Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

samples: bluetooth: fast_pair: locator_tag: HW crypto MCUboot for nRF54L #21106

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

samples: bluetooth: fast_pair: locator_tag: HW crypto MCUboot for nRF54L #21106

wants to merge 3 commits into from

Conversation

kapi-no
Copy link
Contributor

@kapi-no kapi-no commented Mar 24, 2025

Updated configurations for the nRF54L build targets in the Fast Pair Locator Tag sample to use HW crypto in the MCUboot bootloader.

This change breaks the backwards compatibility as it changes the MCUboot signature type from RSA to ED22519.

Ref: NCSDK-30842

@github-actions github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Mar 24, 2025
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Mar 24, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 6

Inputs:

Sources:

sdk-nrf: PR head: b153ddddd0cd64fcb24c7af89570a68fd5c4ebcc

more details

sdk-nrf:

PR head: b153ddddd0cd64fcb24c7af89570a68fd5c4ebcc
merge base: 8798f86aa24582bd18256cbaca76cb25e25096cb
target head (main): 8798f86aa24582bd18256cbaca76cb25e25096cb
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (26) 
doc
│  ├── nrf
│  │  ├── releases_and_maturity
│  │  │  ├── releases
│  │  │  │  │ release-notes-changelog.rst
samples
│  ├── bluetooth
│  │  ├── fast_pair
│  │  │  ├── locator_tag
│  │  │  │  ├── README.rst
│  │  │  │  ├── configuration
│  │  │  │  │  ├── pm_static_nrf54l15dk_nrf54l05_cpuapp_release.yml
│  │  │  │  │  ├── pm_static_nrf54l15dk_nrf54l10_cpuapp.yml
│  │  │  │  │  │ pm_static_nrf54l15dk_nrf54l15_cpuapp.yml
│  │  │  │  ├── sysbuild
│  │  │  │  │  ├── CMakeLists.txt
│  │  │  │  │  ├── configuration
│  │  │  │  │  │  ├── nrf52833dk_nrf52833
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild_release.conf
│  │  │  │  │  │  ├── nrf52840dk_nrf52840
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── nrf52dk_nrf52832
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild_release.conf
│  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── nrf5340dk_nrf5340_cpuapp_ns
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── nrf54l15dk_nrf54l05_cpuapp
│  │  │  │  │  │  │  ├── boot_signature_key_file_ed25519.pem
│  │  │  │  │  │  │  │ sysbuild_release.conf
│  │  │  │  │  │  ├── nrf54l15dk_nrf54l10_cpuapp
│  │  │  │  │  │  │  ├── boot_signature_key_file_ed25519.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── nrf54l15dk_nrf54l15_cpuapp
│  │  │  │  │  │  │  ├── boot_signature_key_file_ed25519.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── thingy53_nrf5340_cpuapp
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild.conf
│  │  │  │  │  │  ├── thingy53_nrf5340_cpuapp_ns
│  │  │  │  │  │  │  ├── boot_signature_key_file_rsa2048.pem
│  │  │  │  │  │  │  │ sysbuild.conf

Outputs:

Toolchain

Version: 4ffa2202d5
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:4ffa2202d5_8bf7ca4353

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister
    • sdk-nrf test count: 469
  • ✅ Integration tests
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_cloud
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread
    • test-low-level
    • test-sdk-audio
    • test-sdk-dfu
    • test-sdk-find-my
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@kapi-no kapi-no force-pushed the fast_pair_locator_tag_mcuboot_hw_crypto branch 2 times, most recently from 66a9fff to 84d45a3 Compare March 25, 2025 09:45
@kapi-no
Copy link
Contributor Author

kapi-no commented Mar 25, 2025

Simple rebase, no file diff changes

@kapi-no kapi-no force-pushed the fast_pair_locator_tag_mcuboot_hw_crypto branch from 84d45a3 to 66bf1b5 Compare March 25, 2025 14:22
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. and removed changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Mar 25, 2025
@kapi-no kapi-no marked this pull request as ready for review March 25, 2025 14:23
@kapi-no kapi-no requested review from a team as code owners March 25, 2025 14:23
@kapi-no
Copy link
Contributor Author

kapi-no commented Mar 25, 2025

Added the missing content and marked the PR as ready for review.

@kapi-no kapi-no force-pushed the fast_pair_locator_tag_mcuboot_hw_crypto branch from 66bf1b5 to 4aa3c8c Compare March 25, 2025 14:24
@kapi-no
Copy link
Contributor Author

kapi-no commented Mar 25, 2025

Pure rebase

@kapi-no kapi-no requested a review from MarekPieta March 25, 2025 14:28
kapi-no added 3 commits March 25, 2025 15:31
@kapi-no
samples: bluetooth: fast_pair: locator_tag: HW crypto MCUboot for nRF54L
d2cf491 
Updated configurations for the nRF54L build targets in the Fast Pair
Locator Tag sample to use HW crypto in the MCUboot bootloader.

Aligned the partition layout of the affected targets to fit the MCUboot
image into its partition and reserve the appropriate room for the
eventual bootloader image growth in future NCS releases.

This change breaks the backwards compatibility as it changes the
MCUboot signature type from RSA to ED22519 and the layout of the
partition map.

Ref: NCSDK-30842

Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
@kapi-no
samples: bluetooth: fast_pair: locator_tag: use non-default DFU key
d40f48f 
Updated the build target configurations based on the nRF52 and the
nRF53 Series to use the non-default private key for the generation of
the DFU package signature in the Fast Pair Locator Tag sample.

Ref: NCSDK-30842

Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
@kapi-no
samples: bluetooth: fast_pair: locator_tag: document dfu signature keys
b153ddd 
Expanded the Fast Pair Locator Tag sample documentation to include the
description of the signature algorithms for the DFU functionality.

Added a build section to document requirements regarding the bootloader
key provisioning process for the nRF54L-based targets.

Ref: NCSDK-30842

Signed-off-by: Kamil Piszczek <Kamil.Piszczek@nordicsemi.no>
@kapi-no kapi-no force-pushed the fast_pair_locator_tag_mcuboot_hw_crypto branch from 4aa3c8c to b153ddd Compare March 25, 2025 14:34
@kapi-no
Copy link
Contributor Author

kapi-no commented Mar 25, 2025

Addressed compliance issues

@github-actions GitHub Actions
Copy link

You can find the documentation preview for this PR here.

Preview links for modified nRF Connect SDK documents:

https://ncsdoc.z6.web.core.windows.net/PR-21106/nrf/releases_and_maturity/releases/release-notes-changelog.html
https://ncsdoc.z6.web.core.windows.net/PR-21106/nrf/samples/bluetooth/fast_pair/locator_tag/README.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkapala-nordic mkapala-nordic mkapala-nordic approved these changes

@MarekPieta MarekPieta Awaiting requested review from MarekPieta

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
doc-required PR must not be merged without tech writer approval.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kapi-no @NordicBuilder @MarekPieta @mkapala-nordic