From 2e772a4cbe52e235978e28e6561735c0c301e2da Mon Sep 17 00:00:00 2001
From: Krzysztof Taborowski <krzysztof.taborowski@nordicsemi.no>
Date: Thu, 7 Nov 2024 12:29:53 +0100
Subject: [PATCH] samples: fix bootloaders warnings

Remove mcuboot board overlays for _ns variant,
mcuboot always use secure images.
Fix warning was assigned 'y' but got 'n':
* FPROTECT_ALLOW_COMBINED_REGIONS on nrf54l15
* MBEDTLS_CFG_FILE on nrf52840

Signed-off-by: Krzysztof Taborowski <krzysztof.taborowski@nordicsemi.no>
---
 samples/sid_end_device/Kconfig.sysbuild       | 16 +++++---
 .../mcuboot/boards/nrf52840dk_nrf52840.conf   |  5 +++
 .../boards/nrf54l15dk_nrf54l15_cpuapp.conf    | 41 ++++---------------
 .../boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf | 41 -------------------
 .../nrf54l15dk_nrf54l15_cpuapp_ns.overlay     | 28 -------------
 .../sid_end_device/sysbuild/mcuboot/prj.conf  | 14 +++----
 6 files changed, 30 insertions(+), 115 deletions(-)
 delete mode 100644 samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
 delete mode 100644 samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay

diff --git a/samples/sid_end_device/Kconfig.sysbuild b/samples/sid_end_device/Kconfig.sysbuild
index 885719916c..e68e070ef4 100644
--- a/samples/sid_end_device/Kconfig.sysbuild
+++ b/samples/sid_end_device/Kconfig.sysbuild
@@ -19,6 +19,9 @@ config DFU_MULTI_IMAGE_PACKAGE_BUILD
 config DFU_MULTI_IMAGE_PACKAGE_APP
 	default y
 
+config PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY
+	default y if BOARD_NRF52840DK_NRF52840 || BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_THINGY53_NRF5340_CPUAPP
+
 if (BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_THINGY53_NRF5340_CPUAPP)
 
 config MCUBOOT_UPDATEABLE_IMAGES
@@ -46,12 +49,15 @@ config DFU_MULTI_IMAGE_PACKAGE_NET
 
 endif # (BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_THINGY53_NRF5340_CPUAPP)
 
-config PM_EXTERNAL_FLASH_MCUBOOT_SECONDARY
-	default y if BOARD_NRF52840DK_NRF52840 || BOARD_NRF5340DK_NRF5340_CPUAPP || BOARD_THINGY53_NRF5340_CPUAPP
+if (BOARD_NRF54L15DK_NRF54L15_CPUAPP || BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS)
+
+# TODO: NCSDK-28931: Cannot use fprotect twice, so disable it in MCUboot to
+# test protecting factory data. It can be enabled while there is a support
+# for protection more than one region.
+config MCUBOOT_FPROTECT_ALLOW_COMBINED_REGIONS
+	default n
 
-# override the mcuboot pad size, because it is not set globally for NS build.
-config PM_MCUBOOT_PAD
-	default 0x800
+endif # (BOARD_NRF54L15DK_NRF54L15_CPUAPP || BOARD_NRF54L15DK_NRF54L15_CPUAPP_NS)
 
 endif # BOOTLOADER_MCUBOOT
 
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf52840dk_nrf52840.conf b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf52840dk_nrf52840.conf
index c333f7b0b4..048b9af26c 100644
--- a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf52840dk_nrf52840.conf
+++ b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf52840dk_nrf52840.conf
@@ -8,3 +8,8 @@
 CONFIG_NORDIC_QSPI_NOR=y
 CONFIG_NORDIC_QSPI_NOR_FLASH_LAYOUT_PAGE_SIZE=4096
 CONFIG_NORDIC_QSPI_NOR_STACK_WRITE_BUFFER_SIZE=16
+
+# Fisable the Flash Patch and Breakpoint (FPB) feature
+# to increase the security of the device.
+CONFIG_DISABLE_FLASH_PATCH=y
+CONFIG_REBOOT=y
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf
index c148dd141c..c63e0cd78b 100644
--- a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf
+++ b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp.conf
@@ -1,13 +1,9 @@
 #
-# Copyright (c) 2021 Nordic Semiconductor ASA
+# Copyright (c) 2024 Nordic Semiconductor ASA
 #
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
 #
 
-# TODO: NCSDK-28931: Cannot use fprotect twice, so disable it in MCUboot to
-# test protecting Matter factory data. It can be enabled while there is a support
-# for protection more than one region.
-CONFIG_FPROTECT=n
 # TODO: Workaround, disable memory guard to avoid false faults in application after boot
 CONFIG_HW_STACK_PROTECTION=n
 
@@ -18,40 +14,17 @@ CONFIG_HW_STACK_PROTECTION=n
 # To avoid it enable tickles kernel for mcuboot.
 CONFIG_TICKLESS_KERNEL=y
 
-CONFIG_BOOT_WATCHDOG_FEED=n
+# TODO: NCSDK-28931: Cannot use fprotect twice, so disable it in MCUboot to
+# test protecting factory data. It can be enabled while there is a support
+# for protection more than one region.
+CONFIG_FPROTECT=n
+CONFIG_FPROTECT=n
 
-# Disable all debug features
-CONFIG_USE_SEGGER_RTT=n
-CONFIG_SHELL=n
-CONFIG_OPENTHREAD_SHELL=n
-CONFIG_CONSOLE=n
-CONFIG_UART_CONSOLE=n
-CONFIG_SERIAL=n
-CONFIG_LOG=n
-CONFIG_LOG_MODE_MINIMAL=n
-CONFIG_ASSERT_VERBOSE=n
-CONFIG_ASSERT_NO_FILE_INFO=y
-CONFIG_PRINTK=n
-CONFIG_PRINTK_SYNC=n
-CONFIG_THREAD_NAME=n
-CONFIG_BOOT_BANNER=n
-CONFIG_NCS_BOOT_BANNER=n
+CONFIG_BOOT_WATCHDOG_FEED=n
 
 CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
 
 # Ensure that the qspi driver is disabled by default
-CONFIG_GPIO=n
 CONFIG_SPI=n
 CONFIG_SPI_NOR=n
 CONFIG_NORDIC_QSPI_NOR=n
-CONFIG_MULTITHREADING=n
-
-# Others
-CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
-
-
-# Workaroud: fprotect and watchdog feed
-# are not supported in NCS v2.6.0
-CONFIG_FPROTECT=n
-CONFIG_BOOT_WATCHDOG_FEED=n
-CONFIG_POWEROFF=y
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
deleted file mode 100644
index f5689b641c..0000000000
--- a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.conf
+++ /dev/null
@@ -1,41 +0,0 @@
-#
-# Copyright (c) 2021 Nordic Semiconductor ASA
-#
-# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
-#
-
-# TODO: NCSDK-28931: Cannot use fprotect twice, so disable it in MCUboot to
-# test protecting provisoing data. It can be enabled while there is a support
-# for protection more than one region.
-CONFIG_FPROTECT=n
-# TODO: Workaround, disable memory guard to avoid false faults in application after boot
-CONFIG_HW_STACK_PROTECTION=n
-
-CONFIG_BOOT_WATCHDOG_FEED=n
-
-CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
-
-# Ensure that the qspi driver is disabled by default
-CONFIG_GPIO=n
-CONFIG_SPI=n
-CONFIG_SPI_NOR=n
-CONFIG_NORDIC_QSPI_NOR=n
-CONFIG_MULTITHREADING=n
-
-CONFIG_PM_OVERRIDE_EXTERNAL_DRIVER_CHECK=y
-
-
-# Workaroud: fprotect and watchdog feed
-# are not supported in NCS v2.6.0
-CONFIG_FPROTECT=n
-CONFIG_BOOT_WATCHDOG_FEED=n
-
-# Currently, without tickless kernel, the SYSCOUNTER value after the software
-# reset is not set properly and due to that the first system interrupt is not called
-# in the proper time - the SYSCOUNTER value is set to the value from before
-# reset + 1. Hence, the reboot time increases more and more.
-# To avoid it enable tickles kernel for mcuboot.
-CONFIG_TICKLESS_KERNEL=y
-
-# Set the ZMS sector count to match the settings partition size that is 40 kB for this application.
-CONFIG_SETTINGS_ZMS_SECTOR_COUNT=10
diff --git a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay b/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
deleted file mode 100644
index ddc7970558..0000000000
--- a/samples/sid_end_device/sysbuild/mcuboot/boards/nrf54l15dk_nrf54l15_cpuapp_ns.overlay
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
- * Copyright (c) 2024 Nordic Semiconductor ASA
- *
- * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
- */
-
-
-/* Application does not use cpuflpr core. Assign whole RRAM and RAM to cpuapp. */
-&cpuapp_rram {
-	reg = < 0x0 DT_SIZE_K(1524) >;
-};
-
-&cpuapp_sram {
-	reg = <0x20000000 DT_SIZE_K(256)>;
-	ranges = <0x0 0x20000000  0x40000>;
-};
-
- /* Disable the external flash, as it's not needed
-    for the configuration with secondary slot residing
-    in the internal MRAM. */
-&mx25r64 {
-	status = "disabled";
-};
-
-// TODO: re-enable HWFC once it's fixed
-&uart20 {
-	/delete-property/ hw-flow-control;
-};
diff --git a/samples/sid_end_device/sysbuild/mcuboot/prj.conf b/samples/sid_end_device/sysbuild/mcuboot/prj.conf
index 1e1834611e..a7b007d31f 100644
--- a/samples/sid_end_device/sysbuild/mcuboot/prj.conf
+++ b/samples/sid_end_device/sysbuild/mcuboot/prj.conf
@@ -2,6 +2,7 @@
 # Copyright (c) 2024 Nordic Semiconductor ASA
 #
 # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
 
 CONFIG_MAIN_STACK_SIZE=10240
 
@@ -12,26 +13,25 @@ CONFIG_PM=n
 CONFIG_FLASH=y
 CONFIG_FPROTECT=y
 
-CONFIG_MBEDTLS_CFG_FILE="mcuboot-mbedtls-cfg.h"
-
 CONFIG_BOOT_MAX_IMG_SECTORS=256
 
 # Use minimal C library instead of the Picolib
 CONFIG_MINIMAL_LIBC=y
 
 # Disable logs
-CONFIG_NCS_BOOT_BANNER=n
 CONFIG_BOOT_BANNER=n
-CONFIG_CONSOLE=n
+CONFIG_NCS_BOOT_BANNER=n
 CONFIG_SERIAL=n
-CONFIG_UART_CONSOLE=n
-CONFIG_CONSOLE_HANDLER=n
-CONFIG_USE_SEGGER_RTT=n
 CONFIG_LOG=n
+CONFIG_LOG_MODE_MINIMAL=n
 CONFIG_PRINTK=n
 CONFIG_ASSERT=n
 
 # Bootloader size optimization
+CONFIG_CONSOLE=n
+CONFIG_CONSOLE_HANDLER=n
+CONFIG_UART_CONSOLE=n
+CONFIG_USE_SEGGER_RTT=n
 CONFIG_RESET_ON_FATAL_ERROR=n
 CONFIG_GPIO=n
 CONFIG_TIMESLICING=n