Skip to content

manifest: Update sdk-mcuboot with Cracen key locking #23140

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

manifest: Update sdk-mcuboot with Cracen key locking #23140

wants to merge 2 commits into from

Conversation

de-nordic
Copy link
Contributor

Add key locking when KMU is used.

@de-nordic de-nordic requested review from a team as code owners July 4, 2025 13:24
@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Jul 4, 2025
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 4, 2025
edited by github-actions bot
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@e1f2ab3 (main) nrfconnect/sdk-mcuboot#484 nrfconnect/sdk-mcuboot#484/files

DNM label due to: 1 project with PR revision

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Jul 4, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 16

Inputs:

Sources:

sdk-nrf: PR head: 83940783b96e222e261dfa45e9cf1ba8b4930ace
mcuboot: PR head: 3f2a61eadffce30b85405b1ff87ff0ac461e32ad

more details

sdk-nrf:

PR head: 83940783b96e222e261dfa45e9cf1ba8b4930ace
merge base: 4b8b26d6ff7f16ba6cf25de4bb663db141a5f411
target head (main): 4b8b26d6ff7f16ba6cf25de4bb663db141a5f411
Diff

mcuboot:

PR head: 3f2a61eadffce30b85405b1ff87ff0ac461e32ad
merge base: e1f2ab3806ce7ebc7ef34b3fc04272e747590745
target head (main): e1f2ab3806ce7ebc7ef34b3fc04272e747590745
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (13) 
bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── bootutil
│  │  │  │  ├── src
│  │  │  │  │  │ ed25519_psa.c
│  │  │  ├── zephyr
│  │  │  │  ├── include
│  │  │  │  │  │ nrf_cleanup.h
│  │  │  │  │ main.c
tests
│  ├── subsys
│  │  ├── kmu
│  │  │  ├── pytest
│  │  │  │  │ test_kmu_revoke_in_app.py
│  │  │  ├── revoke
│  │  │  │  ├── CMakeLists.txt
│  │  │  │  ├── boards
│  │  │  │  │  ├── nrf54lm20dk_nrf54lm20a_cpuapp.conf
│  │  │  │  │  │ nrf54lv10dk_nrf54lv10a_cpuapp.conf
│  │  │  │  ├── prj.conf
│  │  │  │  ├── src
│  │  │  │  │  │ main.c
│  │  │  │  ├── sysbuild.conf
│  │  │  │  ├── sysbuild
│  │  │  │  │  │ mcuboot.conf
│  │  │  │  │ testcase.yaml
west.yml

Outputs:

Toolchain

Version: c0e69fc6ed
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:c0e69fc6ed_bba2ea5f2e

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ❌ Build twister
    • sdk-nrf test count: 715
  • ❌ Integration tests
    • ❌ test-sdk-mcuboot
Disabled integration tests
    • test-fw-nrfconnect-nrf_lrcs_mosh
    • test-fw-nrfconnect-nrf_lrcs_positioning
    • desktop52_verification
    • doc-internal
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-chip
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-nrf_crypto
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps-main
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-fw-nrfconnect-tfm
    • test-fw-nrfconnect-thread-main
    • test-low-level
    • test-sdk-audio
    • test-sdk-dfu
    • test-sdk-find-my
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2025

You can find the documentation preview for this PR here.

@NordicBuilder
Copy link
Contributor

Memory footprint analysis revealed the following potential issues

sample.matter.template.debug[nrf52840dk/nrf52840]: RAM size increased by 2932[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.debug[nrf52840dk/nrf52840]: ROM size increased by 6384[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf5340dk/nrf5340/cpuapp]: RAM size increased by 2932[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf5340dk/nrf5340/cpuapp]: ROM size increased by 5120[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf7002dk/nrf5340/cpuapp]: RAM size increased by 2260[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf7002dk/nrf5340/cpuapp]: ROM size increased by 5328[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.debug[nrf5340dk/nrf5340/cpuapp]: RAM size increased by 2932[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.debug[nrf5340dk/nrf5340/cpuapp]: ROM size increased by 6392[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf52840dk/nrf52840]: RAM size increased by 2932[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.release[nrf52840dk/nrf52840]: ROM size increased by 5272[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.debug[nrf7002dk/nrf5340/cpuapp]: RAM size increased by 2260[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)
sample.matter.template.debug[nrf7002dk/nrf5340/cpuapp]: ROM size increased by 6328[B] in comparison to the main[b826614] branch. - link (cc: @kkasperczyk-no @ArekBalysNordic @markaj-nordic)

Note: This message is automatically posted and updated by the CI (latest/sdk-nrf/PR-23140/3)

@de-nordic de-nordic requested a review from nvlsianpu July 17, 2025 14:10
@de-nordic de-nordic requested a review from a team as a code owner July 24, 2025 12:52
@NordicBuilder NordicBuilder removed the DNM label Jul 24, 2025
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 20cc34b to 5cf57ed Compare July 25, 2025 08:37
@NordicBuilder NordicBuilder removed the DNM label Jul 25, 2025
@de-nordic de-nordic closed this Jul 30, 2025
@de-nordic de-nordic reopened this Jul 30, 2025
@de-nordic de-nordic added DNM and removed manifest labels Jul 30, 2025
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 94675c0 to 2468b8e Compare August 1, 2025 14:19
@de-nordic de-nordic requested a review from a team as a code owner August 1, 2025 14:19
@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 3fa2c5f to c56706d Compare August 6, 2025 16:33
gchwier
gchwier reviewed Aug 12, 2025
View reviewed changes
tests/subsys/kmu/revoke/testcase.yaml
harness: pytest
harness_config:
pytest_root:
- "../pytest/test_kmu_revoke_in_app.py"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove also this file

@de-nordic de-nordic force-pushed the key-locking branch 2 times, most recently from 9c9e053 to f7cebb7 Compare September 2, 2025 17:18
@de-nordic
manifest: Update sdk-mcuboot with KMU key-locking
45442dd 
KMU key-locking support.

Signed-off-by: Dominik Ermel <[email protected]>
@de-nordic
tests: Removing the test for application revoking MCUboot keys
8394078 
With MCUboot locking the keys it is no longer possible to revoke,
or destroy, MCUboot keys from application.

Signed-off-by: Dominik Ermel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gchwier gchwier gchwier left review comments

@nordicjm nordicjm nordicjm approved these changes

@nvlsianpu nvlsianpu Awaiting requested review from nvlsianpu

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. DNM manifest manifest-mcuboot
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@de-nordic @NordicBuilder @nordicjm @gchwier