sys: provide over-the-air update mechanism

Makefile.dep

@@ -753,6 +753,27 @@ ifneq (,$(filter uuid,$(USEMODULE)))
   USEMODULE += random
 endif
 
+ifneq (,$(RIOTBOOT_SLOT0_SIZE))
+  FEATURES_PROVIDED += riotboot
+endif
+
+ifneq (,$(filter ota_%,$(USEMODULE)))
+  USEMODULE += ota
+endif
+
+ifneq (,$(filter ota_coap,$(USEMODULE)))
+  USEMODULE += firmware
+  USEMODULE += nanocoap
+endif
+
+ifneq (,$(filter firmware,$(USEMODULE)))
+  USEMODULE += checksum
+  USEMODULE += hashes
+  USEPKG += tweetnacl
+  FEATURES_REQUIRED += riotboot
+  FEATURES_REQUIRED += periph_flashpage
+endif
+
 # always select gpio (until explicit dependencies are sorted out)
 FEATURES_OPTIONAL += periph_gpio
 

Makefile.include

@@ -628,6 +628,9 @@ CFLAGS += -include '$(RIOTBUILD_CONFIG_HEADER_C)'
 # include mcuboot support
 include $(RIOTMAKE)/mcuboot.mk
 
+# include riotboot support
+include $(RIOTMAKE)/riotboot.mk
+
 # include Murdock helpers
 include $(RIOTMAKE)/murdock.inc.mk
 

boards/samr21-xpro/Makefile.include

@@ -5,4 +5,9 @@ export CPU_MODEL = samr21g18a
 # set edbg device type
 EDBG_DEVICE_TYPE = atmel_cm0p
 
+# configure riotboot slots
+export RIOTBOOT_SLOT0_SIZE ?= 0x1000
+export RIOTBOOT_SLOT1_SIZE ?= 0x1f800
+export RIOTBOOT_SLOT2_SIZE ?= 0x1f800
+
 include $(RIOTMAKE)/boards/sam0.inc.mk

cpu/cortexm_common/include/cpu.h

@@ -126,6 +126,44 @@ static inline void cortexm_isr_end(void)
     }
 }
 
+/**
+ * @brief   Jumps to another image in flash
+ *
+ * This function is supposed to be called by a bootloader application.
+ *
+ * @param[in]   image_address   address in flash of other image
+ */
+static inline void cpu_jump_to_image(uint32_t image_address)
+{
+    /* Disable IRQ */
+    __disable_irq();
+
+    /* set MSP */
+    __set_MSP(*(uint32_t*)image_address);
+
+    /* skip stack pointer */
+    image_address += 4;
+
+    /* load the images reset_vector address */
+    uint32_t destination_address = *(uint32_t*)image_address;
+
+    /* Make sure the Thumb State bit is set. */
+    destination_address |= 0x1;
+
+    /* Branch execution */
+    __asm("BX %0" :: "r" (destination_address));
+}
+
+/* The following register is only present for Cortex-M0+, -M3, -M4 and -M7 CPUs */
+#if defined(CPU_ARCH_CORTEX_M0PLUS) || defined(CPU_ARCH_CORTEX_M3) || \
+    defined(CPU_ARCH_CORTEX_M4) || defined(CPU_ARCH_CORTEX_M4F) || \
+    defined(CPU_ARCH_CORTEX_M7)
+static inline unsigned cpu_get_image_baseaddr(void)
+{
+    return (unsigned)SCB->VTOR;
+}
+#endif
+
 #ifdef __cplusplus
 }
 #endif

cpu/cortexm_common/ldscripts/cortexm.ld

@@ -1,5 +1,7 @@
 /*
  * Copyright (C) 2017 Inria
+ *               2018 Kaspar Schleiser <[email protected]>
+ *
  *
  * This file is subject to the terms and conditions of the GNU Lesser
  * General Public License v2.1. See the file LICENSE in the top level
@@ -14,16 +16,17 @@
  * @brief           Memory definitions for the Cortex-M family
  *
  * @author          Francisco Acosta <[email protected]>
+ * @author          Kaspar Schleiser <[email protected]>
  *
  * @}
  */
 
-_boot_offset = DEFINED( _rom_offset ) ? _rom_offset : 0x0 ;
+_rom_offset = DEFINED( _rom_offset ) ? _rom_offset : 0x0 ;
 
 MEMORY
 {
-    rom (rx)    : ORIGIN = _rom_start_addr + _boot_offset, LENGTH = _rom_length - _boot_offset
-    ram (w!rx)  : ORIGIN = _ram_start_addr,                LENGTH = _ram_length
+    rom (rx)    : ORIGIN = _rom_start_addr + _rom_offset, LENGTH = _rom_length
+    ram (w!rx)  : ORIGIN = _ram_start_addr,               LENGTH = _ram_length
 }
 
 INCLUDE cortexm_base.ld

dist/riotboot/Makefile

@@ -0,0 +1,12 @@
+APPLICATION = riotboot
+
+BOARD ?= samr21-xpro
+
+USEMODULE += firmware
+
+CFLAGS += -DNDEBUG -DLOG_LEVEL=LOG_NONE
+DISABLE_MODULE += auto_init
+
+RIOTBASE ?= $(CURDIR)/../..
+
+include $(RIOTBASE)/Makefile.include

dist/riotboot/README.md

@@ -0,0 +1,6 @@
+# Overview
+
+This folder contains a simple bootloader that allows ping-pong style
+over-the-air updates.
+
+Please see examples/ota as example.

dist/riotboot/main.c

@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2017 Kaspar Schleiser <[email protected]>
+ *                    Inria
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @ingroup     bootloader
+ * @{
+ *
+ * @file
+ * @brief       RIOT Bootloader
+ *
+ * @author      Kaspar Schleiser <[email protected]>
+ * @author      Francisco Acosta <[email protected]>
+ *
+ * @}
+ */
+
+#include "firmware.h"
+#include "cpu.h"
+#include "panic.h"
+
+void kernel_init(void)
+{
+    uint32_t version = 0;
+    uint32_t slot = 0;
+
+    /* skip slot 0 (which points to the bootloader) */
+    for (unsigned i = 1; i < firmware_num_slots; i++) {
+        firmware_metadata_t *slot_metadata = firmware_get_metadata(i);
+        if (firmware_validate_metadata_checksum(slot_metadata)) {
+            /* skip slot if metadata broken */
+            continue;
+        }
+        if (slot_metadata->start_addr != firmware_get_image_startaddr(i)) {
+            continue;
+        }
+        if (!slot || slot_metadata->version > version) {
+            version = slot_metadata->version;
+            slot = i;
+        }
+    }
+
+    if (slot) {
+        firmware_jump_to_slot(slot);
+    }
+
+    /* serious trouble! */
+    while (1) {}
+}
+
+NORETURN void core_panic(core_panic_t crash_code, const char *message)
+{
+    (void)crash_code;
+    (void)message;
+    while (1) {}
+}

dist/tools/firmware/Makefile

@@ -0,0 +1,46 @@
+PKG_NAME = tweetnacl
+PKG_URL = https://github.com/RIOT-OS/tweetnacl
+PKG_VERSION = 7ea05c7098a16c87fa66e9166ce301666f3f2623
+PKG_LICENSE = PD
+PKG_BUILDDIR = bin/tweetnacl_src
+GITCACHE = ../git/git-cache
+
+RIOTBASE       := ../../..
+RIOT_INCLUDE   := $(RIOTBASE)/sys/include
+SHA256_DIR     := $(RIOTBASE)/sys/hashes
+SHA256_INCLUDE := $(RIOT_INCLUDE)/hashes
+TWEETNACL_DIR  := $(PKG_BUILDDIR)
+TWEETNACL_SRC  := $(TWEETNACL_DIR)/tweetnacl.c randombytes.c
+TWEETNACL_HDR  := $(TWEETNACL_DIR)/tweetnacl.h
+COMMON_SRC     := common.c
+COMMON_HDR     := common.h
+
+RIOT_FIRMWARE_SRC := \
+	$(SHA256_DIR)/sha256.c \
+	$(RIOTBASE)/sys/checksum/fletcher32.c \
+	$(RIOTBASE)/sys/firmware/firmware.c \
+	$(RIOTBASE)/sys/firmware/firmware_simple.c
+
+RIOT_FIRMWARE_HDR := $(RIOT_INCLUDE)/firmware.h \
+	$(RIOT_INCLUDE)/hashes/sha256.h \
+	$(RIOT_INCLUDE)/checksum/fletcher32.h
+
+FIRMWARE_SRC := $(COMMON_SRC) $(TWEETNACL_SRC) $(RIOT_FIRMWARE_SRC) \
+	main.c verify.c genkeys.c sign.c
+
+FIRMWARE_HDR := $(COMMON_HDR) $(RIOT_FIRMWARE_HDR)
+
+CFLAGS += -g -I. -O3 -Wall -Wextra -pedantic -std=c99
+
+all: bin/firmware
+
+bin/:
+	mkdir -p bin
+
+bin/firmware: git-download $(FIRMWARE_HDR) $(FIRMWARE_SRC) Makefile | bin/
+	$(CC) $(CFLAGS) -I$(RIOT_INCLUDE) -I$(TWEETNACL_DIR) $(FIRMWARE_SRC) -o $@
+
+clean::
+	rm -rf bin/firmware
+
+include $(RIOTBASE)/pkg/pkg.mk

dist/tools/firmware/common.c

@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2017 Kaspar Schleiser <[email protected]>
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License v2. See the file LICENSE for more details.
+ */
+
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "hashes/sha256.h"
+
+off_t fsize(const char *filename)
+{
+    struct stat st;
+
+    if (stat(filename, &st) == 0) {
+        return st.st_size;
+    }
+
+    return -1;
+}
+
+int to_file(const char *filename, void *buf, size_t len)
+{
+    int fd;
+
+    if (strcmp("-", filename)) {
+        fd = open(filename, O_CREAT | O_WRONLY, S_IRUSR | S_IWUSR);
+    }
+    else {
+        fd = STDOUT_FILENO;
+    }
+
+    if (fd > 0) {
+        ssize_t res = write(fd, buf, len);
+        close(fd);
+        return res == (ssize_t)len;
+    }
+    else {
+        return fd;
+    }
+}
+
+int from_file(const char *filename, void *buf, size_t len)
+{
+    int fd = open(filename, O_RDONLY);
+
+    if (fd > 0) {
+        ssize_t res = read(fd, buf, len);
+        close(fd);
+        return res == (ssize_t)len;
+    }
+    else {
+        return fd;
+    }
+}
+
+ssize_t do_sha256(const char *filename, void *tgt, off_t offset)
+{
+    sha256_context_t sha256;
+
+    sha256_init(&sha256);
+
+    ssize_t bytes_read;
+    ssize_t total = 0;
+    char buf[1024];
+
+    int fd = open(filename, O_RDONLY);
+    if (!fd) {
+        return -1;
+    }
+
+    if (offset) {
+        if (lseek(fd, offset, SEEK_SET) == -1) {
+            return -1;
+        }
+    }
+
+    while ((bytes_read = read(fd, buf, sizeof(buf)))) {
+        sha256_update(&sha256, buf, bytes_read);
+        total += bytes_read;
+    }
+
+    sha256_final(&sha256, tgt);
+
+    close(fd);
+
+    return total;
+}

dist/tools/firmware/common.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2017 Kaspar Schleiser <[email protected]>
+ *
+ * This file is subject to the terms and conditions of the GNU General Public
+ * License v2. See the file LICENSE for more details.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <unistd.h>
+#include <sys/types.h>
+
+#ifdef __cplusplus
+ extern "C" {
+#endif
+
+off_t fsize(const char *filename);
+int to_file(const char *filename, void *buf, size_t len);
+int from_file(const char *filename, void *buf, size_t len);
+int do_sha256(const char *filename, void *tgt, size_t offset);
+
+#ifdef __cplusplus
+} /* end extern "C" */
+#endif
+
+#endif /* COMMON_H */