cmake: Check image boundaries in merged slot

Add routine that checks if all merged images are configured within the
boundary of the merged partition.

Ref: NCSDK-35612

Signed-off-by: Tomasz Chyrowicz <[email protected]>

Author: tomchy

cmake/sysbuild/mcuboot_nrf54h20.cmake

@@ -9,6 +9,7 @@ if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY)
   set(MERGED_IMAGES_HEX "mcuboot_merged.hex")
   UpdateableImage_Get(images GROUP "DEFAULT")
 
+  check_image_boundaries("slot0_partition" "${images}")
   merge_images_nrf54h20(${MERGED_IMAGES_HEX} "${images}")
   # Since all bootloader-enabled images are merged, disable programming subimages.
   list(REMOVE_ITEM images "${DEFAULT_IMAGE}")
@@ -19,6 +20,7 @@ if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY)
   UpdateableImage_Get(variants GROUP "VARIANT")
 
   if(variants)
+    check_image_boundaries("slot1_partition" "${variants}")
     merge_images_nrf54h20(${MERGED_IMAGES_SECONDARY_HEX} "${variants}")
     list(REMOVE_ITEM variants "mcuboot_secondary_app")
     disable_programming_nrf54h20("${variants}")

cmake/sysbuild/sign_nrf54h20.cmake

@@ -4,6 +4,47 @@
 
 include(${ZEPHYR_NRF_MODULE_DIR}/cmake/sysbuild/bootloader_dts_utils.cmake)
 
+function(check_image_boundaries merged_partition images)
+  # Predefine the MCUboot header size.
+  set(MCUBOOT_HEADER_SIZE 0x800)
+
+  # Fetch merged slot details from the mcuboot image.
+  dt_chosen(flash_node TARGET mcuboot PROPERTY "zephyr,flash")
+  dt_nodelabel(slot_path TARGET mcuboot NODELABEL "${merged_partition}" REQUIRED)
+  dt_partition_addr(slot_addr PATH "${slot_path}" TARGET mcuboot REQUIRED)
+  dt_reg_size(slot_size TARGET mcuboot PATH ${slot_path})
+
+  # Calculate boundaries of the usable area.
+  sysbuild_get(mcuboot_image_footer_size IMAGE mcuboot CACHE)
+  math(EXPR slot_max_addr "${slot_addr} + ${slot_size} - ${mcuboot_image_footer_size}" OUTPUT_FORMAT HEXADECIMAL)
+  math(EXPR slot_min_addr "${slot_addr} + ${MCUBOOT_HEADER_SIZE}" OUTPUT_FORMAT HEXADECIMAL)
+
+  # Iterate over images and check that they fit in the merged slots.
+  foreach(image ${images})
+    set(start_offset)
+    set(end_offset)
+    sysbuild_get(start_offset IMAGE ${image} VAR CONFIG_ROM_START_OFFSET
+      KCONFIG)
+    sysbuild_get(end_offset IMAGE ${image} VAR CONFIG_ROM_END_OFFSET
+      KCONFIG)
+    dt_chosen(code_flash TARGET ${image} PROPERTY "zephyr,code-partition")
+    dt_partition_addr(code_addr PATH "${code_flash}" TARGET ${image} REQUIRED)
+    dt_reg_size(code_size TARGET ${image} PATH ${code_flash})
+
+    math(EXPR code_end_addr "${code_addr} + ${code_size} - ${end_offset}" OUTPUT_FORMAT HEXADECIMAL)
+    math(EXPR code_start_addr "${code_addr} + ${start_offset}" OUTPUT_FORMAT HEXADECIMAL)
+
+    if((${code_end_addr} GREATER ${slot_max_addr}) OR
+       (${code_start_addr} LESS ${slot_min_addr}))
+      message(FATAL_ERROR "Variant image ${image} "
+                          "(${code_start_addr}, ${code_end_addr}) "
+                          "does not fit in the merged ${merged_partition} "
+                          "(${slot_min_addr}, ${slot_max_addr})")
+      return()
+    endif()
+  endforeach()
+endfunction()
+
 function(merge_images_nrf54h20 output_artifact images)
   find_program(MERGEHEX mergehex.py HINTS ${ZEPHYR_BASE}/scripts/build/ NAMES
     mergehex NAMES_PER_DIR)

samples/dfu/ab/boards/nrf54h20dk_nrf54h20_cpuapp.conf

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

samples/dfu/ab/sysbuild/ipc_radio.conf

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

samples/zephyr/smp_svr_mini_boot/boards/nrf54h20dk_nrf54h20_cpuapp.conf

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

samples/zephyr/smp_svr_mini_boot/sysbuild/ipc_radio.conf

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

samples/zephyr/subsys/mgmt/mcumgr/smp_svr/boards/nrf54h20dk_nrf54h20_cpuapp.conf

@@ -0,0 +1,8 @@
+#
+# Copyright (c) 2025 Nordic Semiconductor ASA
+#
+# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
+#
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

samples/zephyr/subsys/mgmt/mcumgr/smp_svr/sysbuild/ipc_radio.conf

@@ -2,3 +2,6 @@ CONFIG_MCUBOOT_IMGTOOL_UUID_VID=y
 CONFIG_MCUBOOT_IMGTOOL_UUID_VID_NAME="nordicsemi.com"
 CONFIG_MCUBOOT_IMGTOOL_UUID_CID=y
 CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME="nRF54H20_sample_rad"
+
+# Add a room for the MCUboot trailer
+CONFIG_ROM_END_OFFSET=224

subsys/bootloader/Kconfig

@@ -170,4 +170,9 @@ config MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE
 	help
 	  This is a Kconfig which is informative only, the value should not be changed.
 
+config NCS_MCUBOOT_BOOTLOADER_SIGN_MERGED_BINARY
+	bool "Sign merged binary instead of individual images"
+	help
+	  This is a Kconfig which is informative only, the value should not be changed.
+
 endmenu

sysbuild/CMakeLists.txt

@@ -693,6 +693,8 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake)
   if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY AND SB_CONFIG_SOC_NRF54H20)
     UpdateableImage_Get(images ALL)
     foreach(image ${images})
+      set_config_bool(${image} CONFIG_NCS_MCUBOOT_BOOTLOADER_SIGN_MERGED_BINARY
+        true)
       set(${image}_SIGNING_SCRIPT
         "${ZEPHYR_NRF_MODULE_DIR}/cmake/sysbuild/image_signing_nrf54h20.cmake"
          CACHE INTERNAL "MCUboot signing script" FORCE)