[nrf noup] uuid: Add DTS-based configuration

Rework the UUID configuration from Kconfig to DTS-based solution.

Ref: NCSDK-36636

Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>

Author: tomchy

boot/bootutil/include/bootutil/mcuboot_uuid.h

@@ -18,6 +18,7 @@
 
 #include <stdint.h>
 #include "bootutil/fault_injection_hardening.h"
+#include <flash_map_backend/flash_map_backend.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -39,22 +40,22 @@ fih_ret boot_uuid_init(void);
 /**
  * @brief Check if the specified vendor UUID is allowed for a given image.
  *
- * @param[in] image_id  Index of the image (from 0).
+ * @param[in] fap       Pointer to the flash area structure.
  * @param[in] uuid_vid  The reference to the image's vendor ID value.
  *
  * @return FIH_SUCCESS on success.
  */
-fih_ret boot_uuid_vid_match(uint32_t image_id, const struct image_uuid *uuid_vid);
+fih_ret boot_uuid_vid_match(const struct flash_area *fap, const struct image_uuid *uuid_vid);
 
 /**
  * @brief Check if the specified image class UUID is allowed for a given image.
  *
- * @param[in] image_id  Index of the image (from 0).
+ * @param[in] fap       Pointer to the flash area structure.
  * @param[in] uuid_cid  The reference to the image's class ID value.
  *
  * @return FIH_SUCCESS on success
  */
-fih_ret boot_uuid_cid_match(uint32_t image_id, const struct image_uuid *uuid_cid);
+fih_ret boot_uuid_cid_match(const struct flash_area *fap, const struct image_uuid *uuid_cid);
 
 #ifdef __cplusplus
 }

boot/bootutil/include/bootutil/mcuboot_uuid_generated.h

@@ -0,0 +1,51 @@
+/*
+ *  Copyright (c) 2026 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+ */
+
+#ifndef __MCUBOOT_UUID_GENERATED_H__
+#define __MCUBOOT_UUID_GENERATED_H__
+
+/**
+ * @file mcuboot_uuid_generated.h
+ *
+ * @note APIs declared in this file are generated by the gen_mcuboot_config.py script and should
+ *       be aligned with templates.
+ */
+
+#include <bootutil/mcuboot_uuid.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** The automatically generated UUID map entry structure. */
+struct uuid_map_entry {
+	const struct device *dev;
+	size_t off;
+	size_t size;
+	size_t image_index;
+	size_t partition_index;
+	struct image_uuid uuid;
+};
+
+/**
+ * @brief Get the map of vendor UUIDs.
+ *
+ * @return The number of entries in the vendor UUID map, or 0 if the map is not available.
+ */
+size_t boot_uuid_vid_map_get(const struct uuid_map_entry **map);
+
+/**
+ * @brief Get the map of class UUIDs.
+ *
+ * @return The number of entries in the class UUID map, or 0 if the map is not available.
+ */
+size_t boot_uuid_cid_map_get(const struct uuid_map_entry **map);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __MCUBOOT_UUID_GENERATED_H__ */

boot/bootutil/src/image_validate.c

@@ -221,8 +221,7 @@ bootutil_img_validate(struct boot_loader_state *state,
 #if (defined(EXPECTED_KEY_TLV) && defined(MCUBOOT_HW_KEY)) || \
     (defined(EXPECTED_SIG_TLV) && defined(MCUBOOT_BUILTIN_KEY)) || \
     defined(MCUBOOT_HW_ROLLBACK_PROT) || defined(MCUBOOT_MANIFEST_UPDATES) || \
-    defined(MCUBOOT_UUID_VID) || defined(MCUBOOT_UUID_CID) || defined(MCUBOOT_DECOMPRESS_IMAGES) ||\
-    defined(CONFIG_NCS_MCUBOOT_LOAD_PERIPHCONF)
+    defined(MCUBOOT_DECOMPRESS_IMAGES) || defined(CONFIG_NCS_MCUBOOT_LOAD_PERIPHCONF)
     int image_index = (state == NULL ? 0 : BOOT_CURR_IMG(state));
 #endif
     uint32_t off;
@@ -703,9 +702,10 @@ bootutil_img_validate(struct boot_loader_state *state,
                 goto out;
             }
 
-            FIH_CALL(boot_uuid_vid_match, fih_rc, image_index, &img_uuid_vid);
+            FIH_CALL(boot_uuid_vid_match, fih_rc, fap, &img_uuid_vid);
             if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
                 FIH_SET(uuid_vid_valid, FIH_FAILURE);
+                BOOT_LOG_ERR("bootutil_img_validate: image rejected, vendor UUID does not match");
                 goto out;
             }
 
@@ -732,9 +732,10 @@ bootutil_img_validate(struct boot_loader_state *state,
                 goto out;
             }
 
-            FIH_CALL(boot_uuid_cid_match, fih_rc, image_index, &img_uuid_cid);
+            FIH_CALL(boot_uuid_cid_match, fih_rc, fap, &img_uuid_cid);
             if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
                 FIH_SET(uuid_cid_valid, FIH_FAILURE);
+                BOOT_LOG_ERR("bootutil_img_validate: image rejected, class UUID does not match");
                 goto out;
             }
 

boot/zephyr/Kconfig

@@ -11,6 +11,8 @@ comment "MCUboot-specific configuration options"
 
 source "$(ZEPHYR_NRF_MODULE_DIR)/modules/mcuboot/boot/zephyr/Kconfig"
 
+DT_COMPAT_NORDIC_MCUBOOT := nordic,mcuboot
+
 # Hidden option to mark a project as MCUboot
 config MCUBOOT
 	default y
@@ -1215,18 +1217,18 @@ endif # MCUBOOT_MANIFEST_UPDATES
 
 config MCUBOOT_UUID_VID
 	bool "Expect vendor unique identifier in image's TLV"
+	default y if $(dt_compat_any_has_prop,$(DT_COMPAT_NORDIC_MCUBOOT),uuid-vid-required)
 	help
 	  Provide a vendor identification scheme to prevent processing images
 	  generated by a different vendor.
 
 config MCUBOOT_UUID_CID
 	bool "Expect image class unique identifier in image's TLV"
+	default y if $(dt_compat_any_has_prop,$(DT_COMPAT_NORDIC_MCUBOOT),uuid-cid-required)
 	help
 	  Provide an image class identification scheme to prevent processing
 	  images for a different CPU or device produced by the same vendor.
 
-rsource "uuid/Kconfig"
-
 config BOOT_WATCHDOG_FEED
 	bool "Feed the watchdog while doing swap"
 	default y if WATCHDOG

boot/zephyr/uuid/CMakeLists.txt

@@ -4,71 +4,34 @@
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-if(CONFIG_NCS_MCUBOOT_UUID_SINGLE_VID)
-  if(CONFIG_MCUBOOT_UUID_VID OR CONFIG_MCUBOOT_UUID_CID)
-    zephyr_library_sources(
-      uuid.c
-      )
-  endif()
+set(edt_pickle ${CMAKE_BINARY_DIR}/zephyr/edt.pickle)
+set(gen_mcuboot_config_path
+  "${ZEPHYR_MCUBOOT_MODULE_DIR}/scripts/gen_mcuboot_config.py"
+)
+set(gen_mcuboot_config_args
+  --edt-pickle "${edt_pickle}"
+  --output-dir "${CMAKE_CURRENT_BINARY_DIR}"
+)
 
-  # Generate VID value and raw value definition
-  if(CONFIG_MCUBOOT_UUID_VID OR CONFIG_MCUBOOT_UUID_CID)
-    if("${CONFIG_NCS_MCUBOOT_UUID_VID_VALUE}" STREQUAL "" AND CONFIG_MCUBOOT_UUID_VID)
-      message(WARNING "VID value not set")
-      return()
-    endif()
-
-    string(REGEX MATCHALL "^([0-9A-F][0-9A-F]|\-)+$" match_parts "${CONFIG_NCS_MCUBOOT_UUID_VID_VALUE}")
-    if("${match_parts}" STREQUAL "${CONFIG_NCS_MCUBOOT_UUID_VID_VALUE}")
-      set(UUID_VID ${match_parts})
-    else()
-      set(UUID_DNS_NAMESPACE 6ba7b810-9dad-11d1-80b4-00c04fd430c8)
-      string(
-        UUID UUID_VID
-        NAMESPACE ${UUID_DNS_NAMESPACE}
-        NAME ${CONFIG_NCS_MCUBOOT_UUID_VID_VALUE}
-        TYPE SHA1 UPPER
-      )
-    endif()
-
-    if(CONFIG_MCUBOOT_UUID_VID)
-      # Convert UUID into C array.
-      string(REGEX REPLACE "([0-9A-F][0-9A-F])\-?" "0x\\1, " UUID_VID_RAW "${UUID_VID}")
-      zephyr_compile_definitions(NCS_MCUBOOT_UUID_VID_VALUE=${UUID_VID_RAW})
-    endif()
-  endif()
+if(CONFIG_MCUBOOT_UUID_VID)
+  list(APPEND gen_mcuboot_config_args --uuid-vid-map)
+endif()
 
-  # Generate VID value(s) and raw value definition(s)
-  if(CONFIG_MCUBOOT_UUID_CID)
-    set(MCUBOOT_IMAGES_COUNT ${CONFIG_UPDATEABLE_IMAGE_NUMBER})
-    foreach(image_id RANGE ${MCUBOOT_IMAGES_COUNT})
-      if(CONFIG_NCS_MCUBOOT_UUID_CID_IMAGE_${image_id})
-        if("${CONFIG_NCS_MCUBOOT_UUID_CID_IMAGE_${image_id}_VALUE}" STREQUAL "")
-          message(WARNING "CID value not set for image ${image_id}")
-          return()
-        endif()
+if(CONFIG_MCUBOOT_UUID_CID)
+  list(APPEND gen_mcuboot_config_args --uuid-cid-map)
+endif()
 
-        # Check if RAW UUID format is used
-        string(REGEX MATCHALL "^([0-9A-F][0-9A-F]|\-)+$" match_parts "${CONFIG_NCS_MCUBOOT_UUID_CID_IMAGE_${image_id}_VALUE}")
-        if("${match_parts}" STREQUAL "${CONFIG_NCS_MCUBOOT_UUID_CID_IMAGE_${image_id}_VALUE}")
-          set(UUID_CID_IMAGE_${image_id} ${match_parts})
-        elseif(NOT "${UUID_VID}" STREQUAL "")
-          # If not - generate UUID based on VID and CID values
-          string(
-            UUID UUID_CID_IMAGE_${image_id}
-            NAMESPACE ${UUID_VID}
-            NAME ${CONFIG_NCS_MCUBOOT_UUID_CID_IMAGE_${image_id}_VALUE}
-            TYPE SHA1 UPPER
-          )
-        else()
-          message(WARNING "VID value not set, cannot generate CID for image ${image_id}")
-          return()
-        endif()
+if(CONFIG_MCUBOOT_UUID_VID OR CONFIG_MCUBOOT_UUID_CID)
+  execute_process(
+    COMMAND ${PYTHON_EXECUTABLE} ${gen_mcuboot_config_path} ${gen_mcuboot_config_args}
+    WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}
+    COMMAND_ERROR_IS_FATAL ANY
+  )
+  include(${CMAKE_CURRENT_BINARY_DIR}/uuid.cmake)
+  target_link_libraries(uuid PUBLIC zephyr_interface)
 
-        # Convert UUID into C array.
-        string(REGEX REPLACE "([0-9A-F][0-9A-F])\-?" "0x\\1, " UUID_CID_IMAGE_${image_id}_RAW "${UUID_CID_IMAGE_${image_id}}")
-        zephyr_compile_definitions(NCS_MCUBOOT_UUID_CID_IMAGE_${image_id}_VALUE=${UUID_CID_IMAGE_${image_id}_RAW})
-      endif()
-    endforeach()
-  endif()
+  zephyr_library_sources(
+    uuid.c
+    )
+  zephyr_library_link_libraries(uuid)
 endif()