| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame^] | 1 | # Porting How-To |
| 2 | |
| 3 | This document describes the requirements and necessary steps required to port |
| 4 | `mcuboot` to a new target `OS`. |
| 5 | |
| 6 | # Requirements |
| 7 | |
| 8 | * `mcuboot` requires that the target provides a `flash` API with ability to |
| 9 | get flash alignment and read/write/erase individual sectors. |
| 10 | |
| 11 | * `mcuboot` doesn't bundle a cryptographic library, which means the target |
| 12 | OS must already have it bundled. The supported libraries at the moment are |
| 13 | `tinycrypt` and `mbed TLS`. |
| 14 | |
| 15 | * TODO: what more? |
| 16 | |
| 17 | # Steps to port |
| 18 | |
| 19 | ## Configuration options macro |
| 20 | |
| 21 | Configuration options are checked with the macro `MYNEWT_VAL(x)` where `x` |
| 22 | is the configuration to get the value for. This enables support for OSes with |
| 23 | configuration systems that don't take the `#define ...` format. If the target |
| 24 | OS uses `#define ...` one can simply use the following definition: |
| 25 | |
| 26 | ```c |
| 27 | #define MYNEWT_VAL(x) (x) |
| 28 | ``` |
| 29 | |
| 30 | If your system uses another method, like build config files, a proper faรงade |
| 31 | must be defined. |
| 32 | |
| 33 | ## Main app and calling the bootloader |
| 34 | |
| 35 | From the perspective of the target OS, the bootloader can be seen as a library, |
| 36 | so an entry point must be provided. This is likely a typical `app` for the |
| 37 | target OS, and it must call the following function to run the bootloader: |
| 38 | |
| 39 | ```c |
| 40 | int boot_go(struct boot_rsp *rsp); |
| 41 | ``` |
| 42 | |
| 43 | This function is located at `boot/bootutil/loader.c` and receives a `struct |
| 44 | boot_rsp` pointer. The `struct boot_rsp` is defined as: |
| 45 | |
| 46 | ```c |
| 47 | struct boot_rsp { |
| 48 | /** A pointer to the header of the image to be executed. */ |
| 49 | const struct image_header *br_hdr; |
| 50 | |
| 51 | /** |
| 52 | * The flash offset of the image to execute. Indicates the position of |
| 53 | * the image header. |
| 54 | */ |
| 55 | uint8_t br_flash_id; |
| 56 | uint32_t br_image_addr; |
| 57 | }; |
| 58 | ``` |
| 59 | |
| 60 | After running the management functions of the bootloader, `boot_go` returns |
| 61 | an initialized `boot_rsp` which has pointers to the location of the image |
| 62 | where the target firmware is located which can be used to jump to. |
| 63 | |
| 64 | ## Flash access and flash Map |
| 65 | |
| 66 | * Regarding flash access the bootloader has two requirements: |
| 67 | |
| 68 | ### hal_flash_align |
| 69 | |
| 70 | `mcuboot` needs to know the alignment of the flash. To get this information it |
| 71 | calls `hal_flash_align`. |
| 72 | |
| 73 | TODO: this needs to die and move to flash_map... |
| 74 | |
| 75 | ### flash_map |
| 76 | |
| 77 | The bootloader requires a `flash_map` to be able to know how the flash is |
| 78 | "partitioned". A `flash_map` consists of `struct flash_area` entries |
| 79 | specifying the "partitions", where a `flash_area` defined as follows: |
| 80 | |
| 81 | ```c |
| 82 | struct flash_area { |
| 83 | uint8_t fa_id; /** The slot/scratch identification */ |
| 84 | uint8_t fa_device_id; /** The device id (usually there's only one) */ |
| 85 | uint16_t pad16; |
| 86 | uint32_t fa_off; /** The flash offset from the beginning */ |
| 87 | uint32_t fa_size; /** The size of this sector */ |
| 88 | }; |
| 89 | ``` |
| 90 | |
| 91 | `fa_id` is can be one of the following options: |
| 92 | |
| 93 | ```c |
| 94 | #define FLASH_AREA_IMAGE_0 1 |
| 95 | #define FLASH_AREA_IMAGE_1 2 |
| 96 | #define FLASH_AREA_IMAGE_SCRATCH 3 |
| 97 | ``` |
| 98 | |
| 99 | The functions that must be defined for working with the `flash_area`s are: |
| 100 | |
| 101 | ```c |
| 102 | /*< Opens the area for use. id is one of the `fa_id`s */ |
| 103 | int flash_area_open(uint8_t id, const struct flash_area **); |
| 104 | void flash_area_close(const struct flash_area *); |
| 105 | /*< Reads `len` bytes of flash memory at `off` to the buffer at `dst` */ |
| 106 | int flash_area_read(const struct flash_area *, uint32_t off, void *dst, |
| 107 | uint32_t len); |
| 108 | /*< Writes `len` bytes of flash memory at `off` from the buffer at `src` */ |
| 109 | int flash_area_write(const struct flash_area *, uint32_t off, |
| 110 | const void *src, uint32_t len); |
| 111 | /*< Erases `len` bytes of flash memory at `off` */ |
| 112 | int flash_area_erase(const struct flash_area *, uint32_t off, uint32_t len); |
| 113 | /*< Returns this `flash_area`s alignment */ |
| 114 | uint8_t flash_area_align(const struct flash_area *); |
| 115 | /*< TODO */ |
| 116 | int flash_area_to_sectors(int idx, int *cnt, struct flash_area *ret); |
| 117 | /*< Returns the `fa_id` for slot, where slot is 0 or 1 */ |
| 118 | int flash_area_id_from_image_slot(int slot); |
| 119 | /*< Returns the slot, for the `fa_id` supplied */ |
| 120 | int flash_area_id_to_image_slot(int area_id); |
| 121 | ``` |
| 122 | |
| 123 | ## Memory management for mbed TLS |
| 124 | |
| 125 | `mbed TLS` employs dynamic allocation of memory, making use of the pair |
| 126 | `calloc/free`. If `mbed TLS` is to be used for crypto, your target RTOS |
| 127 | needs to provide this pair of function. |
| 128 | |
| 129 | To configure the what functions are called when allocating/deallocating |
| 130 | memory `mbed TLS` uses the following call [^cite1]: |
| 131 | |
| 132 | ``` |
| 133 | int mbedtls_platform_set_calloc_free (void *(*calloc_func)(size_t, size_t), |
| 134 | void (*free_func)(void *)); |
| 135 | ``` |
| 136 | |
| 137 | If your system already provides functions with compatible signatures, those |
| 138 | can be used directly here, otherwise create new functions that glue to |
| 139 | your `calloc/free` implementations. |
| 140 | |
| 141 | [^cite1]```https://tls.mbed.org/api/platform_8h.html``` |