From 1b3ed63d9f50dfeb136e6b0f64f451b6bbd26249 Mon Sep 17 00:00:00 2001 From: LIERMAN Tom Date: Wed, 19 Nov 2025 10:20:33 +0100 Subject: [PATCH] boot: bootutil: loader: Fix bootstrap copying in swap move mode Previously, the copy size was calculated using the primary region size, which could be larger than the secondary region. This fix ensures that the size of the secondary region (excluding the swap sector) is used, preventing over-copying and related issues during image upgrade or bootstrap operations. Signed-off-by: LIERMAN Tom --- boot/bootutil/src/loader.c | 13 +++++++++++++ .../fix-copy-size-swap-move-bootstrapping.md | 2 ++ 2 files changed, 15 insertions(+) create mode 100644 docs/release-notes.d/fix-copy-size-swap-move-bootstrapping.md diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c index f3eb66297a..e2083c71ac 100644 --- a/boot/bootutil/src/loader.c +++ b/boot/bootutil/src/loader.c @@ -990,6 +990,19 @@ boot_copy_image(struct boot_loader_state *state, struct boot_status *bs) size += this_size; } +#if defined(MCUBOOT_SWAP_USING_MOVE) + /* When using MCUBOOT_SWAP_USING_MOVE, primary region is larger then the secondary region + * Optimal region configuration: # useful regions in primary region = # regions in secondary region + 1 + * This means that we have to use the size of the secondary region (so without the swap sector) + */ + size = 0; + sect_count = boot_img_num_sectors(state, BOOT_SECONDARY_SLOT); + for (sect = 0, size = 0; sect < sect_count; sect++) { + this_size = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, sect); + size += this_size; + } +#endif + #if defined(MCUBOOT_OVERWRITE_ONLY_FAST) trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state)); sector = boot_img_num_sectors(state, BOOT_SLOT_PRIMARY) - 1; diff --git a/docs/release-notes.d/fix-copy-size-swap-move-bootstrapping.md b/docs/release-notes.d/fix-copy-size-swap-move-bootstrapping.md new file mode 100644 index 0000000000..ff42de2bfb --- /dev/null +++ b/docs/release-notes.d/fix-copy-size-swap-move-bootstrapping.md @@ -0,0 +1,2 @@ +- Fix: Corrected the copy size calculation when bootstrapping and swapping using MCUBOOT_SWAP_USING_MOVE. + Previously, the primary region size was used, which could be larger than the secondary region, when using the optimal region sizes. Now, the size of the secondary region (excluding the swap sector and sectors needed for swapping) is used, ensuring only the valid image area is copied. This prevents potential over-copying and related issues during image upgrade or bootstrap operations.