moonboot icon indicating copy to clipboard operation
moonboot copied to clipboard

Published 20 hours ago verified publisher icon jhbruhn

Lack of scratch page may result in lost data at power loss

Open Wassasin opened this issue 3 years ago • 3 comments

During the exchange of pages a page may be lost at brownout because it only exists in RAM. This can happen during or shortly after this statement: https://github.com/jhbruhn/moonboot/blob/efadc79b9edaeec0366ae6ab2276290bc09a46cd/src/boot/mod.rs#L252-L254

Fixing this would require an intermediate scratch page to write each page to, as well as an appropriate representation of this intermediate state in the State page.

Wassasin avatar May 27 '22 08:05 Wassasin

This is referred to in https://github.com/jhbruhn/moonboot/blob/efadc79b9edaeec0366ae6ab2276290bc09a46cd/TODO.md?plain=1#L2

Wassasin avatar May 27 '22 09:05 Wassasin

Yes, I can confirm this is a problem, which is why I didn't advertise the stateful exchange as a feature (yet).

The scratchpad would need to have a size of PAGE_SIZE. This would obviously reduce the usable size for the firmware, but IMO that is a very good tradeoff to make it an always included feature.

Could this be realised as part of the bootloader via some macro/linker magic, without modifying the linker script?

We could get into problems if this ever supports different memory devices (e.g. external flash/EEPROM). Where will the scratchpad be stored then?

jhbruhn avatar May 27 '22 09:05 jhbruhn

See #2 for a proposal on how to get the bootloader power-interrupt safe. As for external flash, perhaps we should change internal_memory to be an abstraction over all types of memory, internal, external and RAM, and use a reference to Bank to make it select the right kind of memory.

Wassasin avatar Jul 03 '22 18:07 Wassasin