| // Copyright (c) 2017-2021 Linaro LTD |
| // Copyright (c) 2018-2019 JUUL Labs |
| // Copyright (c) 2023 Arm Limited |
| // |
| // SPDX-License-Identifier: Apache-2.0 |
| |
| //! HAL api for MyNewt applications |
| |
| use crate::area::CAreaDesc; |
| use log::{Level, log_enabled, warn}; |
| use simflash::{Result, Flash, FlashPtr}; |
| use std::{ |
| cell::RefCell, |
| collections::HashMap, |
| mem, |
| ptr, |
| slice, |
| }; |
| |
| /// A FlashMap maintain a table of [device_id -> Flash trait] |
| pub type FlashMap = HashMap<u8, FlashPtr>; |
| |
| pub struct FlashParamsStruct { |
| align: u32, |
| erased_val: u8, |
| } |
| |
| pub type FlashParams = HashMap<u8, FlashParamsStruct>; |
| |
| /// The `boot_rsp` structure used by boot_go. |
| #[repr(C)] |
| #[derive(Debug)] |
| pub struct BootRsp { |
| pub br_hdr: *const ImageHeader, |
| pub flash_dev_id: u8, |
| pub image_off: u32, |
| } |
| |
| // TODO: Don't duplicate this image header declaration. |
| #[repr(C)] |
| #[derive(Debug)] |
| pub struct ImageHeader { |
| magic: u32, |
| load_addr: u32, |
| hdr_size: u16, |
| protect_tlv_size: u16, |
| img_size: u32, |
| flags: u32, |
| ver: ImageVersion, |
| _pad2: u32, |
| } |
| |
| #[repr(C)] |
| #[derive(Debug)] |
| pub struct ImageVersion { |
| pub major: u8, |
| pub minor: u8, |
| pub revision: u16, |
| pub build_num: u32, |
| } |
| |
| pub struct CAreaDescPtr { |
| pub ptr: *const CAreaDesc, |
| } |
| |
| pub struct FlashContext { |
| flash_map: FlashMap, |
| flash_params: FlashParams, |
| flash_areas: CAreaDescPtr, |
| } |
| |
| impl FlashContext { |
| pub fn new() -> FlashContext { |
| FlashContext { |
| flash_map: HashMap::new(), |
| flash_params: HashMap::new(), |
| flash_areas: CAreaDescPtr{ptr: ptr::null()}, |
| } |
| } |
| } |
| |
| impl Default for FlashContext { |
| fn default() -> FlashContext { |
| FlashContext { |
| flash_map: HashMap::new(), |
| flash_params: HashMap::new(), |
| flash_areas: CAreaDescPtr{ptr: ptr::null()}, |
| } |
| } |
| } |
| |
| #[repr(C)] |
| #[derive(Debug, Default)] |
| pub struct CSimContext { |
| pub flash_counter: libc::c_int, |
| pub jumped: libc::c_int, |
| pub c_asserts: u8, |
| pub c_catch_asserts: u8, |
| // NOTE: Always leave boot_jmpbuf declaration at the end; this should |
| // store a "jmp_buf" which is arch specific and not defined by libc crate. |
| // The size below is enough to store data on a x86_64 machine. |
| pub boot_jmpbuf: [u64; 16], |
| } |
| |
| pub struct CSimContextPtr { |
| pub ptr: *const CSimContext, |
| } |
| |
| impl CSimContextPtr { |
| pub fn new() -> CSimContextPtr { |
| CSimContextPtr { |
| ptr: ptr::null(), |
| } |
| } |
| } |
| |
| impl Default for CSimContextPtr { |
| fn default() -> CSimContextPtr { |
| CSimContextPtr { |
| ptr: ptr::null(), |
| } |
| } |
| } |
| |
| /// This struct describes the RAM layout of the current device. It will be stashed, per test |
| /// thread, and queried by the C code. |
| #[repr(C)] |
| #[derive(Debug, Default)] |
| pub struct BootsimRamInfo { |
| pub start: u32, |
| pub size: u32, |
| pub base: usize, |
| } |
| |
| /// This struct stores the non-volatile security counter per image. It will be stored per test thread, |
| /// and the C code will set / get the values here. |
| #[repr(C)] |
| #[derive(Debug, Default)] |
| pub struct NvCounterStorage { |
| pub storage: Vec<u32>, |
| } |
| |
| impl NvCounterStorage { |
| pub fn new() -> Self { |
| let count = if cfg!(feature = "multiimage") { |
| 2 |
| } else { |
| 1 |
| }; |
| Self { |
| storage: vec![0; count] |
| } |
| } |
| } |
| |
| thread_local! { |
| pub static THREAD_CTX: RefCell<FlashContext> = RefCell::new(FlashContext::new()); |
| pub static SIM_CTX: RefCell<CSimContextPtr> = RefCell::new(CSimContextPtr::new()); |
| pub static RAM_CTX: RefCell<BootsimRamInfo> = RefCell::new(BootsimRamInfo::default()); |
| pub static NV_COUNTER_CTX: RefCell<NvCounterStorage> = RefCell::new(NvCounterStorage::new()); |
| } |
| |
| /// Set the flash device to be used by the simulation. The pointer is unsafely stashed away. |
| /// |
| /// # Safety |
| /// |
| /// This uses mem::transmute to stash a Rust pointer into a C value to |
| /// retrieve later. It should be safe to use this. |
| pub fn set_flash(dev_id: u8, dev: &mut dyn Flash) { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow_mut().flash_params.insert(dev_id, FlashParamsStruct { |
| align: dev.align() as u32, |
| erased_val: dev.erased_val(), |
| }); |
| unsafe { |
| let dev: &'static mut dyn Flash = mem::transmute(dev); |
| ctx.borrow_mut().flash_map.insert( |
| dev_id, FlashPtr{ptr: dev as *mut dyn Flash}); |
| } |
| }); |
| } |
| |
| pub fn clear_flash(dev_id: u8) { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow_mut().flash_map.remove(&dev_id); |
| }); |
| } |
| |
| // This isn't meant to call directly, but by a wrapper. |
| |
| #[no_mangle] |
| pub extern fn sim_get_flash_areas() -> *const CAreaDesc { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow().flash_areas.ptr |
| }) |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_set_flash_areas(areas: *const CAreaDesc) { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow_mut().flash_areas.ptr = areas; |
| }); |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_reset_flash_areas() { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow_mut().flash_areas.ptr = ptr::null(); |
| }); |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_get_context() -> *const CSimContext { |
| SIM_CTX.with(|ctx| { |
| ctx.borrow().ptr |
| }) |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_set_context(ptr: *const CSimContext) { |
| SIM_CTX.with(|ctx| { |
| ctx.borrow_mut().ptr = ptr; |
| }); |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_reset_context() { |
| SIM_CTX.with(|ctx| { |
| ctx.borrow_mut().ptr = ptr::null(); |
| }); |
| } |
| |
| #[no_mangle] |
| pub extern "C" fn bootsim_get_ram_info() -> *const BootsimRamInfo { |
| RAM_CTX.with(|ctx| { |
| if ctx.borrow().base == 0 { |
| // Option is messier to get a pointer out of, so just check if the base has been set to |
| // anything. |
| panic!("ram info not set, but being used"); |
| } |
| ctx.as_ptr() |
| }) |
| } |
| |
| /// Store a copy of this RAM info. |
| pub fn set_ram_info(info: BootsimRamInfo) { |
| RAM_CTX.with(|ctx| { |
| ctx.replace(info); |
| }); |
| } |
| |
| /// Clear out the ram info. |
| pub fn clear_ram_info() { |
| RAM_CTX.with(|ctx| { |
| ctx.borrow_mut().base = 0; |
| }); |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_flash_erase(dev_id: u8, offset: u32, size: u32) -> libc::c_int { |
| let mut rc: libc::c_int = -19; |
| THREAD_CTX.with(|ctx| { |
| if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) { |
| let dev = unsafe { &mut *(flash.ptr) }; |
| rc = map_err(dev.erase(offset as usize, size as usize)); |
| } |
| }); |
| rc |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_flash_read(dev_id: u8, offset: u32, dest: *mut u8, size: u32) -> libc::c_int { |
| let mut rc: libc::c_int = -19; |
| THREAD_CTX.with(|ctx| { |
| if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) { |
| let mut buf: &mut[u8] = unsafe { slice::from_raw_parts_mut(dest, size as usize) }; |
| let dev = unsafe { &mut *(flash.ptr) }; |
| rc = map_err(dev.read(offset as usize, &mut buf)); |
| } |
| }); |
| rc |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_flash_write(dev_id: u8, offset: u32, src: *const u8, size: u32) -> libc::c_int { |
| let mut rc: libc::c_int = -19; |
| THREAD_CTX.with(|ctx| { |
| if let Some(flash) = ctx.borrow().flash_map.get(&dev_id) { |
| let buf: &[u8] = unsafe { slice::from_raw_parts(src, size as usize) }; |
| let dev = unsafe { &mut *(flash.ptr) }; |
| rc = map_err(dev.write(offset as usize, &buf)); |
| } |
| }); |
| rc |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_flash_align(id: u8) -> u32 { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow().flash_params.get(&id).unwrap().align |
| }) |
| } |
| |
| #[no_mangle] |
| pub extern fn sim_flash_erased_val(id: u8) -> u8 { |
| THREAD_CTX.with(|ctx| { |
| ctx.borrow().flash_params.get(&id).unwrap().erased_val |
| }) |
| } |
| |
| fn map_err(err: Result<()>) -> libc::c_int { |
| match err { |
| Ok(()) => 0, |
| Err(e) => { |
| warn!("{}", e); |
| -1 |
| }, |
| } |
| } |
| |
| /// Called by C code to determine if we should log at this level. Levels are defined in |
| /// bootutil/bootutil_log.h. This makes the logging from the C code controlled by bootsim::api, so |
| /// for example, it can be enabled with something like: |
| /// RUST_LOG=bootsim::api=info cargo run --release runall |
| /// or |
| /// RUST_LOG=bootsim=info cargo run --release runall |
| #[no_mangle] |
| pub extern fn sim_log_enabled(level: libc::c_int) -> libc::c_int { |
| let res = match level { |
| 1 => log_enabled!(Level::Error), |
| 2 => log_enabled!(Level::Warn), |
| 3 => log_enabled!(Level::Info), |
| 4 => log_enabled!(Level::Debug), |
| 5 => log_enabled!(Level::Trace), // log level == SIM |
| _ => false, |
| }; |
| if res { |
| 1 |
| } else { |
| 0 |
| } |
| } |
| |
| #[no_mangle] |
| pub extern "C" fn sim_set_nv_counter_for_image(image_index: u32, security_counter_value: u32) -> libc::c_int { |
| let mut rc = 0; |
| NV_COUNTER_CTX.with(|ctx| { |
| let mut counter_storage = ctx.borrow_mut(); |
| if image_index as usize >= counter_storage.storage.len() { |
| rc = -1; |
| return; |
| } |
| if counter_storage.storage[image_index as usize] > security_counter_value { |
| rc = -2; |
| warn!("Failed to set security counter value ({}) for image index {}", security_counter_value, image_index); |
| return; |
| } |
| |
| counter_storage.storage[image_index as usize] = security_counter_value; |
| }); |
| |
| return rc; |
| } |
| |
| #[no_mangle] |
| pub extern "C" fn sim_get_nv_counter_for_image(image_index: u32, security_counter_value: *mut u32) -> libc::c_int { |
| let mut rc = 0; |
| NV_COUNTER_CTX.with(|ctx| { |
| let counter_storage = ctx.borrow(); |
| if image_index as usize >= counter_storage.storage.len() { |
| rc = -1; |
| return; |
| } |
| unsafe { *security_counter_value = counter_storage.storage[image_index as usize] }; |
| |
| }); |
| return rc; |
| } |