sysbuild: MCUboot fixes #15491
sysbuild: MCUboot fixes #15491
Conversation
Fixes an issue whereby MCUboot updates for secure boot were not signed and thus could not be used Signed-off-by: Jamie McCrae <[email protected]>
Adds the fixed ROM address of images to the signed images when direct XIP mode is enabled Signed-off-by: Jamie McCrae <[email protected]>
Adds an option that allows for not setting the number of updateable images in the main application to the number that MCUboot supports, this is needed for some nrf9160dk projects that have a single update slot but use it for updating application and secure bootloader Signed-off-by: Jamie McCrae <[email protected]>
github-actions
bot
added
the
changelog-entry-required
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
nordicjm
removed
the
changelog-entry-required
|
@ArekBalysNordic @sigvartmh @nvlsianpu @de-nordic please review ASAP |
| bool "Sync updateable image value to main application" | ||
| default y | ||
| help | ||
| If enabled then will synchronise the value of ``MCUBOOT_UPDATEABLE_IMAGES`` to MCUboot |
There was a problem hiding this comment.
You mean the UPDATEABLE_IMAGE_NUMBER or the MCUmgr Kconfig MCUMGR_GRP_IMG_UPDATABLE_IMAGE_NUMBER?
(The MCUBOOT_UPDATEABLE_IMAGES is something new? I can not find it...)
There was a problem hiding this comment.
MCUBOOT_UPDATEABLE_IMAGES is the sysbuild setting, if this is set then it will set it to both mcuboot and application, if not then it will only set it to mcuboot... though not sure why the help text mentions mcuboot
There was a problem hiding this comment.
Have re-read the text and main application is on the line after, so is correct
| @@ -69,7 +69,7 @@ function(ncs_secure_boot_mcuboot_sign application bin_files signed_targets prefi | |||
| # Hence, if a programmer is given this hex file, it will flash it | |||
| # to the secondary slot, and upon reboot mcuboot will swap in the | |||
| # contents of the hex file. | |||
| ${imgtool_sign} ${PROJECT_BINARY_DIR}/signed_by_b0_${application}.bin ${output}.bin | |||
| ${imgtool_sign} ${imgtool_extra} ${PROJECT_BINARY_DIR}/signed_by_b0_${application}.bin ${output}.bin | |||
There was a problem hiding this comment.
the use of imgtool_extra is actually problematic because it will inherit imgtool_extra from parent scope value which can result in surprises.
Use of imgtool_extra should be an argument to the function here:
There was a problem hiding this comment.
it won't inherit anything because this is from a sysbuild context, there is no imgtool_extra variable in sysbuild
@doublemis1 Could you please check whether our DFU tests work with this PR? |
No description provided.