1 /*
2 * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <stdbool.h>
8 #include <stdlib.h>
9 #include <string.h>
10
11 #include <bootutil/bootutil.h>
12 #include <bootutil/bootutil_log.h>
13
14 #include "sdkconfig.h"
15 #include "esp_err.h"
16 #include "bootloader_flash_priv.h"
17 #include "esp_flash_encrypt.h"
18
19 #include "flash_map_backend/flash_map_backend.h"
20 #include "sysflash/sysflash.h"
21
22 #ifndef ARRAY_SIZE
23 # define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
24 #endif
25
26 #ifndef MIN
27 # define MIN(a, b) (((a) < (b)) ? (a) : (b))
28 #endif
29
30 #ifndef ALIGN_UP
31 # define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
32 #endif
33
34 #ifndef ALIGN_DOWN
35 # define ALIGN_DOWN(num, align) ((num) & ~((align) - 1))
36 #endif
37
38 #ifndef ALIGN_OFFSET
39 # define ALIGN_OFFSET(num, align) ((num) & ((align) - 1))
40 #endif
41
42 #ifndef IS_ALIGNED
43 # define IS_ALIGNED(num, align) (ALIGN_OFFSET((num), (align)) == 0)
44 #endif
45
46 #define FLASH_BUFFER_SIZE 256 /* SPI Flash block size */
47
48 _Static_assert(IS_ALIGNED(FLASH_BUFFER_SIZE, 4), "Buffer size for SPI Flash operations must be 4-byte aligned.");
49
50 #define BOOTLOADER_START_ADDRESS CONFIG_BOOTLOADER_OFFSET_IN_FLASH
51 #define BOOTLOADER_SIZE CONFIG_ESP_BOOTLOADER_SIZE
52 #define IMAGE0_PRIMARY_START_ADDRESS CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS
53 #define IMAGE0_SECONDARY_START_ADDRESS CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS
54 #define SCRATCH_OFFSET CONFIG_ESP_SCRATCH_OFFSET
55 #if (MCUBOOT_IMAGE_NUMBER == 2)
56 #define IMAGE1_PRIMARY_START_ADDRESS CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS
57 #define IMAGE1_SECONDARY_START_ADDRESS CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS
58 #endif
59
60 #define APPLICATION_SIZE CONFIG_ESP_APPLICATION_SIZE
61 #define SCRATCH_SIZE CONFIG_ESP_SCRATCH_SIZE
62
63 extern int ets_printf(const char *fmt, ...);
64
65 static const struct flash_area bootloader = {
66 .fa_id = FLASH_AREA_BOOTLOADER,
67 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
68 .fa_off = BOOTLOADER_START_ADDRESS,
69 .fa_size = BOOTLOADER_SIZE,
70 };
71
72 static const struct flash_area primary_img0 = {
73 .fa_id = FLASH_AREA_IMAGE_PRIMARY(0),
74 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
75 .fa_off = IMAGE0_PRIMARY_START_ADDRESS,
76 .fa_size = APPLICATION_SIZE,
77 };
78
79 static const struct flash_area secondary_img0 = {
80 .fa_id = FLASH_AREA_IMAGE_SECONDARY(0),
81 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
82 .fa_off = IMAGE0_SECONDARY_START_ADDRESS,
83 .fa_size = APPLICATION_SIZE,
84 };
85
86 #if (MCUBOOT_IMAGE_NUMBER == 2)
87 static const struct flash_area primary_img1 = {
88 .fa_id = FLASH_AREA_IMAGE_PRIMARY(1),
89 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
90 .fa_off = IMAGE1_PRIMARY_START_ADDRESS,
91 .fa_size = APPLICATION_SIZE,
92 };
93
94 static const struct flash_area secondary_img1 = {
95 .fa_id = FLASH_AREA_IMAGE_SECONDARY(1),
96 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
97 .fa_off = IMAGE1_SECONDARY_START_ADDRESS,
98 .fa_size = APPLICATION_SIZE,
99 };
100 #endif
101
102 static const struct flash_area scratch_img0 = {
103 .fa_id = FLASH_AREA_IMAGE_SCRATCH,
104 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
105 .fa_off = SCRATCH_OFFSET,
106 .fa_size = SCRATCH_SIZE,
107 };
108
109 static const struct flash_area *s_flash_areas[] = {
110 &bootloader,
111 &primary_img0,
112 &secondary_img0,
113 #if (MCUBOOT_IMAGE_NUMBER == 2)
114 &primary_img1,
115 &secondary_img1,
116 #endif
117 &scratch_img0,
118 };
119
prv_lookup_flash_area(uint8_t id)120 static const struct flash_area *prv_lookup_flash_area(uint8_t id) {
121 for (size_t i = 0; i < ARRAY_SIZE(s_flash_areas); i++) {
122 const struct flash_area *area = s_flash_areas[i];
123 if (id == area->fa_id) {
124 return area;
125 }
126 }
127 return NULL;
128 }
129
flash_area_open(uint8_t id,const struct flash_area ** area_outp)130 int flash_area_open(uint8_t id, const struct flash_area **area_outp)
131 {
132 BOOT_LOG_DBG("%s: ID=%d", __func__, (int)id);
133 const struct flash_area *area = prv_lookup_flash_area(id);
134 *area_outp = area;
135 return area != NULL ? 0 : -1;
136 }
137
flash_area_close(const struct flash_area * area)138 void flash_area_close(const struct flash_area *area)
139 {
140
141 }
142
aligned_flash_read(uintptr_t addr,void * dest,size_t size)143 static bool aligned_flash_read(uintptr_t addr, void *dest, size_t size)
144 {
145 if (IS_ALIGNED(addr, 4) && IS_ALIGNED((uintptr_t)dest, 4) && IS_ALIGNED(size, 4)) {
146 /* A single read operation is enough when when all parameters are aligned */
147
148 return bootloader_flash_read(addr, dest, size, true) == ESP_OK;
149 }
150
151 const uint32_t aligned_addr = ALIGN_DOWN(addr, 4);
152 const uint32_t addr_offset = ALIGN_OFFSET(addr, 4);
153 uint32_t bytes_remaining = size;
154 uint8_t read_data[FLASH_BUFFER_SIZE] = {0};
155
156 /* Align the read address to 4-byte boundary and ensure read size is a multiple of 4 bytes */
157
158 uint32_t bytes = MIN(bytes_remaining + addr_offset, sizeof(read_data));
159 if (bootloader_flash_read(aligned_addr, read_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
160 return false;
161 }
162
163 /* Skip non-useful data which may have been read for adjusting the alignment */
164
165 uint32_t bytes_read = bytes - addr_offset;
166 memcpy(dest, &read_data[addr_offset], bytes_read);
167
168 bytes_remaining -= bytes_read;
169
170 /* Read remaining data from Flash in case requested size is greater than buffer size */
171
172 uint32_t offset = bytes;
173
174 while (bytes_remaining != 0) {
175 bytes = MIN(bytes_remaining, sizeof(read_data));
176 if (bootloader_flash_read(aligned_addr + offset, read_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
177 return false;
178 }
179
180 memcpy(&((uint8_t *)dest)[bytes_read], read_data, bytes);
181
182 offset += bytes;
183 bytes_read += bytes;
184 bytes_remaining -= bytes;
185 }
186
187 return true;
188 }
189
flash_area_read(const struct flash_area * fa,uint32_t off,void * dst,uint32_t len)190 int flash_area_read(const struct flash_area *fa, uint32_t off, void *dst,
191 uint32_t len)
192 {
193 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
194 return -1;
195 }
196
197 const uint32_t end_offset = off + len;
198 if (end_offset > fa->fa_size) {
199 BOOT_LOG_ERR("%s: Out of Bounds (0x%x vs 0x%x)", __func__, end_offset, fa->fa_size);
200 return -1;
201 }
202
203 bool success = aligned_flash_read(fa->fa_off + off, dst, len);
204 if (!success) {
205 BOOT_LOG_ERR("%s: Flash read failed", __func__);
206
207 return -1;
208 }
209
210 return 0;
211 }
212
aligned_flash_write(size_t dest_addr,const void * src,size_t size)213 static bool aligned_flash_write(size_t dest_addr, const void *src, size_t size)
214 {
215 #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
216 bool flash_encryption_enabled = esp_flash_encryption_enabled();
217 #else
218 bool flash_encryption_enabled = false;
219 #endif
220
221 if (IS_ALIGNED(dest_addr, 4) && IS_ALIGNED((uintptr_t)src, 4) && IS_ALIGNED(size, 4)) {
222 /* A single write operation is enough when all parameters are aligned */
223
224 return bootloader_flash_write(dest_addr, (void *)src, size, flash_encryption_enabled) == ESP_OK;
225 }
226
227 const uint32_t aligned_addr = ALIGN_DOWN(dest_addr, 4);
228 const uint32_t addr_offset = ALIGN_OFFSET(dest_addr, 4);
229 uint32_t bytes_remaining = size;
230 uint8_t write_data[FLASH_BUFFER_SIZE] = {0};
231
232 /* Perform a read operation considering an offset not aligned to 4-byte boundary */
233
234 uint32_t bytes = MIN(bytes_remaining + addr_offset, sizeof(write_data));
235 if (bootloader_flash_read(aligned_addr, write_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
236 return false;
237 }
238
239 uint32_t bytes_written = bytes - addr_offset;
240 memcpy(&write_data[addr_offset], src, bytes_written);
241
242 if (bootloader_flash_write(aligned_addr, write_data, ALIGN_UP(bytes, 4), flash_encryption_enabled) != ESP_OK) {
243 return false;
244 }
245
246 bytes_remaining -= bytes_written;
247
248 /* Write remaining data to Flash if any */
249
250 uint32_t offset = bytes;
251
252 while (bytes_remaining != 0) {
253 bytes = MIN(bytes_remaining, sizeof(write_data));
254 if (bootloader_flash_read(aligned_addr + offset, write_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
255 return false;
256 }
257
258 memcpy(write_data, &((uint8_t *)src)[bytes_written], bytes);
259
260 if (bootloader_flash_write(aligned_addr + offset, write_data, ALIGN_UP(bytes, 4), flash_encryption_enabled) != ESP_OK) {
261 return false;
262 }
263
264 offset += bytes;
265 bytes_written += bytes;
266 bytes_remaining -= bytes;
267 }
268
269 return true;
270 }
271
flash_area_write(const struct flash_area * fa,uint32_t off,const void * src,uint32_t len)272 int flash_area_write(const struct flash_area *fa, uint32_t off, const void *src,
273 uint32_t len)
274 {
275 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
276 return -1;
277 }
278
279 const uint32_t end_offset = off + len;
280 if (end_offset > fa->fa_size) {
281 BOOT_LOG_ERR("%s: Out of Bounds (0x%x vs 0x%x)", __func__, end_offset, fa->fa_size);
282 return -1;
283 }
284
285 const uint32_t start_addr = fa->fa_off + off;
286 BOOT_LOG_DBG("%s: Addr: 0x%08x Length: %d", __func__, (int)start_addr, (int)len);
287
288 bool success = aligned_flash_write(start_addr, src, len);
289 if (!success) {
290 BOOT_LOG_ERR("%s: Flash write failed", __func__);
291 return -1;
292 }
293
294 return 0;
295 }
296
flash_area_erase(const struct flash_area * fa,uint32_t off,uint32_t len)297 int flash_area_erase(const struct flash_area *fa, uint32_t off, uint32_t len)
298 {
299 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
300 return -1;
301 }
302
303 if ((len % FLASH_SECTOR_SIZE) != 0 || (off % FLASH_SECTOR_SIZE) != 0) {
304 BOOT_LOG_ERR("%s: Not aligned on sector Offset: 0x%x Length: 0x%x",
305 __func__, (int)off, (int)len);
306 return -1;
307 }
308
309 const uint32_t start_addr = fa->fa_off + off;
310 BOOT_LOG_DBG("%s: Addr: 0x%08x Length: %d", __func__, (int)start_addr, (int)len);
311
312 if (bootloader_flash_erase_range(start_addr, len) != ESP_OK) {
313 BOOT_LOG_ERR("%s: Flash erase failed", __func__);
314 return -1;
315 }
316 #if VALIDATE_PROGRAM_OP
317 for (size_t i = 0; i < len; i++) {
318 uint8_t *val = (void *)(start_addr + i);
319 if (*val != 0xff) {
320 BOOT_LOG_ERR("%s: Erase at 0x%x Failed", __func__, (int)val);
321 assert(0);
322 }
323 }
324 #endif
325
326 return 0;
327 }
328
flash_area_align(const struct flash_area * area)329 uint32_t flash_area_align(const struct flash_area *area)
330 {
331 static size_t align = 0;
332
333 if (align == 0) {
334 #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
335 bool flash_encryption_enabled = esp_flash_encryption_enabled();
336 #else
337 bool flash_encryption_enabled = false;
338 #endif
339
340 if (flash_encryption_enabled) {
341 align = 32;
342 } else {
343 align = 4;
344 }
345 }
346 return align;
347 }
348
flash_area_erased_val(const struct flash_area * area)349 uint8_t flash_area_erased_val(const struct flash_area *area)
350 {
351 return 0xff;
352 }
353
flash_area_get_sectors(int fa_id,uint32_t * count,struct flash_sector * sectors)354 int flash_area_get_sectors(int fa_id, uint32_t *count,
355 struct flash_sector *sectors)
356 {
357 const struct flash_area *fa = prv_lookup_flash_area(fa_id);
358 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
359 return -1;
360 }
361
362 const size_t sector_size = FLASH_SECTOR_SIZE;
363 uint32_t total_count = 0;
364 for (size_t off = 0; off < fa->fa_size; off += sector_size) {
365 // Note: Offset here is relative to flash area, not device
366 sectors[total_count].fs_off = off;
367 sectors[total_count].fs_size = sector_size;
368 total_count++;
369 }
370
371 *count = total_count;
372 return 0;
373 }
374
flash_area_sector_from_off(uint32_t off,struct flash_sector * sector)375 int flash_area_sector_from_off(uint32_t off, struct flash_sector *sector)
376 {
377 sector->fs_off = (off / FLASH_SECTOR_SIZE) * FLASH_SECTOR_SIZE;
378 sector->fs_size = FLASH_SECTOR_SIZE;
379
380 return 0;
381 }
382
flash_area_get_sector(const struct flash_area * fa,uint32_t off,struct flash_sector * sector)383 int flash_area_get_sector(const struct flash_area *fa, uint32_t off,
384 struct flash_sector *sector)
385 {
386 sector->fs_off = (off / FLASH_SECTOR_SIZE) * FLASH_SECTOR_SIZE;
387 sector->fs_size = FLASH_SECTOR_SIZE;
388
389 return 0;
390 }
391
flash_area_id_from_multi_image_slot(int image_index,int slot)392 int flash_area_id_from_multi_image_slot(int image_index, int slot)
393 {
394 BOOT_LOG_DBG("%s", __func__);
395 switch (slot) {
396 case 0:
397 return FLASH_AREA_IMAGE_PRIMARY(image_index);
398 case 1:
399 return FLASH_AREA_IMAGE_SECONDARY(image_index);
400 }
401
402 BOOT_LOG_ERR("Unexpected Request: image_index=%d, slot=%d", image_index, slot);
403 return -1; /* flash_area_open will fail on that */
404 }
405
flash_area_id_from_image_slot(int slot)406 int flash_area_id_from_image_slot(int slot)
407 {
408 return flash_area_id_from_multi_image_slot(0, slot);
409 }
410
flash_area_to_sectors(int idx,int * cnt,struct flash_area * fa)411 int flash_area_to_sectors(int idx, int *cnt, struct flash_area *fa)
412 {
413 return -1;
414 }
415
mcuboot_assert_handler(const char * file,int line,const char * func)416 void mcuboot_assert_handler(const char *file, int line, const char *func)
417 {
418 ets_printf("assertion failed: file \"%s\", line %d, func: %s\n", file, line, func);
419 abort();
420 }
421
