IETF Logo Mail Archive

Re: [Suit] Introducing draft-moran-suit-manifest-04

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 11 April 2019 17:10 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A93A1205F8 for <suit@ietfa.amsl.com>; Thu, 11 Apr 2019 10:10:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3Y1rIYGkNTn for <suit@ietfa.amsl.com>; Thu, 11 Apr 2019 10:10:45 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA2541206BC for <suit@ietf.org>; Thu, 11 Apr 2019 10:10:44 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 53A8C3826B; Thu, 11 Apr 2019 13:09:42 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 54FF0708; Thu, 11 Apr 2019 13:10:42 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 52836479; Thu, 11 Apr 2019 13:10:42 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: David Brown <david.brown@linaro.org>
cc: Brendan Moran <Brendan.Moran@arm.com>, "suit@ietf.org" <suit@ietf.org>
In-Reply-To: <20190315163402.GA25574@davidb.org>
References: <16EC7DB9-1649-4A86-A370-F77CB03305AC@arm.com> <20190315163402.GA25574@davidb.org>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 11 Apr 2019 13:10:42 -0400
Message-ID: <24503.1555002642@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/FYtyKmgcsBrin_f332kD2UCgzK0>
Subject: Re: [Suit] Introducing draft-moran-suit-manifest-04
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Apr 2019 17:10:56 -0000

{catching up on the thread, having read the documents}

David Brown <david.brown@linaro.org> wrote:
    > - The download part of an upgrade happens while the application is
    > running, and this code is contained within the code currently
    > running in the primary image.  It downloads the upgrade into the
    > "secondary" slot.  This new code cannot execute at this address,
    > but is placed here as the image is downloaded.  The assumption is
    > that their isn't sufficient RAM to hold the entire image, and that
    > a download may be interrupted.

Are there systems that you target where the minimal MMU could actually remap
things?

    > - Using the scratch area exchange the images in the primary and
    > secondary slot
...

    > This is designed in such a way that it can resume after any
    > untimely interruption.

I guess the scratch area is not big enough for the entire image, but if there
is an interruption, then the bootloader simply continues to do the swap?

    > Within either the primary or secondary slot, the image has a format
    > similar to:

    > +------------+
    > | Header     |
    > +------------+
    > | Executable |
    > +------------+
    > | Manifest   |
    > +------------+

    > there is no real separate place to store the manifest.  This does mean
    > that during an upgrade the manifest for both the old and the new image
    > are present in flash.

It seems that maybe there is an opportunity here, but I don't know what it is yet.

    > I'm curious what thoughts people have on how to apply the draft 4
    > manifest to the above scenario.  Operations such as "load" aren't
    > really meaningful, but apply-image would certainly make sense.

    > However, the installation of a new image is partially initiated by a
    > different piece of code than the bootloader which is responsible for
    > actually installing the image.  This state has to be managed carefully
    > in a way that works with NOR flash, and therefore will probably live
    > outside of the manifest.

I see your point.

--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email