boards: arm: thingy91: Secure boot #12052
Conversation
gregersrygg
requested review from
hakonfam,
sigvartmh,
jtguggedal,
carlescufi,
tejlmand and
anangl
as code owners
github-actions
bot
added
the
doc-required
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
|
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
gregersrygg
force-pushed
the
fix-thingy91-secure-boot
branch
4 times, most recently
from
86fac76
to
63c08d0
Compare
| set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") | ||
| endif() | ||
| if(CONFIG_THINGY91_STATIC_PARTITIONS_FACTORY) | ||
| set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") |
There was a problem hiding this comment.
we don't use tabs in CMake files, please convert to two spaces.
| set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") | |
| set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") |
There was a problem hiding this comment.
Perhaps we should add an .editorconfig to our repos and recommend that developers use a plugin for it?
| @@ -40,6 +40,15 @@ config THINGY91_STATIC_PARTITIONS_LWM2M_CARRIER | |||
| help | |||
| Use a partition layout including a storage partition needed for the lwm2m carrier library. | |||
|
|
|||
| config THINGY91_PARTITION_MANAGER | |||
| bool "Default partition manager logic [EXPERIMENTAL]" | |||
There was a problem hiding this comment.
Not sure default is the best wording here.
Maybe the word dynamic is better, as that is what is used in the PM guide: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/scripts/partition_manager/partition_manager.html
| bool "Default partition manager logic [EXPERIMENTAL]" | |
| bool "Dynamic partition manager logic [EXPERIMENTAL]" |
There was a problem hiding this comment.
I struggled how to best formulate this. Dynamic is not precise, because it's still possible to define static partitions from the application if they want to. The PM_STATIC_YML_FILE define we use in the CMakeLists.txt has the top level priority in partition manager logic - which makes it impossible to define an application static partition. There seems to be no way to make a board static partition which is possible to override from the application. The THINGY91_PARTITION_MANAGER config is used to so it's possible to not force one of the board static partitions.
There was a problem hiding this comment.
I see what you mean, and upon second look I agree that Dynamic is not the best word either.
I still dislike the use default in this context.
As a user, it gives me the impression that I can go lookup somewhere to see what the default layout will be, which is not the case.
Here default doesn't refer to a given layout (as opposed to the choice options above).
When looking at this again, and the choice title:
https://github.com/nrfconnect/sdk-nrf/blob/154f3c80854f4416a0c8cef8e1d9307d9799c51b/boards/arm/thingy91_nrf9160/Kconfig.board#L18
How about changing that title to:
Fixed Thingy:91 partition layout
or
Pre-defined Thingy:91 partition layout
Then the final choice could then be: None, and look as:
config THINGY91_PARTITION_MANAGER
bool "None [EXPERIMENTAL]"
select EXPERIMENTAL
help
Don't use a pre-defined static partition layout, but use the default Partition Manager logic to
handle the partition layout. This allows the application to use dynamic layout or define
a custom static partition layout for the application. A debugger is needed to flash
Thingy:91 with a different partition layout.
And the menu, seen by the user will look:
Pre-defined Thingy:91 partition layout
[X] "Factory Thingy:91 partition layout"
[ ] "Secure boot Thingy:91 partition layout [EXPERIMENTAL]"
[ ] "LWM2M Carrier partition layout"
[ ] "None [EXPERIMENTAL]"
an alternative to None could be the word auto.
There was a problem hiding this comment.
Thanks! That sounds like a good way to solve it. I also renamed the kconfig option itself from THINGY91_PARTITION_MANAGER to THINGY91_NO_PREDEFINED_LAYOUT.
| bool "Default partition manager logic [EXPERIMENTAL]" | ||
| select EXPERIMENTAL | ||
| help | ||
| Don't enforce static partition layout, but use the default Partition Manager logic to |
There was a problem hiding this comment.
| Don't enforce static partition layout, but use the default Partition Manager logic to | |
| Don't enforce static partition layout, but use the dynamic Partition Manager logic to |
There was a problem hiding this comment.
When looking at this again now, I don't think there's any point in mentioning Partition Manager here at all. So have updated the help text to: «Disable pre-defined static partition layout. This allows the application to use dynamic layout or define a custom static partition layout for the application...»
gregersrygg
force-pushed
the
fix-thingy91-secure-boot
branch
from
63c08d0
to
806e38c
Compare
|
@tejlmand can you please have another look? |
divipillai
force-pushed
the
fix-thingy91-secure-boot
branch
from
1c0ed0d
to
41946bd
Compare
gregersrygg
force-pushed
the
fix-thingy91-secure-boot
branch
from
41946bd
to
154f3c8
Compare
The ADP536X integrated circuit interfaces with two distinct drivers: the Zephyr regulator driver, responsible for power regulation aspects of the ADP536X, and the sdk-nrf ADP536X driver, which manages other functionalities. Both drivers are now reserved exclusively for inclusion within the application image. Introduced a new kconfig symbol IS_BOOTLOADER_IMG, to simplify checking for both MCUboot and secure bootloaders. In addition, changed how the driver is automatically enabled. Now it is enabled if the devicetree has an "adi,adp5360" compatible node enabled. CIA-604 Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
Move static partition logic for thingy:91 out to separate Kconfig options: CONFIG_THINGY91_STATIC_PARTITIONS_FACTORY for the original factory partition layout. This is the default. CONFIG_THINGY91_STATIC_PARTITIONS_SECURE_BOOT for a partition layout similar to the factory layout, but it has the immutable bootloader and partitions for uptadable bootloader. This is still experimental. CONFIG_THINGY91_STATIC_PARTITIONS_LWM2M_CARRIER for a partition layout that has the partitions needed to use the lwm2m carrier library. CIA-604 Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
gregersrygg
force-pushed
the
fix-thingy91-secure-boot
branch
from
154f3c8
to
d79c32f
Compare
gregersrygg
requested review from
balaji-nordic
and removed request for
a team
Allow using none of the pre-defined static partition layouts for thingy:91. This allows the application to use a dynamic layout or define a custom static partition layout for the application. Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
gregersrygg
force-pushed
the
fix-thingy91-secure-boot
branch
from
d79c32f
to
75ac6db
Compare
|
Great solution @gregersrygg. |
This PR fixes some problems that appears when trying to build for thingy:91 with
CONFIG_SECURE_BOOTenabled:IS_BOOTLOADERto make it easier to check for both mcuboot and the secure bootloader at the same time.CONFIG_THINGY91_PARTITION_MANAGER) to not inject a thingy:91 board static configuration for those that want to use dynamic or an application specific static partition layout.This does not solve every problem for using secure boot on thingy:91, but is a couple of steps in the right direction. Further steps are needed to get it working properly, but I want to reduce the scope of this PR and delegate some of the remaining work to other teams. Marked the new partitions layouts as experimental to make it clear that this is not production ready and under development, as described in software maturity levels.
Known issues:
CONFIG_THINGY91_PARTITION_MANAGER=yandCONFIG_SECURE_BOOT=nwill fail because the dynamicapppartition is not aligned according to SPU flash region size.CIA-604