How to set a specific OTA slot to invalid?

leschge
Posts: 37
Joined: Fri May 06, 2022 1:38 pm

How to set a specific OTA slot to invalid?

Postby leschge » Tue Aug 06, 2024 3:05 pm

Hey all,

I want to make sure a specific ota slot will not be booted.
Of course I can (and will) erase the not to be booted ota slot. However, I think OTA data will still see this slot as bootable?
As far as I see esp_ota_set_boot_partition() will only use esp_rewrite_ota_data() to mark the new image as "ESP_OTA_IMG_NEW", but will not automatically mark the other slots as ESP_OTA_IMG_INVALID.

I only see the function esp_ota_mark_app_invalid_rollback_and_reboot() to invalidate a slot in otadata, but there seems to be no generic one to invalidate a specific one?


Some background info why I am asking this:
Let's assume we have two valid OTA partitions (ota0 and ota1) and both ota_state's are set to ESP_OTA_IMG_VALID. Now ota1 partition is erased (ota_state for ota1 is still valid, as there is no function to invalidate it?).
For whatever reason, partition ota1 gets reflashed but the image's ota_state is not updated because:
  • esp_ota_begin does not update otadata,
  • esp_partition_write does not update otadata,
  • esp_ota_end does not update otadata,
  • esp_image_verify does not update otadata,
  • esp_ota_set_boot_partition is not called.
This would assume we have a flashed image in ota1 but it shall not be booted because esp_ota_set_boot_partition() was not called.
However, the bootloader may try to load that image anyway when ota0 gets corrupted because based on the otadata it is still marked as valid from previous version?

Who is online

Users browsing this forum: MicroController and 188 guests