[nrfconnect] [OTA] Confirm the new image in the app init. (#28924)
The nRF5340 target requires 4kB of FPROTECT block size (SPU limitation)
and after making a restriction for the factory data partition the new
image cannot be confirmed after the OTA update finishes.
Due to that, we need to confirm the current OTA image before factory
data initialization.
To do it we should allow confirming the image in the other place
rather than during posting the OTAStateChange event and then we should
inform the image processor of the confirmation status.
diff --git a/examples/all-clusters-app/nrfconnect/main/AppTask.cpp b/examples/all-clusters-app/nrfconnect/main/AppTask.cpp
index 4b837e0..7f9b4f8 100644
--- a/examples/all-clusters-app/nrfconnect/main/AppTask.cpp
+++ b/examples/all-clusters-app/nrfconnect/main/AppTask.cpp
@@ -178,6 +178,15 @@
k_timer_init(&sFunctionTimer, &AppTask::FunctionTimerTimeoutCallback, nullptr);
k_timer_user_data_set(&sFunctionTimer, this);
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp b/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp
index 3307789..783096c 100644
--- a/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp
+++ b/examples/all-clusters-minimal-app/nrfconnect/main/AppTask.cpp
@@ -137,6 +137,15 @@
k_timer_init(&sFunctionTimer, &AppTask::FunctionTimerTimeoutCallback, nullptr);
k_timer_user_data_set(&sFunctionTimer, this);
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/light-switch-app/nrfconnect/main/AppTask.cpp b/examples/light-switch-app/nrfconnect/main/AppTask.cpp
index 405664a..6bc4138 100644
--- a/examples/light-switch-app/nrfconnect/main/AppTask.cpp
+++ b/examples/light-switch-app/nrfconnect/main/AppTask.cpp
@@ -179,6 +179,15 @@
return System::MapErrorZephyr(ret);
}
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize Timers
k_timer_init(&sFunctionTimer, AppTask::FunctionTimerTimeoutCallback, nullptr);
k_timer_init(&sDimmerPressKeyTimer, AppTask::FunctionTimerTimeoutCallback, nullptr);
diff --git a/examples/lighting-app/nrfconnect/main/AppTask.cpp b/examples/lighting-app/nrfconnect/main/AppTask.cpp
index e16230e..a2ad1d6 100644
--- a/examples/lighting-app/nrfconnect/main/AppTask.cpp
+++ b/examples/lighting-app/nrfconnect/main/AppTask.cpp
@@ -217,6 +217,15 @@
}
mPWMDevice.SetCallbacks(ActionInitiated, ActionCompleted);
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/lock-app/nrfconnect/main/AppTask.cpp b/examples/lock-app/nrfconnect/main/AppTask.cpp
index aa65236..ab5df56 100644
--- a/examples/lock-app/nrfconnect/main/AppTask.cpp
+++ b/examples/lock-app/nrfconnect/main/AppTask.cpp
@@ -187,6 +187,15 @@
BoltLockMgr().Init(LockStateChanged);
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/platform/nrfconnect/util/OTAUtil.cpp b/examples/platform/nrfconnect/util/OTAUtil.cpp
index 733a8eb..f1c1c91 100644
--- a/examples/platform/nrfconnect/util/OTAUtil.cpp
+++ b/examples/platform/nrfconnect/util/OTAUtil.cpp
@@ -23,7 +23,9 @@
#include <app/clusters/ota-requestor/DefaultOTARequestorDriver.h>
#include <app/clusters/ota-requestor/DefaultOTARequestorStorage.h>
#include <app/server/Server.h>
+#include <platform/CHIPDeviceLayer.h>
#include <platform/nrfconnect/OTAImageProcessorImpl.h>
+#include <zephyr/dfu/mcuboot.h>
#endif
using namespace chip;
@@ -63,6 +65,23 @@
sOTARequestorDriver.Init(&sOTARequestor, &imageProcessor);
imageProcessor.TriggerFlashAction(ExternalFlashManager::Action::SLEEP);
}
+
+CHIP_ERROR OtaConfirmNewImage()
+{
+ CHIP_ERROR err = CHIP_NO_ERROR;
+ OTAImageProcessorImpl & imageProcessor = GetOTAImageProcessor();
+ if (imageProcessor.IsFirstImageRun())
+ {
+ CHIP_ERROR err = System::MapErrorZephyr(boot_write_img_confirmed());
+ if (CHIP_NO_ERROR == err)
+ {
+ imageProcessor.SetImageConfirmed();
+ }
+ }
+ ChipLogError(SoftwareUpdate, "Failed to confirm firmware image, it will be reverted on the next boot");
+ return err;
+}
+
#endif
ExternalFlashManager & GetFlashHandler()
diff --git a/examples/platform/nrfconnect/util/include/OTAUtil.h b/examples/platform/nrfconnect/util/include/OTAUtil.h
index 55b5112..2e120f6 100644
--- a/examples/platform/nrfconnect/util/include/OTAUtil.h
+++ b/examples/platform/nrfconnect/util/include/OTAUtil.h
@@ -46,6 +46,16 @@
*/
void InitBasicOTARequestor();
+/**
+ * Check if the current image is the first boot the after OTA update and if so
+ * confirm it in MCUBoot.
+ *
+ * @return CHIP_NO_ERROR if the image has been confirmed, or it is not the first
+ * boot after the OTA update.
+ * Other CHIP_ERROR codes if the image could not be confirmed.
+ */
+CHIP_ERROR OtaConfirmNewImage();
+
#endif // CONFIG_CHIP_OTA_REQUESTOR
/**
diff --git a/examples/pump-app/nrfconnect/main/AppTask.cpp b/examples/pump-app/nrfconnect/main/AppTask.cpp
index 9c75c54..d21908b 100644
--- a/examples/pump-app/nrfconnect/main/AppTask.cpp
+++ b/examples/pump-app/nrfconnect/main/AppTask.cpp
@@ -160,6 +160,15 @@
GetDFUOverSMP().ConfirmNewImage();
#endif
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/pump-controller-app/nrfconnect/main/AppTask.cpp b/examples/pump-controller-app/nrfconnect/main/AppTask.cpp
index 9580af6..f1b0fb1 100644
--- a/examples/pump-controller-app/nrfconnect/main/AppTask.cpp
+++ b/examples/pump-controller-app/nrfconnect/main/AppTask.cpp
@@ -158,6 +158,15 @@
GetDFUOverSMP().ConfirmNewImage();
#endif
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/examples/window-app/nrfconnect/main/AppTask.cpp b/examples/window-app/nrfconnect/main/AppTask.cpp
index 38e20fd..5b80507 100644
--- a/examples/window-app/nrfconnect/main/AppTask.cpp
+++ b/examples/window-app/nrfconnect/main/AppTask.cpp
@@ -165,6 +165,15 @@
GetDFUOverSMP().ConfirmNewImage();
#endif
+#ifdef CONFIG_CHIP_OTA_REQUESTOR
+ /* OTA image confirmation must be done before the factory data init. */
+ err = OtaConfirmNewImage();
+ if (err != CHIP_NO_ERROR)
+ {
+ return err;
+ }
+#endif
+
// Initialize CHIP server
#if CONFIG_CHIP_FACTORY_DATA
ReturnErrorOnFailure(mFactoryDataProvider.Init());
diff --git a/src/platform/nrfconnect/OTAImageProcessorImpl.cpp b/src/platform/nrfconnect/OTAImageProcessorImpl.cpp
index 9d02499..2e0806d 100644
--- a/src/platform/nrfconnect/OTAImageProcessorImpl.cpp
+++ b/src/platform/nrfconnect/OTAImageProcessorImpl.cpp
@@ -207,7 +207,7 @@
CHIP_ERROR OTAImageProcessorImpl::ConfirmCurrentImage()
{
PostOTAStateChangeEvent(DeviceLayer::kOtaApplyComplete);
- return System::MapErrorZephyr(boot_write_img_confirmed());
+ return mImageConfirmed ? CHIP_NO_ERROR : CHIP_ERROR_INCORRECT_STATE;
}
CHIP_ERROR OTAImageProcessorImpl::ProcessHeader(ByteSpan & aBlock)
diff --git a/src/platform/nrfconnect/OTAImageProcessorImpl.h b/src/platform/nrfconnect/OTAImageProcessorImpl.h
index 6012e20..7a87bc4 100644
--- a/src/platform/nrfconnect/OTAImageProcessorImpl.h
+++ b/src/platform/nrfconnect/OTAImageProcessorImpl.h
@@ -44,6 +44,7 @@
CHIP_ERROR ProcessBlock(ByteSpan & aBlock) override;
bool IsFirstImageRun() override;
CHIP_ERROR ConfirmCurrentImage() override;
+ void SetImageConfirmed() { mImageConfirmed = true; }
protected:
CHIP_ERROR PrepareDownloadImpl();
@@ -53,6 +54,9 @@
OTAImageHeaderParser mHeaderParser;
uint8_t mBuffer[kBufferSize];
ExternalFlashManager * mFlashHandler;
+
+private:
+ bool mImageConfirmed = false;
};
} // namespace DeviceLayer
