TFM-M doesn't generate tfm_ns_signed.bin image for FOTA firmware upgrade #53537
Comments
|
@nandojve My understanding is hat it is not specific to |
Yes, I believe it affects all besides I'm currently more focused on the |
erwango
added
area: Build System
area: TF-M
microbuilder
assigned erwango, microbuilder and joerchan and unassigned theotherjimmy, joerchan and erwango
|
@nandojve The signed NS file is set in the TF-M cmake file via: $ find . -name '*.hex'
./tfm/install/outputs/tfm_s.hex
./tfm/install/outputs/bl2.hex
./tfm/bin/tfm_s.hex
./tfm/bin/bl2.hex
./zephyr_ns_signed.hex
./tfm_merged.hex
./tfm_s_signed.hex
./zephyr/zephyr.hexThis is then merged with the S hex file to produce |
|
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
|
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
|
I managed to have a NS binary working on |
|
This issue has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this issue will automatically be closed in 14 days. Note, that you can always re-open a closed issue at any time. |
|
@nandojve Please raise a feature-request for the zephyr build system to output signed TF-M images as .bin files. |
Describe the bug
When building a TFM image with b_u585i_iot02a_ns board which has TFM_PARTITION_FIRMWARE_UPDATE enabled Zephyr build system does not generate the tfm_ns_signed.bin.
To Reproduce
Follow steps of samples/tfm_integration/psa_firmware using the b_u585i_iot02a_ns board. After build a search in the build directory by *.bin files return:
$ find build -name *.bin build/zephyr/zephyr.bin build/zephyr/isrList.bin build/update-header.bin build/update-image.bin build/tfm/bl2/ext/mcuboot/tfm_s_signed.bin build/tfm/bin/tfm_s_signed.bin build/tfm/bin/bl2.bin build/tfm/bin/tfm_s.bin build/tfm/install/outputs/tfm_s_signed.bin build/tfm/install/outputs/bl2.bin build/tfm/install/outputs/tfm_s.binExpected behavior
The Firmware Upgrade can work updating 3 image types:
FWU_IMAGE_TYPE_FULL,FWU_IMAGE_TYPE_SECUREandFWU_IMAGE_TYPE_NONSECURE. Those are selected byMCUBOOT_IMAGE_NUMBER. In this case whenMCUBOOT_IMAGE_NUMBER=1aFWU_IMAGE_TYPE_FULLsigned image in the binary form should be available. Without that a FOTA may not be possible. In the same way whenMCUBOOT_IMAGE_NUMBER=2bothFWU_IMAGE_TYPE_SECUREandFWU_IMAGE_TYPE_NONSECUREsigned images in the binary form should be provided. The binary image should be the signed one to allow MCUboot perform the upgrade and that must include headers in the correct position, if necessary.I noted that when
-DMCUBOOT_IMAGE_NUMBER=1and both images are bigger then S slot, for instance, 524k, the final binary won't be generated. As far I understand for this board the final combined image could be up to 832k.Impact
Besides sample of firmware upgrade be a valid one it not show too many details about how to generated those signed binaries image manually. Currently I can not move forward in the project.
Environment (please complete the following information):
CC: @erwango
The text was updated successfully, but these errors were encountered: