Commit Graph

82 Commits

Author SHA1 Message Date
Rasmus Melchior Jacobsen
df3a1e1b9d Avoid write to not-erased magic
This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added.

There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
Rasmus Melchior Jacobsen
7c11d85e1e Move MemFlash to separate module and add verify_erased_before_write verification 2023-04-03 15:33:20 +02:00
Rasmus Melchior Jacobsen
8aaffe82e7 Add incremental hash to FirmwareUpdater
This adds support for computing any hash over the update in the dtu area by providing a closure to the hash update function.
2023-04-03 14:59:55 +02:00
Rasmus Melchior Jacobsen
b1e2195b49 Remove FirmwareWriter
FirmwareWriter currently has a "max-write-size" parameter, but this is a limitation that should be handled by chunking inside the NorFlash driver, and not "up here" in user code. In case that the driver (e.g. qspi driver) is unaware of any max-write limitations, one could simply add an intermediate NorFlash adapter providing the chunk'ing capability.
2023-04-03 14:50:41 +02:00
Rasmus Melchior Jacobsen
d9d6fd6d70 Add erase and wipe tests 2023-03-31 10:28:47 +02:00
Rasmus Melchior Jacobsen
42931b51f2 Let bootloader partition have read/write/erase operations
This change should not have any breaking changes.
2023-03-31 10:18:19 +02:00
Rasmus Melchior Jacobsen
373760a56b Split bootloader implementation into multiple files 2023-03-31 08:05:37 +02:00
sander
ba9afbc26d embassy-boot: add default nightly feature, makes it possible to compile with the stable compiler 2023-03-22 16:49:49 +01:00
Mehmet Ali Anil
b1bc034a7e Merge branch 'emb-storage-async-0p4' of https://github.com/Grus-BV/embassy into emb-storage-async-0p4 2023-03-07 23:35:56 +01:00
Mehmet Ali Anil
6bf8d090a1 Merge branch 'emb-storage-async-0p4' of https://github.com/Grus-BV/embassy into emb-storage-async-0p4 2023-03-07 23:21:19 +01:00
Mehmet Ali Anil
935633c90b Merge upstream 2023-03-07 23:16:54 +01:00
Mehmet Ali Anil
bc0cb43307 Bump embedded-storage-async to 0.4 2023-03-06 22:16:36 +01:00
huntc
b0529bc943 Support codesigning in the firmware updater
This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-12 13:30:58 +11:00
Ulf Lilleengen
89821846d7 fix: add required metadata for embassy-boot 2022-11-25 11:43:12 +01:00
Daniel Bevenius
0b2d6996e8
Fix ascii table in BootLoader doc comment
Signed-off-by: Daniel Bevenius <daniel.bevenius@gmail.com>
2022-10-29 15:16:09 +02:00
Mathias
6fa74b0c02 make prepare_update async 2022-09-26 10:36:21 +02:00
Mathias
b2a327a858 Add get_state helpers to allow self-testing before calling mark_booted 2022-09-26 06:53:40 +02:00
Mathias
7f16b1cd23 Add blocking API to FirmwareUpdater, and allow for a split prepare/write api 2022-09-26 06:01:18 +02:00
Dario Nieuwenhuis
897b72c872 Update Rust nightly.
Removes feature(generic_associated_types)
2022-09-22 16:38:14 +02:00
Ulf Lilleengen
b418c0e4d6 Take into account size of revert index
Fixes a bug in the partition assertions that ensures that the state
page(s) have enough space for 2x active partition range.

Add unit test to verify that panic is observed.
2022-09-20 14:04:57 +02:00
Ulf Lilleengen
d0fe654c82 Remove BootFlash borrow
Compiler will infer a different lifetime for BootFlash than for the
borrowed flash, which makes it require more type annotations than if it
was just owning the type. Since it doesn't really matter if it owns or
borrows in practical use, change it to own so that it simplifies usage.
2022-09-20 09:54:37 +02:00
Ulf Lilleengen
3aa0c13ba5 Fix a few clippy warnings 2022-09-02 08:42:42 +02:00
Ulf Lilleengen
3ca7314476 Remove generic const expressions from embassy-boot
* Remove the need for generic const expressions and use buffers provided in the flash config.
* Extend embedded-storage traits to simplify generics.
* Document all public APIs
* Add toplevel README
* Expose AlignedBuffer type for convenience.
* Update examples
2022-09-02 08:25:36 +02:00
Vincent Stakenburg
3dc26bbe39 simplify set_magic 2022-06-30 14:56:40 +02:00
Dario Nieuwenhuis
a8703b7598 Run rustfmt. 2022-06-12 22:22:31 +02:00
Ulf Lilleengen
bd237a1f96 Allow using separate page sizes for state and dfu
* Less generics on bootloader. Keep PAGE_SIZE as a common multiple of
DFU and ACTIVE page sizes.
* Document restriction
* Add unit tests for different page sizes
2022-04-28 10:38:25 +02:00
Ulf Lilleengen
da61611f8f Add bootloader to CI 2022-04-27 15:17:18 +02:00
Ulf Lilleengen
484e0acc63 Add stm32 flash + bootloader support
* Add flash drivers for L0, L1, L4, WB and WL. Not tested for WB, but
should be similar to WL.
* Add embassy-boot-stm32 for bootloading on STM32.
* Add flash examples and bootloader examples
* Update stm32-data
2022-04-27 15:17:18 +02:00
Ulf Lilleengen
2afff617f6 Support multiple flash instances in embassy-boot
* Add FlashProvider and FlashConfig traits to define flash
characteristics
* Use traits in bootloader to retrieve flash handles and for
copying data between flash instances
* Add convenience implementations for using a single flash instance.
2022-04-19 20:07:06 +02:00
Ulf Lilleengen
b0a53610ba Avoid writing bootloader flash if not needed 2022-03-31 15:23:06 +02:00
Ulf Lilleengen
73012ed40e Fix potential unaligned write
Reduce log level
2022-03-22 14:43:17 +01:00
Ulf Lilleengen
ed2a87a262 Add embassy-boot
Embassy-boot is a simple bootloader that works together with an
application to provide firmware update capabilities with a minimal risk.

The bootloader consists of a platform-independent part, which implements
the swap algorithm, and a platform-dependent part (currently only for
nRF) that provides addition functionality such as watchdog timers
softdevice support.
2022-02-09 10:50:29 +01:00