Rework TDBStore::calc_area_params so that it can handle situations where
the block device size is not an even multiple of the sector size (while
retaining its ability to handle non-uniform erase sizes).
This avoids intermittent asserts on boards where TDBStore is implemented
in internal flash, in which case the size of the block device varies
with the application size and a minor change (or a shift in optimization
level) can shift TDBStore from an odd to an even number of sectors.
When 10 pages is larger than 2 sectors, align the selected size
down to be an even multiple of the sector size, to ensure that
the allocated space divides cleanly in half for garbage collection.
The minimum size required by tdbstore is either 2 sectors or 10 pages,
whichever is larger. Correspondingly, adjust the error checks in
_calculate_blocksize_match_tdbstore to match this requirement.
In some cases, it is possible that every erase unit in area 0
has the same size, but they are still different than in area 1.
Remove the flag for varying erase sizes and instead check from
flash, what is the erase size of the current unit.
TDBStore used to rely on Flash devices erase value.
This logic has been removed, and TDBStore can do the entire erase
logic itself, in case the given BlockDevice does not offer erase().
This relies on BlockDevice to properly return -1 in BlockDevice::get_erase_value().
Previous logic caused garbage collection to kick in, if the init() was
called on empty storage. This has effect of erasing areas twice, if both
areas were empty.
Re-write logic so that we erase areas only on garbage_collect() or reset().
The init() logic already chooses the active area, so no need to touch,
until keys are modified.
Removed also the is_erase_unit_erased() as this is working only on
FLASH devices, and TDBStore should be refactored to work on all storages.
Change the "reserved data" logic so that every time we erase and area,
the content of reserved data is then immediately copied to newly erased
area. This keeps two copies of the data.
When data is requested, return only if checksum is matching.
When data is written, only allow if BOTH checksums are incorrect, meaning
that areas are either corrupted or erased.
Only exception is TDBStore::reset() which erases all keys and reserved data.
Removed all logic that tried to detect, if reserved are was erased or
corrupted. Rely entirely on checksum.
Add moduletest for reserved data.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
In case our are contains data from previous reset() or reset_area(),
we might end up in the situation where free space contains valid
key headers, but we have not erased that area yet. This can cause
failures if the deinit() and init() because new scan of that area
would continue as long as keys are found. This causes keys on the
not-yet-erased area to be included in the new instance of TDBStore.
To prevent this failure, check after each key-write that our free
space does not contain valid key headers. Also make sure that we
erase one program unit sector over the master record. If we erased
just the master record,first key might is still there, causing next
init() to find it. Extend erase area by one program unit, so that
build_ram_table() won't find any keys.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
* Refactor some headers to use relative path from Mbed OS root.
* Refactor some data types to compile on 64bit machines.
* Refactor some debug traces to use mbed_trace.
Return value was ignored, and TDBStore:init() ended up in a
MBED_ERROR() phase after that.
TDBStore API was limited to allow returning of only two separate
errors, which may end up hiding the actual return value. Change
the documentation slightly to allow returning of original error
code from the underlying block device.
Fixes#11591
When flashing a binary STLink won't skip writing padding which happens
to be the same value as flash's erase value. STM32L4 based targets
have an additional 8-bit of embedded ECC for each 64-bit word of data.
The initial value, when a sector is erased, for the ECC bits is 0xFF.
When you write the erase value to a given address these bits gets
modified to something different due to the ECC algoritm in use. The
visible bits are intact but difference in ECC value prevents flipping
any 1's to 0's. Only way to proceed is to erase the whole sector.
This could cause incomplete data retrieval and mismatch when reading
data in more than one chunk, because every chunk would be read to the
same location at the beginning of the output buffer.
- Add the no confidentiality & no replay protection flags
- Add actual size parameter in PS/ITS get APIs
- Change a few size parameters from uint32_t to size_t
Implement the following:
KVStore base class
TDBStore class
FileSystemStore class
SecureStore class
Global APIs
Configuration framework
Design documentation
Chun-Chieh Li
amq
Kyle Kearney
Jarno Lamsa
Marcin Tomczyk
Martin Kojtal
Seppo Takalo
Veijo Pesonen
Kevin Bracey
Jammu Kekkonen
Michal Paszta
David Saada
Alexander Zilberkant
Yossi Levy