This is an automated email from the ASF dual-hosted git repository. utzig pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/mynewt-mcumgr.git
The following commit(s) were added to refs/heads/master by this push: new 74e77ad zephyr: Add support for image ROM address verification 74e77ad is described below commit 74e77ad08090c0e389a27118fdebe20783dca2e4 Author: Dominik Ermel <dominik.er...@nordicsemi.no> AuthorDate: Thu Dec 10 15:17:04 2020 +0000 zephyr: Add support for image ROM address verification The commit adds IMAGE_F_ROM_FIXED_ADDR flag that allows to use ih_load_addr to identify the flash address the image is intendant to start at. The code, that supports this flag, will reject image before attempting flash write if slot address differs from the base address of the image. The feature can be used to mark Direct-XIP images with slot address they are intended for. The CONFIG_IMG_MGMT_REJECT_DIRECT_XIP_MISMATCHED_SLOT has been added to turn the featre on. Signed-off-by: Dominik Ermel <dominik.er...@nordicsemi.no> --- cmd/img_mgmt/include/img_mgmt/image.h | 1 + cmd/img_mgmt/include/img_mgmt/img_mgmt.h | 2 ++ cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c | 20 ++++++++++++++++++++ cmd/img_mgmt/src/img_mgmt.c | 1 + 4 files changed, 24 insertions(+) diff --git a/cmd/img_mgmt/include/img_mgmt/image.h b/cmd/img_mgmt/include/img_mgmt/image.h index 53ca7f6..6de917a 100644 --- a/cmd/img_mgmt/include/img_mgmt/image.h +++ b/cmd/img_mgmt/include/img_mgmt/image.h @@ -34,6 +34,7 @@ extern "C" { /** Image header flags. */ #define IMAGE_F_NON_BOOTABLE 0x00000010 /* Split image app. */ +#define IMAGE_F_ROM_FIXED_ADDR 0x00000100 /** Image trailer TLV types. */ #define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */ diff --git a/cmd/img_mgmt/include/img_mgmt/img_mgmt.h b/cmd/img_mgmt/include/img_mgmt/img_mgmt.h index 4385477..78e6ba5 100644 --- a/cmd/img_mgmt/include/img_mgmt/img_mgmt.h +++ b/cmd/img_mgmt/include/img_mgmt/img_mgmt.h @@ -259,6 +259,7 @@ extern const char *img_mgmt_err_str_flash_open_failed; extern const char *img_mgmt_err_str_flash_erase_failed; extern const char *img_mgmt_err_str_flash_write_failed; extern const char *img_mgmt_err_str_downgrade; +extern const char *img_mgmt_err_str_image_bad_flash_addr; #else #define img_mgmt_error_rsp(ctxt, rc, rsn) (rc) #define img_mgmt_err_str_app_reject NULL @@ -269,6 +270,7 @@ extern const char *img_mgmt_err_str_downgrade; #define img_mgmt_err_str_flash_erase_failed NULL #define img_mgmt_err_str_flash_write_failed NULL #define img_mgmt_err_str_downgrade NULL +#define img_mgmt_err_str_image_bad_flash_addr NULL #endif #ifdef __cplusplus diff --git a/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c b/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c index b4a4e3b..d6169b8 100644 --- a/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c +++ b/cmd/img_mgmt/port/zephyr/src/zephyr_img_mgmt.c @@ -495,6 +495,26 @@ img_mgmt_impl_upload_inspect(const struct img_mgmt_upload_req *req, return MGMT_ERR_ENOMEM; } + +#if defined(CONFIG_IMG_MGMT_REJECT_DIRECT_XIP_MISMATCHED_SLOT) + if (hdr->ih_flags & IMAGE_F_ROM_FIXED_ADDR) { + rc = flash_area_open(action->area_id, &fa); + if (rc) { + *errstr = img_mgmt_err_str_flash_open_failed; + return MGMT_ERR_EUNKNOWN; + } + + if (fa->fa_off != hdr->ih_load_addr) { + *errstr = img_mgmt_err_str_image_bad_flash_addr; + flash_area_close(fa); + return MGMT_ERR_EINVAL; + } + + flash_area_close(fa); + } +#endif + + if (req->upgrade) { /* User specified upgrade-only. Make sure new image version is * greater than that of the currently running image. diff --git a/cmd/img_mgmt/src/img_mgmt.c b/cmd/img_mgmt/src/img_mgmt.c index 029b4cc..1a40ffc 100644 --- a/cmd/img_mgmt/src/img_mgmt.c +++ b/cmd/img_mgmt/src/img_mgmt.c @@ -72,6 +72,7 @@ const char *img_mgmt_err_str_flash_open_failed = "fa open fail"; const char *img_mgmt_err_str_flash_erase_failed = "fa erase fail"; const char *img_mgmt_err_str_flash_write_failed = "fa write fail"; const char *img_mgmt_err_str_downgrade = "downgrade"; +const char *img_mgmt_err_str_image_bad_flash_addr = "img addr mismatch"; #endif /**