[nrf noup] dfu: boot: mcuboot_shell: Prevent erasing active areas

fixup! [nrf noup] tree-wide: support NCS Partition Manager (PM) definitions Adds in checks for partition manager to prevent users from erasing the MCUboot partition or the currently active partition Signed-off-by: Jamie McCrae <[email protected]>
nrfconnect · Oct 31, 2024 · b3b3bb3 · b3b3bb3
1 parent d59b845
commit b3b3bb3
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/subsys/dfu/boot/mcuboot_shell.c b/subsys/dfu/boot/mcuboot_shell.c
@@ -20,6 +20,16 @@
 #endif
 #endif
 
+#if USE_PARTITION_MANAGER
+#include <flash_map_pm.h>
+
+#ifdef CONFIG_NCS_IS_VARIANT_IMAGE
+#define ACTIVE_IMAGE_ID PM_MCUBOOT_SECONDARY_ID
+#else
+#define ACTIVE_IMAGE_ID PM_MCUBOOT_PRIMARY_ID
+#endif
+#endif
+
 struct area_desc {
 	const char *name;
 	unsigned int id;
@@ -93,6 +103,35 @@ static int cmd_mcuboot_erase(const struct shell *sh, size_t argc,
 	id = strtoul(argv[1], NULL, 0);
 
 	/* Check if this is the parent (MCUboot) or own slot and if so, deny the request */
+#if USE_PARTITION_MANAGER
+#ifdef PM_MCUBOOT_ID
+	if (id == PM_MCUBOOT_ID || id == PM_MCUBOOT_PAD_ID) {
+		shell_error(sh, "Cannot erase boot partition");
+		return -EACCES;
+	}
+#endif
+
+#ifdef PM_APP_ID
+	if (id == PM_APP_ID) {
+		shell_error(sh, "Cannot erase this area");
+		return -EACCES;
+	}
+#endif
+
+#ifdef PM_MCUBOOT_PRIMARY_APP_ID
+	if (id == PM_MCUBOOT_PRIMARY_APP_ID) {
+		shell_error(sh, "Cannot erase this area");
+		return -EACCES;
+	}
+#endif
+
+#ifdef ACTIVE_IMAGE_ID
+	if (id == ACTIVE_IMAGE_ID) {
+		shell_error(sh, "Cannot erase active partitions");
+		return -EACCES;
+	}
+#endif
+#else
 #if FIXED_PARTITION_EXISTS(boot_partition)
 	if (id == FIXED_PARTITION_ID(boot_partition)) {
 		shell_error(sh, "Cannot erase boot partition");
@@ -105,6 +144,7 @@ static int cmd_mcuboot_erase(const struct shell *sh, size_t argc,
 		shell_error(sh, "Cannot erase active partitions");
 		return -EACCES;
 	}
+#endif
 #endif
 
 	err = boot_erase_img_bank(id);