Implement swap without using scratch

.travis.yml

@@ -14,7 +14,7 @@ matrix:
     - os: linux
       env: SINGLE_FEATURES="sig-ecdsa sig-ed25519 enc-kw bootstrap" TEST=sim
     - os: linux
-      env: SINGLE_FEATURES="none sig-rsa sig-rsa3072 overwrite-only validate-primary-slot" TEST=sim
+      env: SINGLE_FEATURES="none sig-rsa sig-rsa3072 overwrite-only validate-primary-slot swap-move" TEST=sim
     - os: linux
       env: SINGLE_FEATURES="enc-rsa" TEST=sim
 
@@ -29,7 +29,7 @@ matrix:
     - os: linux
       env: MULTI_FEATURES="enc-kw overwrite-only large-write,enc-rsa overwrite-only large-write" TEST=sim
     - os: linux
-      env: MULTI_FEATURES="sig-rsa enc-rsa validate-primary-slot" TEST=sim
+      env: MULTI_FEATURES="sig-rsa enc-rsa validate-primary-slot,swap-move enc-rsa sig-rsa validate-primary-slot" TEST=sim
     - os: linux
       env: MULTI_FEATURES="sig-rsa enc-kw validate-primary-slot bootstrap" TEST=sim
     - os: linux

boot/bootutil/include/bootutil/caps.h

@@ -35,14 +35,15 @@ uint32_t bootutil_get_caps(void);
 #define BOOTUTIL_CAP_RSA2048                (1<<0)
 #define BOOTUTIL_CAP_ECDSA_P224             (1<<1)
 #define BOOTUTIL_CAP_ECDSA_P256             (1<<2)
-#define BOOTUTIL_CAP_SWAP_UPGRADE           (1<<3)
+#define BOOTUTIL_CAP_SWAP_USING_SCRATCH     (1<<3)
 #define BOOTUTIL_CAP_OVERWRITE_UPGRADE      (1<<4)
 #define BOOTUTIL_CAP_ENC_RSA                (1<<5)
 #define BOOTUTIL_CAP_ENC_KW                 (1<<6)
 #define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT  (1<<7)
 #define BOOTUTIL_CAP_RSA3072                (1<<8)
 #define BOOTUTIL_CAP_ED25519                (1<<9)
 #define BOOTUTIL_CAP_ENC_EC256              (1<<10)
+#define BOOTUTIL_CAP_SWAP_USING_MOVE        (1<<11)
 
 /*
  * Query the number of images this bootloader is configured for.  This

boot/bootutil/src/bootutil_misc.c

@@ -164,9 +164,12 @@ boot_trailer_sz(uint32_t min_write_sz)
 int
 boot_status_entries(int image_index, const struct flash_area *fap)
 {
+#if MCUBOOT_SWAP_USING_SCRATCH
     if (fap->fa_id == FLASH_AREA_IMAGE_SCRATCH) {
         return BOOT_STATUS_STATE_COUNT;
-    } else if (fap->fa_id == FLASH_AREA_IMAGE_PRIMARY(image_index) ||
+    } else
+#endif
+    if (fap->fa_id == FLASH_AREA_IMAGE_PRIMARY(image_index) ||
                fap->fa_id == FLASH_AREA_IMAGE_SECONDARY(image_index)) {
         return BOOT_STATUS_STATE_COUNT * BOOT_STATUS_MAX_ENTRIES;
     }
@@ -321,7 +324,9 @@ boot_find_status(int image_index, const struct flash_area **fap)
     uint32_t magic[BOOT_MAGIC_ARR_SZ];
     uint32_t off;
     uint8_t areas[2] = {
+#if MCUBOOT_SWAP_USING_SCRATCH
         FLASH_AREA_IMAGE_SCRATCH,
+#endif
         FLASH_AREA_IMAGE_PRIMARY(image_index),
     };
     unsigned int i;
@@ -376,7 +381,6 @@ boot_read_swap_size(int image_index, uint32_t *swap_size)
     return rc;
 }
 
-
 #ifdef MCUBOOT_ENC_IMAGES
 int
 boot_read_enc_key(int image_index, uint8_t slot, uint8_t *enckey)

boot/bootutil/src/bootutil_priv.h

@@ -62,12 +62,24 @@ struct flash_area;
 /** Number of image slots in flash; currently limited to two. */
 #define BOOT_NUM_SLOTS                  2
 
+#if defined(MCUBOOT_OVERWRITE_ONLY) && defined(MCUBOOT_SWAP_USING_MOVE)
+#error "Please enable only one of MCUBOOT_OVERWRITE_ONLY or MCUBOOT_SWAP_USING_MOVE"
+#endif
+
+#if !defined(MCUBOOT_OVERWRITE_ONLY) && !defined(MCUBOOT_SWAP_USING_MOVE)
+#define MCUBOOT_SWAP_USING_SCRATCH 1
+#endif
+
+#define BOOT_STATUS_OP_MOVE     1
+#define BOOT_STATUS_OP_SWAP     2
+
 /*
  * Maintain state of copy progress.
  */
 struct boot_status {
     uint32_t idx;         /* Which area we're operating on */
     uint8_t state;        /* Which part of the swapping process are we at */
+    uint8_t op;           /* What operation are we performing? */
     uint8_t use_scratch;  /* Are status bytes ever written to scratch? */
     uint8_t swap_type;    /* The type of swap in effect */
     uint32_t swap_size;   /* Total size of swapped image */
@@ -174,8 +186,15 @@ _Static_assert(BOOT_IMAGE_NUMBER > 0, "Invalid value for BOOT_IMAGE_NUMBER");
 #error "Too few sectors, please increase BOOT_MAX_IMG_SECTORS to at least 32"
 #endif
 
-/** Maximum number of image sectors supported by the bootloader. */
+#if MCUBOOT_SWAP_USING_MOVE
+#define BOOT_STATUS_MOVE_STATE_COUNT    1
+#define BOOT_STATUS_SWAP_STATE_COUNT    2
+#define BOOT_STATUS_STATE_COUNT         (BOOT_STATUS_MOVE_STATE_COUNT + BOOT_STATUS_SWAP_STATE_COUNT)
+#else
 #define BOOT_STATUS_STATE_COUNT         3
+#endif
+
+/** Maximum number of image sectors supported by the bootloader. */
 #define BOOT_STATUS_MAX_ENTRIES         BOOT_MAX_IMG_SECTORS
 
 #define BOOT_PRIMARY_SLOT               0
@@ -207,11 +226,13 @@ struct boot_loader_state {
         size_t num_sectors;
     } imgs[BOOT_IMAGE_NUMBER][BOOT_NUM_SLOTS];
 
+#if MCUBOOT_SWAP_USING_SCRATCH
     struct {
         const struct flash_area *area;
         boot_sector_t *sectors;
         size_t num_sectors;
     } scratch;
+#endif
 
     uint8_t swap_type[BOOT_IMAGE_NUMBER];
     uint32_t write_sz;
@@ -238,14 +259,23 @@ int boot_read_swap_state(const struct flash_area *fap,
 int boot_read_swap_state_by_id(int flash_area_id,
                                struct boot_swap_state *state);
 int boot_write_magic(const struct flash_area *fap);
-int boot_write_status(struct boot_loader_state *state, struct boot_status *bs);
-int boot_schedule_test_swap(void);
+int boot_write_status(const struct boot_loader_state *state, struct boot_status *bs);
 int boot_write_copy_done(const struct flash_area *fap);
 int boot_write_image_ok(const struct flash_area *fap);
 int boot_write_swap_info(const struct flash_area *fap, uint8_t swap_type,
                          uint8_t image_num);
 int boot_write_swap_size(const struct flash_area *fap, uint32_t swap_size);
 int boot_read_swap_size(int image_index, uint32_t *swap_size);
+int boot_slots_compatible(struct boot_loader_state *state);
+uint32_t boot_status_internal_off(const struct boot_status *bs, int elem_sz);
+int boot_read_image_header(struct boot_loader_state *state, int slot,
+                           struct image_header *out_hdr, struct boot_status *bs);
+int boot_copy_region(struct boot_loader_state *state,
+                     const struct flash_area *fap_src,
+                     const struct flash_area *fap_dst,
+                     uint32_t off_src, uint32_t off_dst, uint32_t sz);
+int boot_erase_region(const struct flash_area *fap, uint32_t off, uint32_t sz);
+
 #ifdef MCUBOOT_ENC_IMAGES
 int boot_write_enc_key(const struct flash_area *fap, uint8_t slot,
                        const uint8_t *enckey);
@@ -304,7 +334,6 @@ static inline bool boot_u16_safe_add(uint16_t *dest, uint16_t a, uint16_t b)
 #endif
 #define BOOT_IMG(state, slot) ((state)->imgs[BOOT_CURR_IMG(state)][(slot)])
 #define BOOT_IMG_AREA(state, slot) (BOOT_IMG(state, slot).area)
-#define BOOT_SCRATCH_AREA(state) ((state)->scratch.area)
 #define BOOT_WRITE_SZ(state) ((state)->write_sz)
 #define BOOT_SWAP_TYPE(state) ((state)->swap_type[BOOT_CURR_IMG(state)])
 #define BOOT_TLV_OFF(hdr) ((hdr)->ih_hdr_size + (hdr)->ih_img_size)
@@ -326,12 +355,6 @@ boot_img_num_sectors(const struct boot_loader_state *state, size_t slot)
     return BOOT_IMG(state, slot).num_sectors;
 }
 
-static inline size_t
-boot_scratch_num_sectors(struct boot_loader_state *state)
-{
-    return state->scratch.num_sectors;
-}
-
 /*
  * Offset of the slot from the beginning of the flash device.
  */
@@ -341,11 +364,6 @@ boot_img_slot_off(struct boot_loader_state *state, size_t slot)
     return BOOT_IMG(state, slot).area->fa_off;
 }
 
-static inline size_t boot_scratch_area_size(struct boot_loader_state *state)
-{
-    return BOOT_SCRATCH_AREA(state)->fa_size;
-}
-
 #ifndef MCUBOOT_USE_FLASH_AREA_GET_SECTORS
 
 static inline size_t

boot/bootutil/src/caps.c

@@ -40,8 +40,10 @@ uint32_t bootutil_get_caps(void)
 #endif
 #if defined(MCUBOOT_OVERWRITE_ONLY)
     res |= BOOTUTIL_CAP_OVERWRITE_UPGRADE;
+#elif defined(MCUBOOT_SWAP_USING_MOVE)
+    res |= BOOTUTIL_CAP_SWAP_USING_MOVE;
 #else
-    res |= BOOTUTIL_CAP_SWAP_UPGRADE;
+    res |= BOOTUTIL_CAP_SWAP_USING_SCRATCH;
 #endif
 #if defined(MCUBOOT_ENCRYPT_RSA)
     res |= BOOTUTIL_CAP_ENC_RSA;