diff --git a/include/printf.h b/include/printf.h index c43c8bbb..2b4337bf 100644 --- a/include/printf.h +++ b/include/printf.h @@ -40,13 +40,14 @@ #endif void uart_write(const char* buf, unsigned int sz); - /* turn on small printf support */ + /* turn on small printf support in string.c */ #if !defined(PRINTF_ENABLED) && !defined(NO_PRINTF_UART) #define PRINTF_ENABLED #endif #endif -#ifdef PRINTF_ENABLED +/* support for wolfBoot_printf logging */ +#if defined(PRINTF_ENABLED) && !defined(WOLFBOOT_NO_PRINTF) # include # if defined(DEBUG_ZYNQ) && !defined(USE_QNX) # include "xil_printf.h" @@ -62,8 +63,12 @@ # define wolfBoot_printf(_f_, ...) uart_printf(_f_, ##__VA_ARGS__) # elif defined(__CCRX__) # define wolfBoot_printf printf -# else +# elif defined(WOLFBOOT_LOG_PRINTF) + /* allow output to stdout */ # define wolfBoot_printf(_f_, ...) printf(_f_, ##__VA_ARGS__) +# else + /* use stderr by default */ +# define wolfBoot_printf(_f_, ...) fprintf(stderr, _f_, ##__VA_ARGS__) # endif #else # define wolfBoot_printf(_f_, ...) do{}while(0) diff --git a/src/image.c b/src/image.c index 6cab3cf6..f5b755b8 100644 --- a/src/image.c +++ b/src/image.c @@ -861,11 +861,12 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image) return -1; } img->fw_size = wolfBoot_image_size(image); - wolfBoot_printf("Image size %d\r\n", (unsigned int)img->fw_size); + #ifdef WOLFBOOT_FIXED_PARTITIONS if (img->fw_size > (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)) { wolfBoot_printf("Image size %d > max %d\n", - (unsigned int)img->fw_size, (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)); + (unsigned int)img->fw_size, + (WOLFBOOT_PARTITION_SIZE - IMAGE_HEADER_SIZE)); img->fw_size = 0; return -1; } @@ -881,6 +882,12 @@ int wolfBoot_open_image_address(struct wolfBoot_image *img, uint8_t *image) img->hdr_ok = 1; img->fw_base = img->hdr + IMAGE_HEADER_SIZE; + wolfBoot_printf("%s partition: %p (size %d, version 0x%x)\n", + (img->part == PART_BOOT) ? "Boot" : "Update", + img->hdr, + (unsigned int)img->fw_size, + wolfBoot_get_blob_version(image)); + return 0; } @@ -962,11 +969,9 @@ int wolfBoot_open_image(struct wolfBoot_image *img, uint8_t part) #endif if (part == PART_BOOT) { img->hdr = (void*)WOLFBOOT_PARTITION_BOOT_ADDRESS; - wolfBoot_printf("Boot partition: %p\n", img->hdr); } else if (part == PART_UPDATE) { img->hdr = (void*)WOLFBOOT_PARTITION_UPDATE_ADDRESS; - wolfBoot_printf("Update partition: %p\n", img->hdr); } else { return -1; diff --git a/src/libwolfboot.c b/src/libwolfboot.c index 33c0494f..541f4cde 100644 --- a/src/libwolfboot.c +++ b/src/libwolfboot.c @@ -1018,6 +1018,8 @@ uint32_t wolfBoot_get_blob_version(uint8_t *blob) uint32_t *volatile version_field = NULL; uint32_t *magic = NULL; uint8_t *img_bin = blob; + if (blob == NULL) + return 0; #if defined(EXT_ENCRYPTED) && defined(MMU) if (!encrypt_initialized) if (crypto_init() < 0) @@ -1870,15 +1872,16 @@ int wolfBoot_ram_decrypt(uint8_t *src, uint8_t *dst) uint32_t dst_offset = 0, iv_counter = 0; uint32_t magic, len; - if (!encrypt_initialized) { if (crypto_init() < 0) { + wolfBoot_printf("Error initializing crypto!\n"); return -1; } } /* Attempt to decrypt firmware header */ if (decrypt_header(src) != 0) { + wolfBoot_printf("Error decrypting header at %p!\n", src); return -1; } len = *((uint32_t*)(dec_hdr + sizeof(uint32_t))); diff --git a/src/update_flash.c b/src/update_flash.c index a5c6131c..cc0d4dc1 100644 --- a/src/update_flash.c +++ b/src/update_flash.c @@ -138,6 +138,9 @@ static int RAMFUNCTION wolfBoot_copy_sector(struct wolfBoot_image *src, if (src == dst) return 0; + wolfBoot_printf("Copy sector %d (part %d->%d)\n", + sector, src->part, dst->part); + if (src->part == PART_SWAP) src_sector_offset = 0; if (dst->part == PART_SWAP) @@ -219,11 +222,9 @@ static int wolfBoot_swap_and_final_erase(int resume) WOLFBOOT_SECTOR_SIZE; uint32_t tmpBuffer[TRAILER_OFFSET_WORDS + 1]; - /* open boot */ + /* open partitions (ignore failure) */ wolfBoot_open_image(boot, PART_BOOT); - /* open update */ wolfBoot_open_image(update, PART_UPDATE); - /* open swap */ wolfBoot_open_image(swap, PART_SWAP); wolfBoot_get_partition_state(PART_UPDATE, &st); @@ -499,6 +500,9 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) uint32_t cur_v; uint32_t up_v; #endif + uint32_t cur_ver, upd_ver; + + wolfBoot_printf("Staring Update (fallback allowed %d)\n", fallback_allowed); /* No Safety check on open: we might be in the middle of a broken update */ @@ -508,9 +512,10 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) /* get total size */ total_size = wolfBoot_get_total_size(&boot, &update); - - if (total_size <= IMAGE_HEADER_SIZE) + if (total_size <= IMAGE_HEADER_SIZE) { + wolfBoot_printf("Image total size %u too large!\n", total_size); return -1; + } /* In case this is a new update, do the required * checks on the firmware update * before starting the swap @@ -522,27 +527,39 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) /* Check the first sector to detect interrupted update */ if (flag == SECT_FLAG_NEW) { if (((update_type & 0x000F) != HDR_IMG_TYPE_APP) || - ((update_type & 0xFF00) != HDR_IMG_TYPE_AUTH)) + ((update_type & 0xFF00) != HDR_IMG_TYPE_AUTH)) { + wolfBoot_printf("Invalid update type %d\n", update_type); return -1; - if (update.fw_size > MAX_UPDATE_SIZE - 1) + } + if (update.fw_size > MAX_UPDATE_SIZE - 1) { + wolfBoot_printf("Invalid update size %u\n", update.fw_size); return -1; + } if (!update.hdr_ok || (wolfBoot_verify_integrity(&update) < 0) || (wolfBoot_verify_authenticity(&update) < 0)) { + wolfBoot_printf("Update integrity/verification failed!\n"); return -1; } PART_SANITY_CHECK(&update); + + cur_ver = wolfBoot_current_firmware_version(); + upd_ver = wolfBoot_update_firmware_version(); + + wolfBoot_printf("Versions: Current 0x%x, Update 0x%x\n", + cur_ver, upd_ver); + #ifndef ALLOW_DOWNGRADE if ( ((fallback_allowed==1) && (~(uint32_t)fallback_allowed == 0xFFFFFFFE)) || - (wolfBoot_current_firmware_version() < - wolfBoot_update_firmware_version()) ) { + (cur_ver < upd_ver) ) { VERIFY_VERSION_ALLOWED(fallback_allowed); - } else + } else { + wolfBoot_printf("Update version not allowed\n"); return -1; + } #endif } - #ifdef DELTA_UPDATES if ((update_type & 0x00F0) == HDR_IMG_TYPE_DIFF) { cur_v = wolfBoot_current_firmware_version(); @@ -576,12 +593,14 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) } #endif - hal_flash_unlock(); -#ifdef EXT_FLASH - ext_flash_unlock(); -#endif - #ifndef DISABLE_BACKUP + /* Interruptible swap */ + + hal_flash_unlock(); + #ifdef EXT_FLASH + ext_flash_unlock(); + #endif + /* Interruptible swap * The status is saved in the sector flags of the update partition. * If something goes wrong, the operation will be resumed upon reboot. @@ -620,6 +639,7 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) break; } sector++; + /* headers that can be in different positions depending on when the * power fails are now in a known state, re-read and swap fw_size * because the locations are correct but the metadata is now swapped @@ -640,9 +660,9 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) /* erase to the last sector, writeonce has 2 sectors */ while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE - sector_size -#ifdef NVM_FLASH_WRITEONCE + #ifdef NVM_FLASH_WRITEONCE * 2 -#endif + #endif ) { wb_flash_erase(&boot, sector * sector_size, sector_size); wb_flash_erase(&update, sector * sector_size, sector_size); @@ -652,37 +672,45 @@ static int RAMFUNCTION wolfBoot_update(int fallback_allowed) * wolfBoot_start*/ wolfBoot_swap_and_final_erase(0); /* encryption key was not erased, will be erased by success */ -#ifdef EXT_FLASH + #ifdef EXT_FLASH ext_flash_lock(); -#endif + #endif hal_flash_lock(); -#else /* DISABLE_BACKUP */ -#ifdef EXT_ENCRYPTED - wolfBoot_get_encrypt_key(key, nonce); -#endif - /* Directly copy the content of the UPDATE partition into the BOOT partition. - */ +#else /* DISABLE_BACKUP */ + /* Direct Swap without power fail saftey */ + + hal_flash_unlock(); + #ifdef EXT_FLASH + ext_flash_unlock(); + #endif + + #ifdef EXT_ENCRYPTED + wolfBoot_get_encrypt_key(key, nonce); + #endif + + /* Directly copy the content of the UPDATE partition into the BOOT + * partition. */ while ((sector * sector_size) < total_size) { wolfBoot_copy_sector(&update, &boot, sector); sector++; } - while((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) { + while ((sector * sector_size) < WOLFBOOT_PARTITION_SIZE) { wb_flash_erase(&boot, sector * sector_size, sector_size); sector++; } st = IMG_STATE_SUCCESS; wolfBoot_set_partition_state(PART_BOOT, st); -#ifdef EXT_FLASH + + #ifdef EXT_FLASH ext_flash_lock(); -#endif + #endif hal_flash_lock(); -/* Save the encryption key after swapping */ -#ifdef EXT_ENCRYPTED + /* Save the encryption key after swapping */ + #ifdef EXT_ENCRYPTED wolfBoot_set_encrypt_key(key, nonce); -#endif - + #endif #endif /* DISABLE_BACKUP */ return 0; } @@ -840,7 +868,12 @@ void RAMFUNCTION wolfBoot_start(void) wolfBoot_update(0); } } - if ((wolfBoot_open_image(&boot, PART_BOOT) < 0) + + bootRet = wolfBoot_open_image(&boot, PART_BOOT); + wolfBoot_printf("Booting version: 0x%x\n", + wolfBoot_get_blob_version(boot.hdr)); + + if (bootRet < 0 || (wolfBoot_verify_integrity(&boot) < 0) || (wolfBoot_verify_authenticity(&boot) < 0) ) {