From 9f4bc6f090e9b2ade150da63cb5b8332b372da27 Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <andrew@tridgell.net>
Date: Mon, 25 Nov 2024 09:43:18 +1100
Subject: [PATCH] make updating bootloader version safer

only update in eeprom settings area if we did a soft reset (user
initiated reset) and preserve settings up to 1024 bytes
---
 bootloader/main.c | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/bootloader/main.c b/bootloader/main.c
index 8c170f37..c7ff2bf9 100644
--- a/bootloader/main.c
+++ b/bootloader/main.c
@@ -69,6 +69,10 @@
 #endif
 #endif
 
+#ifndef EEPROM_MAX_SIZE
+#define EEPROM_MAX_SIZE 1024
+#endif
+
 #ifdef USE_PA2
 #define input_pin        GPIO_PIN(2)
 #define input_port       GPIOA
@@ -737,13 +741,21 @@ static void receiveBuffer()
 #ifdef UPDATE_EEPROM_ENABLE
 static void update_EEPROM()
 {
-    read_flash_bin(rxBuffer , EEPROM_START_ADD , 48);
-    if (BOOTLOADER_VERSION != rxBuffer[2]) {
-	if (rxBuffer[2] == 0xFF || rxBuffer[2] == 0x00){
+    if (!bl_was_software_reset()) {
+        // we only update the bootloader version on a software reset to reduce the chances
+        // of a brownout or spark causing a eeprom write that corrupts the settings
+        return;
+    }
+    const uint8_t *eeprom = (const uint8_t *)EEPROM_START_ADD;
+    if (BOOTLOADER_VERSION != eeprom[2]) {
+        if (eeprom[2] == 0xFF || eeprom[2] == 0x00) {
 	    return;
-	}
-	rxBuffer[2] = BOOTLOADER_VERSION;
-	save_flash_nolib(rxBuffer, 48, EEPROM_START_ADD);
+        }
+        // update only the bootloader version, preserve all other bytes up to EEPROM_MAX_SIZE
+        uint8_t data[EEPROM_MAX_SIZE];
+        memcpy(data, eeprom, EEPROM_MAX_SIZE);
+        data[2] = BOOTLOADER_VERSION;
+        save_flash_nolib(data, EEPROM_MAX_SIZE, EEPROM_START_ADD);
     }
 }
 #endif // UPDATE_EEPROM_ENABLE