applications: nrf_desktop: enable stack protection in mcuboot configs

Enabled the CONFIG_HW_STACK_PROTECTION Kconfig option in the MCUboot
configurations of the relevant nRF Desktop targets.

Ref: NCSDK-26764

Signed-off-by: Kamil Piszczek <[email protected]>

applications/nrf_desktop/configuration/nrf52820dongle_nrf52820/images/mcuboot/prj_release.conf

@@ -6,9 +6,6 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
-
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 
 CONFIG_MAIN_STACK_SIZE=4096
@@ -55,6 +52,7 @@ CONFIG_BOOT_BANNER=n
 CONFIG_NCS_BOOT_BANNER=n
 CONFIG_ERRNO=n
 CONFIG_ARM_MPU=n
+CONFIG_HW_STACK_PROTECTION=n
 CONFIG_BOOT_SERIAL_IMG_GRP_HASH=n
 
 # Use minimal C library instead of the Picolib

applications/nrf_desktop/configuration/nrf52833dk_nrf52820/images/mcuboot/prj_release.conf

@@ -6,9 +6,6 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
-
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 
 CONFIG_MAIN_STACK_SIZE=4096
@@ -59,6 +56,7 @@ CONFIG_BOOT_BANNER=n
 CONFIG_NCS_BOOT_BANNER=n
 CONFIG_ERRNO=n
 CONFIG_ARM_MPU=n
+CONFIG_HW_STACK_PROTECTION=n
 CONFIG_BOOT_SERIAL_IMG_GRP_HASH=n
 
 # Use minimal C library instead of the Picolib

applications/nrf_desktop/configuration/nrf52833dk_nrf52833/images/mcuboot/prj.conf

@@ -6,8 +6,7 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52833dk_nrf52833/images/mcuboot/prj_release.conf

@@ -6,8 +6,7 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52833dongle_nrf52833/images/mcuboot/prj.conf

@@ -6,8 +6,7 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52833dongle_nrf52833/images/mcuboot/prj_release.conf

@@ -6,8 +6,7 @@
 
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840dk_nrf52840/images/mcuboot/prj_fast_pair.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840dk_nrf52840/images/mcuboot/prj_mcuboot_qspi.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840dk_nrf52840/images/mcuboot/prj_mcuboot_smp.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/images/mcuboot/prj_fast_pair.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/images/mcuboot/prj_mcuboot_smp.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52840gmouse_nrf52840/images/mcuboot/prj_release_fast_pair.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf52kbd_nrf52832/images/mcuboot/prj_release_fast_pair.conf

@@ -5,8 +5,7 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
-# Disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
+CONFIG_HW_STACK_PROTECTION=y
 
 CONFIG_SYSTEM_CLOCK_NO_WAIT=y
 

applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj.conf

@@ -5,6 +5,8 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
+CONFIG_HW_STACK_PROTECTION=y
+
 CONFIG_MAIN_STACK_SIZE=10240
 CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
 

applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_fast_pair.conf

@@ -5,6 +5,8 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
+CONFIG_HW_STACK_PROTECTION=y
+
 CONFIG_MAIN_STACK_SIZE=10240
 CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
 

applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_keyboard.conf

@@ -5,6 +5,8 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
+CONFIG_HW_STACK_PROTECTION=y
+
 CONFIG_MAIN_STACK_SIZE=10240
 CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
 

applications/nrf_desktop/configuration/nrf54l15dk_nrf54l15_cpuapp/images/mcuboot/prj_release.conf

@@ -5,6 +5,8 @@
 #
 CONFIG_SIZE_OPTIMIZATIONS=y
 
+CONFIG_HW_STACK_PROTECTION=y
+
 CONFIG_MAIN_STACK_SIZE=10240
 CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
 

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -254,7 +254,13 @@ nRF Desktop
     * :ref:`zephyr:nrf54l15dk_nrf54l15`
     * :ref:`zephyr:nrf54h20dk_nrf54h20`
 
-  * MCUboot bootloader configurations to enable the :kconfig:option:`CONFIG_FPROTECT` Kconfig option that is used to protect the bootloader partition against memory corruption.
+  * MCUboot bootloader configurations to enable the following Kconfig options:
+
+    * :kconfig:option:`CONFIG_FPROTECT` - Used to protect the bootloader partition against memory corruption.
+    * :kconfig:option:`CONFIG_HW_STACK_PROTECTION` - Used to protect against stack overflows.
+
+    The :kconfig:option:`CONFIG_HW_STACK_PROTECTION` Kconfig option and its dependency (the :kconfig:option:`CONFIG_ARM_MPU` Kconfig option) might be disabled in case of targets with limited memory.
+
   * MCUboot bootloader configuration for the MCUboot SMP build type and the nRF52840 Gaming Mouse target to enable the :kconfig:option:`CONFIG_ARM_MPU` Kconfig option that is required to enable hardware stack protection (:kconfig:option:`CONFIG_HW_STACK_PROTECTION`).
 
 * Removed imply for partial erase feature of the nRF SoC flash driver (:kconfig:option:`CONFIG_SOC_FLASH_NRF_PARTIAL_ERASE`) for the USB next stack (:ref:`CONFIG_DESKTOP_USB_STACK_NEXT <config_desktop_app_options>`).