Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mcuboot: Make ED25519 signature default for nrf54l series #19148

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

mcuboot: Make ED25519 signature default for nrf54l series #19148

wants to merge 4 commits into from
+10 −2

Conversation

de-nordic
Copy link
Contributor

MCUboot for nRF54l15 will be built with support for ED25519 by default and application images will be signed with ED25519 signature.
The MCUboot partition size, for this configuration, is set to 0xd000.

@de-nordic de-nordic requested a review from a team as a code owner November 28, 2024 16:51
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 28, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 18

Inputs:

Sources:

sidewalk: PR head: 43d1b1c52eab4942fc957c671a9a82219456c7dd
sdk-nrf: PR head: 46342c3c580a056fd15ff7eb42ad0df4f6ac61e6
mcuboot: PR head: c82defabd990a6db8cd2cb230e668de7f9238f07

more details

sidewalk:

PR head: 43d1b1c52eab4942fc957c671a9a82219456c7dd
merge base: 1a811c356150a4ccc58d644d110524c33342e3a1
target head (main): 0632715d29c7e1b7bd6f999b12461fb6ebde36c9
Diff

sdk-nrf:

PR head: 46342c3c580a056fd15ff7eb42ad0df4f6ac61e6
merge base: ef172cdb46c29326938e19c3f7cd99f5af3187e4
target head (main): ef172cdb46c29326938e19c3f7cd99f5af3187e4
Diff

mcuboot:

PR head: c82defabd990a6db8cd2cb230e668de7f9238f07
merge base: 12e5ee106034972b0f1074d6f2261b2b39d1501b
target head (main): b82206c15fff357c151c24bf97c99c4348d14a46
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (20) 
bootloader
│  ├── mcuboot
│  │  ├── scripts
│  │  │  ├── imgtool
│  │  │  │  │ main.py
modules
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── zephyr
│  │  │  │  │ Kconfig
sidewalk
│  ├── samples
│  │  ├── sid_end_device
│  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  ├── sysbuild
│  │  │  │  ├── mcuboot
│  │  │  │  │  ├── boards
│  │  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ prj.conf
│  ├── tests
│  │  ├── manual
│  │  │  ├── simple_bootloader
│  │  │  │  ├── Kconfig.sysbuild
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  │  ├── sysbuild
│  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  ├── nrf52840dk_nrf52840.conf
│  │  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.overlay
│  │  │  │  │  │  │  │ thingy53_nrf5340_cpuapp.conf
│  │  │  │  │  │  │ prj.conf
sysbuild
│  │ Kconfig.mcuboot
tests
│  ├── subsys
│  │  ├── nrf_compress
│  │  │  ├── decompression
│  │  │  │  ├── mcuboot_update
│  │  │  │  │  │ sysbuild.cmake
west.yml

Outputs:

Toolchain

Version: b77d8c1312
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:b77d8c1312_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
  • ✅ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ✅ test-fw-nrfconnect-boot
    • ✅ test-fw-nrfconnect-apps
    • ✅ test_ble_nrf_config
    • ✅ test-fw-nrfconnect-ble_mesh
    • ✅ test-fw-nrfconnect-ble_samples
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • ✅ test-fw-nrfconnect-nrf-iot_samples
    • ✅ test-fw-nrfconnect-nrf-iot_lwm2m
    • ✅ doc-internal
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-rpc
    • ✅ test-fw-nrfconnect-rs
    • ✅ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread
    • ✅ test-fw-nrfconnect-zigbee
    • ✅ test-sdk-find-my
    • ✅ test-fw-nrfconnect-nrf-iot_mosh
    • ✅ test-fw-nrfconnect-nrf-iot_positioning
    • ✅ test-sdk-sidewalk
    • ✅ test-sdk-wifi
    • ✅ test-low-level
    • ✅ test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • ✅ test-sdk-pmic-samples
    • ✅ test-sdk-mcuboot
    • ✅ test-sdk-dfu
    • ✅ test-fw-nrfconnect-ps
    • ✅ test-secdom-samples-public
    • ⚠️ test-fw-nrfconnect-fw-update

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@de-nordic de-nordic mentioned this pull request Nov 28, 2024
Merged
@de-nordic
Copy link
Contributor Author

@nvlsianpu The CI failures are caused by samples overriding mbedtls configuration file from nrf-security to something else.

@LuDuda
Copy link
Contributor

LuDuda commented Nov 28, 2024

@maciejbaczmanski could you please take a look, to ensure we use default configuration.

MarekPieta
MarekPieta approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@MarekPieta MarekPieta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

maciejbaczmanski
maciejbaczmanski approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@maciejbaczmanski maciejbaczmanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#19178 should unblock the PR and fix building matter samples

@de-nordic de-nordic mentioned this pull request Dec 3, 2024
Closed
@de-nordic de-nordic requested review from a team as code owners December 3, 2024 13:38
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Dec 3, 2024
@de-nordic
Copy link
Contributor Author

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

maciejbaczmanski
maciejbaczmanski reviewed Dec 3, 2024
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
@@ -351,6 +351,13 @@ Matter samples
* Updated all Matter samples that support low-power mode to enable the :ref:`lib_ram_pwrdn` feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noticed that when copying and pasting I've left this point here. it should be removed as it is covered under Updated:

@maciejbaczmanski
Copy link
Member

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

rebasing helped on my previous PR

@de-nordic de-nordic added this to the 2.9.0 milestone Dec 3, 2024
@de-nordic
Copy link
Contributor Author

Needed to do rebase and force push to remove conflicts.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 4, 2024
@ktaborowski
samples: new mcuboot configuration
778216f 
Align Sidewalk with nRF changes in:
nrfconnect/sdk-nrf#19148

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 4, 2024
Merged
5 tasks
@ktaborowski
Copy link
Contributor

nrfconnect/sdk-sidewalk#652 workaround for build issue on sidewalk samples on nrf54l10 - increase mcuboot partition

@de-nordic de-nordic requested a review from a team as a code owner December 4, 2024 09:34
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 4, 2024
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@b82206c (main) nrfconnect/sdk-mcuboot#389 nrfconnect/sdk-mcuboot#389/files
sidewalk nrfconnect/sdk-sidewalk@1a811c3 nrfconnect/sdk-sidewalk#666 nrfconnect/sdk-sidewalk#666/files

DNM label due to: 2 projects with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@shanthanordic
Copy link

as I understand from @barsok This is not mandate for 2.9.0, as the PR is not yet ready with review and dependant merges moving it out of 2.9.0 milestone

@shanthanordic shanthanordic removed this from the 2.9.0 milestone Dec 4, 2024
@shanthanordic shanthanordic requested a review from gchwier December 5, 2024 09:12
@gchwier
Copy link
Contributor

gchwier commented Dec 5, 2024

Failed sample: tests/subsys/nrf_compress/decompression/mcuboot_update

west build -p -b nrf54l15dk/nrf54l15/cpuapp tests/subsys/nrf_compress/decompression/mcuboot_update -T nrf_compress.decompression.mcuboot_update -d build-54l-decompr
west flash --skip-rebuild -d build-54l-decompr
and received:

I: Starting bootloader
I: Image index: 0, Swap type: perm
E: Image in the secondary slot is not valid!
I: Bootloader chainload address offset: 0x10000
*** Booting nRF Connect SDK v2.8.99-1e915cfea3cb ***
*** Using Zephyr OS v3.7.99-15ffa301b329 ***
[00:00:04.033,551] <err> mcuboot_update: Invalid header

@de-nordic de-nordic force-pushed the ed25519_by_default branch 2 times, most recently from cfb6419 to 89d0cf5 Compare December 5, 2024 15:36
@github-actions github-actions bot added changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. and removed doc-required PR must not be merged without tech writer approval. labels Dec 5, 2024
ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 6, 2024
@ktaborowski
samples: new mcuboot configuration
df0a2ce 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
ktaborowski added a commit to nrfconnect/sdk-sidewalk that referenced this pull request Dec 13, 2024
@ktaborowski
samples: new mcuboot configuration
232fc50 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 13, 2024
Open
5 tasks
ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 13, 2024
@ktaborowski
samples: new mcuboot configuration
0e49d50 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
nordicjm
nordicjm reviewed Dec 16, 2024
View reviewed changes
Copy link
Contributor

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs:

if(SB_CONFIG_SOC_SERIES_NRF54LX AND SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_ED25519 y)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
endif()

adding to tests/subsys/nrf_compress/decompression/mcuboot_update/sysbuild.cmake
Also needs nrfconnect/sdk-mcuboot#389

@de-nordic de-nordic force-pushed the ed25519_by_default branch 3 times, most recently from 4ad3896 to 86cbaf4 Compare December 18, 2024 13:42
michalek-no and others added 4 commits December 19, 2024 12:14
@michalek-no @de-nordic
manifest: update mcuboot
4a50019 
sha512 compression fix

Signed-off-by: Mateusz Michalek <[email protected]>
@ktaborowski @de-nordic
manifest: update sidewalk revision
51dcfbc 
mcuboot size changes

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic
mcuboot: Make ED25519 signature default for nrf54l series
40e53cc 
MCUboot for nRF54l15 will be built with support for ED25519
by default and application images will be signed with ED25519
signature.
The MCUboot partition size, for this configuration, is set
to 0xd000.

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Marek Pieta <[email protected]>
@de-nordic
tests: nrf_compress: decompression: Enable ED25519
46342c3 
Enable ED25519 for nrf54l by default.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
Copy link
Contributor Author

@ktaborowski Can you take a look at CI, it seems that some part of application no longer fits in flash.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 19, 2024
@ktaborowski
samples: new mcuboot configuration
14df970 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic removed the DNM label Dec 19, 2024
@de-nordic de-nordic self-assigned this Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejbaczmanski maciejbaczmanski maciejbaczmanski approved these changes

@nordicjm nordicjm nordicjm approved these changes

@gchwier gchwier gchwier approved these changes

@peknis peknis peknis approved these changes

@MarekPieta MarekPieta MarekPieta approved these changes

@nvlsianpu nvlsianpu nvlsianpu approved these changes

Assignees

@de-nordic de-nordic

Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest manifest-mcuboot manifest-sidewalk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.