "nightly", feature(async_fn_in_trait))]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#![no_std]
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
#![warn(missing_docs)]
fix: add required metadata for embassy-boot
2022-11-23 14:48:51 +01:00
#![doc = include_str!("../README.md")]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
mod fmt;
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
mod boot_loader;
Let hash functions take a digest::Digest trait ... and add adapters for current Sha512 implementations that does not inplement the Digest trait
2023-04-04 12:24:30 +02:00
mod digest_adapters;
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
mod firmware_updater;
Add TestFlash helper
2023-05-30 13:41:10 +02:00
#[cfg(test)]
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
mod mem_flash;
Add TestFlash helper
2023-05-30 13:41:10 +02:00
#[cfg(test)]
mod test_flash;
embassy-boot: add default nightly feature, makes it possible to compile with the stable compiler
2023-03-22 16:49:49 +01:00
Add TestFlash helper
2023-05-30 13:41:10 +02:00
// The expected value of the flash after an erase
// TODO: Use the value provided by NorFlash when available
pub(crate) const STATE_ERASE_VALUE: u8 = 0xFF;
Add bootloader helper for creating config from linkerfile symbols
2023-05-30 13:38:00 +02:00
pub use boot_loader::{BootError, BootLoader, BootLoaderConfig};
Split FirmwareUpdater into async and blocking types
2023-05-30 13:36:42 +02:00
#[cfg(feature = "nightly")]
pub use firmware_updater::FirmwareUpdater;
pub use firmware_updater::{BlockingFirmwareUpdater, FirmwareUpdaterConfig, FirmwareUpdaterError};
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
pub(crate) const BOOT_MAGIC: u8 = 0xD0;
pub(crate) const SWAP_MAGIC: u8 = 0xF0;
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// The state of the bootloader after running prepare.
#[derive(PartialEq, Eq, Debug)]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum State {
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Bootloader is ready to boot the active partition.
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Boot,
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Bootloader has swapped the active partition with the dfu partition and will attempt boot.
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Swap,
}
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Buffer aligned to 32 byte boundary, largest known alignment requirement for embassy-boot.
#[repr(align(32))]
pub struct AlignedBuffer<const N: usize>(pub [u8; N]);
impl<const N: usize> AsRef<[u8]> for AlignedBuffer<N> {
fn as_ref(&self) -> &[u8] {
&self.0
}
}
impl<const N: usize> AsMut<[u8]> for AlignedBuffer<N> {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0
}
}
Support multiple flash instances in embassy-boot * Add FlashProvider and FlashConfig traits to define flash characteristics * Use traits in bootloader to retrieve flash handles and for copying data between flash instances * Add convenience implementations for using a single flash instance.
2022-04-19 14:42:38 +02:00
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[cfg(test)]
mod tests {
use futures::executor::block_on;
Run rustfmt.
2022-06-12 22:15:44 +02:00
use super::*;
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
use crate::mem_flash::MemFlash;
Run rustfmt.
2022-06-12 22:15:44 +02:00
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
/*
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[test]
fn test_bad_magic() {
let mut flash = MemFlash([0xff; 131072]);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut flash = SingleFlashConfig::new(&mut flash);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
let mut bootloader = BootLoader::<4096>::new(ACTIVE, DFU, STATE);
assert_eq!(
bootloader.prepare_boot(&mut flash),
Err(BootError::BadMagic)
);
}
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
*/
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[test]
fn test_boot_state() {
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
const STATE: Partition = Partition::new(0, 4096);
const ACTIVE: Partition = Partition::new(4096, 61440);
const DFU: Partition = Partition::new(61440, 122880);
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut flash = MemFlash::<131072, 4096, 4>::default();
flash.mem[0..4].copy_from_slice(&[BOOT_MAGIC; 4]);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut flash = SingleFlashConfig::new(&mut flash);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut page = [0; 4096];
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
assert_eq!(State::Boot, bootloader.prepare_boot(&mut flash, &mut page).unwrap());
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
#[test]
embassy-boot: ensure tests can run on the stable compiler
2023-04-20 10:56:59 +02:00
#[cfg(all(feature = "nightly", not(feature = "_verify")))]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
fn test_swap_state() {
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
const STATE: Partition = Partition::new(0, 4096);
const ACTIVE: Partition = Partition::new(4096, 61440);
const DFU: Partition = Partition::new(61440, 122880);
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut flash = MemFlash::<131072, 4096, 4>::random();
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
let original = [rand::random::<u8>(); ACTIVE.size() as usize];
let update = [rand::random::<u8>(); ACTIVE.size() as usize];
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
flash.program(ACTIVE.from, &original).unwrap();
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut flash)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut flash, &mut aligned)).unwrap();
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
let mut page = [0; 1024];
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
flash.assert_eq(ACTIVE.from, &update);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
// First DFU page is untouched
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
flash.assert_eq(DFU.from + 4096, &original);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
// Running again should cause a revert
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
flash.assert_eq(ACTIVE.from, &original);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
// Last page is untouched
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
flash.assert_eq(DFU.from, &update);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
// Mark as booted
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_booted(&mut flash, &mut aligned)).unwrap();
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Boot,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
#[test]
embassy-boot: ensure tests can run on the stable compiler
2023-04-20 10:56:59 +02:00
#[cfg(all(feature = "nightly", not(feature = "_verify")))]
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
fn test_separate_flash_active_page_biggest() {
const STATE: Partition = Partition::new(2048, 4096);
const ACTIVE: Partition = Partition::new(4096, 16384);
const DFU: Partition = Partition::new(0, 16384);
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut active = MemFlash::<16384, 4096, 8>::random();
Allow different erase sizes for active and dfu
2023-04-04 21:30:49 +02:00
let mut dfu = MemFlash::<16384, 2048, 8>::random();
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut state = MemFlash::<4096, 128, 4>::random();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
let original = [rand::random::<u8>(); ACTIVE.size() as usize];
let update = [rand::random::<u8>(); ACTIVE.size() as usize];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
active.program(ACTIVE.from, &original).unwrap();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut dfu)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut state, &mut aligned)).unwrap();
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
let mut page = [0; 4096];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut MultiFlashConfig::new(&mut active, &mut state, &mut dfu), &mut page)
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
.unwrap()
);
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
active.assert_eq(ACTIVE.from, &update);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
// First DFU page is untouched
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
dfu.assert_eq(DFU.from + 4096, &original);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
#[test]
embassy-boot: ensure tests can run on the stable compiler
2023-04-20 10:56:59 +02:00
#[cfg(all(feature = "nightly", not(feature = "_verify")))]
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
fn test_separate_flash_dfu_page_biggest() {
const STATE: Partition = Partition::new(2048, 4096);
const ACTIVE: Partition = Partition::new(4096, 16384);
const DFU: Partition = Partition::new(0, 16384);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Allow different erase sizes for active and dfu
2023-04-04 21:30:49 +02:00
let mut active = MemFlash::<16384, 2048, 4>::random();
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut dfu = MemFlash::<16384, 4096, 8>::random();
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut state = MemFlash::<4096, 128, 4>::random();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
let original = [rand::random::<u8>(); ACTIVE.size() as usize];
let update = [rand::random::<u8>(); ACTIVE.size() as usize];
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
active.program(ACTIVE.from, &original).unwrap();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut dfu)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut state, &mut aligned)).unwrap();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
let mut page = [0; 4096];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
assert_eq!(
State::Swap,
bootloader
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
.prepare_boot(
&mut MultiFlashConfig::new(&mut active, &mut state, &mut dfu,),
&mut page
)
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
.unwrap()
);
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
active.assert_eq(ACTIVE.from, &update);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
// First DFU page is untouched
Let Partition range be u32 instead of usize
2023-04-05 08:28:31 +02:00
dfu.assert_eq(DFU.from + 4096, &original);
Take into account size of revert index Fixes a bug in the partition assertions that ensures that the state page(s) have enough space for 2x active partition range. Add unit test to verify that panic is observed.
2022-09-20 14:03:04 +02:00
}
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
#[test]
embassy-boot: ensure tests can run on the stable compiler
2023-04-20 10:56:59 +02:00
#[cfg(all(feature = "nightly", feature = "_verify"))]
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
fn test_verify() {
// The following key setup is based on:
// https://docs.rs/ed25519-dalek/latest/ed25519_dalek/#example
use ed25519_dalek::Keypair;
use rand::rngs::OsRng;
let mut csprng = OsRng {};
let keypair: Keypair = Keypair::generate(&mut csprng);
use ed25519_dalek::{Digest, Sha512, Signature, Signer};
let firmware: &[u8] = b"This are bytes that would otherwise be firmware bytes for DFU.";
let mut digest = Sha512::new();
digest.update(&firmware);
let message = digest.finalize();
let signature: Signature = keypair.sign(&message);
use ed25519_dalek::PublicKey;
let public_key: PublicKey = keypair.public;
// Setup flash
const STATE: Partition = Partition::new(0, 4096);
const DFU: Partition = Partition::new(4096, 8192);
Fix compile error when verification is enabled
2023-04-04 12:36:50 +02:00
let mut flash = MemFlash::<8192, 4096, 4>::default();
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
let firmware_len = firmware.len();
let mut write_buf = [0; 4096];
write_buf[0..firmware_len].copy_from_slice(firmware);
Fix compile error when verification is enabled
2023-04-04 12:36:50 +02:00
DFU.write_blocking(&mut flash, 0, &write_buf).unwrap();
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
// On with the test
let mut updater = FirmwareUpdater::new(DFU, STATE);
let mut aligned = [0; 4];
assert!(block_on(updater.verify_and_mark_updated(
&mut flash,
&public_key.to_bytes(),
&signature.to_bytes(),
Let update_len be u32
2023-04-11 07:46:05 +02:00
firmware_len as u32,
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
&mut aligned,
))
.is_ok());
}
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
Reference in New Issue Copy Permalink