max/embassy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6c93309df4
embassy/embassy-boot/boot/src/lib.rs

291 lines
9.3 KiB
Rust
Raw Normal View History

Merge upstream
2023-03-07 10:46:59 +01:00
#![feature(async_fn_in_trait)]
#![allow(incomplete_features)]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#![no_std]
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
#![warn(missing_docs)]
fix: add required metadata for embassy-boot
2022-11-23 14:48:51 +01:00
#![doc = include_str!("../README.md")]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
mod fmt;
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
mod boot_loader;
mod firmware_updater;
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
mod large_erase;
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
mod mem_flash;
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
mod partition;
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove the Flash trait
2023-04-04 21:18:41 +02:00
pub use boot_loader::{BootError, BootFlash, BootLoader, FlashConfig, MultiFlashConfig, SingleFlashConfig};
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
pub use firmware_updater::{FirmwareUpdater, FirmwareUpdaterError};
pub use partition::Partition;
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
Split bootloader implementation into multiple files
2023-03-31 08:05:37 +02:00
pub(crate) const BOOT_MAGIC: u8 = 0xD0;
pub(crate) const SWAP_MAGIC: u8 = 0xF0;
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// The state of the bootloader after running prepare.
#[derive(PartialEq, Eq, Debug)]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[cfg_attr(feature = "defmt", derive(defmt::Format))]
pub enum State {
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Bootloader is ready to boot the active partition.
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Boot,
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Bootloader has swapped the active partition with the dfu partition and will attempt boot.
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Swap,
}
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
/// Buffer aligned to 32 byte boundary, largest known alignment requirement for embassy-boot.
#[repr(align(32))]
pub struct AlignedBuffer<const N: usize>(pub [u8; N]);
impl<const N: usize> AsRef<[u8]> for AlignedBuffer<N> {
fn as_ref(&self) -> &[u8] {
&self.0
}
}
impl<const N: usize> AsMut<[u8]> for AlignedBuffer<N> {
fn as_mut(&mut self) -> &mut [u8] {
&mut self.0
}
}
Support multiple flash instances in embassy-boot * Add FlashProvider and FlashConfig traits to define flash characteristics * Use traits in bootloader to retrieve flash handles and for copying data between flash instances * Add convenience implementations for using a single flash instance.
2022-04-19 14:42:38 +02:00
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[cfg(test)]
mod tests {
use futures::executor::block_on;
Run rustfmt.
2022-06-12 22:15:44 +02:00
use super::*;
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
use crate::large_erase::LargeErase;
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
use crate::mem_flash::MemFlash;
Run rustfmt.
2022-06-12 22:15:44 +02:00
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
/*
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[test]
fn test_bad_magic() {
let mut flash = MemFlash([0xff; 131072]);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut flash = SingleFlashConfig::new(&mut flash);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
let mut bootloader = BootLoader::<4096>::new(ACTIVE, DFU, STATE);
assert_eq!(
bootloader.prepare_boot(&mut flash),
Err(BootError::BadMagic)
);
}
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
*/
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
#[test]
fn test_boot_state() {
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
const STATE: Partition = Partition::new(0, 4096);
const ACTIVE: Partition = Partition::new(4096, 61440);
const DFU: Partition = Partition::new(61440, 122880);
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut flash = MemFlash::<131072, 4096, 4>::default();
flash.mem[0..4].copy_from_slice(&[BOOT_MAGIC; 4]);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut flash = SingleFlashConfig::new(&mut flash);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut page = [0; 4096];
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
assert_eq!(State::Boot, bootloader.prepare_boot(&mut flash, &mut page).unwrap());
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
#[test]
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
#[cfg(not(feature = "_verify"))]
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
fn test_swap_state() {
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
const STATE: Partition = Partition::new(0, 4096);
const ACTIVE: Partition = Partition::new(4096, 61440);
const DFU: Partition = Partition::new(61440, 122880);
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut flash = MemFlash::<131072, 4096, 4>::random();
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
let original: [u8; ACTIVE.len()] = [rand::random::<u8>(); ACTIVE.len()];
let update: [u8; DFU.len()] = [rand::random::<u8>(); DFU.len()];
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
for i in ACTIVE.from..ACTIVE.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
flash.mem[i] = original[i - ACTIVE.from];
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut flash)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut flash, &mut aligned)).unwrap();
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
let mut page = [0; 1024];
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
for i in ACTIVE.from..ACTIVE.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(flash.mem[i], update[i - ACTIVE.from], "Index {}", i);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
// First DFU page is untouched
for i in DFU.from + 4096..DFU.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(flash.mem[i], original[i - DFU.from - 4096], "Index {}", i);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
// Running again should cause a revert
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
for i in ACTIVE.from..ACTIVE.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(flash.mem[i], original[i - ACTIVE.from], "Index {}", i);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
// Last page is untouched
for i in DFU.from..DFU.to - 4096 {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(flash.mem[i], update[i - DFU.from], "Index {}", i);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
// Mark as booted
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_booted(&mut flash, &mut aligned)).unwrap();
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
assert_eq!(
State::Boot,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut SingleFlashConfig::new(&mut flash), &mut page)
Add stm32 flash + bootloader support * Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but should be similar to WL. * Add embassy-boot-stm32 for bootloading on STM32. * Add flash examples and bootloader examples * Update stm32-data
2022-04-20 13:49:59 +02:00
.unwrap()
);
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
#[test]
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
#[cfg(not(feature = "_verify"))]
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
fn test_separate_flash_active_page_biggest() {
const STATE: Partition = Partition::new(2048, 4096);
const ACTIVE: Partition = Partition::new(4096, 16384);
const DFU: Partition = Partition::new(0, 16384);
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut active = MemFlash::<16384, 4096, 8>::random();
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
let mut dfu = LargeErase::<_, 4096>::new(MemFlash::<16384, 2048, 8>::random());
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut state = MemFlash::<4096, 128, 4>::random();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
let original: [u8; ACTIVE.len()] = [rand::random::<u8>(); ACTIVE.len()];
let update: [u8; DFU.len()] = [rand::random::<u8>(); DFU.len()];
for i in ACTIVE.from..ACTIVE.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
active.mem[i] = original[i - ACTIVE.from];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut dfu)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut state, &mut aligned)).unwrap();
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
let mut page = [0; 4096];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
assert_eq!(
State::Swap,
bootloader
Remove magic buffer argument from prepare_boot and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
.prepare_boot(&mut MultiFlashConfig::new(&mut active, &mut state, &mut dfu), &mut page)
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
.unwrap()
);
for i in ACTIVE.from..ACTIVE.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(active.mem[i], update[i - ACTIVE.from], "Index {}", i);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
// First DFU page is untouched
for i in DFU.from + 4096..DFU.to {
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
assert_eq!(dfu.0.mem[i], original[i - DFU.from - 4096], "Index {}", i);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
}
#[test]
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
#[cfg(not(feature = "_verify"))]
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
fn test_separate_flash_dfu_page_biggest() {
const STATE: Partition = Partition::new(2048, 4096);
const ACTIVE: Partition = Partition::new(4096, 16384);
const DFU: Partition = Partition::new(0, 16384);
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut aligned = [0; 4];
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
let mut active = LargeErase::<_, 4096>::new(MemFlash::<16384, 2048, 4>::random());
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
let mut dfu = MemFlash::<16384, 4096, 8>::random();
Avoid write to not-erased magic This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added. There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
let mut state = MemFlash::<4096, 128, 4>::random();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
let original: [u8; ACTIVE.len()] = [rand::random::<u8>(); ACTIVE.len()];
let update: [u8; DFU.len()] = [rand::random::<u8>(); DFU.len()];
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
for i in ACTIVE.from..ACTIVE.to {
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
active.0.mem[i] = original[i - ACTIVE.from];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
let mut updater = FirmwareUpdater::new(DFU, STATE);
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
block_on(updater.write_firmware(0, &update, &mut dfu)).unwrap();
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
block_on(updater.mark_updated(&mut state, &mut aligned)).unwrap();
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
let mut bootloader: BootLoader = BootLoader::new(ACTIVE, DFU, STATE);
let mut page = [0; 4096];
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
assert_eq!(
State::Swap,
bootloader
Remove generic const expressions from embassy-boot * Remove the need for generic const expressions and use buffers provided in the flash config. * Extend embedded-storage traits to simplify generics. * Document all public APIs * Add toplevel README * Expose AlignedBuffer type for convenience. * Update examples
2022-08-30 13:07:35 +02:00
.prepare_boot(
&mut MultiFlashConfig::new(&mut active, &mut state, &mut dfu,),
&mut page
)
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
.unwrap()
);
for i in ACTIVE.from..ACTIVE.to {
Assert active and dfu have same erase size and copy in smaller chunks The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
assert_eq!(active.0.mem[i], update[i - ACTIVE.from], "Index {}", i);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
// First DFU page is untouched
for i in DFU.from + 4096..DFU.to {
Move MemFlash to separate module and add verify_erased_before_write verification
2023-04-03 15:33:20 +02:00
assert_eq!(dfu.mem[i], original[i - DFU.from - 4096], "Index {}", i);
Allow using separate page sizes for state and dfu * Less generics on bootloader. Keep PAGE_SIZE as a common multiple of DFU and ACTIVE page sizes. * Document restriction * Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
}
}
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
#[test]
#[cfg(feature = "_verify")]
fn test_verify() {
// The following key setup is based on:
// https://docs.rs/ed25519-dalek/latest/ed25519_dalek/#example
use ed25519_dalek::Keypair;
use rand::rngs::OsRng;
let mut csprng = OsRng {};
let keypair: Keypair = Keypair::generate(&mut csprng);
use ed25519_dalek::{Digest, Sha512, Signature, Signer};
let firmware: &[u8] = b"This are bytes that would otherwise be firmware bytes for DFU.";
let mut digest = Sha512::new();
digest.update(&firmware);
let message = digest.finalize();
let signature: Signature = keypair.sign(&message);
use ed25519_dalek::PublicKey;
let public_key: PublicKey = keypair.public;
// Setup flash
const STATE: Partition = Partition::new(0, 4096);
const DFU: Partition = Partition::new(4096, 8192);
Fix compile error when verification is enabled
2023-04-04 12:36:50 +02:00
let mut flash = MemFlash::<8192, 4096, 4>::default();
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
let firmware_len = firmware.len();
let mut write_buf = [0; 4096];
write_buf[0..firmware_len].copy_from_slice(firmware);
Fix compile error when verification is enabled
2023-04-04 12:36:50 +02:00
DFU.write_blocking(&mut flash, 0, &write_buf).unwrap();
Support codesigning in the firmware updater This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-06 12:21:39 +01:00
// On with the test
let mut updater = FirmwareUpdater::new(DFU, STATE);
let mut aligned = [0; 4];
assert!(block_on(updater.verify_and_mark_updated(
&mut flash,
&public_key.to_bytes(),
&signature.to_bytes(),
firmware_len,
&mut aligned,
))
.is_ok());
}
Add embassy-boot Embassy-boot is a simple bootloader that works together with an application to provide firmware update capabilities with a minimal risk. The bootloader consists of a platform-independent part, which implements the swap algorithm, and a platform-dependent part (currently only for nRF) that provides addition functionality such as watchdog timers softdevice support.
2022-01-24 12:54:09 +01:00
}
Reference in New Issue Copy Permalink