suit: nRF9280 SUIT support #18496

mparpala · 2024-11-04T10:30:46Z

Add SUIT support for nRF9280 EngB product.

CLAassistant · 2024-11-04T10:30:52Z

All committers have signed the CLA.

NordicBuilder · 2024-11-04T10:32:35Z

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 45

Inputs:

Sources:

sdk-nrf: PR head: 0d323164a2bd9d0c579bfb9bcf524c249c1fdc60

more details

sdk-nrf:

PR head: 0d323164a2bd9d0c579bfb9bcf524c249c1fdc60
merge base: 8f6412f03f66ab97bda89ecb185b51393206fdf0
target head (main): 8f6412f03f66ab97bda89ecb185b51393206fdf0
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (27)

cmake
│  ├── sysbuild
│  │  ├── suit.cmake
│  │  ├── suit_provisioning.cmake
│  │  │ suit_provisioning_nrf9280.cmake
config
│  ├── suit
│  │  ├── templates
│  │  │  ├── nrf9280
│  │  │  │  ├── default
│  │  │  │  │  ├── v1
│  │  │  │  │  │  ├── app_envelope.yaml.jinja2
│  │  │  │  │  │  ├── app_recovery_envelope_app_local.yaml.jinja2
│  │  │  │  │  │  ├── app_recovery_envelope_direct.yaml.jinja2
│  │  │  │  │  │  ├── app_recovery_local_envelope.yaml.jinja2
│  │  │  │  │  │  ├── rad_envelope.yaml.jinja2
│  │  │  │  │  │  ├── rad_recovery_envelope.yaml.jinja2
│  │  │  │  │  │  │ root_with_binary_nordic_top.yaml.jinja2
subsys
│  ├── nrf_security
│  │  ├── Kconfig
│  │  ├── src
│  │  │  ├── drivers
│  │  │  │  ├── cracen
│  │  │  │  │  ├── Kconfig
│  │  │  │  │  │ psa_driver.Kconfig
│  ├── suit
│  │  ├── mci
│  │  │  ├── Kconfig
│  │  │  ├── src
│  │  │  │  │ suit_mci_nrf9280.c
│  │  ├── memory_layout
│  │  │  │ Kconfig
│  │  ├── metadata
│  │  │  ├── include
│  │  │  │  │ suit_metadata.h
│  │  ├── platform
│  │  │  ├── Kconfig
│  │  │  ├── sdfw
│  │  │  │  ├── src
│  │  │  │  │  │ suit_plat_check_image_match_sdfw_specific.c
│  │  ├── storage
│  │  │  ├── Kconfig
│  │  │  ├── src
│  │  │  │  │ suit_storage_nrf9280.c
│  │  ├── stream
│  │  │  │ Kconfig
│  │  ├── validator
│  │  │  ├── Kconfig
│  │  │  ├── src
│  │  │  │  │ suit_validator_nrf9280.c
sysbuild
│  ├── Kconfig.suit_provisioning
│  ├── suit_provisioning
│  │  ├── Kconfig.nrf9280
│  │  │ nrf9280.cmake

Outputs:

Toolchain

Version: 342151af73
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:342151af73_912848a074

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

◻️ Toolchain - Skipped: existing toolchain is used
✅ Build twister
❌ Integration tests
- ✅ test-sdk-audio
- ✅ desktop52_verification
- ✅ test-fw-nrfconnect-boot
- ✅ test-fw-nrfconnect-apps
- ✅ test_ble_nrf_config
- ✅ test-fw-nrfconnect-ble_mesh
- ✅ test-fw-nrfconnect-ble_samples
- ✅ test-fw-nrfconnect-chip
- ✅ test-fw-nrfconnect-nfc
- ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem
- ❌ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
- ✅ test-fw-nrfconnect-nrf-iot_samples
- ✅ test-fw-nrfconnect-nrf-iot_lwm2m
- ✅ doc-internal
- ✅ test-fw-nrfconnect-nrf-iot_thingy91
- ✅ test-fw-nrfconnect-nrf_crypto
- ✅ test-fw-nrfconnect-rpc
- ✅ test-fw-nrfconnect-rs
- ✅ test-fw-nrfconnect-fem
- ✅ test-fw-nrfconnect-tfm
- ✅ test-fw-nrfconnect-thread
- ✅ test-fw-nrfconnect-zigbee
- ✅ test-sdk-find-my
- ✅ test-fw-nrfconnect-nrf-iot_mosh
- ✅ test-fw-nrfconnect-nrf-iot_positioning
- ✅ test-sdk-sidewalk
- ✅ test-sdk-wifi
- ✅ test-low-level
- ✅ test-sdk-pmic-samples
- ✅ test-sdk-mcuboot
- ✅ test-sdk-dfu
- ✅ test-fw-nrfconnect-ps
- ✅ test-secdom-samples-public
- ⚠️ test-fw-nrfconnect-nrf-iot_cloud
- ⚠️ test-sdk-dfu

Note: This message is automatically posted and updated by the CI

nordicjm

2 comments are optional, rest are required

subsys/suit/mci/Kconfig

subsys/suit/memory_layout/Kconfig

subsys/suit/provisioning/CMakeLists.txt

subsys/suit/provisioning/Kconfig

subsys/suit/provisioning/soc/Kconfig.nrf9280

NordicBuilder · 2024-11-04T10:47:44Z

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publishing GitHub Action.

NordicBuilder · 2024-11-04T11:02:34Z

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

subsys/suit/provisioning/soc/Kconfig.nrf9280

subsys/suit/stream/Kconfig

subsys/suit/storage/src/suit_storage_nrf9280.c

subsys/suit/mci/src/suit_mci_nrf9280.c

NordicBuilder · 2024-11-27T11:31:03Z

You can find the documentation preview for this PR at this link. It will be updated about 10 minutes after the documentation build succeeds.

Note: This comment is automatically posted by the Documentation Publish GitHub Action.

NordicBuilder · 2024-12-10T11:14:53Z

Memory footprint analysis revealed the following potential issues

sample.matter.template.debug[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 912198[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf7002dk/nrf5340/cpuapp]: High ROM usage: 821138[B] - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)

Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-18496/45)

subsys/suit/provisioning/CMakeLists.txt

subsys/suit/mci/src/suit_mci_nrf9280.c

config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2

west.yml

subsys/suit/mci/Kconfig

nordicjm · 2025-01-24T07:07:19Z

subsys/suit/storage/Kconfig

 	default SUIT_STORAGE_LAYOUT_TEST if !SOC_SERIES_NRF54HX

 config SUIT_STORAGE_LAYOUT_NRF54H20
 	bool "nRF54H20"
 	select PSA_WANT_ALG_SHA_256 if SUIT_CRYPTO

+config SUIT_STORAGE_LAYOUT_NRF9280


same thing here as the other PR @tomchy

Tried to fix this like @tomchy had done with MCI.

FYI: #20064

Rebased this PR on top @nordicjm changes as #20064 was already merged to main.

so this symbol now needs to vanish as the CMake code will handle this when SUIT_STORAGE_LAYOUT_SOC is selected

nordicjm · 2025-01-24T07:07:47Z

subsys/suit/validator/Kconfig

@@ -18,6 +18,11 @@ config SUIT_VALIDATOR_IMPL_NRF54H20_SDFW
 	depends on SOC_SERIES_NRF54HX
 	depends on SUIT_PLATFORM_VARIANT_SDFW

+config SUIT_VALIDATOR_IMPL_NRF9280_SDFW
+	bool "nRF9280: Secure domain"
+	depends on SOC_SERIES_NRF92X


Tried to fix this like @tomchy had done with MCI.

Rebased this PR on top @nordicjm changes as #20064 was already merged to main.

ahasztag

I do not see any blockers to merge this

config/suit/templates/nrf9280/default/v1/app_envelope.yaml.jinja2

ahasztag · 2025-01-24T07:53:18Z

subsys/suit/mci/src/suit_mci_nrf9280.c

+	return false;
+}
+
+mci_err_t suit_mci_signing_key_id_validate(const suit_manifest_class_id_t *class_id,


There is an upcoming change to this function (it will be renamed + little change in functionality in here): https://github.com/nrfconnect/sdk-nrf/pull/20050/files#diff-5f831b3a82f1e14d189946f985f443439e1f68e17d67551dc146b0f47735fe18R161 - depending on which PR will come first we will have to align this in one PR or the other

Add SUIT support for nRF9280 EngB product. Signed-off-by: Tuomas Parttimaa <[email protected]>

nordicjm · 2025-01-29T07:39:35Z

subsys/nrf_security/Kconfig

+	default y if SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_ENGB_CPUSEC) && SUIT
 	default y if SOC_SERIES_NRF54LX && PSA_CRYPTO_DRIVER_CRACEN
 	default y if SOC_SERIES_NRF54HX && SOC_NRF54H20_CPUSEC


this really shouldn't be here, this should move to the out of tree soc in the Kconfig.defconfig file as something like:

config MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS default y if NRF_SECURITY && SOC_NRF9280_CPUSEC

nordicjm · 2025-01-29T07:40:09Z

subsys/nrf_security/Kconfig

+# This is for internal use only.
+config SOC_NRF9280_CPUSEC
+	bool
+
+config SOC_NRF9230_ENGB_CPUSEC
+	bool


then these symbols that wrongly duplicate existing symbols and hide bugs can vanish

nordicjm · 2025-01-29T07:44:02Z

subsys/nrf_security/src/drivers/cracen/Kconfig

+	depends on (SOC_SERIES_NRF54LX && !SOC_NRF54L20) || SOC_SERIES_NRF54HX || \
+		(SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_ENGB_CPUSEC))


this should also be reworked to have a new symbol:

config SUPPORTS_CRACEN bool default y if (SOC_SERIES_NRF54LX && !SOC_NRF54L20) || SOC_SERIES_NRF54HX

this would be the whole definition here, this symbol would then become:

config CRACEN_LOAD_MICROCODE bool "Load CRACEN microcode" depends on SUPPORTS_CRACEN default y

then in your out of tree soc for cpusec inside the Kconfig.defconfig file:

config SUPPORTS_CRACEN default y if (SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC || SOC_NRF9230_ENGB_CPUSEC))

then you have everything properly isolated with no dummy symbols here, and no leakage of information

nordicjm · 2025-01-29T07:45:20Z

subsys/suit/storage/Kconfig

 	default SUIT_STORAGE_LAYOUT_TEST if !SOC_SERIES_NRF54HX

 config SUIT_STORAGE_LAYOUT_NRF54H20
 	bool "nRF54H20"
 	select PSA_WANT_ALG_SHA_256 if SUIT_CRYPTO

+config SUIT_STORAGE_LAYOUT_NRF9280


so this symbol now needs to vanish as the CMake code will handle this when SUIT_STORAGE_LAYOUT_SOC is selected

nordicjm · 2025-01-29T07:46:35Z

sysbuild/suit_provisioning/Kconfig.nrf9280

+config SUIT_MPI_SOC_NRF9280
+	bool
+	default y if SOC_SERIES_NRF92X
+
+if SUIT_MPI_SOC_NRF9280


Suggested change

config SUIT_MPI_SOC_NRF9280

bool

default y if SOC_SERIES_NRF92X

if SUIT_MPI_SOC_NRF9280

if SOC_SERIES_NRF92X

mparpala added the DNM label Nov 4, 2024

mparpala requested review from a team as code owners November 4, 2024 10:30

github-actions bot added the changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. label Nov 4, 2024

nordicjm requested changes Nov 4, 2024

View reviewed changes

mparpala requested a review from a team as a code owner November 4, 2024 11:02

github-actions bot added the manifest label Nov 4, 2024

NordicBuilder added the manifest-suit-generator label Nov 4, 2024

tomchy requested changes Nov 5, 2024

View reviewed changes

anttik-nordic requested a review from a team as a code owner November 18, 2024 14:12

parttimaa force-pushed the nrf9280_suit branch 2 times, most recently from ce5733a to 5625d67 Compare November 27, 2024 11:05

tomchy reviewed Dec 12, 2024

View reviewed changes

subsys/suit/provisioning/CMakeLists.txt Outdated Show resolved Hide resolved

tomchy reviewed Dec 12, 2024

View reviewed changes

subsys/suit/mci/src/suit_mci_nrf9280.c Outdated Show resolved Hide resolved

subsys/suit/mci/src/suit_mci_nrf9280.c Show resolved Hide resolved

ahasztag requested changes Dec 13, 2024

View reviewed changes

subsys/suit/mci/src/suit_mci_nrf9280.c Show resolved Hide resolved

parttimaa force-pushed the nrf9280_suit branch 3 times, most recently from 57e182a to 13bb933 Compare December 16, 2024 12:58

NordicBuilder removed the DNM label Dec 20, 2024

tomchy reviewed Jan 2, 2025

View reviewed changes

config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2 Outdated Show resolved Hide resolved

parttimaa force-pushed the nrf9280_suit branch from f3dd4ad to 1643daf Compare January 2, 2025 11:31

tomchy approved these changes Jan 3, 2025

View reviewed changes

This comment was marked as resolved.

Sign in to view

ahasztag requested changes Jan 3, 2025

View reviewed changes

west.yml Outdated Show resolved Hide resolved

github-actions bot removed the manifest label Jan 3, 2025

NordicBuilder removed the manifest-suit-generator label Jan 3, 2025

parttimaa force-pushed the nrf9280_suit branch from fc4dd63 to 7f276c1 Compare January 3, 2025 10:08

github-actions bot added the manifest label Jan 3, 2025

NordicBuilder added the manifest-suit-generator label Jan 3, 2025

parttimaa force-pushed the nrf9280_suit branch from 7f276c1 to 63692db Compare January 9, 2025 07:41

github-actions bot removed the manifest label Jan 9, 2025

NordicBuilder removed the manifest-suit-generator label Jan 9, 2025

parttimaa force-pushed the nrf9280_suit branch from 63692db to 3658d2e Compare January 13, 2025 09:50

github-actions bot added the manifest label Jan 13, 2025

NordicBuilder added the manifest-zephyr label Jan 13, 2025

parttimaa force-pushed the nrf9280_suit branch 2 times, most recently from 16405ab to 6cef595 Compare January 16, 2025 11:26

github-actions bot removed the manifest label Jan 16, 2025

NordicBuilder removed the manifest-zephyr label Jan 16, 2025

mparpala requested review from nordicjm and ahasztag January 23, 2025 06:27

nordicjm reviewed Jan 24, 2025

View reviewed changes

ahasztag approved these changes Jan 24, 2025

View reviewed changes

parttimaa force-pushed the nrf9280_suit branch from 6cef595 to 8defc10 Compare January 27, 2025 06:46

suit: nRF9280 SUIT support

0d32316

Add SUIT support for nRF9280 EngB product. Signed-off-by: Tuomas Parttimaa <[email protected]>

parttimaa force-pushed the nrf9280_suit branch from e00722d to 0d32316 Compare January 29, 2025 06:24

nordicjm reviewed Jan 29, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

suit: nRF9280 SUIT support #18496

suit: nRF9280 SUIT support #18496

mparpala commented Nov 4, 2024 •

edited by parttimaa

Loading

CLAassistant commented Nov 4, 2024 •

edited

Loading

NordicBuilder commented Nov 4, 2024 •

edited

Loading

nordicjm left a comment

NordicBuilder commented Nov 4, 2024

NordicBuilder commented Nov 4, 2024 •

edited

Loading

NordicBuilder commented Nov 27, 2024

NordicBuilder commented Dec 10, 2024 •

edited

Loading

This comment was marked as resolved.

nordicjm Jan 24, 2025

parttimaa Jan 27, 2025

tomchy Jan 27, 2025

parttimaa Jan 29, 2025

nordicjm Jan 29, 2025

nordicjm Jan 24, 2025

parttimaa Jan 27, 2025

parttimaa Jan 29, 2025

ahasztag left a comment

ahasztag Jan 24, 2025

nordicjm Jan 29, 2025

nordicjm Jan 29, 2025

nordicjm Jan 29, 2025 •

edited

Loading

nordicjm Jan 29, 2025

nordicjm Jan 29, 2025

		depends on (SOC_SERIES_NRF54LX && !SOC_NRF54L20) \|\| SOC_SERIES_NRF54HX \|\| \
		(SOC_SERIES_NRF92X && (SOC_NRF9280_CPUSEC \|\| SOC_NRF9230_ENGB_CPUSEC))

suit: nRF9280 SUIT support #18496

Are you sure you want to change the base?

suit: nRF9280 SUIT support #18496

Conversation

mparpala commented Nov 4, 2024 • edited by parttimaa Loading

CLAassistant commented Nov 4, 2024 • edited Loading

NordicBuilder commented Nov 4, 2024 • edited Loading

CI Information

Inputs:

Sources:

Github labels

Outputs:

Toolchain

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

nordicjm left a comment

Choose a reason for hiding this comment

NordicBuilder commented Nov 4, 2024

NordicBuilder commented Nov 4, 2024 • edited Loading

NordicBuilder commented Nov 27, 2024

NordicBuilder commented Dec 10, 2024 • edited Loading

Memory footprint analysis revealed the following potential issues

This comment was marked as resolved.

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

ahasztag left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

nordicjm Jan 29, 2025 • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

mparpala commented Nov 4, 2024 •

edited by parttimaa

Loading

CLAassistant commented Nov 4, 2024 •

edited

Loading

NordicBuilder commented Nov 4, 2024 •

edited

Loading

NordicBuilder commented Nov 4, 2024 •

edited

Loading

NordicBuilder commented Dec 10, 2024 •

edited

Loading

nordicjm Jan 29, 2025 •

edited

Loading