Re: Zephyr DFU protocol

David Brown

On Tue, Aug 29, 2017 at 12:03:04PM -0700, Pushpal Sidhu wrote:

However, one of the considerations of the bootloader is that it has to
be immutable (it can never be upgraded), since it is the beginning of
the root of trust. We'd like to keep as much complexity out of it as
possible. I've even pushed to get rid of the "swap" code it currently
has, and instead move that complexity up a layer or to, and deploy one
of two images at both addresses, and just run the images in place in
the slot containing the desired image.
Sounds like you want an SPL (which I'm for).
We've discussed this, because it does seem like it could be useful.
But, the conclusion we mostly come to is that nearly everything that
would be in the secondary loader has to be in the primary, and the
secondary doesn't end up doing much.

It is also hard to work with such memory constrained devices. It is
difficult to get mcuboot down to 16KB (depends on the signature
algorithms), and with needing two code partitions to safely upgrade,
it limits a lot of what we can do with this.

Maybe doing a two stage boot would be useful for environments that
have larger codespace.


Join to automatically receive all group messages.