-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add powerfail during final sector erase #354
Merged
Merged
+164
−76
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jpbland1
force-pushed
the
wolfboot-finalize
branch
2 times, most recently
from
August 23, 2023 03:25
eeec343
to
9aed410
Compare
danielinux
previously approved these changes
Sep 7, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Off to @rizlik for double checking the logic.
investigate a way to avoid erasing the key until wolfBoot_success |
the problems of losing the encryption key when the power fails before the key can be written back, failing to select the correct NVM_FLASH_WRITEONCE sector when a sector is corrupt, and losing the testing state when the power fails before the partition state can be set. these issues are addressed in the next commit
repeatable steps so that power failure wont erase the encryption key and wont cause skipping the testing phase of boot. this is done by marking the update partition as final swap when erasing the final sector and backing up the key in boot sector 0 after swaping the real boot sector 0 to swap. then when a power failure occurs the encryption key will be available in either boot sector 0 or the normal location. the intermediate phase also prevents skipping the testing phase since the last sector, which holds the boot state, is erased and then set repeatably, since the final swap state is set on the update partition
leave the encryption key for wolfBoot_success to erase. FINAL_SWAP was also stopping the case where the partition was put into testing before the update sector status flags could be erased. now, don't erase the update sector flags. instead put the update partition in IMG_STATE_FINAL_FLAGS state before putting the boot partition in IMG_STATE_TESTING. Then only erase the update sector flags on wolfBoot_update_trigger. under this scheme, the sector flags are intact if the power failed before we could set IMG_STATE_TESTING but are wiped if we do need to swap over after after wolfBoot_success fails to be called
jpbland1
force-pushed
the
wolfboot-finalize
branch
from
October 8, 2023 23:08
9aed410
to
d1a9ccf
Compare
NVM_FLASH_WRITEONCE can powerfail after FLAGS_FINAL and TESTING partition states have been set
danielinux
changed the title
add powerfail during final sector erase, exposing
Add powerfail during final sector erase
Oct 13, 2023
danielinux
approved these changes
Oct 13, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add powerfail during final sector erase, exposing the problems of losing the encryption key when the power fails before the key can be written back, failing to select the correct NVM_FLASH_WRITEONCE sector when a sector is corrupt, and losing the testing state when the power fails before the partition state can be set. these issues are addressed in the next commit
ZD 15415