TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / b1adb1ed2e5714db335756ddebe035d13b595f41^! / . / boot / bootutil / src / loader.c
commitb1adb1ed2e5714db335756ddebe035d13b595f41[log] [tgz]
authorFabio Utzig <utzig@apache.org>Wed Sep 11 11:42:53 2019 -0300
committerFabio Utzig <utzig@utzig.org>Thu Sep 12 14:08:35 2019 -0300
tree093dffe0c7d3414eeae619012f4c0ed3c55ece34
parent59b63e562568b533b0cf236408b952a3d4dc479c [diff] [blame]
Fix validation when no image is present

The slot validation routine would result in a non-installed image to be
equivalent to a failed validation, which would set the swap type to
*_FAIL and require special handling in the dependency checks. This
routine was updated, so that it now returns a value that can be used to
check that the error was due to an image not found.

Signed-off-by: Fabio Utzig <utzig@apache.org>

diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
index aa53e9d..d01a71d 100644
--- a/boot/bootutil/src/loader.c
+++ b/boot/bootutil/src/loader.c

@@ -890,6 +890,14 @@
     return 0;
 }
 
+/*
+ * Check that there is a valid image in a slot
+ *
+ * @returns
+ *         0 if image was succesfully validated
+ *         1 if no bootloable image was found
+ *         -1 on any errors
+ */
 static int
 boot_validate_slot(struct boot_loader_state *state, int slot,
                    struct boot_status *bs)
@@ -902,14 +910,14 @@
     area_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), slot);
     rc = flash_area_open(area_id, &fap);
     if (rc != 0) {
-        return BOOT_EFLASH;
+        return -1;
     }
 
     hdr = boot_img_hdr(state, slot);
     if (boot_check_header_erased(state, slot) == 0 ||
         (hdr->ih_flags & IMAGE_F_NON_BOOTABLE)) {
         /* No bootable image in slot; continue booting from the primary slot. */
-        rc = -1;
+        rc = 1;
         goto out;
     }
 
@@ -947,6 +955,7 @@
                          struct boot_status *bs)
 {
     int swap_type;
+    int rc;
 
     swap_type = boot_swap_type_multi(BOOT_CURR_IMG(state));
     switch (swap_type) {
@@ -956,7 +965,10 @@
         /* Boot loader wants to switch to the secondary slot.
          * Ensure image is valid.
          */
-        if (boot_validate_slot(state, BOOT_SECONDARY_SLOT, bs) != 0) {
+        rc = boot_validate_slot(state, BOOT_SECONDARY_SLOT, bs);
+        if (rc == 1) {
+            swap_type = BOOT_SWAP_TYPE_NONE;
+        } else if (rc != 0) {
             swap_type = BOOT_SWAP_TYPE_FAIL;
         }
     }
@@ -1835,7 +1847,7 @@
     /* Determine the source of the image which is the subject of
      * the dependency and get it's version. */
     swap_type = state->swap_type[dep->image_id];
-    dep_slot = (swap_type != BOOT_SWAP_TYPE_NONE && swap_type != BOOT_SWAP_TYPE_FAIL) ?
+    dep_slot = (swap_type != BOOT_SWAP_TYPE_NONE) ?
                 BOOT_SECONDARY_SLOT : BOOT_PRIMARY_SLOT;
     dep_version = &state->imgs[dep->image_id][dep_slot].hdr.ih_ver;