Skip to content

modules: mcuboot: enable support for RAMLOAD mode with revert #85254

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

modules: mcuboot: enable support for RAMLOAD mode with revert #85254

wants to merge 12 commits into from
+218 −44

Conversation

danieldegrasse
Copy link
Collaborator

@danieldegrasse danieldegrasse commented Feb 5, 2025
edited
Loading

This PR adds support for RAMLOAD mode with revert in MCUBoot, and enables a testcase for it with the mcumgr subsystem. RAMLOAD mode with revert functions similar to the direct xip mode with revert- MCUBoot will not ramload an image that is not confirmed or marked pending.

This PR also modifies the method of getting the active slot number when using ramload modes- we need to query the flash area ID, not the active boot slot for use with mcuboot boot utilities

@zephyrbot
Copy link
Collaborator

zephyrbot commented Feb 5, 2025
edited by github-actions bot
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot mcu-tools/mcuboot@c8470fb mcu-tools/mcuboot#2197 mcu-tools/mcuboot#2197/files

Additional metadata changed:

Name URL Submodules West cmds module.yml
mcuboot

DNM label due to: 1 project with PR revision and 1 project with metadata changes

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@zephyrbot zephyrbot added manifest manifest-mcuboot DNM (manifest) This PR should not be merged (controlled by action-manifest) labels Feb 5, 2025
@danieldegrasse
Copy link
Collaborator Author

Note: this PR requires mcu-tools/mcuboot#2197 from MCUBoot. It also contains commits from #85096, because I validated this support on the RT1050-EVK

@danieldegrasse danieldegrasse force-pushed the feature/mcuboot-ramload-revert branch from f2f96f5 to 59da498 Compare February 28, 2025 00:13
@nordicjm nordicjm mentioned this pull request Mar 12, 2025
Open
@danieldegrasse danieldegrasse force-pushed the feature/mcuboot-ramload-revert branch from 59da498 to f1d2151 Compare March 12, 2025 14:35
@nordicjm
Copy link
Collaborator

This is not working. Do a build with sysbuild and flash using west flash so you have both images. If you run the image info command you get the following:

Slot 0:
    Active
    Confirmed
    Bootable

Slot 1:
    Bootable
    Pending
    Permanent

This state is invalid as when you reboot, it boots slot 0 again. You also cannot erase the update slot or transfer a new image because it thinks an upgrade is in progress when it is not

@danieldegrasse danieldegrasse force-pushed the feature/mcuboot-ramload-revert branch from f1d2151 to cb05a8b Compare March 27, 2025 04:08
@danieldegrasse
Copy link
Collaborator Author

This is not working. Do a build with sysbuild and flash using west flash so you have both images. If you run the image info command you get the following:

Slot 0:
    Active
    Confirmed
    Bootable

Slot 1:
    Bootable
    Pending
    Permanent

This state is invalid as when you reboot, it boots slot 0 again. You also cannot erase the update slot or transfer a new image because it thinks an upgrade is in progress when it is not

How are you testing this? The sequence I'm using is the following:

  • build using sysbuild, and flash. MCUBoot and image 0 are flashed.
  • rebuild sample with CONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION="0.0.1+0", so the new SMP SVR application has a higher version
  • upload the new zephyr.signed.bin to slot1 using mcumgr-client
  • Mark the image as pending using mcumgr-client, and reset the board
  • Verify that the new smp_svr application has booted, and that it will be reverted after a reboot (since it did not confirm itself)

@nordicjm
Copy link
Collaborator

Seems I did not do recover between tests, reproduction is build and flash, then upload the slot1 image without changing version, upgrade is bricked as image flag does nothing, new image is not booted, application cannot erase image because it is persistently marked as test

@nordicjm
Copy link
Collaborator

Then after, if you actually do erase the flash of the upgrade slot header, MCUboot shows no secondary image - good, MCUmgr shows no secondary image - good, and try to upload, it fails to upload because of "There is no free slot to place the image" ??? Assuming this is because the flags are still set in the main image but this also bricks updates

@nordicjm
Copy link
Collaborator

nordicjm commented Mar 28, 2025
edited
Loading

Actually a bit confused why a slot1 bin file is generated since the slot0 and slot1 bin files would be exactly the same for RAM load, hex makes sense but don't need the bin for slot1, something for me to look into why I did that

@57300 57300 removed their request for review April 1, 2025 19:00
@danieldegrasse danieldegrasse mentioned this pull request Apr 8, 2025
Closed
@danieldegrasse
samples: subsys: mcumgr: rework ram load support for multiple boards
e1dbeb8 
MCUMgr ram load support was hardcoding the overlay file for the
nrf52840dk. To make this support generic, move the _ram_load overlay
file to the MCUBoot repository, as part of the mcuboot application.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
soc: nxp: common: disable FLASH_MCUX_FLEXSPI_XIP if using ramload
de43322 
MCUBoot RAMLOAD mode relies on CONFIG_XIP=n, but FLASH_MCUX_FLEXSPI_XIP
y-selects this symbol. Disable CONFIG_FLASH_MCUX_FLEXSPI_XIP for the
case where we are using MCUBoot ramload mode.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
samples: subsys: mgmt: mcumgr: add support for ramload on mimxrt1050_evk
f27f73b 
Add support for using the ramload mode of MCUBoot on the mimxrt1050_evk

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
modules: mcuboot: add Kconfigs for RAMLOAD_WITH_REVERT mode
af015d0 
Add Kconfigs for RAMLOAD_WITH_REVERT mode in MCUBoot. This mode works in
a manner similar to DIRECT_XIP_WITH_REVERT- namely, mcuboot will only
boot an image that is either confirmed or marked as pending. If both
images are confirmed, mcuboot will still select the one with the higher
version, so downgrading is not possible using this mode.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
scripts: ci: exempt BOOT_RAM_LOAD_REVERT from checks
d7dceca 
Add BOOT_RAM_LOAD_REVERT as a defined Kconfig to the whitelist

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
cmake: mcuboot: respect alignment size when signing for ramload mode
517fe83 
When signing for ramload mode, respect the write alignment size setting.
This is required when creating a confirmed image, as the BOOT_MAGIC
value changes based on the alignment size in use.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
cmake: mcuboot: prefer confirmed image when one is created
285fcfc 
Prefer flashing the confirmed image when one is created with
CONFIG_MCUBOOT_GENERATE_CONFIRMED_IMAGE. This way, the west runner will
flash this image over the signed image if it exists.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
soc: nxp: flexspi_xip: Update FLASH_MCUX_FLEXSPI_XIP ramload dependen…
9869e30 
…cies

CONFIG_FLASH_MCUX_FLEXSPI_XIP should also be disabled when using MCUBoot
ramload mode with revert support.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
dfu: mcuboot: update dependencies for RAMLOAD_WITH_REVERT
6129541 
Much like in RAMLOAD mode, RAMLOAD_WITH_REVERT requires that mcuboot
subsystem fetch bootloader information via the retention subsystem.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
manifest: update mcuboot revision for ramload support
75dd57a 
Update mcuboot revision to include ramload support. This commit can be
dropped once ramload support is present within Zephyr's revision of
MCUBoot.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
dfu: boot: mcuboot: fix boot_fetch_active_slot
c1c2e69 
boot_fetch_active_slot needs to map the slot number to a flash ID, as
this is what the DFU subsystem expects when interacting with the flash
partition.

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
samples: mgmt: mcumgr: add testcase for ramload with revert
becc630 
Add testcase to build mcuboot and smp_svr application using ramload
with revert mode

Signed-off-by: Daniel DeGrasse <[email protected]>
@danieldegrasse
Copy link
Collaborator Author

Seems I did not do recover between tests, reproduction is build and flash, then upload the slot1 image without changing version, upgrade is bricked as image flag does nothing, new image is not booted, application cannot erase image because it is persistently marked as test

Trying to reproduce this on my end- the RT1050 build only has bin files, so I'm doing something like the following:

  • flash normally using west flash (populates slot0 with a confirmed image, and loads MCUBoot)
  • load secondary confirmed image using JLinkExe at offset for slot1 partition (loading zephyr.slot1.signed.confirmed.bin, using loadfile build/smp_svr/zephyr/zephyr.slot1.signed.confirmed.bin 0x603c0000
  • reset board, verify image0 still boots and image1 is present
  • Rebuild with -DCONFIG_MCUBOOT_IMGTOOL_SIGN_VERSION=\"0.0.1+0\" to set new version
  • Upload image to slot 1 using mcumgr-client: mcumgr-client -d /dev/ttyACM0 upload build/smp_svr/zephyr/zephyr.signed.bin
  • Mark the image for test mcumgr-client -d /dev/ttyACM0 test 8fe10b45d6b3eae2183c36e11caf736dbe558db8494ab238458bfcd70e5c092b
  • Reset board, verify image boots once than is removed on next boot (since it doesn't confirm itself)

Are these reproduction steps right? Not sure if I'm missing something here

@danieldegrasse danieldegrasse force-pushed the feature/mcuboot-ramload-revert branch from cb05a8b to becc630 Compare April 10, 2025 23:18
@github-actions github-actions bot requested a review from mmahadevan108 April 10, 2025 23:19
@danieldegrasse danieldegrasse mentioned this pull request Apr 10, 2025
Open
@nordicjm
Copy link
Collaborator

nordicjm commented Apr 15, 2025
edited
Loading

Build and flash, use a program to upload the secondary image without changing version (not jlink, upload using MCUmgr), mark it as test/confirmed, reboot, device state is stuck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlescufi carlescufi Awaiting requested review from carlescufi

@d3zd3z d3zd3z Awaiting requested review from d3zd3z

@de-nordic de-nordic Awaiting requested review from de-nordic

@dleach02 dleach02 Awaiting requested review from dleach02

@fabiobaltieri fabiobaltieri Awaiting requested review from fabiobaltieri

@jeremybettis jeremybettis Awaiting requested review from jeremybettis

@jfischer-no jfischer-no Awaiting requested review from jfischer-no

@kartben kartben Awaiting requested review from kartben

@keith-zephyr keith-zephyr Awaiting requested review from keith-zephyr

@nashif nashif Awaiting requested review from nashif

@nordicjm nordicjm Awaiting requested review from nordicjm

@simhein simhein Awaiting requested review from simhein

@stephanosio stephanosio Awaiting requested review from stephanosio

@tejlmand tejlmand Awaiting requested review from tejlmand

@mmahadevan108 mmahadevan108 Awaiting requested review from mmahadevan108

At least 2 approving reviews are required to merge this pull request.

Assignees

@nordicjm nordicjm

Labels
area: Build System area: Coding Guidelines Coding guidelines and style area: Continuous Integration area: DFU Device Firmware Upgrade area: MCUBoot area: mcumgr area: Samples Samples area: Sysbuild DNM (manifest) This PR should not be merged (controlled by action-manifest) manifest manifest-mcuboot platform: NXP NXP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@danieldegrasse @zephyrbot @nordicjm