bootloader refactoring #4572
bootloader refactoring #4572
Conversation
|
TychoVrahe
force-pushed
the
tychovrahe/bootloader/reorg
branch
5 times, most recently
from
bedf3bb to
97363e2
Compare
[no changelog]
[no changelog]
[no changelog]
TychoVrahe
force-pushed
the
tychovrahe/bootloader/reorg
branch
from
f37dfa0 to
8e4557e
Compare
TychoVrahe
requested review from
matejcik,
hiviah and
cepetr
and removed request for
prusnak
| @@ -64,27 +57,16 @@ | |||
| #include <sec/hash_processor.h> | |||
| #endif | |||
|
|
|||
| #include <io/usb.h> | |||
| #include "version.h" | |||
| #include <workflow/workflow.h> | |||
There was a problem hiding this comment.
this should be included as "workflow/worfklow.h", since it's inside the bootloader folder
| UI_RESULT_CANCEL = 1, | ||
| UI_RESULT_CONFIRM = 2, | ||
| } ui_result_t; | ||
|
|
||
| typedef enum { | ||
| SCREEN_INTRO = 0, |
There was a problem hiding this comment.
This enum describes the states of the workflow in wf_bootloader.c and might belong in this file. Some of the enum entries are unused.
| const image_header *const hdr) { | ||
| workflow_reset_jump(); | ||
| ui_set_initial_setup(true); | ||
| ui_screen_connect(); |
There was a problem hiding this comment.
If we called redraw_screen_wait() at the beginning of workflow_host_control(), we would not need to call ui_screen_connect() here. The same applies to workflow_bootloader and workflow_empty_device.
|
|
||
| workflow_result_t workflow_auto_update(const vendor_header *const vhdr, | ||
| const image_header *const hdr) { | ||
| workflow_reset_jump(); |
There was a problem hiding this comment.
Maybe it would be better/safer to call workflow_reset_jump() outside this function - in the loop in main, just after do {…. Then we can remove this call from workflow_bootloader and workflow_empty_device as well.
|
|
||
| #include "workflow.h" | ||
|
|
||
| void workflow_allow_jump_1(void); |
There was a problem hiding this comment.
These names are a bit confusing to me since the logic inside isn’t a workflow.
| poll_event_t* event, uint32_t timeout_ms) { | ||
| uint32_t start = systick_ms(); | ||
|
|
||
| while (systick_ms() - start < timeout_ms) { |
There was a problem hiding this comment.
How about using the pattern below? It inherently solves the uint32 overflow problem.
uint32_t deadline = ticks_timeout(timeout_ms);
while (! ticks_expired(deadline)) {
...
..
| ensure(dont_optimize_out_true * (workflow_is_jump_allowed_1() == | ||
| workflow_is_jump_allowed_2()), | ||
| NULL); | ||
| #ifdef USE_RESET_TO_BOOT |
There was a problem hiding this comment.
Maybe we don’t need to set firmware_jump_fn here, as it is set a bit later, right after the switch statement.
| firmware_jump_fn = real_jump_to_firmware; | ||
| #endif | ||
| break; | ||
| return 1; |
There was a problem hiding this comment.
Instead of returning here, shouldn’t we call eboot_or_halt_after_rsod() or shutdown_error() ? I think this return will result in showing the RSOD with the “EXIT 1” text.
| WF_SHUTDOWN = 0x11223344, | ||
| WF_CONTINUE_TO_FIRMWARE = 0xAABBCCDD, | ||
| WF_RETURN = 0x55667788, | ||
| WF_STAY = 0xEEFF0011, |
There was a problem hiding this comment.
The meaning of the result constants is a bit unclear to me. It would feel more natural to have results that describe what happened in that workflow, allowing the caller to decide what to do. For example:
WF_ERROR- Shutdown without overwriting the display.WF_FATAL_ERROR- Show a fatal error message, then shut down.WF_OK- Workflow successfully finished (can replaceWF_RETURNandWF_CONTINUE_TO_FIRMWARE).
| } | ||
| } while (result == WF_STAY || result == WF_RETURN); |
There was a problem hiding this comment.
It seems to me that the do…while loop here is unnecessary since it is already incorporated into all workflows it calls. These workflows never return WF_STAY nor WF_RETURN.
| break; | ||
| case SCREEN_MENU: | ||
| ui_result = ui_screen_menu(firmware_present); | ||
| if (ui_result == 0xAABBCCDD) { // exit menu |
There was a problem hiding this comment.
These constants (0xAABBCCDD...) are the same as the workflow_result_t constants, which feels a bit strange. Shouldn’t we use WF_xxx here instead?
This PR implements major bootloader refactoring - as preparation for adding BLE.