From eb292eb5c9627d7db0ed1573bd5b0a02a6e8e861 Mon Sep 17 00:00:00 2001 From: Anna Wojdylo Date: Tue, 17 Sep 2024 14:27:40 +0200 Subject: [PATCH] doc: doc review includes review and some structure changes Signed-off-by: Anna Wojdylo --- .../migration_guide_v280.rst | 78 +++++++++++++++++-- ...gration_guide_v280_provisioning_module.rst | 53 ------------- .../migration_guide_v280_serial_bus.rst | 28 ------- 3 files changed, 71 insertions(+), 88 deletions(-) delete mode 100644 doc/releases_and_migration/migration_guide_v280_provisioning_module.rst delete mode 100644 doc/releases_and_migration/migration_guide_v280_serial_bus.rst diff --git a/doc/releases_and_migration/migration_guide_v280.rst b/doc/releases_and_migration/migration_guide_v280.rst index 5b2c418141..63773f4863 100644 --- a/doc/releases_and_migration/migration_guide_v280.rst +++ b/doc/releases_and_migration/migration_guide_v280.rst @@ -1,18 +1,82 @@ .. _migration_guide_v280: Migration guide for the v2.8.0 of the nRF Connect SDK -***************************************************** +##################################################### .. contents:: :local: :depth: 2 -Starting with the v2.8.0 release of the `nRF Connect SDK`_, there are new Sidewalk provisioning module and PAL serial bus for nRF52840 SoC. +Starting with the v2.8.0 release of the `nRF Connect SDK`_, there is a new Sidewalk provisioning module and PAL serial bus for the nRF52840 SoC. For an overview of changes, read the following sections: -.. toctree:: - :maxdepth: 1 - :glob: +.. _migration_guide_v280_prov_module: - migration_guide_v280_provisioning_module.rst - migration_guide_v280_serial_bus.rst +Sidewalk provisioning module +**************************** + +The new provisioning module enhances security by: + +* Moving non-volatile Sidewalk keys to secure key storage. +* Protecting the manufacturing data partition from write operations. +* Always using the Key-Value Store version of manufacturing data. + +Security enhancements details +============================= + +Access to the manufacturing data is unified within the application, ensuring consistency for prototyping and manufacturing flows. +The MFG parser module is launched at initialization and writes the manufacturing data to flash (secure key storage) in the same way as the device certification module. +The process is triggered only once, at the first application start after flashing the :file:`Nordic_MFG.hex` file. +The following logs are generated: + +.. code-block:: console + + [00:00:00.004,502] sid_mfg: Need to parse mfg data + [00:00:00.009,993] sid_mfg_parser_v8: MFG_ED25519 import success + [00:00:00.014,900] sid_mfg_parser_v8: MFG_SECP_256R1 import success + [00:00:00.054,505] sid_mfg: Successfully parsed mfg data + +The secure key storage is based on the `Hardware unique key`_ security library. +After keys are imported into secure key storage, it is impossible to read their raw values. +Therefore, once secure key storage is enabled in the firmware, it must remain enabled in all subsequent firmware versions. +This feature is enabled by default in all Sidewalk samples. + +The hardware flash write protection is based on the `Hardware flash write protection`_ security library. +The protection is applied during Sidewalk initialization and remains irreversible until reset. +This feature is disabled in the :ref:`variant_sidewalk_dut` sample to allow writing of manufacturing data using on-device certification commands. + +Aligning your application to the new provisioning module +======================================================== + +The new provisioning module implementation includes the following changes: + +* In the :file:`app_mfg_config.h` file, the function ``app_mfg_cfg_is_valid()`` was renamed to ``app_mfg_cfg_is_empty()``. +* The ``CONFIG_SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7`` Kconfig option adds support for older Sidewalk manufacturing HEX formats (version 7 and below). + You can disable this configuration when using the latest manufacturing flash. + +Using old provisioning module +============================= + +It is recommended to use the new provisioning module implementation. +However, you can still enable the old module using the ``CONFIG_DEPRECATED_SIDEWALK_MFG_STORAGE`` Kconfig option. + +.. _migration_guide_v280_serial_bus: + +Sidewalk PAL serial bus for the nRF52840 SoC +******************************************** + +The new implementation of the PAL serial bus has been introduced to address additional delays caused by Zephyr's SPI driver in SPI bus communication. +These delays significantly impact the FSK protocol for the nRF52840 SoC. + +Aligning your application to the new PAL serial bus +=================================================== + +The new PAL serial bus implementation includes the following changes: + +* Added the :file:`sid_pal_serial_bus_nrfx_spi.c` file with the PAL SPI bus implementation based on the NRFX SPI driver. + This PAL is used only for the nRF52840 SoC build and does not affect other platforms. +* Added the new ``CONFIG_SIDEWALK_NRFX_SPI_INSTANCE_ID`` Kconfig option, allowing to select the SPI bus instance for communication with an external sub-GHz transceiver. +* Added the ``nrfx_spi_gpios`` child node in the :file:`nrf52840dk_nrf52840.overlay` overlay for configuring the SPI bus ``CLK``, ``MOSI``, ``MISO``, and ``CS`` pins. + + .. note:: + It is recommended to disable the SPI bus instance in the devicetree when it is selected by the ``CONFIG_SIDEWALK_NRFX_SPI_INSTANCE_ID`` Kconfig option. diff --git a/doc/releases_and_migration/migration_guide_v280_provisioning_module.rst b/doc/releases_and_migration/migration_guide_v280_provisioning_module.rst deleted file mode 100644 index 3828c58352..0000000000 --- a/doc/releases_and_migration/migration_guide_v280_provisioning_module.rst +++ /dev/null @@ -1,53 +0,0 @@ -.. _migration_guide_v280_prov_module: - -Sidewalk provisioning module -**************************** - -Reasons for change -================== - -The new provisioning module enhances security by: - -* Moving non-volatile Sidewalk keys to secure key storage. -* Protecting the manufacturing data partition from write operations. -* Always using the Key-Value Store version of manufacturing data. - -Security enhancements details -============================= - -Access to the manufacturing data is unified within the application, ensuring consistency for prototyping and manufacturing flows. -The MFG parser module is launched at initialization and writes the manufacturing data to flash (secure key storage) in the same way as the device certification module. -The process is triggered only once, at the first application start after flashing the :file:`Nordic_MFG.hex` file. -The following logs are generated: - -.. code-block:: console - - [00:00:00.004,502] sid_mfg: Need to parse mfg data - [00:00:00.009,993] sid_mfg_parser_v8: MFG_ED25519 import success - [00:00:00.014,900] sid_mfg_parser_v8: MFG_SECP_256R1 import success - [00:00:00.054,505] sid_mfg: Successfully parsed mfg data - -The secure key storage is based on the `Hardware unique key`_ security library. -After keys are imported into secure key storage, it is impossible to read their raw values. -Therefore, once secure key storage is enabled in the firmware, it must remain enabled in all subsequent firmware versions. -This feature is enabled by default in all Sidewalk samples. - -The hardware flash write protection is based on the `Hardware flash write protection`_ security library. -The protection is applied during Sidewalk initialization and remains irreversible until reset. -This feature is disabled in the :ref:`variant_sidewalk_dut` sample to allow writing of manufacturing data using on-device certification commands. - -Aligning your application to the new model -========================================== - -The new provisioning module implementation includes the following changes: - -* In the :file:`app_mfg_config.h` file, the function ``app_mfg_cfg_is_valid()`` was renamed to ``app_mfg_cfg_is_empty()``. - -* The ``CONFIG_SIDEWALK_MFG_STORAGE_SUPPORT_HEX_v7`` Kconfig option adds support for older Sidewalk manufacturing HEX formats (version 7 and below). - You can disable this configuration when using the latest manufacturing flash. - -Using old provisioning module -============================= - -It is recommended to use the new provisioning module implementation. -However, you can still enable the old module using the ``CONFIG_DEPRECATED_SIDEWALK_MFG_STORAGE`` Kconfig option. diff --git a/doc/releases_and_migration/migration_guide_v280_serial_bus.rst b/doc/releases_and_migration/migration_guide_v280_serial_bus.rst deleted file mode 100644 index a470256707..0000000000 --- a/doc/releases_and_migration/migration_guide_v280_serial_bus.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. _migration_guide_v280_serial_bus: - -Sidewalk PAL serial bus for nRF52840 SoC -**************************************** - -Reasons for change -================== - -Due to fact that Zephyr's SPI driver adds additional delay to the SPI bus communication, which have significant impact to the -FSK protocol for nRF52840, hence the new implementation of the PAL serial bus is introduced. - -Aligning your application to the new PAL serial bus -=================================================== - -The new PAL serial bus implementation includes the following changes: - -* Added the :file:`sid_pal_serial_bus_nrfx_spi.c` file with the PAL SPI bus implementation based on the NRFX SPI driver. - This PAL is used only for nRF52840 SoC build and it has no impact to other platforms. - -* The new ``CONFIG_SIDEWALK_NRFX_SPI_INSTANCE_ID`` Kconfig option for selecting SPI bus instance for communication with an external - sub-GHz transceiver. - -* Added the ``nrfx_spi_gpios`` child node in the :file:`nrf52840dk_nrf52840.overlay` overlay for configuring the - SPI bus ``CLK``, ``MOSI``, ``MISO`` and ``CS`` pins. - - .. note:: - When SPI bus instance is selected by ``CONFIG_SIDEWALK_NRFX_SPI_INSTANCE_ID`` Kconfig option, it is strongly recommended - to disable it in the devicetree.