Previous logic was allowing external storage to be tampered by setting
write-protected keys, so values could not be updated, but it was still
used by get().
TDBStore used to rely on Flash devices erase value.
This logic has been removed, and TDBStore can do the entire erase
logic itself, in case the given BlockDevice does not offer erase().
This relies on BlockDevice to properly return -1 in BlockDevice::get_erase_value().
Previous logic caused garbage collection to kick in, if the init() was
called on empty storage. This has effect of erasing areas twice, if both
areas were empty.
Re-write logic so that we erase areas only on garbage_collect() or reset().
The init() logic already chooses the active area, so no need to touch,
until keys are modified.
Removed also the is_erase_unit_erased() as this is working only on
FLASH devices, and TDBStore should be refactored to work on all storages.
Change the "reserved data" logic so that every time we erase and area,
the content of reserved data is then immediately copied to newly erased
area. This keeps two copies of the data.
When data is requested, return only if checksum is matching.
When data is written, only allow if BOTH checksums are incorrect, meaning
that areas are either corrupted or erased.
Only exception is TDBStore::reset() which erases all keys and reserved data.
Removed all logic that tried to detect, if reserved are was erased or
corrupted. Rely entirely on checksum.
Add moduletest for reserved data.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
In case our are contains data from previous reset() or reset_area(),
we might end up in the situation where free space contains valid
key headers, but we have not erased that area yet. This can cause
failures if the deinit() and init() because new scan of that area
would continue as long as keys are found. This causes keys on the
not-yet-erased area to be included in the new instance of TDBStore.
To prevent this failure, check after each key-write that our free
space does not contain valid key headers. Also make sure that we
erase one program unit sector over the master record. If we erased
just the master record,first key might is still there, causing next
init() to find it. Extend erase area by one program unit, so that
build_ram_table() won't find any keys.
Previously it was 2 pages - 1kB - which isn't sufficient to store
Reserved Area and Master Record. Reserved are requires one page and Master
Record takes two pages. With 512B page size and having two areas, active and
inactive, the minimum size requirement becomes 2 areas * 3 pages = 3kB. That
isn't enough to store any keys though.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
_inc_set_handle is new'd in SecureStore::init(), then its members are
referenced in various functions without being explicitly initialized
first. These pre-existing values can confuse the SecureStore's internal
state and cause various undesired behavior.
* Refactor some headers to use relative path from Mbed OS root.
* Refactor some data types to compile on 64bit machines.
* Refactor some debug traces to use mbed_trace.
- Enable FLASHIAP for all H7 boards
- Use "TDB_INTERNAL" for all H7 boards
- Define specific internal_base_address only for DISCO_H747I_CM7
(default address is the end of FLASH which is correct for other H7 boards)
- Correct GetSectorBase function with Dual Bank information
Return value was ignored, and TDBStore:init() ended up in a
MBED_ERROR() phase after that.
TDBStore API was limited to allow returning of only two separate
errors, which may end up hiding the actual return value. Change
the documentation slightly to allow returning of original error
code from the underlying block device.
Fixes#11591
The default computation assumes that a flash sector is several times
larger than a flash page. On PSoC 6 targets this is not the case
(the two values are the same) so the computed size is too small.
This is a similar change to 1b1f14d36b,
but for devices which implement TDB in internal storage.
When flashing a binary STLink won't skip writing padding which happens
to be the same value as flash's erase value. STM32L4 based targets
have an additional 8-bit of embedded ECC for each 64-bit word of data.
The initial value, when a sector is erased, for the ECC bits is 0xFF.
When you write the erase value to a given address these bits gets
modified to something different due to the ECC algoritm in use. The
visible bits are intact but difference in ECC value prevents flipping
any 1's to 0's. Only way to proceed is to erase the whole sector.
The default computation assumes that a flash sector is several times
larger than a flash page. On PSoC 6 targets this is not the case
(the two values are the same) so the computed size is too small.
This could cause incomplete data retrieval and mismatch when reading
data in more than one chunk, because every chunk would be read to the
same location at the beginning of the output buffer.
To compile Mbed Bootloader with bare metal profile certain defines are
not added anymore automatically. Because of this checks for those
defines needed to be introduced.
Thus far the default position has been after the application plus two
spare sectors. For simplicity and to have a predictable location for the
TDBStore with the default configuration the location is now switched to
the end of the flash. Two last sectors to be exact.
Pawel Zarembski
ccli8
Przemyslaw Stekiel
Martin Kojtal
Seppo Takalo
Veijo Pesonen
Kevin Bracey
Kyle Kearney
jeromecoutant
Janne Kiiskila
midd
Vairamuthu Ramasamy
Jammu Kekkonen
Matthew Macovsky
Michal Paszta