Skip to content

bootloader: mcuboot: Fixed security counter overflow detected to late #23779

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 18, 2025
Merged

bootloader: mcuboot: Fixed security counter overflow detected to late #23779

merged 1 commit into from
Aug 18, 2025

Conversation

ahasztag
Copy link
Contributor

@ahasztag ahasztag commented Aug 6, 2025

This commit fixes the issue, occuring when the maximum amount of
security counter updates has been reached.

This fact was only detected after a permament update already
happened - the updated firmware was unable to boot, as it
failed when trying to update the security counter after
the permament swap.

This commit adds the check if the security counter can be
updated (i. e. free security counter slots are still available)
before the swap is performed, fixing the issue.

@ahasztag ahasztag requested a review from nordic-mik7 August 6, 2025 15:08
@ahasztag ahasztag requested review from a team as code owners August 6, 2025 15:08
@github-actions github-actions bot added manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Aug 6, 2025
@NordicBuilder
Copy link
Contributor

NordicBuilder commented Aug 6, 2025
edited
Loading

The following west manifest projects have changed revision in this Pull Request:

Name Old Revision New Revision Diff
mcuboot nrfconnect/sdk-mcuboot@6c096b8 nrfconnect/sdk-mcuboot@0fadab1 (main) nrfconnect/[email protected]

All manifest checks OK

Note: This message is automatically posted and updated by the Manifest GitHub Action.

@NordicBuilder
Copy link
Contributor

NordicBuilder commented Aug 6, 2025
edited
Loading

CI Information

To view the history of this post, clich the 'edited' button above
Build number: 9

Inputs:

Sources:

sdk-nrf: PR head: dfc409ca5a504e41693a633d2f68bb438cfe2e55
mcuboot: PR head: 0fadab126d9ba51365b3db1cdb6d55ed892c62b4

more details

sdk-nrf:

PR head: dfc409ca5a504e41693a633d2f68bb438cfe2e55
merge base: 86ce96e514470192b7016b8157281c399d9d93f8
target head (main): 57bb508a3cb441ed905426c77d04abfa942ba42e
Diff

mcuboot:

PR head: 0fadab126d9ba51365b3db1cdb6d55ed892c62b4
merge base: 6c096b8ed7bfddf044b20dfb512c4c1fd06c2ef6
Diff

Github labels

Enabled Name Description
ci-disabled Disable the ci execution
ci-all-test Run all of ci, no test spec filtering will be done
ci-force-downstream Force execution of downstream even if twister fails
ci-run-twister Force run twister
ci-run-zephyr-twister Force run zephyr twister
List of changed files detected by CI (8) 
bootloader
│  ├── mcuboot
│  │  ├── boot
│  │  │  ├── bootutil
│  │  │  │  ├── include
│  │  │  │  │  ├── bootutil
│  │  │  │  │  │  │ security_cnt.h
│  │  │  │  ├── src
│  │  │  │  │  │ image_validate.c
│  │  │  ├── zephyr
│  │  │  │  ├── Kconfig
│  │  │  │  ├── include
│  │  │  │  │  ├── mcuboot_config
│  │  │  │  │  │  │ mcuboot_config.h
include
│  │ bl_storage.h
subsys
│  ├── bootloader
│  │  ├── bl_storage
│  │  │  ├── bl_storage.c
│  │  │  │ nrf_nv_counters.c
west.yml

Outputs:

Toolchain

Version: c5be9c56c7
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:c5be9c56c7_bba2ea5f2e

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

  • ◻️ Toolchain - Skipped: existing toolchain is used
  • ✅ Build twister - Skipped: Skipping Build & Test as it succeeded in a previous run: 8
  • ✅ Integration tests
    • ✅ test-fw-nrfconnect-chip
    • ✅ test-fw-nrfconnect-nrf-iot_cloud - Skipped: Job was skipped as it succeeded in a previous run
    • ✅ test-fw-nrfconnect-tfm
    • ✅ test-sdk-find-my - Skipped: Job was skipped as it succeeded in a previous run
    • ✅ test-sdk-mcuboot - Skipped: Job was skipped as it succeeded in a previous run
    • ✅ test-sdk-dfu
Disabled integration tests
    • test-fw-nrfconnect-nrf_lrcs_mosh
    • test-fw-nrfconnect-nrf_lrcs_positioning
    • desktop52_verification
    • doc-internal
    • test_ble_nrf_config
    • test-fw-nrfconnect-apps
    • test-fw-nrfconnect-ble_mesh
    • test-fw-nrfconnect-ble_samples
    • test-fw-nrfconnect-fem
    • test-fw-nrfconnect-nfc
    • test-fw-nrfconnect-nrf-iot_libmodem-nrf
    • test-fw-nrfconnect-nrf-iot_lwm2m
    • test-fw-nrfconnect-nrf-iot_samples
    • test-fw-nrfconnect-nrf-iot_serial_lte_modem
    • test-fw-nrfconnect-nrf-iot_thingy91
    • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
    • test-fw-nrfconnect-proprietary_esb
    • test-fw-nrfconnect-ps-main
    • test-fw-nrfconnect-rpc
    • test-fw-nrfconnect-rs
    • test-low-level
    • test-sdk-audio
    • test-sdk-pmic-samples
    • test-sdk-wifi
    • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

@ahasztag ahasztag force-pushed the NCSDK-34251_fix_security_counter_update_oob branch 2 times, most recently from d535766 to 9d82ad7 Compare August 6, 2025 15:20
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 6, 2025

You can find the documentation preview for this PR here.

@ahasztag ahasztag force-pushed the NCSDK-34251_fix_security_counter_update_oob branch 2 times, most recently from d55579b to af76e9b Compare August 12, 2025 10:21
@ahasztag ahasztag force-pushed the NCSDK-34251_fix_security_counter_update_oob branch 2 times, most recently from 42f2672 to e1d1e0c Compare August 14, 2025 12:52
@ahasztag
bootloader: mcuboot: Fixed security counter overflow detected to late
dfc409c 
This commit fixes the issue, occuring when the maximum amount of
security counter updates has been reached.

This fact was only detected after a permament update already
happened - the updated firmware was unable to boot, as it
failed when trying to update the security counter after
the permament swap.

This commit adds the check if the security counter can be
updated (i. e. free security counter slots are still available)
before the swap is performed, fixing the issue.

Signed-off-by: Artur Hadasz <[email protected]>
@ahasztag ahasztag force-pushed the NCSDK-34251_fix_security_counter_update_oob branch from e1d1e0c to dfc409c Compare August 18, 2025 07:58
@NordicBuilder NordicBuilder removed the DNM label Aug 18, 2025
@rlubos rlubos merged commit 2168093 into nrfconnect:main Aug 18, 2025
14 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rlubos rlubos rlubos approved these changes

@de-nordic de-nordic de-nordic approved these changes

@nordic-mik7 nordic-mik7 nordic-mik7 approved these changes

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. manifest manifest-mcuboot
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ahasztag @NordicBuilder @rlubos @de-nordic @nordic-mik7