2017-03-11 07:15:44 +01:00
|
|
|
#ifndef ESP8266UPDATER_H
|
|
|
|
|
#define ESP8266UPDATER_H
|
|
|
|
|
|
|
|
|
|
#include <Arduino.h>
|
|
|
|
|
#include <MD5Builder.h>
|
2018-01-18 00:02:58 +01:00
|
|
|
#include <functional>
|
2017-03-11 07:15:44 +01:00
|
|
|
#include "esp_partition.h"
|
|
|
|
|
|
|
|
|
|
#define UPDATE_ERROR_OK (0)
|
|
|
|
|
#define UPDATE_ERROR_WRITE (1)
|
|
|
|
|
#define UPDATE_ERROR_ERASE (2)
|
|
|
|
|
#define UPDATE_ERROR_READ (3)
|
|
|
|
|
#define UPDATE_ERROR_SPACE (4)
|
|
|
|
|
#define UPDATE_ERROR_SIZE (5)
|
|
|
|
|
#define UPDATE_ERROR_STREAM (6)
|
|
|
|
|
#define UPDATE_ERROR_MD5 (7)
|
|
|
|
|
#define UPDATE_ERROR_MAGIC_BYTE (8)
|
|
|
|
|
#define UPDATE_ERROR_ACTIVATE (9)
|
|
|
|
|
#define UPDATE_ERROR_NO_PARTITION (10)
|
|
|
|
|
#define UPDATE_ERROR_BAD_ARGUMENT (11)
|
|
|
|
|
#define UPDATE_ERROR_ABORT (12)
|
|
|
|
|
|
|
|
|
|
#define UPDATE_SIZE_UNKNOWN 0xFFFFFFFF
|
|
|
|
|
|
|
|
|
|
#define U_FLASH 0
|
|
|
|
|
#define U_SPIFFS 100
|
|
|
|
|
#define U_AUTH 200
|
|
|
|
|
|
Use esp_partition_* functions in Updater.cpp (#3898)
Background
The current implementation of Update() uses the spi_flash_* api to write and read from flash. These functions ignore the partition->encrypted flag and always write raw data to flash even if the partition is marked as encrypted.
Changes in this PR
Update() now uses the esp_partition_* api.
Wrapper functions for esp_partition_* added to ESP.cpp. This was done to maintain a consistent approach to the way the spi_flash_* functions were used. I note though that not all of the esp-idf functions are used are wrapped, for example esp_ota_get_next_update_partition() so it may be that these should not be added?
The current implementation of Update() changes the first (magic) byte of firmware to 0xFF on write, and then when the firmware is completely written changes it back to ESP_IMAGE_HEADER_MAGIC. This works without erasing the sector because flash bits can be changed from 1->0 (but not 0->1). If the flash is encrypted then the actual data written to flash will not be all ones, so this approach will not work. In addition, encrypted flash must be written in 16 byte blocks. So, instead of changing the first byte the changed code stashes the first 16 bytes, and starts writing at the 17th byte, leaving the first 16 bytes as 0xFF. Then, in _enablePartition() the stashed bytes can be successfully written.
Benefits
Whilst it's not possible to use encrypted flash directly from either the Arduino IDE or PIO it's reasonably straightforward to compile and flash a bootloader with the necessary support from a simple esp-idf project and then use ArduinoOTA for subsequent updates. This PR enables the use of this workflow until such time as encrypted flash is supported, and is a first (small) step toward adding support.
Regardless of the above, the esp_partition_* api is recommended over the api_flash_* api.
Application code should mostly use these esp_partition_* API functions instead of lower level spi_flash_* API functions. Partition table API functions do bounds checking and calculate correct offsets in flash, based on data stored in a partition table.
2020-09-30 14:06:19 +02:00
|
|
|
#define ENCRYPTED_BLOCK_SIZE 16
|
|
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
class UpdateClass {
|
|
|
|
|
public:
|
2018-01-18 00:02:58 +01:00
|
|
|
typedef std::function<void(size_t, size_t)> THandlerFunction_Progress;
|
|
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
UpdateClass();
|
2018-01-18 00:02:58 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
This callback will be called when Update is receiving data
|
|
|
|
|
*/
|
|
|
|
|
UpdateClass& onProgress(THandlerFunction_Progress fn);
|
|
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
/*
|
|
|
|
|
Call this to check the space needed for the update
|
|
|
|
|
Will return false if there is not enough space
|
|
|
|
|
*/
|
2020-11-02 17:49:24 +01:00
|
|
|
bool begin(size_t size=UPDATE_SIZE_UNKNOWN, int command = U_FLASH, int ledPin = -1, uint8_t ledOn = LOW, const char *label = NULL);
|
2017-03-11 07:15:44 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Writes a buffer to the flash and increments the address
|
|
|
|
|
Returns the amount written
|
|
|
|
|
*/
|
|
|
|
|
size_t write(uint8_t *data, size_t len);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Writes the remaining bytes from the Stream to the flash
|
|
|
|
|
Uses readBytes() and sets UPDATE_ERROR_STREAM on timeout
|
|
|
|
|
Returns the bytes written
|
|
|
|
|
Should be equal to the remaining bytes when called
|
|
|
|
|
Usable for slow streams like Serial
|
|
|
|
|
*/
|
|
|
|
|
size_t writeStream(Stream &data);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
If all bytes are written
|
|
|
|
|
this call will write the config to eboot
|
|
|
|
|
and return true
|
2019-07-09 18:31:38 +02:00
|
|
|
If there is already an update running but is not finished and !evenIfRemaining
|
2017-03-11 07:15:44 +01:00
|
|
|
or there is an error
|
|
|
|
|
this will clear everything and return false
|
|
|
|
|
the last error is available through getError()
|
|
|
|
|
evenIfRemaining is helpfull when you update without knowing the final size first
|
|
|
|
|
*/
|
|
|
|
|
bool end(bool evenIfRemaining = false);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Aborts the running update
|
|
|
|
|
*/
|
|
|
|
|
void abort();
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Prints the last error to an output stream
|
|
|
|
|
*/
|
2020-09-30 13:39:25 +02:00
|
|
|
void printError(Print &out);
|
2017-03-11 07:15:44 +01:00
|
|
|
|
2019-09-16 18:54:21 +02:00
|
|
|
const char * errorString();
|
|
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
/*
|
|
|
|
|
sets the expected MD5 for the firmware (hexString)
|
|
|
|
|
*/
|
|
|
|
|
bool setMD5(const char * expected_md5);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-10-01 14:29:58 +02:00
|
|
|
returns the MD5 String of the successfully ended firmware
|
2017-03-11 07:15:44 +01:00
|
|
|
*/
|
|
|
|
|
String md5String(void){ return _md5.toString(); }
|
|
|
|
|
|
|
|
|
|
/*
|
2020-10-01 14:29:58 +02:00
|
|
|
populated the result with the md5 bytes of the successfully ended firmware
|
2017-03-11 07:15:44 +01:00
|
|
|
*/
|
|
|
|
|
void md5(uint8_t * result){ return _md5.getBytes(result); }
|
|
|
|
|
|
|
|
|
|
//Helpers
|
|
|
|
|
uint8_t getError(){ return _error; }
|
|
|
|
|
void clearError(){ _error = UPDATE_ERROR_OK; }
|
|
|
|
|
bool hasError(){ return _error != UPDATE_ERROR_OK; }
|
|
|
|
|
bool isRunning(){ return _size > 0; }
|
|
|
|
|
bool isFinished(){ return _progress == _size; }
|
|
|
|
|
size_t size(){ return _size; }
|
|
|
|
|
size_t progress(){ return _progress; }
|
|
|
|
|
size_t remaining(){ return _size - _progress; }
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
Template to write from objects that expose
|
|
|
|
|
available() and read(uint8_t*, size_t) methods
|
|
|
|
|
faster than the writeStream method
|
|
|
|
|
writes only what is available
|
|
|
|
|
*/
|
|
|
|
|
template<typename T>
|
|
|
|
|
size_t write(T &data){
|
|
|
|
|
size_t written = 0;
|
|
|
|
|
if (hasError() || !isRunning())
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
size_t available = data.available();
|
|
|
|
|
while(available) {
|
|
|
|
|
if(_bufferLen + available > remaining()){
|
|
|
|
|
available = remaining() - _bufferLen;
|
|
|
|
|
}
|
|
|
|
|
if(_bufferLen + available > 4096) {
|
|
|
|
|
size_t toBuff = 4096 - _bufferLen;
|
|
|
|
|
data.read(_buffer + _bufferLen, toBuff);
|
|
|
|
|
_bufferLen += toBuff;
|
|
|
|
|
if(!_writeBuffer())
|
|
|
|
|
return written;
|
|
|
|
|
written += toBuff;
|
|
|
|
|
} else {
|
|
|
|
|
data.read(_buffer + _bufferLen, available);
|
|
|
|
|
_bufferLen += available;
|
|
|
|
|
written += available;
|
|
|
|
|
if(_bufferLen == remaining()) {
|
|
|
|
|
if(!_writeBuffer()) {
|
|
|
|
|
return written;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if(remaining() == 0)
|
|
|
|
|
return written;
|
|
|
|
|
available = data.available();
|
|
|
|
|
}
|
|
|
|
|
return written;
|
|
|
|
|
}
|
|
|
|
|
|
2017-06-02 17:24:26 +02:00
|
|
|
/*
|
|
|
|
|
check if there is a firmware on the other OTA partition that you can bootinto
|
|
|
|
|
*/
|
|
|
|
|
bool canRollBack();
|
|
|
|
|
/*
|
|
|
|
|
set the other OTA partition as bootable (reboot to enable)
|
|
|
|
|
*/
|
|
|
|
|
bool rollBack();
|
|
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
private:
|
|
|
|
|
void _reset();
|
|
|
|
|
void _abort(uint8_t err);
|
|
|
|
|
bool _writeBuffer();
|
|
|
|
|
bool _verifyHeader(uint8_t data);
|
|
|
|
|
bool _verifyEnd();
|
Use esp_partition_* functions in Updater.cpp (#3898)
Background
The current implementation of Update() uses the spi_flash_* api to write and read from flash. These functions ignore the partition->encrypted flag and always write raw data to flash even if the partition is marked as encrypted.
Changes in this PR
Update() now uses the esp_partition_* api.
Wrapper functions for esp_partition_* added to ESP.cpp. This was done to maintain a consistent approach to the way the spi_flash_* functions were used. I note though that not all of the esp-idf functions are used are wrapped, for example esp_ota_get_next_update_partition() so it may be that these should not be added?
The current implementation of Update() changes the first (magic) byte of firmware to 0xFF on write, and then when the firmware is completely written changes it back to ESP_IMAGE_HEADER_MAGIC. This works without erasing the sector because flash bits can be changed from 1->0 (but not 0->1). If the flash is encrypted then the actual data written to flash will not be all ones, so this approach will not work. In addition, encrypted flash must be written in 16 byte blocks. So, instead of changing the first byte the changed code stashes the first 16 bytes, and starts writing at the 17th byte, leaving the first 16 bytes as 0xFF. Then, in _enablePartition() the stashed bytes can be successfully written.
Benefits
Whilst it's not possible to use encrypted flash directly from either the Arduino IDE or PIO it's reasonably straightforward to compile and flash a bootloader with the necessary support from a simple esp-idf project and then use ArduinoOTA for subsequent updates. This PR enables the use of this workflow until such time as encrypted flash is supported, and is a first (small) step toward adding support.
Regardless of the above, the esp_partition_* api is recommended over the api_flash_* api.
Application code should mostly use these esp_partition_* API functions instead of lower level spi_flash_* API functions. Partition table API functions do bounds checking and calculate correct offsets in flash, based on data stored in a partition table.
2020-09-30 14:06:19 +02:00
|
|
|
bool _enablePartition(const esp_partition_t* partition);
|
2017-03-11 07:15:44 +01:00
|
|
|
|
2018-01-18 00:02:58 +01:00
|
|
|
|
2017-03-11 07:15:44 +01:00
|
|
|
uint8_t _error;
|
|
|
|
|
uint8_t *_buffer;
|
Use esp_partition_* functions in Updater.cpp (#3898)
Background
The current implementation of Update() uses the spi_flash_* api to write and read from flash. These functions ignore the partition->encrypted flag and always write raw data to flash even if the partition is marked as encrypted.
Changes in this PR
Update() now uses the esp_partition_* api.
Wrapper functions for esp_partition_* added to ESP.cpp. This was done to maintain a consistent approach to the way the spi_flash_* functions were used. I note though that not all of the esp-idf functions are used are wrapped, for example esp_ota_get_next_update_partition() so it may be that these should not be added?
The current implementation of Update() changes the first (magic) byte of firmware to 0xFF on write, and then when the firmware is completely written changes it back to ESP_IMAGE_HEADER_MAGIC. This works without erasing the sector because flash bits can be changed from 1->0 (but not 0->1). If the flash is encrypted then the actual data written to flash will not be all ones, so this approach will not work. In addition, encrypted flash must be written in 16 byte blocks. So, instead of changing the first byte the changed code stashes the first 16 bytes, and starts writing at the 17th byte, leaving the first 16 bytes as 0xFF. Then, in _enablePartition() the stashed bytes can be successfully written.
Benefits
Whilst it's not possible to use encrypted flash directly from either the Arduino IDE or PIO it's reasonably straightforward to compile and flash a bootloader with the necessary support from a simple esp-idf project and then use ArduinoOTA for subsequent updates. This PR enables the use of this workflow until such time as encrypted flash is supported, and is a first (small) step toward adding support.
Regardless of the above, the esp_partition_* api is recommended over the api_flash_* api.
Application code should mostly use these esp_partition_* API functions instead of lower level spi_flash_* API functions. Partition table API functions do bounds checking and calculate correct offsets in flash, based on data stored in a partition table.
2020-09-30 14:06:19 +02:00
|
|
|
uint8_t *_skipBuffer;
|
2017-03-11 07:15:44 +01:00
|
|
|
size_t _bufferLen;
|
|
|
|
|
size_t _size;
|
2018-01-18 00:19:30 +01:00
|
|
|
THandlerFunction_Progress _progress_callback;
|
2017-03-11 07:15:44 +01:00
|
|
|
uint32_t _progress;
|
|
|
|
|
uint32_t _command;
|
|
|
|
|
const esp_partition_t* _partition;
|
|
|
|
|
|
|
|
|
|
String _target_md5;
|
|
|
|
|
MD5Builder _md5;
|
2018-11-19 16:57:38 +01:00
|
|
|
|
|
|
|
|
int _ledPin;
|
|
|
|
|
uint8_t _ledOn;
|
2017-03-11 07:15:44 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
extern UpdateClass Update;
|
|
|
|
|
|
|
|
|
|
#endif
|
