[nrf noup] bootutil: ed25519 psa KMU: Key attempt log #578
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This reverts commit 0b54665. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 09ce751. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1aaabde. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit a652982. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 9b60560. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 5af259f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 301ab33. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit c13c652. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit d8a2e45. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 285fd59. Signed-off-by: Jukka Rissanen <[email protected]>
… BM" This reverts commit ecc13ac. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit c859608. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1b1a37f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 3adc1f2. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 3b20ec3. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 1b102ec. Signed-off-by: Jukka Rissanen <[email protected]>
…orm" This reverts commit e032eb1. Signed-off-by: Jukka Rissanen <[email protected]>
… 0x0" This reverts commit c03a815. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 0fadab1. Signed-off-by: Jukka Rissanen <[email protected]>
…cted to late" This reverts commit 4e46797. Signed-off-by: Jukka Rissanen <[email protected]>
…_LITE" This reverts commit 6c096b8. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 95d384a. Signed-off-by: Jukka Rissanen <[email protected]>
…ng of img status page" This reverts commit c72ed15. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit edc1c70. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit a184e32. Signed-off-by: Jukka Rissanen <[email protected]>
…is used" This reverts commit bc5eb3f. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 37486f5. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 58175b6. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 30e7326. Signed-off-by: Jukka Rissanen <[email protected]>
This reverts commit 8b2d04c. Signed-off-by: Jukka Rissanen <[email protected]>
nrf-squash! [nrf noup] boot/zephyr: nRF54h20 resume from S2RAM (hardened) CONFIG_ARM_SOC_START_HOOK=y allow to rework the resume from S2RAM code to work without PM_S2RAM mocking. It allows to implement only what really needed from the MCUboot perspective. Signed-off-by: Andrzej Puzdrowski <[email protected]>
nrf-squash! [nrf noup] boot/zephyr/socs: nrf54h20 prj.conf for S2RAM Updated in order to use optimized configuration. Signed-off-by: Andrzej Puzdrowski <[email protected]>
make linking time optimization default for the target. Signed-off-by: Andrzej Puzdrowski <[email protected]>
Use BOOT_LOG_MODULE_REGISTER(mcuboot_psa_enc), instead of BOOT_LOG_MODULE_DECLARE. Signed-off-by: Dominik Ermel <[email protected]> (cherry picked from commit 8a07053d42e592c85cb35b79c4de1b7749943387)
nrf-squash! [nrf noup] zephyr: Enforce HMAC-SHA512 for NRF54L with X25519 sets SHA512 for all 54L series Signed-off-by: Mateusz Michalek <[email protected]>
Add a possibility to specify, which images should have the ROM_END_OFFSET automatically adjusted. Use the UpdateableImages_Get(..) functionality to configure all updateable images (including radio images as well as variants) in the default configuration. Ref: NCSDK-35612 Signed-off-by: Tomasz Chyrowicz <[email protected]>
nrf-squash! [nrf noup] boot/zephyr: update nrf54l15dk ext flash configs This commit removes the partition definitions from nrf54L ext flash configs, as they are no longer needed, as the pure DTS configuration is no longer supported on nRF54L. They also caused issues, as they were not compatible with nRF54L10 and nRF54L05. It renames nrf54l15dk_nrf54l15_cpuapp_ext_flash.* overlays to nrf54l15dk_ext_flash.*, as now the same configuration can be used on nRF54L15, nRF54L10 and nRF54L05. Signed-off-by: Artur Hadasz <[email protected]>
Uses ruff with --fix to fix python files in this folder Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit f23154c251e07013d45c9f97c875404e83e7d2dc)
Uses ruff with --unsafe-fixes to fix python files in this folder This is a separate commit so it can be reverted if it causes problems Signed-off-by: Jamie McCrae <[email protected]> (cherry picked from commit 497688bafff2c3e183a016b68fc51f1bedf488c9)
This reverts commit dce784a. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit b192716c969ad358bb3a1db60c898212f3275c55)
nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code Update for NCS BM include folder structure. Signed-off-by: Eivind Jølsgard <[email protected]>
nrf-squash! [nrf noup] boot: zephyr: Disable self RWX This commit fixes a couple of issues regarding MCUBoot region protection for nRF54L. Also, support for region and protection is added for nRF54LM20 and nRF54LV10 platforms. Signed-off-by: Artur Hadasz <[email protected]>
The nrf54h20dk overlay is no longer required as the gpio pad groups have been removed. Signed-off-by: Bjarki Arge Andreasen <[email protected]> (cherry picked from commit 71b41e38e9f5d278178be17f6d42f2559f8e46aa)
fixup! [nrf noup] bootloader: Add bootloader requests Interpret pending bootloader requests while investigating the confirm flag. Signed-off-by: Tomasz Chyrowicz <[email protected]>
nrf-squash! [nrf noup] bootutil: Locking KMU keys KMU key locking is not available in case ITS is used. Old code cause compilation errors when build for signature using ITS. Signed-off-by: Artur Hadasz <[email protected]>
nrf-squash! [nrf noup] boot: zephyr: Add bm firmware loader code adds KMU key reocation to BM firmware loader. Signed-off-by: Mateusz Michalek <[email protected]>
take into account multiple verification done in one boot. Make sure only unused keys are revoked. Signed-off-by: Mateusz Michalek <[email protected]>
Add a new API to lock further updates of the HW-based security counter. This API may prevent the non-bootloader application from accidental invalidation of the bootable firmware. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit f9ad3ee202d53e27a3399976b5fcd0a84c572ba3)
The BOOT_DOWNGRADE_PREVENTION_CHOICE choice should not have a child Kconfig symbols defined inside it. Signed-off-by: Tomasz Chyrowicz <[email protected]> (cherry picked from commit 496f74f318fb12b7e7437db4e8c5c8c429713728)
Add an implementation of HW rollback prevention, based on the IronSide secure counters service. Ref: NCSDK-36295 Signed-off-by: Tomasz Chyrowicz <[email protected]>
Added Kconfig option NCS_BOOT_SIGNATURE_KMU_BASE_SLOT that controlls base slot used by KMU. Signed-off-by: Dominik Ermel <[email protected]>
Adding additional LOG_DBG with information of which key validation is attempted. Signed-off-by: Dominik Ermel <[email protected]>
NordicBuilder
added a commit
to NordicBuilder/sdk-nrf
that referenced
this pull request
Nov 20, 2025
Automatically created by action-manifest-pr GH action from PR: nrfconnect/sdk-mcuboot#578 Signed-off-by: Nordic Builder <[email protected]>
|
tomchy
approved these changes
Nov 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
26 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding additional LOG_DBG with information of which key validation is attempted.