nano_nora: core split + recovery mode rework

Use an absolute address in SPIRAM to store the magic tokens, almost at the
end of the memory, to avoid the markers from being overwritten on any kind
of sketch and core combination.

Also, only start the recovery once if a valid binary is present in the
Flash, by immediately setting that for the next boot when recovery
starts.

Author: pillo79

variants/arduino_nano_nora/dfu_callbacks.cpp

@@ -0,0 +1,116 @@
+#include "Arduino.h"
+
+#include <esp32-hal-tinyusb.h>
+#include <esp_system.h>
+
+// defines an "Update" object accessed only by this translation unit
+// (also, the object requires MD5Builder internally)
+namespace {
+// ignore '{anonymous}::MD5Builder::...() defined but not used' warnings
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-function"
+#include "../../libraries/Update/src/Updater.cpp"
+#include "../../cores/esp32/MD5Builder.cpp"
+#pragma GCC diagnostic pop
+}
+
+#define ALT_COUNT   1
+
+//--------------------------------------------------------------------+
+// DFU callbacks
+// Note: alt is used as the partition number, in order to support multiple partitions like FLASH, EEPROM, etc.
+//--------------------------------------------------------------------+
+
+uint16_t load_dfu_ota_descriptor(uint8_t * dst, uint8_t * itf)
+{
+#define DFU_ATTRS (DFU_ATTR_CAN_DOWNLOAD | DFU_ATTR_CAN_UPLOAD | DFU_ATTR_MANIFESTATION_TOLERANT)
+
+    uint8_t str_index = tinyusb_add_string_descriptor("Arduino DFU");
+    uint8_t descriptor[TUD_DFU_DESC_LEN(ALT_COUNT)] = {
+        // Interface number, string index, attributes, detach timeout, transfer size */
+        TUD_DFU_DESCRIPTOR(*itf, ALT_COUNT, str_index, DFU_ATTRS, 100, CFG_TUD_DFU_XFER_BUFSIZE),
+    };
+    *itf+=1;
+    memcpy(dst, descriptor, TUD_DFU_DESC_LEN(ALT_COUNT));
+    return TUD_DFU_DESC_LEN(ALT_COUNT);
+}
+
+// Invoked right before tud_dfu_download_cb() (state=DFU_DNBUSY) or tud_dfu_manifest_cb() (state=DFU_MANIFEST)
+// Application return timeout in milliseconds (bwPollTimeout) for the next download/manifest operation.
+// During this period, USB host won't try to communicate with us.
+uint32_t tud_dfu_get_timeout_cb(uint8_t alt, uint8_t state)
+{
+    if ( state == DFU_DNBUSY )
+    {
+        // longest delay for Flash writing
+        return 10;
+    }
+    else if (state == DFU_MANIFEST)
+    {
+        // time for esp32_ota_set_boot_partition to check final image
+        return 100;
+    }
+
+    return 0;
+}
+
+// Invoked when received DFU_DNLOAD (wLength>0) following by DFU_GETSTATUS (state=DFU_DNBUSY) requests
+// This callback could be returned before flashing op is complete (async).
+// Once finished flashing, application must call tud_dfu_finish_flashing()
+void tud_dfu_download_cb(uint8_t alt, uint16_t block_num, uint8_t const* data, uint16_t length)
+{
+    if (!Update.isRunning())
+    {
+        // this is the first data block, start update if possible
+        if (!Update.begin())
+        {
+            tud_dfu_finish_flashing(DFU_STATUS_ERR_TARGET);
+            return;
+        }
+    }
+
+    // write a block of data to Flash
+    // XXX: Update API is needlessly non-const
+    size_t written = Update.write(const_cast<uint8_t*>(data), length);
+    tud_dfu_finish_flashing((written == length) ? DFU_STATUS_OK : DFU_STATUS_ERR_WRITE);
+}
+
+// Invoked when download process is complete, received DFU_DNLOAD (wLength=0) following by DFU_GETSTATUS (state=Manifest)
+// Application can do checksum, or actual flashing if buffered entire image previously.
+// Once finished flashing, application must call tud_dfu_finish_flashing()
+void tud_dfu_manifest_cb(uint8_t alt)
+{
+    (void) alt;
+    bool ok = Update.end(true);
+
+    // flashing op for manifest is complete
+    tud_dfu_finish_flashing(ok? DFU_STATUS_OK : DFU_STATUS_ERR_VERIFY);
+}
+
+// Invoked when received DFU_UPLOAD request
+// Application must populate data with up to length bytes and
+// Return the number of written bytes
+uint16_t tud_dfu_upload_cb(uint8_t alt, uint16_t block_num, uint8_t* data, uint16_t length)
+{
+    (void) alt;
+    (void) block_num;
+    (void) data;
+    (void) length;
+
+    // not implemented
+    return 0;
+}
+
+// Invoked when the Host has terminated a download or upload transfer
+void tud_dfu_abort_cb(uint8_t alt)
+{
+    (void) alt;
+    // ignore
+}
+
+// Invoked when a DFU_DETACH request is received
+void tud_dfu_detach_cb(void)
+{
+    // done, reboot
+    esp_restart();
+}

variants/arduino_nano_nora/double_tap.c

@@ -0,0 +1,67 @@
+#include <string.h>
+
+#include <esp_system.h>
+#include <esp32s3/rom/cache.h>
+
+#include "double_tap.h"
+
+#define NUM_TOKENS 3
+static const uint32_t MAGIC_TOKENS[NUM_TOKENS] = {
+    0xf01681de, 0xbd729b29, 0xd359be7a,
+};
+
+static void *magic_area;
+static uint32_t backup_area[NUM_TOKENS];
+
+#if ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(5, 0, 0)
+// Current IDF does not map external RAM to a fixed address.
+// The actual VMA depends on other enabled devices, so the precise
+// location must be discovered.
+#include <esp_psram.h>
+#include <esp_private/esp_psram_extram.h>
+static uintptr_t get_extram_data_high(void) {
+    // get a pointer into SRAM area (only the address is useful)
+    void *psram_ptr = heap_caps_malloc(16, MALLOC_CAP_SPIRAM);
+    heap_caps_free(psram_ptr);
+
+    // keep moving backwards until leaving PSRAM area
+    uintptr_t psram_base_addr = (uintptr_t) psram_ptr;
+    psram_base_addr &= ~(CONFIG_MMU_PAGE_SIZE - 1); // align to start of page
+    while (esp_psram_check_ptr_addr((void *) psram_base_addr)) {
+        psram_base_addr -= CONFIG_MMU_PAGE_SIZE;
+    }
+
+    // offset is one page from start of PSRAM
+    return psram_base_addr + CONFIG_MMU_PAGE_SIZE + esp_psram_get_size();
+}
+#else
+#include <soc/soc.h>
+#define get_extram_data_high() ((uintptr_t) SOC_EXTRAM_DATA_HIGH)
+#endif
+
+
+void double_tap_init(void) {
+    // magic location block ends 0x20 bytes from end of PSRAM
+    magic_area = (void *) (get_extram_data_high() - 0x20 - sizeof(MAGIC_TOKENS));
+}
+
+void double_tap_mark() {
+    memcpy(backup_area, magic_area, sizeof(MAGIC_TOKENS));
+    memcpy(magic_area, MAGIC_TOKENS, sizeof(MAGIC_TOKENS));
+    Cache_WriteBack_Addr((uintptr_t) magic_area, sizeof(MAGIC_TOKENS));
+}
+
+void double_tap_invalidate() {
+    if (memcmp(backup_area, MAGIC_TOKENS, sizeof(MAGIC_TOKENS))) {
+        // different contents: restore backup
+        memcpy(magic_area, backup_area, sizeof(MAGIC_TOKENS));
+    } else {
+        // clear memory
+        memset(magic_area, 0, sizeof(MAGIC_TOKENS));
+    }
+    Cache_WriteBack_Addr((uintptr_t) magic_area, sizeof(MAGIC_TOKENS));
+}
+
+bool double_tap_check_match() {
+    return (memcmp(magic_area, MAGIC_TOKENS, sizeof(MAGIC_TOKENS)) == 0);
+}

variants/arduino_nano_nora/double_tap.h

@@ -0,0 +1,20 @@
+#ifndef __DOUBLE_TAP_H__
+#define __DOUBLE_TAP_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void double_tap_init(void);
+void double_tap_mark(void);
+void double_tap_invalidate(void);
+bool double_tap_check_match(void);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __DOUBLE_TAP_H__ */

variants/arduino_nano_nora/extra/nora_recovery/nora_recovery.ino

@@ -27,11 +27,13 @@ void pulse_led() {
 #include <esp_partition.h>
 #include <esp_flash_partitions.h>
 #include <esp_image_format.h>
-bool load_previous_firmware() {
-	// if user flashed this recovery sketch to an OTA partition, stay here
+const esp_partition_t *find_previous_firmware() {
 	extern bool _recovery_active;
-	if (!_recovery_active)
-		return false;
+	if (!_recovery_active) {
+		// user flashed this recovery sketch to an OTA partition
+		// stay here and wait for a proper firmware
+		return NULL;
+	}
 
 	// booting from factory partition, look for a valid OTA image
 	esp_partition_iterator_t it = esp_partition_find(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_ANY, NULL);
@@ -42,24 +44,29 @@ bool load_previous_firmware() {
 			esp_image_metadata_t meta;
 			if (esp_image_verify(ESP_IMAGE_VERIFY_SILENT, &candidate, &meta) == ESP_OK) {
 				// found, use it
-				esp_ota_set_boot_partition(part);
-				return true;
+				return part;
 			}
 		}
 	}
 
-	return false;
+	return NULL;
 }
 
+const esp_partition_t *user_part = NULL;
+
 void setup() {
+	user_part = find_previous_firmware();
+	if (user_part)
+		esp_ota_set_boot_partition(user_part);
+
 	extern bool _recovery_marker_found;
-	if (!_recovery_marker_found) {
-		// marker not found, probable cold start
+	if (!_recovery_marker_found && user_part) {
+		// recovery marker not found, probable cold start
 		// try starting previous firmware immediately
-		if (load_previous_firmware())
-			esp_restart();
+		esp_restart();
 	}
 
+	// recovery marker found, or nothing else to load
 	printf("Recovery firmware started, waiting for USB\r\n");
 }
 
@@ -79,8 +86,8 @@ void loop() {
 	if (elapsed_ms > USB_TIMEOUT_MS) {
 		elapsed_ms = 0;
 		// timed out, try loading previous firmware
-		if (load_previous_firmware()) {
-			// found a valid FW image, load it
+		if (user_part) {
+			// there was a valid FW image, load it
 			analogWrite(LED_GREEN, 255);
 			printf("Leaving recovery firmware\r\n");
 			delay(200);