From 495ec292fe40a566cc0af76b6c97fd7006a08cbd Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 1 Oct 2024 08:47:17 +0100 Subject: [PATCH 01/10] manifest: Update sdk-mcuboot and sdk-zephyr Includes changes for sysbuild-assigned image numbers Signed-off-by: Jamie McCrae --- west.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/west.yml b/west.yml index 086b5f83064f..7193d88d21a3 100644 --- a/west.yml +++ b/west.yml @@ -72,7 +72,7 @@ manifest: # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html - name: zephyr repo-path: sdk-zephyr - revision: e516ad354c34483e8050871fd7c915c72bc2f4fd + revision: 2cac88cbaff341bbbd3a1cb8296749a7ec2e52ee import: # In addition to the zephyr repository itself, NCS also # imports the contents of zephyr/west.yml at the above @@ -132,7 +132,7 @@ manifest: compare-by-default: true - name: mcuboot repo-path: sdk-mcuboot - revision: 7e010864696446fc42e185161d1f73bff563ee29 + revision: ae07a335ffb581a4d4dc43324bb0261e12728deb path: bootloader/mcuboot - name: qcbor url: https://github.com/laurencelundblade/QCBOR From 283dc48515779825b655ef35a18ca29728b8af4f Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 10 Sep 2024 13:42:12 +0100 Subject: [PATCH 02/10] sysbuild: Add support for sysbuild-assigned MCUboot image IDs Adds support for MCUboot to assign IDs to which images are which in MCUboot, which applications can also use Signed-off-by: Jamie McCrae --- modules/mcuboot/boot/zephyr/Kconfig | 5 ++++- subsys/Kconfig | 1 + subsys/mcuboot_ids/Kconfig | 30 +++++++++++++++++++++++++++ sysbuild/CMakeLists.txt | 16 ++++++++++++++- sysbuild/Kconfig.mcuboot | 32 +++++++++++++++++++++++++---- 5 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 subsys/mcuboot_ids/Kconfig diff --git a/modules/mcuboot/boot/zephyr/Kconfig b/modules/mcuboot/boot/zephyr/Kconfig index 054680802f62..c088411d1fc8 100644 --- a/modules/mcuboot/boot/zephyr/Kconfig +++ b/modules/mcuboot/boot/zephyr/Kconfig @@ -103,7 +103,10 @@ config BOOT_ERASE_PROGRESSIVELY config BOOT_IMAGE_ACCESS_HOOKS bool - default y if UPDATEABLE_IMAGE_NUMBER > 1 && SOC_NRF5340_CPUAPP && PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY + # Child/parent check + default y if UPDATEABLE_IMAGE_NUMBER > 1 && SOC_NRF5340_CPUAPP && PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY && MCUBOOT_APPLICATION_IMAGE_NUMBER = -1 + # Sysbuild check + default y if MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 depends on MCUBOOT config BOOT_IMAGE_ACCESS_HOOK_NRF5340 diff --git a/subsys/Kconfig b/subsys/Kconfig index b17cb90fd3ac..37be60487f97 100644 --- a/subsys/Kconfig +++ b/subsys/Kconfig @@ -42,4 +42,5 @@ rsource "sdfw_services/Kconfig" rsource "suit/Kconfig" rsource "dult/Kconfig" rsource "nrf_compress/Kconfig" +rsource "mcuboot_ids/Kconfig" endmenu diff --git a/subsys/mcuboot_ids/Kconfig b/subsys/mcuboot_ids/Kconfig new file mode 100644 index 000000000000..bce35aa6b9d3 --- /dev/null +++ b/subsys/mcuboot_ids/Kconfig @@ -0,0 +1,30 @@ +# +# Copyright (c) 2024 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# + +menu "MCUboot IDs (informative only, do not change)" + +config MCUBOOT_APPLICATION_IMAGE_NUMBER + int "Application image number (informative only, do not change)" + default -1 + +config MCUBOOT_NETWORK_CORE_IMAGE_NUMBER + int "Netcore core image number (informative only, do not change)" + default -1 + +config MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER + int "WiFi patches image number (informative only, do not change)" + default -1 + +config MCUBOOT_QSPI_XIP_IMAGE_NUMBER + int "QSPI XIP image number (informative only, do not change)" + default -1 + +config MCUBOOT_MCUBOOT_IMAGE_NUMBER + int "MCUboot (S0/S1) image number (informative only, do not change)" + depends on MCUBOOT + default -1 + +endmenu diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt index 402923f92243..3ae373ddf441 100644 --- a/sysbuild/CMakeLists.txt +++ b/sysbuild/CMakeLists.txt @@ -172,7 +172,9 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake) endif() endif() - set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_UPDATEABLE_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_UPDATEABLE_IMAGES}\n") + math(EXPR mcuboot_total_images "${SB_CONFIG_MCUBOOT_UPDATEABLE_IMAGES} + ${SB_CONFIG_MCUBOOT_ADDITIONAL_UPDATEABLE_IMAGES}") + + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_UPDATEABLE_IMAGE_NUMBER=${mcuboot_total_images}\n") if(SB_CONFIG_MCUBOOT_APP_SYNC_UPDATEABLE_IMAGES) set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_UPDATEABLE_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_UPDATEABLE_IMAGES}\n") @@ -315,6 +317,18 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake) if(SB_CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY) add_overlay_config(mcuboot ${ZEPHYR_NRF_MODULE_DIR}/subsys/partition_manager/ext_flash_mcuboot_secondary.conf) endif() + + # Provide MCUboot image IDs to main application and MCUboot + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER}\n") + + set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER}\n") + set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER}\n") + set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER}\n") + set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER}\n") endif() if(SB_CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION) diff --git a/sysbuild/Kconfig.mcuboot b/sysbuild/Kconfig.mcuboot index c1dcd48de71a..44a060db8bd6 100644 --- a/sysbuild/Kconfig.mcuboot +++ b/sysbuild/Kconfig.mcuboot @@ -79,6 +79,14 @@ config MCUBOOT_QSPI_XIP_IMAGE_NUMBER default 1 if QSPI_XIP_SPLIT_IMAGE default -1 +config MCUBOOT_MCUBOOT_IMAGE_NUMBER + int + default 4 if SECURE_BOOT_APPCORE && MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 && MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1 && MCUBOOT_QSPI_XIP_IMAGE_NUMBER != 1 + default 3 if SECURE_BOOT_APPCORE && ((MCUBOOT_QSPI_XIP_IMAGE_NUMBER != -1 && (MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 || MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1)) || (MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 && MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1)) + default 2 if SECURE_BOOT_APPCORE && (MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 || MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1 || MCUBOOT_QSPI_XIP_IMAGE_NUMBER != -1) + default 1 if SECURE_BOOT_APPCORE + default -1 + config MCUBOOT_MIN_UPDATEABLE_IMAGES int default 4 if MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 && MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1 && MCUBOOT_QSPI_XIP_IMAGE_NUMBER != -1 @@ -86,20 +94,36 @@ config MCUBOOT_MIN_UPDATEABLE_IMAGES default 2 if MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 || MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER != -1 || MCUBOOT_QSPI_XIP_IMAGE_NUMBER != -1 default 1 +config MCUBOOT_MIN_ADDITIONAL_UPDATEABLE_IMAGES + int + default 1 if MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 + default 0 + config MCUBOOT_UPDATEABLE_IMAGES int "Updateable images" range MCUBOOT_MIN_UPDATEABLE_IMAGES MCUBOOT_MAX_UPDATEABLE_IMAGES - default 2 if SOC_SERIES_NRF91X && SECURE_BOOT_APPCORE && (MCUBOOT_MODE_SWAP_WITHOUT_SCRATCH || MCUBOOT_MODE_SWAP_SCRATCH || MCUBOOT_MODE_OVERWRITE_ONLY) help - The number of images that MCUboot will be built with. + The number of images that MCUboot will be built with. Note that if + ``MCUBOOT_ADDITIONAL_UPDATEABLE_IMAGES`` is set to a non-zero value then that value will + be added to the MCUboot updateable image number but not the application, this is to allow + for features like NSIB updates of MCUboot itself. + +config MCUBOOT_ADDITIONAL_UPDATEABLE_IMAGES + int "Additional MCUboot-only updateable images" + range MCUBOOT_MIN_ADDITIONAL_UPDATEABLE_IMAGES MCUBOOT_MIN_ADDITIONAL_UPDATEABLE_IMAGES + default MCUBOOT_MIN_ADDITIONAL_UPDATEABLE_IMAGES + help + The number of additional images that MCUboot will be built with. config MCUBOOT_APP_SYNC_UPDATEABLE_IMAGES bool "Sync updateable image value to main application" - default n if SOC_SERIES_NRF91X && SECURE_BOOT_APPCORE && (MCUBOOT_MODE_SWAP_WITHOUT_SCRATCH || MCUBOOT_MODE_SWAP_SCRATCH || MCUBOOT_MODE_OVERWRITE_ONLY) default y help If enabled then will synchronise the value of ``MCUBOOT_UPDATEABLE_IMAGES`` to MCUboot - and the main application, if disable then will only set this value to MCUboot + and the main application, if disabled then will only set this value to MCUboot. + + Note: ``MCUBOOT_MIN_ADDITIONAL_UPDATEABLE_IMAGES`` will be applied to MCUboot only + irrespective of this option. config SECURE_BOOT_MCUBOOT_VERSION string "MCUboot S0/S1 image update version" From 468725518793f6e38f0ed1ec00960c4505f7382e Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Thu, 10 Oct 2024 08:43:14 +0100 Subject: [PATCH 03/10] modules: mcuboot: boot: zephyr: kconfig: Fix MCUboot partition sizes Fixes partition sizes for MCUboot when secure boot on the application core is enabled. Without this, the partition start address is invalid because it did not take into account the MCUboot header for the updateable MCUboot partition Signed-off-by: Jamie McCrae --- modules/mcuboot/boot/zephyr/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/mcuboot/boot/zephyr/Kconfig b/modules/mcuboot/boot/zephyr/Kconfig index c088411d1fc8..d4752cf04c1a 100644 --- a/modules/mcuboot/boot/zephyr/Kconfig +++ b/modules/mcuboot/boot/zephyr/Kconfig @@ -37,6 +37,8 @@ config PM_PARTITION_SIZE_MCUBOOT config PM_PARTITION_SIZE_MCUBOOT hex "Flash space allocated for the MCUboot partition" if !BOOT_USE_MIN_PARTITION_SIZE + default 0xb800 if MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 && SOC_SERIES_NRF54LX + default 0xbe00 if MCUBOOT_MCUBOOT_IMAGE_NUMBER != -1 && !SOC_SERIES_NRF54LX default 0xc000 help Flash space set aside for the MCUboot partition. From 64dfdcae161e622c430074fa73bab29c9796c9de Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 15 Oct 2024 08:49:17 +0100 Subject: [PATCH 04/10] modules: mcuboot: hooks: nrf53_hooks: Fix IDs Fixes IDs which lacked sysbuild support, which also were not used in the file where hardcoded numbers were instead used and renames one of the wrongly named defines which is an image number, not a slot number Signed-off-by: Jamie McCrae --- modules/mcuboot/hooks/nrf53_hooks.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/modules/mcuboot/hooks/nrf53_hooks.c b/modules/mcuboot/hooks/nrf53_hooks.c index f753ac554a8a..79c9b599c5f4 100644 --- a/modules/mcuboot/hooks/nrf53_hooks.c +++ b/modules/mcuboot/hooks/nrf53_hooks.c @@ -15,8 +15,17 @@ #include "bootutil/fault_injection_hardening.h" #include "flash_map_backend/flash_map_backend.h" -#define NET_CORE_SECONDARY_SLOT 1 +#if CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER != -1 +/* Sysbuild */ +/* MCUboot image update image number */ +#define NET_CORE_SECONDARY_IMAGE CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER +/* MCUboot serial recovery slot number */ +#define NET_CORE_VIRTUAL_PRIMARY_SLOT (CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER * 2) + 1 +#else +/* Legacy child/parent */ +#define NET_CORE_SECONDARY_IMAGE 1 #define NET_CORE_VIRTUAL_PRIMARY_SLOT 3 +#endif #include #if defined(CONFIG_PCD_APP) && defined(CONFIG_NRF53_MULTI_IMAGE_UPDATE) \ @@ -53,7 +62,6 @@ int pcd_version_cmp_net(const struct flash_area *fap, struct image_header *hdr) firmware_info = fw_info_find((uint32_t)&read_buf); if (firmware_info != NULL) { - if (firmware_info->version > version) { return 1; } @@ -71,7 +79,7 @@ int pcd_version_cmp_net(const struct flash_area *fap, struct image_header *hdr) int boot_read_image_header_hook(int img_index, int slot, struct image_header *img_head) { - if (img_index == 1 && slot == 0) { + if (img_index == NET_CORE_SECONDARY_IMAGE && slot == 0) { img_head->ih_magic = IMAGE_MAGIC; img_head->ih_hdr_size = PM_MCUBOOT_PAD_SIZE; img_head->ih_load_addr = PM_MCUBOOT_PRIMARY_1_ADDRESS; @@ -90,7 +98,7 @@ int boot_read_image_header_hook(int img_index, int slot, struct image_header *im fih_ret boot_image_check_hook(int img_index, int slot) { - if (img_index == 1 && slot == 0) { + if (img_index == NET_CORE_SECONDARY_IMAGE && slot == 0) { FIH_RET(FIH_SUCCESS); } @@ -106,7 +114,7 @@ int boot_perform_update_hook(int img_index, struct image_header *img_head, int boot_read_swap_state_primary_slot_hook(int image_index, struct boot_swap_state *state) { - if (image_index == 1) { + if (image_index == NET_CORE_SECONDARY_IMAGE) { /* Populate with fake data */ state->magic = BOOT_MAGIC_UNSET; state->swap_type = BOOT_SWAP_TYPE_NONE; @@ -160,7 +168,7 @@ int network_core_update(bool wait) int boot_copy_region_post_hook(int img_index, const struct flash_area *area, size_t size) { - if (img_index == NET_CORE_SECONDARY_SLOT) { + if (img_index == NET_CORE_SECONDARY_IMAGE) { return network_core_update(true); } From f579bae5be1dbe5c4def9e450346861718a1ab2c Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 15 Oct 2024 11:33:15 +0100 Subject: [PATCH 05/10] sysbuild: Pass s0/s1 package version on to MCUboot This passes the s0/s1 package version on to MCUboot so it can be used to prevent updating the alternative MCUboot upgrade slot with an older image Signed-off-by: Jamie McCrae --- subsys/mcuboot_ids/Kconfig | 21 ++++++++++++++++++++- sysbuild/CMakeLists.txt | 28 ++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/subsys/mcuboot_ids/Kconfig b/subsys/mcuboot_ids/Kconfig index bce35aa6b9d3..d290c509f317 100644 --- a/subsys/mcuboot_ids/Kconfig +++ b/subsys/mcuboot_ids/Kconfig @@ -24,7 +24,26 @@ config MCUBOOT_QSPI_XIP_IMAGE_NUMBER config MCUBOOT_MCUBOOT_IMAGE_NUMBER int "MCUboot (S0/S1) image number (informative only, do not change)" - depends on MCUBOOT default -1 +if MCUBOOT + +config MCUBOOT_MCUBOOT_S0_S1_VERSION_MAJOR + int "MCUboot (S0/S1) package major version number (informative only, do not change)" + default -1 + +config MCUBOOT_MCUBOOT_S0_S1_VERSION_MINOR + int "MCUboot (S0/S1) package minor version number (informative only, do not change)" + default -1 + +config MCUBOOT_MCUBOOT_S0_S1_VERSION_REVISION + int "MCUboot (S0/S1) package revision version number (informative only, do not change)" + default -1 + +config MCUBOOT_MCUBOOT_S0_S1_VERSION_BUILD_NUMBER + int "MCUboot (S0/S1) package build number version number (informative only, do not change)" + default -1 + +endif # MCUBOOT + endmenu diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt index 3ae373ddf441..fc43e231da92 100644 --- a/sysbuild/CMakeLists.txt +++ b/sysbuild/CMakeLists.txt @@ -325,6 +325,34 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake) set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_QSPI_XIP_IMAGE_NUMBER}\n") set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_MCUBOOT_IMAGE_NUMBER}\n") + if(SB_CONFIG_SECURE_BOOT_APPCORE) + # Get the s0/s1 MCUboot update package version and split it up into the fields so it can + # be supplied to the MCUboot image + string(REPLACE "." ";" s0_s1_package_version ${SB_CONFIG_SECURE_BOOT_MCUBOOT_VERSION}) + string(REPLACE "+" ";" s0_s1_package_version "${s0_s1_package_version}") + + list(GET s0_s1_package_version 0 s0_s1_package_version_major) + list(GET s0_s1_package_version 1 s0_s1_package_version_minor) + list(GET s0_s1_package_version 2 s0_s1_package_version_revision) + list(GET s0_s1_package_version 3 s0_s1_package_version_build_number) + + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_MAJOR=${s0_s1_package_version_major}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_MINOR=${s0_s1_package_version_minor}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_REVISION=${s0_s1_package_version_revision}\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_BUILD_NUMBER=${s0_s1_package_version_build_number}\n") + + set(s0_s1_package_version) + set(s0_s1_package_version_major) + set(s0_s1_package_version_minor) + set(s0_s1_package_version_revision) + set(s0_s1_package_version_build_number) + else() + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_MAJOR=-1\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_MINOR=-1\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_REVISION=-1\n") + set_property(TARGET mcuboot APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_MCUBOOT_S0_S1_VERSION_BUILD_NUMBER=-1\n") + endif() + set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_APPLICATION_IMAGE_NUMBER}\n") set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_NETWORK_CORE_IMAGE_NUMBER}\n") set_property(TARGET ${DEFAULT_IMAGE} APPEND_STRING PROPERTY CONFIG "CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER=${SB_CONFIG_MCUBOOT_WIFI_PATCHES_IMAGE_NUMBER}\n") From ade6f3b3ac2ae5345e3b1ce942e348d2a4e95047 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 18 Oct 2024 08:53:29 +0100 Subject: [PATCH 06/10] samples: tfm: tfm_psa_template: Remove old sysbuild options These options are now automatically generated, they are no longer needed Signed-off-by: Jamie McCrae --- samples/tfm/tfm_psa_template/sysbuild.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/samples/tfm/tfm_psa_template/sysbuild.conf b/samples/tfm/tfm_psa_template/sysbuild.conf index bdbee1621dcc..b41085afb318 100644 --- a/samples/tfm/tfm_psa_template/sysbuild.conf +++ b/samples/tfm/tfm_psa_template/sysbuild.conf @@ -8,6 +8,5 @@ SB_CONFIG_BOOTLOADER_MCUBOOT=y SB_CONFIG_SECURE_BOOT_APPCORE=y SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y -SB_CONFIG_MCUBOOT_UPDATEABLE_IMAGES=2 SB_CONFIG_APPROTECT_LOCK=y SB_CONFIG_SECURE_APPROTECT_LOCK=y From 96e581d02e4f0cb09dabde9d5cd813a80cdcbaed Mon Sep 17 00:00:00 2001 From: Maximilian Deubel Date: Wed, 23 Oct 2024 17:02:10 +0200 Subject: [PATCH 07/10] treewide: update thingy91x bootloader setup Use production setup of thingy91x bootloader configuration. Signed-off-by: Maximilian Deubel --- .../sysbuild/mcuboot/boards/thingy91x_nrf9151.conf | 2 ++ .../mcuboot/boards/thingy91x_nrf9151.overlay | 4 ++++ .../mcuboot/boards/thingy91x_nrf5340_cpuapp.conf | 2 ++ .../sysbuild/mcuboot/boards/thingy91x_nrf9151.conf | 5 +++++ .../mcuboot/boards/thingy91x_nrf9151.overlay | 4 ++++ .../sysbuild/mcuboot/boards/thingy91x_nrf9151.conf | 5 +++++ .../mcuboot/boards/thingy91x_nrf9151.overlay | 4 ++++ .../sysbuild/mcuboot/boards/thingy91x_nrf9151.conf | 5 +++++ .../mcuboot/boards/thingy91x_nrf9151.overlay | 4 ++++ .../sysbuild/mcuboot/boards/thingy91x_nrf9151.conf | 14 +++++--------- .../mcuboot/boards/thingy91x_nrf9151.overlay | 4 ++++ 11 files changed, 44 insertions(+), 9 deletions(-) create mode 100644 applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay create mode 100644 applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay create mode 100644 samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay create mode 100644 samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay create mode 100644 samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay diff --git a/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf b/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf index 5558a0e48d46..7c2042de649c 100644 --- a/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf +++ b/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf @@ -17,3 +17,5 @@ CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay b/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay new file mode 100644 index 000000000000..7f2818c0d280 --- /dev/null +++ b/applications/asset_tracker_v2/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay @@ -0,0 +1,4 @@ +&uart0 { + status = "okay"; + current-speed = < 1000000 >; +}; diff --git a/applications/connectivity_bridge/sysbuild/mcuboot/boards/thingy91x_nrf5340_cpuapp.conf b/applications/connectivity_bridge/sysbuild/mcuboot/boards/thingy91x_nrf5340_cpuapp.conf index 8bbd4ddf9454..b2d427d17a8b 100644 --- a/applications/connectivity_bridge/sysbuild/mcuboot/boards/thingy91x_nrf5340_cpuapp.conf +++ b/applications/connectivity_bridge/sysbuild/mcuboot/boards/thingy91x_nrf5340_cpuapp.conf @@ -60,3 +60,5 @@ CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y CONFIG_MCUBOOT_VERIFY_IMG_ADDRESS=n CONFIG_BOOT_SERIAL_NO_APPLICATION=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf b/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf index d8ebd794fa15..7c2042de649c 100644 --- a/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf +++ b/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf @@ -14,3 +14,8 @@ CONFIG_UART_CONSOLE=n CONFIG_MCUBOOT_SERIAL=y CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y + +CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y +CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay b/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay new file mode 100644 index 000000000000..7f2818c0d280 --- /dev/null +++ b/applications/serial_lte_modem/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay @@ -0,0 +1,4 @@ +&uart0 { + status = "okay"; + current-speed = < 1000000 >; +}; diff --git a/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf b/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf index d8ebd794fa15..7c2042de649c 100644 --- a/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf +++ b/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf @@ -14,3 +14,8 @@ CONFIG_UART_CONSOLE=n CONFIG_MCUBOOT_SERIAL=y CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y + +CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y +CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay b/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay new file mode 100644 index 000000000000..7f2818c0d280 --- /dev/null +++ b/samples/cellular/nrf_cloud_multi_service/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay @@ -0,0 +1,4 @@ +&uart0 { + status = "okay"; + current-speed = < 1000000 >; +}; diff --git a/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf b/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf index d8ebd794fa15..7c2042de649c 100644 --- a/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf +++ b/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf @@ -14,3 +14,8 @@ CONFIG_UART_CONSOLE=n CONFIG_MCUBOOT_SERIAL=y CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y + +CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y +CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay b/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay new file mode 100644 index 000000000000..7f2818c0d280 --- /dev/null +++ b/samples/net/aws_iot/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay @@ -0,0 +1,4 @@ +&uart0 { + status = "okay"; + current-speed = < 1000000 >; +}; diff --git a/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf b/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf index 1d0e3fb5273e..7c2042de649c 100644 --- a/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf +++ b/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.conf @@ -1,11 +1,3 @@ -# -# Copyright (c) 2024 Nordic Semiconductor ASA -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - -# unmodified copy from mcuboot - # MCUBoot settings CONFIG_BOOT_MAX_IMG_SECTORS=512 @@ -20,6 +12,10 @@ CONFIG_CONSOLE=n CONFIG_CONSOLE_HANDLER=n CONFIG_UART_CONSOLE=n CONFIG_MCUBOOT_SERIAL=y - CONFIG_MCUBOOT_SERIAL_DIRECT_IMAGE_UPLOAD=y CONFIG_BOOT_SERIAL_IMG_GRP_IMAGE_STATE=y + +CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY=y +CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y + +CONFIG_FW_INFO_FIRMWARE_VERSION=2 diff --git a/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay b/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay new file mode 100644 index 000000000000..7f2818c0d280 --- /dev/null +++ b/samples/wifi/shell/sysbuild/mcuboot/boards/thingy91x_nrf9151.overlay @@ -0,0 +1,4 @@ +&uart0 { + status = "okay"; + current-speed = < 1000000 >; +}; From cb8b90368128d1ecb6bc47be955bad081c280fda Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 23 Oct 2024 14:30:05 +0100 Subject: [PATCH 08/10] nrf_security: Fix MBEDTLS_CFG_FILE Kconfig symbol Removes a prompt, type and duplicated help text from this symbol as this is an override symbol only Signed-off-by: Jamie McCrae --- subsys/nrf_security/Kconfig | 4 ---- 1 file changed, 4 deletions(-) diff --git a/subsys/nrf_security/Kconfig b/subsys/nrf_security/Kconfig index ee69e5895779..10e16756ca4e 100644 --- a/subsys/nrf_security/Kconfig +++ b/subsys/nrf_security/Kconfig @@ -64,11 +64,7 @@ config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS Promptless option used to control if the PSA Crypto core should have support for builtin keys or not. config MBEDTLS_CFG_FILE - string "mbed TLS configuration file" default "nrf-config.h" - help - Name of the config file for mbed TLS. This configuration file is used - in configurations with or without PSA APIs supported. config MBEDTLS_PSA_CRYPTO_CONFIG bool From cbae84cb066353822ad3b1d19dc625706ee72079 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Mon, 21 Oct 2024 14:41:38 +0100 Subject: [PATCH 09/10] nrf_compress: Fix ARM thumb filter cross-chunk issue Fixes an issue with the ARM thumb filter when an instruction crosses two chunks of data by storing bytes from the first for use in the second, this results in the output of the first run being less than the input data size and more than the input data size for the second run Signed-off-by: Jamie McCrae --- subsys/nrf_compress/lzma/armthumb.c | 16 ++++++++++- subsys/nrf_compress/lzma/armthumb.h | 3 +- subsys/nrf_compress/src/arm_thumb.c | 43 +++++++++++++++++++++++++++-- 3 files changed, 57 insertions(+), 5 deletions(-) diff --git a/subsys/nrf_compress/lzma/armthumb.c b/subsys/nrf_compress/lzma/armthumb.c index 33b8ce52abd6..4e25b4689f7b 100644 --- a/subsys/nrf_compress/lzma/armthumb.c +++ b/subsys/nrf_compress/lzma/armthumb.c @@ -7,17 +7,21 @@ /// // Authors: Igor Pavlov // Lasse Collin +// With changes by Nordic Semiconductor ASA // /////////////////////////////////////////////////////////////////////////////// #include #include "armthumb.h" -void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compress) +void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compress, + bool *end_part_match) { uint32_t i = 0; + uint32_t last_update_address = 0; while ((i + 4) <= buf_size) { + if ((buf[i + 1] & 0xF8) == 0xF0 && (buf[i + 3] & 0xF8) == 0xF8) { uint32_t dest; uint32_t src = (((uint32_t)(buf[i + 1]) & 7) << 19) @@ -26,6 +30,7 @@ void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compre | (uint32_t)(buf[i + 2]); src <<= 1; + last_update_address = i; if (compress) { dest = pos + (uint32_t)(i) + 4 + src; @@ -38,9 +43,18 @@ void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compre buf[i + 0] = (dest >> 11); buf[i + 3] = 0xF8 | ((dest >> 8) & 0x7); buf[i + 2] = (dest); + i += 2; } i += 2; } + + if (i == (buf_size - 2)) { + if (i > last_update_address && (buf[i + 1] & 0xF8) == 0xF0) { + *end_part_match = true; + } else { + *end_part_match = false; + } + } } diff --git a/subsys/nrf_compress/lzma/armthumb.h b/subsys/nrf_compress/lzma/armthumb.h index fa08f329c990..dd5d8ed20613 100644 --- a/subsys/nrf_compress/lzma/armthumb.h +++ b/subsys/nrf_compress/lzma/armthumb.h @@ -16,6 +16,7 @@ #include #include -void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compress); +void arm_thumb_filter(uint8_t *buf, uint32_t buf_size, uint32_t pos, bool compress, + bool *end_part_match); #endif diff --git a/subsys/nrf_compress/src/arm_thumb.c b/subsys/nrf_compress/src/arm_thumb.c index bf786fa23aa1..6786c554f6ae 100644 --- a/subsys/nrf_compress/src/arm_thumb.c +++ b/subsys/nrf_compress/src/arm_thumb.c @@ -16,12 +16,18 @@ LOG_MODULE_REGISTER(nrf_compress_arm_thumb, CONFIG_NRF_COMPRESS_LOG_LEVEL); BUILD_ASSERT((CONFIG_NRF_COMPRESS_CHUNK_SIZE % 4) == 0, "CONFIG_NRF_COMPRESS_CHUNK_SIZE must be multiple of 4"); -static uint8_t output_buffer[CONFIG_NRF_COMPRESS_CHUNK_SIZE]; +/* Requires 2 extra bytes to allow checking cross-chunk 16-bit aligned ARM thumb instructions */ +#define EXTRA_BUFFER_SIZE 2 + +static uint8_t output_buffer[CONFIG_NRF_COMPRESS_CHUNK_SIZE + EXTRA_BUFFER_SIZE]; +static uint8_t temp_extra_buffer[EXTRA_BUFFER_SIZE]; static uint32_t data_position = 0; +static bool has_extra_buffer_data; static int arm_thumb_init(void *inst) { data_position = 0; + has_extra_buffer_data = false; return 0; } @@ -38,6 +44,7 @@ static int arm_thumb_deinit(void *inst) static int arm_thumb_reset(void *inst) { data_position = 0; + has_extra_buffer_data = false; memset(output_buffer, 0x00, sizeof(output_buffer)); return 0; @@ -52,17 +59,47 @@ static int arm_thumb_decompress(void *inst, const uint8_t *input, size_t input_s bool last_part, uint32_t *offset, uint8_t **output, size_t *output_size) { + bool end_part_match = false; + bool extra_buffer_used = false; + if (input_size > CONFIG_NRF_COMPRESS_CHUNK_SIZE) { return -EINVAL; } - memcpy(output_buffer, input, input_size); - arm_thumb_filter(output_buffer, input_size, data_position, false); + if (has_extra_buffer_data == true) { + /* Copy bytes from temporary holding buffer */ + memcpy(output_buffer, temp_extra_buffer, sizeof(temp_extra_buffer)); + memcpy(&output_buffer[sizeof(temp_extra_buffer)], input, input_size); + end_part_match = true; + extra_buffer_used = true; + has_extra_buffer_data = false; + input_size += sizeof(temp_extra_buffer); + } else { + memcpy(output_buffer, input, input_size); + } + + arm_thumb_filter(output_buffer, input_size, data_position, false, &end_part_match); data_position += input_size; *offset = input_size; + + if (extra_buffer_used) { + *offset -= sizeof(temp_extra_buffer); + } + *output = output_buffer; *output_size = input_size; + if (end_part_match == true && !last_part) { + /* Partial match at end of input, need to cut the final 2 bytes off and stash + * them + */ + memcpy(temp_extra_buffer, &output_buffer[(input_size - sizeof(temp_extra_buffer))], + sizeof(temp_extra_buffer)); + has_extra_buffer_data = true; + *output_size -= sizeof(temp_extra_buffer); + data_position -= sizeof(temp_extra_buffer); + } + return 0; } From acaaf83552e7f233d8744e4d3c542c5731068103 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Tue, 22 Oct 2024 09:29:33 +0100 Subject: [PATCH 10/10] tests: nrf_compress: decompression: arm_thumb: Fix for chunks Updates the test to support the new cross-chunk ARM thumb filter functionality, and verfies that the output size is the expected size Signed-off-by: Jamie McCrae --- .../decompression/arm_thumb/src/main.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/tests/subsys/nrf_compress/decompression/arm_thumb/src/main.c b/tests/subsys/nrf_compress/decompression/arm_thumb/src/main.c index a68dcedf77a2..d3e895ca7b79 100644 --- a/tests/subsys/nrf_compress/decompression/arm_thumb/src/main.c +++ b/tests/subsys/nrf_compress/decompression/arm_thumb/src/main.c @@ -18,6 +18,8 @@ static const uint8_t output_expected[] = { #include "arm_thumb.inc" }; +#define PLUS_MINUS_OUTPUT_SIZE 2 + ZTEST(nrf_compress_decompression, test_valid_implementation) { int rc; @@ -25,6 +27,7 @@ ZTEST(nrf_compress_decompression, test_valid_implementation) uint32_t offset; uint8_t *output; uint32_t output_size; + uint32_t total_output_size = 0; struct nrf_compress_implementation *implementation = NULL; implementation = nrf_compress_implementation_find(NRF_COMPRESS_TYPE_ARM_THUMB); @@ -36,6 +39,7 @@ ZTEST(nrf_compress_decompression, test_valid_implementation) while (pos < sizeof(input_compressed)) { uint32_t input_data_size; + bool last = false; input_data_size = implementation->decompress_bytes_needed(NULL); zassert_equal(input_data_size, CONFIG_NRF_COMPRESS_CHUNK_SIZE, @@ -43,19 +47,28 @@ ZTEST(nrf_compress_decompression, test_valid_implementation) if ((pos + input_data_size) >= sizeof(input_compressed)) { input_data_size = sizeof(input_compressed) - pos; + last = true; } rc = implementation->decompress(NULL, &input_compressed[pos], input_data_size, - false, &offset, &output, &output_size); + last, &offset, &output, &output_size); zassert_ok(rc, "Expected data decompress to be successful"); - zassert_equal(output_size, input_data_size, - "Expected data decompress to be successful"); zassert_mem_equal(output, &output_expected[pos], output_size); + if (!(output_size == input_data_size || output_size == + (input_data_size + PLUS_MINUS_OUTPUT_SIZE) || output_size == + (input_data_size - PLUS_MINUS_OUTPUT_SIZE))) { + zassert_ok(1, "Expected data output size is not valid"); + } + pos += offset; + total_output_size += output_size; } + zassert_equal(total_output_size, sizeof(output_expected), + "Expected data decompress output size to match data input size"); + rc = implementation->deinit(NULL); zassert_ok(rc, "Expected deinit to be successful"); }