Boot: Remove revert functionality support
This patch temporarily removes the revert functionality in case of
MCUBOOT_NO_SWAP and/or MCUBOOT_RAM_LOADING compiler switches.This
functionality would recover the previous working firmware version
in case of a faulty update. The reason is that the functionality is
not fully implemented and during the first boot (relative to flash
erase) the image trailer is deleted while the image will not be
confirmed by runtime, preventing the subsequent successful booting.
Change-Id: I45b2af44c49b4a51a749f5cf92aeb6004a5b28b6
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c
index 3a187be..c268d93 100644
--- a/bl2/ext/mcuboot/bootutil/src/loader.c
+++ b/bl2/ext/mcuboot/bootutil/src/loader.c
@@ -300,71 +300,6 @@
return 0;
}
-/**
- * Erases a region of flash.
- *
- * @param flash_area_idx The ID of the flash area containing the region
- * to erase.
- * @param off The offset within the flash area to start the
- * erase.
- * @param sz The number of bytes to erase.
- *
- * @return 0 on success; nonzero on failure.
- */
-static int
-boot_erase_sector(int flash_area_id, uint32_t off, uint32_t sz)
-{
- const struct flash_area *fap = NULL;
- int rc;
-
- rc = flash_area_open(flash_area_id, &fap);
- if (rc != 0) {
- rc = BOOT_EFLASH;
- goto done;
- }
-
- rc = flash_area_erase(fap, off, sz);
- if (rc != 0) {
- rc = BOOT_EFLASH;
- goto done;
- }
-
- rc = 0;
-
-done:
- flash_area_close(fap);
- return rc;
-}
-
-#ifndef MCUBOOT_OVERWRITE_ONLY
-static int
-boot_erase_last_sector_by_id(int flash_area_id)
-{
- uint8_t slot;
- uint32_t last_sector;
- int rc;
-
- switch (flash_area_id) {
- case FLASH_AREA_IMAGE_0:
- slot = 0;
- break;
- case FLASH_AREA_IMAGE_1:
- slot = 1;
- break;
- default:
- return BOOT_EFLASH;
- }
-
- last_sector = boot_img_num_sectors(&boot_data, slot) - 1;
- rc = boot_erase_sector(flash_area_id,
- boot_img_sector_off(&boot_data, slot, last_sector),
- boot_img_sector_size(&boot_data, slot, last_sector));
- assert(rc == 0);
-
- return rc;
-}
-#endif /* !MCUBOOT_OVERWRITE_ONLY */
-
#if !defined(MCUBOOT_NO_SWAP) && !defined(MCUBOOT_OVERWRITE_ONLY)
/*
* Compute the total size of the given image. Includes the size of
@@ -727,6 +662,42 @@
#endif /* !MCUBOOT_OVERWRITE_ONLY */
/**
+ * Erases a region of flash.
+ *
+ * @param flash_area_idx The ID of the flash area containing the region
+ * to erase.
+ * @param off The offset within the flash area to start the
+ * erase.
+ * @param sz The number of bytes to erase.
+ *
+ * @return 0 on success; nonzero on failure.
+ */
+static int
+boot_erase_sector(int flash_area_id, uint32_t off, uint32_t sz)
+{
+ const struct flash_area *fap = NULL;
+ int rc;
+
+ rc = flash_area_open(flash_area_id, &fap);
+ if (rc != 0) {
+ rc = BOOT_EFLASH;
+ goto done;
+ }
+
+ rc = flash_area_erase(fap, off, sz);
+ if (rc != 0) {
+ rc = BOOT_EFLASH;
+ goto done;
+ }
+
+ rc = 0;
+
+done:
+ flash_area_close(fap);
+ return rc;
+}
+
+/**
* Copies the contents of one flash region to another. You must erase the
* destination region prior to calling this function.
*
@@ -831,7 +802,34 @@
return 0;
}
-#endif
+
+static int
+boot_erase_last_sector_by_id(int flash_area_id)
+{
+ uint8_t slot;
+ uint32_t last_sector;
+ int rc;
+
+ switch (flash_area_id) {
+ case FLASH_AREA_IMAGE_0:
+ slot = 0;
+ break;
+ case FLASH_AREA_IMAGE_1:
+ slot = 1;
+ break;
+ default:
+ return BOOT_EFLASH;
+ }
+
+ last_sector = boot_img_num_sectors(&boot_data, slot) - 1;
+ rc = boot_erase_sector(flash_area_id,
+ boot_img_sector_off(&boot_data, slot, last_sector),
+ boot_img_sector_size(&boot_data, slot, last_sector));
+ assert(rc == 0);
+
+ return rc;
+}
+#endif /* !MCUBOOT_OVERWRITE_ONLY */
/**
* Swaps the contents of two flash regions within the two image slots.
@@ -1488,14 +1486,6 @@
image_cnt++;
}
- if (slot_state.magic == BOOT_MAGIC_GOOD &&
- slot_state.image_ok == 0xFF) {
- /* Delete trailer in test mode in order to avoid booting it
- * again without confirmation by runtime in case of subsequent
- * boot.
- */
- boot_erase_last_sector_by_id(fa_id);
- }
BOOT_LOG_IMAGE_INFO(slot, hdr, &slot_state);
} else {
BOOT_LOG_INF("Image %"PRIu32": No valid image", slot);
diff --git a/docs/user_guides/tfm_secure_boot.md b/docs/user_guides/tfm_secure_boot.md
index 46ea366..eb722b8 100644
--- a/docs/user_guides/tfm_secure_boot.md
+++ b/docs/user_guides/tfm_secure_boot.md
@@ -94,10 +94,10 @@
it is responsible for downloading the proper firmware image. At boot time
MCUBoot inspects the version number in the image header and passes execution to
the newer firmware version. New image must be marked for upgrade which is
-automatically done by Python scripts at compile time. Revert functionality is
-also supported. Image verification is done the same way in both operational
-modes. If new image fails during authentication then MCUBoot erases the memory
-slot and starts the other image, after successful authentication.
+automatically done by Python scripts at compile time. Image verification is done
+the same way in both operational modes. If new image fails during authentication
+then MCUBoot erases the memory slot and starts the other image, after successful
+authentication.
At build time automatically two binaries are generated:
```