NCSDK-33237: Add manifest-based loader for Direct XIP #560
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
4 times, most recently
from
58ae3bb to
b934790
Compare
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
from
b934790 to
a5a5f9c
Compare
|
Converted to draft: it still does not build without issues. |
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
14 times, most recently
from
7b46dc7 to
0e03222
Compare
michalek-no
approved these changes
Oct 24, 2025
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
from
0e03222 to
75630cf
Compare
This reverts commit 459288d. Signed-off-by: Tomasz Chyrowicz <[email protected]>
Adds check to region of mcuboot_secondary_1 to put it in external flash only if CONFIG_PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY is set. This should allow for DFU from internal flash on the nRF5340 with dynamic partitioning. Also fixing a typo. Signed-off-by: Sigurd Hellesvik <[email protected]> (cherry picked from commit 1f1b7be) (cherry picked from commit 4185e97)
This commit removes NRF_CLOCK cleanup for this board build - for Lillium, there is no clock peripheral access from the app domain. Signed-off-by: Michal Kozikowski <[email protected]> (cherry picked from commit 31766fc) (cherry picked from commit a5e4aeb)
Added procedure which does configure UARTE pins to the default states. This allows to reduce power consumption if pin is floating. clean-up UARTE only if its driver was enabled Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit fac7ac4) (cherry picked from commit a9918fa)
Compile out code which does cleanup on UARTE pins as this cause issues on for some applications. ref.: NCSDK-33039 Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 5f6e119) (cherry picked from commit 5b586d4)
This commit adds cleanup for GRTC and UARTE peripherals. ref: NCSDK-32966 Signed-off-by: Artur Hadasz <[email protected]> (cherry picked from commit b6c992e) (cherry picked from commit 4509ceb)
Intended mainly for direct-xip mode. Allows to control: - number of image validation attempts performed before considering the image invalid - time before next attempt is made Signed-off-by: Adam Szczygieł <[email protected]> Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 2534681) (cherry picked from commit a9e70e4) (cherry picked from commit d29c5a5)
Disables read write and execute on mcuboots NVM at the end of execution. Signed-off-by: Mateusz Michalek <[email protected]> (cherry picked from commit 285fd59) (cherry picked from commit 211da1b)
Add a capability inside the Zephyr bootloader to handle memory-based bootloader requests to: - Boot recovery firmware - Boot firmware loader - Confirm an image - Set the slot preference Ref: NCSDK-34429 Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 09ce751) (cherry picked from commit cc558ef)
Adds support for LZMA-compressed firmware updates which also supports encrypted images and supports more than 1 updateable image Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Michal Kozikowski <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 27758d7) (cherry picked from commit ce9d1d6) (cherry picked from commit 90b2279)
This commit aligns to the changes in the nrfcompress API, which now enables the caller to provide the expected size of the decompressed image. ref: NCSDK-32340 Signed-off-by: Michal Kozikowski <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 8900bda) (cherry picked from commit 1efcec1)
Adds selecting the experimental Kconfig when compession is in use Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 4a528ba) (cherry picked from commit 4d4123b)
The commit adds verification of image using keys stored in KMU. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 26192ca) (cherry picked from commit 6ba9587) (cherry picked from commit d0cd58f)
Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows specifying how many KMU key IDs are supported, the default is set to 1 instead of 3 which was set before NCSDK-30743 Signed-off-by: Jamie McCrae <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 83d1d95) (cherry picked from commit 37df88a)
Disable previous generation key when update comes with new valid key and application is confirmed. Signed-off-by: Mateusz Michalek <[email protected]> Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 51b0897) (cherry picked from commit 08e2009)
This configuration has the purpose of using keys provisioned to the internal trusted storage (ITS). It makes use of the already existing parts of code for MCUBOOT_BUILTIN_KEY Signed-off-by: Artur Hadasz <[email protected]> Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 7ed4927) (cherry picked from commit e2bfd22)
Thic commit introduces support for ed25519 signature verification when CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API). Signed-off-by: Michal Kozikowski <[email protected]> (cherry picked from commit 227eb0a) (cherry picked from commit 335b6df)
Lock KMU keys before passing execution to application. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit b6b46a7) (cherry picked from commit cb297de)
Added call which designate active slot so MCUBoot can jump to proper slot when CPU is resuming from S2RAM. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 1c8a595)
nrf-squash! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key Will instead use the immutable bootloader key slot IDs if b0 is not enabled, adds a Kconfig which can be used to fall back to the previous slot IDs for previously deployed bootloaders Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 754f958)
nrf-squash! [nrf noup] boot/zephyr: nRF54h20 resume from S2RAM (hardened) CONFIG_ARM_SOC_START_HOOK=y allow to rework the resume from S2RAM code to work without PM_S2RAM mocking. It allows to implement only what really needed from the MCUboot perspective. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit dd353bc)
make linking time optimization default for the target. Signed-off-by: Andrzej Puzdrowski <[email protected]> (cherry picked from commit 473f7d7)
fixup! [nrf noup] bootloader: Add bootloader requests Interpret pending bootloader requests while investigating the confirm flag. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 484a6f3)
nrf-squash! [nrf noup] bootutil: Locking KMU keys KMU key locking is not available in case ITS is used. Old code cause compilation errors when build for signature using ITS. Signed-off-by: Artur Hadasz <[email protected]> (cherry picked from commit 459288d)
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
4 times, most recently
from
f93d4c1 to
faf4361
Compare
Adapt manifest headers, so they can be used by the main application. Signed-off-by: Tomasz Chyrowicz <[email protected]>
tomchy
force-pushed
the
feature/mcuboot/NCSDK-NONE_Transaction_manifest_xip_nrf
branch
from
faf4361 to
cd5e6e9
Compare
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Manifest PR: nrfconnect/sdk-nrf#25184