Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

subsy/bootloader/cmake/debug_keys: fix SB_SIGNING_KEY supply #16173

Closed
wants to merge 1 commit into from
Closed

subsy/bootloader/cmake/debug_keys: fix SB_SIGNING_KEY supply #16173

wants to merge 1 commit into from

Conversation

nvlsianpu
Copy link
Contributor

@nvlsianpu nvlsianpu commented Jun 24, 2024
edited
Loading

ref:NCSDK-28124

@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Jun 24, 2024
@NordicBuilder
Copy link
Contributor

Test specification

CI/Jenkins/NRF

  • Integration Platforms

CI/Jenkins/integration

Test Module File based changes Manually selected West overwrite
test-fw-nrfconnect-boot X
test-fw-nrfconnect-chip X
test-fw-nrfconnect-tfm X
test-fw-nrfconnect-zigbee X
test-sdk-find-my X
test-sdk-mcuboot X
test-sdk-sidewalk X

Detailed information of selected test modules

Note: This message is automatically posted and updated by the CI

@nvlsianpu nvlsianpu requested a review from nordicjm June 24, 2024 13:52
@nvlsianpu nvlsianpu added this to the 2.7.0 milestone Jun 27, 2024
@nvlsianpu
Copy link
Contributor Author

@tejlmand
@shanthanordic
If this PR won't go into NCS 2.7.0 then I have to add known issue instead.

@shanthanordic shanthanordic modified the milestones: 2.7.0, 2.8.0 Jun 27, 2024
tejlmand
tejlmand requested changes Jul 1, 2024
View reviewed changes
Copy link
Contributor

@tejlmand tejlmand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Has this been tested to work ?

For sure it doesn't work with absolute paths.

subsys/bootloader/cmake/debug_keys.cmake
Comment on lines 71 to +72
if(IS_ABSOLUTE ${CONFIG_SB_SIGNING_KEY_FILE})
set(SIGNATURE_PRIVATE_KEY_FILE ${CONFIG_SB_SIGNING_KEY_FILE})
set(SIGNATURE_PRIVATE_KEY_FILE ${_X_SIGNATURE_PRIVATE_KEY_FILE})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you are checking if CONFIG_SB_SIGNING_KEY_FILE is absolute, but you are setting the value of SIGNATURE_PRIVATE_KEY_FILE to the value of the internal _X_SIGNATURE_PRIVATE_KEY_FILE.

subsys/bootloader/cmake/debug_keys.cmake
@@ -22,17 +22,17 @@ if (DEFINED ENV{SB_SIGNING_KEY_FILE} AND NOT SB_SIGNING_KEY_FILE)
if (NOT EXISTS "$ENV{SB_SIGNING_KEY_FILE}")
message(FATAL_ERROR "ENV points to non-existing PEM file '$ENV{SB_SIGNING_KEY_FILE}'")
else()
set(SIGNATURE_PRIVATE_KEY_FILE $ENV{SB_SIGNING_KEY_FILE})
set(_X_SIGNATURE_PRIVATE_KEY_FILE $ENV{SB_SIGNING_KEY_FILE})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

variables intended for local use should be in lower case, and please remove the leading _, as we don't use that in CMake, especially because it has a special meaning for functions.

tejlmand
tejlmand requested changes Jul 1, 2024
View reviewed changes
Copy link
Contributor

@tejlmand tejlmand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has not been working for several NCS releases, so therefore this functionality was removed for sysbuild here: #16154

If we consider this to be a bug that we want to fix for parent/child images, then we should support the same for sysbuild.

@nordicjm feel free to give additional comments.

Also, if this PR should be merged then a proper commit message should be written.

@nordicjm
Copy link
Contributor

nordicjm commented Jul 1, 2024

I do not think this should be fixed, it should be listed as a known issue and references to it removed from the help text. Fixing this gives a false sense of security of the feature working for users that might go back to older versions and be aware that this is a silent failure. The feature has never worked, let's just remove it.

@nvlsianpu
Copy link
Contributor Author

@nordicjm @tejlmand I agree with your opinion.
This was never been seen working, child images are close to the end-of-life.

@nvlsianpu nvlsianpu added the DNM label Aug 29, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2024

This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time.

@github-actions github-actions bot added the Stale label Nov 4, 2024
@nvlsianpu nvlsianpu closed this Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tejlmand tejlmand tejlmand requested changes

@sigvartmh sigvartmh sigvartmh approved these changes

@hakonfam hakonfam hakonfam approved these changes

@nordicjm nordicjm Awaiting requested review from nordicjm

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM Stale
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.
7 participants
@nvlsianpu @NordicBuilder @nordicjm @hakonfam @sigvartmh @tejlmand @shanthanordic