Rework TDBStore::calc_area_params so that it can handle situations where
the block device size is not an even multiple of the sector size (while
retaining its ability to handle non-uniform erase sizes).
This avoids intermittent asserts on boards where TDBStore is implemented
in internal flash, in which case the size of the block device varies
with the application size and a minor change (or a shift in optimization
level) can shift TDBStore from an odd to an even number of sectors.
STORE_SECTORS is a hard requirement. If there are fewer than 2 pages
then the kvstore will not work, because the garbage collection process
relies on having at least two sectors to work with.
STORE_PAGES is a heuristic. It is a reasonable default to use if the
application does not specify the amount of flash to use for TDBStore.
But if an application knows that a smaller number of pages will suffice
for its specific needs, then that is valid and should be permitted.
When 10 pages is larger than 2 sectors, align the selected size
down to be an even multiple of the sector size, to ensure that
the allocated space divides cleanly in half for garbage collection.
The minimum size required by tdbstore is either 2 sectors or 10 pages,
whichever is larger. Correspondingly, adjust the error checks in
_calculate_blocksize_match_tdbstore to match this requirement.
Default the size to the larger of two sectors or 10 pages, so that the
computation works better on devices with a low sector to page size ratio.
Reduce code duplication.
In some cases, it is possible that every erase unit in area 0
has the same size, but they are still different than in area 1.
Remove the flag for varying erase sizes and instead check from
flash, what is the erase size of the current unit.
Musca-B1 is a Cortex-M33 based target with security extension enabled.
- ARM_MUSCA_B1 is the non-secure target running mbed-os.
- ARM_MUSCA_B1_S is the secure target running TF-M.
- TF-M sources were imported and patched in previous commits.
- TF-M secure bootloader (McuBoot) for MUSCA_B1 is submitted by a
pre-built binary.
- A post-build hook concatenates The secure and non-secure binaries,
signs it and then concatenates the bootloader with the signed binary.
Change-Id: I4b36290941b5f0bb7aa7c12dda2f38b5c1e39ae2
Signed-off-by: Tamas Kaman <tamas.kaman@arm.com>
Signed-off-by: Gabor Abonyi <gabor.abonyi@arm.com>
Previous logic was allowing external storage to be tampered by setting
write-protected keys, so values could not be updated, but it was still
used by get().
TDBStore used to rely on Flash devices erase value.
This logic has been removed, and TDBStore can do the entire erase
logic itself, in case the given BlockDevice does not offer erase().
This relies on BlockDevice to properly return -1 in BlockDevice::get_erase_value().
Previous logic caused garbage collection to kick in, if the init() was
called on empty storage. This has effect of erasing areas twice, if both
areas were empty.
Re-write logic so that we erase areas only on garbage_collect() or reset().
The init() logic already chooses the active area, so no need to touch,
until keys are modified.
Removed also the is_erase_unit_erased() as this is working only on
FLASH devices, and TDBStore should be refactored to work on all storages.
Change the "reserved data" logic so that every time we erase and area,
the content of reserved data is then immediately copied to newly erased
area. This keeps two copies of the data.
When data is requested, return only if checksum is matching.
When data is written, only allow if BOTH checksums are incorrect, meaning
that areas are either corrupted or erased.
Only exception is TDBStore::reset() which erases all keys and reserved data.
Removed all logic that tried to detect, if reserved are was erased or
corrupted. Rely entirely on checksum.
Add moduletest for reserved data.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
In case our are contains data from previous reset() or reset_area(),
we might end up in the situation where free space contains valid
key headers, but we have not erased that area yet. This can cause
failures if the deinit() and init() because new scan of that area
would continue as long as keys are found. This causes keys on the
not-yet-erased area to be included in the new instance of TDBStore.
To prevent this failure, check after each key-write that our free
space does not contain valid key headers. Also make sure that we
erase one program unit sector over the master record. If we erased
just the master record,first key might is still there, causing next
init() to find it. Extend erase area by one program unit, so that
build_ram_table() won't find any keys.
Previously it was 2 pages - 1kB - which isn't sufficient to store
Reserved Area and Master Record. Reserved are requires one page and Master
Record takes two pages. With 512B page size and having two areas, active and
inactive, the minimum size requirement becomes 2 areas * 3 pages = 3kB. That
isn't enough to store any keys though.
* Make mbed_error use bitwise MbedCRC call rather than local
implementation.
* Remove use of POLY_32BIT_REV_ANSI from LittleFS.
* Move some MbedCRC instances closer to use - construction cost is
trivial, and visibility aids compiler optimisation.
_inc_set_handle is new'd in SecureStore::init(), then its members are
referenced in various functions without being explicitly initialized
first. These pre-existing values can confuse the SecureStore's internal
state and cause various undesired behavior.
* Refactor some headers to use relative path from Mbed OS root.
* Refactor some data types to compile on 64bit machines.
* Refactor some debug traces to use mbed_trace.
- Enable FLASHIAP for all H7 boards
- Use "TDB_INTERNAL" for all H7 boards
- Define specific internal_base_address only for DISCO_H747I_CM7
(default address is the end of FLASH which is correct for other H7 boards)
- Correct GetSectorBase function with Dual Bank information
Martin Kojtal
Kyle Kearney
MarceloSalazar
Marcin Tomczyk
Jarno Lamsa
Tamas Kaman
Pawel Zarembski
ccli8
Przemyslaw Stekiel
Seppo Takalo
Veijo Pesonen
Kevin Bracey
jeromecoutant