More peer review fixes and attempt to resolve CI build errors.

Author: dgarske

arch.mk

@@ -563,13 +563,23 @@ endif
 ## RISCV (32-bit)
 ifeq ($(ARCH),RISCV)
   CROSS_COMPILE?=riscv32-unknown-elf-
-  # GCC 12-14 split CSR/fence.i into separate extensions (zicsr, zifencei)
-  # and require them explicitly. GCC 15+ re-implies them, and adding them
-  # explicitly can cause multilib lookup failures. Detect by testing if a
-  # CSR/fence.i instruction assembles WITHOUT the extension flag. If it
-  # fails, add the extension.
-  RISCV32_ZICSR := $(shell echo "void f(void){__asm__ volatile(\"csrr a0,mhartid\");}" | $(CROSS_COMPILE)gcc -march=rv32imac -mabi=ilp32 -x c -c - -o /dev/null 2>/dev/null || echo _zicsr)
-  RISCV32_ZIFENCEI := $(shell echo "void f(void){__asm__ volatile(\"fence.i\");}" | $(CROSS_COMPILE)gcc -march=rv32imac -mabi=ilp32 -x c -c - -o /dev/null 2>/dev/null || echo _zifencei)
+  # Detect zicsr/zifencei support: GCC 12+ may require these extensions
+  # explicitly. However, GCC 15 decomposes arch strings (m→zmmul,
+  # a→zaamo+zalrsc, c→zca) which can break multilib lookup.
+  # Verify with a link test, not just compile, to catch multilib mismatches.
+  RISCV32_ZICSR := $(shell echo "void _start(void){}" | \
+    $(CROSS_COMPILE)gcc -march=rv32imac_zicsr -mabi=ilp32 -c -x c - -o /dev/null 2>/dev/null && echo _zicsr)
+  RISCV32_ZIFENCEI := $(shell echo "void _start(void){}" | \
+    $(CROSS_COMPILE)gcc -march=rv32imac_zifencei -mabi=ilp32 -c -x c - -o /dev/null 2>/dev/null && echo _zifencei)
+  ifneq ($(RISCV32_ZICSR)$(RISCV32_ZIFENCEI),)
+    RISCV32_EXT_LINK_OK := $(shell echo "void _start(void){}" | \
+      $(CROSS_COMPILE)gcc -march=rv32imac$(RISCV32_ZICSR)$(RISCV32_ZIFENCEI) \
+      -mabi=ilp32 -nostartfiles -x c - -o /dev/null 2>/dev/null && echo ok)
+    ifneq ($(RISCV32_EXT_LINK_OK),ok)
+      RISCV32_ZICSR :=
+      RISCV32_ZIFENCEI :=
+    endif
+  endif
   ARCH_FLAGS=-march=rv32imac$(RISCV32_ZICSR)$(RISCV32_ZIFENCEI) -mabi=ilp32 -mcmodel=medany
   CFLAGS+=-fno-builtin-printf -DUSE_M_TIME -g -nostartfiles -DARCH_RISCV
   CFLAGS+=$(ARCH_FLAGS)
@@ -619,13 +629,20 @@ ifeq ($(ARCH),RISCV64)
     UPDATE_OBJS?=src/update_ram.o
   endif
 
-  # GCC 12-14 split CSR/fence.i into separate extensions (zicsr, zifencei)
-  # and require them explicitly. GCC 15+ re-implies them, and adding them
-  # explicitly can cause multilib lookup failures. Detect by testing if a
-  # CSR/fence.i instruction assembles WITHOUT the extension flag. If it
-  # fails, add the extension.
-  RISCV64_ZICSR := $(shell echo "void f(void){__asm__ volatile(\"csrr a0,mhartid\");}" | $(CROSS_COMPILE)gcc -march=rv64imac -mabi=lp64 -x c -c - -o /dev/null 2>/dev/null || echo _zicsr)
-  RISCV64_ZIFENCEI := $(shell echo "void f(void){__asm__ volatile(\"fence.i\");}" | $(CROSS_COMPILE)gcc -march=rv64imac -mabi=lp64 -x c -c - -o /dev/null 2>/dev/null || echo _zifencei)
+  # Detect zicsr/zifencei support with link verification (see RV32 comment)
+  RISCV64_ZICSR := $(shell echo "void _start(void){}" | \
+    $(CROSS_COMPILE)gcc -march=rv64imafd_zicsr -mabi=lp64d -c -x c - -o /dev/null 2>/dev/null && echo _zicsr)
+  RISCV64_ZIFENCEI := $(shell echo "void _start(void){}" | \
+    $(CROSS_COMPILE)gcc -march=rv64imafd_zifencei -mabi=lp64d -c -x c - -o /dev/null 2>/dev/null && echo _zifencei)
+  ifneq ($(RISCV64_ZICSR)$(RISCV64_ZIFENCEI),)
+    RISCV64_EXT_LINK_OK := $(shell echo "void _start(void){}" | \
+      $(CROSS_COMPILE)gcc -march=rv64imafd$(RISCV64_ZICSR)$(RISCV64_ZIFENCEI) \
+      -mabi=lp64d -nostartfiles -x c - -o /dev/null 2>/dev/null && echo ok)
+    ifneq ($(RISCV64_EXT_LINK_OK),ok)
+      RISCV64_ZICSR :=
+      RISCV64_ZIFENCEI :=
+    endif
+  endif
 
   ifeq ($(RISCV_MMODE),1)
     # E51 core: rv64imac (no FPU, no crypto extensions)

config/examples/polarfire_mpfs250_m_qspi.config

@@ -1,7 +1,7 @@
 # PolarFire SoC MPFS250T M-Mode (Machine Mode) with SC QSPI Flash
 #
 # This configuration runs wolfBoot directly from eNVM in M-mode (Machine Mode),
-# and boots a test application from SC QSPI flash to on-chip LIM (no DDR).
+# and boots a test application from SC QSPI flash to L2 Scratchpad (no DDR).
 #
 # Boot flow:
 #   1. eNVM (0x20220100) -> L2_SCRATCH (0x0A000000) - wolfBoot starts

docs/Targets.md

@@ -1507,7 +1507,7 @@ $SC_INSTALL_DIR/eclipse/jre/bin/java -jar \
 2. **L2 SRAM Execution** (0x0A000000): wolfBoot runs from scratchpad
 3. **Hardware Init**: L2 cache configuration, UART setup
 4. **QSPI Init**: SC QSPI controller (0x37020100), JEDEC ID read, 4-byte address mode
-5. **Image Load**: Read signed image from QSPI flash (0x20000) to LIM (0x08000200)
+5. **Image Load**: Read signed image from QSPI flash (0x20000) to L2 Scratchpad (0x0A010200)
 6. **Verify & Boot**: SHA384 integrity check, ECC384 signature verification, jump to app
 
 #### M-Mode QSPI Partition Layout

hal/mpfs250.c

@@ -182,7 +182,7 @@ static void mpfs_signal_main_hart_started(void)
  * 2. Send IPI to wake the hart
  * 3. Wait for hart to acknowledge wake-up
  *
- * Returns: Number of harts successfully woken
+ * Returns: Number of harts where wake was attempted
  */
 int mpfs_wake_secondary_harts(void)
 {
@@ -1099,8 +1099,16 @@ static void qspi_uart_program(void)
     wolfBoot_printf("QSPI-PROG: Erasing %u sector(s) at 0x%x...\r\n",
                     n_sectors, addr);
     ext_flash_unlock();
-    for (s = 0; s < n_sectors; s++)
-        ext_flash_erase(addr + s * FLASH_SECTOR_SIZE, FLASH_SECTOR_SIZE);
+    for (s = 0; s < n_sectors; s++) {
+        int ret = ext_flash_erase(addr + s * FLASH_SECTOR_SIZE,
+                                  FLASH_SECTOR_SIZE);
+        if (ret < 0) {
+            wolfBoot_printf("QSPI-PROG: Erase failed at 0x%x (ret %d)\r\n",
+                            addr + s * FLASH_SECTOR_SIZE, ret);
+            ext_flash_lock();
+            return;
+        }
+    }
 
     /* "ERASED\r\n" must be the last bytes before the first ACK (0x06).
      * Do not insert any wolfBoot_printf between here and the transfer loop. */
@@ -1109,6 +1117,7 @@ static void qspi_uart_program(void)
     /* Chunk transfer: wolfBoot requests each 256-byte block with ACK 0x06 */
     written = 0;
     while (written < size) {
+        int ret;
         uint32_t chunk_len = size - written;
         if (chunk_len > QSPI_PROG_CHUNK)
             chunk_len = QSPI_PROG_CHUNK;
@@ -1118,7 +1127,13 @@ static void qspi_uart_program(void)
         for (i = 0; i < chunk_len; i++)
             chunk[i] = uart_qspi_rx();
 
-        ext_flash_write(addr + written, chunk, (int)chunk_len);
+        ret = ext_flash_write(addr + written, chunk, (int)chunk_len);
+        if (ret < 0) {
+            wolfBoot_printf("QSPI-PROG: Write failed at 0x%x (ret %d)\r\n",
+                            addr + written, ret);
+            ext_flash_lock();
+            return;
+        }
         written += chunk_len;
     }
     ext_flash_lock();
@@ -1240,7 +1255,14 @@ int ext_flash_erase(uintptr_t address, int len)
 #if defined(MMU) && !defined(WOLFBOOT_NO_PARTITIONS)
 void* hal_get_dts_address(void)
 {
+#if defined(EXT_FLASH) && defined(NO_XIP)
+    /* Flash is not memory-mapped when using NO_XIP with external flash
+     * (e.g. SC SPI). DTS must be loaded via ext_flash_read, not direct
+     * dereference. Return NULL so the caller skips the direct-access path. */
+    return NULL;
+#else
     return (void*)WOLFBOOT_DTS_BOOT_ADDRESS;
+#endif
 }
 #endif
 

src/boot_riscv.c

@@ -504,7 +504,7 @@ void do_boot(const uint32_t *app_offset)
      * Note: -march=rv64imac does not define __riscv_zifencei, so
      * riscv_icache_sync() in elf.c is a no-op. We emit fence.i manually. */
     asm volatile("fence" ::: "memory");
-    asm volatile(".word 0x0000100f" ::: "memory"); /* fence.i */
+    asm volatile("fence.i" ::: "memory");
     asm volatile("jr %0" : : "r"(app_offset));
     __builtin_unreachable();
 #endif /* WOLFBOOT_MMODE_SMODE_BOOT */

src/boot_riscv_start.S

@@ -186,7 +186,8 @@ _reset:
      * Jump to main initialization code in L2 SRAM
      * From here on, we execute from L2 SRAM (faster than eNVM)
      */
-    la    t0, .L_sram_entry
+    lui   t0, %hi(.L_sram_entry)
+    addi  t0, t0, %lo(.L_sram_entry)
     jr    t0
 
 /*

test-app/startup_riscv.c

@@ -81,8 +81,10 @@ void __attribute__((naked)) isr_synctrap(void)
 {
 #ifdef WOLFBOOT_RISCV_MMODE
     asm volatile("csrr %0, mcause" : "=r"(synctrap_cause));
+    asm volatile("mret");
 #else
     asm volatile("csrr %0, scause" : "=r"(synctrap_cause));
+    asm volatile("sret");
 #endif
 }
 

tools/scripts/mpfs_qspi_prog.py

@@ -85,6 +85,13 @@ def main():
     with open(bin_path, "rb") as f:
         data = f.read()
 
+    # Device-side rejects images > 2 MiB; fail fast here to avoid
+    # waiting through prompt/erase only to have the target abort.
+    MAX_IMAGE_SIZE = 0x200000  # 2 MiB, matches device-side check
+    if len(data) > MAX_IMAGE_SIZE:
+        print(f"Error: image too large ({len(data):,} bytes, max {MAX_IMAGE_SIZE:,})")
+        sys.exit(1)
+
     print(f"wolfBoot QSPI programmer for PolarFire SoC MPFS250")
     print(f"  Port      : {port_name} @ {BAUD_RATE} baud")
     print(f"  Binary    : {bin_path} ({len(data):,} bytes)")