Upmerge 2025.04.23 #425
Open
Upmerge 2025.04.23 #425
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds default configuration for the frdm-mcxn236 board. Signed-off-by: Andrej Butok <[email protected]>
Another set of flash_area_open removals where boot_loader_state is available to provide flash_area object's pointer. Signed-off-by: Dominik Ermel <[email protected]>
One of includes is not available when bypassing ASN1 encoding as mbedTLS is no longer enabled for compilation. Discovered with zephyr, but common for other platforms, after recent changes in CMakeLists.txt. Signed-off-by: Dominik Ermel <[email protected]>
Commit removes files needed for ASN1 parsing from compilation, when ASN1 bypass is enabled. Signed-off-by: Dominik Ermel <[email protected]>
Make selection of MBEDTLS_ASN1_PARSE_C, in BOOT_ED25519_MBEDTLS, depending on ASN1 parsing being enabled. Signed-off-by: Dominik Ermel <[email protected]>
ED25519 with mbedTLS has not been linking due to missing SHA512, which is internally required by ED25519 implementation. Signed-off-by: Dominik Ermel <[email protected]>
Fixes directly accessing an element of this object with one of the helper functions Signed-off-by: Jamie McCrae <[email protected]>
All of ED25519 backends allow SHA512, together with SHA512. The ED25519 internally requires SHA512 for calculations, but image may be hashed with any SHA algorithm. The PSA has also been missing selecting of any SHA as allowed. Signed-off-by: Dominik Ermel <[email protected]>
Removes lines that have never done anything because this is already the default Signed-off-by: Jamie McCrae <[email protected]>
The commit adds two MCUboot configuration options: - MCUBOOT_SUPPORT_DEV_WITHOUT_ERASE - MCUBOOT_SUPPORT_DEV_WITH_ERASE - MCUBOOT_MINIMAL_SCRAMBLE The first one should be enabled to support devices that do not require erase. When such devices are used in system then MCUboot will avoid erasing such device, which is not needed by hardware, and will just write data to it. This allows to both improve device lifetime and reduce time of operations like swap. The second option is just bringing a configuration option for already existing support for deviceses with erase. The third option allows to reduce amount of removed data. When enabled, MCUboot will remove enough of data, depending on the purpose of the removal, to just fulfill the purpose; for example if removal of data is done to make image unrecognizable for MCUboot, with this option, it will only remove header. Signed-off-by: Dominik Ermel <[email protected]>
Add Kconfig options:
- CONFIG_MCUBOOT_STORAGE_WITHOUT_ERASE that enables MCUboot
configuration MCUBOOT_SUPPORT_DEV_WITHOUT_ERASE
- CONFIG_MCUBOOT_STORAGE_WITH_ERASE that enables MCUboot
configuration MCUBOOT_SUPPORT_DEV_WITH_ERASE
- CONFIG_MCUBOOT_STORAGE_MINIMAL_SCRAMBLE that enables MCUboot
configuration MCUBOOT_MINIMAL_SCRAMBLE
Adds implementation of flash_area_erase_required, which is required when
MCUBOOT_STORAGE_DEV_WITHOUT_ERASE is enabled.
Signed-off-by: Dominik Ermel <[email protected]>
The intention of bs_custom_storage_erase is to remove data from device; to support devices that do not require erase, without calling erase, so that devices that do not implement such functions could work, the flash_area_erase has been replaced with flash_area_flatten. Signed-off-by: Dominik Ermel <[email protected]>
By default enable all other systems to work with devices that require erase prior to write. Signed-off-by: Dominik Ermel <[email protected]>
Accidentally added check for size of blen against hash length, in bootutil_verify, was doubling check done in bootutli_verify_sig and prevented pure signature from working. Signed-off-by: Dominik Ermel <[email protected]>
MCUBOOT_USE_PSA_CRYPTO should be set by CONFIG_BOOT_USE_PSA_CRYPTO instead of CONFIG_MBEDTLS_PSA_CRYPTO_CLIENT. Signed-off-by: Dominik Ermel <[email protected]>
Fixes an issue where the variable might not be set and be empty, and would still be included which would cause a compiler include empty file error Signed-off-by: Jamie McCrae <[email protected]>
This resolves a warning when building with `-Wsign-compare`. `struct flash_area.fa_size` is declared as `size_t` in the Zephyr source tree (in `include/zephyr/storage/flash_map.h`). Signed-off-by: Samuel Coleman <[email protected]>
Fixes tags for pygments Signed-off-by: Jamie McCrae <[email protected]>
ECDSA signatures are encoded as ASN.1 and the size of the ASN.1 representation can vary depending on the value of the two integers the signature is composed of. This means that when ECDSA is used, the size of the TLV area is not always equal to the size that was estimated by the simulator when attempting to determine the maximum image size. Indeed, the estimate gives the maximum possible size of the TLV area and depending on its actual size, the generated images might be in fact a bit smaller than expected. This is not a big issue but adds a bit of randomness in the simulation and make difficult to generate precisely oversized images when desired for example. This commit ensures an ECDSA signature with the largest possible size is always used, making the size of the corresponding TLV entry constant in the simulator. Signed-off-by: Thomas Altenbach <[email protected]>
To generate oversized, the simulator needs to know the maximum image size. To obtain such size, the size of the TLV area is estimated and when using ECDSA, the actual size of the TLV area in the generated image was not always equal to the estimated size. This required to add a bit more data than what should be necessary when creating oversized images, to ensure the generated images will actually be oversized in most cases. Thanks to the previous commit, this is no more necessary and it is now possible to reliably generate oversized images with the smallest size. Signed-off-by: Thomas Altenbach <[email protected]>
For the overwrite-only upgrade strategy, the trailer size computed by the simulator and used to determine the maximum image size was not correct. This commit fixes the issue. Having an underestimated trailer size was causing the 'oversized_secondary_slot' to fail since the previous commit, because the oversized images are now generated to have the smallest possible size. Signed-off-by: Thomas Altenbach <[email protected]>
Since 1b2fc09, many places now reuse the flash area pointer from the bootloader state. Unfortunately, some RAM load usage (on single loader or runtime-source sample) didn't set up the flash area pointer on the bootloader state, so they were broken. This patch fixes that by adding the flash area pointer to the created bootloader states - directly or via a new parameter to boot_load_image_from_flash_to_sram(). Signed-off-by: Ederson de Souza <[email protected]>
This will encompass both CONFIG_BOOT_RAM_LOAD and CONFIG_SINGLE_APPLICATION_SLOT_RAM_LOAD, which, at this point, should follow the same code path - load image to RAM. Signed-off-by: Ederson de Souza <[email protected]>
Add default configuration for mcx_n9xx_evk. Signed-off-by: Derek Snell <[email protected]>
Fixes an issue whereby another module might have declared this by undefining it if it's already set Signed-off-by: Jamie McCrae <[email protected]>
Added basic adaptations needed for introducing nrf54h20dk board support in the future. Signed-off-by: Michal Kozikowski <[email protected]>
Signed-off-by: Guillaume G. <[email protected]>
Clang wrongly throws a warning, which will be treated as an error in twister builds, add pointless workaround to set variable that is already set by the hook function to avoid this Signed-off-by: Jamie McCrae <[email protected]>
Code implied that WATCHDOG_INTERVAL will enable watchdog in bootloader however it never did hal_watchdog_init sets up some watchdog data but for most mcu is does not start watchdog. Now hal_watchdog_enable() is called when WATCHDOG_INTERVAL is set to non zero as git history suggested . Signed-off-by: Jerzy Kasenberg <[email protected]>
Now flag defining config file for MbedTLS is global (see apache/mynewt-core#3394), so we do not have to include the same flag in bootutil package. This also enables MBEDTLS_CIPHER_MODE_CTR in boot_serial test package, as it is used in unit tests and it is disabled by default. Signed-off-by: Michal Gorecki <[email protected]>
Adds additional conditions that lets the direct upload option to be selected on nRF5340 to allow for uploading network core updates directly to the network core with the flash simulator Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit b169015)
Configured CONFIG_NRF_RRAM_WRITE_BUFFER_SIZE=32 Which ensure the fastest bulk RRAM write operations. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit d18f8fd)
Removes stray child/parent references Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit b7a30ff)
MCUboot uses SOC_FLASH_0_ID and SPI_FLASH_0_ID to distinguish between internal and external boot device. These IDs are provided by sysflash.h, but the pm_sysflash.h overrides entire file, and was lacking that definitions. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit b9578ab)
Disabled NCS BOOT BANNER to save some flash, as Thingy:53 stopped to fit in the mcuboot partition. The boot banner is not used anyway, as logs are disabled. Signed-off-by: Kamil Kasperczyk <[email protected]> (cherry picked from commit 1027dd8)
Adds check to region of mcuboot_secondary_1 to put it in external flash only if CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY is set. This should allow for DFU from internal flash on the nRF5340 with dynamic partitioning. Also fixing a typo. Signed-off-by: Sigurd Hellesvik <[email protected]> (cherry picked from commit f3fedff)
Select proper configuration and disable mbedTLS selection, as we are using NRF Security enabled Oberon. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit fa89f7b)
Fixes path variables to use the proper Zephyr module variables Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 5c886db)
Adds support for LZMA-compressed firmware updates which also supports encrypted images and supports more than 1 updateable image Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit b2fc324)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 2ae98d5)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 1c9556a)
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before NCSDK-30743 Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 59987a6)
Use snprinf, alloc, calloc and free from mbedTLS rather than from Zephyr. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 03d9b4f)
Added basic support for nrf54h20dk_nrf54h20_cpuapp_iron board. This commit turns off CONFIG_FPROTECT for this board build. Signed-off-by: Michal Kozikowski <[email protected]> (cherry picked from commit 27d2065)
This commit removes NRF_CLOCK cleanup for this board build - for Lillium, there is no clock peripheral access from the app domain. Signed-off-by: Michal Kozikowski <[email protected]> (cherry picked from commit b014be2)
nrf-squash! [nrf noup] zephyr: sdk-nrf specific overrides on PSA Kconfigs Allow hash only, instead of signature, for nrf54l when using PSA crypto. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit d4f3b7d)
nrf-squash! [nrf noup] boot/../loader: skip downgrade prevention for s1/s0 Fixes 4 issues with monotomic counter usage: 1. Where the NSIB update skipped the check but would then wrongly update the monotomic counter after 2. Where a network core update on nRF5340 used the monotonic counter which only supports a single image 3. Where an NSIB update used the monotonic counter which only supports a single image 4. Where security counter validation was wrongly performed on other images against the main image security counter Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 3bd1796)
Disable previous generation key when update comes with new valid key and application is confirmed. Signed-off-by: Mateusz Michalek <[email protected]> (cherry picked from commit 6df89a8)
Added procedure which does configure UARTE pins to the default states. This allows to reduce power consumption if pin is floating. clean-up UARTE only if its driver was enabled Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit f134edd)
Zephyr provides "mcuboot-mbedtls-cfg.h" as glue interface for configure mbedts. "config-tls-generic.h" default value was erroneously introduced during a meta codebase synchronization. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 3aa0744)
Compile out code which does cleanup on UARTE pins as this cause issues on for some applications. ref.: NCSDK-33039 Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 81e6fc3)
nrf-squash! zephyr: Add support for compressed image updates Fixes an issue whereby compressed encrypted update images were not padded and the final part of decryption would fail due to not being a length of the block size Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 3443eae)
adding default configs. Signed-off-by: Mateusz Michalek <[email protected]> (cherry picked from commit ec52537)
adds missing valid return state in key revocation procedure. nrf-squash! [nrf noup] bootutil: key revocation Signed-off-by: Mateusz Michalek <[email protected]> (cherry picked from commit 85ed722)
This commit adds cleanup for GRTC and UARTE peripherals. ref: NCSDK-32966 Signed-off-by: Artur Hadasz <[email protected]> (cherry picked from commit 9d9d524)
nrf-squash! [nrf noup] treewide: Add support for sysbuild assigned images Updates the erase function as per upmerge changes Signed-off-by: Jamie McCrae <[email protected]>
|
This was referenced May 5, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Upmerge to newer version of MCUboot