From f9919d15fbec8d1ec830a2c7d9f502e666cdeb1c Mon Sep 17 00:00:00 2001 From: Lionel Ains Date: Sat, 23 Nov 2024 16:01:08 +0100 Subject: [PATCH 1/3] Fixing boot freeze when update partition content is broken --- boards/bootloaders/stm32h723/Cargo.toml | 5 ++-- boards/bootloaders/stm32h723/src/main.rs | 4 ++++ boards/hal/Cargo.toml | 3 ++- boards/update/Cargo.toml | 3 ++- boards/update/src/update/update_flash.rs | 30 +++++++++++------------- rustBoot/Cargo.toml | 5 ++-- rustBoot/src/image/image.rs | 2 +- 7 files changed, 29 insertions(+), 23 deletions(-) diff --git a/boards/bootloaders/stm32h723/Cargo.toml b/boards/bootloaders/stm32h723/Cargo.toml index 13fc2d16..1839de30 100644 --- a/boards/bootloaders/stm32h723/Cargo.toml +++ b/boards/bootloaders/stm32h723/Cargo.toml @@ -15,8 +15,9 @@ test = false [dependencies] cortex-m = { version = "0.7", features = ["critical-section-single-core"] } cortex-m-rt = "0.7" -defmt = {version = "0.3.1", optional = true} -defmt-rtt = {version = "0.3.2", optional = true} +defmt = {version = "0.3.8", optional = true} +defmt-rtt = {version = "0.4.1", optional = true} +panic-probe = {version = "0.3.2", features = ["print-defmt"] } rustBoot-hal = {path = "../../hal", default-features = false, features = ["stm32h723"]} rustBoot-update = {path = "../../update", features = ["stm32h723"]} diff --git a/boards/bootloaders/stm32h723/src/main.rs b/boards/bootloaders/stm32h723/src/main.rs index 520235fd..d8479d47 100644 --- a/boards/bootloaders/stm32h723/src/main.rs +++ b/boards/bootloaders/stm32h723/src/main.rs @@ -9,15 +9,19 @@ use rustBoot_update::update::{update_flash::FlashUpdater, UpdateInterface}; use cortex_m_rt::entry; +use panic_probe as _; + #[entry] fn main() -> ! { let updater = FlashUpdater::new(FlashWriterEraser::new()); updater.rustboot_start() } +/* #[panic_handler] // panicking behavior fn panic(_: &core::panic::PanicInfo) -> ! { loop { cortex_m::asm::bkpt(); } } +*/ \ No newline at end of file diff --git a/boards/hal/Cargo.toml b/boards/hal/Cargo.toml index c7d22ec6..f157b417 100644 --- a/boards/hal/Cargo.toml +++ b/boards/hal/Cargo.toml @@ -26,7 +26,7 @@ test = false [dependencies] # common dependencies cortex-m = { version = "0.7", features = ["critical-section-single-core"] } -defmt = {version = "0.3.1", optional = true} +defmt = {version = "0.3.8"} # platform specific dependencies for aarch64 # [target.'cfg(target_arch = "aarch64")'.dependencies] aarch64-cpu = {version = "9.3.1", path = "./src/nxp/imx8mn/aarch64-cpu", optional = true} @@ -43,6 +43,7 @@ stm32f7xx-hal = {version = "0.7.0", features = ["stm32f746", "rt"],optional = tr stm32f3xx-hal = {version = "0.9.1", features = ["stm32f334x8", "rt"],optional = true} # platform specific dependencies for rp-pico rp2040-hal = {version = "0.7.0", optional = true} +defmt-rtt = "0.4.1" # platform specific dependencies for stm32f4 series [dependencies.stm32f4xx-hal] version = "0.14.0" diff --git a/boards/update/Cargo.toml b/boards/update/Cargo.toml index 1cef0403..08927197 100644 --- a/boards/update/Cargo.toml +++ b/boards/update/Cargo.toml @@ -24,9 +24,10 @@ doctest = false test = false [dependencies] -defmt = {version = "0.3.2", optional = true} +defmt = {version = "0.3.8"} rustBoot = {path = "../../rustBoot", default-features = true, features = ["mcu"]} rustBoot-hal = {path = "../hal"} +defmt-rtt = "0.4.1" [features] default = [] diff --git a/boards/update/src/update/update_flash.rs b/boards/update/src/update/update_flash.rs index 045cc3da..6b84fcdd 100644 --- a/boards/update/src/update/update_flash.rs +++ b/boards/update/src/update/update_flash.rs @@ -168,12 +168,11 @@ where { return Err(RustbootError::ECCError); } - if (!updt_part.hdr_ok - || updt.verify_integrity::().is_err() - || updt.verify_authenticity::().is_err()) - { - panic!("firmware authentication failed"); + if (!updt_part.hdr_ok) { + return Err(RustbootError::InvalidImage); } + updt.verify_integrity::()?; + updt.verify_authenticity::()?; } // disallow downgrades match boot { @@ -272,25 +271,24 @@ where Interface: FlashInterface, { fn rustboot_start(self) -> ! { + let trigger_rollback = || -> Result<()> { + self.update_trigger(); + self.rustboot_update(true)?; + Ok(()) + }; let mut boot = PartDescriptor::open_partition(Boot, self).unwrap(); let updt = PartDescriptor::open_partition(Update, self).unwrap(); // Check the BOOT partition for state - if it is still in TESTING, trigger rollback. if let ImageType::BootInTestingState(_v) = boot { - self.update_trigger(); - match self.rustboot_update(true) { - Ok(_v) => {} - Err(_e) => { - panic!("rollback failed.") - } + if trigger_rollback().is_err() { + panic!("rollback failed."); } // Check the UPDATE partition for state - if it is marked as UPDATING, trigger update. } else if let ImageType::UpdateInUpdatingState(_v) = updt { - match self.rustboot_update(false) { - Ok(_v) => {} - Err(_e) => { - panic!("update-swap failed.") - } + if self.rustboot_update(false).is_err() { + /* If update cannot be performed, launch former boot partition by default */ + defmt::error!("Starting update to new fw failed. Booting former fw"); } } else { match boot { diff --git a/rustBoot/Cargo.toml b/rustBoot/Cargo.toml index 2d91f517..f77215f7 100644 --- a/rustBoot/Cargo.toml +++ b/rustBoot/Cargo.toml @@ -24,7 +24,8 @@ version = "0.1.0" # common dependencies as-slice = "0.2.1" byteorder = {version = "1.4.3", default-features = false} -defmt = {version = "0.3.1", optional = true} +defmt = {version = "0.3.8"} +defmt-rtt = "0.4.1" log = {version = "0.4", default-features = false, optional = true} # rustBoot parser dependencies nom = {version = "7.1.0", default-features = false} @@ -60,4 +61,4 @@ stm32f469 = ["mcu"] stm32h723 = ["mcu"] stm32f746 = ["mcu"] stm32f334 = ["mcu"] -rp2040 = ["mcu"] \ No newline at end of file +rp2040 = ["mcu"] diff --git a/rustBoot/src/image/image.rs b/rustBoot/src/image/image.rs index 4205a25e..96ba1591 100644 --- a/rustBoot/src/image/image.rs +++ b/rustBoot/src/image/image.rs @@ -569,7 +569,7 @@ impl<'a, Part: ValidPart + Swappable, State: TypeState> RustbootImage<'a, Part, let hasher = compute_img_hash::(self, fw_size)?; let computed_hash = hasher.finalize(); if computed_hash.as_slice() != stored_hash { - panic!("..integrity check failed"); + return Err(RustbootError::IntegrityCheckFailed); } integrity_check = true; Some(stored_hash.as_ptr()) From 5c180494561b4553f334f41d905c4b78948a71bf Mon Sep 17 00:00:00 2001 From: Lionel Ains Date: Sat, 23 Nov 2024 16:03:55 +0100 Subject: [PATCH 2/3] Removing debug --- boards/bootloaders/stm32h723/Cargo.toml | 1 - boards/bootloaders/stm32h723/src/main.rs | 4 ---- boards/hal/Cargo.toml | 3 +-- boards/hal/src/rpi/rpi4/panic_wait.rs | 2 +- boards/update/Cargo.toml | 3 +-- boards/update/src/update/update_flash.rs | 1 - rustBoot/Cargo.toml | 3 +-- 7 files changed, 4 insertions(+), 13 deletions(-) diff --git a/boards/bootloaders/stm32h723/Cargo.toml b/boards/bootloaders/stm32h723/Cargo.toml index 1839de30..89deadb8 100644 --- a/boards/bootloaders/stm32h723/Cargo.toml +++ b/boards/bootloaders/stm32h723/Cargo.toml @@ -17,7 +17,6 @@ cortex-m = { version = "0.7", features = ["critical-section-single-core"] } cortex-m-rt = "0.7" defmt = {version = "0.3.8", optional = true} defmt-rtt = {version = "0.4.1", optional = true} -panic-probe = {version = "0.3.2", features = ["print-defmt"] } rustBoot-hal = {path = "../../hal", default-features = false, features = ["stm32h723"]} rustBoot-update = {path = "../../update", features = ["stm32h723"]} diff --git a/boards/bootloaders/stm32h723/src/main.rs b/boards/bootloaders/stm32h723/src/main.rs index d8479d47..520235fd 100644 --- a/boards/bootloaders/stm32h723/src/main.rs +++ b/boards/bootloaders/stm32h723/src/main.rs @@ -9,19 +9,15 @@ use rustBoot_update::update::{update_flash::FlashUpdater, UpdateInterface}; use cortex_m_rt::entry; -use panic_probe as _; - #[entry] fn main() -> ! { let updater = FlashUpdater::new(FlashWriterEraser::new()); updater.rustboot_start() } -/* #[panic_handler] // panicking behavior fn panic(_: &core::panic::PanicInfo) -> ! { loop { cortex_m::asm::bkpt(); } } -*/ \ No newline at end of file diff --git a/boards/hal/Cargo.toml b/boards/hal/Cargo.toml index f157b417..b48269d7 100644 --- a/boards/hal/Cargo.toml +++ b/boards/hal/Cargo.toml @@ -26,7 +26,7 @@ test = false [dependencies] # common dependencies cortex-m = { version = "0.7", features = ["critical-section-single-core"] } -defmt = {version = "0.3.8"} +defmt = {version = "0.3.8", optional = true} # platform specific dependencies for aarch64 # [target.'cfg(target_arch = "aarch64")'.dependencies] aarch64-cpu = {version = "9.3.1", path = "./src/nxp/imx8mn/aarch64-cpu", optional = true} @@ -43,7 +43,6 @@ stm32f7xx-hal = {version = "0.7.0", features = ["stm32f746", "rt"],optional = tr stm32f3xx-hal = {version = "0.9.1", features = ["stm32f334x8", "rt"],optional = true} # platform specific dependencies for rp-pico rp2040-hal = {version = "0.7.0", optional = true} -defmt-rtt = "0.4.1" # platform specific dependencies for stm32f4 series [dependencies.stm32f4xx-hal] version = "0.14.0" diff --git a/boards/hal/src/rpi/rpi4/panic_wait.rs b/boards/hal/src/rpi/rpi4/panic_wait.rs index 8546a1a4..c352cb92 100644 --- a/boards/hal/src/rpi/rpi4/panic_wait.rs +++ b/boards/hal/src/rpi/rpi4/panic_wait.rs @@ -75,7 +75,7 @@ fn panic(info: &PanicInfo) -> ! { location, line, column, - info.message(), + info.message().unwrap_or(&format_args!("")), ); cpu_core::wait_forever() diff --git a/boards/update/Cargo.toml b/boards/update/Cargo.toml index 08927197..69a4a25c 100644 --- a/boards/update/Cargo.toml +++ b/boards/update/Cargo.toml @@ -24,10 +24,9 @@ doctest = false test = false [dependencies] -defmt = {version = "0.3.8"} +defmt = {version = "0.3.8", optional = true} rustBoot = {path = "../../rustBoot", default-features = true, features = ["mcu"]} rustBoot-hal = {path = "../hal"} -defmt-rtt = "0.4.1" [features] default = [] diff --git a/boards/update/src/update/update_flash.rs b/boards/update/src/update/update_flash.rs index 6b84fcdd..5ce30496 100644 --- a/boards/update/src/update/update_flash.rs +++ b/boards/update/src/update/update_flash.rs @@ -288,7 +288,6 @@ where } else if let ImageType::UpdateInUpdatingState(_v) = updt { if self.rustboot_update(false).is_err() { /* If update cannot be performed, launch former boot partition by default */ - defmt::error!("Starting update to new fw failed. Booting former fw"); } } else { match boot { diff --git a/rustBoot/Cargo.toml b/rustBoot/Cargo.toml index f77215f7..311092d0 100644 --- a/rustBoot/Cargo.toml +++ b/rustBoot/Cargo.toml @@ -24,8 +24,7 @@ version = "0.1.0" # common dependencies as-slice = "0.2.1" byteorder = {version = "1.4.3", default-features = false} -defmt = {version = "0.3.8"} -defmt-rtt = "0.4.1" +defmt = {version = "0.3.8", optional = true} log = {version = "0.4", default-features = false, optional = true} # rustBoot parser dependencies nom = {version = "7.1.0", default-features = false} From 6274505a961df7cd862fb4767d4fff104e96a9f8 Mon Sep 17 00:00:00 2001 From: Lionel Ains Date: Sat, 23 Nov 2024 16:05:45 +0100 Subject: [PATCH 3/3] Reverting panic format tweak done for defmt --- boards/hal/src/rpi/rpi4/panic_wait.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/boards/hal/src/rpi/rpi4/panic_wait.rs b/boards/hal/src/rpi/rpi4/panic_wait.rs index c352cb92..8546a1a4 100644 --- a/boards/hal/src/rpi/rpi4/panic_wait.rs +++ b/boards/hal/src/rpi/rpi4/panic_wait.rs @@ -75,7 +75,7 @@ fn panic(info: &PanicInfo) -> ! { location, line, column, - info.message().unwrap_or(&format_args!("")), + info.message(), ); cpu_core::wait_forever()