diff --git a/components/app_update/esp_ota_ops.c b/components/app_update/esp_ota_ops.c index e4f7055345..63e33b9c09 100644 --- a/components/app_update/esp_ota_ops.c +++ b/components/app_update/esp_ota_ops.c @@ -182,8 +182,18 @@ esp_err_t esp_ota_begin(const esp_partition_t *partition, size_t image_size, esp } else { erase_size = ALIGN_UP(image_size, partition->erase_size); } - return esp_partition_erase_range(partition, 0, erase_size); + esp_err_t err = esp_partition_erase_range(partition, 0, erase_size); + if (err != ESP_OK) { + return err; + } } + +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE + if (is_ota_partition(partition)) { + esp_ota_invalidate_inactive_ota_data_slot(); + } +#endif + return ESP_OK; } @@ -955,7 +965,7 @@ esp_err_t esp_ota_get_state_partition(const esp_partition_t *partition, esp_ota_ return ESP_OK; } -esp_err_t esp_ota_erase_last_boot_app_partition(void) +static esp_err_t erase_last_boot_app_partition(bool skip_app_part_erase) { esp_ota_select_entry_t otadata[2]; const esp_partition_t* ota_data_partition = read_otadata(otadata); @@ -987,13 +997,15 @@ esp_err_t esp_ota_erase_last_boot_app_partition(void) return ESP_FAIL; } - esp_err_t err = esp_partition_erase_range(last_boot_app_partition_from_otadata, 0, last_boot_app_partition_from_otadata->size); - if (err != ESP_OK) { - return err; + if (!skip_app_part_erase) { + esp_err_t err = esp_partition_erase_range(last_boot_app_partition_from_otadata, 0, last_boot_app_partition_from_otadata->size); + if (err != ESP_OK) { + return err; + } } int sec_id = inactive_otadata; - err = esp_partition_erase_range(ota_data_partition, sec_id * ota_data_partition->erase_size, ota_data_partition->erase_size); + esp_err_t err = esp_partition_erase_range(ota_data_partition, sec_id * ota_data_partition->erase_size, ota_data_partition->erase_size); if (err != ESP_OK) { return err; } @@ -1001,6 +1013,16 @@ esp_err_t esp_ota_erase_last_boot_app_partition(void) return ESP_OK; } +esp_err_t esp_ota_erase_last_boot_app_partition(void) +{ + return erase_last_boot_app_partition(false); +} + +esp_err_t esp_ota_invalidate_inactive_ota_data_slot(void) +{ + return erase_last_boot_app_partition(true); +} + #if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY && CONFIG_SECURE_BOOT_V2_ENABLED // Validates the image at "app_pos" with the secure boot digests other than "revoked_key_index" diff --git a/components/app_update/include/esp_ota_ops.h b/components/app_update/include/esp_ota_ops.h index 0916f1f896..5f4a8a05cf 100644 --- a/components/app_update/include/esp_ota_ops.h +++ b/components/app_update/include/esp_ota_ops.h @@ -83,6 +83,7 @@ int esp_ota_get_app_elf_sha256(char* dst, size_t size) __attribute__((deprecated * use esp_ota_mark_app_valid_cancel_rollback() function for it (this should be done as early as possible when you first download a new application). * * Note: Rollback is applicable only for app type partitions. + * Note: For Rollback - The OTA data slot corresponding to the last boot application partition will be invalidated. * * @param partition Pointer to info for partition which will receive the OTA update. Required. * This is considered as the staging partition (where OTA is downloaded), be default this also considered as the final partition which supposed to be updated. @@ -302,6 +303,20 @@ esp_err_t esp_ota_get_partition_description(const esp_partition_t *partition, es */ esp_err_t esp_ota_get_bootloader_description(const esp_partition_t *bootloader_partition, esp_bootloader_desc_t *desc); +/** + * @brief Invalidate the OTA data slot associated with the last boot application partition. + * + * This function erases the OTA data slot corresponding to the last boot application partition, + * making the partition invalid for booting in future. The application partition itself + * is not erased, preserving its contents. + * + * @return + * - ESP_OK: Successfully invalidated the OTA data slot. + * - ESP_FAIL: Failed to invalidate the OTA data slot (e.g., invalid parameters, no OTA data partition, or other errors). + * - Other error codes from `esp_partition_erase_range`. + */ +esp_err_t esp_ota_invalidate_inactive_ota_data_slot(void); + /** * @brief Returns number of ota partitions provided in partition table. * diff --git a/components/app_update/test_apps/test_app_update/.build-test-rules.yml b/components/app_update/test_apps/test_app_update/.build-test-rules.yml index c6913f0010..fd369785df 100644 --- a/components/app_update/test_apps/test_app_update/.build-test-rules.yml +++ b/components/app_update/test_apps/test_app_update/.build-test-rules.yml @@ -3,6 +3,7 @@ components/app_update/test_apps: enable: - if: CONFIG_NAME == "defaults" and IDF_TARGET in ["esp32", "esp32c2", "esp32c3", "esp32c5", "esp32c6", "esp32c61", "esp32h2", "esp32p4", "esp32s2", "esp32s3"] + - if: CONFIG_NAME == "rollback" and IDF_TARGET in ["esp32", "esp32c3", "esp32s3", "esp32p4"] - if: CONFIG_NAME == "xip_psram" and IDF_TARGET in ["esp32s2", "esp32s3", "esp32p4"] # S2 doesn't have ROM for flash - if: CONFIG_NAME == "xip_psram_with_rom_impl" and IDF_TARGET in ["esp32s3", "esp32p4"] diff --git a/components/app_update/test_apps/test_app_update/main/test_switch_ota.c b/components/app_update/test_apps/test_app_update/main/test_switch_ota.c index 0136855381..b1bbb832bd 100644 --- a/components/app_update/test_apps/test_app_update/main/test_switch_ota.c +++ b/components/app_update/test_apps/test_app_update/main/test_switch_ota.c @@ -849,3 +849,84 @@ TEST_CASE("Test bootloader_common_get_sha256_of_partition returns ESP_ERR_IMAGE_ TEST_ESP_ERR(ESP_ERR_IMAGE_INVALID, bootloader_common_get_sha256_of_partition(other_app->address, other_app->size, other_app->type, sha_256_other_app)); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha_256_cur_app, sha_256_other_app, sizeof(sha_256_cur_app), "must be the same"); } + +static void test_rollback3(void) +{ + uint8_t boot_count = get_boot_count_from_nvs(); + boot_count++; + set_boot_count_in_nvs(boot_count); + ESP_LOGI(TAG, "boot count %d", boot_count); + const esp_partition_t *cur_app = get_running_firmware(); + const esp_partition_t* update_partition = NULL; + switch (boot_count) { + case 2: + ESP_LOGI(TAG, "Factory"); + TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype); + update_partition = app_update(); + reboot_as_deep_sleep(); + break; + case 3: + ESP_LOGI(TAG, "OTA0"); + TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype); + TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback()); + TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); + update_partition = app_update(); + reboot_as_deep_sleep(); + break; + case 4: + ESP_LOGI(TAG, "OTA1"); + TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype); + TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback()); + + update_partition = esp_ota_get_next_update_partition(NULL); +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE + // two partitions are valid + TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); + esp_ota_img_states_t ota_state; + TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state)); + TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state); +#endif + + esp_ota_handle_t update_handle = 0; + TEST_ESP_OK(esp_ota_begin(update_partition, OTA_SIZE_UNKNOWN, &update_handle)); + +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE + // After esp_ota_begin, the only one partition is valid + // ota data slots do not have an entry about the update_partition. + TEST_ESP_ERR(ESP_ERR_NOT_FOUND, esp_ota_get_state_partition(update_partition, &ota_state)); +#endif + copy_app_partition(update_handle, get_running_firmware()); + TEST_ESP_OK(esp_ota_end(update_handle)); + // esp_ota_set_boot_partition is not called, so the running app will not be changed after reboot + reboot_as_deep_sleep(); + break; + default: + erase_ota_data(); + TEST_FAIL_MESSAGE("Unexpected stage"); + break; + } +} + +static void test_rollback3_1(void) +{ + set_boot_count_in_nvs(5); + uint8_t boot_count = get_boot_count_from_nvs(); + esp_ota_img_states_t ota_state = 0x5555AAAA; + ESP_LOGI(TAG, "boot count %d", boot_count); + const esp_partition_t *cur_app = get_running_firmware(); + ESP_LOGI(TAG, "OTA1"); + TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype); + TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state)); + TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state); + + TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); + const esp_partition_t* next_update_partition = esp_ota_get_next_update_partition(NULL); + TEST_ASSERT_NOT_NULL(next_update_partition); +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE + // ota data slots do not have an entry about the next_update_partition. + TEST_ESP_ERR(ESP_ERR_NOT_FOUND, esp_ota_get_state_partition(next_update_partition, &ota_state)); +#endif + erase_ota_data(); +} + +TEST_CASE_MULTIPLE_STAGES("Test rollback. Updated partition invalidated after esp_ota_begin", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, SW_CPU_RESET]", start_test, test_rollback3, test_rollback3, test_rollback3, test_rollback3_1); diff --git a/components/app_update/test_apps/test_app_update/pytest_app_update_ut.py b/components/app_update/test_apps/test_app_update/pytest_app_update_ut.py index e9d9633e33..087216c2ad 100644 --- a/components/app_update/test_apps/test_app_update/pytest_app_update_ut.py +++ b/components/app_update/test_apps/test_app_update/pytest_app_update_ut.py @@ -50,3 +50,19 @@ def test_app_update_xip_psram(dut: Dut) -> None: ) def test_app_update_xip_psram_rom_impl(dut: Dut) -> None: dut.run_all_single_board_cases(timeout=90) + + +@pytest.mark.esp32 +@pytest.mark.esp32c3 +@pytest.mark.esp32s3 +@pytest.mark.esp32p4 +@pytest.mark.generic +@pytest.mark.parametrize( + 'config', + [ + 'rollback', + ], + indirect=True, +) +def test_app_update_with_rollback(dut: Dut) -> None: + dut.run_all_single_board_cases(timeout=90) diff --git a/components/app_update/test_apps/test_app_update/sdkconfig.ci.rollback b/components/app_update/test_apps/test_app_update/sdkconfig.ci.rollback new file mode 100644 index 0000000000..2303570b85 --- /dev/null +++ b/components/app_update/test_apps/test_app_update/sdkconfig.ci.rollback @@ -0,0 +1 @@ +CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE=y