loader: Add firmware info version check to downgrade prevention #277
Conversation
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
9d784ba
to
9be2651
Compare
|
Not finalized I'm pulling things out into a single function something like boot_cmp_net to hide behind a #define flag . I understand that this is not the best solution but it's what I've come up with as a stop gap to get something in before RC1. See https://github.com/nrfconnect/sdk-nrf/pull/12409/files For the function refactoring into boot_hooks_nrf53. |
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
9be2651
to
130d3ea
Compare
|
@nordicjm So I've fetched out the idea a bit more, but I'm not 100% happy with the end result. ideally, I would have boot_cmp as a hook with a Regular and unique case. The problem is that boot_cmp does not take in any state or slot, so you don't know which slot you are doing the comparison against. Anyways please review the idea if possible, some one is waiting for this to go in for RC1 |
|
To answer both @de-nordic and @nordicjm, the idea here is to do something like this:
|
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
130d3ea
to
0dec522
Compare
|
@de-nordic @nordicjm So I've reworked it a bit but I'm uncertain if I should push even more of the logic over into the nrf53_hook file. |
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
0dec522
to
a457f92
Compare
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
a457f92
to
528ce37
Compare
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
528ce37
to
e443fcd
Compare
|
So currently the placement of the function is a bit weird and I think I should change the naming back to boot_ instead of pcd. Tried to move all of it into PCD but it had some dependencies to MCUBoot so it was easier just to leave it in |
| #include <dfu/pcd.h> | ||
| int pcd_version_cmp_net(const struct flash_area *fap, struct image_header *hdr); |
There was a problem hiding this comment.
Question: wouldn't it be more useful if the function would rather extract version out of PCD and comparison would happen on the MCUboot side?
There was a problem hiding this comment.
Doesn't use the same versioning scheme. Netcore uses FW_INFO which is just a single value while MCUBoot does the major.minor.rev semantic versioning.
The end goal is to consolidate them but for now, this is what we can provide.
The command is running on the MCUBoot side but it fetches the current version number through PCD from the network core and does the comparison on Application(MCUBoot side).
|
So do you belive we can get this in for 2.5.0 @nordicjm @de-nordic ? |
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
e443fcd
to
776b647
Compare
Yes, but post rc1. We have to actually, as this is bugfix. |
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
2 times, most recently
from
73e3822
to
49ceaa7
Compare
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
2 times, most recently
from
c1be6e1
to
d8bf41e
Compare
For nRF53, the only existing version number metadata is stored in the `firmware_info` structure in the network core. This utilizes PCD to read out the version number and compares it against the version number found in the secondary slot for the network core. Ref. NCSDK-21379 Signed-off-by: Sigvart Hovland <sigvart.hovland@nordicsemi.no>
sigvartmh
force-pushed
the
feature/netcore-prevention
branch
from
d8bf41e
to
eed3580
Compare
For nRF53, the only existing version number metadata is stored in the
firmware_infostructure in the network core. This utilizes PCD to read out the version number and compares it against the version number found in the secondary slot for the network core.Ref. NCSDK-21379