Skip to content

manifest: Update sdk-mcuboot with Cracen key locking #23140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 12, 2025
Merged

manifest: Update sdk-mcuboot with Cracen key locking #23140

merged 2 commits into from
Sep 12, 2025

Conversation

@de-nordic
Copy link
Contributor

@de-nordic de-nordic commented Jul 4, 2025

Add key locking when KMU is used.

@de-nordic de-nordic requested review from a team as code owners July 4, 2025 13:24
@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Jul 4, 2025
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 4, 2025
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@7b333ff nrfconnect/sdk-mcuboot@b6b46a7 (main) nrfconnect/[email protected]

All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 4, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 26

Inputs:

Sources:

sdk-nrf: PR head: 862a6b2f995acf5dc220c2ef4f7be12eb31028ad
mcuboot: PR head: b6b46a782d503cc52b41672e096fb526daaac31c

more details

sdk-nrf:

PR head: 862a6b2f995acf5dc220c2ef4f7be12eb31028ad
merge base: 0fd3d0d2c0e8896f183a930dccb50f0acbf1b287
target head (main): 02439b1d88e65078e6deac33277b0b6b5e447041
Diff

mcuboot:

PR head: b6b46a782d503cc52b41672e096fb526daaac31c
merge base: 7b333ffd5ba2d01b731f528f2be89864abbf7ca3
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (14) 
bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── bootutil
│  │  │  │  ├── src
│  │  │  │  │  │ ed25519_psa.c
│  │  │  │  ├── zephyr
│  │  │  │  │  ├── src
│  │  │  │  │  │  │ boot_request_retention.c
│  │  │  ├── zephyr
│  │  │  │  ├── include
│  │  │  │  │  │ nrf_cleanup.h
│  │  │  │  │ main.c
tests
│  ├── subsys
│  │  ├── kmu
│  │  │  ├── pytest
│  │  │  │  │ test_kmu_revoke_in_app.py
│  │  │  ├── revoke
│  │  │  │  ├── CMakeLists.txt
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54lm20dk_nrf54lm20a_cpuapp.conf
│  │  │  │  │  │ nrf54lv10dk_nrf54lv10a_cpuapp.conf
│  │  │  │  ├── prj.conf
│  │  │  │  ├── src
│  │  │  │  │  │ main.c
│  │  │  │  ├── sysbuild.conf
│  │  │  │  ├── sysbuild
│  │  │  │  │  │ mcuboot.conf
│  │  │  │  │ testcase.yaml
west.yml

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain
  • ◻️ Build twister
  • ◻️ Integration tests
    • ◻️ test-sdk-mcuboot
Disabled integration tests
    • test-fw-nrfconnect-nrf_lrcs_mosh
    • test-fw-nrfconnect-nrf_lrcs_positioning
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps-main
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread-main
    • test-low-level
    • test-sdk-audio
    • test-sdk-dfu
    • test-sdk-find-my
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@github-actions
Copy link

github-actions bot commented Jul 4, 2025

You can find the documentation preview for this PR here.

@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 6c90cba to 06c90f0 Compare July 17, 2025 14:10
@de-nordic de-nordic requested a review from nvlsianpu July 17, 2025 14:10
@de-nordic de-nordic requested a review from a team as a code owner July 24, 2025 12:52
@NordicBuilder NordicBuilder removed the DNM label Jul 24, 2025
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 20cc34b to 5cf57ed Compare July 25, 2025 08:37
@NordicBuilder NordicBuilder removed the DNM label Jul 25, 2025
@de-nordic de-nordic closed this Jul 30, 2025
@de-nordic de-nordic reopened this Jul 30, 2025
@de-nordic de-nordic added DNM and removed manifest labels Jul 30, 2025
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 94675c0 to 2468b8e Compare August 1, 2025 14:19
@de-nordic de-nordic requested a review from a team August 1, 2025 14:19
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 3fa2c5f to c56706d Compare August 6, 2025 16:33
gchwier
gchwier reviewed Aug 12, 2025
View reviewed changes
tests/subsys/kmu/revoke/testcase.yaml Outdated
Copy link
Contributor

@gchwier gchwier Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove also this file

@de-nordic de-nordic force-pushed the key-locking branch 7 times, most recently from 421b44b to 1deb869 Compare September 9, 2025 08:27
@de-nordic de-nordic force-pushed the key-locking branch 5 times, most recently from 038dbbc to 8e85a7b Compare September 12, 2025 10:22
@de-nordic de-nordic requested a review from gchwier September 12, 2025 11:58
@de-nordic
manifest: Update sdk-mcuboot with KMU key-locking
da7594e 
KMU key-locking support.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: Removing the test for application revoking MCUboot keys
862a6b2 
With MCUboot locking the keys it is no longer possible to revoke,
or destroy, MCUboot keys from application.

Signed-off-by: Dominik Ermel <[email protected]>
@NordicBuilder NordicBuilder removed the DNM label Sep 12, 2025
@de-nordic de-nordic merged commit a41dcce into nrfconnect:main Sep 12, 2025
14 of 15 checks passed
@de-nordic de-nordic deleted the key-locking branch September 12, 2025 14:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nordicjm nordicjm nordicjm approved these changes

@gchwier gchwier gchwier approved these changes

@michalek-no michalek-no michalek-no approved these changes

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

Assignees

No one assigned

Labels

changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest manifest-mcuboot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@de-nordic @NordicBuilder @nordicjm @gchwier @michalek-no