nrfconnect · Vge0rge · Jul 7, 2025 · Aug 12, 2025 · Aug 12, 2025 · Aug 12, 2025
@@ -52,13 +52,6 @@ function(softdevice_tasks output_hex output_bin)
 #    set(imgtool_args --security-counter ${CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE})
 #  endif()
 
-  # Set proper hash calculation algorithm for signing
-  if(CONFIG_BOOT_SIGNATURE_TYPE_PURE)
-    set(imgtool_args --pure ${imgtool_args})
-  elseif(CONFIG_BOOT_IMG_HASH_ALG_SHA512)
-    set(imgtool_args --sha 512 ${imgtool_args})
-  endif()
-
   if(NOT "${keyfile}" STREQUAL "")
     set(imgtool_args -k "${keyfile}" ${imgtool_args})
   endif()

@@ -68,13 +68,6 @@ function(bm_install_tasks output_hex output_bin)
 #    set(imgtool_args --security-counter ${CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE})
 #  endif()
 
-  # Set proper hash calculation algorithm for signing
-  if(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE)
-    set(imgtool_args --pure ${imgtool_args})
-  elseif(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_SHA512)
-    set(imgtool_args --sha 512 ${imgtool_args})
-  endif()
-
   if(NOT "${keyfile}" STREQUAL "")
     set(imgtool_args -k "${keyfile}" ${imgtool_args})
   endif()

@@ -0,0 +1,5 @@
+SB_CONFIG_BM_BOOTLOADER_MCUBOOT=y
+SB_CONFIG_BM_FIRMWARE_LOADER_BT_MCUMGR=y
+SB_CONFIG_SOFTDEVICE_S115=y
+SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519=y
+SB_CONFIG_MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE=y
@@ -1,3 +1,12 @@
 CONFIG_RETAINED_MEM=y
 CONFIG_RETENTION=y
 CONFIG_RETENTION_BOOT_MODE=y
+CONFIG_BOOT_FIRMWARE_LOADER_BOOT_MODE=y
+CONFIG_NRF_SECURITY=y
+CONFIG_MBEDTLS_PSA_CRYPTO_C=y
+CONFIG_PSA_CORE_LITE=y
+CONFIG_PSA_CORE_LITE_NSIB_ED25519_OPTIMIZATIONS=y
+CONFIG_CRACEN_IKG=n
+CONFIG_BOOT_SIGNATURE_USING_KMU=y
+CONFIG_LTO=y
+CONFIG_ISR_TABLES_LOCAL_DECLARATION=y
@@ -23,53 +23,6 @@ function(bm_install_setup)
 
       add_overlay_dts(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} ${CMAKE_CURRENT_SOURCE_DIR}/image_configurations/FIRMWARE_LOADER_image_default.overlay)
 
-      # Enable LTO on MCUboot image
-      add_overlay_config(mcuboot ${CMAKE_CURRENT_SOURCE_DIR}/image_configurations/lto.conf)
-
-      # Set up hash algorithm for MCUboot and images
-      if(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_SHA256)
-        set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_TYPE_PURE n)
-        set_config_bool(mcuboot CONFIG_BOOT_IMG_HASH_ALG_SHA512 n)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n)
-      elseif(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_SHA512)
-        set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_TYPE_PURE n)
-        set_config_bool(mcuboot CONFIG_BOOT_IMG_HASH_ALG_SHA512 y)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE n)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y)
-      elseif(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE)
-        set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_TYPE_PURE y)
-        set_config_bool(mcuboot CONFIG_BOOT_IMG_HASH_ALG_SHA512 n)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE y)
-        set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE y)
-        set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n)
-      endif()
-
-      if(SB_CONFIG_SOC_SERIES_NRF54LX)
-        if(SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE)
-          set_config_bool(mcuboot CONFIG_NRF_SECURITY y)
-        elseif(SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519)
-          set_config_bool(mcuboot CONFIG_NRF_SECURITY y)
-
-          # We are sure that ED25519 signature on MCUboot does not need these
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_AEAD_DRIVER n)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_PAKE_DRIVER n)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_CIPHER_DRIVER n)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_MAC_DRIVER n)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_AGREEMENT_DRIVER n)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_DERIVATION_DRIVER n)
-          set_config_bool(mcuboot CONFIG_BOOT_HMAC_SHA512 n)
-          set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_USING_KMU n)
-          set_config_bool(mcuboot CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN y)
-          set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_HASH_DRIVER y)
-        endif()
-      endif()
-
       ExternalZephyrProject_Add(
         APPLICATION installer
         SOURCE_DIR ${ZEPHYR_NRF_BM_MODULE_DIR}/applications/installer

@@ -25,7 +25,6 @@ menu "MCUboot configuration"
 
 choice BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE
 	prompt "Signature type"
-	default BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519 if SOC_SERIES_NRF54LX
 	default BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_RSA
 
 config BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_NONE
@@ -67,24 +66,6 @@ config BM_BOOTLOADER_MCUBOOT_FIRMWARE_LOADER_ENTRANCE_BOOT_MODE
 
 endmenu
 
-choice BM_BOOTLOADER_MCUBOOT_IMG_HASH_ALG
-	prompt "Hashing algorithm"
-	default BM_BOOT_IMG_HASH_ALG_SHA512 if BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519 && SOC_SERIES_NRF54LX
-	default BM_BOOT_IMG_HASH_ALG_SHA256
-
-config BM_BOOT_IMG_HASH_ALG_SHA256
-	bool "SHA256"
-
-config BM_BOOT_IMG_HASH_ALG_SHA512
-	bool "SHA512"
-	depends on SOC_SERIES_NRF54LX
-
-config BM_BOOT_IMG_HASH_ALG_PURE
-	bool "Pure (hash of data directly without hash)"
-	depends on BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519 && SOC_SERIES_NRF54LX
-
-endchoice
-
 endmenu
 
 endif # BM_BOOTLOADER_MCUBOOT

@@ -14,7 +14,7 @@ manifest:
   projects:
     - name: nrf
       repo-path: sdk-nrf
-      revision: e9101127fc24a4bd5bf1b3067c78093182038d02
+      revision: pull/23870/head
       import:
         name-allowlist:
           - cmsis_6