[boot_policy] Don't crash if boot_policy is invalid

In the event the primary_bl0_slot is neither `SlotA` or `SlotB`, default to SlotA rather than boot-looping forever. Signed-off-by: Chris Frantz <[email protected]> (cherry picked from commit 993abff) (cherry picked from commit 0cde7ec)
GregAC · Oct 28, 2024 · 30638d9 · 30638d9
1 parent 6b2c3f9
commit 30638d9
Showing 1 changed file with 5 additions and 7 deletions.
diff --git a/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c b/sw/device/silicon_creator/rom_ext/rom_ext_boot_policy.c
@@ -15,19 +15,17 @@ rom_ext_boot_policy_manifests_t rom_ext_boot_policy_manifests_get(
   const manifest_t *slot_b = rom_ext_boot_policy_manifest_b_get();
   uint32_t slot = boot_data->primary_bl0_slot;
   switch (launder32(slot)) {
-    case kBootSlotA:
-      HARDENED_CHECK_EQ(slot, kBootSlotA);
-      return (rom_ext_boot_policy_manifests_t){
-          .ordered = {slot_a, slot_b},
-      };
     case kBootSlotB:
       HARDENED_CHECK_EQ(slot, kBootSlotB);
       return (rom_ext_boot_policy_manifests_t){
           .ordered = {slot_b, slot_a},
       };
+    case kBootSlotA:
+      OT_FALLTHROUGH_INTENDED;
     default:
-      HARDENED_TRAP();
-      OT_UNREACHABLE();
+      return (rom_ext_boot_policy_manifests_t){
+          .ordered = {slot_a, slot_b},
+      };
   }
 }