[examples] Add DFU update check

esnguyen · esnguyen · commit b16c75ec04ec · 2025-12-26T10:29:27.000-08:00
We seek to add a DFU update check to be able to examine a fwupdate file
without making any new modifications to it. This would allows generate
some formated text and errors.

Signed-off-by: Ellis Sarza-Nguyen &lt;sarzanguyen@google.com&gt;
diff --git a/examples/htool.c b/examples/htool.c
@@ -1005,6 +1005,18 @@ static const struct htool_cmd CMDS[] = {
                 {}},
         .func = htool_dfu_update,
     },
+    {
+        .verbs = (const char*[]){"dfu", "check", NULL},
+        .desc = "Check a PIE-RoT fwupdate.",
+        .params =
+            (const struct htool_param[]){
+                {HTOOL_POSITIONAL, .name = "fwupdate-file",
+                 .desc = "A .fwupdate file compatible with this device."},
+                {HTOOL_FLAG_VALUE, .name = "reset",
+                 .desc = "warm, cold, or none", .default_value = "warm"},
+                {}},
+        .func = htool_dfu_check,
+    },
     {.verbs = (const char*[]){"flash_spi_info", NULL},
      .desc = "Get SPI NOR flash info.",
      .params = (const struct htool_param[]){{}},
diff --git a/examples/htool_dfu.c b/examples/htool_dfu.c
@@ -90,3 +90,70 @@ int htool_dfu_update(const struct htool_invocation* inv) {
   }
   return retval;
 }
+
+int htool_dfu_check(const struct htool_invocation* inv) {
+  struct libhoth_device* dev = htool_libhoth_device();
+  if (!dev) {
+    return -1;
+  }
+
+  struct opentitan_get_version_resp resp = {0};
+  uint32_t complete_flags = 0;
+  const char* reset_arg;
+
+  const char* fwupdate_file;
+  if (htool_get_param_string(inv, "fwupdate-file", &fwupdate_file)) {
+    return -1;
+  }
+
+  int fd = open(fwupdate_file, O_RDONLY, 0);
+  if (fd == -1) {
+    fprintf(stderr, "Error opening file %s: %s\n", fwupdate_file,
+            strerror(errno));
+    return -1;
+  }
+
+  int retval = -1;
+
+  struct stat statbuf;
+  if (fstat(fd, &statbuf)) {
+    fprintf(stderr, "fstat error: %s\n", strerror(errno));
+    goto cleanup;
+  }
+  if (statbuf.st_size > SIZE_MAX) {
+    fprintf(stderr, "file too large\n");
+    goto cleanup;
+  }
+
+  uint8_t* image = mmap(NULL, statbuf.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+  if (image == MAP_FAILED) {
+    fprintf(stderr, "mmap error: %s\n", strerror(errno));
+    goto cleanup;
+  }
+
+  if (libhoth_opentitan_version(dev, &resp) != 0) {
+    fprintf(stderr, "Failed to get current version\n");
+    goto cleanup2;
+  }
+
+  if (libhoth_dfu_check(dev, image, statbuf.st_size, &resp) != 0) {
+    fprintf(stderr, "DFU check failed.\n");
+    goto cleanup2;
+  }
+
+  retval = 0;
+
+  int ret;
+cleanup2:
+  ret = munmap(image, statbuf.st_size);
+  if (ret != 0) {
+    fprintf(stderr, "munmap error: %d\n", ret);
+  }
+
+cleanup:
+  ret = close(fd);
+  if (ret != 0) {
+    fprintf(stderr, "close error: %d\n", ret);
+  }
+  return retval;
+}
diff --git a/examples/htool_dfu.h b/examples/htool_dfu.h
@@ -22,6 +22,7 @@ extern "C" {
 struct htool_invocation;
 
 int htool_dfu_update(const struct htool_invocation* inv);
+int htool_dfu_check(const struct htool_invocation* inv);
 
 #ifdef __cplusplus
 }
diff --git a/protocol/BUILD b/protocol/BUILD
@@ -433,4 +433,14 @@ cc_library(
         ":host_cmd",
         "//transports:libhoth_device",
     ],
+)
+
+cc_library(
+    name = "dfu_check",
+    srcs = ["dfu_check.c"],
+    hdrs = ["dfu_check.h"],
+    deps = [
+        ":host_cmd",
+        "//transports:libhoth_device",
+    ],
 )
diff --git a/protocol/dfu_check.c b/protocol/dfu_check.c
@@ -0,0 +1,58 @@
+
+#include "dfu_check.h"
+
+#include <assert.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+// for MIN()
+#include <sys/param.h>
+#include <sys/random.h>
+#include <time.h>
+#include <unistd.h>
+
+#include "protocol/host_cmd.h"
+#include "protocol/opentitan_version.h"
+
+int libhoth_dfu_check(struct libhoth_device* dev, const uint8_t* image,
+                       size_t image_size, struct opentitan_get_version_resp resp) {
+
+  int retval = 0;
+  struct opentitan_image_version desired_rom_ext = {0};
+  struct opentitan_image_version desired_app = {0};
+
+  // Populate rom_ext and app with the desired extracted versions from the image
+  retval = libhoth_extract_ot_bundle(image, &desired_rom_ext, &desired_app);
+
+  if(retval != 0) {
+    fprintf(stderr, "Failed to extract bundle\n");
+  }
+
+  // Determine the stage slot for each ot get version to compare
+  uint32_t rom_ext_boot_slot = bootslot_int(resp.rom_ext.booted_slot);
+  uint32_t rom_ext_stage_slot = rom_ext_boot_slot == 0 ? 1 : 0;
+  uint32_t app_boot_slot = bootslot_int(resp.app.booted_slot);
+  uint32_t app_stage_slot = app_boot_slot == 0 ? 1 : 0;
+
+  // Compare the desired version with the current bootslot version
+  // If they are different, we need to automatically perform the x2 update
+  // If both are the same & the staged slot is different, we need to perform a single update
+  // For all other cases, no update is needed
+  if(libhoth_ot_version_eq(&resp.rom_ext.slots[rom_ext_boot_slot], &desired_rom_ext) == 0 ||
+     libhoth_ot_version_eq(&resp.app.slots[app_boot_slot], &desired_app) == 0 ) {
+          printf("The current bootslot is not the desired version.\n");
+
+        }
+    else{
+      if(libhoth_ot_version_eq(&resp.rom_ext.slots[rom_ext_stage_slot], &desired_rom_ext) == 0 ||
+         libhoth_ot_version_eq(&resp.app.slots[app_stage_slot], &desired_app) == 0 ) {
+              printf("The staged slot is not the desired version.\n");
+        }
+        else{
+          printf("Device is already at the desired version.\n");
+        }
+    }
+  
+}
diff --git a/protocol/dfu_check.h b/protocol/dfu_check.h
@@ -0,0 +1,28 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef LIBHOTH_EXAMPLES_HTOOL_DFU_CHECK_H_
+#define LIBHOTH_EXAMPLES_HTOOL_DFU_CHECK_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int libhoth_dfu_check(struct libhoth_device* dev, const uint8_t* image,
+                       size_t image_size, struct opentitan_get_version_resp resp);
+#ifdef __cplusplus
+}
+#endif
+
+#endif  // LIBHOTH_EXAMPLES_HTOOL_DFU_CHECKH_
diff --git a/protocol/meson.build b/protocol/meson.build
@@ -20,6 +20,7 @@ protocol_srcs = [
     'secure_boot.c',
     'command_version.c',
     'dfu_hostcmd.c',
+    'dfu_check.c',
 ]
 
 incdir = include_directories('..')

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ extern "C" {`
`22`	`22`	`struct htool_invocation;`
`23`	`23`
`24`	`24`	`int htool_dfu_update(const struct htool_invocation* inv);`
	`25`	`+int htool_dfu_check(const struct htool_invocation* inv);`
`25`	`26`
`26`	`27`	`#ifdef __cplusplus`
`27`	`28`	`}`
Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ protocol_srcs = [`
`20`	`20`	`'secure_boot.c',`
`21`	`21`	`'command_version.c',`
`22`	`22`	`'dfu_hostcmd.c',`
	`23`	`+ 'dfu_check.c',`
`23`	`24`	`]`
`24`	`25`
`25`	`26`	`incdir = include_directories('..')`