The following west manifest projects have changed revision in this Pull Request:

Additional metadata changed:

⛔ DNM label due to: 1 project with PR revision and 1 project with metadata changes

Note: This message is automatically posted and updated by the Manifest GitHub Action.

Note: this PR requires mcu-tools/mcuboot#2197 from MCUBoot. It also contains commits from #85096, because I validated this support on the RT1050-EVK

Build and flash, use a program to upload the secondary image without changing version (not jlink, upload using MCUmgr), mark it as test/confirmed, reboot, device state is stuck

Build and flash, use a program to upload the secondary image without changing version (not jlink, upload using MCUmgr), mark it as test/confirmed, reboot, device state is stuck

Really not sure what I'm missing, but I still don't see an issue. These are the build commands I'm running, after erasing the flash of the RT1050:

$ west build -p always -b mimxrt1050_evk/mimxrt1052/hyperflash -T samples/subsys/mgmt/mcumgr/smp_svr/sample.mcumgr.smp_svr.ram_load_revert.serial -- -DCONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION=\"0.0.0+0\"
$ west flash -r jlink
# Rebuild so the image sha will actually be different (otherwise the image cannot be marked for test)
$ west build -p always -b mimxrt1050_evk/mimxrt1052/hyperflash -T samples/subsys/mgmt/mcumgr/smp_svr/sample.mcumgr.smp_svr.ram_load_revert.serial -- -DCONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION=\"0.0.0+0\"
# Upload new image
$ ../../mcumgr-client/target/release/mcumgr-client -d /dev/ttyACM0 upload build/smp_svr/zephyr/zephyr.signed.bin
# Mark image for test
$ ../../mcumgr-client/target/release/mcumgr-client -d /dev/ttyACM0 test 69732fb7b5dbcf0b9c7f3c62ad073894b631093d2045fa9b36204b0b6c50432e
# Reset board, first slot image still boots (since version numbers are equivalent)
# Build new image with updated version
$  west build -p always -b mimxrt1050_evk/mimxrt1052/hyperflash -T samples/subsys/mgmt/mcumgr/smp_svr/sample.mcumgr.smp_svr.ram_load_revert.serial -- -DCONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION=\"0.0.1+0\"
$ ../../mcumgr-client/target/release/mcumgr-client -d /dev/ttyACM0 upload build/smp_svr/zephyr/zephyr.signed.bin
# Mark new image for test
$ ../../mcumgr-client/target/release/mcumgr-client -d /dev/ttyACM0 test 8c21e43c3a1ef4d9b5aca59da6ec79a6bd18c078de8a006d49326082d540828f
# Reset board, verify new image is running
# Reset board again, verify that the image is removed from flash as it did not confirm itself

This all seems functional to me. Do these steps not work for you? Or is the concern that the new image with the same version number does not run? I think that is expected behavior- the only way to indicate which image mcuboot should select to run with this feature is via the version number

This all seems functional to me. Do these steps not work for you? Or is the concern that the new image with the same version number does not run? I think that is expected behavior- the only way to indicate which image mcuboot should select to run with this feature is via the version number

@nordicjm ping- I would like to get this feature functional on your hardware, but I still don't understand what test case you are running that fails

Build sample with CONFIG_MCUMGR_GRP_IMG_ALLOW_ERASE_PENDING=n, flash to device, then without changing any Kconfigs or anything or rebuilding just upload the slot1 image using MCUmgr with any supported tool from file zephyr.slot1.signed.confirmed.bin and reboot - at this point the device will boot from slot 0 not slot 1 as it should according to the flags, then try uploading an image or erasing the slot using MCUmgr, you will get an error that there is no free slot to place the image, and your device is "bricked" because you can no longer load a firmware update to it (without erasing the flash with a debugger, that is)

Build sample with CONFIG_MCUMGR_GRP_IMG_ALLOW_ERASE_PENDING=n, flash to device, then without changing any Kconfigs or anything or rebuilding just upload the slot1 image using MCUmgr with any supported tool from file zephyr.slot1.signed.confirmed.bin and reboot - at this point the device will boot from slot 0 not slot 1 as it should according to the flags, then try uploading an image or erasing the slot using MCUmgr, you will get an error that there is no free slot to place the image, and your device is "bricked" because you can no longer load a firmware update to it (without erasing the flash with a debugger, that is)

Ahh ok- now this makes sense, thank you- I've made the following change in this push, should fix it:

diff --git a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
index 5333d651c9f..1860269d87f 100644
--- a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
+++ b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
@@ -332,7 +332,8 @@ img_mgmt_slot_in_use(int slot)
        int active_slot = img_mgmt_active_slot(image);

 #if !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP) && \
-       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD)
+       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) && \
+       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
        enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL;
        int nbs = img_mgmt_get_next_boot_slot(image, &type);

I believe we just want to always allow erasing a pending/confirmed image if it is inactive- otherwise the user can flash two images that are both confirmed, and effectively brick their device

Build sample with CONFIG_MCUMGR_GRP_IMG_ALLOW_ERASE_PENDING=n, flash to device, then without changing any Kconfigs or anything or rebuilding just upload the slot1 image using MCUmgr with any supported tool from file zephyr.slot1.signed.confirmed.bin and reboot - at this point the device will boot from slot 0 not slot 1 as it should according to the flags, then try uploading an image or erasing the slot using MCUmgr, you will get an error that there is no free slot to place the image, and your device is "bricked" because you can no longer load a firmware update to it (without erasing the flash with a debugger, that is)

Ahh ok- now this makes sense, thank you- I've made the following change in this push, should fix it:

diff --git a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
index 5333d651c9f..1860269d87f 100644
--- a/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
+++ b/subsys/mgmt/mcumgr/grp/img_mgmt/src/img_mgmt_state.c
@@ -332,7 +332,8 @@ img_mgmt_slot_in_use(int slot)
        int active_slot = img_mgmt_active_slot(image);

 #if !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP) && \
-       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD)
+       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD) && \
+       !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_RAM_LOAD_WITH_REVERT)
        enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL;
        int nbs = img_mgmt_get_next_boot_slot(image, &type);

I believe we just want to always allow erasing a pending/confirmed image if it is inactive- otherwise the user can flash two images that are both confirmed, and effectively brick their device

Great, is working now! One outstanding issue then looks good

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud