boot: Correct MCUBOOT_DIRECT_XIP_REVERT enablement

davidvincze · davidvincze · commit 1c4562473e4a · 2021-07-01T10:22:23.000+02:00
To avoid potential errors caused by misconfiguration make sure the
conditionally compiled snippets of code surrounded by the
MCUBOOT_DIRECT_XIP_REVERT macro are only used when direct-xip mode
is selected.

Change-Id: I6178d8186a7ca05887bc7590f5fa0c8f83f3d731
Signed-off-by: David Vincze &lt;david.vincze@arm.com&gt;
diff --git a/boot/bootutil/src/loader.c b/boot/bootutil/src/loader.c
@@ -67,17 +67,16 @@ struct slot_usage_t {
     /* Index of the slot chosen to be loaded */
     uint32_t active_slot;
     bool slot_available[BOOT_NUM_SLOTS];
-#ifdef MCUBOOT_RAM_LOAD
+#if defined(MCUBOOT_RAM_LOAD)
     /* Image destination and size for the active slot */
     uint32_t img_dst;
     uint32_t img_sz;
-#endif /* MCUBOOT_RAM_LOAD */
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#elif defined(MCUBOOT_DIRECT_XIP_REVERT)
     /* Swap status for the active slot */
     struct boot_swap_state swap_state;
-#endif /* MCUBOOT_DIRECT_XIP_REVERT */
-};
 #endif
+};
+#endif /* MCUBOOT_DIRECT_XIP || MCUBOOT_RAM_LOAD */
 
 /*
  * This macro allows some control on the allocation of local variables.
@@ -2247,7 +2246,7 @@ print_loaded_images(struct boot_loader_state *state,
 }
 #endif
 
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
 /**
  * Checks whether the active slot of the current image was previously selected
  * to run. Erases the image if it was selected but its execution failed,
@@ -2320,7 +2319,7 @@ boot_select_or_erase(struct boot_loader_state *state,
 
     return rc;
 }
-#endif /* MCUBOOT_DIRECT_XIP_REVERT */
+#endif /* MCUBOOT_DIRECT_XIP && MCUBOOT_DIRECT_XIP_REVERT */
 
 #ifdef MCUBOOT_RAM_LOAD
 
@@ -2812,7 +2811,6 @@ boot_load_and_validate_images(struct boot_loader_state *state,
                 slot_usage[BOOT_CURR_IMG(state)].active_slot = NO_ACTIVE_SLOT;
                 continue;
             }
-#endif /* MCUBOOT_DIRECT_XIP */
 
 #ifdef MCUBOOT_DIRECT_XIP_REVERT
             rc = boot_select_or_erase(state, slot_usage);
@@ -2823,6 +2821,7 @@ boot_load_and_validate_images(struct boot_loader_state *state,
                 continue;
             }
 #endif /* MCUBOOT_DIRECT_XIP_REVERT */
+#endif /* MCUBOOT_DIRECT_XIP */
 
 #ifdef MCUBOOT_RAM_LOAD
             /* Image is first loaded to RAM and authenticated there in order to
@@ -2877,7 +2876,7 @@ boot_update_hw_rollback_protection(struct boot_loader_state *state,
     /* Update the stored security counter with the newer (active) image's
      * security counter value.
      */
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
     /* When the 'revert' mechanism is enabled in direct-xip mode, the
      * security counter can be increased only after reboot, if the image
      * has been confirmed at runtime (the image_ok flag has been set).
@@ -2892,7 +2891,7 @@ boot_update_hw_rollback_protection(struct boot_loader_state *state,
                             "validation.");
             return rc;
         }
-#ifdef MCUBOOT_DIRECT_XIP_REVERT
+#if defined(MCUBOOT_DIRECT_XIP) && defined(MCUBOOT_DIRECT_XIP_REVERT)
     }
 #endif
 
diff --git a/docs/design.md b/docs/design.md
@@ -347,14 +347,14 @@ the bit-level contents of flash.
 ### [Revert mechanism in direct-xip mode](#direct-xip-revert)
 
 The direct-xip mode also supports a "revert" mechanism which is the equivalent
-of the swap mode's "revert" swap. It can be enabled with the
-MCUBOOT_DIRECT_XIP_REVERT config option and an image trailer must also be added
-to the signed images (the "--pad" option of the `imgtool` script must be used).
-For more information on this please read the [Image Trailer](#image-trailer)
-section and the [imgtool](imgtool.md) documentation. Making the images permanent
-(marking them as confirmed in advance) is also supported just like in swap mode.
-The individual steps of the direct-xip mode's "revert" mechanism are the
-following:
+of the swap mode's "revert" swap. When the direct-xip mode is selected it can be
+enabled with the MCUBOOT_DIRECT_XIP_REVERT config option and an image trailer
+must also be added to the signed images (the "--pad" option of the `imgtool`
+script must be used). For more information on this please read the
+[Image Trailer](#image-trailer) section and the [imgtool](imgtool.md)
+documentation. Making the images permanent (marking them as confirmed in
+advance) is also supported just like in swap mode. The individual steps of the
+direct-xip mode's "revert" mechanism are the following:
 
 1. Select the slot which holds the newest potential image.
 2. Was the image previously selected to run (during a previous boot)?
