bootutil: Unify bootutil_max_image_size() implementation for scratch mode

ahasztag · ahasztag · commit f7abf5d3a4c8 · 2025-07-03T18:09:26.000+02:00
This commit unifies the scratch mode with the move and offset
in the way bootutil_max_image_size calls app_max_size.

Signed-off-by: Artur Hadasz &lt;artur.hadasz@nordicsemi.no&gt;
diff --git a/boot/bootutil/src/bootutil_misc.c b/boot/bootutil/src/bootutil_misc.c
@@ -446,40 +446,8 @@ uint32_t bootutil_max_image_size(struct boot_loader_state *state, const struct f
     defined(MCUBOOT_SINGLE_APPLICATION_SLOT_RAM_LOAD)
     (void) state;
     return boot_status_off(fap);
-#elif defined(MCUBOOT_SWAP_USING_SCRATCH)
-    size_t slot_trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
-    size_t slot_trailer_off = flash_area_get_size(fap) - slot_trailer_sz;
-
-    /* If the trailer doesn't fit in the last sector of the primary or secondary slot, some padding
-     * might have to be inserted between the end of the firmware image and the beginning of the
-     * trailer to ensure there is enough space for the trailer in the scratch area when the last
-     * sector of the secondary will be copied to the scratch area.
-     *
-     * The value of the padding depends on the amount of trailer data that is contained in the first
-     * trailer containing part of the trailer in the primary and secondary slot.
-     */
-    size_t trailer_sector_primary_end_off =
-        get_first_trailer_sector_end_off(state, BOOT_PRIMARY_SLOT, slot_trailer_sz);
-    size_t trailer_sector_secondary_end_off =
-        get_first_trailer_sector_end_off(state, BOOT_SECONDARY_SLOT, slot_trailer_sz);
-
-    size_t trailer_sz_in_first_sector;
-
-    if (trailer_sector_primary_end_off > trailer_sector_secondary_end_off) {
-        trailer_sz_in_first_sector = trailer_sector_primary_end_off - slot_trailer_off;
-    } else {
-        trailer_sz_in_first_sector = trailer_sector_secondary_end_off - slot_trailer_off;
-    }
-
-    size_t trailer_padding = 0;
-    size_t scratch_trailer_sz = boot_scratch_trailer_sz(BOOT_WRITE_SZ(state));
-
-    if (scratch_trailer_sz > trailer_sz_in_first_sector) {
-        trailer_padding = scratch_trailer_sz - trailer_sz_in_first_sector;
-    }
-
-    return slot_trailer_off - trailer_padding;
-#elif defined(MCUBOOT_SWAP_USING_MOVE) || defined(MCUBOOT_SWAP_USING_OFFSET)
+#elif defined(MCUBOOT_SWAP_USING_MOVE) || defined(MCUBOOT_SWAP_USING_OFFSET) \
+      || defined(MCUBOOT_SWAP_USING_SCRATCH)
     (void) fap;
     return app_max_size(state);
 #elif defined(MCUBOOT_OVERWRITE_ONLY)
diff --git a/boot/bootutil/src/swap_scratch.c b/boot/bootutil/src/swap_scratch.c
@@ -816,6 +816,35 @@ swap_run(struct boot_loader_state *state, struct boot_status *bs,
 }
 #endif /* !MCUBOOT_OVERWRITE_ONLY */
 
+static app_max_size_adjust_to_trailer(struct boot_loader_state *state, uint32_t slot,
+                                      size_t slot_size)
+{
+    size_t slot_trailer_sz = boot_trailer_sz(BOOT_WRITE_SZ(state));
+    size_t slot_trailer_off = slot_size - slot_trailer_sz;
+
+    /* If the trailer doesn't fit in the last sector of the primary or secondary slot, some padding
+     * might have to be inserted between the end of the firmware image and the beginning of the
+     * trailer to ensure there is enough space for the trailer in the scratch area when the last
+     * sector of the secondary will be copied to the scratch area.
+     *
+     * The value of the padding depends on the amount of trailer data that is contained in the first
+     * trailer containing part of the trailer in the primary and secondary slot.
+     */
+    size_t trailer_sector_end_off =
+        get_first_trailer_sector_end_off(state, slot, slot_trailer_sz);
+
+    size_t trailer_sz_in_first_sector = trailer_sector_end_off - slot_trailer_off;
+
+    size_t trailer_padding = 0;
+    size_t scratch_trailer_sz = boot_scratch_trailer_sz(BOOT_WRITE_SZ(state));
+
+    if (scratch_trailer_sz > trailer_sz_in_first_sector) {
+        trailer_padding = scratch_trailer_sz - trailer_sz_in_first_sector;
+    }
+
+    return slot_trailer_off - trailer_padding;
+}
+
 int app_max_size(struct boot_loader_state *state)
 {
     size_t num_sectors_primary;
@@ -893,7 +922,14 @@ int app_max_size(struct boot_loader_state *state)
 #ifdef MCUBOOT_OVERWRITE_ONLY
     return (sz1 < sz0 ? sz1 : sz0);
 #else
-    return (secondary_slot_sz < primary_slot_sz ? secondary_slot_sz : primary_slot_sz);
+    size_t primary_max_app_sz = app_max_size_adjust_to_trailer(state,
+                                                               BOOT_PRIMARY_SLOT,
+                                                               primary_slot_sz);
+    size_t secondary_max_app_sz = app_max_size_adjust_to_trailer(state,
+                                                                 BOOT_SECONDARY_SLOT,
+                                                                 secondary_slot_sz);
+    return (primary_max_app_sz < secondary_max_app_sz ?
+            primary_max_app_sz : secondary_max_app_sz);
 #endif
 }
 #else
@@ -920,6 +956,14 @@ int app_max_size(struct boot_loader_state *state)
     secondary_sz = flash_area_get_size(fap);
 
     return (secondary_sz < primary_sz ? secondary_sz : primary_sz);
+    size_t primary_max_app_sz = app_max_size_adjust_to_trailer(state,
+                                                               BOOT_PRIMARY_SLOT,
+                                                               primary_sz);
+    size_t secondary_max_app_sz = app_max_size_adjust_to_trailer(state,
+                                                                BOOT_SECONDARY_SLOT,
+                                                                secondary_sz);
+    return (primary_max_app_sz < secondary_max_app_sz ?
+            primary_max_app_sz : secondary_max_app_sz);
 }
 
 #endif /* !MCUBOOT_DIRECT_XIP && !MCUBOOT_RAM_LOAD */
