We're updating the issue view to help you get more done. 

mcuboot doesn't detect partial swap type correctly when resumed

Description

In boot/bootutil/src/loader.c, mcuboot contains a table named boot_swap_trans_table, which "indicates the next swap type that should be performed". It contains:

1 2 3 4 5 6 7 8 9 10 11 /** * This table indicates the next swap type that should be performed. The first * column contains the current swap type. The second column contains the swap * type that should be effected after the first completes. */ static const uint8_t boot_swap_trans_table[][2] = { /* From To */ { BOOT_SWAP_TYPE_REVERT, BOOT_SWAP_TYPE_NONE }, { BOOT_SWAP_TYPE_PERM, BOOT_SWAP_TYPE_NONE }, { BOOT_SWAP_TYPE_TEST, BOOT_SWAP_TYPE_REVERT }, };

However, the only user is a function, boot_previous_swap_type(), which doesn't investigate the next swap type, but rather attempts to compute the previous swap type which was in progress when mcuboot was interrupted:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 /** * Calculates the type of swap that just completed. */ static int boot_previous_swap_type(void) { int post_swap_type; int i; post_swap_type = boot_swap_type(); for (i = 0; i < BOOT_SWAP_TRANS_TABLE_SIZE; i++){ if (boot_swap_trans_table[i][1] == post_swap_type) { return boot_swap_trans_table[i][0]; } } /* XXX: Temporary assert. */ assert(0); return BOOT_SWAP_TYPE_REVERT; }

(This is called from boot_swap_if_needed() if mcuboot detects a partial swap.)

This cannot be correct: for example, boot_previous_swap_type() can never return BOOT_SWAP_TYPE_PERM.

This is true since boot_previous_swap_type() only checks:

1 post_swap_type == boot_swap_trans_table[i][1]

so if post_swap_type is BOOT_SWAP_TYPE_NONE, boot_previous_swap_type() will always return BOOT_SWAP_TYPE_REVERT, never BOOT_SWAP_TYPE_PERM.

So something is wrong here, and mcuboot might not be correctly handling an interrupted swap as a result.

This ticket tracks figuring out what the right behavior is.

Environment

None

Status

Assignee

Fabio Utzig

Reporter

Marti Bolivar

Labels

None

Fix versions

Priority

High