This project ports the FreeRTOS OTA PAL based on PSA API.
PSA is Platform Security Architecture which is initiated by Arm. Please get the details from this link.
In general, this porting maps the FreeRTOS OTA PAL APIs to PSA Firmware Update and Crypto APIs. It follows the PSA Firmware Update API v1.0 beta and PSA Cryptography API v1.0 beta3. The process of image write, image verification and image activation are protected by the PSA secure service.
Please check the License.md file in this project root folder for the detailed license information.
Unless stated otherwise, the software is provided under the MIT License.
- Use the
libraries/abstractions/ota_pal_psa/ota_pal.c
as the implementation of APIs defined invendors/vendor/boards/board/ports/ota_pal_for_aws/ota_pal.h
- Add the source file
libraries/abstractions/ota_pal_psa/version/application_version.c
to the project. xOTACodeVerifyKeyHandle
is the key handle which indicates the image verification key in PSA Crypto Service. It is used when verifying the image inotaPal_CloseFile
.- Build the PSA implementation as the secure side image (check the Trusted Firmware-M example in the following section).
- Integrate the FreeRTOS project with the interface files of the PSA implementation (check the TF-M example below).
- Build the FreeRTOS project which runs in the non-secure world.
- Follow the platform-specific instructions to sign/combine the FreeRTOS image and secure side image.
TF-M is a PSA implementation. It implements the PSA Firmware Framework API and developer API such as Secure Storage, Cryptography, Initial Attestation, etc. Refer to PSA website for more details.
The latest version of FreeRTOS OTA PAL is supported by TF-M v1.7.0.
Please follow the Build instructions of TF-M to build the secure side image for your platform.
Note
AWS OTA agent always conducts a self-test after image downloading indicating that a TRIAL
state is required of the components. If MCUboot is used as the bootloader, MCUBOOT_UPGRADE_STRATEGY
should be set to SWAP_USING_SCRATCH
or SWAP_USING_MOVE
when building the secure images.
Please check Integration guide of TF-M for integrating the FreeRTOS project with TF-M.