This commit removes NRF_CLOCK cleanup for this board build - for Lillium, there is no clock peripheral access from the app domain.

Signed-off-by: Michal Kozikowski <[email protected]>
(cherry picked from commit 31766fc)

Added procedure which does configure UARTE pins to
the default states. This allows to reduce power consumption
if pin is floating.

clean-up UARTE only if its driver was enabled

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit fac7ac4)

Zephyr provides "mcuboot-mbedtls-cfg.h" as glue interface for
configure mbedts. "config-tls-generic.h" default value was erroneously
introduced during a meta codebase synchronization.

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit c6e2585)

Compile out code which does cleanup on UARTE pins as this cause issues
on for some applications.

ref.: NCSDK-33039

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 5f6e119)

adding default configs.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit 1aa8af0)

This commit adds cleanup for GRTC and UARTE peripherals.

ref: NCSDK-32966

Signed-off-by: Artur Hadasz <[email protected]>
(cherry picked from commit b6c992e)

Adds firmware loader code for use in baremetal mode

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit 9200785)

Enable ed25519 signature as well as direct hashing while building for
nRF54H20DK.

Ref: NCSDK-34304

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 068718a)

Intended mainly for direct-xip mode.
Allows to control:
- number of image validation attempts performed before considering the image invalid
- time before next attempt is made

Signed-off-by: Adam Szczygieł <[email protected]>
(cherry picked from commit 2534681)
(cherry picked from commit a9e70e4)

exclude certain crypto parts when PSA_CORE_LITE is selected.

Signed-off-by: Mateusz Michalek <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 2f7059e)

ECIES-X25519 key exchange on NRF54L will be using HMAC-SHA512
for MAC tagging encryption key.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 8b2d04c)

nrf-squash! [nrf noup] boot: Add retry for image verification

Use NCS_ prefix, for Kconfigs added in noups, to avoid collisions.
The NRF_ prefix will remain reserved for Kconfigs related
to products or sdk-nrf subsystems.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 30e7326)

nrf-squash! [nrf noup] boot/zephyr/nrf_cleanup: cleanup uarte pins

Fix indexing variable mismatch.

Signed-off-by: Audun Korneliussen <[email protected]>
(cherry picked from commit 58175b6)

Adding action to create manifest PRs automatically.

Signed-off-by: Kari Hamalainen <[email protected]>
(cherry picked from commit 37486f5)

nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code

Fixes IO in BM mode to use the hal directly rather than a library
that increases the build size by 2.5KiB for a simple button check

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit a184e32)

nrf-squash! [nrf noup] boot: zephyr: Kconfig dependencies for PSA LITE

The PSA core lite now requires the PSA_WANTs for the hashing functions
to be set in order to be used so select them as normal.

Signed-off-by: Georgios Vasilakis <[email protected]>
(cherry picked from commit 6c096b8)

This commit sets the
MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_LIMITED
by default for platforms which support the security
counter.

Signed-off-by: Artur Hadasz <[email protected]>
(cherry picked from commit 0fadab1)

nrf-squash! [nrf noup] zephyr: Clean up non-secure RAM if enabled

This leads to stack corruption.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit 3adc1f2)

nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code

Delays checking IO button state by 5us after pull-up has been
applied to allow time for it to be applied

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit 1b1a37f)

Adds a boot banner which shows as MCUboot

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit c859608)

Allows GPIO entrance mode when bare metal is used, this is needed
because the zephyr GPIO drivers are not used, therefore the Kconfig
will not be enabled

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit ecc13ac)

Disables read write and execute on mcuboots NVM
at the end of execution.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit 285fd59)

adding DK default configuration and fixing PDK configuration.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit d8a2e45)

Add a capability inside the Zephyr bootloader to handle memory-based
bootloader requests to:
 - Boot recovery firmware
 - Boot firmware loader
 - Confirm an image
 - Set the slot preference

Ref: NCSDK-34429

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 09ce751)

nrf-squash! [nrf noup] bootloader: Add bootloader requests

Improve logic that handles sending bootloader requests as a result of
issuing the MCUmgr commands.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 0b54665)

Adds support for LZMA-compressed firmware updates which also
supports encrypted images and supports more than 1 updateable image

Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Michal Kozikowski <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 27758d7)
(cherry picked from commit ce9d1d6)

This commit aligns to the changes in the nrfcompress API,
which now enables the caller to provide the expected size of the
decompressed image.

ref: NCSDK-32340

Signed-off-by: Michal Kozikowski <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 8900bda)

Adds selecting the experimental Kconfig when compession is in use

Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 4a528ba)

The commit adds verification of image using keys stored in KMU.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 26192ca)
(cherry picked from commit 6ba9587)

Disables read write and execute on mcuboots NVM
at the end of execution.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit 285fd59)
(cherry picked from commit 211da1b)

Add a capability inside the Zephyr bootloader to handle memory-based
bootloader requests to:
 - Boot recovery firmware
 - Boot firmware loader
 - Confirm an image
 - Set the slot preference

Ref: NCSDK-34429

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 09ce751)
(cherry picked from commit cc558ef)

Adds support for LZMA-compressed firmware updates which also
supports encrypted images and supports more than 1 updateable image

Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Michal Kozikowski <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 27758d7)
(cherry picked from commit ce9d1d6)
(cherry picked from commit 90b2279)

This commit aligns to the changes in the nrfcompress API,
which now enables the caller to provide the expected size of the
decompressed image.

ref: NCSDK-32340

Signed-off-by: Michal Kozikowski <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 8900bda)
(cherry picked from commit 1efcec1)

Adds selecting the experimental Kconfig when compession is in use

Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 4a528ba)
(cherry picked from commit 4d4123b)

The commit adds verification of image using keys stored in KMU.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 26192ca)
(cherry picked from commit 6ba9587)
(cherry picked from commit d0cd58f)

Adds a new Kconfig CONFIG_BOOT_SIGNATURE_KMU_SLOTS which allows
specifying how many KMU key IDs are supported, the default is set
to 1 instead of 3 which was set before

NCSDK-30743

Signed-off-by: Jamie McCrae <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 83d1d95)
(cherry picked from commit 37df88a)

Disable previous generation key when update comes with
new valid key and application is confirmed.

Signed-off-by: Mateusz Michalek <[email protected]>
Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit 51b0897)
(cherry picked from commit 08e2009)

This configuration has the purpose of using keys provisioned
to the internal trusted storage (ITS). It makes use of the
already existing parts of code for MCUBOOT_BUILTIN_KEY

Signed-off-by: Artur Hadasz <[email protected]>
Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 7ed4927)
(cherry picked from commit e2bfd22)

Thic commit introduces support for ed25519 signature verification when
CONFIG_NCS_BOOT_SIGNATURE_USING_ITS is set (through PSA API).

Signed-off-by: Michal Kozikowski <[email protected]>
(cherry picked from commit 227eb0a)
(cherry picked from commit 335b6df)

Lock KMU keys before passing execution to application.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit b6b46a7)
(cherry picked from commit cb297de)

Added call which designate active slot so MCUBoot can jump to
proper slot when CPU is resuming from S2RAM.

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 1c8a595)

nrf-squash! [nrf noup] bootutil: Add support for KMU stored ED25519 signature key

Will instead use the immutable bootloader key slot IDs if b0 is not
enabled, adds a Kconfig which can be used to fall back to the
previous slot IDs for previously deployed bootloaders

Signed-off-by: Jamie McCrae <[email protected]>
(cherry picked from commit 754f958)

nrf-squash! [nrf noup] boot/zephyr: nRF54h20 resume from S2RAM (hardened)

CONFIG_ARM_SOC_START_HOOK=y allow to rework the
resume from S2RAM code to work without PM_S2RAM mocking.
It allows to implement only what really needed from
the MCUboot perspective.

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit dd353bc)

make linking time optimization default for the target.

Signed-off-by: Andrzej Puzdrowski <[email protected]>
(cherry picked from commit 473f7d7)

fixup! [nrf noup] bootloader: Add bootloader requests

Interpret pending bootloader requests while investigating the confirm
flag.

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 484a6f3)

nrf-squash! [nrf noup] bootutil: Locking KMU keys

KMU key locking is not available in case ITS
is used. Old code cause compilation errors
when build for signature using ITS.

Signed-off-by: Artur Hadasz <[email protected]>
(cherry picked from commit 459288d)

Adapt manifest headers and extend bootutil library, so the manifest can
be interpreted the an application.

Signed-off-by: Tomasz Chyrowicz <[email protected]>

take into account multiple verification done in one boot.
Make sure only unused keys are revoked.

Signed-off-by: Mateusz Michalek <[email protected]>
(cherry picked from commit 0d263fa)

Add an implementation of HW rollback prevention, based on the IronSide
secure counters service.

Ref: NCSDK-36295

Signed-off-by: Tomasz Chyrowicz <[email protected]>
(cherry picked from commit 3839107)

Added Kconfig option NCS_BOOT_SIGNATURE_KMU_BASE_SLOT that controlls
base slot used by KMU.

Signed-off-by: Dominik Ermel <[email protected]>
(cherry picked from commit fdcf758)

Modify CMake files to take the unit when KMU is desired.

Signed-off-by: Dominik Ermel <[email protected]>