Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mcuboot: Make ED25519 signature default for nrf54l series #19148

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

mcuboot: Make ED25519 signature default for nrf54l series #19148

wants to merge 5 commits into from
+61 −44

Conversation

de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Nov 28, 2024
edited by doublemis1
Loading

MCUboot for nRF54l15 will be built with support for ED25519 by default and application images will be signed with ED25519 signature.
The MCUboot partition size, for this configuration, is set to 0xd000.

test_chip: PR-964

@de-nordic de-nordic requested a review from a team as a code owner November 28, 2024 16:51
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 28, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 66

Inputs:

Sources:

sidewalk: PR head: 735afa54b9c6658a698e990b18c2acb539b48dba
sdk-nrf: PR head: f5361740a65b4d816f33c8d5a53170dccda2daec

more details

sidewalk:

PR head: 735afa54b9c6658a698e990b18c2acb539b48dba
merge base: 1b59db430abf0829fdee87247d9546396833d84b
Diff

sdk-nrf:

PR head: f5361740a65b4d816f33c8d5a53170dccda2daec
merge base: 8a267095902a2c0ca432c9164afee49c8446b371
target head (main): 8a267095902a2c0ca432c9164afee49c8446b371
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (24) 
modules
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── zephyr
│  │  │  │  │ Kconfig
sidewalk
│  ├── samples
│  │  ├── sid_end_device
│  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  ├── sysbuild
│  │  │  │  ├── mcuboot
│  │  │  │  │  ├── boards
│  │  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ prj.conf
│  ├── tests
│  │  ├── manual
│  │  │  ├── simple_bootloader
│  │  │  │  ├── Kconfig.sysbuild
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  │  ├── sysbuild
│  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  ├── nrf52840dk_nrf52840.conf
│  │  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.overlay
│  │  │  │  │  │  │  │ thingy53_nrf5340_cpuapp.conf
│  │  │  │  │  │  │ prj.conf
sysbuild
│  │ Kconfig.mcuboot
tests
│  ├── subsys
│  │  ├── nrf_compress
│  │  │  ├── decompression
│  │  │  │  ├── mcuboot_update
│  │  │  │  │  ├── modified_signing.cmake
│  │  │  │  │  ├── pm_static_nrf52840dk_nrf52840.yml
│  │  │  │  │  ├── pm_static_nrf5340dk_nrf5340_cpuapp.yml
│  │  │  │  │  ├── pm_static_nrf54l15dk_nrf54l15_cpuapp.yml
│  │  │  │  │  ├── sysbuild.cmake
│  │  │  │  │  ├── sysbuild
│  │  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  │  │ nrf5340dk_nrf5340_cpuapp.conf
west.yml

Outputs:

Toolchain

Version: acee3b0b2b
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:acee3b0b2b_bece0367df

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
  • ❌ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ❌ test-fw-nrfconnect-boot
    • ✅ test-fw-nrfconnect-apps
    • ✅ test-fw-nrfconnect-ble_mesh
    • ✅ test-fw-nrfconnect-ble_samples
    • ❌ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ❌ test-fw-nrfconnect-nrf-iot_cloud
    • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • ✅ test-fw-nrfconnect-nrf-iot_samples
    • ✅ test-fw-nrfconnect-nrf-iot_lwm2m
    • ✅ doc-internal
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-proprietary_esb
    • ✅ test-fw-nrfconnect-rpc
    • ✅ test-fw-nrfconnect-rs
    • ✅ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread
    • ✅ test-fw-nrfconnect-zigbee
    • ✅ test-sdk-find-my
    • ✅ test-fw-nrfconnect-nrf-iot_mosh
    • ✅ test-fw-nrfconnect-nrf-iot_positioning
    • ✅ test-sdk-sidewalk
    • ✅ test-sdk-wifi
    • ✅ test-low-level
    • ✅ test-sdk-pmic-samples
    • ✅ test-sdk-mcuboot
    • ✅ test-sdk-dfu
    • ✅ test-fw-nrfconnect-ps
    • ✅ test-secdom-samples-public
    • ⚠️ test-fw-nrfconnect-fw-update

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@de-nordic de-nordic mentioned this pull request Nov 28, 2024
Merged
@de-nordic
Copy link
Contributor Author

@nvlsianpu The CI failures are caused by samples overriding mbedtls configuration file from nrf-security to something else.

@LuDuda
Copy link
Contributor

LuDuda commented Nov 28, 2024

@maciejbaczmanski could you please take a look, to ensure we use default configuration.

MarekPieta
MarekPieta approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@MarekPieta MarekPieta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

maciejbaczmanski
maciejbaczmanski approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@maciejbaczmanski maciejbaczmanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#19178 should unblock the PR and fix building matter samples

@de-nordic de-nordic mentioned this pull request Dec 3, 2024
Closed
@de-nordic de-nordic requested review from a team as code owners December 3, 2024 13:38
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Dec 3, 2024
@de-nordic
Copy link
Contributor Author

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

maciejbaczmanski
maciejbaczmanski reviewed Dec 3, 2024
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
@@ -351,6 +351,13 @@ Matter samples
* Updated all Matter samples that support low-power mode to enable the :ref:`lib_ram_pwrdn` feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noticed that when copying and pasting I've left this point here. it should be removed as it is covered under Updated:

@maciejbaczmanski
Copy link
Member

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

rebasing helped on my previous PR

@de-nordic de-nordic added this to the 2.9.0 milestone Dec 3, 2024
@de-nordic
Copy link
Contributor Author

Needed to do rebase and force push to remove conflicts.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 4, 2024
@ktaborowski
samples: new mcuboot configuration
778216f 
Align Sidewalk with nRF changes in:
nrfconnect/sdk-nrf#19148

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 4, 2024
Merged
5 tasks
@ktaborowski
Copy link
Contributor

nrfconnect/sdk-sidewalk#652 workaround for build issue on sidewalk samples on nrf54l10 - increase mcuboot partition

@de-nordic de-nordic requested a review from a team as a code owner December 4, 2024 09:34
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 4, 2024
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
sidewalk nrfconnect/sdk-sidewalk@1b59db4 nrfconnect/sdk-sidewalk@735afa5 (main) nrfconnect/[email protected]

All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Feb 14, 2025
@ktaborowski
samples: new mcuboot configuration
3b94ddc 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic force-pushed the ed25519_by_default branch 4 times, most recently from 42fe252 to 18c224f Compare February 19, 2025 12:17
@github-actions GitHub Actions
Copy link

After documentation is built, you will find the preview for this PR here.

@de-nordic de-nordic force-pushed the ed25519_by_default branch 2 times, most recently from 42f5832 to a45e11d Compare February 26, 2025 16:03
@github-actions GitHub Actions
Copy link

You can find the documentation preview for this PR here.

nordicjm pushed a commit to nrfconnect/sdk-sidewalk that referenced this pull request Feb 27, 2025
@ktaborowski @nordicjm
samples: new mcuboot configuration
f5dc3f7 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@NordicBuilder NordicBuilder removed the DNM label Feb 27, 2025
@de-nordic de-nordic force-pushed the ed25519_by_default branch 2 times, most recently from 731eabe to 40a4fba Compare February 28, 2025 15:13
de-nordic and others added 5 commits March 4, 2025 09:13
@de-nordic
mcuboot: Make ED25519 signature default for nrf54l series
4978c0c 
MCUboot for nRF54l15 will be built with support for ED25519
by default and application images will be signed with ED25519
signature.
The MCUboot partition size, for this configuration, is set
to 0xd000.

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Marek Pieta <[email protected]>
@de-nordic
tests: nrf_compress: decompression: Enable ED25519
ae23585 
Enable ED25519 for nrf54l by default.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: nrf_compress: Make space for large MCUboot
ee9504f 
Increases size of MCUboot by taking away one page of primary
image. Changes signing CMake to properly change address of a
binary.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: nrf_compress: Disable FPROTECT for nrf5340dk
066e0a8 
Commit disables FPROTECT for nrf5340dk/nrf5340/cpuapp configuration
as it seems that increased size of MCUboot, by ed25519, is not
coverable by FPROTECT.

Signed-off-by: Dominik Ermel <[email protected]>
@ktaborowski @de-nordic
manifest: update sidewalk revision
f536174 
mcuboot size changes

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic force-pushed the ed25519_by_default branch from 40a4fba to f536174 Compare March 4, 2025 09:13
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejbaczmanski maciejbaczmanski maciejbaczmanski approved these changes

@nvlsianpu nvlsianpu nvlsianpu approved these changes

@MarekPieta MarekPieta MarekPieta approved these changes

@nordicjm nordicjm nordicjm approved these changes

@peknis peknis peknis approved these changes

@gchwier gchwier gchwier approved these changes

Assignees

@de-nordic de-nordic

Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest manifest-sidewalk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.