cmake: Check image boundaries in merged slot

tomchy · tomchy · commit 859c70b50563 · 2025-09-30T15:14:46.000+02:00
Add routine that checks if all merged images are configured within the
boundary of the merged partition.

Ref: NCSDK-35612

Signed-off-by: Tomasz Chyrowicz &lt;tomasz.chyrowicz@nordicsemi.no&gt;
diff --git a/cmake/sysbuild/mcuboot_nrf54h20.cmake b/cmake/sysbuild/mcuboot_nrf54h20.cmake
@@ -9,6 +9,7 @@ if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY)
   set(MERGED_IMAGES_HEX "mcuboot_merged.hex")
   UpdateableImage_Get(images GROUP "DEFAULT")
 
+  check_image_boundaries("slot0_partition" "${images}")
   merge_images_nrf54h20(${MERGED_IMAGES_HEX} "${images}")
   # Since all bootloader-enabled images are merged, disable programming subimages.
   list(REMOVE_ITEM images "${DEFAULT_IMAGE}")
@@ -19,6 +20,7 @@ if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY)
   UpdateableImage_Get(variants GROUP "VARIANT")
 
   if(variants)
+    check_image_boundaries("slot1_partition" "${variants}")
     merge_images_nrf54h20(${MERGED_IMAGES_SECONDARY_HEX} "${variants}")
     list(REMOVE_ITEM variants "mcuboot_secondary_app")
     disable_programming_nrf54h20("${variants}")
diff --git a/cmake/sysbuild/sign_nrf54h20.cmake b/cmake/sysbuild/sign_nrf54h20.cmake
@@ -4,6 +4,47 @@
 
 include(${ZEPHYR_NRF_MODULE_DIR}/cmake/sysbuild/bootloader_dts_utils.cmake)
 
+function(check_image_boundaries merged_partition images)
+  # Predefine the MCUboot header size.
+  set(MCUBOOT_HEADER_SIZE 0x800)
+
+  # Fetch merged slot details from the mcuboot image.
+  dt_chosen(flash_node TARGET mcuboot PROPERTY "zephyr,flash")
+  dt_nodelabel(slot_path TARGET mcuboot NODELABEL "${merged_partition}" REQUIRED)
+  dt_partition_addr(slot_addr PATH "${slot_path}" TARGET mcuboot REQUIRED)
+  dt_reg_size(slot_size TARGET mcuboot PATH ${slot_path})
+
+  # Calculate boundaries of the usable area.
+  sysbuild_get(mcuboot_image_footer_size IMAGE mcuboot CACHE)
+  math(EXPR slot_max_addr "${slot_addr} + ${slot_size} - ${mcuboot_image_footer_size}" OUTPUT_FORMAT HEXADECIMAL)
+  math(EXPR slot_min_addr "${slot_addr} + ${MCUBOOT_HEADER_SIZE}" OUTPUT_FORMAT HEXADECIMAL)
+
+  # Iterate over images and check that they fit in the merged slots.
+  foreach(image ${images})
+    set(start_offset)
+    set(end_offset)
+    sysbuild_get(start_offset IMAGE ${image} VAR CONFIG_ROM_START_OFFSET
+      KCONFIG)
+    sysbuild_get(end_offset IMAGE ${image} VAR CONFIG_ROM_END_OFFSET
+      KCONFIG)
+    dt_chosen(code_flash TARGET ${image} PROPERTY "zephyr,code-partition")
+    dt_partition_addr(code_addr PATH "${code_flash}" TARGET ${image} REQUIRED)
+    dt_reg_size(code_size TARGET ${image} PATH ${code_flash})
+
+    math(EXPR code_end_addr "${code_addr} + ${code_size} - ${end_offset}" OUTPUT_FORMAT HEXADECIMAL)
+    math(EXPR code_start_addr "${code_addr} + ${start_offset}" OUTPUT_FORMAT HEXADECIMAL)
+
+    if((${code_end_addr} GREATER ${slot_max_addr}) OR
+       (${code_start_addr} LESS ${slot_min_addr}))
+      message(FATAL_ERROR "Variant image ${image} "
+                          "(${code_start_addr}, ${code_end_addr}) "
+                          "does not fit in the merged ${merged_partition} "
+                          "(${slot_min_addr}, ${slot_max_addr})")
+      return()
+    endif()
+  endforeach()
+endfunction()
+
 function(merge_images_nrf54h20 output_artifact images)
   find_program(MERGEHEX mergehex.py HINTS ${ZEPHYR_BASE}/scripts/build/ NAMES
     mergehex NAMES_PER_DIR)
diff --git a/subsys/bootloader/Kconfig b/subsys/bootloader/Kconfig
@@ -170,4 +170,9 @@ config MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE
 	help
 	  This is a Kconfig which is informative only, the value should not be changed.
 
+config NCS_MCUBOOT_BOOTLOADER_SIGN_MERGED_BINARY
+	bool "Sign merged binary instead of individual images"
+	help
+	  This is a Kconfig which is informative only, the value should not be changed.
+
 endmenu
diff --git a/sysbuild/CMakeLists.txt b/sysbuild/CMakeLists.txt
@@ -693,6 +693,8 @@ function(${SYSBUILD_CURRENT_MODULE_NAME}_pre_cmake)
   if(SB_CONFIG_MCUBOOT_SIGN_MERGED_BINARY AND SB_CONFIG_SOC_NRF54H20)
     UpdateableImage_Get(images ALL)
     foreach(image ${images})
+      set_config_bool(${image} CONFIG_NCS_MCUBOOT_BOOTLOADER_SIGN_MERGED_BINARY
+        true)
       set(${image}_SIGNING_SCRIPT
         "${ZEPHYR_NRF_MODULE_DIR}/cmake/sysbuild/image_signing_nrf54h20.cmake"
          CACHE INTERNAL "MCUboot signing script" FORCE)
diff --git a/west.yml b/west.yml
@@ -128,7 +128,7 @@ manifest:
           compare-by-default: true
     - name: mcuboot
       repo-path: sdk-mcuboot
-      revision: 35be0b72fe8601a9ac9e2c8a8e29eb8a76512aac
+      revision: pull/538/head
       path: bootloader/mcuboot
     - name: qcbor
       url: https://github.com/laurencelundblade/QCBOR
