Invalidate specific OTA slot. (IDFGH-13982)

[ddomnik]

Is your feature request related to a problem?

Let's assume we have two valid OTA partitions (ota0 and ota1) and both ota_state's are set to ESP_OTA_IMG_VALID.
Now ota1 partition gets erased and we perform this incomplete update sequence:

• esp_ota_begin (does not update otadata)
• esp_partition_write (does not update otadata)
• esp_ota_end (does not update otadata)
• esp_image_verify (does not update otadata)
• esp_ota_set_boot_partition is not called. Because of a reset or a failed custom "header" check after esp_image_verify.

This would assume we have a valid image in ota1, even tho the update sequence has not been completed.

The same issue would appear if a factory partition is used to reflash ota0 that previously was marked as valid.

Describe the solution you'd like.

esp_ota_begin() should mark the to be flashed partition as ESP_OTA_IMG_INVALID.
To be more flexible and also to be able to mark specific partitions as invalid a generic function like these would be better:

esp_ota_mark_app_invalid(const esp_partition_t *partition);

esp_ota_set_state(const esp_partition_t *partition, esp_ota_img_states_t ota_state);

Describe alternatives you've considered.

1. Rewriting the ota_data partition manually, but this seems to be hacky.
2. Erase the partition content, but then the ota_state flag is still valid and the bootloader tries to load it.

Additional context.

The logic of the OTA data is quite complex to me and I am not even sure if ota_data actually behaves like this. As I think not every ota partition has a dedicated slot where the ota_state is stored? If so I may makes sense to make a function available like esp_ota_mark_app_invalid_rollback_and_reboot without the rollback and reboot part.