-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TFM-M doesn't generate tfm_ns_signed.bin image for FOTA firmware upgrade #53537
Comments
@nandojve My understanding is hat it is not specific to |
Yes, I believe it affects all besides I'm currently more focused on the |
@nandojve The signed NS file is set in the TF-M cmake file via: $ find . -name '*.hex'
./tfm/install/outputs/tfm_s.hex
./tfm/install/outputs/bl2.hex
./tfm/bin/tfm_s.hex
./tfm/bin/bl2.hex
./zephyr_ns_signed.hex
./tfm_merged.hex
./tfm_s_signed.hex
./zephyr/zephyr.hex This is then merged with the S hex file to produce |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
I managed to have a NS binary working on |
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
@nandojve Please raise a feature-request for the zephyr build system to output signed TF-M images as .bin files. |
Describe the bug
When building a TFM image with b_u585i_iot02a_ns board which has TFM_PARTITION_FIRMWARE_UPDATE enabled Zephyr build system does not generate the tfm_ns_signed.bin.
To Reproduce
Follow steps of samples/tfm_integration/psa_firmware using the b_u585i_iot02a_ns board. After build a search in the build directory by *.bin files return:
$ find build -name *.bin build/zephyr/zephyr.bin build/zephyr/isrList.bin build/update-header.bin build/update-image.bin build/tfm/bl2/ext/mcuboot/tfm_s_signed.bin build/tfm/bin/tfm_s_signed.bin build/tfm/bin/bl2.bin build/tfm/bin/tfm_s.bin build/tfm/install/outputs/tfm_s_signed.bin build/tfm/install/outputs/bl2.bin build/tfm/install/outputs/tfm_s.bin
Expected behavior
The Firmware Upgrade can work updating 3 image types:
FWU_IMAGE_TYPE_FULL
,FWU_IMAGE_TYPE_SECURE
andFWU_IMAGE_TYPE_NONSECURE
. Those are selected byMCUBOOT_IMAGE_NUMBER
. In this case whenMCUBOOT_IMAGE_NUMBER=1
aFWU_IMAGE_TYPE_FULL
signed image in the binary form should be available. Without that a FOTA may not be possible. In the same way whenMCUBOOT_IMAGE_NUMBER=2
bothFWU_IMAGE_TYPE_SECURE
andFWU_IMAGE_TYPE_NONSECURE
signed images in the binary form should be provided. The binary image should be the signed one to allow MCUboot perform the upgrade and that must include headers in the correct position, if necessary.I noted that when
-DMCUBOOT_IMAGE_NUMBER=1
and both images are bigger then S slot, for instance, 524k, the final binary won't be generated. As far I understand for this board the final combined image could be up to 832k.Impact
Besides sample of firmware upgrade be a valid one it not show too many details about how to generated those signed binaries image manually. Currently I can not move forward in the project.
Environment (please complete the following information):
CC: @erwango
The text was updated successfully, but these errors were encountered: