-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add swap using offset mode #2162
base: main
Are you sure you want to change the base?
Conversation
1f86386
to
484d0f5
Compare
@nordicjm this is a very nice improvement. There are some minor documentation nits. A further possible improvement could be to place the swap state (image trailer) in the update image slot (this will not be erased during the swap, and thus the image could go up to the slot size - trailer size). |
484d0f5
to
b6b32c5
Compare
I left it in the first as with the "move" slot being moved to the second image, the overhead in both slots is now about equal (swap status in primary, move slot in secondary). However I'm not sure if this mode will actually be finished, the simulator is a giant fight and lots of edge cases need handling in application code to account for the secondary slot image being at either offset, and as of right now the simulator failures make no sense to me |
f61a84d
to
546b5b5
Compare
Some food for further thoughts: I have created a similar approach outside of mcuboot, by using a different terminology: The image update moves one sector from image to backup followed by a move from update to image, when the update is finished the old image is in the backup slot and the new image is in the image slot. A restore is a move from the backup slot to the image slot. The method also allows removing the "swap with scratch" as the "scratch" sector can be defined as the first sector of the backup image. For devices that have plenty of flash the backup slot can also be defined separate from the update slot to enhance the life and keep flash wear equal for all slots (update erases all flash only once). |
546b5b5
to
678cb93
Compare
The plan is that swap using scratch will be removed in the coming future, but as it stands right now this would not work, e.g. on an stm32 where the sector sizes are 32KiB, 32KiB, 64KiB, 128KiB, 128KiB - making it the first sector give a scratch size of 32KiB which means you can't complete a single swap. The idea is that MCUboot's "sector size" will not be the flash sector size in future, it will be able to be configured so in the case of the stm32 will be 128KiB, in the case of a device with internal and external flash whereby internal flash has 2KiB sectors and external flash has 8KiB sectors, both will be 8KiB - once this change is made it means that swap using scratch can be removed entirely because despite the device have different sector sizes, the move is done in multiples of the largest sector size. The added benefit of this is that the code is smaller and swap status area is smaller too |
769bca3
to
9e28dea
Compare
Hi @nordicjm |
When building for existing products where the bootloader is configured in swap using move mode, other than that swap using offset should become the new default |
d12d10d
to
8cf39b8
Compare
Refactors some functions so that the state variable is present in it Signed-off-by: Jamie McCrae <[email protected]>
8cf39b8
to
9fa2367
Compare
Adds a new variation of the swap using move mode, named swap using offset, whereby instead of moving all the sectors in the primary image, the sectors in the secondary image are offset instead. This fastens image swapping time both for updates and reverts as each sector in both slots is erased only once, which also reduces flash wear, and uses less swap status bits to represent Signed-off-by: Jamie McCrae <[email protected]>
Adds support for using this mode to zephyr Signed-off-by: Jamie McCrae <[email protected]>
Adds support for getting the sector size of less sectors than are in an image, which mirrors support in zephyr and allows getting just the size of the first sector in an image Signed-off-by: Jamie McCrae <[email protected]>
Enables testing this new mode Signed-off-by: Jamie McCrae <[email protected]>
Fixes not using a pointer as a pointer Signed-off-by: Jamie McCrae <[email protected]>
Adds details on how this new mode works Signed-off-by: Jamie McCrae <[email protected]>
Adds a note about this new algorithm being added Signed-off-by: Jamie McCrae <[email protected]>
Fixes some comments which had typos or were not formatted correctly Signed-off-by: Jamie McCrae <[email protected]>
Adds support for serial recovery of images when MCUboot is set to swap using offset mode Signed-off-by: Jamie McCrae <[email protected]>
9fa2367
to
e09365f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I think this will make a good default.
#ifdef MCUBOOT_SWAP_USING_OFFSET | ||
, uint32_t start_off | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the future: We should just rewrite the code to take this param anyway and ignore it when not used.
#ifdef MCUBOOT_SWAP_USING_OFFSET | ||
, uint32_t start_off | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
#if defined(MCUBOOT_SWAP_USING_OFFSET) && defined(MCUBOOT_SERIAL_RECOVERY) | ||
, uint32_t start_off | ||
#endif |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And here.
off = boot_img_sector_size(state, BOOT_SECONDARY_SLOT, 0); | ||
} | ||
|
||
rc = flash_area_read(fap, off, out_hdr, sizeof *out_hdr); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that convention in MCUboot is to use () after sizeof.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New swap alg. is introduced as it should be - new swap code is placed in dedicate source, changes are made in logical chunks and legible.
This implements what I had in my minds a few years ago.
a smaller swap status area size. | ||
|
||
When using this algorithm the maximum image size available for the application | ||
will be the smallest of the following: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
just: will be:
?
up by having the update image written in the second sector in | ||
the update slot, which offers a faster update process and | ||
requires a smaller swap status area | ||
- Made swap using offset the default algorithm for Zephyr builds |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is set as default if preferred... as it was with the move alg before
Fixes #2134
165KiB update using swap using move on nrf5340dk: 18 seconds
182KiB update using swap using offset on nrf5340dk: 13 seconds