Skip to content

bootloader: mcuboot: Added BOOT_SIGNATURE_USING_ITS configuration #23433

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

bootloader: mcuboot: Added BOOT_SIGNATURE_USING_ITS configuration #23433

wants to merge 1 commit into from
+14 −1

Conversation

ahasztag
Copy link
Contributor

This configuration has the purpose of using keys provisioned to the internal trusted storage (ITS).

@ahasztag ahasztag requested review from a team as code owners July 24, 2025 07:57
@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Jul 24, 2025
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 24, 2025
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@d24b28f (main) nrfconnect/sdk-mcuboot#476 nrfconnect/sdk-mcuboot#476/files

DNM label due to: 1 project with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 24, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 2

Inputs:

Sources:

sdk-nrf: PR head: f0cb088d399c3e3b9f1831aa6a80bba081a94a87
mcuboot: PR head: 6b51018f5d08572b6ae07f264a3b9f45e751a271

more details

sdk-nrf:

PR head: f0cb088d399c3e3b9f1831aa6a80bba081a94a87
merge base: 09d88b9d5a3c6e27b272ffc613ebafbc7f6a6e0c
target head (main): 09d88b9d5a3c6e27b272ffc613ebafbc7f6a6e0c
Diff

mcuboot:

PR head: 6b51018f5d08572b6ae07f264a3b9f45e751a271
merge base: d24b28f652e2eeb6117b9c60fca0277db3d4e226
target head (main): d24b28f652e2eeb6117b9c60fca0277db3d4e226
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (7) 
bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── bootutil
│  │  │  │  ├── include
│  │  │  │  │  ├── bootutil
│  │  │  │  │  │  ├── crypto
│  │  │  │  │  │  │  │ ecdsa.h
│  │  │  │  ├── src
│  │  │  │  │  │ image_validate.c
│  │  │  ├── zephyr
│  │  │  │  ├── Kconfig
│  │  │  │  ├── include
│  │  │  │  │  ├── mcuboot_config
│  │  │  │  │  │  │ mcuboot_config.h
sysbuild
│  ├── CMakeLists.txt
│  │ Kconfig.mcuboot
west.yml

Outputs:

Toolchain

Version: bd39d1676f
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:bd39d1676f_bba2ea5f2e

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
  • ❌ Integration tests
    • ✅ test-sdk-audio
    • ✅ desktop52_verification
    • ✅ test-fw-nrfconnect-apps
    • ✅ test_ble_nrf_config
    • ✅ test-fw-nrfconnect-ble_mesh
    • ✅ test-fw-nrfconnect-ble_samples
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nfc
    • ✅ test-fw-nrfconnect-nrf-iot_cloud
    • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • ✅ test-fw-nrfconnect-nrf-iot_samples
    • ✅ test-fw-nrfconnect-nrf-iot_lwm2m
    • ✅ doc-internal
    • ✅ test-fw-nrfconnect-nrf-iot_thingy91
    • ✅ test-fw-nrfconnect-nrf_crypto
    • ✅ test-fw-nrfconnect-rpc
    • ✅ test-fw-nrfconnect-rs
    • ✅ test-fw-nrfconnect-fem
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-fw-nrfconnect-thread-main
    • ✅ test-sdk-find-my
    • ✅ test-sdk-wifi
    • ❌ test-low-level
    • ✅ test-sdk-pmic-samples
    • ✅ test-sdk-mcuboot
    • ✅ test-sdk-dfu
    • ✅ test-fw-nrfconnect-ps-main
    • ✅ test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@github-actions GitHub Actions
Copy link

You can find the documentation preview for this PR here.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 24, 2025
edited
Loading

Memory footprint analysis revealed the following potential issues

applications.hpf.gpio.icbmsg[nrf54l15dk/nrf54l15/cpuflpr]: High RAM usage: 12430[B] - link (cc: @nrfconnect/ncs-ll-ursus)
applications.hpf.gpio.icbmsg[nrf54l15dk/nrf54l15/cpuflpr]: High ROM usage: 9178[B] - link (cc: @nrfconnect/ncs-ll-ursus)
applications.hpf.gpio.icmsg[nrf54l15dk/nrf54l15/cpuflpr]: High RAM usage: 9090[B] - link (cc: @nrfconnect/ncs-ll-ursus)
applications.hpf.gpio.icmsg[nrf54l15dk/nrf54l15/cpuflpr]: High ROM usage: 5846[B] - link (cc: @nrfconnect/ncs-ll-ursus)

Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-23433/2)

@ahasztag
bootloader: mcuboot: Added BOOT_SIGNATURE_USING_ITS configuration
f0cb088 
This configuration has the purpose of using keys provisioned
to the internal trusted storage (ITS).

Signed-off-by: Artur Hadasz <[email protected]>
@ahasztag ahasztag force-pushed the NCSDK-34470_mcuboot_nrf54h20_its branch from 60a0124 to f0cb088 Compare July 24, 2025 11:43
nordicjm
nordicjm reviewed Jul 24, 2025
View reviewed changes
sysbuild/CMakeLists.txt
else()
set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_USING_ITS n)
endif()
endif()
# A v1 board doesn't define board qualifiers, thus below test will just test the pure board
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

newline after line 295

nordic-mik7
nordic-mik7 reviewed Jul 25, 2025
View reviewed changes
sysbuild/Kconfig.mcuboot
@@ -171,6 +171,12 @@ config MCUBOOT_SIGNATURE_USING_KMU
help
The device needs to be provisioned with proper set of keys.

config MCUBOOT_SIGNATURE_USING_ITS
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider adding as EXPERIMENTAL

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nordicjm nordicjm nordicjm left review comments

@nordic-mik7 nordic-mik7 nordic-mik7 approved these changes

@tomchy tomchy tomchy approved these changes

@de-nordic de-nordic Awaiting requested review from de-nordic

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-mcuboot
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ahasztag @NordicBuilder @tomchy @nordicjm @nordic-mik7