* sign-tfm-image: Refactor the CMake Module

The `SignTfmImage.cmake` module is refactored to
to accept an input binary name and an input signing
layout file.

These modifications are going to be used to sign the
non_secure and the ML Model images separately which
is essential to add the ML Model component OTA update
feature.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* fvp-options: Remove `--fast` option

`--fast` FVP NPU option is removed as it's not
completely supported by all platforms.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* cs-300: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for cs-300 platform.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the cs-300, for the MCUBoot to handle the
third image. This is based on the default flash layout used before.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* cs-310: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for cs-310 platform.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the cs-310, for the MCUBoot to handle the
third image. This is based on the default flash layout used before.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>

* mps4: Extract the ML model to a separate binary

Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
model in the same way as other components. To achieve that, the ML model
component will be kept in flash during boot, for the MCUBoot to validate
the image, and perform the swap operation if needed.

Since the Ethos NPU doesn't have access to flash, the model will be
copied back to DDR at runtime. This is why the model is still kept in
the DDR memory region in the linker script.

Patches for the trusted_firmware-m component:
- Add support for the third image for mps4 platforms.
- Configure the signing layout for the ML model, and reuse the NS key.
- Add a modified flash map for the mps4 platforms, for the MCUBoot to
handle the third image. This is based on the default flash layout
used before.

These changes applies to both:
* Corstone-315 Platform.
* Corstone-320 Platform.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* keyword: Extract the ML model as a TF-M component

keyword-detection example:
- Configure the MCUBoot to work with 3 components instead of 2.
- Configure the MCUBoot to use a non-default flash map.
- Set the ML model image version.
- Sign the ML model image using the same key as the NS image.
- Generate an update signature for the ML model image.
- At the ML task init, add a new step, where the ML model is copied from
flash to DDR.
- Update the merge images CMake function in TF-M integration
layer to handle the third component (the ML model image).
- Update the extract_sections_from_axf CMake function.

Patches for the freertos_ota_pal_psa component:
- Add the ML model file path.
- Stop using a global variable to store the NS image version.
- Fix the GetImageVersionPSA to return the version to an output param
for any given component (rather than update the global var).

Patches for the ml_embedded_evaluation_kit component:
- Override EthosU55 NPU default IRQ handler to avoid modifying the
vector table in run-time which alter the non-secure image result in
MCUBoot validation failure.

Additions for the OTA Orchestrator:
- Stop using a global variable to store the NS image version.
- Replace all the uses of the appFirmwareVersion global var with the
appropriate call to the new image version getter.

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* ml-update-demo: Update from a faulty model to a working one

Add a modified tflite file that produces no inference results
at runtime. This file can be used to build an application that
is fully functional, but the ML inference is unsuccessful in
detecting any keyword. Applying an OTA ML model update in this
state is very visible since the updated model does work as
expected (detects keywords from audio samples).

Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* freertos-integration-tests: Remove OTA update dependencies

Since we don't run OTA tests as part of the intgeration tests
anymore, we don't need to sign the update binary and there
is no need to upload the update binary to AWS.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

* ci: Add keyword-detection ML Model update nightly test

Add a new nightly test to verify the ML model OTA update,
this is done for Keyword-Detection application compiled with
GNU toolchain only as this is the currently supported combination.
This nightly test runs on all the Corstone platforms.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

---------

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
Signed-off-by: Filip Jagodzinski <filip.jagodzinski@arm.com>
Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
Co-authored-by: Filip Jagodzinski <filip.jagodzinski@arm.com>

Ahmed Ismail authored Jan 23, 2025 and Devaraj Ranganna committed Jan 28, 2025

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

Ahmed Ismail authored Jan 20, 2025 and Devaraj Ranganna committed Jan 28, 2025

As a result of updating from Ubuntu v20.04 to v22.04,
the following changes had to be made:

* The default `setuptools_scm` v8.x requires that
`setuptools` package has a version higher than 61.
Hence, updating the minimum required `setuptools`
version.

* The `license_file` is now deprecated and `license_files`
option should be used instead.

* The way CI-env-private installs `uncrustify` has been changed
where it introduced a known issue in the `uncrustify` tool so a
workaround has been applied to overcome the issue.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

Chuyue Luo authored Jan 09, 2025 and Devaraj Ranganna committed Jan 13, 2025

The OTA Agent should not shut down after rebooting, since there may be
further OTA updates sent.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

Chuyue Luo authored Dec 20, 2024 and Devaraj Ranganna committed Jan 13, 2025

The OTA orchestrator now checks if the updated firmware version is
higher than the previous firmware version.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

Chuyue Luo authored Dec 20, 2024 and Devaraj Ranganna committed Jan 13, 2025

An OTA image should be accepted only if the update version is higher
than the current firmware version. This commit adds an out-of-tree patch
to the Jobs-for-AWS-IoT-embedded-sdk library which adds functionality
for sending the updatedBy version to the cloud and retrieving it when
the device reboots.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

Chuyue Luo authored Dec 17, 2024 and Devaraj Ranganna committed Jan 13, 2025

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

With latest FreeRTOS TCP/IP stack, due to a timing issue, most of the
MQTT tests fail on FVP, because of connection reset. Therefore,
increase the MQTT keep alive timeout `MQTT_KEEP_ALIVE_INTERVAL_SECONDS`
from `60` to `300` seconds.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

With latest FreeRTOS TCP/IP stack, due to a timing issue, most of the
MQTT tests fail on FVP, because of TCP keep alive timeout. Therefore,
increase the TCP keep alive timeout `ipconfigTCP_KEEP_ALIVE_INTERVAL`
from `20` to `300` seconds.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Due to incorrect order to libraries during linking stage, which was
caused by `coremqtt-config` interface linking to `helpers-logging` build
was failing. Therefore, move the logging macros definition from `.h` to
`.c`.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Printing out the FVP version facilitates troubleshooting
and helps verify the results of FVP updates.

Signed-off-by: Dávid Házi <david.hazi@arm.com>

* components: Remove ota_for_aws_iot_embedded_sdk

Remove the ota_for_aws_iot_embedded_sdk component, as we will be
replacing it with the new modular OTA.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* applications: Add C Runtime Helpers

Add a crt-helpers/ directory within applicatons/helpers. Within this
directory, add a custom implementation of `strnlen` (based on TF-M's
`tfm_strnlen` implementation). This is required because the Arm Compiler
for Embedded (v6.21) does not support `strnlen`.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* components: Add Jobs-for-AWS-IoT-embedded-sdk component

Add the Jobs-for-AWS-IoT-embedded-sdk repository as a submodule. This
library is used to interact with AWS IoT Jobs (remote operations that
are sent to and executed on devices connected to AWS IoT). It is one of
the two libraries that must be integrated to allow the new modular OTA
to be used - second library (aws-iot-core-mqtt-file-streams-embedded-c)
is integrated in a later commit.

In addition, the required integration CMake files to build the component
are added.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* components: Add patches for Jobs-for-AWS-IoT-embedded-sdk library

Two patches are added for the Jobs-for-AWS-IoT-embedded-sdk library:
- The Jobs library assumes the OTA job is signed using ECDSA. However,
we currently use RSA. Therefore, add a patch to change the check for an
ECDSA signature to a check for an RSA signature.
- The Jobs library contains calls to the `strnlen` function. However,
this function is not supported by the Arm Compiler for Embedded (v6.21).
Therefore, add a patch which replaces these calls with calls to our
custom implementation `app_strnlen`.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* components: Add aws-iot-core-mqtt-file-streams-embedded-c component

Add the aws-iot-core-mqtt-file-streams-embedded-c repository as a
submodule. This library allows files from a stream (an abstraction for
a list of files) to be transferred to an IoT device. It is the second of
the two libraries that must be integrated to allow the new modular OTA
to be used.

In addition, the required integration CMake files to build the component
are added.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* components: Add patch for MQTT File Streams library

The aws-iot-core-mqtt-file-streams-embedded-c library uses the `strnlen`
function, which is not supported by the Arm Compiler for Embedded
(v6.21). Therefore, add a patch which replaces the call to `strnlen`
with a call to our custom implementation `app_strnlen`.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* applications: Add MQTT File Downloader config for keyword detection

THe MQTT File Streams library allows a MQTTFileDownloader_config.h file
to be provided, which defines custom values for build configuration
macros. This commit adds a MQTTFileDownloader_config.h file for the
keyword detection example. This file defines the block size that should
be used when downloading the firmware image.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* components: Add patch for FreeRTOS OTA PAL PSA

Add a patch for FreeRTOS OTA PAL PSA to allow it to work with the new
modular OTA structure. This patch does the following:
- Update header includes to remove headers from the old
ota-for-aws-iot-embedded-sdk library, replace these with headers from
the new Jobs-for-AWS-IoT-embedded-sdk library
- Remove usage of data structures from ota-for-aws-iot-embedded-sdk
library, replace these with data structures from
Jobs-for-AWS-IoT-embedded-sdk library.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* ota: Add OTA orchestrator

Add an OTA orchestrator as a helper within the applications/ directory.
The OTA orchestrator uses functionality from the Jobs and MQTT File
Streaming libraries to enable OTA updates.

In addition, update the keyword detection CMakeLists.txt to allow this
example to use the new modular OTA.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* applications: New modular OTA for speech recognition example

Update speech recognition CMakeLists.txt and add
MQTTFileDownloader_config.h file to allow this example to use the new
modular OTA.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* applications: New modular OTA for object detection example

Update object detection CMakeLists.txt and add
MQTTFileDownloader_config.h file to allow this example to use the new
modular OTA.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

* applications: New modular OTA for FreeRTOS IoT Libraries Tests

Update FreeRTOS IoT Libraries Tests CMakeLists.txt and add
MQTTFileDownloader_config.h file to allow the tests to use the new
modular OTA.

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

---------

Signed-off-by: Chuyue Luo <Chuyue.Luo@arm.com>

Increase/decrease the CI runner resources based on the job
requirements.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Remove the upstreamed out-of-tree patch
`0001-Do-not-define-__PASTE-macro-for-Arm-compiler.patch` and update to
latest version of corePKCS11 library.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

* Remove upstreamed out of tree patch
  `0003-Introduce-user-defined-MQTT-keep-alive-value.patch`.
* With the latest version of FreeRTOS Integration tests, OTA PAL test
  has been removed. Therefore, remove OTA PAL test specific changes from
  integration layer including the patch
  0002-closefile-validsignature-test-Fix-test-bugs.patch.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

With MbedTLS v3.6.1, the out of tree patch
`0001-md-Fix-guards-for-functions-and-headers.patch` is not needed
anymore.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Since FRI is not a python project, move both `pyproject.toml` and
`setup.cfg` to `tools/ci`.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Ahmed Ismail authored Oct 22, 2024 and Devaraj Ranganna committed Oct 23, 2024

This commit include the following changes:

* Update `CHANGELOG.md` and `manifest.yml`
files.
* Remove the files inside `release_changes`
directory.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

Gergely Korcsak authored Sep 30, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Sep 19, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Sep 25, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Sep 11, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Aug 16, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Aug 22, 2024 and Devaraj Ranganna committed Oct 22, 2024

Provides the changeability of the signing method at
`application/<app>/CmakeLists.txt`, under `AWS_OTA_SIGNATURE_TYPE`.
Provides support for EC_P256, EC_P384, RSA_2048 and RSA_3072.

Separates the signing algorithm/keys used for TF-M and the NS side.

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Aug 14, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Aug 06, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Aug 06, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>

Gergely Korcsak authored Oct 03, 2024 and Devaraj Ranganna committed Oct 22, 2024

Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>
Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>

When using Mbed TLS as the PSA crypto implementation on the non-secure
side, the device private key is defined as volatile key since there is
no filesystem support. Therefore, always provision the keys when using
Mbed TLS as the PSA crypto implementation on the non-secure side.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

While adding `prevent re-provisioning` feature, one of the added
functions used `UBaseType_t` datatype which is defined in `FreeRTOS.h`,
but didn't include the header. This was causing integration tests build
failure.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

With latest version of `boto`, `s3.list_buckets` API expects
`ContinuationToken` instead of `nextToken`.

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

Signed-off-by: Devaraj Ranganna <devaraj.ranganna@arm.com>

After successful provisioning, the code writes a pattern
into the ITS, which could be checked on the next boot.

Signed-off-by: Dávid Házi <david.hazi@arm.com>

Reuben Cartwright authored Sep 12, 2024 and Devaraj Ranganna committed Sep 27, 2024

This commit fixes usage of memcpy with potentially user-defined inputs,
without checking that the buffer could fit these inputs.

Signed-off-by: Reuben Cartwright <Reuben.Cartwright@arm.com>

Reuben Cartwright authored Sep 11, 2024 and Devaraj Ranganna committed Sep 27, 2024

Adds 76 unit tests.

The CMakeLists.txt within the tests subdirectory are also modified so
that the tests run on calling ctest.

Signed-off-by: Reuben Cartwright <Reuben.Cartwright@arm.com>

Reuben Cartwright authored Sep 05, 2024 and Devaraj Ranganna committed Sep 27, 2024

The function `otaAppCallback` is called upon an event such as a new
file block being received, or the OTA image being activated.
The function then redundantly checks the OTA state via `OTA_GetState`,
which reduces code clarity via duplication including redundant
calls to the ota update's active and inactive hooks.
This fix has been tested via passing Arm's internal CI.

Signed-off-by: Reuben Cartwright <Reuben.Cartwright@arm.com>

Reuben Cartwright authored Sep 02, 2024 and Devaraj Ranganna committed Sep 27, 2024

This commit makes the static functions in ota_agent_task.c visible
if the UNIT_TESTING macro is defined.
The methodology is documented already in `unit_testing.md`.

This is justified because:
- These functions need to be tested.
- Functions other than `vStartOtaTask` cannot be refactored to be
non-static, as only `vStartOtaTask` should be called in another file.

Signed-off-by: Reuben Cartwright <Reuben.Cartwright@arm.com>