Skip to content

RFC: boot: bootutil: Swap offset: Do not fail on header in wrong sector #2198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

RFC: boot: bootutil: Swap offset: Do not fail on header in wrong sector #2198

wants to merge 1 commit into from

Conversation

de-nordic
Copy link
Collaborator

Swap offset does not expect header in first sector/page of secondary slot, rather in secondary, and only attempts to swap an image that starts at second sector.
This commit demotes condition when header is found in first page to just a warning and allows boot to proceed, as long as there is a header is second slot.

@de-nordic
boot: bootutil: Swap offset: Do not fail on header in wrong sector
ea7eba0 
Swap offset does not expect header in first sector/page of secondary
slot, rather in secondary, and only attempts to swap an image that
starts at second sector.
This commit demotes condition when header is found in first page
to just a warning and allows boot to proceed, as long as there
is a header is second slot.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic de-nordic requested a review from nordicjm February 8, 2025 13:47
@de-nordic de-nordic marked this pull request as draft February 8, 2025 13:48
nordicjm
nordicjm reviewed Feb 10, 2025
View reviewed changes
Copy link
Collaborator

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should delete it as it currently does because the what has been uploaded is invalid, no different than if you upload a corrupt image to a slot then mark it for upgrade

@de-nordic
Copy link
Collaborator Author

this should delete it as it currently does because the what has been uploaded is invalid, no different than if you upload a corrupt image to a slot then mark it for upgrade

OK, but wouldn't it suffice to just remove the first page then?
I have stumbled to this issue when I had leftover header in slot from previous usage and the mcuboot refused to boot image programmed to the next page. I know it should never happen, but it is like you have stuck something irrelevant to the first page, that will not be used for anything, but MCUboot refuses to work.

@nordicjm
Copy link
Collaborator

this should delete it as it currently does because the what has been uploaded is invalid, no different than if you upload a corrupt image to a slot then mark it for upgrade

OK, but wouldn't it suffice to just remove the first page then? I have stumbled to this issue when I had leftover header in slot from previous usage and the mcuboot refused to boot image programmed to the next page. I know it should never happen, but it is like you have stuck something irrelevant to the first page, that will not be used for anything, but MCUboot refuses to work.

needs to clear first 2 sectors and trailer sector at least, in original implementation just used the existing clear image erase code that was already present in the file. Hmm do you mean like with #2199 ?

@de-nordic
Copy link
Collaborator Author

de-nordic commented Feb 11, 2025
edited
Loading

this should delete it as it currently does because the what has been uploaded is invalid, no different than if you upload a corrupt image to a slot then mark it for upgrade

OK, but wouldn't it suffice to just remove the first page then? I have stumbled to this issue when I had leftover header in slot from previous usage and the mcuboot refused to boot image programmed to the next page. I know it should never happen, but it is like you have stuck something irrelevant to the first page, that will not be used for anything, but MCUboot refuses to work.

needs to clear first 2 sectors and trailer sector at least, in original implementation just used the existing clear image erase code that was already present in the file.

So, in my case there was a sequence on the same board:

  1. I have tested offset
  2. I had to do some work on swam-move
  3. I have nrfjproged the same set I have used in 1), at once
  4. reset and I got the error, even though the set from 1) worked fine, just that this time I have leftover header from 2).

So why to clear two sectors? The header in the second sector is what I have expected

Hmm do you mean like with #2199 ?

Yeah, maybe. But that had to be a lot of bad things happening for the magic to appear properly.

But there is also a chance that some write started (can it?) during swap-offset, and there is already crap in the first sector, or something else managed to write there magic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nordicjm nordicjm nordicjm left review comments

@davidvincze davidvincze Awaiting requested review from davidvincze davidvincze is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@de-nordic @nordicjm