Fixes to wolfBoot self-update (memcmp was used which is not a RAMFUNCTION).

Author: dgarske

docs/Targets.md

@@ -3031,10 +3031,11 @@ The S32K1xx can be programmed and debugged using various tools. The recommended
 **Using PEMicro (recommended for S32K EVB boards):**
 
 1. Install PEMicro GDB Server from [pemicro.com](https://www.pemicro.com/products/product_viewDetails.cfm?product_id=15320167)
+Linux: `~/.local/pemicro/`
 
 2. Start PEMicro GDB Server:
 ```sh
-pegdbserver_console -device=NXP_S32K1xx_S32K142 -startserver -serverport=7224
+pegdbserver_console -device=NXP_S32K1xx_S32K142F256M15 -startserver -interface=OPENSDA -port=USB1 -serverport=7224 -speed=5000
 ```
 
 3. In another terminal, connect with GDB and flash:
@@ -3068,41 +3069,6 @@ cp factory.srec /media/<user>/S32K142EVB/
 
 The board will automatically program the flash and reset.
 
-### NXP S32K1XX: Flash Script
-
-A convenience script is provided for building and flashing S32K142:
-
-```sh
-./tools/scripts/nxp-s32k142-flash.sh [OPTIONS]
-```
-
-**Options:**
-
-| Option | Description |
-|--------|-------------|
-| (none) | Build and flash `factory.srec` (v1 only) |
-| `--test-update` | Build with v2 in update partition (use `trigger` command to start update) |
-| `--update` | Build with v2 and auto-trigger (starts update on boot) |
-| `--skip-build` | Skip build, use existing `.srec` file |
-| `--skip-flash` | Skip flashing (just build) |
-| `--skip-uart` | Skip UART monitoring |
-| `--uart-only` | Only monitor UART (no build/flash) |
-| `--interactive` | Keep UART open until Ctrl+C |
-| `--timeout SECS` | UART capture duration (default: 5s) |
-
-**Examples:**
-
-```sh
-# Build and flash factory image, monitor UART for 5 seconds
-./tools/scripts/nxp-s32k142-flash.sh
-
-# Build with v2 update, flash, and stay on UART
-./tools/scripts/nxp-s32k142-flash.sh --test-update --interactive
-
-# Just monitor UART
-./tools/scripts/nxp-s32k142-flash.sh --uart-only --interactive
-```
-
 ### NXP S32K1XX: Test Application
 
 The S32K1xx test application (`test-app/app_s32k1xx.c`) provides a feature-rich demo application for testing wolfBoot functionality.
@@ -3141,77 +3107,38 @@ Copyright 2025 wolfSSL Inc.
 Firmware Version: 1
 
 === Partition Information ===
-Boot Partition @ 0xC000:
+Boot Partition:
+  Address: 0x0000C000
   Version: 1
-  State: SUCCESS (0x00)
-Update Partition @ 0x25000:
-  Version: 0 (empty)
-  State: (no trailer)
+  State:   SUCCESS
+Update Partition:
+  Address: 0x00025000
+  Version: 0
+  State:   SUCCESS
+Swap Partition:
+  Address: 0x0003E000
+  Size:    2048 bytes
 
 === Keystore Information ===
-Number of keys: 1
-Key 0: ECDSA P-256 (secp256r1), SHA-256
+Number of public keys: 1
+Hash: SHA-256
+
+Key #0:
+  Algorithm: ECDSA P-256 (secp256r1)
+  Size:      64 bytes
+  Data:
+        9a 33 e0 18 24 4b a7 29 51 90 15 f0 74 6e e4 a6
+        bf 2d 00 47 32 1f 32 5a d6 9a 30 32 d1 c3 30 3f
+        0a e3 1b 0d 0f 98 b2 e6 5c eb 42 1c 64 2b 32 db
+        a4 48 75 5b e3 49 94 45 12 64 e3 57 b4 5b 81 73
 
 Type 'help' for available commands.
 
 cmd>
 ```
 
-**Testing Firmware Update:**
-
-1. Flash with v2 image: `./tools/scripts/nxp-s32k142-flash.sh --test-update`
-2. Connect to UART: `picocom -b 115200 /dev/ttyACM1`
-3. Run `status` to verify v1 in boot, v2 in update
-4. Run `trigger` to set update flag
-5. Run `reboot` to start update
-6. After reboot, LED changes from Green (v1) to Blue (v2)
-7. Run `success` to mark v2 as good
-
-### NXP S32K1XX: Flash Configuration Field (FCF)
-
-The bootloader includes the Flash Configuration Field (FCF) at address 0x400-0x40F with the following settings:
-- Flash security: Unsecured
-- Flash protection: All regions unprotected
-- Backdoor key access: Enabled
-
-**CRITICAL WARNING:** The FCF region at 0x400-0x40F controls device security settings. Writing incorrect values can **permanently lock the device**, making it irrecoverable. The wolfBoot HAL includes protection to prevent accidental writes to this region.
-
-### NXP S32K1XX: Recovering a Locked/Unresponsive Device
-
-If your S32K device becomes locked or unresponsive (e.g., stuck in reset with D1 LED illuminated on S32K-EVB boards), try these recovery procedures:
-
-**Symptoms of a locked device:**
-- Debugger cannot connect ("Soft reset failed", "Failed to enter debug mode")
-- Device stuck in reset (D1 LED constantly on for S32K-EVB)
-- J-Link reports "Readout protection is set" at address 0x400-0x40F
-
-**Recovery Option 1: PEMicro Force Mass Erase**
-
-```sh
-pegdbserver_console -device=NXP_S32K1xx_S32K142 -interface=OPENSDA -port=USB1 -forcemasserase -singlesession
-```
-
-After mass erase completes, power cycle the board before attempting to reconnect.
-
-**Recovery Option 2: J-Link Unlock**
-
-```sh
-JLinkExe -if swd -Device S32K142
-unlock Kinetis
-erase
-r
-q
-```
-
-Then power cycle the board.
-
-### NXP S32K1XX: TODO / Future Enhancements
-
-The following features are planned or available for contribution:
+### NXP S32K1XX: TODO
 
-- [x] **Sector swap update**: Full firmware update with sector swapping (completed)
-- [x] **Interactive test application**: Console with status, trigger, success commands (completed)
-- [x] **Flash automation script**: `tools/scripts/nxp-s32k142-flash.sh` (completed)
 - [ ] **XMODEM improvements**: ISR-based UART RX for reliable high-speed transfers
 - [ ] **SPLL + SOSC support**: Add external crystal oscillator and SPLL configuration for true 112 MHz operation in HSRUN mode
 - [ ] **Hardware crypto acceleration**: Integrate CSEc (Cryptographic Services Engine) for hardware-accelerated crypto operations

hal/s32k1xx.c

@@ -40,6 +40,22 @@
 #define DSB() __asm__ volatile ("dsb")
 #define ISB() __asm__ volatile ("isb")
 
+/* PRIMASK helpers for critical sections */
+#define __get_PRIMASK() ({ \
+    uint32_t primask; \
+    __asm__ volatile ("mrs %0, primask" : "=r" (primask)); \
+    primask; \
+})
+
+#define __set_PRIMASK(primask) \
+    __asm__ volatile ("msr primask, %0" :: "r" (primask) : "memory")
+
+#define __disable_irq() \
+    __asm__ volatile ("cpsid i" ::: "memory")
+
+#define __enable_irq() \
+    __asm__ volatile ("cpsie i" ::: "memory")
+
 #include "s32k1xx.h"
 
 /* ============== Flash Configuration Field (FCF) ============== */
@@ -125,14 +141,6 @@ static void watchdog_enable(uint32_t timeout_ms)
     while (!(WDOG_CS & WDOG_CS_RCS)) {}
 }
 
-/* Refresh (kick) the watchdog to prevent reset
- * Must be called periodically before timeout expires
- */
-static void watchdog_refresh(void)
-{
-    /* For CMD32EN mode, write refresh key as 32-bit value */
-    WDOG_CNT = WDOG_CNT_REFRESH;
-}
 #endif /* WATCHDOG */
 
 /* ============== Clock Configuration ============== */
@@ -352,13 +360,18 @@ static void RAMFUNCTION flash_clear_errors(void)
 
 static int RAMFUNCTION flash_program_phrase(uint32_t address, const uint8_t *data)
 {
+    /* Skip if phrase is all 0xFF (erased) */
+    if (data[0] == 0xFF && data[1] == 0xFF && data[2] == 0xFF && data[3] == 0xFF &&
+        data[4] == 0xFF && data[5] == 0xFF && data[6] == 0xFF && data[7] == 0xFF) {
+        return 0;
+    }
+
     /* Wait for previous command to complete */
     flash_wait_complete();
     flash_clear_errors();
 
-    /* Set up Program Phrase command (0x07)
-     * Programs 8 bytes at the specified address
-     */
+    /* Set up Program Phrase command (0x07) */
+    /* Programs 8 bytes at the specified address */
     FTFC_FCCOB0 = FTFC_CMD_PROGRAM_PHRASE;
     FTFC_FCCOB1 = (uint8_t)(address >> 16);
     FTFC_FCCOB2 = (uint8_t)(address >> 8);
@@ -384,7 +397,7 @@ static int RAMFUNCTION flash_program_phrase(uint32_t address, const uint8_t *dat
 
 #ifdef WATCHDOG
     /* Refresh watchdog after flash operation */
-    watchdog_refresh();
+    WDOG_CNT = WDOG_CNT_REFRESH;
 #endif
 
     /* Check for errors */
@@ -414,20 +427,20 @@ static int RAMFUNCTION flash_erase_sector_internal(uint32_t address)
     ISB();
 
     /* Disable interrupts during flash operation to prevent code fetch from flash */
-    __asm__ volatile ("mrs %0, primask\n\t"
-                      "cpsid i" : "=r" (primask) :: "memory");
+    primask = __get_PRIMASK();
+    __disable_irq();
 
     FTFC_FSTAT = FTFC_FSTAT_CCIF;
 
     /* Wait for completion */
     flash_wait_complete();
 
     /* Re-enable interrupts */
-    __asm__ volatile ("msr primask, %0" :: "r" (primask) : "memory");
+    __set_PRIMASK(primask);
 
 #ifdef WATCHDOG
     /* Refresh watchdog after potentially long flash operation */
-    watchdog_refresh();
+    WDOG_CNT = WDOG_CNT_REFRESH;
 #endif
 
     /* Check for errors */
@@ -438,7 +451,6 @@ static int RAMFUNCTION flash_erase_sector_internal(uint32_t address)
     return 0;
 }
 
-
 /* ============== HAL Interface Functions ============== */
 
 void hal_init(void)
@@ -510,92 +522,40 @@ void hal_prepare_boot(void)
 
 int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 {
-    int ret = 0;
-    int i = 0;
+    int ret, i = 0;
     uint8_t phrase_buf[FLASH_PHRASE_SIZE];
-    const uint8_t empty_phrase[FLASH_PHRASE_SIZE] = {
-        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
-    };
-
-    /* CRITICAL: Protect the Flash Configuration Field (FCF) region.
-     * Writing incorrect values to 0x400-0x40F can permanently lock the device!
-     * The FCF is programmed once in the flash_config section and should never
-     * be modified at runtime.
-     */
-    if ((address < FCF_END_ADDR) && ((address + len) > FCF_START_ADDR)) {
-        /* Requested write overlaps with FCF region - this is dangerous!
-         * Skip the FCF portion to prevent device locking.
-         */
-        if (address < FCF_START_ADDR) {
-            /* Write portion before FCF */
-            int pre_fcf_len = FCF_START_ADDR - address;
-            ret = hal_flash_write(address, data, pre_fcf_len);
-            if (ret != 0) return ret;
-            address = FCF_END_ADDR;
-            data += pre_fcf_len + (FCF_END_ADDR - FCF_START_ADDR);
-            len -= pre_fcf_len + (FCF_END_ADDR - FCF_START_ADDR);
-        } else if (address >= FCF_START_ADDR && address < FCF_END_ADDR) {
-            /* Skip entirely within FCF region */
-            int skip = FCF_END_ADDR - address;
-            if (skip >= len) {
-                return 0;  /* Entire write is within FCF - skip it */
-            }
-            address = FCF_END_ADDR;
-            data += skip;
-            len -= skip;
-        }
-        if (len <= 0) return 0;
-    }
 
     while (len > 0) {
-        /* Handle unaligned start or partial phrase */
         if ((len < FLASH_PHRASE_SIZE) || (address & (FLASH_PHRASE_SIZE - 1))) {
+            /* Handle unaligned start or partial phrase */
             uint32_t aligned_addr = address & ~(FLASH_PHRASE_SIZE - 1);
             uint32_t offset = address - aligned_addr;
-            int bytes_to_copy;
-
-            /* Read current phrase data */
-            memcpy(phrase_buf, (void*)aligned_addr, FLASH_PHRASE_SIZE);
-
-            /* Calculate bytes to copy */
-            bytes_to_copy = FLASH_PHRASE_SIZE - offset;
-            if (bytes_to_copy > len) {
+            int bytes_to_copy = FLASH_PHRASE_SIZE - offset;
+            if (bytes_to_copy > len)
                 bytes_to_copy = len;
-            }
 
-            /* Merge new data */
+            memcpy(phrase_buf, (void*)aligned_addr, FLASH_PHRASE_SIZE);
             memcpy(phrase_buf + offset, data + i, bytes_to_copy);
 
-            /* Only program if not all 0xFF */
-            if (memcmp(phrase_buf, empty_phrase, FLASH_PHRASE_SIZE) != 0) {
-                ret = flash_program_phrase(aligned_addr, phrase_buf);
-                if (ret != 0) {
-                    return ret;
-                }
-            }
+            ret = flash_program_phrase(aligned_addr, phrase_buf);
+            if (ret != 0)
+                return ret;
 
             address += bytes_to_copy;
             i += bytes_to_copy;
             len -= bytes_to_copy;
-        }
-        else {
+        } else {
             /* Program full phrases */
             while (len >= FLASH_PHRASE_SIZE) {
-                /* Only program if not all 0xFF */
-                if (memcmp(data + i, empty_phrase, FLASH_PHRASE_SIZE) != 0) {
-                    ret = flash_program_phrase(address, data + i);
-                    if (ret != 0) {
-                        return ret;
-                    }
-                }
-
+                ret = flash_program_phrase(address, data + i);
+                if (ret != 0)
+                    return ret;
                 address += FLASH_PHRASE_SIZE;
                 i += FLASH_PHRASE_SIZE;
                 len -= FLASH_PHRASE_SIZE;
             }
         }
     }
-
     return 0;
 }
 

src/string.c

@@ -258,6 +258,7 @@ size_t strlen(const char *s)
 #endif
 
 #if  !defined(__IAR_SYSTEMS_ICC__) && !defined(TARGET_X86_64_EFI)
+/* some of the hal_flash_ functions need this during updates */
 void RAMFUNCTION *memcpy(void *dst, const void *src, size_t n)
 {
     size_t i;