Skip to content

Commit 7176e34

Browse files
lzrdlzrd
committed
Improve access to static mut comms w Bootleby
1 parent 79a047e commit 7176e34

File tree

7 files changed

+31
-59
lines changed

7 files changed

+31
-59
lines changed

Cargo.lock

Lines changed: 0 additions & 39 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

app/lpc55xpresso/app.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,8 @@ name = "lpc55-update-server"
4949
priority = 3
5050
stacksize = 8192
5151
start = true
52-
sections = {bootstate = "usbsram", transient_override = "override"}
52+
sections = {bootstate = "usbsram"}
53+
extern-regions = ["transient_override"]
5354
uses = ["flash_controller", "hash_crypt"]
5455
notifications = ["flash-irq", "hashcrypt-irq"]
5556
interrupts = {"flash_controller.irq" = "flash-irq", "hash_crypt.irq" = "hashcrypt-irq"}

app/oxide-rot-1/app-dev.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,8 @@ name = "lpc55-update-server"
5454
priority = 3
5555
stacksize = 8192
5656
start = true
57-
sections = {bootstate = "usbsram", transient_override = "override"}
57+
sections = {bootstate = "usbsram"}
58+
extern-regions = ["transient_override"]
5859
uses = ["flash_controller", "hash_crypt"]
5960
notifications = ["flash-irq", "hashcrypt-irq"]
6061
interrupts = {"flash_controller.irq" = "flash-irq", "hash_crypt.irq" = "hashcrypt-irq"}

app/oxide-rot-1/app.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@ name = "lpc55-update-server"
4242
priority = 3
4343
stacksize = 8192
4444
start = true
45-
sections = {bootstate = "usbsram", transient_override = "override"}
45+
sections = {bootstate = "usbsram"}
46+
extern-regions = ["transient_override"]
4647
uses = ["flash_controller", "hash_crypt"]
4748
notifications = ["flash-irq", "hashcrypt-irq"]
4849
interrupts = {"flash_controller.irq" = "flash-irq", "hash_crypt.irq" = "hashcrypt-irq"}

app/rot-carrier/app.toml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,8 @@ priority = 3
4242
# TODO size this appropriately
4343
stacksize = 8192
4444
start = true
45-
sections = {bootstate = "usbsram", transient_override = "override"}
45+
sections = {bootstate = "usbsram"}
46+
extern-regions = ["transient_override"]
4647
uses = ["flash_controller", "hash_crypt"]
4748
notifications = ["flash-irq", "hashcrypt-irq"]
4849
interrupts = {"flash_controller.irq" = "flash-irq", "hash_crypt.irq" = "hashcrypt-irq"}

chips/lpc55/memory.toml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -93,15 +93,15 @@ write = true
9393
execute = false
9494
dma = true
9595

96-
[[override]]
96+
[[transient_override]]
9797
name = "a"
9898
address = 0x2003ffe0
9999
size = 32
100100
read = true
101101
write = true
102102
execute = false
103103

104-
[[override]]
104+
[[transient_override]]
105105
name = "b"
106106
address = 0x2003ffe0
107107
size = 32

drv/lpc55-update-server/src/main.rs

Lines changed: 21 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
use core::convert::Infallible;
1313
use core::mem::MaybeUninit;
1414
use core::ops::Range;
15-
use core::ptr;
1615
use drv_lpc55_flash::{BYTES_PER_FLASH_PAGE, BYTES_PER_FLASH_WORD};
1716
use drv_lpc55_update_api::{
1817
Fwid, RawCabooseError, RotBootInfo, RotBootInfoV2, RotComponent, RotPage,
@@ -1476,25 +1475,33 @@ fn bootstate() -> Result<RotBootStateV2, HandoffDataLoadError> {
14761475
RotBootStateV2::load_from_addr(addr)
14771476
}
14781477

1478+
extern "C" {
1479+
// Symbols injected by the linker.
1480+
//
1481+
// This requires adding `extern-regions = ["transient_override"]` to the task config.
1482+
pub static mut __REGION_TRANSIENT_OVERRIDE_BASE: [u32; 0];
1483+
}
1484+
14791485
fn set_transient_override(preference: [u8; 32]) {
1480-
// Safety: Data is consumed by Bootleby on next boot.
1481-
// There are no concurrent writers possible.
1482-
// Calling this function multiple times is ok.
1483-
// Bootleby is careful to vet contents before acting.
1486+
// Safety: populated by the linker, getting the address is fine.
1487+
// SAFETY: this points to a valid region of RAM that is otherwise unused by Rust, so we can
1488+
// write to it.
14841489
unsafe {
1485-
ptr::write_volatile(
1486-
ptr::addr_of_mut!(TRANSIENT_OVERRIDE),
1487-
MaybeUninit::new(preference),
1488-
);
1490+
let override_addr =
1491+
core::ptr::addr_of_mut!(__REGION_TRANSIENT_OVERRIDE_BASE)
1492+
as *mut [u8; 32];
1493+
core::ptr::write_volatile(override_addr, preference);
14891494
}
14901495
}
14911496

14921497
fn get_transient_override() -> [u8; 32] {
1493-
// Safety: Data is consumed by Bootleby on next boot.
1494-
// There are no concurrent writers possible.
1495-
// Bootleby consumes and resets TRANSIENT_OVERRIDE.
1496-
// The client may be verifying state set during update flows.
1497-
unsafe { TRANSIENT_OVERRIDE.assume_init() }
1498+
// SAFETY: populated by the linker, getting the address is fine.
1499+
unsafe {
1500+
let override_addr =
1501+
core::ptr::addr_of_mut!(__REGION_TRANSIENT_OVERRIDE_BASE)
1502+
as *mut [u8; 32];
1503+
core::ptr::read_volatile(override_addr)
1504+
}
14981505
}
14991506

15001507
// Preference constants are taken from bootleby:src/lib.rs

0 commit comments

Comments
 (0)