From 4d470f23d283cd92fadde353a302f6feffe7a028 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 24 Sep 2025 07:39:48 +0100 Subject: [PATCH 1/8] scripts: requirements: Add python-dotenv to required python pacakges This is now needed by sdk-zephyr Signed-off-by: Jamie McCrae --- scripts/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/requirements.txt b/scripts/requirements.txt index 338ce4367b..06d399fc33 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -2,3 +2,4 @@ setuptools wheel west gitlint +python-dotenv From ffa7618dc4334024ae287405f5440e94e973af9a Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 24 Sep 2025 07:34:58 +0100 Subject: [PATCH 2/8] manifest: Update sdk-nrf Includes an sdk-mcuboot update to fix the slot IDs for KMU usage Signed-off-by: Jamie McCrae --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index 14a19d95c9..4a7a14a44c 100644 --- a/west.yml +++ b/west.yml @@ -14,7 +14,7 @@ manifest: projects: - name: nrf repo-path: sdk-nrf - revision: b1f505fd71ac276f0640e833e9b8c0400d0e974f + revision: f0af8f2008d39bcb46516554d00611ac7fd87d5d import: name-allowlist: - cmsis_6 From 93aee28af3a1c92fe6f0dbe1871ba4b72134a4d8 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Fri, 12 Sep 2025 08:51:00 +0100 Subject: [PATCH 3/8] sysbuild: Add KMU provisioning and allow KMU usage Allows usage of KMU in MCUboot for the signature verification and copies the KMU provisioning script from NCS with changes for BM Signed-off-by: Jamie McCrae --- cmake/sysbuild/generate_default_keyfile.cmake | 37 +++++++++++++++++++ sysbuild/CMakeLists.txt | 26 ++++++++++--- sysbuild/Kconfig.bm | 13 +++++++ 3 files changed, 71 insertions(+), 5 deletions(-) create mode 100644 cmake/sysbuild/generate_default_keyfile.cmake diff --git a/cmake/sysbuild/generate_default_keyfile.cmake b/cmake/sysbuild/generate_default_keyfile.cmake new file mode 100644 index 0000000000..291ab5038f --- /dev/null +++ b/cmake/sysbuild/generate_default_keyfile.cmake @@ -0,0 +1,37 @@ +# Copyright (c) 2025 Nordic Semiconductor ASA +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause + +# This script defines a CMake target 'generate_kmu_keyfile_json' to create keyfile.json +# using 'west ncs-provision upload --dry-run'. + +# --- Construct the list of commands and dependencies --- +set(kmu_json_commands "") +set(kmu_json_dependencies "") + +# Update keyfile for BL_PUBKEY +string(CONFIGURE "${SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_KEY_FILE}" mcuboot_signature_key_file) +list(APPEND kmu_json_commands + COMMAND ${Python3_EXECUTABLE} -m west ncs-provision upload + --keyname BL_PUBKEY + --key ${mcuboot_signature_key_file} + --build-dir ${CMAKE_BINARY_DIR} + --dry-run +) +list(APPEND kmu_json_dependencies ${mcuboot_signature_key_file}) + +# --- Add custom command to generate/update keyfile.json --- +if(NOT kmu_json_commands STREQUAL "") + add_custom_command( + OUTPUT ${CMAKE_BINARY_DIR}/keyfile.json + ${kmu_json_commands} # Expands to one or more COMMAND clauses + DEPENDS ${kmu_json_dependencies} + COMMENT "Generating/Updating KMU keyfile JSON (${CMAKE_BINARY_DIR}/keyfile.json)" + VERBATIM + ) + + # --- Add custom target to trigger the generation --- + add_custom_target( + generate_kmu_keyfile_json ALL + DEPENDS ${CMAKE_BINARY_DIR}/keyfile.json + ) +endif() diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt index 1b42019a97..4b32cf05ab 100644 --- a/sysbuild/CMakeLists.txt +++ b/sysbuild/CMakeLists.txt @@ -43,11 +43,13 @@ function(bm_install_setup) set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y) elseif(SB_CONFIG_BM_BOOT_IMG_HASH_ALG_PURE) set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_TYPE_PURE y) - set_config_bool(mcuboot CONFIG_BOOT_IMG_HASH_ALG_SHA512 n) + set_config_bool(mcuboot CONFIG_BOOT_IMG_HASH_ALG_SHA512 y) set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE y) - set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n) + set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y) + set_config_bool(${DEFAULT_IMAGE} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_ED25519 y) set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE y) - set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 n) + set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 y) + set_config_bool(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_ED25519 y) endif() if(SB_CONFIG_SOC_SERIES_NRF54LX) @@ -64,9 +66,19 @@ function(bm_install_setup) set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_AGREEMENT_DRIVER n) set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_KEY_DERIVATION_DRIVER n) set_config_bool(mcuboot CONFIG_BOOT_HMAC_SHA512 n) - set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_USING_KMU n) set_config_bool(mcuboot CONFIG_BOOT_KEY_IMPORT_BYPASS_ASN y) - set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_HASH_DRIVER y) + + if(SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU) + set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_USING_KMU y) + set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_HASH_DRIVER n) + set_config_bool(mcuboot CONFIG_MBEDTLS_ENABLE_HEAP n) + set_config_bool(mcuboot CONFIG_PSA_CORE_LITE y) + set_config_bool(mcuboot CONFIG_PSA_CORE_LITE_NSIB_ED25519_OPTIMIZATIONS y) + set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_TYPE_PURE y) + else() + set_config_bool(mcuboot CONFIG_BOOT_SIGNATURE_USING_KMU n) + set_config_bool(mcuboot CONFIG_PSA_USE_CRACEN_HASH_DRIVER y) + endif() endif() endif() @@ -271,6 +283,10 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_post_cmake) ALL DEPENDS ${CMAKE_BINARY_DIR}/production.hex ) + + if(SB_CONFIG_BM_BOOTLOADER_MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE) + include(${ZEPHYR_NRF_BM_MODULE_DIR}/cmake/sysbuild/generate_default_keyfile.cmake) + endif() endif() endfunction() diff --git a/sysbuild/Kconfig.bm b/sysbuild/Kconfig.bm index a357c95d6e..1cb2b63d51 100644 --- a/sysbuild/Kconfig.bm +++ b/sysbuild/Kconfig.bm @@ -51,6 +51,19 @@ config BM_BOOTLOADER_MCUBOOT_SIGNATURE_KEY_FILE help Absolute path to signing key file to use with MCUBoot. +config BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU + bool "Use KMU stored keys for signature verification" + depends on SOC_SERIES_NRF54LX && BM_BOOTLOADER_MCUBOOT_SIGNATURE_TYPE_ED25519 + help + The device needs to be provisioned with the proper set of keys. + +config BM_BOOTLOADER_MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE + bool "Generate default keyfile for provisioning during build" + depends on BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU + default y + help + If enabled, the build system will generate keyfile.json file in the build directory. + menu "Firmware loader entrance modes" depends on !BM_FIRMWARE_LOADER_NONE From 71e1c0bb48fe79bf61f0431b12ba43e11add6d6a Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Mon, 15 Sep 2025 11:12:32 +0100 Subject: [PATCH 4/8] samples: boot: mcuboot_recovery_retention: Add KMU build Adds a KMU build of this sample Signed-off-by: Jamie McCrae --- .../mcuboot_recovery_retention/sample.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/samples/boot/mcuboot_recovery_retention/sample.yaml b/samples/boot/mcuboot_recovery_retention/sample.yaml index 2e0b532311..4c2adebf5c 100644 --- a/samples/boot/mcuboot_recovery_retention/sample.yaml +++ b/samples/boot/mcuboot_recovery_retention/sample.yaml @@ -32,3 +32,21 @@ tests: tags: - sysbuild - uart + sample.boot.mcuboot_recovery_retention.uart.kmu: + sysbuild: true + build_only: true + integration_platforms: + - bm_nrf54l15dk/nrf54l05/cpuapp/s115_softdevice/mcuboot + - bm_nrf54l15dk/nrf54l10/cpuapp/s115_softdevice/mcuboot + - bm_nrf54l15dk/nrf54l15/cpuapp/s115_softdevice/mcuboot + platform_allow: + - bm_nrf54l15dk/nrf54l05/cpuapp/s115_softdevice/mcuboot + - bm_nrf54l15dk/nrf54l10/cpuapp/s115_softdevice/mcuboot + - bm_nrf54l15dk/nrf54l15/cpuapp/s115_softdevice/mcuboot + extra_args: + - SB_CONFIG_BM_FIRMWARE_LOADER_UART_MCUMGR=y + - SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU=y + tags: + - sysbuild + - uart + - kmu From b124956a307458dfa3f7bc66c39dabcfbe0a6e42 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Mon, 15 Sep 2025 11:25:08 +0100 Subject: [PATCH 5/8] doc: app_dev: dfu: bootloader_keys: Add section on KMU Adds a section on how to use the KMU Signed-off-by: Jamie McCrae --- doc/nrf-bm/app_dev/dfu/bootloader_keys.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst b/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst index 1a9075404b..3e39dbc095 100644 --- a/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst +++ b/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst @@ -38,3 +38,12 @@ Using a key in a project ------------------------ Once a key has been generated, it can be used in a project by setting the :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_KEY_FILE` sysbuild Kconfig option to the absolute path of the generated ``.pem`` key file. + +.. _ug_bootloader_kmu: + +KMU (Key Management Unit) +************************* + +The nRF54L series of SoCs contain a KMU - key management unit, this on-die peripheral can be used by CRACEN to securely store and use keys without allowing the contents to be read out. +In order to boot images when the KMU feature is enabled, the MCUboot singing key must be programmed to the KMU prior to loading the firmware or the device will be unable to boot. +This feature can be enabled with :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU`, another sysbuild Kconfig is used to determine if the public key file should be automatically programmed to boards when ``west flash`` is used with the ``--erase`` or ``--recover`` arguments, when :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE` is enabled (it is enabled by default) then this process is enabled and should be the first command used after building the project to set the board up for development. From f081eff70d7104a0579200e200141f29d7433c9e Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 24 Sep 2025 09:50:26 +0100 Subject: [PATCH 6/8] sysbuild: Add default (overridable) MCUboot Kconfigs without clock Disables some options including system clock support for MCUboot to reduce the size of the application as they are not needed Signed-off-by: Jamie McCrae --- sysbuild/CMakeLists.txt | 1 + .../image_configurations/BOOTLOADER_image_default.conf | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 sysbuild/image_configurations/BOOTLOADER_image_default.conf diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt index 4b32cf05ab..6d8a817eea 100644 --- a/sysbuild/CMakeLists.txt +++ b/sysbuild/CMakeLists.txt @@ -22,6 +22,7 @@ function(bm_install_setup) ) add_overlay_dts(${SB_CONFIG_BM_FIRMWARE_LOADER_IMAGE_NAME} ${CMAKE_CURRENT_SOURCE_DIR}/image_configurations/FIRMWARE_LOADER_image_default.overlay) + add_overlay_config(mcuboot ${CMAKE_CURRENT_SOURCE_DIR}/image_configurations/BOOTLOADER_image_default.conf) # Enable LTO on MCUboot image add_overlay_config(mcuboot ${CMAKE_CURRENT_SOURCE_DIR}/image_configurations/lto.conf) diff --git a/sysbuild/image_configurations/BOOTLOADER_image_default.conf b/sysbuild/image_configurations/BOOTLOADER_image_default.conf new file mode 100644 index 0000000000..0dabf7621d --- /dev/null +++ b/sysbuild/image_configurations/BOOTLOADER_image_default.conf @@ -0,0 +1,9 @@ +CONFIG_KERNEL_MEM_POOL=n +CONFIG_CURRENT_THREAD_USE_TLS=n +CONFIG_ERRNO=n +CONFIG_FP16=n +CONFIG_HW_STACK_PROTECTION=n +CONFIG_BUILTIN_STACK_GUARD=n +CONFIG_TIMEOUT_64BIT=n +CONFIG_SYS_CLOCK_EXISTS=n +CONFIG_NRF_GRTC_START_SYSCOUNTER=n From 8f07259156758327a4b39b18a1c818452cc0ead7 Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 24 Sep 2025 09:53:46 +0100 Subject: [PATCH 7/8] boards: nordic: bm_nrf54l15dk: Reduce MCUboot partition size Due to optimisations applied to MCUboot configuration, the size of the partition can be reduced to 31KiB which allows memory protection to be applied to the section using a single protection region, and even with logs enabled there is still spare space available in the slot Signed-off-by: Jamie McCrae --- ...5dk_nrf54l05_cpuapp_s115_softdevice_mcuboot.dts | 14 ++++++++------ ...5dk_nrf54l10_cpuapp_s115_softdevice_mcuboot.dts | 14 ++++++++------ ...5dk_nrf54l15_cpuapp_s115_softdevice_mcuboot.dts | 14 ++++++++------ 3 files changed, 24 insertions(+), 18 deletions(-) diff --git a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l05_cpuapp_s115_softdevice_mcuboot.dts b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l05_cpuapp_s115_softdevice_mcuboot.dts index 568e439909..c9e82257ee 100644 --- a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l05_cpuapp_s115_softdevice_mcuboot.dts +++ b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l05_cpuapp_s115_softdevice_mcuboot.dts @@ -48,14 +48,14 @@ boot_partition: partition@0 { label = "boot"; - reg = <0x00000000 DT_SIZE_K(36)>; + reg = <0x00000000 DT_SIZE_K(31)>; }; - storage_partition: partition@9000 { + storage_partition: partition@7c00 { compatible = "fixed-subpartitions"; label = "storage"; - reg = <0x00009000 DT_SIZE_K(8)>; - ranges = <0x0 0x9000 DT_SIZE_K(8)>; + reg = <0x00007c00 DT_SIZE_K(8)>; + ranges = <0x0 0x7c00 DT_SIZE_K(8)>; #address-cells = <1>; #size-cells = <1>; @@ -70,9 +70,11 @@ }; }; - slot0_partition: partition@b000 { + /* Area from 0x9c00 to 0xa000 is unused due to alignment */ + + slot0_partition: partition@a000 { label = "slot0"; - reg = <0x0000b000 DT_SIZE_K(282)>; + reg = <0x000a000 DT_SIZE_K(286)>; }; slot1_partition: partition@51800 { diff --git a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l10_cpuapp_s115_softdevice_mcuboot.dts b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l10_cpuapp_s115_softdevice_mcuboot.dts index 2937cde7bf..5f20bcbf96 100644 --- a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l10_cpuapp_s115_softdevice_mcuboot.dts +++ b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l10_cpuapp_s115_softdevice_mcuboot.dts @@ -48,14 +48,14 @@ boot_partition: partition@0 { label = "boot"; - reg = <0x00000000 DT_SIZE_K(36)>; + reg = <0x00000000 DT_SIZE_K(31)>; }; - storage_partition: partition@9000 { + storage_partition: partition@7c00 { compatible = "fixed-subpartitions"; label = "storage"; - reg = <0x00009000 DT_SIZE_K(8)>; - ranges = <0x0 0x9000 DT_SIZE_K(8)>; + reg = <0x00007c00 DT_SIZE_K(8)>; + ranges = <0x0 0x7c00 DT_SIZE_K(8)>; #address-cells = <1>; #size-cells = <1>; @@ -70,9 +70,11 @@ }; }; - slot0_partition: partition@b000 { + /* Area from 0x9c00 to 0xa000 is unused due to alignment */ + + slot0_partition: partition@a000 { label = "slot0"; - reg = <0x0000b000 DT_SIZE_K(794)>; + reg = <0x0000a000 DT_SIZE_K(798)>; }; slot1_partition: partition@d1800 { diff --git a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l15_cpuapp_s115_softdevice_mcuboot.dts b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l15_cpuapp_s115_softdevice_mcuboot.dts index f88860b364..3c206cc8bc 100644 --- a/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l15_cpuapp_s115_softdevice_mcuboot.dts +++ b/boards/nordic/bm_nrf54l15dk/bm_nrf54l15dk_nrf54l15_cpuapp_s115_softdevice_mcuboot.dts @@ -48,14 +48,14 @@ boot_partition: partition@0 { label = "boot"; - reg = <0x00000000 DT_SIZE_K(36)>; + reg = <0x00000000 DT_SIZE_K(31)>; }; - storage_partition: partition@9000 { + storage_partition: partition@7c00 { compatible = "fixed-subpartitions"; label = "storage"; - reg = <0x00009000 DT_SIZE_K(8)>; - ranges = <0x0 0x9000 DT_SIZE_K(8)>; + reg = <0x00007c00 DT_SIZE_K(8)>; + ranges = <0x0 0x7c00 DT_SIZE_K(8)>; #address-cells = <1>; #size-cells = <1>; @@ -70,9 +70,11 @@ }; }; - slot0_partition: partition@b000 { + /* Area from 0x9c00 to 0xa000 is unused due to alignment */ + + slot0_partition: partition@a000 { label = "slot0"; - reg = <0x0000b000 DT_SIZE_K(1306)>; + reg = <0x0000a000 DT_SIZE_K(1310)>; }; slot1_partition: partition@151800 { From 08945bae0229034fbb39e75a35d27ca8480d1cbb Mon Sep 17 00:00:00 2001 From: Jamie McCrae Date: Wed, 24 Sep 2025 10:04:37 +0100 Subject: [PATCH 8/8] doc: app_dev: dfu: Update minimum sizes for bootloader The minimum sizes for release builds are now smaller Signed-off-by: Jamie McCrae --- doc/nrf-bm/app_dev/dfu/bootloader_keys.rst | 2 +- doc/nrf-bm/app_dev/dfu/ug_dfu.rst | 29 +++++++++++----------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst b/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst index 3e39dbc095..fc13097689 100644 --- a/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst +++ b/doc/nrf-bm/app_dev/dfu/bootloader_keys.rst @@ -45,5 +45,5 @@ KMU (Key Management Unit) ************************* The nRF54L series of SoCs contain a KMU - key management unit, this on-die peripheral can be used by CRACEN to securely store and use keys without allowing the contents to be read out. -In order to boot images when the KMU feature is enabled, the MCUboot singing key must be programmed to the KMU prior to loading the firmware or the device will be unable to boot. +In order to boot images when the KMU feature is enabled, the MCUboot signing key must be programmed to the KMU prior to loading the firmware or the device will be unable to boot. This feature can be enabled with :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_SIGNATURE_USING_KMU`, another sysbuild Kconfig is used to determine if the public key file should be automatically programmed to boards when ``west flash`` is used with the ``--erase`` or ``--recover`` arguments, when :kconfig:option:`SB_CONFIG_BM_BOOTLOADER_MCUBOOT_GENERATE_DEFAULT_KMU_KEYFILE` is enabled (it is enabled by default) then this process is enabled and should be the first command used after building the project to set the board up for development. diff --git a/doc/nrf-bm/app_dev/dfu/ug_dfu.rst b/doc/nrf-bm/app_dev/dfu/ug_dfu.rst index a638186325..98a1b80ced 100644 --- a/doc/nrf-bm/app_dev/dfu/ug_dfu.rst +++ b/doc/nrf-bm/app_dev/dfu/ug_dfu.rst @@ -18,20 +18,21 @@ Partition Configuration The memory of your device must be partitioned appropriately to accommodate the bootloader, application, and firmware update mechanisms. |BMshort| uses Zephyr's `DTS`_ system for memory partitioning. -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ -| Partition Name | Description | Minimum size |br| | Minimum size |br| | -| | | (Development) | (Release) | -+==========================+===============================================================+====================+===================+ -| ``boot_partition`` | Bootloader (MCUboot) | 36 KB | 28 KB | -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ -| ``slot0_partition`` | Main application slot | | | -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ -| ``slot1_partition`` | `Firmware loader`_ | 44 KB | 28 KB | -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ -| ``softdevice_partition`` | For the SoftDevice, including an MCUboot header of size 0x800 | | -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ -| ``metadata_partition`` | Stores metadata, placed at the last 0x200 of NVM | | | -+--------------------------+---------------------------------------------------------------+--------------------+-------------------+ ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ +| Partition Name | Description | Minimum size |br| | Minimum size |br| | +| | | (Development) | (Release) | ++==========================+===============================================================+====================+======================+ +| ``boot_partition`` | Bootloader (MCUboot) | 31 KiB | 21 KiB (using KMU) | +| | | | 26 KiB (without KMU) | ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ +| ``slot0_partition`` | Main application slot | | | ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ +| ``slot1_partition`` | `Firmware loader`_ | 44 KiB | 28 KiB | ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ +| ``softdevice_partition`` | For the SoftDevice, including an MCUboot header of size 0x800 | | ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ +| ``metadata_partition`` | Stores metadata, placed at the last 0x200 of NVM | | | ++--------------------------+---------------------------------------------------------------+--------------------+----------------------+ .. note:: The sizes and configurations of slot0 and slot1 are asymmetrical.