From 37d92fdd3d30f03c58c80fc7a3a29ce34ed7ccf7 Mon Sep 17 00:00:00 2001 From: Daniele Lacamera Date: Thu, 22 Feb 2024 09:36:21 +0100 Subject: [PATCH] DISABLE_BACKUP is now powerfail-safe. By not checking/updating sector flags during copies from UPDATE to BOOT partitions, a copy operation getting interrupted by power failure will be less likely to cause problems to the integrity of the BOOT image. This is because in case of interruptions, the copy operation will be restarted from the first sector. --- src/update_flash.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/src/update_flash.c b/src/update_flash.c index 85a224ed..8428afae 100644 --- a/src/update_flash.c +++ b/src/update_flash.c @@ -553,23 +553,14 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) #endif hal_flash_lock(); #else /* DISABLE_BACKUP */ -#warning "Backup mechanism disabled! Update installation will not be interruptible" - /* Read encryption key/IV before starting the update */ #ifdef EXT_ENCRYPTED wolfBoot_get_encrypt_key(key, nonce); #endif /* Directly copy the content of the UPDATE partition into the BOOT partition. - * This mechanism is not fail-safe, and will brick your device if interrupted - * before the copy is finished. */ while ((sector * sector_size) < total_size) { - if ((wolfBoot_get_update_sector_flag(sector, &flag) != 0) || (flag == SECT_FLAG_NEW)) { - flag = SECT_FLAG_SWAPPING; - wolfBoot_copy_sector(&update, &boot, sector); - if (((sector + 1) * sector_size) < WOLFBOOT_PARTITION_SIZE) - wolfBoot_set_update_sector_flag(sector, flag); - } + wolfBoot_copy_sector(&update, &boot, sector); sector++; } while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) { @@ -578,7 +569,6 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) } st = IMG_STATE_SUCCESS; wolfBoot_set_partition_state(PART_BOOT, st); - #ifdef EXT_FLASH ext_flash_lock(); #endif