Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

suit: Build system changes needed for encryption #19681

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ahasztag
Copy link
Contributor

This commit contains changes to the SUIT build system allowing for encrypting images for update.

This commit contains changes to the SUIT build system
allowing for encrypting images for update.

Signed-off-by: Artur Hadasz <[email protected]>
@ahasztag ahasztag requested review from a team as code owners December 20, 2024 11:43
@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Dec 20, 2024
@NordicBuilder
Copy link
Contributor

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
suit-generator nrfconnect/suit-generator@aa3da7d nrfconnect/suit-generator#160 nrfconnect/suit-generator#160/files

DNM label due to: 1 project with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 20, 2024

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 1

Inputs:

Sources:

sdk-nrf: PR head: b7ec0b587bca3fbf835a9a774fe900fa59f5e11d
suit-generator: PR head: 05d204d9e3104902916f4eae82d85876464bbbe9

more details

sdk-nrf:

PR head: b7ec0b587bca3fbf835a9a774fe900fa59f5e11d
merge base: ba929f92625962fe73cd6eae0a2daec3f0c119f9
target head (main): 31d1fa50d22bae9559f3ee06303ca56823a79a3e
Diff

suit-generator:

PR head: 05d204d9e3104902916f4eae82d85876464bbbe9
merge base: aa3da7d6c15960b3346cdaf3587ca666c21db953
target head (ncs): 7dd0e0f9baf1877690d4feb345cfaebfddec17f9
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (13)
cmake
│  ├── sysbuild
│  │  ├── suit.cmake
│  │  │ suit_utilities.cmake
config
│  ├── suit
│  │  ├── templates
│  │  │  ├── nrf54h20
│  │  │  │  ├── default
│  │  │  │  │  ├── v1
│  │  │  │  │  │  ├── app_envelope.yaml.jinja2
│  │  │  │  │  │  │ rad_envelope.yaml.jinja2
modules
│  ├── lib
│  │  ├── suit-generator
│  │  │  ├── ncs
│  │  │  │  ├── Kconfig
│  │  │  │  ├── app_envelope_encrypted.yaml.jinja2
│  │  │  │  ├── basic_kms.py
│  │  │  │  ├── build.py
│  │  │  │  │ encrypt_script.py
samples
│  ├── suit
│  │  ├── smp_transfer
│  │  │  ├── suit
│  │  │  │  ├── nrf54h20
│  │  │  │  │  ├── app_envelope_extflash.yaml.jinja2
│  │  │  │  │  │ rad_envelope_extflash.yaml.jinja2
sysbuild
│  │ Kconfig.suit
west.yml

Outputs:

Toolchain

Version: b77d8c1312
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:b77d8c1312_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
  • ❌ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ✅ test-fw-nrfconnect-boot
    • ✅ test-fw-nrfconnect-apps
    • ✅ test_ble_nrf_config
    • ❌ test-fw-nrfconnect-ble_mesh
    • ❌ test-fw-nrfconnect-ble_samples
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • ✅ test-fw-nrfconnect-nrf-iot_samples
    • ✅ test-fw-nrfconnect-nrf-iot_lwm2m
    • ✅ doc-internal
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ❌ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-rpc
    • ✅ test-fw-nrfconnect-rs
    • ❌ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread
    • ✅ test-fw-nrfconnect-zigbee
    • ✅ test-sdk-find-my
    • ✅ test-fw-nrfconnect-nrf-iot_mosh
    • ✅ test-fw-nrfconnect-nrf-iot_positioning
    • ✅ test-sdk-sidewalk
    • ✅ test-sdk-wifi
    • ✅ test-low-level
    • ✅ test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • ✅ test-sdk-pmic-samples
    • ✅ test-sdk-mcuboot
    • ❌ test-sdk-dfu
    • ❌ test-fw-nrfconnect-ps
    • ✅ test-secdom-samples-public
    • ⚠️ test-sdk-dfu

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@NordicBuilder
Copy link
Contributor

Memory footprint analysis revealed the following potential issues

sample.matter.template.debug[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 911846[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 820674[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)

Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-19681/1)

Copy link
Contributor

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apply changes throughout whole PR

Comment on lines +267 to +268
-----------------------------------------------------------
--- WARNING: Using default file-based basic KMS implentation for encryption. ---
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the widths should match for the header and footer with the message

message(WARNING "
-----------------------------------------------------------
--- WARNING: Using default file-based basic KMS implentation for encryption. ---
--- It should not be used for production unless the build is performed in ---
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typos need fixing

Comment on lines +45 to +48
help
The SUIT encryption script is used to generate encryption artifacts for images inside a SUIT envelope.
It is the "external" script that is called by the build system - it is responsible for creating
various needed SUIT structures, but passes the actual encryption of the payload to a separate KMS script.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

help text always at bottom

Python script called to generate encryption artifacts for images inside a SUIT envelope.
See the help message for the default encryption script to see what arguments the script
must accept.
default "${ZEPHYR_NRF_MODULE_DIR}/../modules/lib/suit-generator/ncs/encrypt_script.py" if SUIT_ENVELOPE_ENCRYPT_SCRIPT_DEFAULT
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use the actual module name instead of a path from the nrf module?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-suit-generator
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants