Previously Greentea tests was not initialising its storage
before asking for bd->get_program_size(), causing FlashBlockDevice to
return zero. This caused both TDBStorage's to use zero for both
parameter to SlicingBlockDevice(bd, 0, 0), effetivaly both then
used same addresses for slice. This caused SecureStore tests
to fail, because writes to internal RBP storage overwrote keys
from external storage.
Fine-tune TDBStore sizes, so that all tests can fit into storage.
At least with LPC55S69's default TDBStore configuration it's
impossible to run storage Greentea tests without exhausting the
memory reserved for storing keys.
Fixes an issue where number of keys were removed based on number of
threads which didn't have anything to do with the test case.
Fixes an issue where number of keys were assumed to be constant
but variable number was used for configuration.
In case our are contains data from previous reset() or reset_area(),
we might end up in the situation where free space contains valid
key headers, but we have not erased that area yet. This can cause
failures if the deinit() and init() because new scan of that area
would continue as long as keys are found. This causes keys on the
not-yet-erased area to be included in the new instance of TDBStore.
To prevent this failure, check after each key-write that our free
space does not contain valid key headers. Also make sure that we
erase one program unit sector over the master record. If we erased
just the master record,first key might is still there, causing next
init() to find it. Extend erase area by one program unit, so that
build_ram_table() won't find any keys.
Previously it was 2 pages - 1kB - which isn't sufficient to store
Reserved Area and Master Record. Reserved are requires one page and Master
Record takes two pages. With 512B page size and having two areas, active and
inactive, the minimum size requirement becomes 2 areas * 3 pages = 3kB. That
isn't enough to store any keys though.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
The addition of trace logging during greentea tests pushes the multithreaded
read-write test beyond the limits of the stack it allocates for its threads.
The increase of 128 bytes was chosen by experimentation.
_inc_set_handle is new'd in SecureStore::init(), then its members are
referenced in various functions without being explicitly initialized
first. These pre-existing values can confuse the SecureStore's internal
state and cause various undesired behavior.
* Change MBED_ASSERTS() to return valid error code, so that
checks are not bypassed on release builds.
* Fix starting address calculations so that "addr" parameter is always
relative to SlicingDevice and "_start" is only added when calls to
underlying storage block is made.
* Bypass BlockDevice:is_valid_*() to underlying block device.
Slicingblockdevice was just verifying addresses independently, without
verifying those from underlying block storage.
* Refactor some headers to use relative path from Mbed OS root.
* Refactor some data types to compile on 64bit machines.
* Refactor some debug traces to use mbed_trace.
- Enable FLASHIAP for all H7 boards
- Use "TDB_INTERNAL" for all H7 boards
- Define specific internal_base_address only for DISCO_H747I_CM7
(default address is the end of FLASH which is correct for other H7 boards)
- Correct GetSectorBase function with Dual Bank information
As of 722628be02, the "remainder" configuration
also uses the default location near the end of flash. Which makes the two tests
nearly identical with the exception that the "last two sectors" test correctly
handles parts with a low (possibly 1:1) erase size to program size ratio.
Therefore, change the "remainder" test to instead be a "default" test that uses
the tdb_internal_address/size values, so that it
a.) tests something meaningfully different and
b.) tests using the custom TDB address/size values if they are provided.
c.) functions correctly on devices where the default sector-based size computation
does not work (e.g. because of the low erase size to program size ratio)
and therefore a custom location and size has been specified.
The is_conf_tdb_internal variable is unused and therefore removed.
The QSPI spec allows alt to be any size that is a multiple of the
number of data lines. For example, Micron's N25Q128A uses only a
single alt cycle for all read modes (1, 2, or 4 bits depending on
how many data lines are in use).
Return value was ignored, and TDBStore:init() ended up in a
MBED_ERROR() phase after that.
TDBStore API was limited to allow returning of only two separate
errors, which may end up hiding the actual return value. Change
the documentation slightly to allow returning of original error
code from the underlying block device.
Fixes#11591
The default computation assumes that a flash sector is several times
larger than a flash page. On PSoC 6 targets this is not the case
(the two values are the same) so the computed size is too small.
This is a similar change to 1b1f14d36b,
but for devices which implement TDB in internal storage.
When flashing a binary STLink won't skip writing padding which happens
to be the same value as flash's erase value. STM32L4 based targets
have an additional 8-bit of embedded ECC for each 64-bit word of data.
The initial value, when a sector is erased, for the ECC bits is 0xFF.
When you write the erase value to a given address these bits gets
modified to something different due to the ECC algoritm in use. The
visible bits are intact but difference in ECC value prevents flipping
any 1's to 0's. Only way to proceed is to erase the whole sector.
The default computation assumes that a flash sector is several times
larger than a flash page. On PSoC 6 targets this is not the case
(the two values are the same) so the computed size is too small.
This could cause incomplete data retrieval and mismatch when reading
data in more than one chunk, because every chunk would be read to the
same location at the beginning of the output buffer.
IAR compilation fails at `_fs = { 0 };` due to
```
[Error] FATFileSystem.cpp@285,0: [Pe029]: expected an expression
```
Changing that object initializer list instead, as that seems
to pass IAR compilation, too.
Changed original memset to object initialiser list based on review
feedback from Kevin Bracey.
To compile Mbed Bootloader with bare metal profile certain defines are
not added anymore automatically. Because of this checks for those
defines needed to be introduced.
Thus far the default position has been after the application plus two
spare sectors. For simplicity and to have a predictable location for the
TDBStore with the default configuration the location is now switched to
the end of the flash. Two last sectors to be exact.
Macro which restricted compilation to GCC_ARM is removed.
Existing read_write() test is amended to call stat() and check that correct size is returned.
- Add the no confidentiality & no replay protection flags
- Add actual size parameter in PS/ITS get APIs
- Change a few size parameters from uint32_t to size_t
Musca-A1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_A1 is the non-secure target running mbed-os.
- ARM_MUSCA_A1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_A1 is submitted by a pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
due to partial implementation. Having FUTURE_SEQUANA_M0 and
FUTURE_SEQUANA PSA targets is misleading.
Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>
Reimplement atomic code in inline assembly. This can improve
optimisation, and avoids potential architectural problems with using
LDREX/STREX intrinsics.
API further extended:
* Bitwise operations (fetch_and/fetch_or/fetch_xor)
* fetch_add and fetch_sub (like incr/decr, but returning old value -
aligning with C++11)
* compare_exchange_weak
* Explicit memory order specification
* Basic freestanding template overloads for C++
This gives our existing C implementation essentially all the functionality
needed by C++11.
An actual Atomic<T> template based upon these C functions could follow.
One gets this compiler warning from nvstore.cpp:
```
Compile [ 48.6%]: nvstore.cpp
[Warning] nvstore.cpp@814,9: variable 'os_ret' set but not used [-Wunused-but-set-variable]
```
Turns out it's caused by the fact that the variable is only used
with MBED_ASSERTs, which get optimized out or not, depending on your
build profile. In reality we do not need a separate variable for that
in my opinion though, so we can just use the ret-variable instead
and drop the os_ret variable completely and thus avoid this
compiler warning.
To support block device out of mbed-os tree in KVStore, user needs to:
1. Configure blockdevice to "other".
2. Override get_other_blockdevice() to provide block device out of mbed-os tree.
Due to discovery of inconsistent sector sizes in devices storage the is_valid_erase function was adjusted,
For FlashIAPBD the 'code size' was included to the calculation, preventing faulty "virtual" addresses calculation.
For SlicingBD the same error was fixed and in all 3 validation functions that sent addresses for validation and program/read/erase
different addresses.
Added WiFi_Bt CM4 PSA target in mbedos json
Added SPE-NSPE mailbox initialization for CM4 SystemInit
Made similar to FUTURE_SEQUANA configurations
Copied FUTURE_SEQUANA CM0 SPM part for WiFi_Bt smoke test
Added CY8CKIT_062_WIFI_BT_M0 and CY8CKIT_062_WIFI_BT_M0_PSA targets
Sorted files for new CY8CKIT_062_WIFI_BT_M0 and CY8CKIT_062_WIFI_BT_M0_PSA targets
Copied files for CY8CKIT_062_WIFI_BT_M0_PSA from FUTURE_SEQUANA
Copied and updated cm0p start files
Corrected according to FUTURE_SEQUANA
Changes to M0 startup files to have SPM started
Fixed implicit declaration warning
Commented interrupts enabling according to FUTURE_SEQUANA flow
Updated prebuild spm_smore CM0 hex for CM4 target
Turned on greentea environment
Used special memory region for common CM0/CM4 data
Updated prebuild CM0 SPM hex
Placed shared memory region for flash operations into SPM shared memory region
Updated cyprotection code and configuration
Start address of protected regions is set by a defined number from target.json
Added masters pcMask configuration
Added support for PSA target to WIFI_BT board
Enabled resources protection for SPM
Aligned RAM usage according to Cypress FlashBoot and CyBootloader
alligned protection config
Added CYW943012P6EVB_01_M0 target
Enlarged heap size, remobed nv_seed
Added heap reservation in linker script from mbed-os
Removed heap size definition
turned on nv_seed config
Removed nv_seed macros
Enabled protection for PSoC6 CM0
Added PSoC6 CM0 PSA readme
Enabled mbed_hal-spm test
Enabled nv_seed and removed unneeded ipc config define
Added SPDX string to feature_ble cypress target files
Removed unneeded supported_toolchains lines for Cypress targets
Disabled protection settings
Corrected flash initialization for PSoC6 CM0 PSA
Changed PSoC6 IPC6 protection for flash
Enabled special flash initialization and enabled protection settings
Updated and added new prebuild PSoC6 CM0 PSA hex files
Disabled HW TRNG and CRC for PSoC6 CM4 PSA target
Added missing const to allow types to match
Updated PSoC6 WIFI_BT_PSA prebuilt directory
Moved PSoC6 shared section usage area definition to begin of ld
Added initial ARM_STD linker and startup files for PSoC6 CM0
Added initial IAR linker and startup files for PSoC6 CM0
Added defines to disable some SPM protection settings for PSoC64
Moved Flash function variables into separate memory region
Added defines for new Public area definition
Updated PSoC6 CM0_PSA hex-files
In addition, prevent FS tests from running on internal flash,
due to the fact that file system on internal flash is not part of
our offering (TDBStore should be used there instead).
This commit fixes the failure in the "Direct access to device key" test,
when working with internal flash components, whose erase size to program
size ratio is small. In such cases, the last two sectors are not large
enough to store the device key.
Due to targets enhancement some boards failed the general block device tests for flashiap component,
The fails were due to boards containing inconsistent sector sizes.
The tests were modified but should be improved to address the problem.
Rand() function issues were fixed.
Random number generation in case of IAR 8, requires TLS support.
Thread local storage is not part of Mbed OS, test is updated to have random
numbers sparse, but in future random number creation should be moved to main
thread, or use some other logic for randomization instead of rand() call.
All tests will run for each storage component available on device excapt for test_get_type_functionality that will run once on the default blockdevice.
Few boards may fail the write actions due to HW limitations (like critical
drivers that disable flash operations). Just retry a few times until success.
In addition, remove the redundant retries in NVStore (not needed now).
Don't allocate the sector map array in this function,
as it was buggy and redundant. Separate user config vs. automatic allocation
cases instead (which was essentially the case anyway).
In addition, fix tests to get over failures in low end boards
The most common issue with using littlefs in mbed-os is when users
change from littlefs->FAT->littlefs (or with MBR or similar). When this
corrupts the superblock, littlefs tries to fall back to the backup
superblock. However, at this point in the time the old superblock may be
very out-of-date and pointing to an incorrect filesystem.
There's no complete solution to a malicious modification of the
filesystem (short of checking all metadata+data, a very expensive
operation), but we can at least expand our validation to all of the
metadata for the filesystem. This at least catches the common issues
with changing between different filesystems.
Seppo Takalo
Veijo Pesonen
Martin Kojtal
amq
Kevin Bracey
Kyle Kearney
Matthew Macovsky
RAJKUMAR KANAGARAJ
jeromecoutant
Janne Kiiskila
midd
Anna Bridge
Christopher Haster
Hugues Kamba
Roman Okhrimenko
Vairamuthu Ramasamy
Jammu Kekkonen
Michal Paszta
Chun-Chieh Li
int_szyk
Marcin Tomczyk
David Saada
Volodymyr Medvid
Qinghao Shi
Oren Cohen
Michael Schwarcz
Devaraj Ranganna
Olli-Pekka Puolitaival
Martin Kojtal
Yossi Levy
Cruz Monrreal
Amir Cohen
Evgeni Bolotin
Mahesh Mahadevan
Oleg Kapshii
offirko
Marcus Chang
Senthil Ramakrishnan
Deepika
Ron Eldor