Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mcuboot: Make ED25519 signature default for nrf54l series #19148

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

mcuboot: Make ED25519 signature default for nrf54l series #19148

wants to merge 5 commits into from
+24 −16

Conversation

de-nordic
Copy link
Contributor

MCUboot for nRF54l15 will be built with support for ED25519 by default and application images will be signed with ED25519 signature.
The MCUboot partition size, for this configuration, is set to 0xd000.

@de-nordic de-nordic requested a review from a team as a code owner November 28, 2024 16:51
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 28, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 27

Inputs:

Sources:

sidewalk: PR head: 0ead8750d6db00ed9a30b0006f5511a46412684d
sdk-nrf: PR head: dca946a1ab7f1f80b7b41293ea36b5ac387007bd
mcuboot: PR head: 331c4fe43f981e890c701703297940ca48257020

more details

sidewalk:

PR head: 0ead8750d6db00ed9a30b0006f5511a46412684d
merge base: f274ce8ab97d1504de4c6b372bb98d4dc41bacc5
target head (main): c1fe9d20ef279d53a8a13ef24f3597b96f36e2e0
Diff

sdk-nrf:

PR head: dca946a1ab7f1f80b7b41293ea36b5ac387007bd
merge base: 87dfbdb86fd90233b676dd17a10ab11bbc5e6b59
target head (main): 87dfbdb86fd90233b676dd17a10ab11bbc5e6b59
Diff

mcuboot:

PR head: 331c4fe43f981e890c701703297940ca48257020
merge base: 99d4ae97314c413208746f1fb272eb4ecf85b3ea
target head (main): 3a25855215a2cfc64c3f0e2dba3ada3f11df7816
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (25) 
bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── bootutil
│  │  │  │  ├── src
│  │  │  │  │  │ loader.c
│  │  ├── scripts
│  │  │  ├── imgtool
│  │  │  │  ├── image.py
│  │  │  │  │ main.py
modules
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── zephyr
│  │  │  │  │ Kconfig
sidewalk
│  ├── .github
│  │  ├── docker
│  │  │  │ Dockerfile
│  │  ├── workflows
│  │  │  │ on_docker_change.yml
│  ├── samples
│  │  ├── sid_end_device
│  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  ├── sysbuild
│  │  │  │  ├── mcuboot
│  │  │  │  │  ├── boards
│  │  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ prj.conf
│  ├── tests
│  │  ├── manual
│  │  │  ├── simple_bootloader
│  │  │  │  ├── Kconfig.sysbuild
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  │  ├── sysbuild
│  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  ├── nrf52840dk_nrf52840.conf
│  │  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.overlay
│  │  │  │  │  │  │  │ thingy53_nrf5340_cpuapp.conf
│  │  │  │  │  │  │ prj.conf
sysbuild
│  │ Kconfig.mcuboot
tests
│  ├── subsys
│  │  ├── nrf_compress
│  │  │  ├── decompression
│  │  │  │  ├── mcuboot_update
│  │  │  │  │  ├── pm_static_nrf54l15dk_nrf54l15_cpuapp.yml
│  │  │  │  │  │ sysbuild.cmake
west.yml

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • 🟠 Toolchain
  • 🟠 Build twister
  • 🟠 Integration tests
    • 🟠 test-sdk-audio
    • 🟠 desktop52_verification
    • 🟠 test-fw-nrfconnect-boot
    • 🟠 test-fw-nrfconnect-apps
    • 🟠 test_ble_nrf_config
    • 🟠 test-fw-nrfconnect-ble_mesh
    • 🟠 test-fw-nrfconnect-ble_samples
    • 🟠 test-fw-nrfconnect-chip
    • 🟠 test-fw-nrfconnect-nfc
    • 🟠 test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • 🟠 test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • 🟠 test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • 🟠 test-fw-nrfconnect-nrf-iot_samples
    • 🟠 test-fw-nrfconnect-nrf-iot_lwm2m
    • 🟠 doc-internal
    • 🟠 test-fw-nrfconnect-nrf-iot_thingy91
    • 🟠 test-fw-nrfconnect-nrf_crypto
    • 🟠 test-fw-nrfconnect-rpc
    • 🟠 test-fw-nrfconnect-rs
    • 🟠 test-fw-nrfconnect-fem
    • 🟠 test-fw-nrfconnect-tfm
    • 🟠 test-fw-nrfconnect-thread
    • 🟠 test-fw-nrfconnect-zigbee
    • 🟠 test-sdk-find-my
    • 🟠 test-fw-nrfconnect-nrf-iot_mosh
    • 🟠 test-fw-nrfconnect-nrf-iot_positioning
    • 🟠 test-sdk-sidewalk
    • 🟠 test-sdk-wifi
    • 🟠 test-low-level
    • 🟠 test-sdk-pmic-samples
    • 🟠 test-sdk-mcuboot
    • 🟠 test-sdk-dfu
    • 🟠 test-fw-nrfconnect-ps
    • 🟠 test-secdom-samples-public
    • ⚠️ test-fw-nrfconnect-fw-update

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@de-nordic de-nordic mentioned this pull request Nov 28, 2024
Merged
@de-nordic
Copy link
Contributor Author

@nvlsianpu The CI failures are caused by samples overriding mbedtls configuration file from nrf-security to something else.

@LuDuda
Copy link
Contributor

LuDuda commented Nov 28, 2024

@maciejbaczmanski could you please take a look, to ensure we use default configuration.

MarekPieta
MarekPieta approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@MarekPieta MarekPieta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

maciejbaczmanski
maciejbaczmanski approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@maciejbaczmanski maciejbaczmanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#19178 should unblock the PR and fix building matter samples

@de-nordic de-nordic mentioned this pull request Dec 3, 2024
Closed
@de-nordic de-nordic requested review from a team as code owners December 3, 2024 13:38
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Dec 3, 2024
@de-nordic
Copy link
Contributor Author

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

maciejbaczmanski
maciejbaczmanski reviewed Dec 3, 2024
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
@@ -351,6 +351,13 @@ Matter samples
* Updated all Matter samples that support low-power mode to enable the :ref:`lib_ram_pwrdn` feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noticed that when copying and pasting I've left this point here. it should be removed as it is covered under Updated:

@maciejbaczmanski
Copy link
Member

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

rebasing helped on my previous PR

@de-nordic de-nordic added this to the 2.9.0 milestone Dec 3, 2024
@de-nordic
Copy link
Contributor Author

Needed to do rebase and force push to remove conflicts.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 4, 2024
@ktaborowski
samples: new mcuboot configuration
778216f 
Align Sidewalk with nRF changes in:
nrfconnect/sdk-nrf#19148

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 4, 2024
Merged
5 tasks
@ktaborowski
Copy link
Contributor

nrfconnect/sdk-sidewalk#652 workaround for build issue on sidewalk samples on nrf54l10 - increase mcuboot partition

@de-nordic de-nordic requested a review from a team as a code owner December 4, 2024 09:34
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 4, 2024
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@99d4ae9 nrfconnect/sdk-mcuboot#395 nrfconnect/sdk-mcuboot#395/files
sidewalk nrfconnect/sdk-sidewalk@f274ce8 nrfconnect/sdk-sidewalk#666 nrfconnect/sdk-sidewalk#666/files

DNM label due to: 2 projects with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

ktaborowski added a commit to nrfconnect/sdk-sidewalk that referenced this pull request Dec 13, 2024
@ktaborowski
samples: new mcuboot configuration
232fc50 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 13, 2024
Open
5 tasks
ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 13, 2024
@ktaborowski
samples: new mcuboot configuration
0e49d50 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
nordicjm
nordicjm reviewed Dec 16, 2024
View reviewed changes
Copy link
Contributor

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs:

if(SB_CONFIG_SOC_SERIES_NRF54LX AND SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_ED25519 y)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y)
  set_config_bool(compressed_app CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
endif()

adding to tests/subsys/nrf_compress/decompression/mcuboot_update/sysbuild.cmake
Also needs nrfconnect/sdk-mcuboot#389

@de-nordic de-nordic force-pushed the ed25519_by_default branch 3 times, most recently from 4ad3896 to 86cbaf4 Compare December 18, 2024 13:42
@de-nordic
Copy link
Contributor Author

@ktaborowski Can you take a look at CI, it seems that some part of application no longer fits in flash.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 19, 2024
@ktaborowski
samples: new mcuboot configuration
14df970 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic removed the DNM label Dec 19, 2024
@de-nordic de-nordic self-assigned this Dec 19, 2024
ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Jan 9, 2025
@ktaborowski
samples: new mcuboot configuration
4bf88e0 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic force-pushed the ed25519_by_default branch 3 times, most recently from b9c0ea1 to 6e29169 Compare January 15, 2025 14:07
michalek-no and others added 5 commits January 23, 2025 16:39
@michalek-no @de-nordic
manifest: update mcuboot
0b69e46 
sha512 compression fix

Signed-off-by: Mateusz Michalek <[email protected]>
@ktaborowski @de-nordic
manifest: update sidewalk revision
f604c99 
mcuboot size changes

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic
mcuboot: Make ED25519 signature default for nrf54l series
5f8ad26 
MCUboot for nRF54l15 will be built with support for ED25519
by default and application images will be signed with ED25519
signature.
The MCUboot partition size, for this configuration, is set
to 0xd000.

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Marek Pieta <[email protected]>
@de-nordic
tests: nrf_compress: decompression: Enable ED25519
83417a9 
Enable ED25519 for nrf54l by default.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: nrf_compress: Update nrf54l15 PM static
dca946a 
Increase MCUboot partition size.

Signed-off-by: Dominik Ermel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejbaczmanski maciejbaczmanski maciejbaczmanski approved these changes

@nordicjm nordicjm nordicjm approved these changes

@gchwier gchwier gchwier approved these changes

@peknis peknis peknis approved these changes

@MarekPieta MarekPieta MarekPieta approved these changes

@nvlsianpu nvlsianpu nvlsianpu approved these changes

Assignees

@de-nordic de-nordic

Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-mcuboot manifest-sidewalk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.