From 3e3ffafc8aaf9fb42aa9cfa6e78428d593df2d7a Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Mon, 3 Feb 2025 21:31:51 +0000 Subject: [PATCH 01/13] samples: subsys: mcumgr: rework ram load support for multiple boards MCUMgr ram load support was hardcoding the overlay file for the nrf52840dk. To make this support generic, move the _ram_load overlay file to the MCUBoot repository, as part of the mcuboot application. Signed-off-by: Daniel DeGrasse --- .../nrf52840dk_nrf52840_ram_load.overlay | 36 ++++++++++++++++++- .../mcumgr/smp_svr/sysbuild/CMakeLists.txt | 4 --- ...f52840dk_nrf52840_mcuboot_ram_load.overlay | 33 ----------------- 3 files changed, 35 insertions(+), 38 deletions(-) delete mode 100644 samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52840dk_nrf52840_ram_load.overlay b/samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52840dk_nrf52840_ram_load.overlay index 2b59fce7065f3..aefc7bf148f6f 100644 --- a/samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52840dk_nrf52840_ram_load.overlay +++ b/samples/subsys/mgmt/mcumgr/smp_svr/boards/nrf52840dk_nrf52840_ram_load.overlay @@ -1,6 +1,40 @@ /delete-node/ &sram0; -#include "../sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay" +/* + * Layout must match the nrf52840dk_nrf52840_ram_load overlay file within mcuboot + * application configuration directory + */ + +&gpregret1 { + /delete-node/ boot_mode@0; +}; + +/ { + sram@2003FC00 { + compatible = "zephyr,memory-region", "mmio-sram"; + reg = <0x2003FC00 DT_SIZE_K(1)>; + zephyr,memory-region = "RetainedMem"; + status = "okay"; + + retainedmem { + compatible = "zephyr,retained-ram"; + status = "okay"; + #address-cells = <1>; + #size-cells = <1>; + + boot_info0: boot_info@0 { + compatible = "zephyr,retention"; + status = "okay"; + reg = <0x0 0x100>; + }; + }; + }; + + chosen { + /delete-property/ zephyr,boot-mode; + zephyr,bootloader-info = &boot_info0; + }; +}; / { chosen { diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/CMakeLists.txt b/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/CMakeLists.txt index 7eb859ef46976..5dfdd0610eb94 100644 --- a/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/CMakeLists.txt +++ b/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/CMakeLists.txt @@ -1,9 +1,5 @@ # SPDX-License-Identifier: Apache-2.0 -if("${FILE_SUFFIX}" STREQUAL "ram_load") - set(mcuboot_EXTRA_DTC_OVERLAY_FILE "${CMAKE_CURRENT_LIST_DIR}/nrf52840dk_nrf52840_mcuboot_ram_load.overlay" CACHE INTERNAL "" FORCE) -endif() - find_package(Sysbuild REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(sysbuild LANGUAGES) diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay b/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay deleted file mode 100644 index 90d209ddfe84b..0000000000000 --- a/samples/subsys/mgmt/mcumgr/smp_svr/sysbuild/nrf52840dk_nrf52840_mcuboot_ram_load.overlay +++ /dev/null @@ -1,33 +0,0 @@ -&gpregret1 { - /delete-node/ boot_mode@0; -}; - -/ { - chosen { - /delete-property/ zephyr,boot-mode; - }; - - sram@2003FC00 { - compatible = "zephyr,memory-region", "mmio-sram"; - reg = <0x2003FC00 DT_SIZE_K(1)>; - zephyr,memory-region = "RetainedMem"; - status = "okay"; - - retainedmem { - compatible = "zephyr,retained-ram"; - status = "okay"; - #address-cells = <1>; - #size-cells = <1>; - - boot_info0: boot_info@0 { - compatible = "zephyr,retention"; - status = "okay"; - reg = <0x0 0x100>; - }; - }; - }; - - chosen { - zephyr,bootloader-info = &boot_info0; - }; -}; From 30d0aae8a6b4c8c2b0858b78e50e472e72642aaf Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Mon, 3 Feb 2025 21:33:50 +0000 Subject: [PATCH 02/13] soc: nxp: common: disable FLASH_MCUX_FLEXSPI_XIP if using ramload MCUBoot RAMLOAD mode relies on CONFIG_XIP=n, but FLASH_MCUX_FLEXSPI_XIP y-selects this symbol. Disable CONFIG_FLASH_MCUX_FLEXSPI_XIP for the case where we are using MCUBoot ramload mode. Signed-off-by: Daniel DeGrasse --- soc/nxp/common/Kconfig.flexspi_xip | 1 + 1 file changed, 1 insertion(+) diff --git a/soc/nxp/common/Kconfig.flexspi_xip b/soc/nxp/common/Kconfig.flexspi_xip index c36336ea2f335..e129569097dd2 100644 --- a/soc/nxp/common/Kconfig.flexspi_xip +++ b/soc/nxp/common/Kconfig.flexspi_xip @@ -23,6 +23,7 @@ config FLASH_SIZE config FLASH_MCUX_FLEXSPI_XIP bool default $(DT_FLASH_PARENT_IS_FLEXSPI) + depends on !MCUBOOT_BOOTLOADER_MODE_RAM_LOAD select XIP help Allows REfor the soc to safely initialize the clocks for the From 5e261304f4bc1a7f8c751633c7f9568cc5f6ef60 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Mon, 3 Feb 2025 21:35:12 +0000 Subject: [PATCH 03/13] samples: subsys: mgmt: mcumgr: add support for ramload on mimxrt1050_evk Add support for using the ramload mode of MCUBoot on the mimxrt1050_evk Signed-off-by: Daniel DeGrasse --- .../mimxrt1050_evk_hyperflash_ram_load.conf | 1 + ...mimxrt1050_evk_hyperflash_ram_load.overlay | 53 +++++++++++++++++++ .../subsys/mgmt/mcumgr/smp_svr/sample.yaml | 1 + 3 files changed, 55 insertions(+) create mode 100644 samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.conf create mode 100644 samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.overlay diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.conf b/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.conf new file mode 100644 index 0000000000000..3d5bd27bd6a04 --- /dev/null +++ b/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.conf @@ -0,0 +1 @@ +CONFIG_USE_DT_CODE_PARTITION=y diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.overlay b/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.overlay new file mode 100644 index 0000000000000..b8dc44b78fb5a --- /dev/null +++ b/samples/subsys/mgmt/mcumgr/smp_svr/boards/mimxrt1050_evk_hyperflash_ram_load.overlay @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2025 Tenstorrent AI ULC + * + * SPDX-License-Identifier: Apache-2.0 + */ + +/* + * Layout must match the hyperflash_ram_load overlay file within mcuboot + * application configuration directory + */ + +/delete-node/ &sdram0; + +/ { + sram@80007F00 { + compatible = "zephyr,memory-region", "mmio-sram"; + reg = <0x80007F00 0x100>; + zephyr,memory-region = "RetainedMem"; + status = "okay"; + + retainedmem { + compatible = "zephyr,retained-ram"; + status = "okay"; + #address-cells = <1>; + #size-cells = <1>; + + boot_info0: boot_info@0 { + compatible = "zephyr,retention"; + status = "okay"; + reg = <0x0 0x100>; + }; + }; + }; + + chosen { + zephyr,bootloader-info = &boot_info0; + zephyr,sram = &sdram_split; + }; + + /* + * Adjust sdram0 to reserve first 30KB for MCUBoot, and + * remaining 2KB for retained memory + */ + sdram_split: sdram_split@80008000 { + reg = <0x80008000 (0x2000000 - DT_SIZE_K(32))>; + }; + +}; + +/* Reduce size of slot 0 to match slot 1 */ +&slot0_partition { + reg = <0x40000 0x300000>; +}; diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml b/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml index 8ede9b77d07b5..b874efa9b0afc 100644 --- a/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml +++ b/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml @@ -182,6 +182,7 @@ tests: - EXTRA_CONF_FILE="overlay-serial.conf" platform_allow: - nrf52840dk/nrf52840 + - mimxrt1050_evk/mimxrt1052/hyperflash integration_platforms: - nrf52840dk/nrf52840 sample.mcumgr.smp_svr.ram_load.serial.fs.shell: From 42aff4dbc4a5898a4d1d5b70b36bb547a1ccf857 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:27:20 -0600 Subject: [PATCH 04/13] modules: mcuboot: add Kconfigs for RAMLOAD_WITH_REVERT mode Add Kconfigs for RAMLOAD_WITH_REVERT mode in MCUBoot. This mode works in a manner similar to DIRECT_XIP_WITH_REVERT- namely, mcuboot will only boot an image that is either confirmed or marked as pending. If both images are confirmed, mcuboot will still select the one with the higher version, so downgrading is not possible using this mode. Signed-off-by: Daniel DeGrasse --- cmake/mcuboot.cmake | 6 +++--- modules/Kconfig.mcuboot | 20 +++++++++++++++++++ .../BOOTLOADER_image_default.cmake | 8 +++++++- .../MAIN_image_default.cmake | 5 +++++ share/sysbuild/images/bootloader/Kconfig | 14 +++++++++++++ 5 files changed, 49 insertions(+), 4 deletions(-) diff --git a/cmake/mcuboot.cmake b/cmake/mcuboot.cmake index d2fcf68e8897c..34d2a851e5e81 100644 --- a/cmake/mcuboot.cmake +++ b/cmake/mcuboot.cmake @@ -127,7 +127,7 @@ function(zephyr_mcuboot_tasks) if(CONFIG_MCUBOOT_IMGTOOL_OVERWRITE_ONLY) # Use overwrite-only instead of swap upgrades. set(imgtool_args --overwrite-only --align 1 ${imgtool_args}) - elseif(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) + elseif(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) # RAM load requires setting the location of where to load the image to dt_chosen(chosen_ram PROPERTY "zephyr,sram") dt_reg_addr(chosen_ram_address PATH ${chosen_ram}) @@ -189,7 +189,7 @@ function(zephyr_mcuboot_tasks) ${output}.signed.encrypted.bin) endif() - if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) + if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) list(APPEND byproducts ${output}.slot1.signed.encrypted.bin) set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND ${imgtool_sign} ${imgtool_args_alt_slot} ${output}.bin @@ -252,7 +252,7 @@ function(zephyr_mcuboot_tasks) ${output}.signed.encrypted.hex) endif() - if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) + if(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD OR CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) list(APPEND byproducts ${output}.slot1.signed.hex) set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND ${imgtool_sign} ${imgtool_args_alt_slot} ${output}.hex diff --git a/modules/Kconfig.mcuboot b/modules/Kconfig.mcuboot index 3712217bbd1c5..161c11271945a 100644 --- a/modules/Kconfig.mcuboot +++ b/modules/Kconfig.mcuboot @@ -211,6 +211,26 @@ config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible to swap back to older version of the application. +config MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT + bool "MCUboot has been configured for RAM LOAD with revert" + select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE + select MCUBOOT_BOOTLOADER_NO_DOWNGRADE + help + MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot + will select the image with the higher version number, copy it to RAM and begin execution + from there. The image must be linked to execute from RAM, the address that it is copied + to is specified using the load-addr argument when running imgtool. + This option automatically selectes MCUBOOT_BOOTLOADER_NO_DOWNGRADE as it is not possible + to swap back to older version of the application. + In this mode MCUboot will boot the application with the higher + version from either slot, as long as it has been marked to be boot + next time for test or permanently. In case when application is marked + for test it needs to confirm itself, on the first boot, or it will be + removed and MCUboot will revert to booting previously approved + application. Note that in this mode MCUboot will not boot an + application if it does not have an image header, so if an application + is flashed manually it should be marked as confirmed + config MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP bool "MCUboot has been configured for DirectXIP operation" select MCUBOOT_BOOTLOADER_MODE_HAS_NO_DOWNGRADE diff --git a/share/sysbuild/image_configurations/BOOTLOADER_image_default.cmake b/share/sysbuild/image_configurations/BOOTLOADER_image_default.cmake index 9125de71fac61..3998ac202df37 100644 --- a/share/sysbuild/image_configurations/BOOTLOADER_image_default.cmake +++ b/share/sysbuild/image_configurations/BOOTLOADER_image_default.cmake @@ -27,7 +27,7 @@ elseif(SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY) set(bootmode CONFIG_BOOT_UPGRADE_ONLY) elseif(SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP OR SB_CONFIG_MCUBOOT_MODE_DIRECT_XIP_WITH_REVERT) set(bootmode CONFIG_BOOT_DIRECT_XIP) -elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD) +elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD OR SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT) set(bootmode CONFIG_BOOT_RAM_LOAD) elseif(SB_CONFIG_MCUBOOT_MODE_SINGLE_APP_RAM_LOAD) set(bootmode CONFIG_SINGLE_APPLICATION_SLOT_RAM_LOAD) @@ -56,6 +56,12 @@ else() set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_DIRECT_XIP_REVERT n) endif() +if(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT) + set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_RAM_LOAD_REVERT y) +else() + set_config_bool(${ZCMAKE_APPLICATION} CONFIG_BOOT_RAM_LOAD_REVERT n) +endif() + set(keytypes CONFIG_BOOT_SIGNATURE_TYPE_NONE CONFIG_BOOT_SIGNATURE_TYPE_RSA CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256 diff --git a/share/sysbuild/image_configurations/MAIN_image_default.cmake b/share/sysbuild/image_configurations/MAIN_image_default.cmake index a6c29c8d75692..a7f6398e6218c 100644 --- a/share/sysbuild/image_configurations/MAIN_image_default.cmake +++ b/share/sysbuild/image_configurations/MAIN_image_default.cmake @@ -39,6 +39,11 @@ if(SB_CONFIG_BOOTLOADER_MCUBOOT) set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD y) set_config_bool(${ZCMAKE_APPLICATION} CONFIG_XIP n) set_config_int(${ZCMAKE_APPLICATION} CONFIG_FLASH_SIZE 0) + elseif(SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT) + # RAM load mode requires XIP be disabled and flash size be set to 0 + set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT y) + set_config_bool(${ZCMAKE_APPLICATION} CONFIG_XIP n) + set_config_int(${ZCMAKE_APPLICATION} CONFIG_FLASH_SIZE 0) elseif(SB_CONFIG_MCUBOOT_MODE_SINGLE_APP_RAM_LOAD) set_config_bool(${ZCMAKE_APPLICATION} CONFIG_MCUBOOT_BOOTLOADER_MODE_SINGLE_APP_RAM_LOAD y) elseif(SB_CONFIG_MCUBOOT_MODE_FIRMWARE_UPDATER) diff --git a/share/sysbuild/images/bootloader/Kconfig b/share/sysbuild/images/bootloader/Kconfig index 7a416f2fe239f..623100451b6d7 100644 --- a/share/sysbuild/images/bootloader/Kconfig +++ b/share/sysbuild/images/bootloader/Kconfig @@ -119,6 +119,20 @@ config MCUBOOT_MODE_RAM_LOAD Note: RAM must be assigned to the bootloader that is not used by the application in this mode so that the bootloader is able to function until the application has booted. +config MCUBOOT_MODE_RAM_LOAD_WITH_REVERT + bool "RAM load with revert" + help + MCUboot expects slot0_partition and slot1_partition to exist in DT. In this mode, MCUboot + will select the image with the higher version number, copy it to RAM and begin execution + from there. MCUBoot will only boot an image if it has been marked to be boot next time + for test or permanently. In case when application is marked for test it needs to confirm + itself, on the first boot, or it will be removed and MCUboot will revert to booting + previously approved application. The image must be linked to execute from RAM, the address + that it is copied to is specified using the load-addr argument when running imgtool. + + Note: RAM must be assigned to the bootloader that is not used by the application in this + mode so that the bootloader is able to function until the application has booted. + config MCUBOOT_MODE_FIRMWARE_UPDATER bool "Firmware updater" help From f17100e7f9a462f329d188212b49f231be6423d9 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 16:09:25 -0600 Subject: [PATCH 05/13] scripts: ci: exempt BOOT_RAM_LOAD_REVERT from checks Add BOOT_RAM_LOAD_REVERT as a defined Kconfig to the whitelist Signed-off-by: Daniel DeGrasse --- scripts/ci/check_compliance.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/ci/check_compliance.py b/scripts/ci/check_compliance.py index d7eb670022eea..2e8f3b86cbe72 100755 --- a/scripts/ci/check_compliance.py +++ b/scripts/ci/check_compliance.py @@ -1154,6 +1154,7 @@ def check_no_undef_outside_kconfig(self, kconf): "BOOT_IMAGE_EXECUTABLE_RAM_START", # MCUboot setting "BOOT_MAX_IMG_SECTORS_AUTO", # Used in sysbuild "BOOT_RAM_LOAD", # Used in sysbuild for MCUboot configuration + "BOOT_RAM_LOAD_REVERT", # Used in sysbuild for MCUboot configuration "BOOT_SERIAL_BOOT_MODE", # Used in (sysbuild-based) test/ # documentation "BOOT_SERIAL_CDC_ACM", # Used in (sysbuild-based) test From ed206f336980be45cb677450835e24527ad562c0 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:29:39 -0600 Subject: [PATCH 06/13] cmake: mcuboot: respect alignment size when signing for ramload mode When signing for ramload mode, respect the write alignment size setting. This is required when creating a confirmed image, as the BOOT_MAGIC value changes based on the alignment size in use. Signed-off-by: Daniel DeGrasse --- cmake/mcuboot.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmake/mcuboot.cmake b/cmake/mcuboot.cmake index 34d2a851e5e81..ec1d24a9584cd 100644 --- a/cmake/mcuboot.cmake +++ b/cmake/mcuboot.cmake @@ -136,7 +136,7 @@ function(zephyr_mcuboot_tasks) dt_nodelabel(slot1_partition NODELABEL "slot1_partition" REQUIRED) dt_reg_addr(slot1_partition_address PATH ${slot1_partition}) - set(imgtool_args --align 1 --load-addr ${chosen_ram_address} ${imgtool_args}) + set(imgtool_args --align ${write_block_size} --load-addr ${chosen_ram_address} ${imgtool_args}) set(imgtool_args_alt_slot ${imgtool_args} --hex-addr ${slot1_partition_address}) set(imgtool_args ${imgtool_args} --hex-addr ${slot0_partition_address}) elseif(CONFIG_MCUBOOT_BOOTLOADER_MODE_SINGLE_APP_RAM_LOAD) From 0baa5bd1e9bff9870d3877841ce67d8877aa4f94 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:30:41 -0600 Subject: [PATCH 07/13] cmake: mcuboot: prefer confirmed image when one is created Prefer flashing the confirmed image when one is created with CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE. This way, the west runner will flash this image over the signed image if it exists. Signed-off-by: Daniel DeGrasse --- cmake/mcuboot.cmake | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmake/mcuboot.cmake b/cmake/mcuboot.cmake index ec1d24a9584cd..988ec8cedaaae 100644 --- a/cmake/mcuboot.cmake +++ b/cmake/mcuboot.cmake @@ -177,6 +177,7 @@ function(zephyr_mcuboot_tasks) set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND ${imgtool_sign} ${imgtool_args} --pad --confirm ${output}.bin ${output}.signed.confirmed.bin) + zephyr_runner_file(bin ${output}.signed.confirmed.bin) endif() if(NOT "${keyfile_enc}" STREQUAL "") @@ -240,6 +241,7 @@ function(zephyr_mcuboot_tasks) set_property(GLOBAL APPEND PROPERTY extra_post_build_commands COMMAND ${imgtool_sign} ${imgtool_args} --pad --confirm ${output}.hex ${output}.signed.confirmed.hex) + zephyr_runner_file(hex ${output}.signed.confirmed.hex) endif() if(NOT "${keyfile_enc}" STREQUAL "") From 1923472fe7ff385967d80b0f9e57fb092dc91a8e Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:32:11 -0600 Subject: [PATCH 08/13] soc: nxp: flexspi_xip: Update FLASH_MCUX_FLEXSPI_XIP ramload dependencies CONFIG_FLASH_MCUX_FLEXSPI_XIP should also be disabled when using MCUBoot ramload mode with revert support. Signed-off-by: Daniel DeGrasse --- soc/nxp/common/Kconfig.flexspi_xip | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/soc/nxp/common/Kconfig.flexspi_xip b/soc/nxp/common/Kconfig.flexspi_xip index e129569097dd2..f804c563933ec 100644 --- a/soc/nxp/common/Kconfig.flexspi_xip +++ b/soc/nxp/common/Kconfig.flexspi_xip @@ -23,7 +23,8 @@ config FLASH_SIZE config FLASH_MCUX_FLEXSPI_XIP bool default $(DT_FLASH_PARENT_IS_FLEXSPI) - depends on !MCUBOOT_BOOTLOADER_MODE_RAM_LOAD + depends on !(MCUBOOT_BOOTLOADER_MODE_RAM_LOAD || \ + MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) select XIP help Allows REfor the soc to safely initialize the clocks for the From dcc4c8403e81f59d1ad4fc8e0949521701c5b4f6 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:35:03 -0600 Subject: [PATCH 09/13] dfu: mcuboot: update dependencies for RAMLOAD_WITH_REVERT Much like in RAMLOAD mode, RAMLOAD_WITH_REVERT requires that mcuboot subsystem fetch bootloader information via the retention subsystem. Signed-off-by: Daniel DeGrasse --- subsys/dfu/boot/mcuboot.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/subsys/dfu/boot/mcuboot.c b/subsys/dfu/boot/mcuboot.c index 5683d23a87ad4..4ebc846a90882 100644 --- a/subsys/dfu/boot/mcuboot.c +++ b/subsys/dfu/boot/mcuboot.c @@ -20,7 +20,9 @@ #include "bootutil/bootutil_public.h" #include -#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) +#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) || \ + defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) +/* For RAM LOAD mode, the active image must be fetched from the bootloader */ #include #include #endif @@ -49,7 +51,8 @@ enum IMAGE_INDEXES { IMAGE_INDEX_2 }; -#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) +#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) || \ + defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) /* For RAM LOAD mode, the active image must be fetched from the bootloader */ #define ACTIVE_SLOT_FLASH_AREA_ID boot_fetch_active_slot() #define INVALID_SLOT_ID 255 @@ -81,7 +84,8 @@ struct mcuboot_v1_raw_header { * End of strict defines */ -#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) +#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) || \ + defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) uint8_t boot_fetch_active_slot(void) { int rc; @@ -99,12 +103,16 @@ uint8_t boot_fetch_active_slot(void) return slot; } -#else /* CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD */ +#else /* CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD || + * CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT + */ uint8_t boot_fetch_active_slot(void) { return ACTIVE_SLOT_FLASH_AREA_ID; } -#endif /* CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD */ +#endif /* CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD || + * CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT + */ #if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_SWAP_USING_OFFSET) size_t boot_get_image_start_offset(uint8_t area_id) From 222c06067ce94bfc51cd679430c4e1000c4dd908 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 12 Mar 2025 09:33:44 -0500 Subject: [PATCH 10/13] manifest: update mcuboot revision for ramload support Update mcuboot revision to include ramload support. This commit can be dropped once ramload support is present within Zephyr's revision of MCUBoot. Signed-off-by: Daniel DeGrasse --- west.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/west.yml b/west.yml index 1eda3a56a505c..a17ea6668231c 100644 --- a/west.yml +++ b/west.yml @@ -23,6 +23,8 @@ manifest: url-base: https://github.com/zephyrproject-rtos - name: babblesim url-base: https://github.com/BabbleSim + - name: mcuboot + url-base: https://github.com/mcu-tools group-filter: [-babblesim, -optional] @@ -310,7 +312,8 @@ manifest: groups: - crypto - name: mcuboot - revision: 07222c1929e1d79d303baa8fde7f977a79e48e9a + revision: pull/2197/head + remote: mcuboot path: bootloader/mcuboot groups: - bootloader From 15cad4d1c1acb9da71fef7d8bbfe29325889ae59 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:36:09 -0600 Subject: [PATCH 11/13] dfu: boot: mcuboot: fix boot_fetch_active_slot boot_fetch_active_slot needs to map the slot number to a flash ID, as this is what the DFU subsystem expects when interacting with the flash partition. Signed-off-by: Daniel DeGrasse --- subsys/dfu/boot/mcuboot.c | 51 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/subsys/dfu/boot/mcuboot.c b/subsys/dfu/boot/mcuboot.c index 4ebc846a90882..623e3a0c97619 100644 --- a/subsys/dfu/boot/mcuboot.c +++ b/subsys/dfu/boot/mcuboot.c @@ -25,6 +25,13 @@ /* For RAM LOAD mode, the active image must be fetched from the bootloader */ #include #include + +#define SLOT0_PARTITION slot0_partition +#define SLOT1_PARTITION slot1_partition +#define SLOT2_PARTITION slot2_partition +#define SLOT3_PARTITION slot3_partition +#define SLOT4_PARTITION slot4_partition +#define SLOT5_PARTITION slot5_partition #endif #include "mcuboot_priv.h" @@ -89,7 +96,7 @@ struct mcuboot_v1_raw_header { uint8_t boot_fetch_active_slot(void) { int rc; - uint8_t slot; + uint8_t slot, fa_id; rc = blinfo_lookup(BLINFO_RUNNING_SLOT, &slot, sizeof(slot)); @@ -100,8 +107,48 @@ uint8_t boot_fetch_active_slot(void) } LOG_DBG("Active slot: %d", slot); + /* Map slot number back to flash area ID */ + switch (slot) { + case 0: + fa_id = FIXED_PARTITION_ID(SLOT0_PARTITION); + break; + +#if FIXED_PARTITION_EXISTS(SLOT1_PARTITION) + case 1: + fa_id = FIXED_PARTITION_ID(SLOT1_PARTITION); + break; +#endif + +#if FIXED_PARTITION_EXISTS(SLOT2_PARTITION) + case 2: + fa_id = FIXED_PARTITION_ID(SLOT2_PARTITION); + break; +#endif + +#if FIXED_PARTITION_EXISTS(SLOT3_PARTITION) + case 3: + fa_id = FIXED_PARTITION_ID(SLOT3_PARTITION); + break; +#endif + +#if FIXED_PARTITION_EXISTS(SLOT4_PARTITION) + case 4: + fa_id = FIXED_PARTITION_ID(SLOT4_PARTITION); + break; +#endif + +#if FIXED_PARTITION_EXISTS(SLOT5_PARTITION) + case 5: + fa_id = FIXED_PARTITION_ID(SLOT5_PARTITION); + break; +#endif + + default: + fa_id = INVALID_SLOT_ID; + break; + } - return slot; + return fa_id; } #else /* CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD || * CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT From f9506ba52bb4e2626322b5ca0d481f698f621666 Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Tue, 24 Jun 2025 17:09:36 -0500 Subject: [PATCH 12/13] mgmt: update img_mgmt_slot_in_use for ramload with revert mode We should not block erasing pending images when using ramload with revert mode, because uploading multiple confirmed images with the same version would brick the device (preventing future FW updates). Update the dependencies of img_mgmt_slot_in_use to account for this. Signed-off-by: Daniel DeGrasse --- subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c index 5333d651c9f96..1860269d87f58 100644 --- a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c +++ b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c @@ -332,7 +332,8 @@ img_mgmt_slot_in_use(int slot) int active_slot = img_mgmt_active_slot(image); #if !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP) && \ - !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) + !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) && \ + !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT) enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL; int nbs = img_mgmt_get_next_boot_slot(image, &type); From 0c5ec1df6e0836940a0bf177e03e8d6a4f6ffe5b Mon Sep 17 00:00:00 2001 From: Daniel DeGrasse Date: Wed, 5 Feb 2025 12:50:04 -0600 Subject: [PATCH 13/13] samples: mgmt: mcumgr: add testcase for ramload with revert Add testcase to build mcuboot and smp_svr application using ramload with revert mode Signed-off-by: Daniel DeGrasse --- samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml b/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml index b874efa9b0afc..8e7d6ac9df17a 100644 --- a/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml +++ b/samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml @@ -183,8 +183,16 @@ tests: platform_allow: - nrf52840dk/nrf52840 - mimxrt1050_evk/mimxrt1052/hyperflash + sample.mcumgr.smp_svr.ram_load_revert.serial: + extra_args: + - FILE_SUFFIX="ram_load" + - EXTRA_CONF_FILE="overlay-serial.conf" + - SB_CONFIG_MCUBOOT_MODE_RAM_LOAD_WITH_REVERT=y + - smp_svr_CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE=y + platform_allow: + - mimxrt1050_evk/mimxrt1052/hyperflash integration_platforms: - - nrf52840dk/nrf52840 + - mimxrt1050_evk/mimxrt1052/hyperflash sample.mcumgr.smp_svr.ram_load.serial.fs.shell: extra_args: - FILE_SUFFIX="ram_load"