Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mcuboot: Make ED25519 signature default for nrf54l series #19148

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

mcuboot: Make ED25519 signature default for nrf54l series #19148

wants to merge 5 commits into from

Conversation

de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Nov 28, 2024
edited by doublemis1
Loading

MCUboot for nRF54l15 will be built with support for ED25519 by default and application images will be signed with ED25519 signature.
The MCUboot partition size, for this configuration, is set to 0xd000.

test_chip: PR-964

@de-nordic de-nordic requested a review from a team as a code owner November 28, 2024 16:51
@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 28, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Nov 28, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 60

Inputs:

Sources:

sidewalk: PR head: de1a26537774d4f6c8e7619ae3a895cf6f5ced02
sdk-nrf: PR head: a45e11d3177588d1d413f1187ee41e2f9dcb934c

more details

sidewalk:

PR head: de1a26537774d4f6c8e7619ae3a895cf6f5ced02
merge base: adba7ad6bfdcd7f773c2897dd2dc3bd8c24b9242
target head (main): 1b59db430abf0829fdee87247d9546396833d84b
Diff

sdk-nrf:

PR head: a45e11d3177588d1d413f1187ee41e2f9dcb934c
merge base: 89ef021fc8b12f484185d872f1121a71fcbde5e2
target head (main): 89ef021fc8b12f484185d872f1121a71fcbde5e2
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (24) 
modules
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── zephyr
│  │  │  │  │ Kconfig
sidewalk
│  ├── samples
│  │  ├── sid_end_device
│  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  ├── sysbuild
│  │  │  │  ├── mcuboot
│  │  │  │  │  ├── boards
│  │  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ prj.conf
│  ├── tests
│  │  ├── manual
│  │  │  ├── simple_bootloader
│  │  │  │  ├── Kconfig.sysbuild
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │ nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  │  ├── sysbuild
│  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  ├── nrf52840dk_nrf52840.conf
│  │  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp.overlay
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.conf
│  │  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp.overlay
│  │  │  │  │  │  │  │ thingy53_nrf5340_cpuapp.conf
│  │  │  │  │  │  │ prj.conf
sysbuild
│  │ Kconfig.mcuboot
tests
│  ├── subsys
│  │  ├── nrf_compress
│  │  │  ├── decompression
│  │  │  │  ├── mcuboot_update
│  │  │  │  │  ├── modified_signing.cmake
│  │  │  │  │  ├── pm_static_nrf52840dk_nrf52840.yml
│  │  │  │  │  ├── pm_static_nrf5340dk_nrf5340_cpuapp.yml
│  │  │  │  │  ├── pm_static_nrf54l15dk_nrf54l15_cpuapp.yml
│  │  │  │  │  ├── sysbuild.cmake
│  │  │  │  │  ├── sysbuild
│  │  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  │  ├── boards
│  │  │  │  │  │  │  │  │ nrf5340dk_nrf5340_cpuapp.conf
west.yml

Outputs:

Toolchain

Version: aedb4c0245
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:aedb4c0245_bece0367df

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
  • ✅ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ✅ test-fw-nrfconnect-boot
    • ✅ test-fw-nrfconnect-apps
    • ✅ test_ble_nrf_config
    • ✅ test-fw-nrfconnect-ble_mesh
    • ✅ test-fw-nrfconnect-ble_samples
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_cloud
    • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • ✅ test-fw-nrfconnect-nrf-iot_samples
    • ✅ test-fw-nrfconnect-nrf-iot_lwm2m
    • ✅ doc-internal
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-proprietary_esb
    • ✅ test-fw-nrfconnect-rpc
    • ✅ test-fw-nrfconnect-rs
    • ✅ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread
    • ✅ test-fw-nrfconnect-zigbee
    • ✅ test-sdk-find-my
    • ✅ test-fw-nrfconnect-nrf-iot_mosh
    • ✅ test-fw-nrfconnect-nrf-iot_positioning
    • ✅ test-sdk-sidewalk
    • ✅ test-sdk-wifi
    • ✅ test-low-level
    • ✅ test-sdk-pmic-samples
    • ✅ test-sdk-mcuboot
    • ✅ test-sdk-dfu
    • ✅ test-fw-nrfconnect-ps
    • ✅ test-secdom-samples-public
    • ⚠️ test-fw-nrfconnect-fw-update

Note: This message is automatically posted and updated by the CI

@NordicBuilder
Copy link
Contributor

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

@de-nordic de-nordic mentioned this pull request Nov 28, 2024
Merged
@de-nordic
Copy link
Contributor Author

@nvlsianpu The CI failures are caused by samples overriding mbedtls configuration file from nrf-security to something else.

@LuDuda
Copy link
Contributor

LuDuda commented Nov 28, 2024

@maciejbaczmanski could you please take a look, to ensure we use default configuration.

MarekPieta
MarekPieta approved these changes Dec 2, 2024
View reviewed changes
Copy link
Contributor

@MarekPieta MarekPieta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

maciejbaczmanski
maciejbaczmanski approved these changes Dec 3, 2024
View reviewed changes
Copy link
Member

@maciejbaczmanski maciejbaczmanski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#19178 should unblock the PR and fix building matter samples

@de-nordic de-nordic mentioned this pull request Dec 3, 2024
Closed
@de-nordic de-nordic requested review from a team as code owners December 3, 2024 13:38
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Dec 3, 2024
@de-nordic
Copy link
Contributor Author

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

maciejbaczmanski
maciejbaczmanski reviewed Dec 3, 2024
View reviewed changes
doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst Outdated
@@ -351,6 +351,13 @@ Matter samples
* Updated all Matter samples that support low-power mode to enable the :ref:`lib_ram_pwrdn` feature.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noticed that when copying and pasting I've left this point here. it should be removed as it is covered under Updated:

@maciejbaczmanski
Copy link
Member

@maciejbaczmanski We got some compliance issue regarding non-existing Kconfig WIFI_NM_WPA_SUPPLICANT_CRYPTO_EXT

rebasing helped on my previous PR

@de-nordic de-nordic added this to the 2.9.0 milestone Dec 3, 2024
@de-nordic
Copy link
Contributor Author

Needed to do rebase and force push to remove conflicts.

ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Dec 4, 2024
@ktaborowski
samples: new mcuboot configuration
778216f 
Align Sidewalk with nRF changes in:
nrfconnect/sdk-nrf#19148

Signed-off-by: Krzysztof Taborowski <[email protected]>
@ktaborowski ktaborowski mentioned this pull request Dec 4, 2024
Merged
5 tasks
@ktaborowski
Copy link
Contributor

nrfconnect/sdk-sidewalk#652 workaround for build issue on sidewalk samples on nrf54l10 - increase mcuboot partition

@de-nordic de-nordic requested a review from a team as a code owner December 4, 2024 09:34
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Dec 4, 2024
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
sidewalk nrfconnect/sdk-sidewalk@1b59db4 (main) nrfconnect/sdk-sidewalk#666 nrfconnect/sdk-sidewalk#666/files

DNM label due to: 1 project with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@de-nordic de-nordic requested a review from a team as a code owner February 5, 2025 15:16
@de-nordic de-nordic force-pushed the ed25519_by_default branch 4 times, most recently from 4282979 to a930a15 Compare February 13, 2025 09:08
@github-actions github-actions bot removed the manifest label Feb 13, 2025
ktaborowski added a commit to ktaborowski/sdk-sidewalk that referenced this pull request Feb 14, 2025
@ktaborowski
samples: new mcuboot configuration
3b94ddc 
* all platforms: size optimization in mcuboot
* nrf54L: ed25519 signature as default (from nrf)
nrfconnect/sdk-nrf#19148
* nrf54L10: link time optimization in mcuboot
* nrf54L10: mcuboot partition size set to 52 KB

Signed-off-by: Krzysztof Taborowski <[email protected]>
@de-nordic de-nordic force-pushed the ed25519_by_default branch 4 times, most recently from 42fe252 to 18c224f Compare February 19, 2025 12:17
@github-actions GitHub Actions
Copy link

After documentation is built, you will find the preview for this PR here.

de-nordic and others added 5 commits February 26, 2025 16:03
@de-nordic
mcuboot: Make ED25519 signature default for nrf54l series
2634b9c 
MCUboot for nRF54l15 will be built with support for ED25519
by default and application images will be signed with ED25519
signature.
The MCUboot partition size, for this configuration, is set
to 0xd000.

Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Marek Pieta <[email protected]>
@de-nordic
tests: nrf_compress: decompression: Enable ED25519
28b1ecc 
Enable ED25519 for nrf54l by default.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: nrf_compress: Make space for large MCUboot
c911197 
Increases size of MCUboot by taking away one page of primary
image. Changes signing CMake to properly change address of a
binary.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: nrf_compress: Disable FPROTECT for nrf5340dk
e4c3c70 
Commit disables FPROTECT for nrf5340dk/nrf5340/cpuapp configuration
as it seems that increased size of MCUboot, by ed25519, is not
coverable by FPROTECT.

Signed-off-by: Dominik Ermel <[email protected]>
@ktaborowski @de-nordic
manifest: update sidewalk revision
a45e11d 
mcuboot size changes

Signed-off-by: Krzysztof Taborowski <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions GitHub Actions
Copy link

You can find the documentation preview for this PR here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejbaczmanski maciejbaczmanski maciejbaczmanski approved these changes

@nvlsianpu nvlsianpu nvlsianpu approved these changes

@MarekPieta MarekPieta MarekPieta approved these changes

@nordicjm nordicjm nordicjm approved these changes

@peknis peknis peknis approved these changes

@gchwier gchwier gchwier approved these changes

Assignees

@de-nordic de-nordic

Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-sidewalk
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.