-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
boards: arm: thingy91: Secure boot #12052
Conversation
Test specificationCI/Jenkins/NRF
CI/Jenkins/integration
Detailed information of selected test modules Note: This message is automatically posted and updated by the CI |
You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds. Note: This comment is automatically posted by the Documentation Publishing GitHub Action. |
86fac76
to
63c08d0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some minor nits.
set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") | ||
endif() | ||
if(CONFIG_THINGY91_STATIC_PARTITIONS_FACTORY) | ||
set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't use tabs in CMake files, please convert to two spaces.
set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") | |
set(PM_STATIC_YML_FILE ${CMAKE_CURRENT_LIST_DIR}/thingy91_pm_static.yml CACHE INTERNAL "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Perhaps we should add an .editorconfig
to our repos and recommend that developers use a plugin for it?
@@ -40,6 +40,15 @@ config THINGY91_STATIC_PARTITIONS_LWM2M_CARRIER | |||
help | |||
Use a partition layout including a storage partition needed for the lwm2m carrier library. | |||
|
|||
config THINGY91_PARTITION_MANAGER | |||
bool "Default partition manager logic [EXPERIMENTAL]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure default is the best wording here.
Maybe the word dynamic
is better, as that is what is used in the PM guide: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/scripts/partition_manager/partition_manager.html
bool "Default partition manager logic [EXPERIMENTAL]" | |
bool "Dynamic partition manager logic [EXPERIMENTAL]" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I struggled how to best formulate this. Dynamic is not precise, because it's still possible to define static partitions from the application if they want to. The PM_STATIC_YML_FILE define we use in the CMakeLists.txt has the top level priority in partition manager logic - which makes it impossible to define an application static partition. There seems to be no way to make a board static partition which is possible to override from the application. The THINGY91_PARTITION_MANAGER config is used to so it's possible to not force one of the board static partitions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see what you mean, and upon second look I agree that Dynamic
is not the best word either.
I still dislike the use default
in this context.
As a user, it gives me the impression that I can go lookup somewhere to see what the default layout will be, which is not the case.
Here default doesn't refer to a given layout (as opposed to the choice options above).
When looking at this again, and the choice
title:
https://github.com/nrfconnect/sdk-nrf/blob/154f3c80854f4416a0c8cef8e1d9307d9799c51b/boards/arm/thingy91_nrf9160/Kconfig.board#L18
How about changing that title to:
Fixed Thingy:91 partition layout
or
Pre-defined Thingy:91 partition layout
Then the final choice could then be: None
, and look as:
config THINGY91_PARTITION_MANAGER
bool "None [EXPERIMENTAL]"
select EXPERIMENTAL
help
Don't use a pre-defined static partition layout, but use the default Partition Manager logic to
handle the partition layout. This allows the application to use dynamic layout or define
a custom static partition layout for the application. A debugger is needed to flash
Thingy:91 with a different partition layout.
And the menu, seen by the user will look:
Pre-defined Thingy:91 partition layout
[X] "Factory Thingy:91 partition layout"
[ ] "Secure boot Thingy:91 partition layout [EXPERIMENTAL]"
[ ] "LWM2M Carrier partition layout"
[ ] "None [EXPERIMENTAL]"
an alternative to None
could be the word auto
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! That sounds like a good way to solve it. I also renamed the kconfig option itself from THINGY91_PARTITION_MANAGER
to THINGY91_NO_PREDEFINED_LAYOUT
.
bool "Default partition manager logic [EXPERIMENTAL]" | ||
select EXPERIMENTAL | ||
help | ||
Don't enforce static partition layout, but use the default Partition Manager logic to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't enforce static partition layout, but use the default Partition Manager logic to | |
Don't enforce static partition layout, but use the dynamic Partition Manager logic to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When looking at this again now, I don't think there's any point in mentioning Partition Manager here at all. So have updated the help text to: «Disable pre-defined static partition layout. This allows the application to use dynamic layout or define a custom static partition layout for the application...»
63c08d0
to
806e38c
Compare
@tejlmand can you please have another look? |
1c0ed0d
to
41946bd
Compare
41946bd
to
154f3c8
Compare
The ADP536X integrated circuit interfaces with two distinct drivers: the Zephyr regulator driver, responsible for power regulation aspects of the ADP536X, and the sdk-nrf ADP536X driver, which manages other functionalities. Both drivers are now reserved exclusively for inclusion within the application image. Introduced a new kconfig symbol IS_BOOTLOADER_IMG, to simplify checking for both MCUboot and secure bootloaders. In addition, changed how the driver is automatically enabled. Now it is enabled if the devicetree has an "adi,adp5360" compatible node enabled. CIA-604 Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
Move static partition logic for thingy:91 out to separate Kconfig options: CONFIG_THINGY91_STATIC_PARTITIONS_FACTORY for the original factory partition layout. This is the default. CONFIG_THINGY91_STATIC_PARTITIONS_SECURE_BOOT for a partition layout similar to the factory layout, but it has the immutable bootloader and partitions for uptadable bootloader. This is still experimental. CONFIG_THINGY91_STATIC_PARTITIONS_LWM2M_CARRIER for a partition layout that has the partitions needed to use the lwm2m carrier library. CIA-604 Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
154f3c8
to
d79c32f
Compare
Allow using none of the pre-defined static partition layouts for thingy:91. This allows the application to use a dynamic layout or define a custom static partition layout for the application. Signed-off-by: Gregers Gram Rygg <gregers.gram.rygg@nordicsemi.no>
d79c32f
to
75ac6db
Compare
Great solution @gregersrygg. |
This PR fixes some problems that appears when trying to build for thingy:91 with
CONFIG_SECURE_BOOT
enabled:IS_BOOTLOADER
to make it easier to check for both mcuboot and the secure bootloader at the same time.CONFIG_THINGY91_PARTITION_MANAGER
) to not inject a thingy:91 board static configuration for those that want to use dynamic or an application specific static partition layout.This does not solve every problem for using secure boot on thingy:91, but is a couple of steps in the right direction. Further steps are needed to get it working properly, but I want to reduce the scope of this PR and delegate some of the remaining work to other teams. Marked the new partitions layouts as experimental to make it clear that this is not production ready and under development, as described in software maturity levels.
Known issues:
CONFIG_THINGY91_PARTITION_MANAGER=y
andCONFIG_SECURE_BOOT=n
will fail because the dynamicapp
partition is not aligned according to SPU flash region size.CIA-604