boot_serial: Fix issues with single slot mode/encrypted images

Fixes 2 issues, one whereby multiple slots were checked despite operating in single slot mode, and another whereby decrypted images would not appear on serial recovery image listing, due to assuming that the images were still encrypted. Signed-off-by: Jamie McCrae <[email protected]>
mcu-tools · Sep 13, 2023 · f54bd5d · f54bd5d
1 parent 5c00da4
commit f54bd5d
Showing 1 changed file with 23 additions and 6 deletions.
diff --git a/boot/boot_serial/src/boot_serial.c b/boot/boot_serial/src/boot_serial.c
@@ -259,7 +259,11 @@ bs_list(char *buf, int len)
         int swap_status = boot_swap_type_multi(image_index);
 #endif
 
+#ifdef MCUBOOT_SINGLE_APPLICATION_SLOT
+        for (slot = 0; slot < 1; slot++) {
+#else
         for (slot = 0; slot < 2; slot++) {
+#endif
             FIH_DECLARE(fih_rc, FIH_FAILURE);
             uint8_t tmpbuf[64];
 
@@ -289,20 +293,33 @@ bs_list(char *buf, int len)
                                    fih_rc, image_index, slot);
                 if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR))
                 {
-#ifdef MCUBOOT_ENC_IMAGES
+#if defined(MCUBOOT_ENC_IMAGES)
                     if (IS_ENCRYPTED(&hdr)) {
                         FIH_CALL(boot_image_validate_encrypted, fih_rc, fap,
                                  &hdr, tmpbuf, sizeof(tmpbuf));
-                    } else {
-#endif
-                        FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr,
-                                 fap, tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
-#ifdef MCUBOOT_ENC_IMAGES
+
+                        if (FIH_EQ(fih_rc, FIH_SUCCESS)) {
+                            goto completed;
+                        }
+
+                        /*
+                         * At this point, there is an image with an encrypted flag but it does not
+                         * appear to be an encrypted image. This would be the case if it has
+                         * previously been decrypted, therefore try validating the image without
+                         * the encrypted header flags.
+                         */
+                        hdr.ih_flags &= ~ENCRYPTIONFLAGS;
                     }
 #endif
+
+                    FIH_CALL(bootutil_img_validate, fih_rc, NULL, 0, &hdr,
+                             fap, tmpbuf, sizeof(tmpbuf), NULL, 0, NULL);
                 }
             }
 
+#if defined(MCUBOOT_ENC_IMAGES)
+completed:
+#endif
             if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
                 flash_area_close(fap);
                 continue;