diff options
12 files changed, 111 insertions, 46 deletions
diff --git a/docs/technical_references/tfm_fwu_service.rst b/docs/technical_references/tfm_fwu_service.rst index 030c094818..46c98f32fa 100644 --- a/docs/technical_references/tfm_fwu_service.rst +++ b/docs/technical_references/tfm_fwu_service.rst @@ -174,7 +174,7 @@ fwu_bootloader_mark_image_accepted(function) .. code-block:: c - psa_status_t fwu_bootloader_mark_image_accepted(void); + psa_status_t fwu_bootloader_mark_image_accepted(bl_image_id_t bootloader_image_id); **Description** diff --git a/docs/technical_references/tfm_secure_boot.rst b/docs/technical_references/tfm_secure_boot.rst index 528e7b7684..1907cea8a2 100644 --- a/docs/technical_references/tfm_secure_boot.rst +++ b/docs/technical_references/tfm_secure_boot.rst @@ -797,8 +797,9 @@ Integration with Firmware Update service The shim layer of the Firmware Update partition calls the APIs in bootutil_misc.c to control the image status. -- Call ``boot_write_magic()`` to make the image as a candidate image for booting. -- Call ``boot_set_confirmed()`` to make the image as a permanent image. +- Call ``boot_set_pending_multi()`` to make the image as a candidate image for + booting. +- Call ``boot_set_confirmed_multi()`` to make the image as a permanent image. .. Note:: Currently, in direct-xip mode and ram-load mode, TF-M cannot get the diff --git a/interface/include/psa/update.h b/interface/include/psa/update.h index 65d7d2dd60..d7de5ac9d6 100644 --- a/interface/include/psa/update.h +++ b/interface/include/psa/update.h @@ -207,6 +207,8 @@ psa_status_t psa_fwu_request_reboot(void); /** * \brief Indicates to the implementation that the upgrade was successful. * + * \param[in] image_id The image_id of the image to query + * * \return A status indicating the success/failure of the operation * * \retval PSA_SUCCESS The image and its dependencies have @@ -217,7 +219,7 @@ psa_status_t psa_fwu_request_reboot(void); * \retval PSA_ERROR_NOT_PERMITTED The caller is not permitted to make * this call */ -psa_status_t psa_fwu_accept(void); +psa_status_t psa_fwu_accept(psa_image_id_t image_id); /** * \brief Stores a manifest object and associates it with a particular image ID. diff --git a/interface/src/tfm_firmware_update_func_api.c b/interface/src/tfm_firmware_update_func_api.c index 4870288977..5100d44399 100644 --- a/interface/src/tfm_firmware_update_func_api.c +++ b/interface/src/tfm_firmware_update_func_api.c @@ -122,12 +122,15 @@ psa_status_t psa_fwu_request_reboot(void) return status; } -psa_status_t psa_fwu_accept(void) +psa_status_t psa_fwu_accept(psa_image_id_t image_id) { psa_status_t status; + psa_invec in_vec[] = { + { .base = &image_id, .len = sizeof(image_id) } + }; status = tfm_ns_interface_dispatch((veneer_fn)tfm_fwu_accept_req_veneer, - (uint32_t)NULL, 0, + (uint32_t)in_vec, IOVEC_LEN(in_vec), (uint32_t)NULL, 0); if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) { diff --git a/interface/src/tfm_firmware_update_ipc_api.c b/interface/src/tfm_firmware_update_ipc_api.c index a21a3339fa..60d4b2e6d0 100644 --- a/interface/src/tfm_firmware_update_ipc_api.c +++ b/interface/src/tfm_firmware_update_ipc_api.c @@ -155,10 +155,13 @@ psa_status_t psa_fwu_request_reboot(void) return status; } -psa_status_t psa_fwu_accept(void) +psa_status_t psa_fwu_accept(psa_image_id_t image_id) { psa_handle_t handle; psa_status_t status; + psa_invec in_vec[] = { + { .base = &image_id, .len = sizeof(image_id) } + }; handle = psa_connect(TFM_FWU_ACCEPT_SID, TFM_FWU_ACCEPT_VERSION); @@ -166,7 +169,7 @@ psa_status_t psa_fwu_accept(void) return PSA_ERROR_GENERIC_ERROR; } - status = psa_call(handle, PSA_IPC_CALL, NULL, 0, NULL, 0); + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0); psa_close(handle); diff --git a/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt b/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt index b764c9ea95..405d0b503f 100644 --- a/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt +++ b/secure_fw/partitions/firmware_update/bootloader/mcuboot/CMakeLists.txt @@ -11,7 +11,7 @@ add_library(tfm_fwu_mcuboot_util INTERFACE) target_sources(tfm_fwu_mcuboot_util INTERFACE - ${MCUBOOT_PATH}/boot/bootutil/src/bootutil_misc.c + ${MCUBOOT_PATH}/boot/bootutil/src/bootutil_public.c ${MCUBOOT_PATH}/boot/bootutil/src/tlv.c ${CMAKE_SOURCE_DIR}/bl2/src/flash_map.c ${CMAKE_SOURCE_DIR}/bl2/ext/mcuboot/flash_map_extended.c diff --git a/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c b/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c index 034f8fe42d..c0966f2619 100644 --- a/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c +++ b/secure_fw/partitions/firmware_update/bootloader/mcuboot/tfm_mcuboot_fwu.c @@ -6,7 +6,7 @@ */ #include "psa/crypto.h" -#include "log/tfm_log.h" +#include "tfm_sp_log.h" #include "bootutil_priv.h" #include "bootutil/bootutil.h" #include "bootutil/image.h" @@ -52,8 +52,6 @@ typedef struct tfm_fwu_mcuboot_ctx_s { static tfm_fwu_mcuboot_ctx_t mcuboot_ctx[TFM_FWU_MAX_IMAGES]; static fwu_image_info_data_t boot_shared_data; extern const uint32_t boot_img_magic[]; -#define BOOT_MAGIC_ARR_SZ \ - (sizeof(boot_img_magic) / sizeof(boot_img_magic[0])) static int convert_id_from_bl_to_mcuboot(bl_image_id_t bl_image_id, uint8_t *mcuboot_image_id) @@ -61,7 +59,7 @@ static int convert_id_from_bl_to_mcuboot(bl_image_id_t bl_image_id, #if (MCUBOOT_IMAGE_NUMBER == 1) /* Only full image upgrade is supported in this case. */ if (bl_image_id != FWU_IMAGE_TYPE_FULL) { - LOG_MSG("TFM FWU: multi-image is not supported in current mcuboot configuration."); + LOG_ERRFMT("TFM FWU: multi-image is not supported in current mcuboot configuration."); return -1; } @@ -75,7 +73,7 @@ static int convert_id_from_bl_to_mcuboot(bl_image_id_t bl_image_id, /* The image id in mcuboot. 1: the non-secure image. */ *mcuboot_image_id = 1; } else { - LOG_MSG("TFM FWU: invalid image_type: %d", bl_image_id); + LOG_ERRFMT("TFM FWU: invalid image_type: %d", bl_image_id); return -1; } #endif @@ -99,7 +97,7 @@ static int convert_id_from_mcuboot_to_bl(uint8_t mcuboot_image_id, /* The image id in mcuboot. 1: the non-secure image. */ image_type = FWU_IMAGE_TYPE_NONSECURE; } else { - LOG_MSG("TFM FWU: invalid mcuboot image id\n\r: %d", + LOG_ERRFMT("TFM FWU: invalid mcuboot image id\n\r: %d", mcuboot_image_id); return -1; } @@ -199,7 +197,7 @@ psa_status_t fwu_bootloader_staging_area_init(bl_image_id_t bootloader_image_id) if (flash_area_open(FLASH_AREA_IMAGE_SECONDARY(mcuboot_image_id), &fap) != 0) { - LOG_MSG("TFM FWU: opening flash failed.\r\n"); + LOG_ERRFMT("TFM FWU: opening flash failed.\r\n"); return PSA_ERROR_GENERIC_ERROR; } @@ -215,7 +213,7 @@ psa_status_t fwu_bootloader_staging_area_init(bl_image_id_t bootloader_image_id) } if (flash_area_erase(fap, 0, fap->fa_size) != 0) { - LOG_MSG("TFM FWU: erasing flash failed.\r\n"); + LOG_ERRFMT("TFM FWU: erasing flash failed.\r\n"); return PSA_ERROR_GENERIC_ERROR; } @@ -248,7 +246,7 @@ psa_status_t fwu_bootloader_load_image(bl_image_id_t bootloader_image_id, } if (flash_area_write(fap, block_offset, block, block_size) != 0) { - LOG_MSG("TFM FWU: write flash failed.\r\n"); + LOG_ERRFMT("TFM FWU: write flash failed.\r\n"); return PSA_ERROR_GENERIC_ERROR; } @@ -452,14 +450,15 @@ psa_status_t fwu_bootloader_install_image(bl_image_id_t bootloader_image_id, * are installed, the user should call the psa_fwu_install API to install * this image again. */ - if (boot_write_magic(fap) != 0) { + if (boot_set_pending_multi(mcuboot_image_id, false) != 0) { return PSA_ERROR_GENERIC_ERROR; } else { return ret; } } -psa_status_t fwu_bootloader_mark_image_accepted(void) +psa_status_t fwu_bootloader_mark_image_accepted( + bl_image_id_t bootloader_image_id) { /* As DIRECT_XIP, RAM_LOAD and OVERWRITE_ONLY do not support image revert. * So there is nothing to do in these three upgrade strategies. Image @@ -470,11 +469,20 @@ psa_status_t fwu_bootloader_mark_image_accepted(void) */ #if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD) && \ !defined(MCUBOOT_OVERWRITE_ONLY) - if (boot_set_confirmed() != 0) { + uint8_t mcuboot_image_id = 0; + + if (convert_id_from_bl_to_mcuboot(bootloader_image_id, + &mcuboot_image_id) != 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (boot_set_confirmed_multi(mcuboot_image_id) != 0) { return PSA_ERROR_GENERIC_ERROR; } -#endif +#else + (void)bootloader_image_id; return PSA_SUCCESS; +#endif } psa_status_t fwu_bootloader_abort(bl_image_id_t bootloader_image_id) @@ -559,13 +567,13 @@ static psa_status_t get_secondary_image_info(uint8_t image_id, if ((flash_area_open(FLASH_AREA_IMAGE_SECONDARY(image_id), &fap)) != 0) { - LOG_MSG("TFM FWU: opening flash failed.\r\n"); + LOG_ERRFMT("TFM FWU: opening flash failed.\r\n"); return PSA_ERROR_GENERIC_ERROR; } if (flash_area_read(fap, 0, &hdr, sizeof(hdr)) != 0) { flash_area_close(fap); - LOG_MSG("TFM FWU: reading flash failed.\r\n"); + LOG_ERRFMT("TFM FWU: reading flash failed.\r\n"); return PSA_ERROR_GENERIC_ERROR; } @@ -588,7 +596,7 @@ static psa_status_t get_secondary_image_info(uint8_t image_id, info->version.iv_minor = hdr.ih_ver.iv_minor; info->version.iv_revision = hdr.ih_ver.iv_revision; info->version.iv_build_num = hdr.ih_ver.iv_build_num; - LOG_MSG("version= %d., %d., %d.,+ %d\n\r", + LOG_ERRFMT("version= %d., %d., %d.,+ %d\n\r", info->version.iv_major, info->version.iv_minor, info->version.iv_revision, @@ -625,7 +633,11 @@ psa_status_t fwu_bootloader_get_image_info(bl_image_id_t bootloader_image_id, { struct image_version image_ver = { 0 }; uint8_t mcuboot_image_id = 0; - +#if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD) && \ + !defined(MCUBOOT_OVERWRITE_ONLY) + const struct flash_area *fap = NULL; + uint8_t image_ok = BOOT_FLAG_UNSET; +#endif if (info == NULL) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -639,12 +651,33 @@ psa_status_t fwu_bootloader_get_image_info(bl_image_id_t bootloader_image_id, memset(info->digest, TFM_IMAGE_INFO_INVALID_DIGEST, sizeof(info->digest)); if (active_image) { - /* Set the image state as accepted. */ - /* TODO: check the image state by reading the image_ok flag in SWAP - * case. + /* As DIRECT_XIP, RAM_LOAD and OVERWRITE_ONLY do not support image revert. + * So the running image is in INSTALLED state in these three upgrade + * strategies. In the SWAP case, the image_ok flag should be read to check + * whether the running image has been confirmed as a pernament image. + */ +#if !defined(MCUBOOT_DIRECT_XIP) && !defined(MCUBOOT_RAM_LOAD) && \ + !defined(MCUBOOT_OVERWRITE_ONLY) + if ((flash_area_open(FLASH_AREA_IMAGE_PRIMARY(mcuboot_image_id), + &fap)) != 0) { + LOG_ERRFMT("TFM FWU: opening flash failed.\r\n"); + return PSA_ERROR_GENERIC_ERROR; + } + + /* Get value of image-ok flag of the image to check whether application + * itself is already confirmed. */ + if (boot_read_image_ok(fap, &image_ok) != 0) { + return PSA_ERROR_GENERIC_ERROR; + } + if (image_ok == BOOT_FLAG_SET) { + info->state = PSA_IMAGE_INSTALLED; + } else { + info->state = PSA_IMAGE_PENDING_INSTALL; + } +#else info->state = PSA_IMAGE_INSTALLED; - +#endif if (get_running_image_version(mcuboot_image_id, &image_ver) == PSA_SUCCESS) { info->version.iv_major = image_ver.iv_major; diff --git a/secure_fw/partitions/firmware_update/bootloader/tfm_bootloader_fwu_abstraction.h b/secure_fw/partitions/firmware_update/bootloader/tfm_bootloader_fwu_abstraction.h index 06c3eff22b..002fb746d2 100644 --- a/secure_fw/partitions/firmware_update/bootloader/tfm_bootloader_fwu_abstraction.h +++ b/secure_fw/partitions/firmware_update/bootloader/tfm_bootloader_fwu_abstraction.h @@ -116,7 +116,8 @@ psa_status_t fwu_bootloader_install_image(bl_image_id_t bootloader_image_id, * \return PSA_SUCCESS On success * PSA_ERROR_GENERIC_ERROR A fatal error occurred */ -psa_status_t fwu_bootloader_mark_image_accepted(void); +psa_status_t fwu_bootloader_mark_image_accepted( + bl_image_id_t bootloader_image_id); /** * \brief Abort the current image download process. diff --git a/secure_fw/partitions/firmware_update/tfm_fwu.c b/secure_fw/partitions/firmware_update/tfm_fwu.c index 3768f65362..025d241121 100644 --- a/secure_fw/partitions/firmware_update/tfm_fwu.c +++ b/secure_fw/partitions/firmware_update/tfm_fwu.c @@ -6,7 +6,7 @@ */ #include <stdint.h> -#include "log/tfm_log.h" +#include "tfm_sp_log.h" #include "tfm_platform_api.h" #include "tfm_fwu.h" @@ -17,7 +17,7 @@ psa_status_t tfm_internal_fwu_initialize(psa_image_id_t image_id) /* Check the image slot, the target should be the staging slot. */ if (slot_id != FWU_IMAGE_ID_SLOT_STAGE) { - LOG_MSG("TFM FWU: invalid slot_id: %d", slot_id); + LOG_ERRFMT("TFM FWU: invalid slot_id: %d", slot_id); return PSA_ERROR_INVALID_ARGUMENT; } @@ -54,7 +54,7 @@ psa_status_t tfm_internal_fwu_install(psa_image_id_t image_id, /* Check the image slot, the target should be the staging slot. */ if (slot_id != FWU_IMAGE_ID_SLOT_STAGE) { - LOG_MSG("TFM FWU: invalid slot_id: %d", slot_id); + LOG_ERRFMT("TFM FWU: invalid slot_id: %d", slot_id); return PSA_ERROR_INVALID_ARGUMENT; } @@ -100,7 +100,7 @@ psa_status_t tfm_internal_fwu_query(psa_image_id_t image_id, } else if (slot_id == FWU_IMAGE_ID_SLOT_ACTIVE) { active_image = true; } else { - LOG_MSG("TFM FWU: invalid slot_id: %d", slot_id); + LOG_ERRFMT("TFM FWU: invalid slot_id: %d", slot_id); return PSA_ERROR_INVALID_ARGUMENT; } @@ -112,7 +112,9 @@ void tfm_internal_fwu_request_reboot(void) tfm_platform_system_reset(); } -psa_status_t tfm_internal_fwu_accept(void) +psa_status_t tfm_internal_fwu_accept(psa_image_id_t image_id) { - return fwu_bootloader_mark_image_accepted(); + uint8_t image_type = (uint8_t)FWU_IMAGE_ID_GET_TYPE(image_id); + + return fwu_bootloader_mark_image_accepted(image_type); } diff --git a/secure_fw/partitions/firmware_update/tfm_fwu.h b/secure_fw/partitions/firmware_update/tfm_fwu.h index a4cc83fe2d..ec64d9a4ed 100644 --- a/secure_fw/partitions/firmware_update/tfm_fwu.h +++ b/secure_fw/partitions/firmware_update/tfm_fwu.h @@ -56,7 +56,7 @@ void tfm_internal_fwu_request_reboot(void); /* * Marks the image in the primary slot as confirmed. */ -psa_status_t tfm_internal_fwu_accept(void); +psa_status_t tfm_internal_fwu_accept(psa_image_id_t image_id); #ifdef __cplusplus } diff --git a/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c b/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c index e1a225af89..8c25aa4e8a 100644 --- a/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c +++ b/secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c @@ -211,17 +211,22 @@ psa_status_t tfm_fwu_request_reboot_req(psa_invec *in_vec, size_t in_len, } psa_status_t tfm_fwu_accept_req(psa_invec *in_vec, size_t in_len, - psa_outvec *out_vec, size_t out_len) + psa_outvec *out_vec, size_t out_len) { - (void)in_vec; (void)out_vec; - (void)in_len; (void)out_len; + psa_image_id_t image_id; + + if (in_vec[0].len != sizeof(image_id) || in_len != 1) { + return PSA_ERROR_INVALID_ARGUMENT; + } + image_id = *((psa_image_id_t *)in_vec[0].base); + /* This operation set the running image to INSTALLED state, the images * in the staging area does not impact this operation. */ - return tfm_internal_fwu_accept(); + return tfm_internal_fwu_accept(image_id); } /* Abort the currently running FWU. */ @@ -417,10 +422,22 @@ static psa_status_t tfm_fwu_request_reboot_ipc(void) static psa_status_t tfm_fwu_accept_ipc(void) { + psa_image_id_t image_id; + size_t num; + + /* Check input parameters. */ + if (msg.in_size[0] != sizeof(image_id)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } + num = psa_read(msg.handle, 0, &image_id, sizeof(image_id)); + if (num != sizeof(image_id)) { + return PSA_ERROR_PROGRAMMER_ERROR; + } + /* This operation set the running image to INSTALLED state, the images * in the staging area does not impact this operation. */ - return tfm_internal_fwu_accept(); + return tfm_internal_fwu_accept(image_id); } static psa_status_t tfm_fwu_abort_ipc(void) diff --git a/secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c b/secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c index aefd1b60b6..20633bd432 100644 --- a/secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c +++ b/secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c @@ -211,12 +211,15 @@ psa_status_t psa_fwu_request_reboot(void) return status; } -psa_status_t psa_fwu_accept(void) +psa_status_t psa_fwu_accept(psa_image_id_t image_id) { psa_status_t status; #ifdef TFM_PSA_API psa_handle_t handle; #endif + psa_invec in_vec[] = { + { .base = &image_id, .len = sizeof(image_id) } + }; #ifdef TFM_PSA_API handle = psa_connect(TFM_FWU_ACCEPT_SID, @@ -225,11 +228,11 @@ psa_status_t psa_fwu_accept(void) return PSA_ERROR_GENERIC_ERROR; } - status = psa_call(handle, PSA_IPC_CALL, NULL, 0, NULL, 0); + status = psa_call(handle, PSA_IPC_CALL, in_vec, IOVEC_LEN(in_vec), NULL, 0); psa_close(handle); #else - status = tfm_fwu_accept_req_veneer(NULL, 0, NULL, 0); + status = tfm_fwu_accept_req_veneer(in_vec, IOVEC_LEN(in_vec), NULL, 0); #endif if (status == (psa_status_t)TFM_ERROR_INVALID_PARAMETER) { |