diff options
| -rw-r--r-- | docs/pages/bootloader.adoc | 6 | ||||
| -rw-r--r-- | embassy-boot/CHANGELOG.md | 3 | ||||
| -rw-r--r-- | embassy-boot/Cargo.toml | 14 | ||||
| -rw-r--r-- | embassy-boot/src/boot_loader.rs | 12 | ||||
| -rw-r--r-- | embassy-boot/src/lib.rs | 4 |
5 files changed, 30 insertions, 9 deletions
diff --git a/docs/pages/bootloader.adoc b/docs/pages/bootloader.adoc index b0f0331aa..c010b0622 100644 --- a/docs/pages/bootloader.adoc +++ b/docs/pages/bootloader.adoc | |||
| @@ -43,14 +43,14 @@ Partition Size~dfu~= Partition Size~active~+ Page Size~active~ | |||
| 43 | + | 43 | + |
| 44 | All values are specified in bytes. | 44 | All values are specified in bytes. |
| 45 | 45 | ||
| 46 | * BOOTLOADER STATE - Where the bootloader stores the current state describing if the active and dfu partitions need to be swapped. When the new firmware has been written to the DFU partition, a magic field is written to instruct the bootloader that the partitions should be swapped. This partition must be able to store a magic field as well as the partition swap progress. The partition size given by: | 46 | * BOOTLOADER STATE - Where the bootloader stores the current state describing if the active and dfu partitions need to be swapped. When the new firmware has been written to the DFU partition, a magic field is written to instruct the bootloader that the partitions should be swapped. This partition must be able to store a magic field as well as the partition swap progress. The partition size is given by: |
| 47 | + | 47 | + |
| 48 | Partition Size~state~ = Write Size~state~ + (2 × Partition Size~active~ / Page Size~active~) | 48 | Partition Size~state~ = (2 × Write Size~state~) + (4 × Write Size~state~ × Partition Size~active~ / Page Size~active~) |
| 49 | + | 49 | + |
| 50 | All values are specified in bytes. | 50 | All values are specified in bytes. |
| 51 | 51 | ||
| 52 | The partitions for ACTIVE (+BOOTLOADER), DFU and BOOTLOADER_STATE may be placed in separate flash. The page size used by the bootloader is determined by the lowest common multiple of the ACTIVE and DFU page sizes. | 52 | The partitions for ACTIVE (+BOOTLOADER), DFU and BOOTLOADER_STATE may be placed in separate flash. The page size used by the bootloader is determined by the lowest common multiple of the ACTIVE and DFU page sizes. |
| 53 | The BOOTLOADER_STATE partition must be big enough to store one word per page in the ACTIVE and DFU partitions combined. | 53 | The BOOTLOADER_STATE partition must be big enough to store two words, plus four words per page in the ACTIVE partition. |
| 54 | 54 | ||
| 55 | The bootloader has a platform-agnostic part, which implements the power fail safe swapping algorithm given the boundaries set by the partitions. The platform-specific part is a minimal shim that provides additional functionality such as watchdogs or supporting the nRF52 softdevice. | 55 | The bootloader has a platform-agnostic part, which implements the power fail safe swapping algorithm given the boundaries set by the partitions. The platform-specific part is a minimal shim that provides additional functionality such as watchdogs or supporting the nRF52 softdevice. |
| 56 | 56 | ||
diff --git a/embassy-boot/CHANGELOG.md b/embassy-boot/CHANGELOG.md index 8d6395357..1d41043cb 100644 --- a/embassy-boot/CHANGELOG.md +++ b/embassy-boot/CHANGELOG.md | |||
| @@ -8,6 +8,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 | |||
| 8 | <!-- next-header --> | 8 | <!-- next-header --> |
| 9 | ## Unreleased - ReleaseDate | 9 | ## Unreleased - ReleaseDate |
| 10 | 10 | ||
| 11 | - Fixed documentation and assertion of STATE partition size requirements | ||
| 12 | - Added documentation for package features | ||
| 13 | |||
| 11 | ## 0.6.1 - 2025-08-26 | 14 | ## 0.6.1 - 2025-08-26 |
| 12 | 15 | ||
| 13 | - First release with changelog. | 16 | - First release with changelog. |
diff --git a/embassy-boot/Cargo.toml b/embassy-boot/Cargo.toml index 8c5c1f633..754c6e5f1 100644 --- a/embassy-boot/Cargo.toml +++ b/embassy-boot/Cargo.toml | |||
| @@ -26,6 +26,7 @@ features = ["defmt"] | |||
| 26 | [dependencies] | 26 | [dependencies] |
| 27 | defmt = { version = "1.0.1", optional = true } | 27 | defmt = { version = "1.0.1", optional = true } |
| 28 | digest = "0.10" | 28 | digest = "0.10" |
| 29 | document-features = "0.2.7" | ||
| 29 | log = { version = "0.4", optional = true } | 30 | log = { version = "0.4", optional = true } |
| 30 | ed25519-dalek = { version = "2", default-features = false, features = ["digest"], optional = true } | 31 | ed25519-dalek = { version = "2", default-features = false, features = ["digest"], optional = true } |
| 31 | embassy-embedded-hal = { version = "0.5.0", path = "../embassy-embedded-hal" } | 32 | embassy-embedded-hal = { version = "0.5.0", path = "../embassy-embedded-hal" } |
| @@ -45,11 +46,22 @@ critical-section = { version = "1.1.1", features = ["std"] } | |||
| 45 | ed25519-dalek = { version = "2", default-features = false, features = ["std", "rand_core", "digest"] } | 46 | ed25519-dalek = { version = "2", default-features = false, features = ["std", "rand_core", "digest"] } |
| 46 | 47 | ||
| 47 | [features] | 48 | [features] |
| 49 | ## Use [`defmt`](https://docs.rs/defmt/latest/defmt/) for logging | ||
| 48 | defmt = ["dep:defmt"] | 50 | defmt = ["dep:defmt"] |
| 51 | ## Use log for logging | ||
| 49 | log = ["dep:log"] | 52 | log = ["dep:log"] |
| 53 | |||
| 54 | ## Enable for devices that set erased flash bytes to `0x00` instead of the usual `0xFF` | ||
| 55 | flash-erase-zero = [] | ||
| 56 | |||
| 57 | #! ## Firmware Signing | ||
| 58 | #! Enable one of these features to allow verification of DFU signatures with | ||
| 59 | #! `FirmwareUpdater::verify_and_mark_updated`. | ||
| 60 | |||
| 61 | ## Use the `ed25519-dalek` package to verify DFU signatures. | ||
| 50 | ed25519-dalek = ["dep:ed25519-dalek", "_verify"] | 62 | ed25519-dalek = ["dep:ed25519-dalek", "_verify"] |
| 63 | ## Use the `salty` package to verify DFU signatures. | ||
| 51 | ed25519-salty = ["dep:salty", "_verify"] | 64 | ed25519-salty = ["dep:salty", "_verify"] |
| 52 | flash-erase-zero = [] | ||
| 53 | 65 | ||
| 54 | #Internal features | 66 | #Internal features |
| 55 | _verify = [] | 67 | _verify = [] |
diff --git a/embassy-boot/src/boot_loader.rs b/embassy-boot/src/boot_loader.rs index c38940d6e..a3a307051 100644 --- a/embassy-boot/src/boot_loader.rs +++ b/embassy-boot/src/boot_loader.rs | |||
| @@ -135,10 +135,12 @@ pub struct BootLoader<ACTIVE: NorFlash, DFU: NorFlash, STATE: NorFlash> { | |||
| 135 | dfu: DFU, | 135 | dfu: DFU, |
| 136 | /// The state partition has the following format: | 136 | /// The state partition has the following format: |
| 137 | /// All ranges are in multiples of WRITE_SIZE bytes. | 137 | /// All ranges are in multiples of WRITE_SIZE bytes. |
| 138 | /// | Range | Description | | 138 | /// N = Active partition size divided by WRITE_SIZE. |
| 139 | /// | 0..1 | Magic indicating bootloader state. BOOT_MAGIC means boot, SWAP_MAGIC means swap. | | 139 | /// | Range | Description | |
| 140 | /// | 1..2 | Progress validity. ERASE_VALUE means valid, !ERASE_VALUE means invalid. | | 140 | /// | 0..1 | Magic indicating bootloader state. BOOT_MAGIC means boot, SWAP_MAGIC means swap. | |
| 141 | /// | 2..2 + N | Progress index used while swapping or reverting | 141 | /// | 1..2 | Progress validity. ERASE_VALUE means valid, !ERASE_VALUE means invalid. | |
| 142 | /// | 2..(2 + 2N) | Progress index used while swapping | | ||
| 143 | /// | (2 + 2N)..(2 + 4N) | Progress index used while reverting | ||
| 142 | state: STATE, | 144 | state: STATE, |
| 143 | } | 145 | } |
| 144 | 146 | ||
| @@ -429,7 +431,7 @@ fn assert_partitions<ACTIVE: NorFlash, DFU: NorFlash, STATE: NorFlash>( | |||
| 429 | assert_eq!(dfu.capacity() as u32 % page_size, 0); | 431 | assert_eq!(dfu.capacity() as u32 % page_size, 0); |
| 430 | // DFU partition has to be bigger than ACTIVE partition to handle swap algorithm | 432 | // DFU partition has to be bigger than ACTIVE partition to handle swap algorithm |
| 431 | assert!(dfu.capacity() as u32 - active.capacity() as u32 >= page_size); | 433 | assert!(dfu.capacity() as u32 - active.capacity() as u32 >= page_size); |
| 432 | assert!(2 + 2 * (active.capacity() as u32 / page_size) <= state.capacity() as u32 / STATE::WRITE_SIZE as u32); | 434 | assert!(2 + 4 * (active.capacity() as u32 / page_size) <= state.capacity() as u32 / STATE::WRITE_SIZE as u32); |
| 433 | } | 435 | } |
| 434 | 436 | ||
| 435 | #[cfg(test)] | 437 | #[cfg(test)] |
diff --git a/embassy-boot/src/lib.rs b/embassy-boot/src/lib.rs index 7dc811f66..3e61d6036 100644 --- a/embassy-boot/src/lib.rs +++ b/embassy-boot/src/lib.rs | |||
| @@ -3,6 +3,10 @@ | |||
| 3 | #![allow(unsafe_op_in_unsafe_fn)] | 3 | #![allow(unsafe_op_in_unsafe_fn)] |
| 4 | #![warn(missing_docs)] | 4 | #![warn(missing_docs)] |
| 5 | #![doc = include_str!("../README.md")] | 5 | #![doc = include_str!("../README.md")] |
| 6 | |||
| 7 | //! ## Feature flags | ||
| 8 | #![doc = document_features::document_features!(feature_label = r#"<span class="stab portability"><code>{feature}</code></span>"#)] | ||
| 9 | |||
| 6 | mod fmt; | 10 | mod fmt; |
| 7 | 11 | ||
| 8 | mod boot_loader; | 12 | mod boot_loader; |