[nrf noup] ci: Pin GH actions to SHAs #407
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FPROTECT is not suppored yet for nrf54l15. Signed-off-by: Grzegorz Chwierut <[email protected]> Signed-off-by: Gerard Marull-Paretas <[email protected]> (cherry picked from commit 592a0f1) (cherry picked from commit da14b70)
Move ifdefs just to not add code for cleanup unusable slot when direct xip mode is enabled to avoid warnings. Signed-off-by: Grzegorz Chwierut <[email protected]> (cherry picked from commit 948c3ad) (cherry picked from commit 5f10ba0)
Added DTS with partitioning which involves external flash as place for slo1_partition. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 1347dfb) (cherry picked from commit 0cb3858)
This patch supplements the configuration for external flash so MCUboot can be build with FILE_SUFFIX="ext_flash" for the nrf54l15pdk instead of explicitly configuration specification. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 8b7d37f) (cherry picked from commit a38a17e)
This patch disbales MCUBoot logging and enables serial recovery for the Thingy:91. Signed-off-by: Maximilian Deubel <[email protected]> Signed-off-by: Bernt Johan Damslora <[email protected]> (cherry picked from commit 6b95cd6) (cherry picked from commit b27bf53)
Mcuboot's boot banner should not be used if NCS boot banner is enabled. Signed-off-by: Robert Lubos <[email protected]> (cherry picked from commit 220096b) (cherry picked from commit 6e47305)
By the upstream patch the vt get now the pointer to the copy of the arm_vector instead of original. This patch fixes address of the firmware which is to be taken by the fw_info_find. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 592f636) (cherry picked from commit 362a944)
…t vector This is revert of upstream commit 453096b which was supposed to allow picking interrupt vector table from flash area but the whole modification unfortunately misunderstood difference between flash device ID and flash area ID. The commit is not important for sdk-nrf and requires re-design and fixing upstream. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ad75809) (cherry picked from commit 861a34e)
Align to changes in DTS: renamed: rram0 -> cpuapp_rram sized up cpauapp_rram region szie as part of it was reserved for cpuflpr_rram (which is not used by this config). Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 48e6e27) (cherry picked from commit 4d86e37)
Adds a boot banner which shows as MCUboot Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 0148f96) (cherry picked from commit 8f74833)
This patch introduces skip on checking downgrade for s1/s0 upgrade image (chain-loaded by NSIB). which is used for upgrade MCUboot instance itself. Reason is that sdk-mcuboot has not access to semantic version of its own image. I also shouldn't touch HW counter used for hardware downgrade prevention for the application image (which was the case). HW counters for s0/s1 image are owned by NSIB because its role is to prevnt dongrades of s0/s1 MCUboot. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit cc78118) (cherry picked from commit 1953d93)
As this is MCUboot updating itself, it should reboot the device so NSIB will chainload the update MCUboot Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 29fdb63) (cherry picked from commit 5f52f93)
Fixes an issues with wrongly checking the network core reset address Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit fcf0a31) (cherry picked from commit b3d65d9)
FPROTECT is not suppored for nrf54l15dk. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 123454f) (cherry picked from commit 4786da4)
Adds support for LZMA-compressed firmware updates Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit a242e91) (cherry picked from commit 8809820) (cherry picked from commit 16a7789) (cherry picked from commit 99fee89) (cherry picked from commit 0a70e49) (cherry picked from commit e369d25)
* Add functions for ecdsa_verify_secp256r1 and sha256 to use the shared crypto API * Add Kconfig and CMake variables for selecting shared crypto when using ecdsa * Add custom section to project for placing the API section in the correct location in flash * Add kconfig fragment for using external crypto Signed-off-by: Sigvart Hovland <[email protected]> Signed-off-by: Martí Bolívar <[email protected]> Signed-off-by: Emil Obalski <[email protected]> Signed-off-by: Andrzej Puzdrowski <[email protected]> Signed-off-by: Håkon Øye Amundsen <[email protected]> Signed-off-by: Ioannis Glaropoulos <[email protected]> Signed-off-by: Trond Einar Snekvik <[email protected]> Signed-off-by: Georgios Vasilakis <[email protected]> Signed-off-by: Johann Fischer <[email protected]> Signed-off-by: Torsten Rasmussen <[email protected]> Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 4e0dee6) (cherry picked from commit 106ade3)
The commit provides implementation of image verification with ed25519 and encryption/decryption support where random key is encrypted using x25519. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit e874cf8) (cherry picked from commit 9e1d883) (cherry picked from commit 062d3e7)
Adds support for ARM thumb filter usage for compressed firmware updates Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 0ea935a) (cherry picked from commit ded8242) (cherry picked from commit 4fc8d2d)
This has been overriding logic that selects nrf-config.h when CONFIG_NRF_SECURITY=y. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6ea6a72) (cherry picked from commit 2d5a490)
Previously PCD memory was locked as read-only, non-secure in MCUboot. Given that TF-M also needs write to PCD to communicate with b0n, the memory is left unlocked and locked to read-only, non-secure in TF-M. Signed-off-by: Markus Lassila <[email protected]> (cherry picked from commit 68b96b8) (cherry picked from commit b3c7d3d)
Adds support for image IDs that are assigned by sysbuild, which allows for dynamically supporting different configurations without needing dummy images to support different modes. Also fixes multiple deficiencies with the previous code where things were not properly accounted for e.g. using the swap algorithm including all swap status parts when updating s0/s1 MCUboot image which could overwrite and corrupt the image data in the other slot Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 5646583) (cherry picked from commit ba255be)
Adds a check that will also check the s0/s1 package version of the currently running MCUboot against a MCUboot update image to ensure that an older version of MCUboot isn't loaded to the opposite slot Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 04481ec) (cherry picked from commit 4aaec13)
Adds support for child and parent images back, this commit will be reverted after the NCS 2.8 release when child/parent support is dropped Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 20ee337) (cherry picked from commit d5aa215)
Update the configuration files for the Thingy:91 X targets to the ones used in production. Signed-off-by: Maximilian Deubel <[email protected]> (cherry picked from commit ae07a33) (cherry picked from commit 0ab75e0)
Enable backporting of PRs. Signed-off-by: Carles Cufi <[email protected]> (cherry picked from commit 93f4645)
Moved configs from nrf54l15pdk. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 6b030d7)
Add support for reporting various sha in image list. There is always only one sha compiled in, but serial recovery has been previously hardcoded to support sha256 only. Upstream PR #: 2116 Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit bcdf6e2)
Log module has been declared but never registered. This commit fixes that by just registering the module. Signed-off-by: Maciej Baczmanski <[email protected]> Co-authored-by: Marek Pieta <[email protected]> (cherry picked from commit c6b9d83)
Add Kconfig option to cleanup RAM in MCUboot before passing control to an application. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 39aab3d) (cherry picked from commit 1c2a423)
Set of changes to Kconfig, CMakeLists.txt and some of headers that are required for the PSA support to compile. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6400cc8) (cherry picked from commit 3cdcdb3) (cherry picked from commit a47fccf)
…SS_ASN The option enables MCUboot configuration option MCUBOOT_KEY_IMPORT_BYPASS_ASN. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 3ff7549)
One of includes is not available when bypassing ASN1 encoding as mbedTLS is no longer enabled for compilation. Discovered with zephyr, but common for other platforms, after recent changes in CMakeLists.txt. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit a01ca4c)
Commit removes files needed for ASN1 parsing from compilation, when ASN1 bypass is enabled. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ec86244)
…t needed Make selection of MBEDTLS_ASN1_PARSE_C, in BOOT_ED25519_MBEDTLS, depending on ASN1 parsing being enabled. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 0ba80ff)
ED25519 with mbedTLS has not been linking due to missing SHA512, which is internally required by ED25519 implementation. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit f523c60)
All of ED25519 backends allow SHA512, together with SHA512. The ED25519 internally requires SHA512 for calculations, but image may be hashed with any SHA algorithm. The PSA has also been missing selecting of any SHA as allowed. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit e5d8640)
Accidentally added check for size of blen against hash length, in bootutil_verify, was doubling check done in bootutli_verify_sig and prevented pure signature from working. Upstream PR #: 2237 Signed-off-by: Dominik Ermel <[email protected]>
Select proper configuration and disable mbedTLS selection, as we are using NRF Security enabled Oberon. Signed-off-by: Dominik Ermel <[email protected]>
Fixes path variables to use the proper Zephyr module variables Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit d978f7b) (cherry picked from commit 4943e2f)
Adds support for LZMA-compressed firmware updates Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 474a922) (cherry picked from commit 655eeac)
Adds support to the compressed image update for allowing encrypted images. Also removes the limit of having 1 updateable image Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 390c468) (cherry picked from commit cbb7da0) (cherry picked from commit 148712e)
This has been overriding logic that selects nrf-config.h when CONFIG_NRF_SECURITY=y. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ea00c04) (cherry picked from commit 62929e4)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 6e0c2b8) (cherry picked from commit b647a94)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit ff3c31f) (cherry picked from commit 4ceb477)
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before NCSDK-30743 Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 12e5ee1) (cherry picked from commit 2ca0efe)
…rypted image This TLV is needed in order to know what the data length provided to the decompression system is to remove the padding that is a resultant of the encryption block size Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 4bda587) (cherry picked from commit bc8d277)
Use snprinf, alloc, calloc and free from mbedTLS rather than from Zephyr. Signed-off-by: Dominik Ermel <[email protected]>
Jira: NCSDK-32440 Signed-off-by: Jan Gałda <[email protected]>
|
jangalda-nsc
requested review from
nordicjm,
carlescufi,
thst-nordic and
karhama
and removed request for
nordicjm
karhama
approved these changes
Mar 27, 2025
|
should we open this change in https://github.com/zephyrproject-rtos/mcuboot first? |
nordicjm
requested changes
Apr 1, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira: NCSDK-32440