Hi,
we are concerned about the time it will take to do Over-the-Air Device Firmware Update when we can't update the images independently.
This timing is of critical importance for products that don't want downtime during updates.
Also, we don't understand why the veneers are not considered to be fixed in both situations. And consequently, why moving them prevents update of the images independently.
Please clarify.
Is it DFU from 1.5 to 1.6 that would not be possible?
That we are OK with.
________________________________ From: TF-M tf-m-bounces@lists.trustedfirmware.org on behalf of Sherry Zhang via TF-M tf-m@lists.trustedfirmware.org Sent: Thursday, December 9, 2021 11:18 AM To: tf-m@lists.trustedfirmware.org tf-m@lists.trustedfirmware.org Cc: nd nd@arm.com Subject: [TF-M] Eliminate unnecessary space in tfm_s.bin
Hi,
Currently, in the compiler link script, the CMSE VENEER section is placed at a fixed address which is at the end of tfm code. See code for armclanghttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.trustedfirmware.org%2FTF-M%2Ftrusted-firmware-m.git%2Ftree%2Fplatform%2Fext%2Fcommon%2Farmclang%2Ftfm_common_s.sct%23n260&data=04%7C01%7Csebastian.boe%40nordicsemi.no%7Cef638ac0b1ab4bda22b308d9bafd3d3e%7C28e5afa2bf6f419a8cf6b31c6e9e5e8d%7C0%7C0%7C637746419089719746%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=ZF%2B8FfJB0j8uSiOnuS%2FQT8cD9Lz9p5ucdFV6EXAOe%2Fs%3D&reserved=0 and gnu armhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit.trustedfirmware.org%2FTF-M%2Ftrusted-firmware-m.git%2Ftree%2Fplatform%2Fext%2Fcommon%2Fgcc%2Ftfm_common_s.ld%23n569&data=04%7C01%7Csebastian.boe%40nordicsemi.no%7Cef638ac0b1ab4bda22b308d9bafd3d3e%7C28e5afa2bf6f419a8cf6b31c6e9e5e8d%7C0%7C0%7C637746419089719746%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3BQ2qgth4544kXuK8cnjQTXdKj3s9xqvyLXdXSTeUck%3D&reserved=0.
Placing the veneers at the fixed address has the benefit that the when the secure image updates, the veneer symbols remain unchanged. So, the nonsecure image does not have to be updated together.
The problem is that the size of tfm_s.bin is always the same in different TF-M build configurations(debug mode, release mode, profile small, profile large and so on). So, there can be large empty space between the end of tfm code and the veneer section.
As we discussed on today's tech forum meeting, I propose to move the LR_VENEER from the end of tfm code to right after the secure vector table. In this way, the space between the tfm code and the veneers section is eliminated. Also, the supported number of interrupts for each platform is fixed. So, the size of the vector table is fixed for each platform. So, the start address of veneer section is still fixed for each platform. The size of tfm_s.bin is reduced significantly after this change. Take the AN521 platform for example, the size of tfm_s.bin has a 70 percent reduction.
The link script change for armclanghttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F12620%2F6%2Fplatform%2Fext%2Fcommon%2Farmclang%2Ftfm_common_s.sct&data=04%7C01%7Csebastian.boe%40nordicsemi.no%7Cef638ac0b1ab4bda22b308d9bafd3d3e%7C28e5afa2bf6f419a8cf6b31c6e9e5e8d%7C0%7C0%7C637746419089729708%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=A%2FnOw0SPiuLEWgTWR7EdDkP15WXyTDoGlfbFf3%2B6BZk%3D&reserved=0 and gnu armhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F12620%2F6%2Fplatform%2Fext%2Fcommon%2Fgcc%2Ftfm_common_s.ld&data=04%7C01%7Csebastian.boe%40nordicsemi.no%7Cef638ac0b1ab4bda22b308d9bafd3d3e%7C28e5afa2bf6f419a8cf6b31c6e9e5e8d%7C0%7C0%7C637746419089739662%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=k1lnyj32IfM03bEKl7vXUk1jVgZRa%2FIByGCBjnU9CEA%3D&reserved=0 in this patchhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Freview.trustedfirmware.org%2Fc%2FTF-M%2Ftrusted-firmware-m%2F%2B%2F12620%2F&data=04%7C01%7Csebastian.boe%40nordicsemi.no%7Cef638ac0b1ab4bda22b308d9bafd3d3e%7C28e5afa2bf6f419a8cf6b31c6e9e5e8d%7C0%7C0%7C637746419089739662%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=zu1mV4SwY91ifVTyVmOG6bC9pqLR8mrf7us2rGoKySo%3D&reserved=0 can help me demonstrating my proposal. I am not hurry asking for review and merge this patch. As it impacts all the platforms, I want to get confirmed that all platforms which are using the common link script are happy with this proposal.
Any comments or especially concerns on this proposal?
Thanks,
Regards,
Sherry Zhang