1 /*
2 * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <stdbool.h>
8 #include <stdlib.h>
9 #include <string.h>
10
11 #include <bootutil/bootutil.h>
12 #include <bootutil/bootutil_log.h>
13
14 #include "sdkconfig.h"
15 #include "esp_err.h"
16 #include "bootloader_flash_priv.h"
17 #include "esp_flash_encrypt.h"
18 #include "mcuboot_config/mcuboot_config.h"
19
20 #include "flash_map_backend/flash_map_backend.h"
21 #include "sysflash/sysflash.h"
22
23 #ifndef ARRAY_SIZE
24 # define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]))
25 #endif
26
27 #ifndef MIN
28 # define MIN(a, b) (((a) < (b)) ? (a) : (b))
29 #endif
30
31 #ifndef ALIGN_UP
32 # define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
33 #endif
34
35 #ifndef ALIGN_DOWN
36 # define ALIGN_DOWN(num, align) ((num) & ~((align) - 1))
37 #endif
38
39 #ifndef ALIGN_OFFSET
40 # define ALIGN_OFFSET(num, align) ((num) & ((align) - 1))
41 #endif
42
43 #ifndef IS_ALIGNED
44 # define IS_ALIGNED(num, align) (ALIGN_OFFSET((num), (align)) == 0)
45 #endif
46
47 #define FLASH_BUFFER_SIZE 256 /* SPI Flash block size */
48
49 _Static_assert(IS_ALIGNED(FLASH_BUFFER_SIZE, 4), "Buffer size for SPI Flash operations must be 4-byte aligned.");
50
51 #define BOOTLOADER_START_ADDRESS CONFIG_BOOTLOADER_OFFSET_IN_FLASH
52 #define BOOTLOADER_SIZE CONFIG_ESP_BOOTLOADER_SIZE
53
54 #define IMAGE0_PRIMARY_START_ADDRESS CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS
55 #define IMAGE0_SECONDARY_START_ADDRESS CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS
56 #if (MCUBOOT_IMAGE_NUMBER == 2)
57 #define IMAGE1_PRIMARY_START_ADDRESS CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS
58 #define IMAGE1_SECONDARY_START_ADDRESS CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS
59 #endif
60 #define APPLICATION_SIZE CONFIG_ESP_APPLICATION_SIZE
61
62 #ifdef CONFIG_ESP_BOOT_SWAP_USING_SCRATCH
63 #define SCRATCH_OFFSET CONFIG_ESP_SCRATCH_OFFSET
64 #define SCRATCH_SIZE CONFIG_ESP_SCRATCH_SIZE
65 #endif
66
67 extern int ets_printf(const char *fmt, ...);
68
69 static const struct flash_area bootloader = {
70 .fa_id = FLASH_AREA_BOOTLOADER,
71 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
72 .fa_off = BOOTLOADER_START_ADDRESS,
73 .fa_size = BOOTLOADER_SIZE,
74 };
75
76 static const struct flash_area primary_img0 = {
77 .fa_id = FLASH_AREA_IMAGE_PRIMARY(0),
78 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
79 .fa_off = IMAGE0_PRIMARY_START_ADDRESS,
80 .fa_size = APPLICATION_SIZE,
81 };
82
83 static const struct flash_area secondary_img0 = {
84 .fa_id = FLASH_AREA_IMAGE_SECONDARY(0),
85 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
86 .fa_off = IMAGE0_SECONDARY_START_ADDRESS,
87 .fa_size = APPLICATION_SIZE,
88 };
89
90 #if (MCUBOOT_IMAGE_NUMBER == 2)
91 static const struct flash_area primary_img1 = {
92 .fa_id = FLASH_AREA_IMAGE_PRIMARY(1),
93 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
94 .fa_off = IMAGE1_PRIMARY_START_ADDRESS,
95 .fa_size = APPLICATION_SIZE,
96 };
97
98 static const struct flash_area secondary_img1 = {
99 .fa_id = FLASH_AREA_IMAGE_SECONDARY(1),
100 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
101 .fa_off = IMAGE1_SECONDARY_START_ADDRESS,
102 .fa_size = APPLICATION_SIZE,
103 };
104 #endif
105
106 #ifdef CONFIG_ESP_BOOT_SWAP_USING_SCRATCH
107 static const struct flash_area scratch_img0 = {
108 .fa_id = FLASH_AREA_IMAGE_SCRATCH,
109 .fa_device_id = FLASH_DEVICE_INTERNAL_FLASH,
110 .fa_off = SCRATCH_OFFSET,
111 .fa_size = SCRATCH_SIZE,
112 };
113 #endif
114
115 static const struct flash_area *s_flash_areas[] = {
116 &bootloader,
117 &primary_img0,
118 &secondary_img0,
119 #if (MCUBOOT_IMAGE_NUMBER == 2)
120 &primary_img1,
121 &secondary_img1,
122 #endif
123 #ifdef CONFIG_ESP_BOOT_SWAP_USING_SCRATCH
124 &scratch_img0,
125 #endif
126 };
127
prv_lookup_flash_area(uint8_t id)128 static const struct flash_area *prv_lookup_flash_area(uint8_t id) {
129 for (size_t i = 0; i < ARRAY_SIZE(s_flash_areas); i++) {
130 const struct flash_area *area = s_flash_areas[i];
131 if (id == area->fa_id) {
132 return area;
133 }
134 }
135 return NULL;
136 }
137
flash_area_open(uint8_t id,const struct flash_area ** area_outp)138 int flash_area_open(uint8_t id, const struct flash_area **area_outp)
139 {
140 BOOT_LOG_DBG("%s: ID=%d", __func__, (int)id);
141 const struct flash_area *area = prv_lookup_flash_area(id);
142 *area_outp = area;
143 return area != NULL ? 0 : -1;
144 }
145
flash_area_close(const struct flash_area * area)146 void flash_area_close(const struct flash_area *area)
147 {
148
149 }
150
aligned_flash_read(uintptr_t addr,void * dest,size_t size)151 static bool aligned_flash_read(uintptr_t addr, void *dest, size_t size)
152 {
153 if (IS_ALIGNED(addr, 4) && IS_ALIGNED((uintptr_t)dest, 4) && IS_ALIGNED(size, 4)) {
154 /* A single read operation is enough when when all parameters are aligned */
155
156 return bootloader_flash_read(addr, dest, size, true) == ESP_OK;
157 }
158
159 const uint32_t aligned_addr = ALIGN_DOWN(addr, 4);
160 const uint32_t addr_offset = ALIGN_OFFSET(addr, 4);
161 uint32_t bytes_remaining = size;
162 uint8_t read_data[FLASH_BUFFER_SIZE] = {0};
163
164 /* Align the read address to 4-byte boundary and ensure read size is a multiple of 4 bytes */
165
166 uint32_t bytes = MIN(bytes_remaining + addr_offset, sizeof(read_data));
167 if (bootloader_flash_read(aligned_addr, read_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
168 return false;
169 }
170
171 /* Skip non-useful data which may have been read for adjusting the alignment */
172
173 uint32_t bytes_read = bytes - addr_offset;
174 memcpy(dest, &read_data[addr_offset], bytes_read);
175
176 bytes_remaining -= bytes_read;
177
178 /* Read remaining data from Flash in case requested size is greater than buffer size */
179
180 uint32_t offset = bytes;
181
182 while (bytes_remaining != 0) {
183 bytes = MIN(bytes_remaining, sizeof(read_data));
184 if (bootloader_flash_read(aligned_addr + offset, read_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
185 return false;
186 }
187
188 memcpy(&((uint8_t *)dest)[bytes_read], read_data, bytes);
189
190 offset += bytes;
191 bytes_read += bytes;
192 bytes_remaining -= bytes;
193 }
194
195 return true;
196 }
197
flash_area_read(const struct flash_area * fa,uint32_t off,void * dst,uint32_t len)198 int flash_area_read(const struct flash_area *fa, uint32_t off, void *dst,
199 uint32_t len)
200 {
201 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
202 return -1;
203 }
204
205 const uint32_t end_offset = off + len;
206 if (end_offset > fa->fa_size) {
207 BOOT_LOG_ERR("%s: Out of Bounds (0x%x vs 0x%x)", __func__, end_offset, fa->fa_size);
208 return -1;
209 }
210
211 bool success = aligned_flash_read(fa->fa_off + off, dst, len);
212 if (!success) {
213 BOOT_LOG_ERR("%s: Flash read failed", __func__);
214
215 return -1;
216 }
217
218 return 0;
219 }
220
aligned_flash_write(size_t dest_addr,const void * src,size_t size)221 static bool aligned_flash_write(size_t dest_addr, const void *src, size_t size)
222 {
223 #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
224 bool flash_encryption_enabled = esp_flash_encryption_enabled();
225 #else
226 bool flash_encryption_enabled = false;
227 #endif
228
229 if (IS_ALIGNED(dest_addr, 4) && IS_ALIGNED((uintptr_t)src, 4) && IS_ALIGNED(size, 4)) {
230 /* A single write operation is enough when all parameters are aligned */
231
232 return bootloader_flash_write(dest_addr, (void *)src, size, flash_encryption_enabled) == ESP_OK;
233 }
234
235 const uint32_t aligned_addr = ALIGN_DOWN(dest_addr, 4);
236 const uint32_t addr_offset = ALIGN_OFFSET(dest_addr, 4);
237 uint32_t bytes_remaining = size;
238 uint8_t write_data[FLASH_BUFFER_SIZE] = {0};
239
240 /* Perform a read operation considering an offset not aligned to 4-byte boundary */
241
242 uint32_t bytes = MIN(bytes_remaining + addr_offset, sizeof(write_data));
243 if (bootloader_flash_read(aligned_addr, write_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
244 return false;
245 }
246
247 uint32_t bytes_written = bytes - addr_offset;
248 memcpy(&write_data[addr_offset], src, bytes_written);
249
250 if (bootloader_flash_write(aligned_addr, write_data, ALIGN_UP(bytes, 4), flash_encryption_enabled) != ESP_OK) {
251 return false;
252 }
253
254 bytes_remaining -= bytes_written;
255
256 /* Write remaining data to Flash if any */
257
258 uint32_t offset = bytes;
259
260 while (bytes_remaining != 0) {
261 bytes = MIN(bytes_remaining, sizeof(write_data));
262 if (bootloader_flash_read(aligned_addr + offset, write_data, ALIGN_UP(bytes, 4), true) != ESP_OK) {
263 return false;
264 }
265
266 memcpy(write_data, &((uint8_t *)src)[bytes_written], bytes);
267
268 if (bootloader_flash_write(aligned_addr + offset, write_data, ALIGN_UP(bytes, 4), flash_encryption_enabled) != ESP_OK) {
269 return false;
270 }
271
272 offset += bytes;
273 bytes_written += bytes;
274 bytes_remaining -= bytes;
275 }
276
277 return true;
278 }
279
flash_area_write(const struct flash_area * fa,uint32_t off,const void * src,uint32_t len)280 int flash_area_write(const struct flash_area *fa, uint32_t off, const void *src,
281 uint32_t len)
282 {
283 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
284 return -1;
285 }
286
287 const uint32_t end_offset = off + len;
288 if (end_offset > fa->fa_size) {
289 BOOT_LOG_ERR("%s: Out of Bounds (0x%x vs 0x%x)", __func__, end_offset, fa->fa_size);
290 return -1;
291 }
292
293 const uint32_t start_addr = fa->fa_off + off;
294 BOOT_LOG_DBG("%s: Addr: 0x%08x Length: %d", __func__, (int)start_addr, (int)len);
295
296 bool success = aligned_flash_write(start_addr, src, len);
297 if (!success) {
298 BOOT_LOG_ERR("%s: Flash write failed", __func__);
299 return -1;
300 }
301
302 return 0;
303 }
304
flash_area_erase(const struct flash_area * fa,uint32_t off,uint32_t len)305 int flash_area_erase(const struct flash_area *fa, uint32_t off, uint32_t len)
306 {
307 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
308 return -1;
309 }
310
311 if ((len % FLASH_SECTOR_SIZE) != 0 || (off % FLASH_SECTOR_SIZE) != 0) {
312 BOOT_LOG_ERR("%s: Not aligned on sector Offset: 0x%x Length: 0x%x",
313 __func__, (int)off, (int)len);
314 return -1;
315 }
316
317 const uint32_t start_addr = fa->fa_off + off;
318 BOOT_LOG_DBG("%s: Addr: 0x%08x Length: %d", __func__, (int)start_addr, (int)len);
319
320 if (bootloader_flash_erase_range(start_addr, len) != ESP_OK) {
321 BOOT_LOG_ERR("%s: Flash erase failed", __func__);
322 return -1;
323 }
324 #if VALIDATE_PROGRAM_OP
325 for (size_t i = 0; i < len; i++) {
326 uint8_t *val = (void *)(start_addr + i);
327 if (*val != 0xff) {
328 BOOT_LOG_ERR("%s: Erase at 0x%x Failed", __func__, (int)val);
329 assert(0);
330 }
331 }
332 #endif
333
334 return 0;
335 }
336
flash_area_align(const struct flash_area * area)337 uint32_t flash_area_align(const struct flash_area *area)
338 {
339 static size_t align = 0;
340
341 if (align == 0) {
342 #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
343 bool flash_encryption_enabled = esp_flash_encryption_enabled();
344 #else
345 bool flash_encryption_enabled = false;
346 #endif
347
348 if (flash_encryption_enabled) {
349 align = 32;
350 } else {
351 align = 4;
352 }
353 }
354 return align;
355 }
356
flash_area_erased_val(const struct flash_area * area)357 uint8_t flash_area_erased_val(const struct flash_area *area)
358 {
359 return 0xff;
360 }
361
flash_area_get_sectors(int fa_id,uint32_t * count,struct flash_sector * sectors)362 int flash_area_get_sectors(int fa_id, uint32_t *count,
363 struct flash_sector *sectors)
364 {
365 const struct flash_area *fa = prv_lookup_flash_area(fa_id);
366 if (fa->fa_device_id != FLASH_DEVICE_INTERNAL_FLASH) {
367 return -1;
368 }
369
370 const size_t sector_size = FLASH_SECTOR_SIZE;
371 uint32_t total_count = 0;
372 for (size_t off = 0; off < fa->fa_size; off += sector_size) {
373 // Note: Offset here is relative to flash area, not device
374 sectors[total_count].fs_off = off;
375 sectors[total_count].fs_size = sector_size;
376 total_count++;
377 }
378
379 *count = total_count;
380 return 0;
381 }
382
flash_area_sector_from_off(uint32_t off,struct flash_sector * sector)383 int flash_area_sector_from_off(uint32_t off, struct flash_sector *sector)
384 {
385 sector->fs_off = (off / FLASH_SECTOR_SIZE) * FLASH_SECTOR_SIZE;
386 sector->fs_size = FLASH_SECTOR_SIZE;
387
388 return 0;
389 }
390
flash_area_get_sector(const struct flash_area * fa,uint32_t off,struct flash_sector * sector)391 int flash_area_get_sector(const struct flash_area *fa, uint32_t off,
392 struct flash_sector *sector)
393 {
394 sector->fs_off = (off / FLASH_SECTOR_SIZE) * FLASH_SECTOR_SIZE;
395 sector->fs_size = FLASH_SECTOR_SIZE;
396
397 return 0;
398 }
399
flash_area_id_from_multi_image_slot(int image_index,int slot)400 int flash_area_id_from_multi_image_slot(int image_index, int slot)
401 {
402 BOOT_LOG_DBG("%s", __func__);
403 switch (slot) {
404 case 0:
405 return FLASH_AREA_IMAGE_PRIMARY(image_index);
406 case 1:
407 return FLASH_AREA_IMAGE_SECONDARY(image_index);
408 }
409
410 BOOT_LOG_ERR("Unexpected Request: image_index=%d, slot=%d", image_index, slot);
411 return -1; /* flash_area_open will fail on that */
412 }
413
flash_area_id_from_image_slot(int slot)414 int flash_area_id_from_image_slot(int slot)
415 {
416 return flash_area_id_from_multi_image_slot(0, slot);
417 }
418
flash_area_to_sectors(int idx,int * cnt,struct flash_area * fa)419 int flash_area_to_sectors(int idx, int *cnt, struct flash_area *fa)
420 {
421 return -1;
422 }
423
mcuboot_assert_handler(const char * file,int line,const char * func)424 void mcuboot_assert_handler(const char *file, int line, const char *func)
425 {
426 ets_printf("assertion failed: file \"%s\", line %d, func: %s\n", file, line, func);
427 abort();
428 }
429
