enabled ed25519/KMU for b0 on nrf54l and Cut down configuration for B0

[de-nordic]

WARNING: The PR has changed with addition of defaulting ed25519/KMU in b0. That commit was not there previously as the base PR used for this has been enabling such configurations.
The original purpose of the cut down was to fit the PSA hardware crypto, so it would not make sense to keep the PR unless we now enable the ed25519 here.

This configuration allows B0 to use PSA crypto while still being able to fit into FPROTECT area.

Only three top commits.

Depends on #20812

For CI to test from branch:
test_boot: testing_21310_b0_on_nrf54l

[NordicBuilder]

The following west manifest projects have changed revision in this Pull Request:

Name	Old Revision	New Revision	Diff

✅ All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

[NordicBuilder]

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 21

Inputs:

Sources:

sdk-nrf: PR head: bc57393e16452f23f89c55edc0b0a3790698ecff

more details

sdk-nrf:

PR head: bc57393e16452f23f89c55edc0b0a3790698ecff
merge base: 578095f45245789ca5e45d29a5f13fc8e0f11e59
target head (main): 58a92a8f382fc6a52813e36508aa1a8c46a2a5e7
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (8)

lib
│  ├── fprotect
│  │  │ Kconfig
samples
│  ├── bootloader
│  │  ├── boards
│  │  │  │ nrf54l15dk_nrf54l15_cpuapp.conf
│  │  ├── src
│  │  │  │ main.c
subsys
│  ├── bootloader
│  │  ├── bl_crypto
│  │  │  │ Kconfig
sysbuild
│  │ Kconfig.secureboot
tests
│  ├── subsys
│  │  ├── bootloader
│  │  │  ├── b0_lock
│  │  │  │  │ testcase.yaml
│  │  │  ├── bl_storage
│  │  │  │  │ testcase.yaml
│  │  │  ├── boot_chains
│  │  │  │  │ testcase.yaml

Outputs:

Toolchain

Version: 7cbc0036f4
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:7cbc0036f4_8bf7ca4353

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain - Skipped: existing toolchain is used
• ✅ Build twister - Skipped: Skipping Build & Test as it succeeded in a previous run: 18
• ✅ Integration tests
  • ✅ test-sdk-audio - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ desktop52_verification - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-boot - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-apps - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test_ble_nrf_config - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ble_mesh - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ble_samples - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-chip - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nfc - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_cloud - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_libmodem-nrf - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_serial_lte_modem - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_zephyr_lwm2m - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_samples - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ doc-internal - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_thingy91 - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf_crypto - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-proprietary_esb - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-rpc - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-rs - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-fem - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-tfm - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-thread - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-find-my - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_mosh - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-nrf-iot_positioning - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-wifi - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-low-level - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-pmic-samples - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-mcuboot - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-sdk-dfu - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-fw-nrfconnect-ps - Skipped: Job was skipped as it succeeded in a previous run
  • ✅ test-secdom-samples-public - Skipped: Job was skipped as it succeeded in a previous run
  • ⚠️ test-fw-nrfconnect-fw-update

Note: This message is automatically posted and updated by the CI

[github-actions]

You can find the documentation preview for this PR here.

[nvlsianpu]

approved pluto's commits

[Vge0rge]

Just for my own shake, why do we set a different size depending on the FPROTECT?

[de-nordic]

If you disable FPROTECT you can fit more into b0, because fprotect can only protect 31k.
So, for example, if you want to enable a lot of stuff to debug, you may not fit in the FPROTECT area and need to disable it, then it automatically also brings the size of allowed code up.

[Vge0rge]

This PR basically includes PR 20812. I reviewed the last commits which set the configuration of the PSA_CORE_LITE and they seem OK to me.

[de-nordic]

This PR basically includes PR 20812. I reviewed the last commits which set the configuration of the PSA_CORE_LITE and they seem OK to me.

Yes. That PR is required for the change to work.

[nordicjm]

should not be applying this for everything, add a boards/<board> Kconfig fragment, and it should have a file suffix because people expect the default one to all act the same way which is with logging

[frkv]

LGTM