-
Notifications
You must be signed in to change notification settings - Fork 980
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TBYB safe rom_pick_ab_partition function #1850
Add TBYB safe rom_pick_ab_partition function #1850
Conversation
@@ -7,6 +7,9 @@ | |||
#include "pico/bootrom.h" | |||
#include "boot/picoboot.h" | |||
#include "boot/picobin.h" | |||
#if !PICO_RP2040 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
strictly more idiomatic to use #if HAS_RP2040_RTC
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is the RCP not the RTC - given the functions in this file are also guarded by !PICO_RP2040
I think this if fine to use here too?
@@ -0,0 +1,211 @@ | |||
#include "boot/picobin.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm really not a fan of exposing this header of structs. It implies that this is a public API, which it isn't
Can we try with just using memory offsets, and then we need to guard with the rom_version also.
/*! \brief Pick A/B partition for a separate partition | ||
* \ingroup pico_bootrom | ||
* | ||
* This will perform extra checks to prevent disrupting a main image TBYB, and return errors |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Might want to reword this slightly? "This will ... return errors" 😉
c3de287
to
9260cf7
Compare
Superseded by #1969 - that adds this function plus a use of it |
This PR adds an extra wrapper around
rom_pick_ab_partition
, which makes it safer when called during a TBYB boot, and includes a call to get the flash_update_baseCurrently, when doing a flash update boot which requires a flash erase, if you call
pick_ab_partition
before callingexplicit_buy
(eg to pick a firmware partition or similar) then it will clearalways->zero_init.version_downgrade_erase_flash_addr
. This means the subsequentexplicit_buy
call will not perform the required flash erase, which means the flash update boot will not succeed.This adds saving and restoring the
erase_flash_addr
to prevent this happening, while still allowing theerase_flash_addr
to be set if the firmware partition is being updated and requires a flash eraseThis also adds setting up
always->zero_init.tbyb_flag_flash_addr
to allow for TBYB executables in the firmware partition to have the address set up correctlyThe function returns an error if too many things are updating at once - either if both the boot and firmware images are TBYB, or if the boot and firmware images both require a flash erase
It also returns an error if the chosen image was not verified, which acts as a signature check on the firmware image