Add InvalidPreferredSlotId error for use in rot prep_image_update #398
Conversation
gateway-messages/src/sp_to_mgs.rs
Outdated
| @@ -1342,6 +1343,9 @@ impl fmt::Display for UpdateError { | |||
| Self::InvalidComponent => { | |||
| write!(f, "invalid component for operation") | |||
| } | |||
| Self::InvalidPreferredSlotId => { | |||
| write!(f, "update to preferred boot SlotId is not permitted") | |||
There was a problem hiding this comment.
nitpicky: i find this wording a bit confusing, is it saying "the image in the preferred boot slot cannot be updated" or "the preferred slot ID cannot be updated to the value provided"?
There was a problem hiding this comment.
How about this?
Self::InvalidPreferredSlotId => {
write!(f, "updating a bootloader preferred slot is not permitted")
}
gateway-sp-comms/src/error.rs
Outdated
| @@ -116,6 +116,8 @@ pub enum UpdateError { | |||
| InvalidComponent, | |||
| #[error("an image was not found")] | |||
| ImageNotFound, | |||
| #[error("cannot update preferred boot image")] | |||
There was a problem hiding this comment.
nitpicky, feel free to ignore: should this use the same string as the UpdateError variant?
There was a problem hiding this comment.
same string will be use in both.
There was a problem hiding this comment.
done, but removal of the gateway-sp-comms entry makes this moot.
| @@ -116,6 +116,8 @@ pub enum UpdateError { | |||
| InvalidComponent, | |||
| #[error("an image was not found")] | |||
| ImageNotFound, | |||
| #[error("updating a bootloader preferred slot is not permitted")] | |||
There was a problem hiding this comment.
I don't think we should add this variant right now.
This UpdateError (unlike the one in gateway-messages) is used internally in gateway-sp-comms, so (1) we don't need an InvalidPreferredSlotId variant here in order to make progress on SP work, and (2) it's not obvious when gateway-sp-comms will produce this error.
There was a problem hiding this comment.
This supports a new semantic where attempts to update a RoT Hubris image that is a preferred boot image will fail with this error. See Hubris PR #2050
There was a problem hiding this comment.
I know that, and the variant in gateway_messages::sp_to_mgs::UpdateError is necessary for hubris#2050. I'm saying that adding a variant to gateway_sp_comms::Error doesn't need to happen in this PR, because we don't have clear semantics for how it would be used.
lzrd
force-pushed
the
stoltz/invalid-prep-slot
branch
2 times, most recently
from
c5344fd to
ea32256
Compare
lzrd
force-pushed
the
stoltz/invalid-prep-slot
branch
from
ea32256 to
76a2d83
Compare
Error code for use in oxidecomputer/hubris#2050