Aborting an OTA update
Posted: Thu Feb 02, 2017 3:00 pm
Hi,
correct me if I'm wrong, but it seems there's no way to abort a running over-the-air update, for example if a write fails:
- just calling esp_ota_begin again will leak memory and crash the application after a few re-tries
- calling esp_ota_end doesn't release the memory if the secure bootloader is in use
IMO, esp_ota_end should either release the memory and return an error, or there should be another function like esp_ota_abort to cancel an ongoing OTA update.
@Espressif, could you please have a look at this?
Thanks and greetings
Andreas
Code from esp_ota_end:
correct me if I'm wrong, but it seems there's no way to abort a running over-the-air update, for example if a write fails:
- just calling esp_ota_begin again will leak memory and crash the application after a few re-tries
- calling esp_ota_end doesn't release the memory if the secure bootloader is in use
IMO, esp_ota_end should either release the memory and return an error, or there should be another function like esp_ota_abort to cancel an ongoing OTA update.
@Espressif, could you please have a look at this?
Thanks and greetings
Andreas
Code from esp_ota_end:
Code: Select all
esp_err_t esp_ota_end(esp_ota_handle_t handle)
{
ota_ops_entry_t *it;
for (it = LIST_FIRST(&s_ota_ops_entries_head); it != NULL; it = LIST_NEXT(it, entries)) {
if (it->handle == handle) {
// an ota handle need to be ended after erased and wrote data in it
if ((it->erased_size == 0) || (it->wrote_size == 0)) {
return ESP_ERR_INVALID_ARG;
}
#ifdef CONFIG_SECUREBOOTLOADER
esp_err_t ret;
size_t image_size;
if (esp_image_basic_verify(it->part.address, &image_size) != ESP_OK) {
return ESP_ERR_OTA_VALIDATE_FAILED;
}
ret = esp_secure_boot_verify_signature(it->part.address, image_size);
if (ret != ESP_OK) {
return ESP_ERR_OTA_VALIDATE_FAILED;
}
#endif
LIST_REMOVE(it, entries);
break;
}
}
if (it == NULL) {
return ESP_ERR_NOT_FOUND;
}
free(it);
return ESP_OK;
}