Boot Flow - betrusted-io/betrusted-wiki GitHub Wiki

Core Flow

This page attempts to aggregate key tasks that happen at boot in a "minimal" Xous configuration, i.e. one which contains only crates in the services directory of the xous-core tree.

The events are roughly ordered in the event that they would happen.

  • EC rev check:
    • silent check by connection_manager & fail if wrong version
    • status first checks if there is as update staged that is newer than the current EC. If so, it will automatically run the update without user intervention. The EC update will only update the portions that require updating, by checking the hashes of the gateware, firmware, and WF200 blobs.
    • status then pops up a dialog box if the EC is too old to interop with connection_manager. This requires a static variable to be shared between the two crates
  • PDDB restore check: status will trigger a check if the restore flag is set in the backup block location; if so, it will run the restore routine, which may also inject root keys into a naive/staged image. Note: the restore process will always overwrite any existing keys, if any.
  • SoC rev check: status checks if there is a gateware update that is newer than the current SoC.
    • If it is newer and there are no root keys, it will automatically run the update with no user intervention. Note that the PDDB restore would automatically use the staged gateware, so structurally this check will not happen twice on a restore.
    • If it is newer and there are root keys, it will prompt the user if they want to run the update now. If the OS is not signed at this time, it will also sign it. If the user declines to run the update, they can run it later via the menu item. The user can also elect to "never show again", at which point a word is appended to the end of the gateware image to indicate the prompt should not happen again. Appending to the gateware image ensures the bit is reset when a new gateware image is uploaded.
  • Root key initialization check (status):
    • If there are no root keys, a dialog box will pop up to invite the user to create them. They can elect to "never show again", at which point a word is marked in the page where the keyboard layout is stored.
  • PDDB auto-mount: triggered by a delayed timer within the PDDB main function.
  • Wifi auto-connect: ungated by the PDDB being mounted, via a toggle on the pumping thread inside the connection_manager

App Flow

Vault

The vault app has a thread which periodically attempts to set the time via NTP. NTP checking is ungated by the wifi interface indicating it has an IP address via its Dhcp state variable.