| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 1 | # Porting How-To |
| 2 | |
| 3 | This document describes the requirements and necessary steps required to port |
| 4 | `mcuboot` to a new target `OS`. |
| 5 | |
| 6 | # Requirements |
| 7 | |
| 8 | * `mcuboot` requires that the target provides a `flash` API with ability to |
| Fabio Utzig | e2d99f8 | 2017-06-28 19:33:33 -0300 | [diff] [blame^] | 9 | get the flash's minimum write size, and read/write/erase individual sectors. |
| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 10 | |
| 11 | * `mcuboot` doesn't bundle a cryptographic library, which means the target |
| 12 | OS must already have it bundled. The supported libraries at the moment are |
| Fabio Utzig | e2d99f8 | 2017-06-28 19:33:33 -0300 | [diff] [blame^] | 13 | either `mbed TLS` or the set `tinycrypt` + `mbed TLS` (where `mbed TLS` is |
| 14 | used to provide functionality not existing in `tinycrypt`). |
| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 15 | |
| 16 | * TODO: what more? |
| 17 | |
| 18 | # Steps to port |
| 19 | |
| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 20 | ## Main app and calling the bootloader |
| 21 | |
| 22 | From the perspective of the target OS, the bootloader can be seen as a library, |
| 23 | so an entry point must be provided. This is likely a typical `app` for the |
| 24 | target OS, and it must call the following function to run the bootloader: |
| 25 | |
| 26 | ```c |
| 27 | int boot_go(struct boot_rsp *rsp); |
| 28 | ``` |
| 29 | |
| 30 | This function is located at `boot/bootutil/loader.c` and receives a `struct |
| 31 | boot_rsp` pointer. The `struct boot_rsp` is defined as: |
| 32 | |
| 33 | ```c |
| 34 | struct boot_rsp { |
| 35 | /** A pointer to the header of the image to be executed. */ |
| 36 | const struct image_header *br_hdr; |
| 37 | |
| 38 | /** |
| 39 | * The flash offset of the image to execute. Indicates the position of |
| 40 | * the image header. |
| 41 | */ |
| 42 | uint8_t br_flash_id; |
| 43 | uint32_t br_image_addr; |
| 44 | }; |
| 45 | ``` |
| 46 | |
| 47 | After running the management functions of the bootloader, `boot_go` returns |
| 48 | an initialized `boot_rsp` which has pointers to the location of the image |
| 49 | where the target firmware is located which can be used to jump to. |
| 50 | |
| 51 | ## Flash access and flash Map |
| 52 | |
| 53 | * Regarding flash access the bootloader has two requirements: |
| 54 | |
| 55 | ### hal_flash_align |
| 56 | |
| Fabio Utzig | e2d99f8 | 2017-06-28 19:33:33 -0300 | [diff] [blame^] | 57 | `mcuboot` needs to know the write size (and alignment) of the flash. To get |
| 58 | this information it calls `hal_flash_align`. |
| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 59 | |
| 60 | TODO: this needs to die and move to flash_map... |
| 61 | |
| 62 | ### flash_map |
| 63 | |
| 64 | The bootloader requires a `flash_map` to be able to know how the flash is |
| Fabio Utzig | e2d99f8 | 2017-06-28 19:33:33 -0300 | [diff] [blame^] | 65 | partitioned. A `flash_map` consists of `struct flash_area` entries |
| 66 | specifying the partitions, where a `flash_area` defined as follows: |
| Fabio Utzig | 01ccb19 | 2017-05-08 09:17:50 -0300 | [diff] [blame] | 67 | |
| 68 | ```c |
| 69 | struct flash_area { |
| 70 | uint8_t fa_id; /** The slot/scratch identification */ |
| 71 | uint8_t fa_device_id; /** The device id (usually there's only one) */ |
| 72 | uint16_t pad16; |
| 73 | uint32_t fa_off; /** The flash offset from the beginning */ |
| 74 | uint32_t fa_size; /** The size of this sector */ |
| 75 | }; |
| 76 | ``` |
| 77 | |
| 78 | `fa_id` is can be one of the following options: |
| 79 | |
| 80 | ```c |
| 81 | #define FLASH_AREA_IMAGE_0 1 |
| 82 | #define FLASH_AREA_IMAGE_1 2 |
| 83 | #define FLASH_AREA_IMAGE_SCRATCH 3 |
| 84 | ``` |
| 85 | |
| 86 | The functions that must be defined for working with the `flash_area`s are: |
| 87 | |
| 88 | ```c |
| 89 | /*< Opens the area for use. id is one of the `fa_id`s */ |
| 90 | int flash_area_open(uint8_t id, const struct flash_area **); |
| 91 | void flash_area_close(const struct flash_area *); |
| 92 | /*< Reads `len` bytes of flash memory at `off` to the buffer at `dst` */ |
| 93 | int flash_area_read(const struct flash_area *, uint32_t off, void *dst, |
| 94 | uint32_t len); |
| 95 | /*< Writes `len` bytes of flash memory at `off` from the buffer at `src` */ |
| 96 | int flash_area_write(const struct flash_area *, uint32_t off, |
| 97 | const void *src, uint32_t len); |
| 98 | /*< Erases `len` bytes of flash memory at `off` */ |
| 99 | int flash_area_erase(const struct flash_area *, uint32_t off, uint32_t len); |
| 100 | /*< Returns this `flash_area`s alignment */ |
| 101 | uint8_t flash_area_align(const struct flash_area *); |
| 102 | /*< TODO */ |
| 103 | int flash_area_to_sectors(int idx, int *cnt, struct flash_area *ret); |
| 104 | /*< Returns the `fa_id` for slot, where slot is 0 or 1 */ |
| 105 | int flash_area_id_from_image_slot(int slot); |
| 106 | /*< Returns the slot, for the `fa_id` supplied */ |
| 107 | int flash_area_id_to_image_slot(int area_id); |
| 108 | ``` |
| 109 | |
| 110 | ## Memory management for mbed TLS |
| 111 | |
| 112 | `mbed TLS` employs dynamic allocation of memory, making use of the pair |
| 113 | `calloc/free`. If `mbed TLS` is to be used for crypto, your target RTOS |
| 114 | needs to provide this pair of function. |
| 115 | |
| 116 | To configure the what functions are called when allocating/deallocating |
| 117 | memory `mbed TLS` uses the following call [^cite1]: |
| 118 | |
| 119 | ``` |
| 120 | int mbedtls_platform_set_calloc_free (void *(*calloc_func)(size_t, size_t), |
| 121 | void (*free_func)(void *)); |
| 122 | ``` |
| 123 | |
| 124 | If your system already provides functions with compatible signatures, those |
| 125 | can be used directly here, otherwise create new functions that glue to |
| 126 | your `calloc/free` implementations. |
| 127 | |
| 128 | [^cite1]```https://tls.mbed.org/api/platform_8h.html``` |