Remove writable flash regions support

Removing support for writable flash regions permits to save 1 page in the binary due to alignment constraints. It also permits to reduce the diff with libtock-rs which doesn't support writable flash regions. This commit also updates the `SyscallStorage` documentation.
google · May 6, 2020 · 3edb387 · 3edb387
1 parent 1f22004
commit 3edb387
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 20 deletions.
diff --git a/layout.ld b/layout.ld
@@ -71,18 +71,6 @@ SECTIONS {
         . = ALIGN(32);
     } > FLASH =0xFF
 
-    /* App state section. Used for persistent app data.
-     * We put this first because this is what libtock-c does. They provide the
-     * following explanation: if the app code changes but the persistent data
-     * doesn't, the app_state can be preserved.
-     */
-    .wfr.app_state :
-    {
-        . = ALIGN(4K);
-        KEEP (*(.app_state))
-        . = ALIGN(4K);
-    } > FLASH =0xFFFFFFFF
-
     /* Text section, Code! */
     .text :
     {

diff --git a/src/embedded_flash/syscall.rs b/src/embedded_flash/syscall.rs
@@ -55,7 +55,7 @@ impl SyscallStorage {
     ///
     /// # Safety
     ///
-    /// The `storage` must be in a writeable flash region.
+    /// The `storage` must be readable.
     ///
     /// # Errors
     ///
@@ -74,14 +74,15 @@ impl SyscallStorage {
     /// # extern crate ctap2;
     /// # use ctap2::embedded_flash::SyscallStorage;
     /// # use ctap2::embedded_flash::StorageResult;
-    /// # const NUM_PAGES: usize = 1;
-    /// # const PAGE_SIZE: usize = 1;
-    /// #[link_section = ".app_state"]
-    /// static mut STORAGE: [u8; NUM_PAGES * PAGE_SIZE] = [0xff; NUM_PAGES * PAGE_SIZE];
+    /// # const STORAGE_ADDR: usize = 0x1000;
+    /// # const STORAGE_SIZE: usize = 0x1000;
     /// # fn foo() -> StorageResult<SyscallStorage> {
-    /// // This is safe because this is the only use of `STORAGE` in the whole program and this is
-    /// // called only once.
-    /// unsafe { SyscallStorage::new(&mut STORAGE) }
+    /// // This is safe because we create and use `storage` only once in the whole program.
+    /// let storage = unsafe {
+    ///     core::slice::from_raw_parts_mut(STORAGE_ADDR as *mut u8, STORAGE_SIZE)
+    /// };
+    /// // This is safe because `storage` is readable.
+    /// unsafe { SyscallStorage::new(storage) }
     /// # }
     /// ```
     pub unsafe fn new(storage: &'static mut [u8]) -> StorageResult<SyscallStorage> {