Google Git
Sign in
pigweed / third_party / github / zephyrproject-rtos / zephyr / refs/heads/upstream/backport-71385-to-v3.6-branch / . / subsys / mgmt / mcumgr / grp / img_mgmt / src / img_mgmt_state.c
blob: c54fbd4d0c65aa69ccb314c05471a417be67d70d [file] [log] [blame]
/*
* Copyright (c) 2018-2021 mcumgr authors
* Copyright (c) 2022-2023 Nordic Semiconductor ASA
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <zephyr/sys/util_macro.h>
#include <zephyr/toolchain.h>
#include <string.h>
#include <zephyr/logging/log.h>
#include <zephyr/dfu/mcuboot.h>
#include <zcbor_common.h>
#include <zcbor_decode.h>
#include <zcbor_encode.h>
#include <bootutil/bootutil_public.h>
#include <zephyr/mgmt/mcumgr/mgmt/mgmt.h>
#include <zephyr/mgmt/mcumgr/smp/smp.h>
#include <zephyr/mgmt/mcumgr/grp/img_mgmt/img_mgmt.h>
#include <mgmt/mcumgr/util/zcbor_bulk.h>
#include <mgmt/mcumgr/grp/img_mgmt/img_mgmt_priv.h>
#ifdef CONFIG_MCUMGR_MGMT_NOTIFICATION_HOOKS
#include <zephyr/mgmt/mcumgr/mgmt/callbacks.h>
#endif
LOG_MODULE_DECLARE(mcumgr_img_grp, CONFIG_MCUMGR_GRP_IMG_LOG_LEVEL);
/* The value here sets how many "characteristics" that describe image is
* encoded into a map per each image (like bootable flags, and so on).
* This value is only used for zcbor to predict map size and map encoding
* and does not affect memory allocation.
* In case when more "characteristics" are added to image map then
* zcbor_map_end_encode may fail it this value does not get updated.
*/
#define MAX_IMG_CHARACTERISTICS 15
#ifndef CONFIG_MCUMGR_GRP_IMG_FRUGAL_LIST
#define ZCBOR_ENCODE_FLAG(zse, label, value) \
(zcbor_tstr_put_lit(zse, label) && zcbor_bool_put(zse, value))
#else
/* In "frugal" lists flags are added to response only when they evaluate to true */
/* Note that value is evaluated twice! */
#define ZCBOR_ENCODE_FLAG(zse, label, value) \
(!(value) || \
(zcbor_tstr_put_lit(zse, label) && zcbor_bool_put(zse, (value))))
#endif
/* Flags returned by img_mgmt_state_read() for queried slot */
#define REPORT_SLOT_ACTIVE BIT(0)
#define REPORT_SLOT_PENDING BIT(1)
#define REPORT_SLOT_CONFIRMED BIT(2)
#define REPORT_SLOT_PERMANENT BIT(3)
#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
#define DIRECT_XIP_BOOT_UNSET 0
#define DIRECT_XIP_BOOT_ONCE 1
#define DIRECT_XIP_BOOT_REVERT 2
#define DIRECT_XIP_BOOT_FOREVER 3
#endif
/**
* Collects information about the specified image slot.
*/
#ifndef CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP
uint8_t
img_mgmt_state_flags(int query_slot)
{
uint8_t flags;
int swap_type;
int image = query_slot / 2; /* We support max 2 images for now */
int active_slot = img_mgmt_active_slot(image);
flags = 0;
/* Determine if this is is pending or confirmed (only applicable for
* unified images and loaders.
*/
swap_type = img_mgmt_swap_type(query_slot);
switch (swap_type) {
case IMG_MGMT_SWAP_TYPE_NONE:
if (query_slot == active_slot) {
flags |= IMG_MGMT_STATE_F_CONFIRMED;
}
break;
case IMG_MGMT_SWAP_TYPE_TEST:
if (query_slot == active_slot) {
flags |= IMG_MGMT_STATE_F_CONFIRMED;
} else {
flags |= IMG_MGMT_STATE_F_PENDING;
}
break;
case IMG_MGMT_SWAP_TYPE_PERM:
if (query_slot == active_slot) {
flags |= IMG_MGMT_STATE_F_CONFIRMED;
} else {
flags |= IMG_MGMT_STATE_F_PENDING | IMG_MGMT_STATE_F_PERMANENT;
}
break;
case IMG_MGMT_SWAP_TYPE_REVERT:
if (query_slot != active_slot) {
flags |= IMG_MGMT_STATE_F_CONFIRMED;
}
break;
}
/* Only running application is active */
if (image == img_mgmt_active_image() && query_slot == active_slot) {
flags |= IMG_MGMT_STATE_F_ACTIVE;
}
return flags;
}
#else
uint8_t
img_mgmt_state_flags(int query_slot)
{
uint8_t flags = 0;
int image = query_slot / 2; /* We support max 2 images for now */
int active_slot = img_mgmt_active_slot(image);
/* In case when MCUboot is configured for DirectXIP slot may only be
* active or pending. Slot is marked pending only when version in that slot
* is higher than version of active slot.
*/
if (image == img_mgmt_active_image() && query_slot == active_slot) {
flags = IMG_MGMT_STATE_F_ACTIVE;
} else {
struct image_version sver;
struct image_version aver;
int rcs = img_mgmt_read_info(query_slot, &sver, NULL, NULL);
int rca = img_mgmt_read_info(active_slot, &aver, NULL, NULL);
if (rcs == 0 && rca == 0 && img_mgmt_vercmp(&aver, &sver) < 0) {
flags = IMG_MGMT_STATE_F_PENDING | IMG_MGMT_STATE_F_PERMANENT;
}
}
return flags;
}
#endif
#if !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP) && \
!defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
int img_mgmt_get_next_boot_slot(int image, enum img_mgmt_next_boot_type *type)
{
const int active_slot = img_mgmt_active_slot(image);
const int state = mcuboot_swap_type_multi(image);
/* All cases except BOOT_SWAP_TYPE_NONE return opposite slot */
int slot = img_mgmt_get_opposite_slot(active_slot);
enum img_mgmt_next_boot_type lt = NEXT_BOOT_TYPE_NORMAL;
switch (state) {
case BOOT_SWAP_TYPE_NONE:
/* Booting to the same slot, keeping type to NEXT_BOOT_TYPE_NORMAL */
slot = active_slot;
break;
case BOOT_SWAP_TYPE_PERM:
/* For BOOT_SWAP_TYPE_PERM reported type will be NEXT_BOOT_TYPE_NORMAL,
* and only difference between this and BOOT_SWAP_TYPE_NONE is that
* the later boots to the application in currently active slot while the former
* to the application in the opposite to active slot.
* Normal here means that it is ordinary boot and slot has not been marked
* for revert or pending for test, and will change on reset.
*/
break;
case BOOT_SWAP_TYPE_REVERT:
/* Application is in test mode and has not yet been confirmed,
* which means that on the next boot the application will revert to
* the copy from reported slot.
*/
lt = NEXT_BOOT_TYPE_REVERT;
break;
case BOOT_SWAP_TYPE_TEST:
/* Reported next boot slot is set for one boot only and app needs to
* confirm itself or it will be reverted.
*/
lt = NEXT_BOOT_TYPE_TEST;
break;
default:
/* Should never, ever happen */
LOG_DBG("Unexpected swap state %d", state);
return -1;
}
LOG_DBG("(%d, *) => slot = %d, type = %d", image, slot, lt);
if (type != NULL) {
*type = lt;
}
return slot;
}
#else
#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
static int read_directxip_state(int slot)
{
struct boot_swap_state bss;
int fa_id = img_mgmt_flash_area_id(slot);
const struct flash_area *fa;
int rc = 0;
__ASSERT(fa_id != -1, "Could not map slot to area ID");
rc = flash_area_open(fa_id, &fa);
if (rc < 0) {
return rc;
}
rc = boot_read_swap_state(fa, &bss);
flash_area_close(fa);
if (rc != 0) {
LOG_ERR("Failed to read state of slot %d with error %d", slot, rc);
return -1;
}
if (bss.magic == BOOT_MAGIC_GOOD) {
if (bss.image_ok == BOOT_FLAG_SET) {
return DIRECT_XIP_BOOT_FOREVER;
} else if (bss.copy_done == BOOT_FLAG_SET) {
return DIRECT_XIP_BOOT_REVERT;
}
return DIRECT_XIP_BOOT_ONCE;
}
return DIRECT_XIP_BOOT_UNSET;
}
#endif /* defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT) */
int img_mgmt_get_next_boot_slot(int image, enum img_mgmt_next_boot_type *type)
{
struct image_version aver;
struct image_version over;
int active_slot = img_mgmt_active_slot(image);
int other_slot = img_mgmt_get_opposite_slot(active_slot);
#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
int active_slot_state;
int other_slot_state;
#endif /* defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT) */
enum img_mgmt_next_boot_type lt = NEXT_BOOT_TYPE_NORMAL;
int return_slot = active_slot;
int rcs = img_mgmt_read_info(other_slot, &over, NULL, NULL);
int rca = img_mgmt_read_info(active_slot, &aver, NULL, NULL);
#if defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
active_slot_state = read_directxip_state(active_slot);
other_slot_state = read_directxip_state(other_slot);
if (rca != 0 ||
(rcs != 0 && rcs != IMG_MGMT_ERR_NO_IMAGE)) {
/* We do not really know what will happen, as we can not
* read states from bootloader.
*/
LOG_ERR("img_mgmt_read_info_failed rca = %d, rcs = %d",
rca, rcs);
goto out;
}
if (other_slot_state < 0 || active_slot_state < 0) {
LOG_ERR("Slot state read failed with status: active %d, other %d",
active_slot_state, other_slot_state);
/* We do not really know what will happen, as we can not
* read states from bootloader.
*/
goto out;
}
/* There is not other image, the active one will boot next time */
if (rcs == IMG_MGMT_ERR_NO_IMAGE) {
goto out;
}
if (active_slot_state == DIRECT_XIP_BOOT_REVERT) {
lt = NEXT_BOOT_TYPE_REVERT;
return_slot = other_slot;
} else if (other_slot_state == DIRECT_XIP_BOOT_UNSET) {
if (active_slot_state == DIRECT_XIP_BOOT_ONCE) {
lt = NEXT_BOOT_TYPE_TEST;
}
} else if (img_mgmt_vercmp(&aver, &over) < 0) {
if (other_slot_state == DIRECT_XIP_BOOT_FOREVER) {
return_slot = other_slot;
} else if (other_slot_state == DIRECT_XIP_BOOT_ONCE) {
lt = NEXT_BOOT_TYPE_TEST;
return_slot = other_slot;
}
}
#else
if (rcs == 0 && rca == 0 && img_mgmt_vercmp(&aver, &over) < 0) {
return_slot = other_slot;
}
#endif /* defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT) */
out:
if (type != NULL) {
*type = lt;
}
return return_slot;
}
#endif /* !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP) && \
* !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT)
*/
/**
* Indicates whether any image slot is pending (i.e., whether a test swap will
* happen on the next reboot.
*/
int
img_mgmt_state_any_pending(void)
{
return img_mgmt_state_flags(0) & IMG_MGMT_STATE_F_PENDING ||
img_mgmt_state_flags(1) & IMG_MGMT_STATE_F_PENDING;
}
/**
* Indicates whether the specified slot has any flags. If no flags are set,
* the slot can be freely erased.
*/
int
img_mgmt_slot_in_use(int slot)
{
int image = img_mgmt_slot_to_image(slot);
int active_slot = img_mgmt_active_slot(image);
#if !defined(CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP)
enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL;
int nbs = img_mgmt_get_next_boot_slot(image, &type);
if (slot == nbs && type == NEXT_BOOT_TYPE_REVERT) {
LOG_DBG("(%d) Refused erase revert", slot);
return 1;
}
if ((slot == nbs && type == NEXT_BOOT_TYPE_TEST) ||
(active_slot != nbs && type == NEXT_BOOT_TYPE_NORMAL)) {
#if defined(CONFIG_MCUMGR_GRP_IMG_ALLOW_ERASE_PENDING)
LOG_DBG("(%d) Allowed erase pending", slot);
/* Pass through to return (active_slot == slot) */
#else
LOG_DBG("(%d) Refused erase pending", slot);
return 1;
#endif
}
#endif
return (active_slot == slot);
}
/**
* Sets the pending flag for the specified image slot. That is, the system
* will swap to the specified image on the next reboot. If the permanent
* argument is specified, the system doesn't require a confirm after the swap
* occurs.
*/
int
img_mgmt_state_set_pending(int slot, int permanent)
{
uint8_t state_flags;
int rc;
state_flags = img_mgmt_state_flags(slot);
/* Unconfirmed slots are always runnable. A confirmed slot can only be
* run if it is a loader in a split image setup.
*/
if (state_flags & IMG_MGMT_STATE_F_CONFIRMED && slot != 0) {
rc = IMG_MGMT_ERR_IMAGE_ALREADY_PENDING;
goto done;
}
rc = img_mgmt_write_pending(slot, permanent);
done:
return rc;
}
/**
* Confirms the current image state. Prevents a fallback from occurring on the
* next reboot if the active image is currently being tested.
*/
int
img_mgmt_state_confirm(void)
{
int rc;
#if defined(CONFIG_MCUMGR_GRP_IMG_STATUS_HOOKS)
int32_t err_rc;
uint16_t err_group;
#endif
/* Confirm disallowed if a test is pending. */
if (img_mgmt_state_any_pending()) {
rc = IMG_MGMT_ERR_IMAGE_ALREADY_PENDING;
goto err;
}
rc = img_mgmt_write_confirmed();
#if defined(CONFIG_MCUMGR_GRP_IMG_STATUS_HOOKS)
(void)mgmt_callback_notify(MGMT_EVT_OP_IMG_MGMT_DFU_CONFIRMED, NULL, 0, &err_rc,
&err_group);
#endif
err:
return rc;
}
/* Return zcbor encoding result */
static bool img_mgmt_state_encode_slot(zcbor_state_t *zse, uint32_t slot, int state_flags)
{
uint32_t flags;
char vers_str[IMG_MGMT_VER_MAX_STR_LEN];
uint8_t hash[IMAGE_HASH_LEN]; /* SHA256 hash */
struct zcbor_string zhash = { .value = hash, .len = IMAGE_HASH_LEN };
struct image_version ver;
bool ok;
int rc = img_mgmt_read_info(slot, &ver, hash, &flags);
if (rc != 0) {
/* zcbor encoding did not fail */
return true;
}
ok = zcbor_map_start_encode(zse, MAX_IMG_CHARACTERISTICS) &&
(CONFIG_MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER == 1 ||
(zcbor_tstr_put_lit(zse, "image") &&
zcbor_uint32_put(zse, slot >> 1))) &&
zcbor_tstr_put_lit(zse, "slot") &&
zcbor_uint32_put(zse, slot % 2) &&
zcbor_tstr_put_lit(zse, "version");
if (ok) {
if (img_mgmt_ver_str(&ver, vers_str) < 0) {
ok = zcbor_tstr_put_lit(zse, "<\?\?\?>");
} else {
vers_str[sizeof(vers_str) - 1] = '\0';
ok = zcbor_tstr_put_term(zse, vers_str, sizeof(vers_str));
}
}
ok = ok && zcbor_tstr_put_lit(zse, "hash") &&
zcbor_bstr_encode(zse, &zhash) &&
ZCBOR_ENCODE_FLAG(zse, "bootable", !(flags & IMAGE_F_NON_BOOTABLE)) &&
ZCBOR_ENCODE_FLAG(zse, "pending", state_flags & REPORT_SLOT_PENDING) &&
ZCBOR_ENCODE_FLAG(zse, "confirmed", state_flags & REPORT_SLOT_CONFIRMED) &&
ZCBOR_ENCODE_FLAG(zse, "active", state_flags & REPORT_SLOT_ACTIVE) &&
ZCBOR_ENCODE_FLAG(zse, "permanent", state_flags & REPORT_SLOT_PERMANENT) &&
zcbor_map_end_encode(zse, MAX_IMG_CHARACTERISTICS);
return ok;
}
/**
* Command handler: image state read
*/
int
img_mgmt_state_read(struct smp_streamer *ctxt)
{
zcbor_state_t *zse = ctxt->writer->zs;
uint32_t i;
bool ok;
ok = zcbor_tstr_put_lit(zse, "images") &&
zcbor_list_start_encode(zse, 2 * CONFIG_MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER);
img_mgmt_take_lock();
for (i = 0; ok && i < CONFIG_MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER; i++) {
/* _a is active slot, _o is opposite slot */
enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL;
int next_boot_slot = img_mgmt_get_next_boot_slot(i, &type);
int slot_a = img_mgmt_active_slot(i);
int slot_o = img_mgmt_get_opposite_slot(slot_a);
int flags_a = REPORT_SLOT_ACTIVE;
int flags_o = 0;
if (type != NEXT_BOOT_TYPE_REVERT) {
flags_a |= REPORT_SLOT_CONFIRMED;
}
if (next_boot_slot != slot_a) {
if (type == NEXT_BOOT_TYPE_NORMAL) {
flags_o = REPORT_SLOT_PENDING | REPORT_SLOT_PERMANENT;
} else if (type == NEXT_BOOT_TYPE_REVERT) {
flags_o = REPORT_SLOT_CONFIRMED;
} else if (type == NEXT_BOOT_TYPE_TEST) {
flags_o = REPORT_SLOT_PENDING;
}
}
/* Need to report slots in proper order */
if (slot_a < slot_o) {
ok = img_mgmt_state_encode_slot(zse, slot_a, flags_a) &&
img_mgmt_state_encode_slot(zse, slot_o, flags_o);
} else {
ok = img_mgmt_state_encode_slot(zse, slot_o, flags_o) &&
img_mgmt_state_encode_slot(zse, slot_a, flags_a);
}
}
/* Ending list encoding for two slots per image */
ok = ok && zcbor_list_end_encode(zse, 2 * CONFIG_MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER);
/* splitStatus is always 0 so in frugal list it is not present at all */
if (!IS_ENABLED(CONFIG_MCUMGR_GRP_IMG_FRUGAL_LIST) && ok) {
ok = zcbor_tstr_put_lit(zse, "splitStatus") &&
zcbor_int32_put(zse, 0);
}
img_mgmt_release_lock();
return ok ? MGMT_ERR_EOK : MGMT_ERR_EMSGSIZE;
}
static int img_mgmt_set_next_boot_slot_common(int slot, int active_slot, bool confirm)
{
const struct flash_area *fa;
int area_id = img_mgmt_flash_area_id(slot);
int rc = 0;
if (flash_area_open(area_id, &fa) != 0) {
return IMG_MGMT_ERR_FLASH_OPEN_FAILED;
}
rc = boot_set_next(fa, slot == active_slot, confirm);
if (rc != 0) {
/* Failed to set next slot for boot as desired */
LOG_ERR("Faled boot_set_next with code %d, for slot %d,"
" with active slot %d and confirm %d",
rc, slot, active_slot, confirm);
/* Translate from boot util error code to IMG mgmt group error code */
if (rc == BOOT_EFLASH) {
rc = IMG_MGMT_ERR_FLASH_WRITE_FAILED;
} else if (rc == BOOT_EBADVECT) {
rc = IMG_MGMT_ERR_INVALID_IMAGE_VECTOR_TABLE;
} else if (rc == BOOT_EBADIMAGE) {
rc = IMG_MGMT_ERR_INVALID_IMAGE_HEADER_MAGIC;
} else {
rc = IMG_MGMT_ERR_UNKNOWN;
}
}
flash_area_close(fa);
#if defined(CONFIG_MCUMGR_GRP_IMG_STATUS_HOOKS)
if (rc == 0 && slot == active_slot && confirm) {
int32_t err_rc;
uint16_t err_group;
/* Confirm event is only sent for active slot */
(void)mgmt_callback_notify(MGMT_EVT_OP_IMG_MGMT_DFU_CONFIRMED, NULL, 0, &err_rc,
&err_group);
}
#endif
return rc;
}
#ifndef CONFIG_MCUBOOT_BOOTLOADER_MODE_DIRECT_XIP_WITH_REVERT
int img_mgmt_set_next_boot_slot(int slot, bool confirm)
{
/* image the requested slot is defined within */
int image = img_mgmt_slot_to_image(slot);
/* active_slot is slot that is considered active/primary/executing
* for a given image.
*/
int active_slot = img_mgmt_active_slot(image);
enum img_mgmt_next_boot_type type = NEXT_BOOT_TYPE_NORMAL;
int next_boot_slot = img_mgmt_get_next_boot_slot(image, &type);
LOG_DBG("(%d, %s)", slot, confirm ? "confirm" : "test");
LOG_DBG("aimg = %d, img = %d, aslot = %d, slot = %d, nbs = %d",
img_mgmt_active_image(), image, active_slot, slot, next_boot_slot);
/* MCUmgr should not allow to confirm non-active image slots to prevent
* confirming something that might not have been verified to actually be bootable
* or have stuck in primary slot of other image. Unfortunately there was
* a bug in logic that always allowed to confirm secondary slot of any
* image. Now the behaviour is controlled via Kconfig options.
*/
#ifndef CONFIG_MCUMGR_GRP_IMG_ALLOW_CONFIRM_NON_ACTIVE_IMAGE_ANY
if (confirm && image != img_mgmt_active_image() &&
(!IS_ENABLED(CONFIG_MCUMGR_GRP_IMG_ALLOW_CONFIRM_NON_ACTIVE_IMAGE_SECONDARY) ||
slot == active_slot)) {
LOG_DBG("Not allowed to confirm non-active images");
return IMG_MGMT_ERR_IMAGE_CONFIRMATION_DENIED;
}
#endif
/* Setting test to active slot is not allowed. */
if (!confirm && slot == active_slot) {
return IMG_MGMT_ERR_IMAGE_SETTING_TEST_TO_ACTIVE_DENIED;
}
if (type == NEXT_BOOT_TYPE_TEST) {
/* Do nothing when requested to test the slot already set for test. */
if (!confirm && slot == next_boot_slot) {
return 0;
}
/* Changing to other, for test or not, is not allowed/ */
return IMG_MGMT_ERR_IMAGE_ALREADY_PENDING;
}
/* Normal boot means confirmed boot to either active slot or the opposite slot. */
if (type == NEXT_BOOT_TYPE_NORMAL) {
/* Do nothing when attempting to confirm slot that will be boot next time. */
if (confirm && slot == next_boot_slot) {
return 0;
}
/* Can not change slot once other than running has been confirmed. */
if ((slot == active_slot && active_slot != next_boot_slot) ||
(!confirm && slot != active_slot && slot == next_boot_slot)) {
return IMG_MGMT_ERR_IMAGE_ALREADY_PENDING;
}
/* Allow selecting non-active slot for boot */
}
if (type == NEXT_BOOT_TYPE_REVERT) {
/* Nothing to do when requested to confirm the next boot slot,
* as it is already confirmed in this mode.
*/
if (confirm && slot == next_boot_slot) {
return 0;
}
/* Trying to set any slot for test is an error */
if (!confirm) {
return IMG_MGMT_ERR_IMAGE_ALREADY_PENDING;
}
/* Allow confirming slot == active_slot */
}
return img_mgmt_set_next_boot_slot_common(slot, active_slot, confirm);
}
#else
int img_mgmt_set_next_boot_slot(int slot, bool confirm)
{
int active_image = img_mgmt_active_image();
int active_slot = img_mgmt_active_slot(active_image);
LOG_DBG("(%d, %s)", slot, confirm ? "confirm" : "test");
LOG_DBG("aimg = %d, aslot = %d, slot = %d",
active_image, active_slot, slot);
if (slot == active_slot && !confirm) {
return IMG_MGMT_ERR_IMAGE_SETTING_TEST_TO_ACTIVE_DENIED;
}
return img_mgmt_set_next_boot_slot_common(slot, active_slot, confirm);
}
#endif
/**
* Command handler: image state write
*/
int
img_mgmt_state_write(struct smp_streamer *ctxt)
{
bool confirm = false;
int slot;
int rc;
size_t decoded = 0;
bool ok;
struct zcbor_string zhash = { 0 };
struct zcbor_map_decode_key_val image_list_decode[] = {
ZCBOR_MAP_DECODE_KEY_DECODER("hash", zcbor_bstr_decode, &zhash),
ZCBOR_MAP_DECODE_KEY_DECODER("confirm", zcbor_bool_decode, &confirm)
};
zcbor_state_t *zse = ctxt->writer->zs;
zcbor_state_t *zsd = ctxt->reader->zs;
ok = zcbor_map_decode_bulk(zsd, image_list_decode,
ARRAY_SIZE(image_list_decode), &decoded) == 0;
if (!ok) {
return MGMT_ERR_EINVAL;
}
img_mgmt_take_lock();
/* Determine which slot is being operated on. */
if (zhash.len == 0) {
if (confirm) {
slot = img_mgmt_active_slot(img_mgmt_active_image());
} else {
/* A 'test' without a hash is invalid. */
ok = smp_add_cmd_err(zse, MGMT_GROUP_ID_IMAGE,
IMG_MGMT_ERR_INVALID_HASH);
goto end;
}
} else if (zhash.len != IMAGE_HASH_LEN) {
/* The img_mgmt_find_by_hash does exact length compare
* so just fail here.
*/
ok = smp_add_cmd_err(zse, MGMT_GROUP_ID_IMAGE, IMG_MGMT_ERR_INVALID_HASH);
goto end;
} else {
uint8_t hash[IMAGE_HASH_LEN];
memcpy(hash, zhash.value, zhash.len);
slot = img_mgmt_find_by_hash(hash, NULL);
if (slot < 0) {
ok = smp_add_cmd_err(zse, MGMT_GROUP_ID_IMAGE,
IMG_MGMT_ERR_HASH_NOT_FOUND);
goto end;
}
}
rc = img_mgmt_set_next_boot_slot(slot, confirm);
if (rc != 0) {
ok = smp_add_cmd_err(zse, MGMT_GROUP_ID_IMAGE, rc);
goto end;
}
/* Send the current image state in the response. */
rc = img_mgmt_state_read(ctxt);
if (rc != 0) {
img_mgmt_release_lock();
return rc;
}
end:
img_mgmt_release_lock();
if (!ok) {
return MGMT_ERR_EMSGSIZE;
}
return MGMT_ERR_EOK;
}