Based on #2122 implementation idea

Swap Fingerprint: SHA256-Based Swap Progress Tracking

Overview

The swap fingerprint feature (MCUBOOT_SWAP_FINGERPRINT) replaces per-step
status byte writes during image swap with pre-computed SHA256 fingerprint tables
and post-copy verification.

Instead of writing a progress byte to flash after each state transition (3 writes
per sector in SCRATCH mode), the bootloader:

1. Pre-computes expected sector hashes before the swap starts
2. Stores them in a dedicated flash partition (FLASH_AREA_IMAGE_FINGERPRINT)
3. Verifies each copy operation against the tables (post-copy integrity check)
4. On recovery from power failure, scans sector hashes to determine the resume point

Motivation

The current swap implementations write status bytes to flash after each state
transition. This works but:

• Requires flash writes during the upgrade beyond the actual sector copies
• Status bytes track position only, not content integrity
• Fault injection during a status write can corrupt progress state

The fingerprint approach eliminates runtime status writes, adds content-level
verification of each copy operation, and provides tamper detection.

How It Works

Fingerprint Tables

Two SHA256 hash tables are pre-computed and stored in the dedicated fingerprint
partition:

• Primary table[i] = SHA256(secondary_sector_data[i]) — what primary[i]
  should contain after the swap completes
• Secondary table[i] = SHA256(primary_sector_data[i]) — what secondary[i]
  should contain after the swap completes

Content-only hashing (no address or device binding) allows the same hash to
verify data regardless of its current location — primary, secondary, or scratch.

Dedicated Flash Partition

Fingerprint tables are stored in FLASH_AREA_IMAGE_FINGERPRINT (flash area
ID 6), a dedicated partition separate from both image slots. This partition is
never erased during the swap, eliminating the power failure vulnerability that
would occur if tables were stored in the primary trailer.

Partition layout:

+===================================+
| Primary fingerprint table         |
|   (N x 32 bytes)                  |
+-----------------------------------+
| Secondary fingerprint table       |
|   (N x 32 bytes)                  |
+-----------------------------------+
| Table checksum (SHA256, 32 bytes) |
+-----------------------------------+
| Step count (4 bytes + padding)    |
+-----------------------------------+
| MAGIC (16 bytes)                  |
+===================================+

Partition size: BOOT_FINGERPRINT_MAX_ENTRIES * 64 + 32 + BOOT_MAX_ALIGN + 16
bytes. For MAX_ENTRIES=128: 8248 bytes (round up to flash erase boundaries).

Verified Copies

After each copy operation during the swap, boot_write_status() hashes the
destination and compares against the fingerprint table. A mismatch is a fatal
error — the swap is aborted. This replaces the status byte write with an
integrity verification.

For SCRATCH swap, verification per state:

Power Failure Recovery

On recovery, swap_read_status_bytes() scans sectors in swap order (last sector
first, matching swap_run() iteration) and compares live hashes against stored
fingerprints. For the interrupted sector, it also hashes scratch to determine the
exact resume state.

Two integrity layers protect against init-time power failure:

1. MAGIC validation — MAGIC is written last in the fingerprint partition.
   Its presence guarantees all prior writes completed.
2. Table checksum — SHA256 of both tables is verified before trusting them.

Recovery state machine (6 cases):