Skip to content

[nrf noup] boot: zephyr: Disable self RWX #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[nrf noup] boot: zephyr: Disable self RWX #491

wants to merge 1 commit into from

Conversation

michalek-no
Copy link
Contributor

Disables read write and execute on mcuboots NVM
at the end of execution.

@michalek-no michalek-no added the DNM label Aug 6, 2025
@NordicBuilder NordicBuilder mentioned this pull request Aug 11, 2025
Open
@michalek-no michalek-no force-pushed the mb-self-lock branch 3 times, most recently from 918b809 to 64f45fd Compare August 13, 2025 06:47
@michalek-no michalek-no removed the DNM label Aug 13, 2025
@michalek-no
[nrf noup] boot: zephyr: Disable self RWX
a25c7c4 
Disables read write and execute on mcuboots NVM
at the end of execution.

Signed-off-by: Mateusz Michalek <[email protected]>
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

de-nordic
de-nordic reviewed Aug 13, 2025
View reviewed changes
boot/zephyr/Kconfig
@@ -472,6 +472,13 @@ config MCUBOOT_CLEANUP_RAM
help
Sets contents of memory to 0 before jumping to application.

config MCUBOOT_DISABLE_SELF_RWX
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
config MCUBOOT_DISABLE_SELF_RWX
config NCS_MCUBOOT_DISABLE_SELF_RWX

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are trying to not conflict noups with anything that may come from upstream.

boot/zephyr/main.c
@@ -163,6 +182,84 @@ struct arm_vector_table {
uint32_t reset;
};

static void __ramfunc jump_in(uint32_t reset)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we have better name for this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, however this is the hardest part. Any suggestions?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you seen names I have invented?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@de-nordic de-nordic de-nordic left review comments

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

@fundakol fundakol Awaiting requested review from fundakol

@gchwier gchwier Awaiting requested review from gchwier

@nordicjm nordicjm Awaiting requested review from nordicjm nordicjm is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@michalek-no @de-nordic