Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc: suit: Extended recovery documentation #17538

Closed
wants to merge 1 commit into from
Closed

doc: suit: Extended recovery documentation #17538

wants to merge 1 commit into from

Conversation

ahasztag
Copy link
Contributor

Extended and updated documentation for SUIT recovery.

This PR probably requires adding some images, but I probably won't add when it comes to the text - I think it is good if you find some time to review while I am out of office

@ahasztag
doc: suit: Extended recovery documentation
158424b 
Extended and updated documentation for SUIT recovery.

Signed-off-by: Artur Hadasz <artur.hadasz@nordicsemi.no>
@ahasztag ahasztag requested review from a team and FrancescoSer as code owners September 27, 2024 15:02
@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Sep 27, 2024
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Sep 27, 2024
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 1

Inputs:

Sources:

sdk-nrf: PR head: 158424be25020333fee9bb895c82ca72ca27d7f1

more details

sdk-nrf:

PR head: 158424be25020333fee9bb895c82ca72ca27d7f1
merge base: 7a2b37b91eccac0117af6d85671a36238cc20848
target head (main): d9bf4fb4e36e9dec123f4043b5580e55053c89b5
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (2) 
doc
│  ├── nrf
│  │  ├── app_dev
│  │  │  ├── device_guides
│  │  │  │  ├── working_with_nrf
│  │  │  │  │  ├── nrf54h
│  │  │  │  │  │  │ ug_nrf54h20_suit_recovery.rst
samples
│  ├── suit
│  │  ├── recovery
│  │  │  │ README.rst

Outputs:

Toolchain

Version:
Build docker image:

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain
  • ◻️ Build twister
  • ◻️ Integration tests
    • ◻️ test-sdk-dfu
    • ⚠️ test-sdk-dfu
Disabled integration tests
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-boot
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_cloud
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_mosh
    • test-fw-nrfconnect-nrf-iot_nrf_provisioning
    • test-fw-nrfconnect-nrf-iot_positioning
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread
    • test-fw-nrfconnect-zigbee
    • test-low-level
    • test-sdk-audio
    • test-sdk-find-my
    • test-sdk-mcuboot
    • test-sdk-pmic-samples
    • test-sdk-sidewalk
    • test-sdk-wifi

Note: This message is automatically posted and updated by the CI

@greg-fer greg-fer requested review from annwoj and removed request for a team September 30, 2024 08:21
maciejpietras
maciejpietras requested changes Sep 30, 2024
View reviewed changes
doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst
In such cases the device needs a way to recover from the failure and continue to operate.

In SUIT, this is solved by running a specially prepared recovery firmware.
Although the recovery firmware needs some additional space in the device, it is a highly recommended feature for all devices that use SUIT.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Although the recovery firmware needs some additional space in the device, it is a highly recommended feature for all devices that use SUIT.
Although the recovery firmware is optional and needs some additional space in the device, it is a highly recommended feature for all devices that use SUIT.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst

* Tampering by an attacker.
* Bitflips in the MRAM memory due to radiation or other external conditions.
* Hardware failures in advanced cases where an inplace update is performed and a firmware image is partially overwritten.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Hardware failures in advanced cases where an inplace update is performed and a firmware image is partially overwritten.
* Hardware failures in advanced cases where an in-place update is performed and a firmware image is partially overwritten.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst
* Tampering by an attacker.
* Bitflips in the MRAM memory due to radiation or other external conditions.
* Hardware failures in advanced cases where an inplace update is performed and a firmware image is partially overwritten.
* An incorrectly constructed manifest, leading to a succesful update but failure during boot.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* An incorrectly constructed manifest, leading to a succesful update but failure during boot.
* An incorrectly constructed manifest, leading to a successful update, but to a failure during boot.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst
The recovery manifests form a separate hierarchy from the normal manifests.
In this hierarchy the application recovery (APP_RECOVERY) manifest has both the responsibility of managing the application core image as well as managing other manifests such as the radio recovery manifest.

If a failure during a boot process occured, the Secure Domain sets the recovery flag and reboots the device.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If a failure during a boot process occured, the Secure Domain sets the recovery flag and reboots the device.
If a failure during a boot process occurred, the Secure Domain sets the recovery flag and reboots the device.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst
The recovery flag might not be cleared after flashing the firmware, but the device should proceed as if it would boot normally.

The role of the recovery application is to perform an update of the main application firmware, which does not differ from the normal SUIT update process.
As soon as the update finishes succesfully, the recovery flag is cleared and the device proceeds with normal operation.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
As soon as the update finishes succesfully, the recovery flag is cleared and the device proceeds with normal operation.
As soon as the update finishes successfully, the recovery flag is cleared and the device proceeds with normal operation.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst

This document describes scenarios in which a nRF54H20 device using SUIT can enter recovery mode and how the recovering process works.

When is recovery mode entered?
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would be good to add some diagram here.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst

add_overlay_dts(recovery ${CMAKE_CURRENT_LIST_DIR}/boards/nrf54h20dk_nrf54h20_cpuapp.overlay)

This will ensure that when building from the main application directory the overlay file is attached to and not overwritten by the configuration comming from the main application.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This will ensure that when building from the main application directory the overlay file is attached to and not overwritten by the configuration comming from the main application.
This will ensure that when building from the main application directory the overlay file is attached to and not overwritten by the configuration coming from the main application.

doc/nrf/app_dev/device_guides/working_with_nrf/nrf54h/ug_nrf54h20_suit_recovery.rst

#. Optionally - you can modify the recovery manifest templates.
The manifest template defined by the `CONFIG_SUIT_ENVELOPE_TEMPLATE_FILENAME` is first searched for in :file:`suit/<soc>` in the main application directory.
If it is not found, :file:`suit/<soc>` in the the recovery app is checked.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If it is not found, :file:`suit/<soc>` in the the recovery app is checked.
If it is not found, :file:`suit/<soc>` in the recovery app is checked.

@gmarull gmarull closed this Oct 2, 2024
@gmarull gmarull deleted the NCSDK-28248_suit_recovery_doc branch October 2, 2024 07:05
@gmarull
Copy link
Member

gmarull commented Oct 2, 2024

please, use forks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maciejpietras maciejpietras maciejpietras requested changes

@tomchy tomchy Awaiting requested review from tomchy

@SylwesterKonczyk SylwesterKonczyk Awaiting requested review from SylwesterKonczyk

@jnsgsr jnsgsr Awaiting requested review from jnsgsr

@robertstypa robertstypa Awaiting requested review from robertstypa

@adsz-nordic adsz-nordic Awaiting requested review from adsz-nordic

@kszromek-nordic kszromek-nordic Awaiting requested review from kszromek-nordic

@FrancescoSer FrancescoSer Awaiting requested review from FrancescoSer

@annwoj annwoj Awaiting requested review from annwoj

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. doc-required PR must not be merged without tech writer approval.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ahasztag @NordicBuilder @gmarull @maciejpietras