1.. _mcumgr_smp_group_1: 2 3Application/software image management group 4########################################### 5 6Application/software image management management group defines following commands: 7 8.. table:: 9 :align: center 10 11 +-------------------+-----------------------------------------------+ 12 | ``Command ID`` | Command description | 13 +===================+===============================================+ 14 | ``0`` | State of images | 15 +-------------------+-----------------------------------------------+ 16 | ``1`` | Image upload | 17 +-------------------+-----------------------------------------------+ 18 | ``2`` | File | 19 | | (reserved but not supported by Zephyr) | 20 +-------------------+-----------------------------------------------+ 21 | ``3`` | Corelist | 22 | | (reserved but not supported by Zephyr) | 23 +-------------------+-----------------------------------------------+ 24 | ``4`` | Coreload | 25 | | (reserved but not supported by Zephyr) | 26 +-------------------+-----------------------------------------------+ 27 | ``5`` | Image erase | 28 +-------------------+-----------------------------------------------+ 29 30Notion of "slots" and "images" in Zephyr 31**************************************** 32 33The "slot" and "image" definition comes from mcuboot where "image" would 34consist of two "slots", further named "primary" and "secondary"; the application 35is supposed to run from the "primary slot" and update is supposed to be 36uploaded to the "secondary slot"; the mcuboot is responsible in swapping 37slots on boot. 38This means that pair of slots is dedicated to single upgradable application. 39In case of Zephyr this gets a little bit confusing because DTS will use 40"slot0_partition" and "slot1_partition", as label of ``fixed-partition`` dedicated 41to single application, but will name them as "image-0" and "image-1" respectively. 42 43Currently Zephyr supports at most two images, in which case mapping is as follows: 44 45.. table:: 46 :align: center 47 48 +-------------+-------------------+---------------+ 49 | Image | Slot labels | Slot Names | 50 +=============+===================+===============+ 51 | 1 | "slot0_partition" | "image-0" | 52 | | "slot1_partition" | "image-1" | 53 +-------------+-------------------+---------------+ 54 | 2 | "slot2_partition" | "image-2" | 55 | | "slot3_partition" | "image-3" | 56 +-------------+-------------------+---------------+ 57 58State of images 59*************** 60 61The command is used to set state of images and obtain list of images 62with their current state. 63 64Get state of images request 65=========================== 66 67Get state of images request header fields: 68 69.. table:: 70 :align: center 71 72 +--------+--------------+----------------+ 73 | ``OP`` | ``Group ID`` | ``Command ID`` | 74 +========+==============+================+ 75 | ``0`` | ``1`` | ``0`` | 76 +--------+--------------+----------------+ 77 78The command sends sends empty CBOR map as data. 79 80.. _mcumgr_smp_protocol_op_1_grp_1_cmd_0: 81 82Get state of images response 83============================ 84 85Get state of images response header fields: 86 87.. table:: 88 :align: center 89 90 +--------+--------------+----------------+ 91 | ``OP`` | ``Group ID`` | ``Command ID`` | 92 +========+==============+================+ 93 | ``1`` | ``1`` | ``0`` | 94 +--------+--------------+----------------+ 95 96.. note:: 97 Below definition of the response contains "image" field that has been marked 98 as optional(opt): the field may not appear in response when target application 99 does not support more than one image. The field is mandatory when application 100 supports more than one application image to allow identifying which image 101 information is listed. 102 103A response will only contain information for valid images, if an image can not 104be identified as valid it is simply skipped. 105 106CBOR data of successful response: 107 108.. code-block:: none 109 110 { 111 (str)"images" : [ 112 { 113 (str,opt)"image" : (uint) 114 (str)"slot" : (uint) 115 (str)"version" : (str) 116 (str,opt*)"hash" : (byte str) 117 (str,opt)"bootable" : (bool) 118 (str,opt)"pending" : (bool) 119 (str,opt)"confirmed" : (bool) 120 (str,opt)"active" : (bool) 121 (str,opt)"permanent" : (bool) 122 } 123 ... 124 ] 125 (str,opt)"splitStatus" : (int) 126 } 127 128In case of error the CBOR data takes the form: 129 130.. tabs:: 131 132 .. group-tab:: SMP version 2 133 134 .. code-block:: none 135 136 { 137 (str)"err" : { 138 (str)"group" : (uint) 139 (str)"rc" : (uint) 140 } 141 } 142 143 .. group-tab:: SMP version 1 (and non-group SMP version 2) 144 145 .. code-block:: none 146 147 { 148 (str)"rc" : (int) 149 (str,opt)"rsn" : (str) 150 } 151 152where: 153 154.. table:: 155 :align: center 156 157 +------------------+-------------------------------------------------------------------------+ 158 | "image" | semi-optional image number; the field is not required when only one | 159 | | image is supported by the running application. | 160 +------------------+-------------------------------------------------------------------------+ 161 | "slot" | slot number within "image"; each image has two slots : primary (running | 162 | | one) = 0 and secondary (for DFU dual-bank purposes) = 1. | 163 +------------------+-------------------------------------------------------------------------+ 164 | "version" | string representing image version, as set with ``imgtool``. | 165 +------------------+-------------------------------------------------------------------------+ 166 | "hash" | SHA256 hash of the image header and body. Note that this will not be | 167 | | the same as the SHA256 of the whole file, it is the field in the | 168 | | MCUboot TLV section that contains a hash of the data which is used for | 169 | | signature verification purposes. This field is optional but only | 170 | | optional when using MCUboot's serial recovery feature with one pair of | 171 | | image slots, Kconfig :kconfig:option:`CONFIG_BOOT_SERIAL_IMG_GRP_HASH` | 172 | | can be disabled to remove support for hashes in this configuration. | 173 | | MCUmgr in applications must support sending hashes. | 174 | | | 175 | | .. note:: | 176 | | See ``IMAGE_TLV_SHA256`` in the MCUboot image format documentation | 177 | | link below. | 178 +------------------+-------------------------------------------------------------------------+ 179 | "bootable" | true if image has bootable flag set; this field does not have to be | 180 | | present if false. | 181 +------------------+-------------------------------------------------------------------------+ 182 | "pending" | true if image is set for next swap; this field does not have to be | 183 | | present if false. | 184 +------------------+-------------------------------------------------------------------------+ 185 | "confirmed" | true if image has been confirmed; this field does not have to be | 186 | | present if false. | 187 +------------------+-------------------------------------------------------------------------+ 188 | "active" | true if image is currently active application; this field does not have | 189 | | to be present if false. | 190 +------------------+-------------------------------------------------------------------------+ 191 | "permanent" | true if image is to stay in primary slot after the next boot; this | 192 | | does not have to be present if false. | 193 +------------------+-------------------------------------------------------------------------+ 194 | "splitStatus" | states whether loader of split image is compatible with application | 195 | | part; this is unused by Zephyr. | 196 +------------------+-------------------------------------------------------------------------+ 197 | "err" -> "group" | :c:enum:`mcumgr_group_t` group of the group-based error code. Only | 198 | | appears if an error is returned when using SMP version 2. | 199 +------------------+-------------------------------------------------------------------------+ 200 | "err" -> "rc" | contains the index of the group-based error code. Only appears if | 201 | | non-zero (error condition) when using SMP version 2. | 202 +------------------+-------------------------------------------------------------------------+ 203 | "rc" | :c:enum:`mcumgr_err_t` only appears if non-zero (error condition) when | 204 | | using SMP version 1 or for SMP errors when using SMP version 2. | 205 +------------------+-------------------------------------------------------------------------+ 206 | "rsn" | optional string that clarifies reason for an error; specifically useful | 207 | | when ``rc`` is :c:enum:`MGMT_ERR_EUNKNOWN`. | 208 +------------------+-------------------------------------------------------------------------+ 209 210.. note:: 211 For more information on how does image/slots function, please refer to 212 the MCUBoot documentation 213 https://docs.mcuboot.com/design.html#image-slots 214 For information on MCUboot image format, please reset to the MCUboot 215 documentation https://docs.mcuboot.com/design.html#image-format 216 217 218Set state of image request 219========================== 220 221Set state of image request header fields: 222 223.. table:: 224 :align: center 225 226 +--------+--------------+----------------+ 227 | ``OP`` | ``Group ID`` | ``Command ID`` | 228 +========+==============+================+ 229 | ``2`` | ``1`` | ``0`` | 230 +--------+--------------+----------------+ 231 232CBOR data of request: 233 234.. code-block:: none 235 236 { 237 (str,opt)"hash" : (str) 238 (str)"confirm" : (bool) 239 } 240 241If "confirm" is false or not provided, an image with the "hash" will be set for 242test, which means that it will not be marked as permanent and upon hard reset 243the previous application will be restored to the primary slot. 244In case when "confirm" is true, the "hash" is optional as the currently running 245application will be assumed as target for confirmation. 246 247Set state of image response 248============================ 249 250The response takes the same format as :ref:`mcumgr_smp_protocol_op_1_grp_1_cmd_0` 251 252Image upload 253************ 254 255The image upload command allows to update application image. 256 257Image upload request 258==================== 259 260The image upload request is sent for each chunk of image that is uploaded, until 261complete image gets uploaded to a device. 262 263Image upload request header fields: 264 265.. table:: 266 :align: center 267 268 +--------+--------------+----------------+ 269 | ``OP`` | ``Group ID`` | ``Command ID`` | 270 +========+==============+================+ 271 | ``2`` | ``1`` | ``1`` | 272 +--------+--------------+----------------+ 273 274CBOR data of request: 275 276.. code-block:: none 277 278 { 279 (str,opt)"image" : (uint) 280 (str,opt)"len" : (uint) 281 (str)"off" : (uint) 282 (str,opt)"sha" : (byte str) 283 (str)"data" : (byte str) 284 (str,opt)"upgrade" : (bool) 285 } 286 287where: 288 289.. table:: 290 :align: center 291 292 +-----------+--------------------------------------------------------------------------------+ 293 | "image" | optional image number, it does not have to appear in request at all, in which | 294 | | case it is assumed to be 0. Should only be present when "off" is 0. | 295 +-----------+--------------------------------------------------------------------------------+ 296 | "len" | optional length of an image. Must appear when "off" is 0. | 297 +-----------+--------------------------------------------------------------------------------+ 298 | "off" | offset of image chunk the request carries. | 299 +-----------+--------------------------------------------------------------------------------+ 300 | "sha" | SHA256 hash of an upload; this is used to identify an upload session (e.g. to | 301 | | allow MCUmgr to continue a broken session), and for image verification | 302 | | purposes. This must be a full SHA256 hash of the whole image being uploaded, | 303 | | or not included if the hash is not available (in which case, upload session | 304 | | continuation and image verification functionality will be unavailable). Should | 305 | | only be present when "off" is 0. | 306 +-----------+--------------------------------------------------------------------------------+ 307 | "data" | image data to write at provided offset. | 308 +-----------+--------------------------------------------------------------------------------+ 309 | "upgrade" | optional flag that states that only upgrade should be allowed, so if the | 310 | | version of uploaded software is not higher then already on a device, the image | 311 | | upload will be rejected. Zephyr compares major, minor and revision (x.y.z) by | 312 | | default unless | 313 | | :kconfig:option:`CONFIG_MCUMGR_GRP_IMG_VERSION_CMP_USE_BUILD_NUMBER` is set, | 314 | | whereby it will compare build numbers too. Should only be present when "off" | 315 | | is 0. | 316 +-----------+--------------------------------------------------------------------------------+ 317 318.. note:: 319 There is no field representing size of chunk that is carried as "data" because 320 that information is embedded within "data" field itself. 321 322.. note:: 323 It is possible that a server will respond to an upload with "off" of 0, this 324 may happen if an upload on another transport (or outside of MCUmgr entirely) 325 is started, if the device has rebooted or if a packet has been lost. If this 326 happens, a client must re-send all the required and optional fields that it 327 sent in the original first packet so that the upload state can be re-created 328 by the server. If the original fields are not included, the upload will be 329 unable to continue. 330 331The MCUmgr library uses "sha" field to tag ongoing update session, to be able 332to continue it in case when it gets broken, and for upload verification 333purposes. 334If library gets request with "off" equal zero it checks stored "sha" within its 335state and if it matches it will respond to update client application with 336offset that it should continue with. 337If this hash is not available (e.g. because a file is being streamed) then it 338must not be provided, image verification and upload session continuation 339features will be unavailable in this case. 340 341Image upload response 342===================== 343 344Image upload response header fields: 345 346.. table:: 347 :align: center 348 349 +--------+--------------+----------------+ 350 | ``OP`` | ``Group ID`` | ``Command ID`` | 351 +========+==============+================+ 352 | ``3`` | ``1`` | ``1`` | 353 +--------+--------------+----------------+ 354 355CBOR data of successful response: 356 357.. code-block:: none 358 359 { 360 (str,opt)"off" : (uint) 361 (str,opt)"match" : (bool) 362 } 363 364In case of error the CBOR data takes the form: 365 366.. tabs:: 367 368 .. group-tab:: SMP version 2 369 370 .. code-block:: none 371 372 { 373 (str)"err" : { 374 (str)"group" : (uint) 375 (str)"rc" : (uint) 376 } 377 } 378 379 .. group-tab:: SMP version 1 (and non-group SMP version 2) 380 381 .. code-block:: none 382 383 { 384 (str)"rc" : (int) 385 (str,opt)"rsn" : (str) 386 } 387 388where: 389 390.. table:: 391 :align: center 392 393 +------------------+-------------------------------------------------------------------------+ 394 | "off" | offset of last successfully written byte of update. | 395 +------------------+-------------------------------------------------------------------------+ 396 | "match" | indicates if the uploaded data successfully matches the provided SHA256 | 397 | | hash or not, only sent in the final packet if | 398 | | :kconfig:option:`CONFIG_IMG_ENABLE_IMAGE_CHECK` is enabled. | 399 +------------------+-------------------------------------------------------------------------+ 400 | "err" -> "group" | :c:enum:`mcumgr_group_t` group of the group-based error code. Only | 401 | | appears if an error is returned when using SMP version 2. | 402 +------------------+-------------------------------------------------------------------------+ 403 | "err" -> "rc" | contains the index of the group-based error code. Only appears if | 404 | | non-zero (error condition) when using SMP version 2. | 405 +------------------+-------------------------------------------------------------------------+ 406 | "rc" | :c:enum:`mcumgr_err_t` only appears if non-zero (error condition) when | 407 | | using SMP version 1 or for SMP errors when using SMP version 2. | 408 +------------------+-------------------------------------------------------------------------+ 409 | "rsn" | optional string that clarifies reason for an error; specifically useful | 410 | | when ``rc`` is :c:enum:`MGMT_ERR_EUNKNOWN`. | 411 +------------------+-------------------------------------------------------------------------+ 412 413The "off" field is only included in responses to successfully processed requests; 414if "rc" is negative then "off" may not appear. 415 416Image erase 417*********** 418 419The command is used for erasing image slot on a target device. 420 421.. note:: 422 This is synchronous command which means that a sender of request will not 423 receive response until the command completes, which can take a long time. 424 425Image erase request 426=================== 427 428Image erase request header fields: 429 430.. table:: 431 :align: center 432 433 +--------+--------------+----------------+ 434 | ``OP`` | ``Group ID`` | ``Command ID`` | 435 +========+==============+================+ 436 | ``2`` | ``1`` | ``5`` | 437 +--------+--------------+----------------+ 438 439CBOR data of request: 440 441.. code-block:: none 442 443 { 444 (str,opt)"slot" : (uint) 445 } 446 447where: 448 449.. table:: 450 :align: center 451 452 +---------+-----------------------------------------------------------------+ 453 | "slot" | optional slot number, it does not have to appear in the request | 454 | | at all, in which case it is assumed to be 1. | 455 +---------+-----------------------------------------------------------------+ 456 457Image erase response 458==================== 459 460Image erase response header fields: 461 462.. table:: 463 :align: center 464 465 +--------+--------------+----------------+ 466 | ``OP`` | ``Group ID`` | ``Command ID`` | 467 +========+==============+================+ 468 | ``3`` | ``1`` | ``5`` | 469 +--------+--------------+----------------+ 470 471The command sends an empty CBOR map as data if successful. In case of error the 472CBOR data takes the form: 473 474.. tabs:: 475 476 .. group-tab:: SMP version 2 477 478 .. code-block:: none 479 480 { 481 (str)"err" : { 482 (str)"group" : (uint) 483 (str)"rc" : (uint) 484 } 485 } 486 487 .. group-tab:: SMP version 1 (and non-group SMP version 2) 488 489 .. code-block:: none 490 491 { 492 (str)"rc" : (int) 493 (str,opt)"rsn" : (str) 494 } 495 496where: 497 498.. table:: 499 :align: center 500 501 +------------------+-------------------------------------------------------------------------+ 502 | "err" -> "group" | :c:enum:`mcumgr_group_t` group of the group-based error code. Only | 503 | | appears if an error is returned when using SMP version 2. | 504 +------------------+-------------------------------------------------------------------------+ 505 | "err" -> "rc" | contains the index of the group-based error code. Only appears if | 506 | | non-zero (error condition) when using SMP version 2. | 507 +------------------+-------------------------------------------------------------------------+ 508 | "rc" | :c:enum:`mcumgr_err_t` only appears if non-zero (error condition) when | 509 | | using SMP version 1 or for SMP errors when using SMP version 2. | 510 +------------------+-------------------------------------------------------------------------+ 511 | "rsn" | optional string that clarifies reason for an error; specifically useful | 512 | | when ``rc`` is :c:enum:`MGMT_ERR_EUNKNOWN`. | 513 +------------------+-------------------------------------------------------------------------+ 514 515.. note:: 516 Response from Zephyr running device may have "rc" value of 517 :c:enum:`MGMT_ERR_EBADSTATE`, which means that the secondary 518 image has been marked for next boot already and may not be erased. 519