diff --git a/boot/nxboot/loader/boot.c b/boot/nxboot/loader/boot.c index 6de9659ac02..c4f936d233e 100644 --- a/boot/nxboot/loader/boot.c +++ b/boot/nxboot/loader/boot.c @@ -417,6 +417,7 @@ static int perform_update(struct nxboot_state *state, bool check_only) syslog(LOG_INFO, "Creating recovery image.\n"); nxboot_progress(nxboot_progress_start, recovery_create); copy_partition(primary, recovery, state, false); + flash_partition_flush(recovery); nxboot_progress(nxboot_progress_end); nxboot_progress(nxboot_progress_start, validate_recovery); successful = validate_image(recovery); @@ -444,6 +445,8 @@ static int perform_update(struct nxboot_state *state, bool check_only) nxboot_progress(nxboot_progress_start, update_from_update); if (copy_partition(update, primary, state, true) >= 0) { + flash_partition_flush(primary); + /* Erase the first sector of update partition. This marks the * partition as updated so we don't end up in an update loop. * The sector is written back again during the image @@ -884,7 +887,6 @@ int nxboot_perform_update(bool check_only) int ret; int primary; struct nxboot_state state; - struct nxboot_img_header header; ret = nxboot_get_state(&state); if (ret < 0) @@ -908,9 +910,9 @@ int nxboot_perform_update(bool check_only) } } - /* Check whether there is a valid image in the primary slot. This just - * checks whether the header is valid, but does not calculate the CRC - * of the image as this would prolong the boot process. + /* Check whether there is a valid image in the primary slot. Validates + * both the header and the full image CRC to ensure integrity before + * booting. */ primary = flash_partition_open(CONFIG_NXBOOT_PRIMARY_SLOT_PATH); @@ -919,8 +921,7 @@ int nxboot_perform_update(bool check_only) return ERROR; } - get_image_header(primary, &header); - if (!validate_image_header(&header)) + if (!validate_image(primary)) { ret = ERROR; } diff --git a/boot/nxboot/loader/flash.c b/boot/nxboot/loader/flash.c index f1a3595737f..ab6a243202e 100644 --- a/boot/nxboot/loader/flash.c +++ b/boot/nxboot/loader/flash.c @@ -76,6 +76,26 @@ int flash_partition_open(const char *path) return fd; } +/**************************************************************************** + * Name: flash_partition_flush + * + * Description: + * Flushes any buffered writes to the underlying storage. This ensures + * data is physically committed to flash before the caller proceeds. + * + * Input parameters: + * fd: Valid file descriptor. + * + * Returned Value: + * 0 on success, -1 on failure. + * + ****************************************************************************/ + +int flash_partition_flush(int fd) +{ + return fsync(fd); +} + /**************************************************************************** * Name: flash_partition_close * diff --git a/boot/nxboot/loader/flash.h b/boot/nxboot/loader/flash.h index ef1dee09d06..69906490d23 100644 --- a/boot/nxboot/loader/flash.h +++ b/boot/nxboot/loader/flash.h @@ -79,6 +79,22 @@ int flash_partition_open(const char *path); int flash_partition_close(int fd); +/**************************************************************************** + * Name: flash_partition_flush + * + * Description: + * Flushes any buffered writes to the underlying storage. + * + * Input parameters: + * fd: Valid file descriptor. + * + * Returned Value: + * 0 on success, -1 on failure. + * + ****************************************************************************/ + +int flash_partition_flush(int fd); + /**************************************************************************** * Name: flash_partition_write *