Skip to content

Backport 27092 ([rom_ext] Advance the security version if requested) #29172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
pamaury wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

Backport 27092 ([rom_ext] Advance the security version if requested) #29172

pamaury wants to merge 1 commit into from

Conversation

@pamaury
Copy link
Contributor

@pamaury pamaury commented Jan 26, 2026
edited
Loading

Backport #27092, depends on #29163

@pamaury pamaury requested review from a team and cfrantz as code owners January 26, 2026 09:18
@pamaury pamaury requested review from alees24, jwnrt and timothytrippel and removed request for a team January 26, 2026 09:18
@pamaury pamaury force-pushed the backport_27092 branch 2 times, most recently from 5fca845 to 8fadef2 Compare January 28, 2026 16:36
@pamaury
Copy link
Contributor Author

pamaury commented Jan 28, 2026

The test doesn't pass, it might require more backport work before passing (likely culprit is 27041 but to be confirmed)

@pamaury pamaury marked this pull request as draft January 29, 2026 09:57
@cfrantz @pamaury
[rom_ext] Advance the security version if requested
d44902d 
1. Make the ROM_EXT detect the `secver_write` extension in the manifest.
   If present and the manifest security version is greater than the
   current boot_data minimum security version, update the value and
   write boot_data.
2. Add a string flag to the build system that allows the `secver_write`
   value to be set at build time.
3. Add a test which sequences firmware through a series of ROM_EXTs
   which advance the security version.  Confirm each update and confirm
   that an older ROM_EXT will no longer execute.

Signed-off-by: Chris Frantz <[email protected]>
(cherry picked from commit 86dce8a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cfrantz cfrantz cfrantz approved these changes

@timothytrippel timothytrippel timothytrippel approved these changes

@alees24 alees24 Awaiting requested review from alees24 alees24 is a code owner automatically assigned from lowRISC/ot-c-cpp-reviewers

@jwnrt jwnrt Awaiting requested review from jwnrt

Assignees

No one assigned

Labels

MergeBack:1.0.0 to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pamaury @cfrantz @timothytrippel