RT117x dual image: how to know if the running image is the "old" or "backup" image?

mastupristi · ‎12-15-2023

Hi,

I'm doing some experimenting with the "dual image" feature. (see threads https://community.nxp.com/t5/i-MX-RT/RT117x-dual-image-boot-order/m-p/1768307 and https://community.nxp.com/t5/i-MX-RT/RT117x-what-is-ImageIndex/m-p/1769568)

Specifically, using the "image version" field I can make the rom bootloader choose which of the two images in the XIP he should run.

Consider that I am experimenting with encrypted and signed images. So if it fails decryption or signature verification of the selected image, the rom bootloader will recover to the other image.

Here the question arises: how does an image know if it is running because of the boot failure of another image?

To clarify further, I will try an example:

I have two images one with image version 5 and the other with image version 4. The bootloader chooses the image with higher version, so image_v5.
Then with an update the image_v4 is overwritten with image_v6.
The rom booloader would choose the image_v6. Suppose though that for some reason the image_v6 update was corrupted.
The rom bootloader falls back to image_v5 again.

So I have two cases where image_v5 is running:

image_v5 is running as the first choice of the rom bootloader
image_v5 is running as the second choice of the rom bootloader

How can a FW know whether it is running as the first or second choice of the rom bootloader?

best regards

Max

martin_hrncarek · ‎12-18-2023

Hi @mastupristi @

I will double check ROM team if there is a convenient way to determined what happened during boot.

On encrypted and closed device you should be able to read HAB status or event using HAB api. There is a document in the Code Signing Tool/doc folder describing which API to use and how to decode.

You can also read from GPR registers (AN12255) in which bank you are executing from to at least read versions of the image you are executing and the image in the second bank. In case lower version is executing you might have issue with authentication. Then you can run HAB api for the image authentication to figura out if the image is corrupted, or you store a flag in dedicated sector of flash or power-retained register and use ROM api to boot the second image. After image boot you can determine what happened. This is just ideas on my mind in case there is no convenient way which I will try to ask our ROM team.

I will follow-up soon.

Best Regards,
Martin H.

jingpan · ‎12-18-2023

Hi @mastupristi ,

You can check SRC_GPR10 register. Bit [27:26] is image index, 0 is index 0 and 1,2,3 is index 1. Here is a very detailed explanation in Chinese.

https://www.cnblogs.com/henjay724/p/15942801.html

Regards,

Jing

mastupristi · ‎06-11-2024

hi @jingpan

Hi read the article but I can't figure out how this answers my question.

I did some tests that I illustrate in this article

https://community.nxp.com/t5/i-MX-RT/RT117x-NVIC-SystemReset-behaviour-when-dual-image-is-enabled/td...

actually the only field to change is actually PERSIST_REDUNDANT_BOOT, however on some occasions I have also seen PERSIST_SECONDARY_BOOT 1

regards

Max