Merge pull request #1 from lbonhomme-vossloh/dsp3/zephyr_3.2

Dsp3/zephyr 3.2

boot/bootutil/src/loader.c

@@ -2276,6 +2276,54 @@ boot_get_slot_usage(struct boot_loader_state *state)
     return 0;
 }
 
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_DOWNGRADE_ALLOWED)
+/**
+ * Finds a slot containing an image for the current image.
+ * Gives the priority to a slot with a not tested image.
+ *
+ * @param  state        Boot loader status information.
+ *
+ * @return              NO_ACTIVE_SLOT if no available slot found, number of
+ *                      the found slot otherwise.
+ */
+static uint32_t
+find_slot_not_tested(struct boot_loader_state *state)
+{
+    uint32_t slot;
+    uint32_t candidate_slot = NO_ACTIVE_SLOT;
+    const struct flash_area *fap;
+    int fa_id;
+    struct boot_swap_state* active_swap_state;
+    int rc;
+
+    for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
+        if (state->slot_usage[BOOT_CURR_IMG(state)].slot_available[slot]) {
+            if (candidate_slot == NO_ACTIVE_SLOT) {
+                candidate_slot = slot;
+            } else {
+		fa_id = flash_area_id_from_multi_image_slot(BOOT_CURR_IMG(state), slot);
+
+		rc = flash_area_open(fa_id, &fap);
+		assert(rc == 0);
+
+		active_swap_state = malloc(sizeof(struct boot_swap_state));
+
+		assert(active_swap_state != 0);
+
+		rc = boot_read_swap_state(fap, active_swap_state);
+		assert(rc == 0);
+		if (active_swap_state->copy_done == BOOT_FLAG_UNSET) {
+			candidate_slot = slot;
+		}
+		free(active_swap_state);
+	    }
+	}
+    }
+
+    return candidate_slot;
+}
+
+#else
 /**
  * Finds the slot containing the image with the highest version number for the
  * current image.
@@ -2312,6 +2360,7 @@ find_slot_with_highest_version(struct boot_loader_state *state)
 
     return candidate_slot;
 }
+#endif
 
 #ifdef MCUBOOT_HAVE_LOGGING
 /**
@@ -3023,7 +3072,12 @@ boot_load_and_validate_images(struct boot_loader_state *state)
                 break;
             }
 
-            active_slot = find_slot_with_highest_version(state);
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_DOWNGRADE_ALLOWED)
+	    	active_slot = find_slot_not_tested(state);
+#else
+		active_slot = find_slot_with_highest_version(state);
+#endif
+
             if (active_slot == NO_ACTIVE_SLOT) {
                 BOOT_LOG_INF("No slot to load for image %d",
                              BOOT_CURR_IMG(state));

boot/mbed/mbed_lib.json

@@ -186,6 +186,11 @@
             "macro_name": "MCUBOOT_DIRECT_XIP_REVERT",
             "value": null
         },
+	"direct-xip-downgrade-allowed": {
+	    "help": "Disable downgrade prevention. Only valid if direct-xip is also enabled.",
+	    "macro_name": "MCUBOOT_DIRECT_XIP_DOWNGRADE_ALLOWED",
+	    "value": null
+	},
         "xip-secondary-slot-address": {
             "help": "Specify start address for secondary slot address in XIP-accessible memory. This is required if direct-xip is enabled.",
             "value": null

boot/zephyr/Kconfig

@@ -281,6 +281,16 @@ config BOOT_DIRECT_XIP_REVERT
 	  attempt to boot the previous image. The images can also be made permanent
 	  (marked as confirmed in advance) just like in swap mode.
 
+config BOOT_DIRECT_XIP_DOWNGRADE_ALLOWED
+	bool "Swap memory banks if the secondary slot is not tested"
+	depends on BOOT_DIRECT_XIP
+	default n
+	help
+	  If y, allows memory bank swap if the secondary slot has not been marked as
+	  tested by mcuboot. The version of the image on the secondary slot does not
+	  need to be greater than the image of the current slot.
+
+
 config BOOT_BOOTSTRAP
 	bool "Bootstrap erased the primary slot from the secondary slot"
 	default n

boot/zephyr/include/mcuboot_config/mcuboot_config.h

@@ -81,6 +81,10 @@
 #define MCUBOOT_DIRECT_XIP_REVERT
 #endif
 
+#ifdef CONFIG_BOOT_DIRECT_XIP_DOWNGRADE_ALLOWED
+#define MCUBOOT_DIRECT_XIP_DOWNGRADE_ALLOWED
+#endif
+
 #ifdef CONFIG_BOOT_RAM_LOAD
 #define MCUBOOT_RAM_LOAD 1
 #define IMAGE_EXECUTABLE_RAM_START CONFIG_BOOT_IMAGE_EXECUTABLE_RAM_START