Use same format for scratch and slot trailer
Prior to this change, the scratch image trailer had a different format
from a slot image trailer. Specifically:
1. The scratch trailer only contained a single set of status entries
(three bytes); the slot trailer contained `BOOT_STATUS_MAX_ENTRIES`
sets of status entries.
2. The scratch trailer did not contain the `copy_done` field.
This inconsistency required some extra conditional logic in the trailer
handling code. It is simpler to just use the same trailer format
everywhere.
This commit removes this inconsistency. Now, the scratch trailer
structure is identical to that of the slot trailer.
Signed-off-by: Christopher Collins <ccollins@apache.org>
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
index 514d669..1a72699 100644
--- a/boot/bootutil/src/bootutil_misc.c
+++ b/boot/bootutil/src/bootutil_misc.c
@@ -120,7 +120,7 @@
}
uint32_t
-boot_slots_trailer_sz(uint8_t min_write_sz)
+boot_trailer_sz(uint8_t min_write_sz)
{
return /* state for all sectors */
BOOT_STATUS_MAX_ENTRIES * BOOT_STATUS_STATE_COUNT * min_write_sz +
@@ -128,22 +128,8 @@
/* encryption keys */
BOOT_ENC_KEY_SIZE * 2 +
#endif
- /* copy_done + image_ok + swap_size */
- BOOT_MAX_ALIGN * 3 +
- BOOT_MAGIC_SZ;
-}
-
-static uint32_t
-boot_scratch_trailer_sz(uint8_t min_write_sz)
-{
- /* state for one sector */
- return BOOT_STATUS_STATE_COUNT * min_write_sz +
-#ifdef MCUBOOT_ENC_IMAGES
- /* encryption keys */
- BOOT_ENC_KEY_SIZE * 2 +
-#endif
- /* image_ok + swap_size */
- BOOT_MAX_ALIGN * 2 +
+ /* swap_type + copy_done + image_ok + swap_size */
+ BOOT_MAX_ALIGN * 4 +
BOOT_MAGIC_SZ;
}
@@ -176,11 +162,7 @@
elem_sz = flash_area_align(fap);
- if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
- off_from_end = boot_scratch_trailer_sz(elem_sz);
- } else {
- off_from_end = boot_slots_trailer_sz(elem_sz);
- }
+ off_from_end = boot_trailer_sz(elem_sz);
assert(off_from_end <= fap->fa_size);
return fap->fa_size - off_from_end;
@@ -189,7 +171,6 @@
static uint32_t
boot_copy_done_off(const struct flash_area *fap)
{
- assert(fap->fa_id != FLASH_AREA_IMAGE_SCRATCH);
assert(offsetof(struct image_trailer, copy_done) == 0);
return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2;
}
@@ -204,27 +185,14 @@
static uint32_t
boot_swap_size_off(const struct flash_area *fap)
{
- /*
- * The "swap_size" field if located just before the trailer.
- * The scratch slot doesn't store "copy_done"...
- */
- if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
- return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2;
- }
-
- return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 3;
+ return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 4;
}
#ifdef MCUBOOT_ENC_IMAGES
static uint32_t
boot_enc_key_off(const struct flash_area *fap, uint8_t slot)
{
- if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
- return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 2 -
- ((slot + 1) * BOOT_ENC_KEY_SIZE);
- }
-
- return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 3 -
+ return fap->fa_size - BOOT_MAGIC_SZ - BOOT_MAX_ALIGN * 4 -
((slot + 1) * BOOT_ENC_KEY_SIZE);
}
#endif
@@ -248,18 +216,16 @@
state->magic = boot_magic_decode(magic);
}
- if (fap->fa_id != FLASH_AREA_IMAGE_SCRATCH) {
- off = boot_copy_done_off(fap);
- rc = flash_area_read_is_empty(fap, off, &state->copy_done,
- sizeof state->copy_done);
- if (rc < 0) {
- return BOOT_EFLASH;
- }
- if (rc == 1) {
- state->copy_done = BOOT_FLAG_UNSET;
- } else {
- state->copy_done = boot_flag_decode(state->copy_done);
- }
+ off = boot_copy_done_off(fap);
+ rc = flash_area_read_is_empty(fap, off, &state->copy_done,
+ sizeof state->copy_done);
+ if (rc < 0) {
+ return BOOT_EFLASH;
+ }
+ if (rc == 1) {
+ state->copy_done = BOOT_FLAG_UNSET;
+ } else {
+ state->copy_done = boot_flag_decode(state->copy_done);
}
off = boot_image_ok_off(fap);
diff --git a/boot/bootutil/src/bootutil_priv.h b/boot/bootutil/src/bootutil_priv.h
index dba19c6..a5ca42f 100644
--- a/boot/bootutil/src/bootutil_priv.h
+++ b/boot/bootutil/src/bootutil_priv.h
@@ -180,7 +180,7 @@
int bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig,
size_t slen, uint8_t key_id);
-uint32_t boot_slots_trailer_sz(uint8_t min_write_sz);
+uint32_t boot_trailer_sz(uint8_t min_write_sz);
int boot_status_entries(const struct flash_area *fap);
uint32_t boot_status_off(const struct flash_area *fap);
int boot_read_swap_state(const struct flash_area *fap,
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index ac26bd2..c784c31 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c
@@ -1026,7 +1026,7 @@
/* delete starting from last sector and moving to beginning */
sector = boot_img_num_sectors(&boot_data, slot) - 1;
- trailer_sz = boot_slots_trailer_sz(BOOT_WRITE_SZ(&boot_data));
+ trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(&boot_data));
total_sz = 0;
do {
sz = boot_img_sector_size(&boot_data, slot, sector);
@@ -1072,7 +1072,7 @@
img_off = boot_img_sector_off(&boot_data, BOOT_PRIMARY_SLOT, idx);
copy_sz = sz;
- trailer_sz = boot_slots_trailer_sz(BOOT_WRITE_SZ(&boot_data));
+ trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(&boot_data));
/* sz in this function is always sized on a multiple of the sector size.
* The check against the start offset of the last sector
diff --git a/sim/mcuboot-sys/src/c.rs b/sim/mcuboot-sys/src/c.rs
index d53dc23..08b8813 100644
--- a/sim/mcuboot-sys/src/c.rs
+++ b/sim/mcuboot-sys/src/c.rs
@@ -41,7 +41,7 @@
}
pub fn boot_trailer_sz(align: u8) -> u32 {
- unsafe { raw::boot_slots_trailer_sz(align) }
+ unsafe { raw::boot_trailer_sz(align) }
}
pub fn boot_magic_sz() -> usize {
@@ -87,7 +87,7 @@
pub static mut c_asserts: u8;
pub static mut c_catch_asserts: u8;
- pub fn boot_slots_trailer_sz(min_write_sz: u8) -> u32;
+ pub fn boot_trailer_sz(min_write_sz: u8) -> u32;
pub static BOOT_MAGIC_SZ: u32;
pub static BOOT_MAX_ALIGN: u32;