suit: Add "enter recovery button"

This commit adds code allowing to enter SUIT foreground update (in most cases the same as recovery) mode via keeping a button pressed during system bootup. Signed-off-by: Artur Hadasz <[email protected]>
nrfconnect · Nov 26, 2024 · cf7b016 · cf7b016
1 parent 76d1c8d
commit cf7b016
Show file tree

Hide file tree

Showing 6 changed files with 108 additions and 0 deletions.
diff --git a/samples/suit/smp_transfer/sysbuild/recovery.overlay b/samples/suit/smp_transfer/sysbuild/recovery.overlay
@@ -5,3 +5,9 @@
  */
 
 #include "../boards/nrf54h20dk_nrf54h20_cpuapp_common.dtsi"
+
+/ {
+	chosen {
+		recovery-button = &button0;
+	};
+};
diff --git a/subsys/suit/CMakeLists.txt b/subsys/suit/CMakeLists.txt
@@ -21,3 +21,4 @@ add_subdirectory_ifdef(CONFIG_SUIT_ENVELOPE_INFO envelope_info)
 add_subdirectory_ifdef(CONFIG_SUIT_EXECUTION_MODE execution_mode)
 add_subdirectory_ifdef(CONFIG_SUIT_VALIDATOR validator)
 add_subdirectory_ifdef(CONFIG_SUIT_EVENTS events)
+add_subdirectory_ifdef(CONFIG_SUIT_RECOVERY_BUTTON recovery_button)
diff --git a/subsys/suit/Kconfig b/subsys/suit/Kconfig
@@ -198,6 +198,7 @@ rsource "execution_mode/Kconfig"
 rsource "memory_layout/Kconfig"
 rsource "validator/Kconfig"
 rsource "events/Kconfig"
+rsource "recovery_button/Kconfig"
 
 # Configure SUIT_LOG_LEVEL
 module = SUIT

diff --git a/subsys/suit/recovery_button/CMakeLists.txt b/subsys/suit/recovery_button/CMakeLists.txt
@@ -0,0 +1,11 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+zephyr_library()
+zephyr_library_sources(src/suit_recovery_button.c)
+
+zephyr_library_link_libraries(suit_platform_err)
+zephyr_library_link_libraries(suit_utils)
diff --git a/subsys/suit/recovery_button/Kconfig b/subsys/suit/recovery_button/Kconfig
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2024 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+config SUIT_RECOVERY_BUTTON
+	bool "Enable SUIT enter recovery button checking on startup"
+	depends on $(dt_chosen_enabled,recovery-button)
+	select SSF_SUIT_SERVICE_ENABLED
+	help
+	  This will make the firmware check if the recovery button specified in the
+	  device tree is pressed on startup. If it is, the firmware will enter
+	  the "foreground update mode", in which the same SUIT manifests are booted
+	  as in case of the recovery mode.
diff --git a/subsys/suit/recovery_button/src/suit_recovery_button.c b/subsys/suit/recovery_button/src/suit_recovery_button.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright (c) 2024 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#include <zephyr/kernel.h>
+#include <zephyr/drivers/gpio.h>
+#include <nrfx_gpiote.h>
+#include <sdfw/sdfw_services/suit_service.h>
+
+#define RECOVERY_BUTTON_NODE DT_CHOSEN(recovery_button)
+#define RECOVERY_BUTTON_PIN DT_GPIO_PIN(RECOVERY_BUTTON_NODE, gpios)
+#define RECOVERY_BUTTON_PORT_NUM DT_PROP(DT_GPIO_CTLR(RECOVERY_BUTTON_NODE, gpios), port)
+#define RECOVERY_BUTTON_FLAGS DT_GPIO_FLAGS(RECOVERY_BUTTON_NODE, gpios)
+
+#define RECOVERY_BUTTON_ABS_PIN NRF_GPIO_PIN_MAP(RECOVERY_BUTTON_PORT_NUM, RECOVERY_BUTTON_PIN)
+#define RECOVERY_BUTTON_PULL (RECOVERY_BUTTON_FLAGS & GPIO_PULL_UP ? NRF_GPIO_PIN_PULLUP : \
+			      RECOVERY_BUTTON_FLAGS & GPIO_PULL_DOWN ? NRF_GPIO_PIN_PULLDOWN : \
+			      NRF_GPIO_PIN_NOPULL)
+
+#define RECOVERY_BUTTON_PRESSED(pin_value) (RECOVERY_BUTTON_FLAGS & GPIO_ACTIVE_LOW ? (!pin_value) \
+					    : pin_value)
+
+BUILD_ASSERT(DT_NODE_EXISTS(DT_CHOSEN(recovery_button)), "No recovery button chosen in dts");
+
+static int recovery_button_check(void)
+{
+	suit_boot_mode_t mode = SUIT_BOOT_MODE_INVOKE_RECOVERY;
+	suit_ssf_err_t err = SUIT_PLAT_SUCCESS;
+	int ret = 0;
+
+	err = suit_boot_mode_read(&mode);
+
+	if (err != SUIT_PLAT_SUCCESS) {
+		suit_invoke_confirm(-EPIPE);
+		return -EPIPE;
+	}
+
+	/** Using the recovery button makes sense in two cases:
+	 *  1. From a companion application during SUIT manifest processing while the device
+	 *     is booting(mode == SUIT_BOOT_MODE_INVOKE).
+	 *  2. From the main application, when the device is already booted
+	 *     (mode == SUIT_BOOT_MODE_POST_INVOKE).
+	 */
+	if (mode == SUIT_BOOT_MODE_INVOKE
+		|| mode == SUIT_BOOT_MODE_POST_INVOKE) {
+		nrf_gpio_pin_dir_t dir = NRF_GPIO_PIN_DIR_INPUT;
+		nrf_gpio_pin_input_t input = NRF_GPIO_PIN_INPUT_CONNECT;
+		nrf_gpio_pin_pull_t pull = RECOVERY_BUTTON_PULL;
+
+		nrf_gpio_reconfigure(RECOVERY_BUTTON_ABS_PIN, &dir, &input, &pull, NULL, NULL);
+
+		uint32_t pin_value = nrf_gpio_pin_read(RECOVERY_BUTTON_ABS_PIN);
+
+		if (RECOVERY_BUTTON_PRESSED(pin_value)) {
+			err = suit_foreground_dfu_required();
+		}
+	}
+
+	if (err != SUIT_PLAT_SUCCESS) {
+		ret = -EPIPE;
+	}
+
+	if (mode == SUIT_BOOT_MODE_INVOKE
+		|| mode == SUIT_BOOT_MODE_INVOKE_FOREGROUND_DFU
+		|| mode == SUIT_BOOT_MODE_INVOKE_RECOVERY) {
+		(void)suit_invoke_confirm(ret);
+	}
+
+	return ret;
+}
+
+SYS_INIT(recovery_button_check, APPLICATION, CONFIG_APPLICATION_INIT_PRIORITY);