Sync VAD example with TF-M
- The FWU API has been changed, so the example had to be aligned.
- Added project_config.h because of the changed configuration system.
Change-Id: Id3eaad458e9b0b98424a0373a65b4b0a8bc86206
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
diff --git a/examples/vad_an552/ns_side/CMakeLists.txt b/examples/vad_an552/ns_side/CMakeLists.txt
index e24ee41..a840ede 100644
--- a/examples/vad_an552/ns_side/CMakeLists.txt
+++ b/examples/vad_an552/ns_side/CMakeLists.txt
@@ -306,6 +306,9 @@
PRIVATE
MBEDTLS_CONFIG_FILE="aws_mbedtls_config.h"
$<$<BOOL:${VAD_AN552_NO_CONNECTIVITY}>:VAD_AN552_NO_CONNECTIVITY>
+ # FreeRTOS OTA PSA PAL configuration
+ OTA_PAL_CODE_SIGNING_ALGO=OTA_PAL_CODE_SIGNING_RSA
+ OTA_PAL_SIGNATURE_FORMAT=OTA_PAL_SIGNATURE_RAW
)
target_link_libraries(tfm_ns
diff --git a/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/0001-Chunk-writing-added-for-otaPal_WriteBlock.patch b/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/0001-Chunk-writing-added-for-otaPal_WriteBlock.patch
deleted file mode 100644
index cf285b3..0000000
--- a/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/0001-Chunk-writing-added-for-otaPal_WriteBlock.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 5e22888b7cd7ef348f905627de7fece18bb94de7 Mon Sep 17 00:00:00 2001
-From: Mark Horvath <mark.horvath@arm.com>
-Date: Fri, 12 Nov 2021 12:22:00 +0100
-Subject: [PATCH 1/1] Chunk writing added for otaPal_WriteBlock
-
-If file block size is bigger then PSA_FWU_MAX_BLOCK_SIZE flash is
-written in chunks.
-
-Signed-off-by: Mark Horvath <mark.horvath@arm.com>
----
- ota_pal.c | 21 +++++++++++++++++++--
- ota_pal.h | 2 +-
- 2 files changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/ota_pal.c b/ota_pal.c
-index 40654a8..7659b62 100644
---- a/ota_pal.c
-+++ b/ota_pal.c
-@@ -295,19 +295,36 @@ OtaPalStatus_t otaPal_CloseFile( OtaFileContext_t * const pFileContext )
- */
- int16_t otaPal_WriteBlock( OtaFileContext_t * const pFileContext,
- uint32_t ulOffset,
-- uint8_t * const pcData,
-+ const uint8_t * pcData,
- uint32_t ulBlockSize )
- {
-+ uint32_t remaining_blocksize = ulBlockSize;
-+
- if( (pFileContext == NULL) || (pFileContext != pxSystemContext ) || ( xOTAImageID == TFM_FWU_INVALID_IMAGE_ID ) )
- {
- return -1;
- }
-
- /* Call the TF-M Firmware Update service to write image data. */
-+ while(remaining_blocksize > PSA_FWU_MAX_BLOCK_SIZE)
-+ {
-+ if( psa_fwu_write( ( psa_image_id_t ) xOTAImageID,
-+ ( size_t ) ulOffset,
-+ ( const void * )pcData,
-+ PSA_FWU_MAX_BLOCK_SIZE ) != PSA_SUCCESS )
-+ {
-+ return -1;
-+ }
-+
-+ ulOffset += PSA_FWU_MAX_BLOCK_SIZE;
-+ pcData += PSA_FWU_MAX_BLOCK_SIZE;
-+ remaining_blocksize -= PSA_FWU_MAX_BLOCK_SIZE;
-+ }
-+
- if( psa_fwu_write( ( psa_image_id_t ) xOTAImageID,
- ( size_t ) ulOffset,
- ( const void * )pcData,
-- ( size_t ) ulBlockSize ) != PSA_SUCCESS )
-+ ( size_t ) remaining_blocksize ) != PSA_SUCCESS )
- {
- return -1;
- }
-diff --git a/ota_pal.h b/ota_pal.h
-index c837b96..7a0fcf2 100644
---- a/ota_pal.h
-+++ b/ota_pal.h
-@@ -136,7 +136,7 @@ OtaPalStatus_t otaPal_CloseFile( OtaFileContext_t * const pFileContext );
- */
- int16_t otaPal_WriteBlock( OtaFileContext_t * const pFileContext,
- uint32_t ulOffset,
-- uint8_t * const pData,
-+ const uint8_t * pData,
- uint32_t ulBlockSize );
-
- /**
---
-2.25.1
-
diff --git a/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/CMakeLists.txt b/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/CMakeLists.txt
index 70c842c..d2e75d4 100644
--- a/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/CMakeLists.txt
+++ b/examples/vad_an552/ns_side/ext/freertos-ota-pal-psa/CMakeLists.txt
@@ -12,9 +12,8 @@
file(GLOB PATCH_FILES *.patch)
FetchContent_Declare(freertos_ota_pal_psa
- GIT_REPOSITORY https://github.com/Linaro/freertos-ota-pal-psa.git
- GIT_TAG 0b6db7d7cc0260fbb1e54a26ad6ff25cdcde3697
- PATCH_COMMAND ${GIT_EXECUTABLE} apply ${PATCH_FILES}
+ GIT_REPOSITORY https://github.com/bence-balogh/freertos-ota-pal-psa.git
+ GIT_TAG 09ec56e292592333d014665368de116d4b9e5595
)
FetchContent_GetProperties(freertos_ota_pal_psa)
if (NOT freertos_ota_pal_psa)
diff --git a/examples/vad_an552/ns_side/main_ns.c b/examples/vad_an552/ns_side/main_ns.c
index c77f530..881dcf7 100644
--- a/examples/vad_an552/ns_side/main_ns.c
+++ b/examples/vad_an552/ns_side/main_ns.c
@@ -50,7 +50,6 @@
static void* prvCalloc(size_t xNmemb, size_t xSize);
static bool is_first_boot(void);
static void write_boot_pattern(void);
-static void accept_primary_slot_image(void);
/*
* Semihosting is a mechanism that enables code running on an ARM target
@@ -77,17 +76,6 @@
psa_key_handle_t xOTACodeVerifyKeyHandle = 0xAA;
-static void accept_primary_slot_image(void)
-{
- psa_image_id_t running_image = \
- (psa_image_id_t)FWU_CALCULATE_IMAGE_ID(FWU_IMAGE_ID_SLOT_ACTIVE,
- FWU_IMAGE_TYPE_FULL,
- 0);
- vLoggingPrintf("Accepting image by setting image_ok flag to 0x1 in MCUBOOT trailer");
- if (psa_fwu_accept(running_image) != PSA_SUCCESS) {
- vLoggingPrintf("Accept failed");
- }
-}
static bool is_first_boot(void)
{
@@ -226,8 +214,7 @@
stdio_init();
vUARTLockInit();
tfm_ns_interface_init();
-
- GetImageVersionPSA(FWU_IMAGE_TYPE_FULL);
+ GetImageVersionPSA(FWU_COMPONENT_ID_FULL);
vLoggingPrintf("Application firmware version: %d.%d.%d",
appFirmwareVersion.u.x.major,
appFirmwareVersion.u.x.minor,
@@ -240,7 +227,6 @@
mbedtls_platform_set_calloc_free(prvCalloc, vPortFree);
if(is_first_boot()) {
- accept_primary_slot_image();
vDevModeKeyProvisioning();
ota_privision_code_signing_key(&xOTACodeVerifyKeyHandle);
write_boot_pattern();
diff --git a/examples/vad_an552/ns_side/project_config.h b/examples/vad_an552/ns_side/project_config.h
new file mode 100644
index 0000000..8bc33e3
--- /dev/null
+++ b/examples/vad_an552/ns_side/project_config.h
@@ -0,0 +1,93 @@
+/*
+ * Copyright (c) 2022, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+
+#define PLATFORM_SERVICE_INPUT_BUFFER_SIZE 64
+
+#define PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64
+
+#define PLATFORM_SP_STACK_SIZE 0x500
+
+#define PLATFORM_NV_COUNTER_MODULE_DISABLED 0
+
+#define CRYPTO_ENGINE_BUF_SIZE 0x8000
+
+#define CRYPTO_CONC_OPER_NUM 8
+
+#define CRYPTO_RNG_MODULE_ENABLED 1
+
+#define CRYPTO_KEY_MODULE_ENABLED 1
+
+#define CRYPTO_AEAD_MODULE_ENABLED 1
+
+#define CRYPTO_MAC_MODULE_ENABLED 1
+
+#define CRYPTO_HASH_MODULE_ENABLED 1
+
+#define CRYPTO_CIPHER_MODULE_ENABLED 1
+
+#define CRYPTO_ASYM_SIGN_MODULE_ENABLED 1
+
+#define CRYPTO_ASYM_ENCRYPT_MODULE_ENABLED 1
+
+#define CRYPTO_KEY_DERIVATION_MODULE_ENABLED 1
+
+#define CRYPTO_IOVEC_BUFFER_SIZE 5120
+
+#define CRYPTO_NV_SEED 1
+
+#define CRYPTO_SINGLE_PART_FUNCS_DISABLED 0
+
+#define CRYPTO_STACK_SIZE 0x1B00
+
+
+#define TFM_FWU_BUF_SIZE PSA_FWU_MAX_WRITE_SIZE
+
+#define FWU_STACK_SIZE 0x600
+
+
+#define ATTEST_INCLUDE_OPTIONAL_CLAIMS 1
+
+#define ATTEST_INCLUDE_COSE_KEY_ID 0
+
+#define ATTEST_STACK_SIZE 0x700
+
+#define ATTEST_TOKEN_PROFILE_PSA_IOT_1 1
+
+
+#define ITS_CREATE_FLASH_LAYOUT 1
+
+#define ITS_RAM_FS 0
+
+#define ITS_VALIDATE_METADATA_FROM_FLASH 1
+
+#define ITS_MAX_ASSET_SIZE 1300
+
+#define ITS_BUF_SIZE ITS_MAX_ASSET_SIZE
+
+#define ITS_NUM_ASSETS 10
+
+#define ITS_STACK_SIZE 0x720
+
+
+#define PS_CREATE_FLASH_LAYOUT 1
+
+#define PS_RAM_FS 0
+
+#define PS_ROLLBACK_PROTECTION 1
+
+#define PS_VALIDATE_METADATA_FROM_FLASH 1
+
+#define PS_MAX_ASSET_SIZE 2048
+
+#define PS_NUM_ASSETS 10
+
+#define PS_STACK_SIZE 0x700
+
+
+#define CONFIG_TFM_CONN_HANDLE_MAX_NUM 8
+
+#define CONFIG_TFM_DOORBELL_API 1
diff --git a/examples/vad_an552/readme.rst b/examples/vad_an552/readme.rst
index 0decd26..d7ce86d 100644
--- a/examples/vad_an552/readme.rst
+++ b/examples/vad_an552/readme.rst
@@ -165,11 +165,15 @@
-DNS_EVALUATION_APP_PATH=<path-to-tf-m-extras-repo>/examples/vad_an552/ns_side
-DTFM_EXTRA_PARTITION_PATHS=<path-to-tf-m-extras-repo>/partitions/vad_an552_sp/
-DTFM_EXTRA_MANIFEST_LIST_FILES=<path-to-tf-m-extras-repo>/partitions/vad_an552_sp/extra_manifest_list.yaml
- -DCRYPTO_ENGINE_BUF_SIZE=0x8000 -DITS_MAX_ASSET_SIZE=1300
+ -DPROJECT_CONFIG_HEADER_FILE=<path-to-tf-m-extras-repo>/examples/vad_an552/ns_side/project_config.h
-DTFM_PARTITION_FIRMWARE_UPDATE=ON -DMCUBOOT_DATA_SHARING=ON
-DMCUBOOT_UPGRADE_STRATEGY=SWAP_USING_SCRATCH
-DMCUBOOT_IMAGE_NUMBER=1 -DMCUBOOT_SIGNATURE_KEY_LEN=2048
- -DCONFIG_TFM_ENABLE_MVE=ON
+ -DCONFIG_TFM_ENABLE_MVE=ON -DCONFIG_TFM_SPM_BACKEND=IPC
+ -DPLATFORM_HAS_FIRMWARE_UPDATE_SUPPORT=ON -DTFM_PARTITION_PLATFORM=ON
+ -DTFM_PARTITION_CRYPTO=ON -DTFM_PARTITION_INTERNAL_TRUSTED_STORAGE=ON
+ -DTFM_PARTITION_PROTECTED_STORAGE=ON -DMCUBOOT_CONFIRM_IMAGE=ON
+
The application also can be run without MVE support, in that case the
``-DCONFIG_TFM_ENABLE_MVE=ON`` flags should be omitted, and the
@@ -218,8 +222,10 @@
To run an OTA update a new image must be created with higher version number.
This can be easily done by rebuilding the solution with the following cmake
-flag: -DMCUBOOT_IMAGE_VERSION_S=2.1.0. (The version itself can be anything, but
-must be higher than the version of the currently running image.)
+flag: ``-DMCUBOOT_IMAGE_VERSION_S=2.1.0``. (The version itself can be anything, but
+must be higher than the version of the currently running image.) The
+``-DMCUBOOT_CONFIRM_IMAGE`` flag should be set to OFF in the new image build
+config, because the demo going to confirm the new image after downloading it.
The image signature must be extracted from the final binary, can be done by
openssl running the following commands in the build directory:
@@ -248,7 +254,7 @@
#. Select upload new file and select the signed update binary
``tfm_s_ns_signed.bin``.
#. Select the S3 bucket you created to upload the binary to.
-#. For ``Path name of file on device`` put in ``full image``.
+#. For ``Path name of file on device`` put in ``combined image``.
#. As the role, select the OTA role you created.
#. Click next.
#. Click next, your update job is ready and running. If your board is running