From 56e6b6bee6bd6087b35857e8aa1a011f6e83f703 Mon Sep 17 00:00:00 2001 From: Badr Bouslikhin Date: Mon, 12 Feb 2024 23:24:21 +0100 Subject: [PATCH] refactor(boot): move page erase index out of state --- embassy-boot/src/firmware_updater/asynch.rs | 14 +++++--------- embassy-boot/src/firmware_updater/blocking.rs | 14 +++++--------- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/embassy-boot/src/firmware_updater/asynch.rs b/embassy-boot/src/firmware_updater/asynch.rs index d31eff005..b76668136 100644 --- a/embassy-boot/src/firmware_updater/asynch.rs +++ b/embassy-boot/src/firmware_updater/asynch.rs @@ -13,6 +13,7 @@ use crate::{FirmwareUpdaterError, State, BOOT_MAGIC, DFU_DETACH_MAGIC, STATE_ERA pub struct FirmwareUpdater<'d, DFU: NorFlash, STATE: NorFlash> { dfu: DFU, state: FirmwareState<'d, STATE>, + last_erased_dfu_page_index: Option, } #[cfg(target_os = "none")] @@ -56,6 +57,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { Self { dfu: config.dfu, state: FirmwareState::new(config.state, aligned), + last_erased_dfu_page_index: None, } } @@ -72,7 +74,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { /// proceed with updating the firmware as it must be signed with a /// corresponding private key (otherwise it could be malicious firmware). /// - /// Mark to trigger firmware swap on next boot if verify suceeds. + /// Mark to trigger firmware swap on next boot if verify succeeds. /// /// If the "ed25519-salty" feature is set (or another similar feature) then the signature is expected to have /// been generated from a SHA-512 digest of the firmware bytes. @@ -213,14 +215,13 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { let sector_end = sector_start + DFU::ERASE_SIZE; // Determine if the current sector needs to be erased before writing. let need_erase = self - .state .last_erased_dfu_page_index .map_or(true, |last_erased_sector| current_sector != last_erased_sector); // If the sector needs to be erased, erase it and update the last erased sector index. if need_erase { self.dfu.erase(sector_start as u32, sector_end as u32).await?; - self.state.last_erased_dfu_page_index = Some(current_sector); + self.last_erased_dfu_page_index = Some(current_sector); } // Calculate the size of the data chunk that can be written in the current iteration. @@ -258,7 +259,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> { pub struct FirmwareState<'d, STATE> { state: STATE, aligned: &'d mut [u8], - last_erased_dfu_page_index: Option, } impl<'d, STATE: NorFlash> FirmwareState<'d, STATE> { @@ -280,11 +280,7 @@ impl<'d, STATE: NorFlash> FirmwareState<'d, STATE> { /// and follow the alignment rules for the flash being read from and written to. pub fn new(state: STATE, aligned: &'d mut [u8]) -> Self { assert_eq!(aligned.len(), STATE::WRITE_SIZE.max(STATE::READ_SIZE)); - Self { - state, - aligned, - last_erased_dfu_page_index: None, - } + Self { state, aligned } } // Make sure we are running a booted firmware to avoid reverting to a bad state. diff --git a/embassy-boot/src/firmware_updater/blocking.rs b/embassy-boot/src/firmware_updater/blocking.rs index 5b8076f81..eb96a9523 100644 --- a/embassy-boot/src/firmware_updater/blocking.rs +++ b/embassy-boot/src/firmware_updater/blocking.rs @@ -13,6 +13,7 @@ use crate::{FirmwareUpdaterError, State, BOOT_MAGIC, DFU_DETACH_MAGIC, STATE_ERA pub struct BlockingFirmwareUpdater<'d, DFU: NorFlash, STATE: NorFlash> { dfu: DFU, state: BlockingFirmwareState<'d, STATE>, + last_erased_dfu_page_index: Option, } #[cfg(target_os = "none")] @@ -91,6 +92,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> Self { dfu: config.dfu, state: BlockingFirmwareState::new(config.state, aligned), + last_erased_dfu_page_index: None, } } @@ -107,7 +109,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> /// proceed with updating the firmware as it must be signed with a /// corresponding private key (otherwise it could be malicious firmware). /// - /// Mark to trigger firmware swap on next boot if verify suceeds. + /// Mark to trigger firmware swap on next boot if verify succeeds. /// /// If the "ed25519-salty" feature is set (or another similar feature) then the signature is expected to have /// been generated from a SHA-512 digest of the firmware bytes. @@ -248,14 +250,13 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> let sector_end = sector_start + DFU::ERASE_SIZE; // Determine if the current sector needs to be erased before writing. let need_erase = self - .state .last_erased_dfu_page_index .map_or(true, |last_erased_sector| current_sector != last_erased_sector); // If the sector needs to be erased, erase it and update the last erased sector index. if need_erase { self.dfu.erase(sector_start as u32, sector_end as u32)?; - self.state.last_erased_dfu_page_index = Some(current_sector); + self.last_erased_dfu_page_index = Some(current_sector); } // Calculate the size of the data chunk that can be written in the current iteration. @@ -293,7 +294,6 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE> pub struct BlockingFirmwareState<'d, STATE> { state: STATE, aligned: &'d mut [u8], - last_erased_dfu_page_index: Option, } impl<'d, STATE: NorFlash> BlockingFirmwareState<'d, STATE> { @@ -315,11 +315,7 @@ impl<'d, STATE: NorFlash> BlockingFirmwareState<'d, STATE> { /// and written to. pub fn new(state: STATE, aligned: &'d mut [u8]) -> Self { assert_eq!(aligned.len(), STATE::WRITE_SIZE); - Self { - state, - aligned, - last_erased_dfu_page_index: None, - } + Self { state, aligned } } // Make sure we are running a booted firmware to avoid reverting to a bad state.