static void start_target(void) { set_timeout(STATE_TIMEOUT_TARGET); m_state = BL_STATE_DFU_TARGET; uint32_t segment_size = 0; bl_info_entry_t flags_entry; memset(&flags_entry, 0xFF, (BL_INFO_LEN_FLAGS + 3) & ~0x03UL); switch (m_transaction.type) { case DFU_TYPE_SD: segment_size = m_bl_info_pointers.p_segment_sd->length; flags_entry.flags.sd_intact = false; break; case DFU_TYPE_APP: segment_size = m_bl_info_pointers.p_segment_app->length; flags_entry.flags.app_intact = false; break; case DFU_TYPE_BOOTLOADER: segment_size = m_bl_info_pointers.p_segment_bl->length; flags_entry.flags.bl_intact = false; break; default: segment_size = 0; } /* Tag the transfer as incomplete in device page if we're about to overwrite it. */ if (m_transaction.p_start_addr == m_transaction.p_bank_addr) { if (m_bl_info_pointers.p_flags == NULL) { m_bl_info_pointers.p_flags = &bootloader_info_entry_put(BL_INFO_TYPE_FLAGS, &flags_entry, BL_INFO_LEN_FLAGS)->flags; } else { /* update inline */ nrf_flash_store((uint32_t*) m_bl_info_pointers.p_flags, (uint8_t*) &flags_entry, (BL_INFO_LEN_FLAGS + 3) & ~0x03UL, 0); } } if (dfu_start( m_transaction.p_start_addr, m_transaction.p_bank_addr, m_transaction.length, segment_size, m_transaction.segment_is_valid_after_transfer) != NRF_SUCCESS) { start_req(m_transaction.type, true); } else { transport_tx_abort(mp_beacon); /* stop beaconing */ } }
void bootloader_rtc_irq_handler(void) { NRF_RTC0->INTENCLR = (1 << (RTC_BL_STATE_CH + RTC_INTENCLR_COMPARE0_Pos)); switch (m_state) { case BL_STATE_FIND_FWID: bootloader_abort(BL_END_FWID_VALID); break; case BL_STATE_DFU_REQ: case BL_STATE_DFU_READY: bootloader_abort(BL_END_ERROR_NO_START); break; case BL_STATE_DFU_TARGET: start_req(m_transaction.type, true); break; case BL_STATE_VALIDATE: if (signature_check()) { /* Don't want any interrupts disturbing this final stage */ uint32_t was_masked; _DISABLE_IRQS(was_masked); /* write new version in bl info: */ bl_info_entry_t new_version_entry; memcpy(&new_version_entry.version, m_bl_info_pointers.p_fwid, sizeof(fwid_t)); bl_info_type_t sign_info_type = BL_INFO_TYPE_INVALID; if (m_bl_info_pointers.p_flags == NULL) { APP_ERROR_CHECK(NRF_ERROR_NULL); } /* copy flags, then mark the type we just verified as intact before reflashing it. */ bl_info_entry_t flags_entry; memcpy(&flags_entry, m_bl_info_pointers.p_flags, ((BL_INFO_LEN_FLAGS + 3) & ~0x03UL)); switch (m_transaction.type) { case DFU_TYPE_APP: memcpy((void*) &new_version_entry.version.app, (void*) &m_transaction.target_fwid_union.app, DFU_FWID_LEN_APP); sign_info_type = BL_INFO_TYPE_SIGNATURE_APP; flags_entry.flags.app_intact = true; break; case DFU_TYPE_SD: memcpy((void*) &new_version_entry.version.sd, (void*) &m_transaction.target_fwid_union.sd, DFU_FWID_LEN_SD); sign_info_type = BL_INFO_TYPE_SIGNATURE_SD; flags_entry.flags.sd_intact = true; break; case DFU_TYPE_BOOTLOADER: memcpy((void*) &new_version_entry.version.bootloader, (void*) &m_transaction.target_fwid_union.bootloader, DFU_FWID_LEN_BL); sign_info_type = BL_INFO_TYPE_SIGNATURE_BL; flags_entry.flags.bl_intact = true; break; default: break; } m_bl_info_pointers.p_fwid = &bootloader_info_entry_put(BL_INFO_TYPE_VERSION, &new_version_entry, BL_INFO_LEN_FWID)->version; m_bl_info_pointers.p_flags = &bootloader_info_entry_put(BL_INFO_TYPE_FLAGS, &flags_entry, BL_INFO_LEN_FLAGS)->flags; /* add signature to bl info, if applicable: */ if (m_transaction.signature_length != 0) { bootloader_info_entry_put(sign_info_type, (bl_info_entry_t*) m_transaction.signature, DFU_SIGNATURE_LEN); } _ENABLE_IRQS(was_masked); bootloader_abort(BL_END_SUCCESS); } else { /* someone gave us anauthorized firmware, and we're broken. need to reboot and try to request a new transfer */ bootloader_abort(BL_END_ERROR_UNAUTHORIZED); } break; case BL_STATE_RELAY: case BL_STATE_RELAY_CANDIDATE: bootloader_abort(BL_END_SUCCESS); break; default: break; } }
static void flash_bank_entry(void) { bl_info_bank_t* p_bank_entry = mp_bank_entry; /* make local copy to avoid race conditions */ if (p_bank_entry == NULL) { return; } bl_info_entry_t bank_entry_replacement; memcpy(&bank_entry_replacement, p_bank_entry, sizeof(bl_info_bank_t)); switch (p_bank_entry->state) { case BL_INFO_BANK_STATE_IDLE: { m_waiting_for_idle = true; bank_entry_replacement.bank.state = BL_INFO_BANK_STATE_FLASH_FW; bootloader_info_entry_overwrite((bl_info_type_t) (BL_INFO_TYPE_BANK_BASE + m_dfu_type), &bank_entry_replacement); /* Wait for this to take effect before moving on, as the potential mbr commands in the flash_fw state may trigger sudden reboots. */ return; } case BL_INFO_BANK_STATE_FLASH_FW: switch (m_dfu_type) { case DFU_TYPE_BOOTLOADER: /* Check to see if the bank transfer has been executed */ if (memcmp(p_bank_entry->p_bank_addr, (uint32_t*) bootloader_info_entry_get(BL_INFO_TYPE_SEGMENT_BL)->segment.start, p_bank_entry->length) != 0) { /* move the bank with MBR. BOOTLOADERADDR() must have been set. */ sd_mbr_command_t sd_mbr_cmd; sd_mbr_cmd.command = SD_MBR_COMMAND_COPY_BL; sd_mbr_cmd.params.copy_bl.bl_src = p_bank_entry->p_bank_addr; sd_mbr_cmd.params.copy_bl.bl_len = p_bank_entry->length / sizeof(uint32_t); APP_ERROR_CHECK(sd_mbr_command(&sd_mbr_cmd)); return; /* Can't be reached, only here for readability. */ } else { bank_entry_replacement.bank.state = BL_INFO_BANK_STATE_FLASH_META; bootloader_info_entry_overwrite(BL_INFO_TYPE_BANK_BL, &bank_entry_replacement); } break; case DFU_TYPE_SD: /* Check to see if the bank transfer has been executed */ if (memcmp(p_bank_entry->p_bank_addr, (uint32_t*) bootloader_info_entry_get(BL_INFO_TYPE_SEGMENT_SD)->segment.start, p_bank_entry->length) != 0) { /* move the bank with MBR. */ sd_mbr_command_t sd_mbr_cmd; sd_mbr_cmd.command = SD_MBR_COMMAND_COPY_SD; sd_mbr_cmd.params.copy_sd.src = p_bank_entry->p_bank_addr; sd_mbr_cmd.params.copy_sd.len = p_bank_entry->length / sizeof(uint32_t); sd_mbr_cmd.params.copy_sd.dst = (uint32_t*) 0x1000; APP_ERROR_CHECK(sd_mbr_command(&sd_mbr_cmd)); return; /* Can't be reached, only here for readability. */ } else { bank_entry_replacement.bank.state = BL_INFO_BANK_STATE_FLASH_META; bootloader_info_entry_overwrite((bl_info_type_t) (BL_INFO_TYPE_BANK_BASE + m_dfu_type), &bank_entry_replacement); } break; case DFU_TYPE_APP: /* This nukes the call stack and any flash-callbacks on the app side. If we're in the application, we have to jump to bootloader. */ if (bootloader_is_in_application()) { /* All paths leading to this call warns about this reset. We'll come back to finalize the transfer after the reset. */ __LOG("IN APP MODE. RESET!\n"); #if 1 //def SOFTDEVICE_PRESENT sd_power_reset_reason_clr(0x0F000F); #if NORDIC_SDK_VERSION >= 11 sd_power_gpregret_set(0, RBC_MESH_GPREGRET_CODE_GO_TO_APP); #else sd_power_gpregret_set(RBC_MESH_GPREGRET_CODE_GO_TO_APP); #endif sd_nvic_SystemReset(); #else NRF_POWER->RESETREAS = 0x0F000F; /* erase reset-reason to avoid wrongful state-readout on reboot */ NRF_POWER->GPREGRET = RBC_MESH_GPREGRET_CODE_GO_TO_APP; NVIC_SystemReset(); #endif } else { /* Erase, Flash the FW, flash FW flag, flash the signature, erase the bank entry. */ bl_info_entry_t* p_app_entry = bootloader_info_entry_get(BL_INFO_TYPE_SEGMENT_APP); APP_ERROR_CHECK_BOOL(p_app_entry != NULL); APP_ERROR_CHECK_BOOL(IS_PAGE_ALIGNED(p_app_entry->segment.start)); /* Erase existing FW */ bl_evt_t flash_evt; flash_evt.type = BL_EVT_TYPE_FLASH_ERASE; flash_evt.params.flash.erase.start_addr = p_app_entry->segment.start; flash_evt.params.flash.erase.length = ((p_bank_entry->length + (PAGE_SIZE - 1)) & ~(PAGE_SIZE - 1)); /* Pad the rest of the page */ if (bootloader_evt_send(&flash_evt) != NRF_SUCCESS) { m_waiting_for_idle = true; return; } /* Flash bank */ flash_evt.type = BL_EVT_TYPE_FLASH_WRITE; flash_evt.params.flash.write.p_data = (uint8_t*) p_bank_entry->p_bank_addr; flash_evt.params.flash.write.length = p_bank_entry->length; flash_evt.params.flash.write.start_addr = p_app_entry->segment.start; if (bootloader_evt_send(&flash_evt) != NRF_SUCCESS) { m_waiting_for_idle = true; return; } /* Update state */ bank_entry_replacement.bank.state = BL_INFO_BANK_STATE_FLASH_META; bootloader_info_entry_overwrite((bl_info_type_t) (BL_INFO_TYPE_BANK_BASE + m_dfu_type), &bank_entry_replacement); } break; default: APP_ERROR_CHECK(NRF_ERROR_INVALID_DATA); break; } /* deliberate fallthrough */ case BL_INFO_BANK_STATE_FLASH_META: { bl_info_entry_t fwid_entry; bl_info_type_t signature_type; bl_info_entry_t flags_entry; bl_info_entry_t* p_old_fwid_entry = bootloader_info_entry_get(BL_INFO_TYPE_VERSION); bl_info_entry_t* p_old_flags_entry = bootloader_info_entry_get(BL_INFO_TYPE_FLAGS); APP_ERROR_CHECK_BOOL(p_old_fwid_entry); APP_ERROR_CHECK_BOOL(p_bank_entry); memcpy(&fwid_entry, p_old_fwid_entry, sizeof(bl_info_version_t)); memcpy(&flags_entry, p_old_flags_entry, sizeof(bl_info_flags_t)); switch (m_dfu_type) { case DFU_TYPE_SD: fwid_entry.version.sd = p_bank_entry->fwid.sd; signature_type = BL_INFO_TYPE_SIGNATURE_SD; flags_entry.flags.sd_intact = true; break; case DFU_TYPE_BOOTLOADER: fwid_entry.version.bootloader.id = p_bank_entry->fwid.bootloader.id; fwid_entry.version.bootloader.ver = p_bank_entry->fwid.bootloader.ver; signature_type = BL_INFO_TYPE_SIGNATURE_BL; flags_entry.flags.bl_intact = true; break; case DFU_TYPE_APP: fwid_entry.version.app.company_id = p_bank_entry->fwid.app.company_id; fwid_entry.version.app.app_id = p_bank_entry->fwid.app.app_id; fwid_entry.version.app.app_version = p_bank_entry->fwid.app.app_version; signature_type = BL_INFO_TYPE_SIGNATURE_APP; flags_entry.flags.app_intact = true; break; default: APP_ERROR_CHECK(NRF_ERROR_INVALID_DATA); return; } if (!bootloader_info_entry_put(BL_INFO_TYPE_VERSION, &fwid_entry, BL_INFO_LEN_FWID)) { m_waiting_for_idle = true; return; } if (p_bank_entry->has_signature) { if (!bootloader_info_entry_put(signature_type, (bl_info_entry_t*) p_bank_entry->signature, BL_INFO_LEN_SIGNATURE)) { m_waiting_for_idle = true; return; } } if (!bootloader_info_entry_put(BL_INFO_TYPE_FLAGS, &flags_entry, BL_INFO_LEN_FLAGS)) { m_waiting_for_idle = true; return; } /* Update state */ __LOG("Bank: Set state to FLASHED\n"); bank_entry_replacement.bank.state = BL_INFO_BANK_STATE_FLASHED; bootloader_info_entry_overwrite((bl_info_type_t) (BL_INFO_TYPE_BANK_BASE + m_dfu_type), &bank_entry_replacement); } /* deliberate fallthrough */ case BL_INFO_BANK_STATE_FLASHED: /* We may invalidate the bank entry in the device page now, it's all redundant. */ __LOG("Bank: Invalidate.\n"); if (bootloader_info_entry_invalidate((bl_info_type_t) (BL_INFO_TYPE_BANK_BASE + m_dfu_type)) == NRF_SUCCESS) { __LOG("Bank invalidated.\n"); mp_bank_entry = NULL; /* reset the static bank pointer, as we no longer need it. */ } else { m_waiting_for_idle = true; } break; } }