Boot: Replace flash partitioning terminology
This change replaces the slot 0/1 terminology with
primary/secondary slot and replaces FLASH_AREA_IMAGE_0/1
with FLASH_AREA_IMAGE_PRIMARY/SECONDARY. This naming
convention fits better to platforms with multiple images
and it is also an architecture agnostic alternative.
Change-Id: I5def429a076024831a702700736d9769a0b2301f
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/app/CMakeLists.txt b/app/CMakeLists.txt
index b4084bb..a4c2f4a 100644
--- a/app/CMakeLists.txt
+++ b/app/CMakeLists.txt
@@ -167,9 +167,9 @@
endif()
# For the non-swapping BL2 configuration two executables need to be built.
-# One can be executed from flash partition slot_0 and other from slot_1.
-# Only the linking phase is different. This function captures common settings
-# and eliminates copy-paste.
+# One can be executed from the primary slot flash partition and other from the
+# secondary slot. Only the linking phase is different. This function captures
+# common settings and eliminates copy-paste.
function(set_up_app_build)
set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
set( _ONE_VALUE_ARGS NS_TARGET S_TARGET FULL_BIN SIGN_BIN VENEER_NAME POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")
diff --git a/bl2/ext/mcuboot/CMakeLists.txt b/bl2/ext/mcuboot/CMakeLists.txt
index 6f8cad8..2d06d6f 100644
--- a/bl2/ext/mcuboot/CMakeLists.txt
+++ b/bl2/ext/mcuboot/CMakeLists.txt
@@ -134,7 +134,7 @@
#Set macro definitions for the project.
target_compile_definitions(${PROJECT_NAME} PRIVATE
- MCUBOOT_VALIDATE_SLOT0
+ MCUBOOT_VALIDATE_PRIMARY_SLOT
MCUBOOT_USE_FLASH_AREA_GET_SECTORS
MBEDTLS_CONFIG_FILE="config-boot.h"
MCUBOOT_TARGET_CONFIG="flash_layout.h")
diff --git a/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil.h b/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil.h
index 5f65866..b674823 100644
--- a/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil.h
+++ b/bl2/ext/mcuboot/bootutil/include/bootutil/bootutil.h
@@ -26,13 +26,19 @@
extern "C" {
#endif
-/** Attempt to boot the contents of slot 0. */
+/** Attempt to boot the contents of the primary slot. */
#define BOOT_SWAP_TYPE_NONE 1
-/** Swap to slot 1. Absent a confirm command, revert back on next boot. */
+/**
+ * Swap to the secondary slot.
+ * Absent a confirm command, revert back on next boot.
+ */
#define BOOT_SWAP_TYPE_TEST 2
-/** Swap to slot 1, and permanently switch to booting its contents. */
+/**
+ * Swap to the secondary slot,
+ * and permanently switch to booting its contents.
+ */
#define BOOT_SWAP_TYPE_PERM 3
/** Swap back to alternate slot. A confirm changes this state to NONE. */
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
index 79fdc9a..b4c6ee7 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
@@ -44,11 +44,11 @@
const uint32_t BOOT_MAX_ALIGN = MAX_FLASH_ALIGN;
struct boot_swap_table {
- uint8_t magic_slot0;
- uint8_t magic_slot1;
- uint8_t image_ok_slot0;
- uint8_t image_ok_slot1;
- uint8_t copy_done_slot0;
+ uint8_t magic_primary_slot;
+ uint8_t magic_secondary_slot;
+ uint8_t image_ok_primary_slot;
+ uint8_t image_ok_secondary_slot;
+ uint8_t copy_done_primary_slot;
uint8_t swap_type;
};
@@ -57,36 +57,37 @@
* This set of tables maps image trailer contents to swap operation type.
* When searching for a match, these tables must be iterated sequentially.
*
- * NOTE: the table order is very important. The settings in Slot 1 always
- * are priority to Slot 0 and should be located earlier in the table.
+ * NOTE: the table order is very important. The settings in the secondary
+ * slot always are priority to the primary slot and should be located
+ * earlier in the table.
*
* The table lists only states where there is action needs to be taken by
* the bootloader, as in starting/finishing a swap operation.
*/
static const struct boot_swap_table boot_swap_tables[] = {
{
- .magic_slot0 = BOOT_MAGIC_ANY,
- .magic_slot1 = BOOT_MAGIC_GOOD,
- .image_ok_slot0 = BOOT_FLAG_ANY,
- .image_ok_slot1 = BOOT_FLAG_UNSET,
- .copy_done_slot0 = BOOT_FLAG_ANY,
- .swap_type = BOOT_SWAP_TYPE_TEST,
+ .magic_primary_slot = BOOT_MAGIC_ANY,
+ .magic_secondary_slot = BOOT_MAGIC_GOOD,
+ .image_ok_primary_slot = BOOT_FLAG_ANY,
+ .image_ok_secondary_slot = BOOT_FLAG_UNSET,
+ .copy_done_primary_slot = BOOT_FLAG_ANY,
+ .swap_type = BOOT_SWAP_TYPE_TEST,
},
{
- .magic_slot0 = BOOT_MAGIC_ANY,
- .magic_slot1 = BOOT_MAGIC_GOOD,
- .image_ok_slot0 = BOOT_FLAG_ANY,
- .image_ok_slot1 = BOOT_FLAG_SET,
- .copy_done_slot0 = BOOT_FLAG_ANY,
- .swap_type = BOOT_SWAP_TYPE_PERM,
+ .magic_primary_slot = BOOT_MAGIC_ANY,
+ .magic_secondary_slot = BOOT_MAGIC_GOOD,
+ .image_ok_primary_slot = BOOT_FLAG_ANY,
+ .image_ok_secondary_slot = BOOT_FLAG_SET,
+ .copy_done_primary_slot = BOOT_FLAG_ANY,
+ .swap_type = BOOT_SWAP_TYPE_PERM,
},
{
- .magic_slot0 = BOOT_MAGIC_GOOD,
- .magic_slot1 = BOOT_MAGIC_UNSET,
- .image_ok_slot0 = BOOT_FLAG_UNSET,
- .image_ok_slot1 = BOOT_FLAG_ANY,
- .copy_done_slot0 = BOOT_FLAG_SET,
- .swap_type = BOOT_SWAP_TYPE_REVERT,
+ .magic_primary_slot = BOOT_MAGIC_GOOD,
+ .magic_secondary_slot = BOOT_MAGIC_UNSET,
+ .image_ok_primary_slot = BOOT_FLAG_UNSET,
+ .image_ok_secondary_slot = BOOT_FLAG_ANY,
+ .copy_done_primary_slot = BOOT_FLAG_SET,
+ .swap_type = BOOT_SWAP_TYPE_REVERT,
},
};
@@ -139,8 +140,8 @@
boot_status_entries(const struct flash_area *fap)
{
switch (fap->fa_id) {
- case FLASH_AREA_IMAGE_0:
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_PRIMARY:
+ case FLASH_AREA_IMAGE_SECONDARY:
return BOOT_STATUS_STATE_COUNT * BOOT_STATUS_MAX_ENTRIES;
case FLASH_AREA_IMAGE_SCRATCH:
return BOOT_STATUS_STATE_COUNT;
@@ -254,8 +255,8 @@
switch (flash_area_id) {
case FLASH_AREA_IMAGE_SCRATCH:
- case FLASH_AREA_IMAGE_0:
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_PRIMARY:
+ case FLASH_AREA_IMAGE_SECONDARY:
rc = flash_area_open(flash_area_id, &fap);
if (rc != 0) {
return BOOT_EFLASH;
@@ -280,13 +281,13 @@
/*
* In the middle a swap, tries to locate the saved swap size. Looks
- * for a valid magic, first on Slot 0, then on scratch. Both "slots"
- * can end up being temporary storage for a swap and it is assumed
- * that if magic is valid then swap size is too, because magic is
- * always written in the last step.
+ * for a valid magic, first on the primary slot, then on scratch.
+ * Both "slots" can end up being temporary storage for a swap and it
+ * is assumed that if magic is valid then swap size is too, because
+ * magic is always written in the last step.
*/
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -300,7 +301,7 @@
if (memcmp(magic, boot_img_magic, BOOT_MAGIC_SZ) != 0) {
/*
- * If Slot 0 's magic is not valid, try scratch...
+ * If the primary slot's magic is not valid, try scratch...
*/
flash_area_close(fap);
@@ -425,17 +426,18 @@
boot_swap_type(void)
{
const struct boot_swap_table *table;
- struct boot_swap_state slot0;
- struct boot_swap_state slot1;
+ struct boot_swap_state primary_slot;
+ struct boot_swap_state secondary_slot;
int rc;
size_t i;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY, &primary_slot);
if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &slot1);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY,
+ &secondary_slot);
if (rc) {
return BOOT_SWAP_TYPE_PANIC;
}
@@ -443,16 +445,16 @@
for (i = 0; i < BOOT_SWAP_TABLES_COUNT; i++) {
table = boot_swap_tables + i;
- if ((table->magic_slot0 == BOOT_MAGIC_ANY ||
- table->magic_slot0 == slot0.magic) &&
- (table->magic_slot1 == BOOT_MAGIC_ANY ||
- table->magic_slot1 == slot1.magic) &&
- (table->image_ok_slot0 == BOOT_FLAG_ANY ||
- table->image_ok_slot0 == slot0.image_ok) &&
- (table->image_ok_slot1 == BOOT_FLAG_ANY ||
- table->image_ok_slot1 == slot1.image_ok) &&
- (table->copy_done_slot0 == BOOT_FLAG_ANY ||
- table->copy_done_slot0 == slot0.copy_done)) {
+ if ((table->magic_primary_slot == BOOT_MAGIC_ANY ||
+ table->magic_primary_slot == primary_slot.magic) &&
+ (table->magic_secondary_slot == BOOT_MAGIC_ANY ||
+ table->magic_secondary_slot == secondary_slot.magic) &&
+ (table->image_ok_primary_slot == BOOT_FLAG_ANY ||
+ table->image_ok_primary_slot == primary_slot.image_ok) &&
+ (table->image_ok_secondary_slot == BOOT_FLAG_ANY ||
+ table->image_ok_secondary_slot == secondary_slot.image_ok) &&
+ (table->copy_done_primary_slot == BOOT_FLAG_ANY ||
+ table->copy_done_primary_slot == primary_slot.copy_done)) {
BOOT_LOG_INF("Swap type: %s",
table->swap_type == BOOT_SWAP_TYPE_TEST ? "test" :
table->swap_type == BOOT_SWAP_TYPE_PERM ? "perm" :
@@ -470,8 +472,8 @@
}
/**
- * Marks the image in slot 1 as pending. On the next reboot, the system will
- * perform a one-time boot of the slot 1 image.
+ * Marks the image in the secondary slot as pending. On the next reboot,
+ * the system will perform a one-time boot of the the secondary slot image.
*
* @param permanent Whether the image should be used permanently or
* only tested once:
@@ -484,21 +486,22 @@
boot_set_pending(int permanent)
{
const struct flash_area *fap = NULL;
- struct boot_swap_state state_slot1;
+ struct boot_swap_state state_secondary_slot;
int rc;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &state_slot1);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY,
+ &state_secondary_slot);
if (rc != 0) {
return rc;
}
- switch (state_slot1.magic) {
+ switch (state_secondary_slot.magic) {
case BOOT_MAGIC_GOOD:
/* Swap already scheduled. */
return 0;
case BOOT_MAGIC_UNSET:
- rc = flash_area_open(FLASH_AREA_IMAGE_1, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_SECONDARY, &fap);
if (rc != 0) {
rc = BOOT_EFLASH;
} else {
@@ -520,8 +523,9 @@
}
/**
- * Marks the image in slot 0 as confirmed. The system will continue booting
- * into the image in slot 0 until told to boot from a different slot.
+ * Marks the image in the primary slot as confirmed. The system will continue
+ * booting into the image in the primary slot until told to boot from a
+ * different slot.
*
* @return 0 on success; non-zero on failure.
*/
@@ -529,15 +533,16 @@
boot_set_confirmed(void)
{
const struct flash_area *fap = NULL;
- struct boot_swap_state state_slot0;
+ struct boot_swap_state state_primary_slot;
int rc;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &state_slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
if (rc != 0) {
return rc;
}
- switch (state_slot0.magic) {
+ switch (state_primary_slot.magic) {
case BOOT_MAGIC_GOOD:
/* Confirm needed; proceed. */
break;
@@ -551,18 +556,18 @@
return BOOT_EBADVECT;
}
- if (state_slot0.copy_done == BOOT_FLAG_UNSET) {
+ if (state_primary_slot.copy_done == BOOT_FLAG_UNSET) {
/* Swap never completed. This is unexpected. */
rc = BOOT_EBADVECT;
goto done;
}
- if (state_slot0.image_ok != BOOT_FLAG_UNSET) {
+ if (state_primary_slot.image_ok != BOOT_FLAG_UNSET) {
/* Already confirmed. */
goto done;
}
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc) {
rc = BOOT_EFLASH;
goto done;
diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
index 1eb5a4a..c8a1c8a 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_priv.h
@@ -119,17 +119,20 @@
#endif
/** Number of image slots in flash; currently limited to two. */
-#define BOOT_NUM_SLOTS 2
+#define BOOT_NUM_SLOTS 2
/** Maximum number of image sectors supported by the bootloader. */
-#define BOOT_STATUS_STATE_COUNT 3
+#define BOOT_STATUS_STATE_COUNT 3
-#define BOOT_STATUS_SOURCE_NONE 0
-#define BOOT_STATUS_SOURCE_SCRATCH 1
-#define BOOT_STATUS_SOURCE_SLOT0 2
+#define BOOT_PRIMARY_SLOT 0
+#define BOOT_SECONDARY_SLOT 1
-#define BOOT_FLAG_IMAGE_OK 0
-#define BOOT_FLAG_COPY_DONE 1
+#define BOOT_STATUS_SOURCE_NONE 0
+#define BOOT_STATUS_SOURCE_SCRATCH 1
+#define BOOT_STATUS_SOURCE_PRIMARY_SLOT 2
+
+#define BOOT_FLAG_IMAGE_OK 0
+#define BOOT_FLAG_COPY_DONE 1
extern const uint32_t BOOT_MAGIC_SZ;
@@ -252,11 +255,11 @@
int rc;
switch (flash_area) {
- case FLASH_AREA_IMAGE_0:
- slot = 0;
+ case FLASH_AREA_IMAGE_PRIMARY:
+ slot = BOOT_PRIMARY_SLOT;
break;
- case FLASH_AREA_IMAGE_1:
- slot = 1;
+ case FLASH_AREA_IMAGE_SECONDARY:
+ slot = BOOT_SECONDARY_SLOT;
break;
default:
return BOOT_EFLASH;
@@ -297,15 +300,15 @@
int rc;
switch (flash_area) {
- case FLASH_AREA_IMAGE_0:
+ case FLASH_AREA_IMAGE_PRIMARY:
num_sectors = BOOT_MAX_IMG_SECTORS;
- out_sectors = state->imgs[0].sectors;
- out_num_sectors = &state->imgs[0].num_sectors;
+ out_sectors = state->imgs[BOOT_PRIMARY_SLOT].sectors;
+ out_num_sectors = &state->imgs[BOOT_PRIMARY_SLOT].num_sectors;
break;
- case FLASH_AREA_IMAGE_1:
+ case FLASH_AREA_IMAGE_SECONDARY:
num_sectors = BOOT_MAX_IMG_SECTORS;
- out_sectors = state->imgs[1].sectors;
- out_num_sectors = &state->imgs[1].num_sectors;
+ out_sectors = state->imgs[BOOT_SECONDARY_SLOT].sectors;
+ out_num_sectors = &state->imgs[BOOT_SECONDARY_SLOT].num_sectors;
break;
default:
return -1;
diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c
index 30e2611..9fe012a 100644
--- a/bl2/ext/mcuboot/bootutil/src/loader.c
+++ b/bl2/ext/mcuboot/bootutil/src/loader.c
@@ -50,7 +50,7 @@
#if !defined(MCUBOOT_NO_SWAP) && !defined(MCUBOOT_RAM_LOADING)
-#if defined(MCUBOOT_VALIDATE_SLOT0) && !defined(MCUBOOT_OVERWRITE_ONLY)
+#if defined(MCUBOOT_VALIDATE_PRIMARY_SLOT) && !defined(MCUBOOT_OVERWRITE_ONLY)
static int boot_status_fails = 0;
#define BOOT_STATUS_ASSERT(x) \
do { \
@@ -63,9 +63,9 @@
#endif
struct boot_status_table {
- uint8_t bst_magic_slot0;
+ uint8_t bst_magic_primary_slot;
uint8_t bst_magic_scratch;
- uint8_t bst_copy_done_slot0;
+ uint8_t bst_copy_done_primary_slot;
uint8_t bst_status_source;
};
@@ -75,67 +75,67 @@
*/
static const struct boot_status_table boot_status_tables[] = {
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Good | Any |
- * copy-done | Set | N/A |
- * ----------+------------+------------'
- * source: none |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Good | Any |
+ * copy-done | Set | N/A |
+ * ----------+--------------+--------------'
+ * source: none |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_GOOD,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_SET,
- .bst_status_source = BOOT_STATUS_SOURCE_NONE,
+ .bst_magic_primary_slot = BOOT_MAGIC_GOOD,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_SET,
+ .bst_status_source = BOOT_STATUS_SOURCE_NONE,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Good | Any |
- * copy-done | Unset | N/A |
- * ----------+------------+------------'
- * source: slot 0 |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Good | Any |
+ * copy-done | Unset | N/A |
+ * ----------+--------------+--------------'
+ * source: primary slot |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_GOOD,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_UNSET,
- .bst_status_source = BOOT_STATUS_SOURCE_SLOT0,
+ .bst_magic_primary_slot = BOOT_MAGIC_GOOD,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
+ .bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Any | Good |
- * copy-done | Any | N/A |
- * ----------+------------+------------'
- * source: scratch |
- * ------------------------------------'
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Any | Good |
+ * copy-done | Any | N/A |
+ * ----------+--------------+--------------'
+ * source: scratch |
+ * ----------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_ANY,
- .bst_magic_scratch = BOOT_MAGIC_GOOD,
- .bst_copy_done_slot0 = BOOT_FLAG_ANY,
- .bst_status_source = BOOT_STATUS_SOURCE_SCRATCH,
+ .bst_magic_primary_slot = BOOT_MAGIC_ANY,
+ .bst_magic_scratch = BOOT_MAGIC_GOOD,
+ .bst_copy_done_primary_slot = BOOT_FLAG_ANY,
+ .bst_status_source = BOOT_STATUS_SOURCE_SCRATCH,
},
{
- /* | slot-0 | scratch |
- * ----------+------------+------------|
- * magic | Unset | Any |
- * copy-done | Unset | N/A |
- * ----------+------------+------------|
- * source: varies |
- * ------------------------------------+------------------------------+
+ /* | primary slot | scratch |
+ * ----------+--------------+--------------|
+ * magic | Unset | Any |
+ * copy-done | Unset | N/A |
+ * ----------+--------------+--------------|
+ * source: varies |
+ * ----------------------------------------+--------------------------+
* This represents one of two cases: |
* o No swaps ever (no status to read, so no harm in checking). |
- * o Mid-revert; status in slot 0. |
+ * o Mid-revert; status in the primary slot. |
* -------------------------------------------------------------------'
*/
- .bst_magic_slot0 = BOOT_MAGIC_UNSET,
- .bst_magic_scratch = BOOT_MAGIC_ANY,
- .bst_copy_done_slot0 = BOOT_FLAG_UNSET,
- .bst_status_source = BOOT_STATUS_SOURCE_SLOT0,
+ .bst_magic_primary_slot = BOOT_MAGIC_UNSET,
+ .bst_magic_scratch = BOOT_MAGIC_ANY,
+ .bst_copy_done_primary_slot = BOOT_FLAG_UNSET,
+ .bst_status_source = BOOT_STATUS_SOURCE_PRIMARY_SLOT,
},
};
@@ -218,7 +218,7 @@
* on what the minimum write size is for scratch area, active image slot.
* We need to use the bigger of those 2 values.
*/
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
assert(rc == 0);
elem_sz = flash_area_align(fap);
flash_area_close(fap);
@@ -246,12 +246,12 @@
{
int rc;
- rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_0);
+ rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_PRIMARY);
if (rc != 0) {
return BOOT_EFLASH;
}
- rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_1);
+ rc = boot_initialize_area(&boot_data, FLASH_AREA_IMAGE_SECONDARY);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -303,7 +303,7 @@
hdr = boot_img_hdr(&boot_data, slot);
if (boot_magic_is_erased(flash_area_erased_val(fap), hdr->ih_magic) ||
(hdr->ih_flags & IMAGE_F_NON_BOOTABLE)) {
- /* No bootable image in slot; continue booting from slot 0. */
+ /* No bootable image in slot; continue booting from the primary slot. */
return -1;
}
@@ -315,20 +315,19 @@
flash_area_close(fap);
return BOOT_EFLASH;
}
- /* Image in slot 1 is invalid. Erase the image and
- * continue booting from slot 0.
+ /* Image in the secondary slot is invalid. Erase the image and
+ * continue booting from the primary slot.
*/
}
- BOOT_LOG_ERR("Authentication failed! Image in slot %d is not valid.",
- slot);
-
+ BOOT_LOG_ERR("Authentication failed! Image in the %s slot is not valid."
+ , (slot == BOOT_PRIMARY_SLOT) ? "primary" : "secondary");
flash_area_close(fap);
return -1;
}
flash_area_close(fap);
- /* Image in slot 1 is valid. */
+ /* Image in the secondary slot is valid. */
return 0;
}
@@ -423,35 +422,37 @@
{
const struct boot_status_table *table;
struct boot_swap_state state_scratch;
- struct boot_swap_state state_slot0;
+ struct boot_swap_state state_primary_slot;
int rc;
size_t i;
uint8_t source;
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_0, &state_slot0);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_PRIMARY,
+ &state_primary_slot);
assert(rc == 0);
rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SCRATCH, &state_scratch);
assert(rc == 0);
- BOOT_LOG_SWAP_STATE("Image 0", &state_slot0);
+ BOOT_LOG_SWAP_STATE("Image 0", &state_primary_slot);
BOOT_LOG_SWAP_STATE("Scratch", &state_scratch);
for (i = 0; i < BOOT_STATUS_TABLES_COUNT; i++) {
table = &boot_status_tables[i];
- if ((table->bst_magic_slot0 == BOOT_MAGIC_ANY ||
- table->bst_magic_slot0 == state_slot0.magic) &&
- (table->bst_magic_scratch == BOOT_MAGIC_ANY ||
- table->bst_magic_scratch == state_scratch.magic) &&
- (table->bst_copy_done_slot0 == BOOT_FLAG_ANY ||
- table->bst_copy_done_slot0 == state_slot0.copy_done)) {
+ if ((table->bst_magic_primary_slot == BOOT_MAGIC_ANY ||
+ table->bst_magic_primary_slot == state_primary_slot.magic) &&
+ (table->bst_magic_scratch == BOOT_MAGIC_ANY ||
+ table->bst_magic_scratch == state_scratch.magic) &&
+ (table->bst_copy_done_primary_slot == BOOT_FLAG_ANY ||
+ table->bst_copy_done_primary_slot == state_primary_slot.copy_done))
+ {
source = table->bst_status_source;
BOOT_LOG_INF("Boot source: %s",
source == BOOT_STATUS_SOURCE_NONE ? "none" :
source == BOOT_STATUS_SOURCE_SCRATCH ? "scratch" :
- source == BOOT_STATUS_SOURCE_SLOT0 ? "slot 0" :
- "BUG; can't happen");
+ source == BOOT_STATUS_SOURCE_PRIMARY_SLOT ?
+ "primary slot" : "BUG; can't happen");
return source;
}
}
@@ -485,8 +486,10 @@
static int
boot_slots_compatible(void)
{
- size_t num_sectors_0 = boot_img_num_sectors(&boot_data, 0);
- size_t num_sectors_1 = boot_img_num_sectors(&boot_data, 1);
+ size_t num_sectors_0 = boot_img_num_sectors(&boot_data,
+ BOOT_PRIMARY_SLOT);
+ size_t num_sectors_1 = boot_img_num_sectors(&boot_data,
+ BOOT_SECONDARY_SLOT);
size_t size_0, size_1;
size_t i;
@@ -502,8 +505,8 @@
}
for (i = 0; i < num_sectors_0; i++) {
- size_0 = boot_img_sector_size(&boot_data, 0, i);
- size_1 = boot_img_sector_size(&boot_data, 1, i);
+ size_0 = boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, i);
+ size_1 = boot_img_sector_size(&boot_data, BOOT_SECONDARY_SLOT, i);
if (size_0 != size_1) {
BOOT_LOG_WRN("Cannot upgrade: an incompatible sector was found");
return 0;
@@ -572,9 +575,9 @@
*/
BOOT_LOG_ERR("Detected inconsistent status!");
-#if !defined(MCUBOOT_VALIDATE_SLOT0)
- /* With validation of slot0 disabled, there is no way to be sure the
- * swapped slot0 is OK, so abort!
+#if !defined(MCUBOOT_VALIDATE_PRIMARY_SLOT)
+ /* With validation of the primary slot disabled, there is no way
+ * to be sure the swapped primary slot is OK, so abort!
*/
assert(0);
#endif
@@ -624,8 +627,8 @@
area_id = FLASH_AREA_IMAGE_SCRATCH;
break;
- case BOOT_STATUS_SOURCE_SLOT0:
- area_id = FLASH_AREA_IMAGE_0;
+ case BOOT_STATUS_SOURCE_PRIMARY_SLOT:
+ area_id = FLASH_AREA_IMAGE_PRIMARY;
break;
default:
@@ -665,16 +668,17 @@
uint8_t erased_val;
/* NOTE: The first sector copied (that is the last sector on slot) contains
- * the trailer. Since in the last step SLOT 0 is erased, the first
- * two status writes go to the scratch which will be copied to SLOT 0!
+ * the trailer. Since in the last step the primary slot is erased, the
+ * first two status writes go to the scratch which will be copied to
+ * the primary slot!
*/
if (bs->use_scratch) {
/* Write to scratch. */
area_id = FLASH_AREA_IMAGE_SCRATCH;
} else {
- /* Write to slot 0. */
- area_id = FLASH_AREA_IMAGE_0;
+ /* Write to the primary slot. */
+ area_id = FLASH_AREA_IMAGE_PRIMARY;
}
rc = flash_area_open(area_id, &fap);
@@ -707,9 +711,9 @@
/**
* Determines which swap operation to perform, if any. If it is determined
- * that a swap operation is required, the image in the second slot is checked
- * for validity. If the image in the second slot is invalid, it is erased, and
- * a swap type of "none" is indicated.
+ * that a swap operation is required, the image in the secondary slot is checked
+ * for validity. If the image in the secondary slot is invalid, it is erased,
+ * and a swap type of "none" is indicated.
*
* @return The type of swap to perform (BOOT_SWAP_TYPE...)
*/
@@ -723,8 +727,10 @@
case BOOT_SWAP_TYPE_TEST:
case BOOT_SWAP_TYPE_PERM:
case BOOT_SWAP_TYPE_REVERT:
- /* Boot loader wants to switch to slot 1. Ensure image is valid. */
- if (boot_validate_slot(1) != 0) {
+ /* Boot loader wants to switch to the secondary slot.
+ * Ensure image is valid.
+ */
+ if (boot_validate_slot(BOOT_SECONDARY_SLOT) != 0) {
swap_type = BOOT_SWAP_TYPE_FAIL;
}
}
@@ -758,7 +764,7 @@
scratch_sz = boot_scratch_area_size(&boot_data);
for (i = last_sector_idx; i >= 0; i--) {
- new_sz = sz + boot_img_sector_size(&boot_data, 0, i);
+ new_sz = sz + boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, i);
if (new_sz > scratch_sz) {
break;
}
@@ -896,7 +902,7 @@
rc = flash_area_open(flash_area_id, &fap);
assert(rc == 0);
- rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_1, &swap_state);
+ rc = boot_read_swap_state_by_id(FLASH_AREA_IMAGE_SECONDARY, &swap_state);
assert(rc == 0);
if (swap_state.image_ok == BOOT_FLAG_SET) {
@@ -923,11 +929,11 @@
int rc;
switch (flash_area_id) {
- case FLASH_AREA_IMAGE_0:
- slot = 0;
+ case FLASH_AREA_IMAGE_PRIMARY:
+ slot = BOOT_PRIMARY_SLOT;
break;
- case FLASH_AREA_IMAGE_1:
- slot = 1;
+ case FLASH_AREA_IMAGE_SECONDARY:
+ slot = BOOT_SECONDARY_SLOT;
break;
default:
return BOOT_EFLASH;
@@ -968,7 +974,7 @@
int rc;
/* Calculate offset from start of image area. */
- img_off = boot_img_sector_off(&boot_data, 0, idx);
+ img_off = boot_img_sector_off(&boot_data, BOOT_PRIMARY_SLOT, idx);
copy_sz = sz;
trailer_sz = boot_slots_trailer_sz(BOOT_WRITE_SZ(&boot_data));
@@ -982,8 +988,9 @@
* NOTE: `use_scratch` is a temporary flag (never written to flash) which
* controls if special handling is needed (swapping last sector).
*/
- last_sector = boot_img_num_sectors(&boot_data, 0) - 1;
- if (img_off + sz > boot_img_sector_off(&boot_data, 0, last_sector)) {
+ last_sector = boot_img_num_sectors(&boot_data, BOOT_PRIMARY_SLOT) - 1;
+ if (img_off + sz > boot_img_sector_off(&boot_data, BOOT_PRIMARY_SLOT,
+ last_sector)) {
copy_sz -= trailer_sz;
}
@@ -993,7 +1000,7 @@
rc = boot_erase_sector(FLASH_AREA_IMAGE_SCRATCH, 0, sz);
assert(rc == 0);
- rc = boot_copy_sector(FLASH_AREA_IMAGE_1, FLASH_AREA_IMAGE_SCRATCH,
+ rc = boot_copy_sector(FLASH_AREA_IMAGE_SECONDARY, FLASH_AREA_IMAGE_SCRATCH,
img_off, 0, copy_sz);
assert(rc == 0);
@@ -1005,10 +1012,10 @@
* last sector is not being used by the image data so it's
* safe to erase.
*/
- rc = boot_erase_last_sector_by_id(FLASH_AREA_IMAGE_0);
+ rc = boot_erase_last_sector_by_id(FLASH_AREA_IMAGE_PRIMARY);
assert(rc == 0);
- boot_status_init_by_id(FLASH_AREA_IMAGE_0, bs);
+ boot_status_init_by_id(FLASH_AREA_IMAGE_PRIMARY, bs);
}
}
@@ -1018,18 +1025,19 @@
}
if (bs->state == BOOT_STATUS_STATE_1) {
- rc = boot_erase_sector(FLASH_AREA_IMAGE_1, img_off, sz);
+ rc = boot_erase_sector(FLASH_AREA_IMAGE_SECONDARY, img_off, sz);
assert(rc == 0);
- rc = boot_copy_sector(FLASH_AREA_IMAGE_0, FLASH_AREA_IMAGE_1,
+ rc = boot_copy_sector(FLASH_AREA_IMAGE_PRIMARY,
+ FLASH_AREA_IMAGE_SECONDARY,
img_off, img_off, copy_sz);
assert(rc == 0);
if (bs->idx == BOOT_STATUS_IDX_0 && !bs->use_scratch) {
/* If not all sectors of the slot are being swapped,
- * guarantee here that only slot0 will have the state.
+ * guarantee here that only the primary slot will have the state.
*/
- rc = boot_erase_last_sector_by_id(FLASH_AREA_IMAGE_1);
+ rc = boot_erase_last_sector_by_id(FLASH_AREA_IMAGE_SECONDARY);
assert(rc == 0);
}
@@ -1039,11 +1047,12 @@
}
if (bs->state == BOOT_STATUS_STATE_2) {
- rc = boot_erase_sector(FLASH_AREA_IMAGE_0, img_off, sz);
+ rc = boot_erase_sector(FLASH_AREA_IMAGE_PRIMARY, img_off, sz);
assert(rc == 0);
/* NOTE: also copy trailer from scratch (has status info) */
- rc = boot_copy_sector(FLASH_AREA_IMAGE_SCRATCH, FLASH_AREA_IMAGE_0,
+ rc = boot_copy_sector(FLASH_AREA_IMAGE_SCRATCH,
+ FLASH_AREA_IMAGE_PRIMARY,
0, img_off, copy_sz);
assert(rc == 0);
@@ -1055,11 +1064,12 @@
flash_area_close(fap);
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
assert(rc == 0);
/* copy current status that is being maintained in scratch */
- rc = boot_copy_sector(FLASH_AREA_IMAGE_SCRATCH, FLASH_AREA_IMAGE_0,
+ rc = boot_copy_sector(FLASH_AREA_IMAGE_SCRATCH,
+ FLASH_AREA_IMAGE_PRIMARY,
scratch_trailer_off,
img_off + copy_sz,
BOOT_STATUS_STATE_COUNT * BOOT_WRITE_SZ(&boot_data));
@@ -1117,13 +1127,13 @@
(void)bs;
- BOOT_LOG_INF("Image upgrade slot1 -> slot0");
- BOOT_LOG_INF("Erasing slot0");
+ BOOT_LOG_INF("Image upgrade secondary slot -> primary slot");
+ BOOT_LOG_INF("Erasing the primary slot");
- sect_count = boot_img_num_sectors(&boot_data, 0);
+ sect_count = boot_img_num_sectors(&boot_data, BOOT_PRIMARY_SLOT);
for (sect = 0; sect < sect_count; sect++) {
- this_size = boot_img_sector_size(&boot_data, 0, sect);
- rc = boot_erase_sector(FLASH_AREA_IMAGE_0,
+ this_size = boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT, sect);
+ rc = boot_erase_sector(FLASH_AREA_IMAGE_PRIMARY,
size,
this_size);
assert(rc == 0);
@@ -1131,16 +1141,18 @@
size += this_size;
}
- BOOT_LOG_INF("Copying slot 1 to slot 0: 0x%zx bytes", size);
- rc = boot_copy_sector(FLASH_AREA_IMAGE_1, FLASH_AREA_IMAGE_0,
+ BOOT_LOG_INF("Copying the secondary slot to the primary slot: 0x%zx bytes",
+ size);
+ rc = boot_copy_sector(FLASH_AREA_IMAGE_SECONDARY, FLASH_AREA_IMAGE_PRIMARY,
0, 0, size);
/* Update the stored security counter with the new image's security counter
- * value. Both slots hold the new image at this point, but slot 1's image
- * header must be passed because the read image headers in the boot_data
- * structure have not been updated yet.
+ * value. Both slots hold the new image at this point, but the secondary
+ * slot's image header must be passed because the read image headers in the
+ * boot_data structure have not been updated yet.
*/
- rc = boot_update_security_counter(0, boot_img_hdr(&boot_data, 1));
+ rc = boot_update_security_counter(BOOT_PRIMARY_SLOT,
+ boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT));
if (rc != 0) {
BOOT_LOG_ERR("Security counter update failed after image upgrade.");
return rc;
@@ -1151,17 +1163,21 @@
* image is written without a trailer as is the case when using newt, the
* trailer that was left might trigger a new upgrade.
*/
- rc = boot_erase_sector(FLASH_AREA_IMAGE_1,
- boot_img_sector_off(&boot_data, 1, 0),
- boot_img_sector_size(&boot_data, 1, 0));
+ rc = boot_erase_sector(FLASH_AREA_IMAGE_SECONDARY,
+ boot_img_sector_off(&boot_data,
+ BOOT_SECONDARY_SLOT, 0),
+ boot_img_sector_size(&boot_data,
+ BOOT_SECONDARY_SLOT, 0));
assert(rc == 0);
- last_sector = boot_img_num_sectors(&boot_data, 1) - 1;
- rc = boot_erase_sector(FLASH_AREA_IMAGE_1,
- boot_img_sector_off(&boot_data, 1, last_sector),
- boot_img_sector_size(&boot_data, 1, last_sector));
+ last_sector = boot_img_num_sectors(&boot_data, BOOT_SECONDARY_SLOT) - 1;
+ rc = boot_erase_sector(FLASH_AREA_IMAGE_SECONDARY,
+ boot_img_sector_off(&boot_data, BOOT_SECONDARY_SLOT,
+ last_sector),
+ boot_img_sector_size(&boot_data, BOOT_SECONDARY_SLOT,
+ last_sector));
assert(rc == 0);
- /* TODO: Perhaps verify slot 0's signature again? */
+ /* TODO: Perhaps verify the primary slot's signature again? */
return 0;
}
@@ -1187,15 +1203,15 @@
* No swap ever happened, so need to find the largest image which
* will be used to determine the amount of sectors to swap.
*/
- hdr = boot_img_hdr(&boot_data, 0);
+ hdr = boot_img_hdr(&boot_data, BOOT_PRIMARY_SLOT);
if (hdr->ih_magic == IMAGE_MAGIC) {
- rc = boot_read_image_size(0, hdr, ©_size);
+ rc = boot_read_image_size(BOOT_PRIMARY_SLOT, hdr, ©_size);
assert(rc == 0);
}
- hdr = boot_img_hdr(&boot_data, 1);
+ hdr = boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT);
if (hdr->ih_magic == IMAGE_MAGIC) {
- rc = boot_read_image_size(1, hdr, &size);
+ rc = boot_read_image_size(BOOT_SECONDARY_SLOT, hdr, &size);
assert(rc == 0);
}
@@ -1218,7 +1234,8 @@
size = 0;
last_sector_idx = 0;
while (1) {
- size += boot_img_sector_size(&boot_data, 0, last_sector_idx);
+ size += boot_img_sector_size(&boot_data, BOOT_PRIMARY_SLOT,
+ last_sector_idx);
if (size >= copy_size) {
break;
}
@@ -1236,7 +1253,7 @@
swap_idx++;
}
-#ifdef MCUBOOT_VALIDATE_SLOT0
+#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
if (boot_status_fails > 0) {
BOOT_LOG_WRN("%d status write fails performing the swap", boot_status_fails);
}
@@ -1247,7 +1264,7 @@
#endif
/**
- * Marks the image in slot 0 as fully copied.
+ * Marks the image in the primary slot as fully copied.
*/
#ifndef MCUBOOT_OVERWRITE_ONLY
static int
@@ -1256,7 +1273,7 @@
const struct flash_area *fap;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -1268,13 +1285,13 @@
#endif /* !MCUBOOT_OVERWRITE_ONLY */
/**
- * Marks a reverted image in slot 0 as confirmed. This is necessary to ensure
- * the status bytes from the image revert operation don't get processed on a
- * subsequent boot.
+ * Marks a reverted image in the primary slot as confirmed. This is necessary to
+ * ensure the status bytes from the image revert operation don't get processed
+ * on a subsequent boot.
*
* NOTE: image_ok is tested before writing because if there's a valid permanent
- * image installed on slot0 and the new image to be upgrade to has a bad sig,
- * image_ok would be overwritten.
+ * image installed on the primary slot and the new image to be upgrade to has a
+ * bad sig, image_ok would be overwritten.
*/
#ifndef MCUBOOT_OVERWRITE_ONLY
static int
@@ -1284,7 +1301,7 @@
struct boot_swap_state state;
int rc;
- rc = flash_area_open(FLASH_AREA_IMAGE_0, &fap);
+ rc = flash_area_open(FLASH_AREA_IMAGE_PRIMARY, &fap);
if (rc != 0) {
return BOOT_EFLASH;
}
@@ -1382,11 +1399,11 @@
* necessary because the gcc option "-fdata-sections" doesn't seem to have
* any effect in older gcc versions (e.g., 4.8.4).
*/
- static boot_sector_t slot0_sectors[BOOT_MAX_IMG_SECTORS];
- static boot_sector_t slot1_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t primary_slot_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t secondary_slot_sectors[BOOT_MAX_IMG_SECTORS];
- boot_data.imgs[0].sectors = slot0_sectors;
- boot_data.imgs[1].sectors = slot1_sectors;
+ boot_data.imgs[BOOT_PRIMARY_SLOT].sectors = primary_slot_sectors;
+ boot_data.imgs[BOOT_SECONDARY_SLOT].sectors = secondary_slot_sectors;
/* Open boot_data image areas for the duration of this call. */
for (slot = 0; slot < BOOT_NUM_SLOTS; slot++) {
@@ -1414,7 +1431,7 @@
}
/* If the image slots aren't compatible, no swap is possible. Just boot
- * into slot 0.
+ * into the primary slot.
*/
if (boot_slots_compatible()) {
rc = boot_swap_if_needed(&swap_type);
@@ -1442,27 +1459,28 @@
switch (swap_type) {
case BOOT_SWAP_TYPE_NONE:
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
break;
case BOOT_SWAP_TYPE_TEST: /* fallthrough */
case BOOT_SWAP_TYPE_PERM: /* fallthrough */
case BOOT_SWAP_TYPE_REVERT:
- slot = 1;
+ slot = BOOT_SECONDARY_SLOT;
reload_headers = true;
#ifndef MCUBOOT_OVERWRITE_ONLY
if (swap_type == BOOT_SWAP_TYPE_PERM) {
/* Update the stored security counter with the new image's security
- * counter value (the one in the primary slot). Slot 0 holds the
- * new image at this point, but slot 1's image header must be
- * passed because the read image headers in the boot_data structure
- * have not been updated yet.
+ * counter value. The primary slot holds the new image at this
+ * point, but the secondary slot's image header must be passed
+ * because the read image headers in the boot_data structure have
+ * not been updated yet.
*
* In case of a permanent image swap mcuboot will never attempt to
* revert the images on the next reboot. Therefore, the security
* counter must be increased right after the image upgrade.
*/
- rc = boot_update_security_counter(0, boot_img_hdr(&boot_data, 1));
+ rc = boot_update_security_counter(BOOT_PRIMARY_SLOT,
+ boot_img_hdr(&boot_data, BOOT_SECONDARY_SLOT));
if (rc != 0) {
BOOT_LOG_ERR("Security counter update failed after "
"image upgrade.");
@@ -1478,11 +1496,11 @@
break;
case BOOT_SWAP_TYPE_FAIL:
- /* The image in slot 1 was invalid and is now erased. Ensure we don't
- * try to boot into it again on the next reboot. Do this by pretending
- * we just reverted back to slot 0.
+ /* The image in the secondary slot was invalid and is now erased.
+ * Ensure we don't try to boot into it again on the next reboot.
+ * Do this by pretending we just reverted back to the primary slot.
*/
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
reload_headers = true;
break;
@@ -1505,30 +1523,31 @@
}
/* Since headers were reloaded, it can be assumed we just performed a
* swap or overwrite. Now the header info that should be used to
- * provide the data for the bootstrap, which previously was at Slot 1,
- * was updated to Slot 0.
+ * provide the data for the bootstrap, which previously was at the
+ * secondary slot, was updated to the primary slot.
*/
- slot = 0;
+ slot = BOOT_PRIMARY_SLOT;
}
-#ifdef MCUBOOT_VALIDATE_SLOT0
- rc = boot_validate_slot(0);
+#ifdef MCUBOOT_VALIDATE_PRIMARY_SLOT
+ rc = boot_validate_slot(BOOT_PRIMARY_SLOT);
assert(rc == 0);
if (rc != 0) {
rc = BOOT_EBADIMAGE;
goto out;
}
-#else /* MCUBOOT_VALIDATE_SLOT0 */
- /* Even if we're not re-validating slot 0, we could be booting
+#else
+ /* Even if we're not re-validating the primary slot, we could be booting
* onto an empty flash chip. At least do a basic sanity check that
* the magic number on the image is OK.
*/
- if (boot_data.imgs[0].hdr.ih_magic != IMAGE_MAGIC) {
- BOOT_LOG_ERR("bad image magic 0x%lx", (unsigned long)boot_data.imgs[0].hdr.ih_magic);
+ if (boot_data.imgs[BOOT_PRIMARY_SLOT].hdr.ih_magic != IMAGE_MAGIC) {
+ BOOT_LOG_ERR("bad image magic 0x%lx",
+ (unsigned long)boot_data.imgs[BOOT_PRIMARY_SLOT].hdr.ih_magic);
rc = BOOT_EBADIMAGE;
goto out;
}
-#endif /* MCUBOOT_VALIDATE_SLOT0 */
+#endif /* MCUBOOT_VALIDATE_PRIMARY_SLOT */
/* Update the stored security counter with the active image's security
* counter value. It will be updated only if the new security counter is
@@ -1540,7 +1559,8 @@
* set). This way a "revert" swap can be performed if it's necessary.
*/
if (swap_type == BOOT_SWAP_TYPE_NONE) {
- rc = boot_update_security_counter(0, boot_img_hdr(&boot_data, 0));
+ rc = boot_update_security_counter(BOOT_PRIMARY_SLOT,
+ boot_img_hdr(&boot_data, BOOT_PRIMARY_SLOT));
if (rc != 0) {
BOOT_LOG_ERR("Security counter update failed after image "
"validation.");
@@ -1549,8 +1569,8 @@
}
/* Always boot from the primary slot. */
- rsp->br_flash_dev_id = boot_img_fa_device_id(&boot_data, 0);
- rsp->br_image_off = boot_img_slot_off(&boot_data, 0);
+ rsp->br_flash_dev_id = boot_img_fa_device_id(&boot_data, BOOT_PRIMARY_SLOT);
+ rsp->br_image_off = boot_img_slot_off(&boot_data, BOOT_PRIMARY_SLOT);
rsp->br_hdr = boot_img_hdr(&boot_data, slot);
/* Save boot status to shared memory area */
@@ -1788,11 +1808,11 @@
uint32_t img_cnt;
struct image_header *newest_image_header;
- static boot_sector_t slot0_sectors[BOOT_MAX_IMG_SECTORS];
- static boot_sector_t slot1_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t primary_slot_sectors[BOOT_MAX_IMG_SECTORS];
+ static boot_sector_t secondary_slot_sectors[BOOT_MAX_IMG_SECTORS];
- boot_data.imgs[0].sectors = &slot0_sectors[0];
- boot_data.imgs[1].sectors = &slot1_sectors[0];
+ boot_data.imgs[BOOT_PRIMARY_SLOT].sectors = &primary_slot_sectors[0];
+ boot_data.imgs[BOOT_SECONDARY_SLOT].sectors = &secondary_slot_sectors[0];
/* Open boot_data image areas for the duration of this call. */
for (i = 0; i < BOOT_NUM_SLOTS; i++) {
@@ -1851,16 +1871,17 @@
rc = boot_copy_image_to_sram(slot, newest_image_header);
if (rc != 0) {
rc = BOOT_EBADIMAGE;
- BOOT_LOG_INF("Could not copy image from slot 0x%x in "
+ BOOT_LOG_INF("Could not copy image from the %s slot in "
"the Flash to load address 0x%x in SRAM, "
- "aborting..",
- slot,
+ "aborting..", (slot == BOOT_PRIMARY_SLOT) ?
+ "primary" : "secondary",
newest_image_header->ih_load_addr);
goto out;
} else {
- BOOT_LOG_INF("Image has been copied from slot %d in flash to "
- "SRAM address 0x%x",
- slot,
+ BOOT_LOG_INF("Image has been copied from the %s slot in "
+ "the flash to SRAM address 0x%x",
+ (slot == BOOT_PRIMARY_SLOT) ?
+ "primary" : "secondary",
newest_image_header->ih_load_addr);
}
@@ -1877,7 +1898,8 @@
newest_image_header->ih_load_addr);
} else {
#endif /* MCUBOOT_RAM_LOADING */
- BOOT_LOG_INF("Booting image from slot %d", slot);
+ BOOT_LOG_INF("Booting image from the %s slot",
+ (slot == BOOT_PRIMARY_SLOT) ? "primary" : "secondary");
#ifdef MCUBOOT_RAM_LOADING
}
#endif
diff --git a/bl2/ext/mcuboot/flash_map.c b/bl2/ext/mcuboot/flash_map.c
index 937c18e..fddceef 100644
--- a/bl2/ext/mcuboot/flash_map.c
+++ b/bl2/ext/mcuboot/flash_map.c
@@ -58,25 +58,25 @@
/*
* The flash area describes essentially the partition table of the
- * flash. In this case, it starts with FLASH_AREA_IMAGE_0.
+ * flash. In this case, it starts with FLASH_AREA_IMAGE_PRIMARY.
*/
static struct flash_map_entry part_map[] = {
{
.magic = FLASH_MAP_ENTRY_MAGIC,
.area = {
- .fa_id = FLASH_AREA_IMAGE_0,
+ .fa_id = FLASH_AREA_IMAGE_PRIMARY,
.fa_device_id = FLASH_DEVICE_ID,
- .fa_off = FLASH_AREA_IMAGE_0_OFFSET,
- .fa_size = FLASH_AREA_IMAGE_0_SIZE,
+ .fa_off = FLASH_AREA_IMAGE_PRIMARY_OFFSET,
+ .fa_size = FLASH_AREA_IMAGE_PRIMARY_SIZE,
},
},
{
.magic = FLASH_MAP_ENTRY_MAGIC,
.area = {
- .fa_id = FLASH_AREA_IMAGE_1,
+ .fa_id = FLASH_AREA_IMAGE_SECONDARY,
.fa_device_id = FLASH_DEVICE_ID,
- .fa_off = FLASH_AREA_IMAGE_1_OFFSET,
- .fa_size = FLASH_AREA_IMAGE_1_SIZE,
+ .fa_off = FLASH_AREA_IMAGE_SECONDARY_OFFSET,
+ .fa_size = FLASH_AREA_IMAGE_SECONDARY_SIZE,
},
},
{
@@ -246,12 +246,12 @@
}
/*
- * This depends on the mappings defined in sysflash.h, and assumes
- * that slot 0, slot 1, and the scratch area area contiguous.
+ * This depends on the mappings defined in sysflash.h, and assumes that the
+ * primary slot, the secondary slot, and the scratch area are contiguous.
*/
int flash_area_id_from_image_slot(int slot)
{
- return slot + FLASH_AREA_IMAGE_0;
+ return slot + FLASH_AREA_IMAGE_PRIMARY;
}
static int validate_idx(int idx, uint32_t *off, uint32_t *len)
@@ -262,13 +262,13 @@
*/
switch (idx) {
- case FLASH_AREA_IMAGE_0:
- *off = FLASH_AREA_IMAGE_0_OFFSET;
- *len = FLASH_AREA_IMAGE_0_SIZE;
+ case FLASH_AREA_IMAGE_PRIMARY:
+ *off = FLASH_AREA_IMAGE_PRIMARY_OFFSET;
+ *len = FLASH_AREA_IMAGE_PRIMARY_SIZE;
break;
- case FLASH_AREA_IMAGE_1:
- *off = FLASH_AREA_IMAGE_1_OFFSET;
- *len = FLASH_AREA_IMAGE_1_SIZE;
+ case FLASH_AREA_IMAGE_SECONDARY:
+ *off = FLASH_AREA_IMAGE_SECONDARY_OFFSET;
+ *len = FLASH_AREA_IMAGE_SECONDARY_SIZE;
break;
case FLASH_AREA_IMAGE_SCRATCH:
*off = FLASH_AREA_IMAGE_SCRATCH_OFFSET;
diff --git a/bl2/ext/mcuboot/include/flash_map/flash_map.h b/bl2/ext/mcuboot/include/flash_map/flash_map.h
index 78934a5..6b8e396 100644
--- a/bl2/ext/mcuboot/include/flash_map/flash_map.h
+++ b/bl2/ext/mcuboot/include/flash_map/flash_map.h
@@ -50,9 +50,9 @@
*/
#include <inttypes.h>
-#define FLASH_AREA_IMAGE_0 1
-#define FLASH_AREA_IMAGE_1 2
-#define FLASH_AREA_IMAGE_SCRATCH 3
+#define FLASH_AREA_IMAGE_PRIMARY 1
+#define FLASH_AREA_IMAGE_SECONDARY 2
+#define FLASH_AREA_IMAGE_SCRATCH 3
/**
* @brief Structure describing an area on a flash device.
diff --git a/bl2/ext/mcuboot/include/target.h b/bl2/ext/mcuboot/include/target.h
index 28e6cac..97930d7 100644
--- a/bl2/ext/mcuboot/include/target.h
+++ b/bl2/ext/mcuboot/include/target.h
@@ -1,6 +1,6 @@
/*
* Copyright (C) 2017, Linaro Ltd
- * Copyright (c) 2018, Arm Limited.
+ * Copyright (c) 2018-2019, Arm Limited.
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -21,20 +21,20 @@
#error "FLASH_AREA_IMAGE_SECTOR_SIZE must be defined by the target"
#endif
-#ifndef FLASH_AREA_IMAGE_0_OFFSET
-#error "FLASH_AREA_IMAGE_0_OFFSET must be defined by the target"
+#ifndef FLASH_AREA_IMAGE_PRIMARY_OFFSET
+#error "FLASH_AREA_IMAGE_PRIMARY_OFFSET must be defined by the target"
#endif
-#ifndef FLASH_AREA_IMAGE_0_SIZE
-#error "FLASH_AREA_IMAGE_0_SIZE must be defined by the target"
+#ifndef FLASH_AREA_IMAGE_PRIMARY_SIZE
+#error "FLASH_AREA_IMAGE_PRIMARY_SIZE must be defined by the target"
#endif
-#ifndef FLASH_AREA_IMAGE_1_OFFSET
-#error "FLASH_AREA_IMAGE_1_OFFSET must be defined by the target"
+#ifndef FLASH_AREA_IMAGE_SECONDARY_OFFSET
+#error "FLASH_AREA_IMAGE_SECONDARY_OFFSET must be defined by the target"
#endif
-#ifndef FLASH_AREA_IMAGE_1_SIZE
-#error "FLASH_AREA_IMAGE_1_SIZE must be defined by the target"
+#ifndef FLASH_AREA_IMAGE_SECONDARY_SIZE
+#error "FLASH_AREA_IMAGE_SECONDARY_SIZE must be defined by the target"
#endif
#ifndef FLASH_AREA_IMAGE_SCRATCH_OFFSET
diff --git a/docs/user_guides/tfm_secure_boot.rst b/docs/user_guides/tfm_secure_boot.rst
index bea6bda..3ff581d 100644
--- a/docs/user_guides/tfm_secure_boot.rst
+++ b/docs/user_guides/tfm_secure_boot.rst
@@ -46,12 +46,13 @@
Integration with TF-M
*********************
MCUBoot assumes a predefined memory layout which is described below (applicable
-for AN521). It is mandatory to define slot 0 and slot 1 partitions, but their
-size can be changed::
+for AN521). It is mandatory to define the primary slot and the secondary slot
+partitions, but their size can be changed::
- 0x0000_0000 - 0x0007_FFFF: BL2 bootloader - MCUBoot
- - 0x0008_0000 - 0x000F_FFFF: Slot 0 : Single binary blob: Secure + Non-Secure
- image; Primary memory partition
+ - 0x0008_0000 - 0x000F_FFFF: Primary slot : Single binary blob:
+ Secure + Non-Secure image;
+ Primary memory partition
- 0x0008_0000 - 0x0008_03FF: Common image header
- 0x0008_0400 - 0x0008_xxxx: Secure image
- 0x0008_xxxx - 0x0010_03FF: Padding (with 0xFF)
@@ -59,9 +60,9 @@
- 0x0010_xxxx - 0x0010_xxxx: Hash value(SHA256) and RSA signature
of combined image
- - 0x0018_0000 - 0x0027_FFFF: Slot 1 : Secure + Non-Secure image; Secondary
- memory partition, structured identically to slot
- 0
+ - 0x0018_0000 - 0x0027_FFFF: Secondary slot : Secure + Non-Secure image;
+ Secondary memory partition, structured
+ identically to the primary slot
- 0x0028_0000 - 0x0037_FFFF: Scratch area, only used during image swapping
**************************
@@ -72,39 +73,41 @@
of the firmware is out-of-scope for MCUBoot. MCUBoot supports three different
ways to switch to the new firmware and it is assumed that firmware images are
executed-in-place (XIP). The default behaviour is the overwrite-based image
-upgrade. In this case the active firmware is always executed from slot 0 and
-slot 1 is a staging area for new images. Before executing the new firmware
-image, the content of slot 0 must be overwritten with the content of slot 1
-(the new firmware image). The second option is the image swapping strategy when
-the content of the two memory slots must be physically swapped. This needs the
-scratch area to be defined in the memory layout. The third option is the
-non-swapping version, which eliminates the complexity of image swapping and its
-administration. Active image can be executed from either memory slot, but new
-firmware must be linked to the address space of the proper (currently inactive)
-memory slot.
+upgrade. In this case the active firmware is always executed from the primary
+slot and the secondary slot is a staging area for new images. Before executing
+the new firmware image, the content of the primary slot must be overwritten with
+the content of the secondary slot (the new firmware image). The second option is
+the image swapping strategy when the content of the two memory slots must be
+physically swapped. This needs the scratch area to be defined in the memory
+layout. The third option is the non-swapping version, which eliminates the
+complexity of image swapping and its administration. Active image can be
+executed from either memory slot, but new firmware must be linked to the address
+space of the proper (currently inactive) memory slot.
Overwrite operation
===================
-Active image is stored in slot 0, and this image is started always by the
-bootloader. Therefore images must be linked to slot 0. If the bootloader finds
-a valid image in slot 1, which is marked for upgrade, then the content of slot 0
-will be simply overwritten with the content of slot 1, before starting the new
-image from slot 0. After the content of slot 0 has been successfully
-overwritten, the header and trailer of the new image in slot 1 is erased to
-prevent the triggering of another unncessary image uprade after a restart. The
-overwrite operation is fail-safe and resistant to power-cut failures. For more
-details please refer to the MCUBoot
+Active image is stored in the primary slot, and this image is started always by
+the bootloader. Therefore images must be linked to the primary slot. If the
+bootloader finds a valid image in the secondary slot, which is marked for
+upgrade, then the content of the primary slot will be simply overwritten with
+the content of the secondary slot, before starting the new image from the
+primary slot. After the content of the primary slot has been successfully
+overwritten, the header and trailer of the new image in the secondary slot is
+erased to prevent the triggering of another unncessary image uprade after a
+restart. The overwrite operation is fail-safe and resistant to power-cut
+failures. For more details please refer to the MCUBoot
`documentation <https://www.mcuboot.com/mcuboot/design.html>`__.
Swapping operation
==================
This operation can be set with the ``MCUBOOT_UPGRADE_STRATEGY`` compile time
switch (see `Build time configuration`_). With swapping image upgrade strategy
-the active image is also stored in slot 0 and it will always be started by the
-bootloader. If the bootloader finds a valid image in slot 1, which is marked for
-upgrade, then contents of slot 0 and slot 1 will be swapped, before starting the
-new image from slot 0. Scratch area is used as a temporary storage place during
-image swapping. Update mark from slot 1 is removed when the swapping is
+the active image is also stored in the primary slot and it will always be
+started by the bootloader. If the bootloader finds a valid image in the
+secondary slot, which is marked for upgrade, then contents of the primary slot
+and the secondary slot will be swapped, before starting the new image from the
+primary slot. Scratch area is used as a temporary storage place during image
+swapping. Update mark from the secondary slot is removed when the swapping is
successful. The boot loader can revert the swapping as a fall-back mechanism to
recover the previous working firmware version after a faulty update. The swap
operation is fail-safe and resistant to power-cut failures. For more details
@@ -126,22 +129,22 @@
switch (see `Build time configuration`_). When enabling non-swapping operation
then the active image flag is moved between slots during firmware upgrade. If
firmware is executed-in-place (XIP), then two firmware images must be generated.
-One of them is linked to be executed from slot 0 memory region and the other
-from slot 1. The firmware upgrade client, which downloads the new image, must be
-aware, which slot hosts the active firmware and which acts as a staging area and
-it is responsible for downloading the proper firmware image. At boot time
-MCUBoot inspects the version number in the image header and passes execution to
-the newer firmware version. New image must be marked for upgrade which is
-automatically done by Python scripts at compile time. Image verification is done
-the same way in all operational modes. If new image fails during authentication
-then MCUBoot erases the memory slot and starts the other image, after successful
-authentication.
+One of them is linked to be executed from the primary slot memory region and the
+other from the secondary slot. The firmware upgrade client, which downloads the
+new image, must be aware, which slot hosts the active firmware and which acts as
+a staging area and it is responsible for downloading the proper firmware image.
+At boot time MCUBoot inspects the version number in the image header and passes
+execution to the newer firmware version. New image must be marked for upgrade
+which is automatically done by Python scripts at compile time. Image
+verification is done the same way in all operational modes. If new image fails
+during authentication then MCUBoot erases the memory slot and starts the other
+image, after successful authentication.
At build time automatically two binaries are generated::
- <build_dir>/install/outputs/fvp/tfm_s_ns_signed.bin : Image linked for slot 0 memory partition
+ <build_dir>/install/outputs/fvp/tfm_s_ns_signed.bin : Image linked for the primary slot memory partition
- <build_dir>/install/outputs/fvp/tfm_s_ns_signed_1.bin : Image linked for slot 1 memory partition
+ <build_dir>/install/outputs/fvp/tfm_s_ns_signed_1.bin : Image linked for the secondary slot memory partition
RAM Loading firmware upgrade
============================
@@ -297,8 +300,8 @@
============================
Run TF-M build twice with two different build configuration: default and
regression. Save the artifacts between builds, because second run can overwrite
-original binaries. Download default build to slot 0 and regression build to
-slot 1.
+original binaries. Download default build to the primary slot and regression
+build to the secondary slot.
Executing firmware upgrade on FVP_MPS2_AEMv8M
---------------------------------------------
@@ -341,9 +344,9 @@
[INF] Starting bootloader
[INF] Swap type: test
- [INF] Image upgrade slot1 -> slot0
- [INF] Erasing slot0
- [INF] Copying slot 1 to slot 0: 0x100000 bytes
+ [INF] Image upgrade secondary slot -> primary slot
+ [INF] Erasing the primary slot
+ [INF] Copying the secondary slot to the primary slot: 0x100000 bytes
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
[Sec Thread] Secure image initializing!
@@ -367,7 +370,7 @@
[INF] Starting bootloader
[INF] Image 0: magic= good, copy_done=0x3, image_ok=0x3
[INF] Scratch: magic= bad, copy_done=0x0, image_ok=0x2
- [INF] Boot source: slot 0
+ [INF] Boot source: primary slot
[INF] Swap type: test
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
@@ -443,7 +446,7 @@
[INF] Starting bootloader
[INF] Image 0: version=1.2.3.4, magic= good, image_ok=0x3
[INF] Image 1: version=1.2.3.5, magic= good, image_ok=0x3
- [INF] Booting image from slot 1
+ [INF] Booting image from the secondary slot
[INF] Bootloader chainload address offset: 0xa0000
[INF] Jumping to the first image slot
[Sec Thread] Secure image initializing!
@@ -503,7 +506,7 @@
[INF] Starting bootloader
[INF] Image 0: version=0.0.0.1, magic= good, image_ok=0x3
[INF] Image 1: version=0.0.0.2, magic= good, image_ok=0x3
- [INF] Image has been copied from slot 1 in flash to SRAM address 0x10020000
+ [INF] Image has been copied from the secondary slot in flash to SRAM address 0x10020000
[INF] Booting image from SRAM at address 0x10020000
[INF] Bootloader chainload address offset: 0x20000
[INF] Jumping to the first image slot
diff --git a/docs/user_guides/tfm_user_guide.rst b/docs/user_guides/tfm_user_guide.rst
index 3035400..f653e83 100644
--- a/docs/user_guides/tfm_user_guide.rst
+++ b/docs/user_guides/tfm_user_guide.rst
@@ -62,9 +62,9 @@
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
BL2 bootloader is mandatory to test software update. Furthermore two TF-M blob
must be built. Outputs of example application and regression test can be used to
-test it. Load output of example application to slot 0 (0x10080000) and output of
-regression test to slot 1 (0x10180000). Add the following line to the end of
-the previous chapter:
+test it. Load output of example application to the primary slot (0x10080000) and
+output of regression test to the secondary slot (0x10180000). Add the following
+line to the end of the previous chapter:
.. code-block:: bash
@@ -111,7 +111,7 @@
[INF] Starting bootloader
[INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
[INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xcf
- [INF] Boot source: slot 0
+ [INF] Boot source: primary slot
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
@@ -125,7 +125,7 @@
[INF] Starting bootloader
[INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
[INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xcf
- [INF] Boot source: slot 0
+ [INF] Boot source: primary slot
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x80000
[INF] Jumping to the first image slot
@@ -256,7 +256,7 @@
[INF] Starting bootloader
[INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
[INF] Scratch: magic=bad, copy_done=0x5, image_ok=0xd9
- [INF] Boot source: slot 0
+ [INF] Boot source: primary slot
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x20000
[INF] Jumping to the first image slot
@@ -270,7 +270,7 @@
[INF] Starting bootloader
[INF] Image 0: magic=good, copy_done=0xff, image_ok=0xff
[INF] Scratch: magic=bad, copy_done=0x5, image_ok=0x9
- [INF] Boot source: slot 0
+ [INF] Boot source: primary slot
[INF] Swap type: none
[INF] Bootloader chainload address offset: 0x20000
[INF] Jumping to the first image slot
diff --git a/platform/ext/readme.rst b/platform/ext/readme.rst
index f6816c8..52a8217 100644
--- a/platform/ext/readme.rst
+++ b/platform/ext/readme.rst
@@ -58,12 +58,16 @@
- ``FLASH_AREA_BL2_OFFSET`` - Defines the offset from the flash base address
where the BL2 - MCUBOOT area starts.
- ``FLASH_AREA_BL2_SIZE`` - Defines the size of the BL2 area.
-- ``FLASH_AREA_IMAGE_0_OFFSET`` - Defines the offset from the flash base address
- where the image 0 area starts, which hosts the active firmware image.
-- ``FLASH_AREA_IMAGE_0_SIZE`` - Defines the size of the image 0 area.
-- ``FLASH_AREA_IMAGE_1_OFFSET`` - Defines the offset from the flash base address
- where the image 1 area starts, which is a placeholder for new firmware images.
-- ``FLASH_AREA_IMAGE_1_SIZE`` - Defines the size of the image 1 area.
+- ``FLASH_AREA_IMAGE_PRIMARY_OFFSET`` - Defines the offset from the flash base
+ address where the primary image area starts, which hosts the active firmware
+ image.
+- ``FLASH_AREA_IMAGE_PRIMARY_SIZE`` - Defines the size of the primary image
+ area.
+- ``FLASH_AREA_IMAGE_SECONDARY_OFFSET`` - Defines the offset from the flash base
+ address where the secondary image area starts, which is a placeholder for new
+ firmware images.
+- ``FLASH_AREA_IMAGE_SECONDARY_SIZE`` - Defines the size of the secondary image
+ area.
- ``FLASH_AREA_IMAGE_SCRATCH_OFFSET`` - Defines the offset from the flash base
address where the scratch area starts, which is used during image swapping.
- ``FLASH_AREA_IMAGE_SCRATCH_SIZE`` - Defines the size of the scratch area. The
diff --git a/platform/ext/target/mps2/an519/partition/flash_layout.h b/platform/ext/target/mps2/an519/partition/flash_layout.h
index b0ebbae..7789fa2 100644
--- a/platform/ext/target/mps2/an519/partition/flash_layout.h
+++ b/platform/ext/target/mps2/an519/partition/flash_layout.h
@@ -20,10 +20,10 @@
/* Flash layout on MPS2 AN519 with BL2:
*
* 0x0000_0000 BL2 - MCUBoot(0.5 MB)
- * 0x0008_0000 Flash_area_image_0(1 MB):
+ * 0x0008_0000 Flash_area_image_primary(1 MB):
* 0x0008_0000 Secure image primary
* 0x0010_0000 Non-secure image primary
- * 0x0018_0000 Flash_area_image_1(1 MB):
+ * 0x0018_0000 Flash_area_image_secondary(1 MB):
* 0x0018_0000 Secure image secondary
* 0x0020_0000 Non-secure image secondary
* 0x0028_0000 Scratch area(1 MB)
@@ -59,26 +59,27 @@
#define FLASH_BASE_ADDRESS (0x10000000)
/* Offset and size definitions of the flash partitions that are handled by the
- * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH
- * is used as a temporary storage during image swapping.
+ * bootloader. The image swapping is done between IMAGE_PRIMARY and
+ * IMAGE_SECONDARY, SCRATCH is used as a temporary storage during image
+ * swapping.
*/
-#define FLASH_AREA_BL2_OFFSET (0x0)
-#define FLASH_AREA_BL2_SIZE (0x80000) /* 512 KB */
+#define FLASH_AREA_BL2_OFFSET (0x0)
+#define FLASH_AREA_BL2_SIZE (0x80000) /* 512 KB */
-#define FLASH_AREA_IMAGE_0_OFFSET (FLASH_AREA_BL2_OFFSET + \
- FLASH_AREA_BL2_SIZE)
-#define FLASH_AREA_IMAGE_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_1_OFFSET (FLASH_AREA_IMAGE_0_OFFSET + \
- FLASH_AREA_IMAGE_0_SIZE)
-#define FLASH_AREA_IMAGE_1_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET + \
+ FLASH_AREA_IMAGE_PRIMARY_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_1_OFFSET + \
- FLASH_AREA_IMAGE_1_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET + \
+ FLASH_AREA_IMAGE_SECONDARY_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
/* The maximum number of status entries supported by the bootloader. */
/* The maximum number of status entries must be at least 2. For more
diff --git a/platform/ext/target/mps2/an519/partition/region_defs.h b/platform/ext/target/mps2/an519/partition/region_defs.h
index 30d1ba0..7c76ca0 100644
--- a/platform/ext/target/mps2/an519/partition/region_defs.h
+++ b/platform/ext/target/mps2/an519/partition/region_defs.h
@@ -42,21 +42,21 @@
#ifdef BL2
#ifndef LINK_TO_SECONDARY_PARTITION
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
#else
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
#endif /* !LINK_TO_SECONDARY_PARTITION */
#else
#define S_IMAGE_PRIMARY_PARTITION_OFFSET (0x0)
#endif /* BL2 */
#ifndef LINK_TO_SECONDARY_PARTITION
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#else
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#endif /* !LINK_TO_SECONDARY_PARTITION */
@@ -130,7 +130,7 @@
/* Secondary partition for new images in case of firmware upgrade */
#define SECONDARY_PARTITION_START \
(NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
-#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_1_SIZE)
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_SECONDARY_SIZE)
#ifdef BL2
/* Bootloader regions */
diff --git a/platform/ext/target/mps2/an521/partition/flash_layout.h b/platform/ext/target/mps2/an521/partition/flash_layout.h
index 57c9592..c5ad9df 100644
--- a/platform/ext/target/mps2/an521/partition/flash_layout.h
+++ b/platform/ext/target/mps2/an521/partition/flash_layout.h
@@ -20,10 +20,10 @@
/* Flash layout on MPS2 AN521 with BL2:
*
* 0x0000_0000 BL2 - MCUBoot(0.5 MB)
- * 0x0008_0000 Flash_area_image_0(1 MB):
+ * 0x0008_0000 Flash_area_image_primary(1 MB):
* 0x0008_0000 Secure image primary
* 0x0010_0000 Non-secure image primary
- * 0x0018_0000 Flash_area_image_1(1 MB):
+ * 0x0018_0000 Flash_area_image_secondary(1 MB):
* 0x0018_0000 Secure image secondary
* 0x0020_0000 Non-secure image secondary
* 0x0028_0000 Scratch area(1 MB)
@@ -59,26 +59,27 @@
#define FLASH_BASE_ADDRESS (0x10000000)
/* Offset and size definitions of the flash partitions that are handled by the
- * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH
- * is used as a temporary storage during image swapping.
+ * bootloader. The image swapping is done between IMAGE_PRIMARY and
+ * IMAGE_SECONDARY, SCRATCH is used as a temporary storage during image
+ * swapping.
*/
-#define FLASH_AREA_BL2_OFFSET (0x0)
-#define FLASH_AREA_BL2_SIZE (0x80000) /* 512 KB */
+#define FLASH_AREA_BL2_OFFSET (0x0)
+#define FLASH_AREA_BL2_SIZE (0x80000) /* 512 KB */
-#define FLASH_AREA_IMAGE_0_OFFSET (FLASH_AREA_BL2_OFFSET + \
- FLASH_AREA_BL2_SIZE)
-#define FLASH_AREA_IMAGE_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_1_OFFSET (FLASH_AREA_IMAGE_0_OFFSET + \
- FLASH_AREA_IMAGE_0_SIZE)
-#define FLASH_AREA_IMAGE_1_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET + \
+ FLASH_AREA_IMAGE_PRIMARY_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_1_OFFSET + \
- FLASH_AREA_IMAGE_1_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET + \
+ FLASH_AREA_IMAGE_SECONDARY_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
/* The maximum number of status entries supported by the bootloader. */
/* The maximum number of status entries must be at least 2. For more
diff --git a/platform/ext/target/mps2/an521/partition/region_defs.h b/platform/ext/target/mps2/an521/partition/region_defs.h
index 8951163..f989820 100644
--- a/platform/ext/target/mps2/an521/partition/region_defs.h
+++ b/platform/ext/target/mps2/an521/partition/region_defs.h
@@ -42,21 +42,21 @@
#ifdef BL2
#ifndef LINK_TO_SECONDARY_PARTITION
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
#else
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
#endif /* !LINK_TO_SECONDARY_PARTITION */
#else
#define S_IMAGE_PRIMARY_PARTITION_OFFSET (0x0)
#endif /* BL2 */
#ifndef LINK_TO_SECONDARY_PARTITION
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#else
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#endif /* !LINK_TO_SECONDARY_PARTITION */
@@ -130,7 +130,7 @@
/* Secondary partition for new images in case of firmware upgrade */
#define SECONDARY_PARTITION_START \
(NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
-#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_1_SIZE)
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_SECONDARY_SIZE)
#ifdef BL2
/* Bootloader regions */
diff --git a/platform/ext/target/mps3/an524/partition/flash_layout.h b/platform/ext/target/mps3/an524/partition/flash_layout.h
index 918d4dc..3f6c696 100644
--- a/platform/ext/target/mps3/an524/partition/flash_layout.h
+++ b/platform/ext/target/mps3/an524/partition/flash_layout.h
@@ -27,10 +27,10 @@
* Flash layout on MPS3 AN524 with BL2:
*
* 0x0000_0000 BL2 - MCUBoot (256 KB)
- * Flash_area_image_0
+ * Flash_area_image_primary:
* 0x0004_0000 Secure image (256 KB)
* 0x0008_0000 Non-secure image (256 KB)
- * Flash_area_image_1:
+ * Flash_area_image_secondary:
* 0x000C_0000 Secure image (256 KB)
* 0x0010_0000 Non-secure image (256 KB)
* 0x0014_0000 Scratch area (512 KB)
@@ -60,24 +60,24 @@
/* Flash base info for BL2 bootloader */
#define FLASH_BASE_ADDRESS (0x10000000)
-/* offset to QSPI base */
-#define FLASH_AREA_BL2_OFFSET (0x0)
-#define FLASH_AREA_BL2_SIZE (0x40000) /* 256 KB */
+/* Offset to QSPI base */
+#define FLASH_AREA_BL2_OFFSET (0x0)
+#define FLASH_AREA_BL2_SIZE (0x40000) /* 256 KB */
-#define FLASH_AREA_IMAGE_0_OFFSET (FLASH_AREA_BL2_OFFSET + \
- FLASH_AREA_BL2_SIZE)
-#define FLASH_AREA_IMAGE_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_1_OFFSET (FLASH_AREA_IMAGE_0_OFFSET + \
- FLASH_AREA_IMAGE_0_SIZE)
-#define FLASH_AREA_IMAGE_1_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET + \
+ FLASH_AREA_IMAGE_PRIMARY_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_1_OFFSET + \
- FLASH_AREA_IMAGE_1_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET + \
+ FLASH_AREA_IMAGE_SECONDARY_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
/* The maximum number of status entries supported by the bootloader. */
/* The maximum number of status entries must be at least 2. For more
diff --git a/platform/ext/target/mps3/an524/partition/region_defs.h b/platform/ext/target/mps3/an524/partition/region_defs.h
index e6df473..e2e8243 100644
--- a/platform/ext/target/mps3/an524/partition/region_defs.h
+++ b/platform/ext/target/mps3/an524/partition/region_defs.h
@@ -42,21 +42,21 @@
#ifdef BL2
#ifndef LINK_TO_SECONDARY_PARTITION
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
#else
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
#endif /* !LINK_TO_SECONDARY_PARTITION */
#else
#define S_IMAGE_PRIMARY_PARTITION_OFFSET (0x0)
#endif /* BL2 */
#ifndef LINK_TO_SECONDARY_PARTITION
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#else
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#endif /* !LINK_TO_SECONDARY_PARTITION */
@@ -122,10 +122,9 @@
#define NS_PARTITION_SIZE (FLASH_NS_PARTITION_SIZE)
#ifdef BL2
-/* Secondary partition for new images in case of firmware upgrade */
-#define SECONDARY_PARTITION_START \
- (NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
-#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_1_SIZE)
+#define SECONDARY_PARTITION_START \
+ (NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_SECONDARY_SIZE)
#define SECONDARY_PARTITION_LIMIT (SECONDARY_PARTITION_START + \
SECONDARY_PARTITION_SIZE - 1)
diff --git a/platform/ext/target/musca_a/partition/flash_layout.h b/platform/ext/target/musca_a/partition/flash_layout.h
index 1e3e155..4bcf98e 100644
--- a/platform/ext/target/musca_a/partition/flash_layout.h
+++ b/platform/ext/target/musca_a/partition/flash_layout.h
@@ -20,10 +20,10 @@
/* Flash layout on Musca with BL2:
*
* 0x0020_0000 BL2 - MCUBoot(128 KB)
- * 0x0022_0000 Flash_area_image_0(1 MB)
+ * 0x0022_0000 Flash_area_image_primary(1 MB)
* 0x0022_0000 Secure image primary
* 0x002A_0000 Non-secure image primary
- * 0x0032_0000 Flash_area_image_1(1 MB)
+ * 0x0032_0000 Flash_area_image_secondary(1 MB)
* 0x0032_0000 Secure image secondary
* 0x003A_0000 Non-secure image secondary
* 0x0042_0000 Secure Storage Area(0.02 MB)
@@ -60,28 +60,29 @@
#define FLASH_BASE_ADDRESS (0x10200000)
/* Offset and size definitions of the flash partitions that are handled by the
- * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH
- * is used as a temporary storage during image swapping.
+ * bootloader. The image swapping is done between IMAGE_PRIMARY and
+ * IMAGE_SECONDARY, SCRATCH is used as a temporary storage during image
+ * swapping.
*/
-#define FLASH_AREA_BL2_OFFSET (0x0)
-#define FLASH_AREA_BL2_SIZE (0x20000) /* 128 KB */
+#define FLASH_AREA_BL2_OFFSET (0x0)
+#define FLASH_AREA_BL2_SIZE (0x20000) /* 128KB */
-#define FLASH_AREA_IMAGE_0_OFFSET (FLASH_AREA_BL2_OFFSET + \
- FLASH_AREA_BL2_SIZE)
-#define FLASH_AREA_IMAGE_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_1_OFFSET (FLASH_AREA_IMAGE_0_OFFSET + \
- FLASH_AREA_IMAGE_0_SIZE)
-#define FLASH_AREA_IMAGE_1_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET + \
+ FLASH_AREA_IMAGE_PRIMARY_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
/* Not used, only the RAM loading firmware upgrade operation
* is supported on Musca-A.
*/
-#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_1_OFFSET + \
- FLASH_AREA_IMAGE_1_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_SIZE (0)
+#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET + \
+ FLASH_AREA_IMAGE_SECONDARY_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_SIZE (0)
/* Not used, only the RAM loading firmware upgrade operation
* is supported on Musca-A. The maximum number of status entries
diff --git a/platform/ext/target/musca_a/partition/region_defs.h b/platform/ext/target/musca_a/partition/region_defs.h
index 028abc4..40e1372 100644
--- a/platform/ext/target/musca_a/partition/region_defs.h
+++ b/platform/ext/target/musca_a/partition/region_defs.h
@@ -39,10 +39,10 @@
/* MPC granularity is 128 KB on Musca_A. Alignment
* of partitions is defined in accordance with this constraint.
*/
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
/* Boot partition structure if MCUBoot is used:
@@ -114,7 +114,7 @@
/* Secondary partition for new images in case of firmware upgrade */
#define SECONDARY_PARTITION_START \
(NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
-#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_1_SIZE)
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_SECONDARY_SIZE)
/* Code SRAM area */
#define TOTAL_CODE_SRAM_SIZE (TOTAL_ROM_SIZE)
diff --git a/platform/ext/target/musca_b1/partition/flash_layout.h b/platform/ext/target/musca_b1/partition/flash_layout.h
index 6710f84..d4f4a1a 100644
--- a/platform/ext/target/musca_b1/partition/flash_layout.h
+++ b/platform/ext/target/musca_b1/partition/flash_layout.h
@@ -20,10 +20,10 @@
/* Flash layout on Musca-B1 with BL2(boot from eFlash 0):
*
* 0x0A00_0000 BL2 - MCUBoot(128 KB)
- * 0x0A02_0000 Flash_area_image_0(768 KB)
+ * 0x0A02_0000 Flash_area_image_primary(768 KB)
* 0x0A02_0000 Secure image primary (256 KB)
* 0x0A06_0000 Non-secure image primary (512 KB)
- * 0x0A0E_0000 Flash_area_image_1(768 KB)
+ * 0x0A0E_0000 Flash_area_image_secondary(768 KB)
* 0x0A0E_0000 Secure image secondary (256 KB)
* 0x0A12_0000 Non-secure image secondary (512 KB)
* 0x0A1E_0000 Secure Storage Area(0.02 MB)
@@ -56,28 +56,29 @@
#define FLASH_BASE_ADDRESS (0x1A000000)
/* Offset and size definitions of the flash partitions that are handled by the
- * bootloader. The image swapping is done between IMAGE_0 and IMAGE_1, SCRATCH
- * is used as a temporary storage during image swapping.
+ * bootloader. The image swapping is done between IMAGE_PRIMARY and
+ * IMAGE_SECONDARY, SCRATCH is used as a temporary storage during image
+ * swapping.
*/
-#define FLASH_AREA_BL2_OFFSET (0x0)
-#define FLASH_AREA_BL2_SIZE (0x20000) /* 128 KB */
+#define FLASH_AREA_BL2_OFFSET (0x0)
+#define FLASH_AREA_BL2_SIZE (0x20000) /* 128 KB */
-#define FLASH_AREA_IMAGE_0_OFFSET (FLASH_AREA_BL2_OFFSET + \
- FLASH_AREA_BL2_SIZE)
-#define FLASH_AREA_IMAGE_0_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_OFFSET (FLASH_AREA_BL2_OFFSET + \
+ FLASH_AREA_BL2_SIZE)
+#define FLASH_AREA_IMAGE_PRIMARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
-#define FLASH_AREA_IMAGE_1_OFFSET (FLASH_AREA_IMAGE_0_OFFSET + \
- FLASH_AREA_IMAGE_0_SIZE)
-#define FLASH_AREA_IMAGE_1_SIZE (FLASH_S_PARTITION_SIZE + \
- FLASH_NS_PARTITION_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET + \
+ FLASH_AREA_IMAGE_PRIMARY_SIZE)
+#define FLASH_AREA_IMAGE_SECONDARY_SIZE (FLASH_S_PARTITION_SIZE + \
+ FLASH_NS_PARTITION_SIZE)
/* Not used, only the Non-swapping firmware upgrade operation
- * is supported on Musca-B1
+ * is supported on Musca-B1.
*/
-#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_1_OFFSET + \
- FLASH_AREA_IMAGE_1_SIZE)
-#define FLASH_AREA_IMAGE_SCRATCH_SIZE (0)
+#define FLASH_AREA_IMAGE_SCRATCH_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET + \
+ FLASH_AREA_IMAGE_SECONDARY_SIZE)
+#define FLASH_AREA_IMAGE_SCRATCH_SIZE (0)
/* Not used, only the Non-swapping firmware upgrade operation
* is supported on Musca-B1. The maximum number of status entries
diff --git a/platform/ext/target/musca_b1/partition/region_defs.h b/platform/ext/target/musca_b1/partition/region_defs.h
index 72dcb21..cee0f98 100644
--- a/platform/ext/target/musca_b1/partition/region_defs.h
+++ b/platform/ext/target/musca_b1/partition/region_defs.h
@@ -41,21 +41,21 @@
*/
#ifdef BL2
#ifndef LINK_TO_SECONDARY_PARTITION
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
#else
-#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET)
-#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET)
+#define S_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET)
+#define S_IMAGE_SECONDARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET)
#endif /* !LINK_TO_SECONDARY_PARTITION */
#else
#define S_IMAGE_PRIMARY_PARTITION_OFFSET (0x0)
#endif /* BL2 */
#ifndef LINK_TO_SECONDARY_PARTITION
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_0_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_PRIMARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#else
-#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_1_OFFSET \
+#define NS_IMAGE_PRIMARY_PARTITION_OFFSET (FLASH_AREA_IMAGE_SECONDARY_OFFSET \
+ FLASH_S_PARTITION_SIZE)
#endif /* !LINK_TO_SECONDARY_PARTITION */
@@ -129,7 +129,7 @@
/* Secondary partition for new images in case of firmware upgrade */
#define SECONDARY_PARTITION_START \
(NS_ROM_ALIAS(S_IMAGE_SECONDARY_PARTITION_OFFSET))
-#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_1_SIZE)
+#define SECONDARY_PARTITION_SIZE (FLASH_AREA_IMAGE_SECONDARY_SIZE)
/* Code SRAM area */
#define TOTAL_CODE_SRAM_SIZE (0x00080000) /* 512 KB */
diff --git a/secure_fw/CMakeLists.txt b/secure_fw/CMakeLists.txt
index 1fe005a..f6a8e53 100644
--- a/secure_fw/CMakeLists.txt
+++ b/secure_fw/CMakeLists.txt
@@ -117,9 +117,9 @@
embedded_target_include_directories(TARGET ${PROJECT_OBJ_LIB} PATH ${TFM_ROOT_DIR} ABSOLUTE APPEND)
# For the non-swapping BL2 configuration two executables need to be built.
-# One can be executed from flash partition slot_0 and other from slot_1.
-# Only the linking phase is different. This function captures common settings
-# and eliminates copy-paste.
+# One can be executed from the primary slot flash partition and other from the
+# the secondary slot. Only the linking phase is different. This function
+# captures common settings and eliminates copy-paste.
function(set_up_secure_fw_build)
set( _OPTIONS_ARGS) #Option (on/off) arguments (e.g. IGNORE_CASE)
set( _ONE_VALUE_ARGS S_TARGET VENEER_NAME POSTFIX) #Single option arguments (e.g. PATH "./foo/bar")