Commit Graph

69 Commits

Author SHA1 Message Date
Rasmus Melchior Jacobsen
84bfe9b8c9 Align examples with bootloader changes 2023-04-04 22:44:21 +02:00
Rasmus Melchior Jacobsen
a77ce1088d Align chip specific boot projects with new prepare_boot() signature 2023-04-04 22:22:25 +02:00
Rasmus Melchior Jacobsen
e962fe794c Add assertions about the aligned_buf % write sizes 2023-04-04 21:57:28 +02:00
Rasmus Melchior Jacobsen
78e6b4d261 Remove comment about equal erase size requirement 2023-04-04 21:43:18 +02:00
Rasmus Melchior Jacobsen
53efb02900 Allow different erase sizes for active and dfu 2023-04-04 21:30:49 +02:00
Rasmus Melchior Jacobsen
6c93309df4 Remove the Flash trait 2023-04-04 21:18:41 +02:00
Rasmus Melchior Jacobsen
25577e0eaf Assert active and dfu have same erase size and copy in smaller chunks
The copy from active to dfu (and vice versa) is now done in smaller portions depending on aligned_buf, which now does not need to be erase_size big.
2023-04-04 21:09:30 +02:00
Rasmus Melchior Jacobsen
9242ad89d4 Remove magic buffer argument from prepare_boot
and use the aligned page buffer instead
2023-04-04 20:25:55 +02:00
bors[bot]
3ede5667d4
Merge #1324 #1327
1324: Add MCO support for L4 and F4 families r=Dirbaio a=m-dupont

Add MCO support for L4 and F4 as already done in F7. 

When the 'HSI' source is selected as MCO source, 'HSI' is activated (`set_hsion(true)`) . This is done to operate the MCO in case 'MSI' is chosen as the clock source for the CPU. The same applies to PLL, etc.

1327: Avoid write before erase r=Dirbaio a=rmja

This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added.

There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.

I have made some thoughts about whether this is a breaking change between the app and firmware, i.e. whether adding the "Progress valid" field is breaking. My conclusion is that it is not a breaking change. For the case where an app uses this new FirmwareUpdater together with an old bootloader, what it now does, is that it:

1. Writes the progress valid field to all zeros. This field is not known in the old bootloader, so it actually writes a "current progress" index.
2. The entire state partition is erased - effectively removing any trace of 1.
3. Set magic

This should be compatible.


Co-authored-by: Mathieu Dupont <mdupont@cppm.in2p3.fr>
Co-authored-by: Rasmus Melchior Jacobsen <rmja@laesoe.org>
2023-04-04 14:59:10 +00:00
Rasmus Melchior Jacobsen
803c09c300 Expose read/write/erase on partition 2023-04-04 12:50:53 +02:00
Rasmus Melchior Jacobsen
5e19fb6fb9 Fix compile error when verification is enabled 2023-04-04 12:36:50 +02:00
Rasmus Melchior Jacobsen
c38eb9660b Merge remote-tracking branch 'upstream/master' into avoid-write-before-erase 2023-04-04 12:29:24 +02:00
Rasmus Melchior Jacobsen
df3a1e1b9d Avoid write to not-erased magic
This introduces an additional marker to the state partition right after the magic which indicates whether the current progress is valid or not. Validation in tests that we never write without an erase is added.

There is currently a FIXME in the FirmwareUpdater. Let me know if we should take the erase value as a parameter. I opened a feature request in embedded-storage to get this value in the trait. Before this, the assumption about ERASE_VALUE=0xFF was the same.
2023-04-04 07:18:29 +02:00
Rasmus Melchior Jacobsen
7c11d85e1e Move MemFlash to separate module and add verify_erased_before_write verification 2023-04-03 15:33:20 +02:00
Rasmus Melchior Jacobsen
b1e2195b49 Remove FirmwareWriter
FirmwareWriter currently has a "max-write-size" parameter, but this is a limitation that should be handled by chunking inside the NorFlash driver, and not "up here" in user code. In case that the driver (e.g. qspi driver) is unaware of any max-write limitations, one could simply add an intermediate NorFlash adapter providing the chunk'ing capability.
2023-04-03 14:50:41 +02:00
Rasmus Melchior Jacobsen
d9d6fd6d70 Add erase and wipe tests 2023-03-31 10:28:47 +02:00
Rasmus Melchior Jacobsen
42931b51f2 Let bootloader partition have read/write/erase operations
This change should not have any breaking changes.
2023-03-31 10:18:19 +02:00
Rasmus Melchior Jacobsen
373760a56b Split bootloader implementation into multiple files 2023-03-31 08:05:37 +02:00
Mehmet Ali Anil
b1bc034a7e Merge branch 'emb-storage-async-0p4' of https://github.com/Grus-BV/embassy into emb-storage-async-0p4 2023-03-07 23:35:56 +01:00
Mehmet Ali Anil
6bf8d090a1 Merge branch 'emb-storage-async-0p4' of https://github.com/Grus-BV/embassy into emb-storage-async-0p4 2023-03-07 23:21:19 +01:00
Mehmet Ali Anil
935633c90b Merge upstream 2023-03-07 23:16:54 +01:00
Mehmet Ali Anil
bc0cb43307 Bump embedded-storage-async to 0.4 2023-03-06 22:16:36 +01:00
huntc
b0529bc943 Support codesigning in the firmware updater
This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.
2023-01-12 13:30:58 +11:00
bors[bot]
bf4c0de16a
Merge #1139
1139: Wdt config changes r=lulf a=huntc

Per commits:

* By passing WDT config around we can control it more easily and promote sharing it between files.

* The memory layout of the s140 crept into a number of memory files, which can cause confusion (well, it did for me!).

* Obtaining the current WDT config is useful so that we do not have to duplicate configurations around the place. A constructor method has been introduced that attempts to return the current running WDT config from the WDT peripheral. The bootloader example has also been updated to show how the watchdog can be obtained and used.

Co-authored-by: huntc <huntchr@gmail.com>
2023-01-04 07:44:23 +00:00
huntc
651eec0242 Pass WDT config around
By passing WDT config around we can control it more easily and promote sharing it between files.
2023-01-04 10:19:39 +11:00
kalkyl
413f339489 Cleanup 2023-01-03 23:34:50 +01:00
kalkyl
9428c40c8d embassy-boot (rp): Add WatchdogFlash 2023-01-03 22:58:56 +01:00
Ulf Lilleengen
bb89a2341c
feat: embassy-boot for rp2040
Add embassy-boot support for RP2040, with examples for the Raspberry Pi
Pico.

Co-authored-by: Mathias Koch <mk@blackbird.online>
2022-12-02 11:28:33 +01:00
Dario Nieuwenhuis
1dcb0ea1f5 Bump defmt-rtt to 0.4 2022-11-29 21:15:24 +01:00
Ulf Lilleengen
09077f133d fix: bump embassy-boot version 2022-11-25 15:51:31 +01:00
Ulf Lilleengen
89821846d7 fix: add required metadata for embassy-boot 2022-11-25 11:43:12 +01:00
Mathias
97d18c5ffb Move default initializer function to Default trait implementation 2022-11-01 07:54:43 +01:00
Daniel Bevenius
0b2d6996e8
Fix ascii table in BootLoader doc comment
Signed-off-by: Daniel Bevenius <daniel.bevenius@gmail.com>
2022-10-29 15:16:09 +02:00
chrysn
6718ca3a94 all Cargo.toml: Add license to all crate Cargo.toml files
Closes: https://github.com/embassy-rs/embassy/issues/1002
2022-10-07 12:41:56 +02:00
Mathias
6fa74b0c02 make prepare_update async 2022-09-26 10:36:21 +02:00
Mathias
b2a327a858 Add get_state helpers to allow self-testing before calling mark_booted 2022-09-26 06:53:40 +02:00
Mathias
7f16b1cd23 Add blocking API to FirmwareUpdater, and allow for a split prepare/write api 2022-09-26 06:01:18 +02:00
Dario Nieuwenhuis
897b72c872 Update Rust nightly.
Removes feature(generic_associated_types)
2022-09-22 16:38:14 +02:00
Ulf Lilleengen
b418c0e4d6 Take into account size of revert index
Fixes a bug in the partition assertions that ensures that the state
page(s) have enough space for 2x active partition range.

Add unit test to verify that panic is observed.
2022-09-20 14:04:57 +02:00
Ulf Lilleengen
d0fe654c82 Remove BootFlash borrow
Compiler will infer a different lifetime for BootFlash than for the
borrowed flash, which makes it require more type annotations than if it
was just owning the type. Since it doesn't really matter if it owns or
borrows in practical use, change it to own so that it simplifies usage.
2022-09-20 09:54:37 +02:00
Ulf Lilleengen
3aa0c13ba5 Fix a few clippy warnings 2022-09-02 08:42:42 +02:00
Ulf Lilleengen
3ca7314476 Remove generic const expressions from embassy-boot
* Remove the need for generic const expressions and use buffers provided in the flash config.
* Extend embedded-storage traits to simplify generics.
* Document all public APIs
* Add toplevel README
* Expose AlignedBuffer type for convenience.
* Update examples
2022-09-02 08:25:36 +02:00
Dario Nieuwenhuis
21072bee48 split embassy-util into embassy-futures, embassy-sync. 2022-08-22 22:18:13 +02:00
Dario Nieuwenhuis
67edea4168 Update to critical-section 1.0, atomic-polyfill 1.0 2022-08-17 19:01:56 +02:00
Dario Nieuwenhuis
dff6847e9c Add -boot docserver metadata. 2022-08-15 20:41:00 +02:00
Dario Nieuwenhuis
a0f1b0ee01 Split embassy crate into embassy-executor, embassy-util. 2022-07-29 23:40:36 +02:00
Vincent Stakenburg
3dc26bbe39 simplify set_magic 2022-06-30 14:56:40 +02:00
Vincent Stakenburg
0e55bb2a20 add log feature to embassy-boot-stm32 2022-06-30 14:56:36 +02:00
Ulf Lilleengen
7b47bea72c Remove unused imports 2022-06-29 19:19:24 +02:00
Ulf Lilleengen
f1f90b17b5 Add build.rs to detect armv6 2022-06-27 14:24:19 +02:00