Merge pull request #409 from danielinux/no_backup_powerfail

jpbland1 · web-flow · commit 3166b075269c · 2024-02-26T13:02:39.000-05:00
DISABLE_BACKUP is now powerfail-safe.
diff --git a/.github/workflows/test-powerfail-simulator.yml b/.github/workflows/test-powerfail-simulator.yml
@@ -416,3 +416,85 @@ jobs:
       - name: Run update-revert test with power failures (AES128 DELTA)
         run: |
           tools/scripts/sim-update-powerfail-resume.sh
+
+    # TEST with backup disabled
+      - name: make clean
+        run: |
+          make distclean
+      - name: Select config with backup disabled
+        run: |
+          cp config/examples/sim-nobackup.config .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run update test with DISABLE_BACKUP and powefail
+        run: |
+          tools/scripts/sim-update-powerfail-resume-nobackup.sh
+    # TEST with backup disabled + NVM_WRITEONCE
+      - name: make clean
+        run: |
+          make distclean
+      - name: Select config with backup disabled + NVM WRITEONCE
+        run: |
+          cp config/examples/sim-nobackup-nvm-writeonce.config .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run update test with DISABLE_BACKUP and powefail
+        run: |
+          tools/scripts/sim-update-powerfail-resume-nobackup.sh
+    # TEST with backup disabled + FLAGS_HOME
+      - name: make clean
+        run: |
+          make distclean
+      - name: Select config with backup disabled + FLAGS_HOME
+        run: |
+          cp config/examples/sim-nobackup-flags-home.config .config
+
+      - name: Build tools
+        run: |
+          make -C tools/keytools && make -C tools/bin-assemble
+
+      - name: Build wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run sunny day update test
+        run: |
+          tools/scripts/sim-sunnyday-update.sh
+
+      - name: Rebuild wolfboot.elf
+        run: |
+          make clean && make test-sim-internal-flash-with-update
+
+      - name: Run update test with DISABLE_BACKUP and powefail
+        run: |
+          tools/scripts/sim-update-powerfail-resume-nobackup.sh
diff --git a/config/examples/sim-nobackup-flags-home.config b/config/examples/sim-nobackup-flags-home.config
@@ -0,0 +1,24 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ED25519
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=1
+SPI_FLASH=0
+DEBUG=1
+SPMATH?=0
+DISABLE_BACKUP=1
+FLAGS_HOME=1
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC
diff --git a/config/examples/sim-nobackup-nvm-writeonce.config b/config/examples/sim-nobackup-nvm-writeonce.config
@@ -0,0 +1,24 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ED25519
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=1
+SPI_FLASH=0
+DEBUG=1
+SPMATH?=0
+DISABLE_BACKUP=1
+NVM_WRITEONCE=1 
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC
diff --git a/config/examples/sim-nobackup.config b/config/examples/sim-nobackup.config
@@ -0,0 +1,23 @@
+ARCH=sim
+TARGET=sim
+SIGN?=ED25519
+HASH?=SHA256
+WOLFBOOT_SMALL_STACK?=1
+SPI_FLASH=0
+DEBUG=1
+SPMATH?=0
+DISABLE_BACKUP=1
+
+# sizes should be multiple of system page size
+WOLFBOOT_PARTITION_SIZE=0x40000
+WOLFBOOT_SECTOR_SIZE=0x1000
+WOLFBOOT_PARTITION_BOOT_ADDRESS=0x80000
+# if on external flash, it should be multiple of system page size
+WOLFBOOT_PARTITION_UPDATE_ADDRESS=0x100000
+WOLFBOOT_PARTITION_SWAP_ADDRESS=0x180000
+
+# required for keytools
+WOLFBOOT_FIXED_PARTITIONS=1
+
+# For debugging XMALLOC/XFREE
+#CFLAGS_EXTRA+=-DWOLFBOOT_DEBUG_MALLOC
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -553,23 +553,14 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
 #endif
     hal_flash_lock();
 #else /* DISABLE_BACKUP */
-#warning "Backup mechanism disabled! Update installation will not be interruptible"
-    /* Read encryption key/IV before starting the update */
 #ifdef EXT_ENCRYPTED
     wolfBoot_get_encrypt_key(key, nonce);
 #endif
 
     /* Directly copy the content of the UPDATE partition into the BOOT partition.
-     * This mechanism is not fail-safe, and will brick your device if interrupted
-     * before the copy is finished.
      */
     while ((sector * sector_size) < total_size) {
-        if ((wolfBoot_get_update_sector_flag(sector, &flag) != 0) || (flag == SECT_FLAG_NEW)) {
-           flag = SECT_FLAG_SWAPPING;
-           wolfBoot_copy_sector(&update, &boot, sector);
-           if (((sector + 1) * sector_size) < WOLFBOOT_PARTITION_SIZE)
-               wolfBoot_set_update_sector_flag(sector, flag);
-        }
+        wolfBoot_copy_sector(&update, &boot, sector);
         sector++;
     }
     while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) {
@@ -578,7 +569,6 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed)
     }
     st = IMG_STATE_SUCCESS;
     wolfBoot_set_partition_state(PART_BOOT, st);
-
 #ifdef EXT_FLASH
     ext_flash_lock();
 #endif
diff --git a/tools/scripts/sim-update-powerfail-resume-nobackup.sh b/tools/scripts/sim-update-powerfail-resume-nobackup.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+V=`./wolfboot.elf update_trigger get_version 2>/dev/null`
+if [ "x$V" != "x1" ]; then
+    echo "Failed first boot with update_trigger"
+    exit 1
+fi
+
+./wolfboot.elf powerfail 0 get_version 2>/dev/null
+./wolfboot.elf powerfail 15000 get_version 2>/dev/null
+./wolfboot.elf powerfail 18000 get_version 2>/dev/null
+./wolfboot.elf powerfail 1a000 get_version 2>/dev/null
+# fail on the last sector to stop the encrypt key save and state update
+./wolfboot.elf powerfail 3e000 get_version 2>/dev/null
+# may not trigger on non NVM_FLASH_WRITEONCE
+V=`./wolfboot.elf powerfail 3f000 get_version` 2>/dev/null
+if [ "x$V" != "x2" ]; then
+    V=`./wolfboot.elf get_version 2>/dev/null`
+    # if we failed on the final boot state write we need to double fallback
+    if [ "x$V" == "x1" ]; then
+        V=`./wolfboot.elf get_version 2>/dev/null`
+    fi
+fi
+
+if [ "x$V" != "x2" ]; then
+    echo "Failed update (V: $V)"
+    exit 1
+fi
+
+echo Test successful.
+exit 0
