Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add TBYB safe rom_pick_ab_partition function #1850

Closed

Conversation

will-v-pi
Copy link
Contributor

This PR adds an extra wrapper around rom_pick_ab_partition, which makes it safer when called during a TBYB boot, and includes a call to get the flash_update_base

Currently, when doing a flash update boot which requires a flash erase, if you call pick_ab_partition before calling explicit_buy (eg to pick a firmware partition or similar) then it will clear always->zero_init.version_downgrade_erase_flash_addr. This means the subsequent explicit_buy call will not perform the required flash erase, which means the flash update boot will not succeed.

This adds saving and restoring the erase_flash_addr to prevent this happening, while still allowing the erase_flash_addr to be set if the firmware partition is being updated and requires a flash erase

This also adds setting up always->zero_init.tbyb_flag_flash_addr to allow for TBYB executables in the firmware partition to have the address set up correctly

The function returns an error if too many things are updating at once - either if both the boot and firmware images are TBYB, or if the boot and firmware images both require a flash erase

It also returns an error if the chosen image was not verified, which acts as a signature check on the firmware image

@will-v-pi will-v-pi requested a review from kilograham August 20, 2024 17:55
@@ -7,6 +7,9 @@
#include "pico/bootrom.h"
#include "boot/picoboot.h"
#include "boot/picobin.h"
#if !PICO_RP2040
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

strictly more idiomatic to use #if HAS_RP2040_RTC

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the RCP not the RTC - given the functions in this file are also guarded by !PICO_RP2040 I think this if fine to use here too?

@@ -0,0 +1,211 @@
#include "boot/picobin.h"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm really not a fan of exposing this header of structs. It implies that this is a public API, which it isn't

Can we try with just using memory offsets, and then we need to guard with the rom_version also.

/*! \brief Pick A/B partition for a separate partition
* \ingroup pico_bootrom
*
* This will perform extra checks to prevent disrupting a main image TBYB, and return errors
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might want to reword this slightly? "This will ... return errors" 😉

@will-v-pi
Copy link
Contributor Author

Superseded by #1969 - that adds this function plus a use of it

@will-v-pi will-v-pi closed this Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants