From 6880af5545a50689a9c44fd99dd602f404ba5ef3 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 3 Jan 2025 08:06:56 +0000 Subject: [PATCH] docs: design: Add information on swap using offset mode Adds details on how this new mode works Signed-off-by: Jamie McCrae --- docs/design.md | 69 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 59 insertions(+), 10 deletions(-) diff --git a/docs/design.md b/docs/design.md index 7fa06fe6b..060a4802c 100755 --- a/docs/design.md +++ b/docs/design.md @@ -235,7 +235,52 @@ Where: `image-slot-size` is the size of the image slot. `image-trailer-size` is the size of the image trailer. -### [Swap without using scratch](#image-swap-no-scratch) +### [Swap using offset (without using scratch)](#image-swap-offset-no-scratch) + +This algorithm is an alternative to the swap-using-scratch algorithm and an +enhancement of the swap using move algorithm. +It uses an additional sector in the secondary slot to make swap possible. +The algorithm works as follows: + + 1. Update image must be placed starting at the second sector in the secondary slot + 2. Copies the N-th sector from the primary slot to the N-th sector of the + secondary slot. + 3. Copies the (N+1)-th sector from the secondary slot to the N-th sector of the + primary slot. + 4. Repeats steps 2. and 3. until all the slots' sectors are swapped. + +This algorithm is designed so that the lower sector of the secondary slot is +used only for allowing sectors to move down. Therefore the most +memory-size-effective slot layout is when the secondary slot is larger than +the secondary slot by exactly one sector, though the size of the swap status +area needs to be accounted for in the primary slot, rounded up to the total +size of the sectors it occupies, although same-sized slots are allowed as well. +The algorithm is limited to support sectors of the same sector layout. All +slot's sectors should be of the same size. This algorithm uses 2 flags per +sector update rather than the 3 flags used by swap using move which requires +less swap status size. + +When using this algorithm the maximum image size available for the application +will be the smallest of the following: +``` +maximum-image-size1 = N1 * slot-sector-size - image-trailer-sectors-size +maximum-image-size2 = (N2-1) * slot-sector-size +``` + +Where: + `N1` is the number of sectors in the primary slot. + `N2` is the number of sectors in the secondary slot. + `image-trailer-sectors-size` is the size of the image trailer rounded up to + the total size of sectors its occupied. For instance if the image-trailer-size + is equal to 1056 B and the sector size is equal to 1024 B, then + `image-trailer-sectors-size` will be equal to 2048 B. + +The algorithm does one erase cycle on both the primary and secondary slots +during each swap. + +The algorithm is enabled using the `MCUBOOT_SWAP_USING_OFFSET` option. + +### [Swap using move (without using scratch)](#image-swap-no-scratch) This algorithm is an alternative to the swap-using-scratch algorithm. It uses an additional sector in the primary slot to make swap possible. @@ -977,7 +1022,10 @@ the middle of an image swap operation. The swap status region consists of a series of single-byte records. These records are written independently, and therefore must be padded according to the minimum write size imposed by the flash hardware. The structure of the swap status region is illustrated below. -In this figure, a min-write-size of 1 is assumed for simplicity. +In this figure, a min-write-size of 1 is assumed for simplicity, this diagram +shows 3 states per sector which is applicable to swap using scratch and swap +using move, however in swap using offset mode there are only 2 states per +sector and the overall state size required is less. ``` 0 1 2 3 @@ -1038,14 +1086,15 @@ values map to the above four states as follows The swap status region can accommodate `BOOT_MAX_IMG_SECTORS` sector indices. Hence, the size of the region, in bytes, is -`BOOT_MAX_IMG_SECTORS * min-write-size * 3`. The only requirement for the index -count is that it is great enough to account for a maximum-sized image -(i.e., at least as great as the total sector count in an image slot). If a -device's image slots have been configured with `BOOT_MAX_IMG_SECTORS: 128` and -use less than 128 sectors, the first record that gets written will be somewhere -in the middle of the region. For example, if a slot uses 64 sectors, the first -sector index that gets swapped is 63, which corresponds to the exact halfway -point within the region. +`BOOT_MAX_IMG_SECTORS * min-write-size * s` where `s` is 3 for swap using +scratch and swap using move modes, and is 2 for swap using offset mode. The +only requirement for the index count is that it is great enough to account +for a maximum-sized image (i.e., at least as great as the total sector count in +an image slot). If a device's image slots have been configured with +`BOOT_MAX_IMG_SECTORS: 128` and use less than 128 sectors, the first record +that gets written will be somewhere in the middle of the region. For example, +if a slot uses 64 sectors, the first sector index that gets swapped is 63, +which corresponds to the exact halfway point within the region. --- ***Note***