Skip to content
  • Ahmed Ismail's avatar
    Add ML Model component OTA update on keyword-detection application (#106) · 09fb523e
    Ahmed Ismail authored
    
    
    * sign-tfm-image: Refactor the CMake Module
    
    The `SignTfmImage.cmake` module is refactored to
    to accept an input binary name and an input signing
    layout file.
    
    These modifications are going to be used to sign the
    non_secure and the ML Model images separately which
    is essential to add the ML Model component OTA update
    feature.
    
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * fvp-options: Remove `--fast` option
    
    `--fast` FVP NPU option is removed as it's not
    completely supported by all platforms.
    
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * cs-300: Extract the ML model to a separate binary
    
    Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
    model in the same way as other components. To achieve that, the ML model
    component will be kept in flash during boot, for the MCUBoot to validate
    the image, and perform the swap operation if needed.
    
    Since the Ethos NPU doesn't have access to flash, the model will be
    copied back to DDR at runtime. This is why the model is still kept in
    the DDR memory region in the linker script.
    
    Patches for the trusted_firmware-m component:
    - Add support for the third image for cs-300 platform.
    - Configure the signing layout for the ML model, and reuse the NS key.
    - Add a modified flash map for the cs-300, for the MCUBoot to handle the
    third image. This is based on the default flash layout used before.
    
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * cs-310: Extract the ML model to a separate binary
    
    Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
    model in the same way as other components. To achieve that, the ML model
    component will be kept in flash during boot, for the MCUBoot to validate
    the image, and perform the swap operation if needed.
    
    Since the Ethos NPU doesn't have access to flash, the model will be
    copied back to DDR at runtime. This is why the model is still kept in
    the DDR memory region in the linker script.
    
    Patches for the trusted_firmware-m component:
    - Add support for the third image for cs-310 platform.
    - Configure the signing layout for the ML model, and reuse the NS key.
    - Add a modified flash map for the cs-310, for the MCUBoot to handle the
    third image. This is based on the default flash layout used before.
    
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatardefault avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * mps4: Extract the ML model to a separate binary
    
    Eventually, we want the MCUBoot (and the rest of TF-M) to handle the ML
    model in the same way as other components. To achieve that, the ML model
    component will be kept in flash during boot, for the MCUBoot to validate
    the image, and perform the swap operation if needed.
    
    Since the Ethos NPU doesn't have access to flash, the model will be
    copied back to DDR at runtime. This is why the model is still kept in
    the DDR memory region in the linker script.
    
    Patches for the trusted_firmware-m component:
    - Add support for the third image for mps4 platforms.
    - Configure the signing layout for the ML model, and reuse the NS key.
    - Add a modified flash map for the mps4 platforms, for the MCUBoot to
    handle the third image. This is based on the default flash layout
    used before.
    
    These changes applies to both:
    * Corstone-315 Platform.
    * Corstone-320 Platform.
    
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * keyword: Extract the ML model as a TF-M component
    
    keyword-detection example:
    - Configure the MCUBoot to work with 3 components instead of 2.
    - Configure the MCUBoot to use a non-default flash map.
    - Set the ML model image version.
    - Sign the ML model image using the same key as the NS image.
    - Generate an update signature for the ML model image.
    - At the ML task init, add a new step, where the ML model is copied from
    flash to DDR.
    - Update the merge images CMake function in TF-M integration
    layer to handle the third component (the ML model image).
    - Update the extract_sections_from_axf CMake function.
    
    Patches for the freertos_ota_pal_psa component:
    - Add the ML model file path.
    - Stop using a global variable to store the NS image version.
    - Fix the GetImageVersionPSA to return the version to an output param
    for any given component (rather than update the global var).
    
    Patches for the ml_embedded_evaluation_kit component:
    - Override EthosU55 NPU default IRQ handler to avoid modifying the
    vector table in run-time which alter the non-secure image result in
    MCUBoot validation failure.
    
    Additions for the OTA Orchestrator:
    - Stop using a global variable to store the NS image version.
    - Replace all the uses of the appFirmwareVersion global var with the
    appropriate call to the new image version getter.
    
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * ml-update-demo: Update from a faulty model to a working one
    
    Add a modified tflite file that produces no inference results
    at runtime. This file can be used to build an application that
    is fully functional, but the ML inference is unsuccessful in
    detecting any keyword. Applying an OTA ML model update in this
    state is very visible since the updated model does work as
    expected (detects keywords from audio samples).
    
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * freertos-integration-tests: Remove OTA update dependencies
    
    Since we don't run OTA tests as part of the intgeration tests
    anymore, we don't need to sign the update binary and there
    is no need to upload the update binary to AWS.
    
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    * ci: Add keyword-detection ML Model update nightly test
    
    Add a new nightly test to verify the ML model OTA update,
    this is done for Keyword-Detection application compiled with
    GNU toolchain only as this is the currently supported combination.
    This nightly test runs on all the Corstone platforms.
    
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    
    ---------
    
    Signed-off-by: default avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    Signed-off-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    Signed-off-by: default avatardefault avatarAhmed Ismail <Ahmed.Ismail@arm.com>
    Co-authored-by: default avatarFilip Jagodzinski <filip.jagodzinski@arm.com>
    09fb523e