nrfconnect · ayla-nordicsemi · Aug 19, 2025 · Aug 19, 2025 · Aug 19, 2025 · Aug 21, 2025
@@ -14,10 +14,18 @@ menuconfig APP_JWT
 	# Needed to print integer values in JSON
 	select CJSON_LIB
 	select CBPRINTF_FP_SUPPORT
+	# Needed to use PSA and crypto
+	select PSA_SSF_CRYPTO_CLIENT
+	select PSA_WANT_PLATFORM_KEYS
+	select PSA_WANT_GENERATE_RANDOM
 	select PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
 	select PSA_WANT_ALG_ECDSA
 	select PSA_WANT_ECC_SECP_R1_256
 	select PSA_WANT_ALG_SHA_256
+	# Needed to use PSA services from secure core
+	select NRF_IRONSIDE_CALL
+	# Needed for device UUID
+	select NRF_IRONSIDE_BOOT_REPORT
 
 if APP_JWT
 

@@ -15,7 +15,7 @@
 #include <stdio.h>
 #include <errno.h>
 
-#include <sdfw/sdfw_services/device_info_service.h>
+#include <ironside/include/nrf_ironside/boot_report.h>
 
 #include <date_time.h>
 #include <psa/crypto.h>
@@ -636,6 +636,20 @@ static int jwt_signature_append(const char *const unsigned_jwt, const char *cons
 	return err;
 }
 
+static int device_info_get_uuid(uint8_t *uuid_bytes)
+{
+	int err = 0;
+	const struct ironside_boot_report *report;
+
+	err = ironside_boot_report_get(&report);
+
+	if (err == 0) {
+		memcpy(uuid_bytes, (void*)&report->device_info_uuid ,SECDOM_BOOT_REPORT_UUID_SIZE);
+	}
+
+	return err;
+}
+
 int app_jwt_generate(struct app_jwt_data *const jwt)
 {
 	if (jwt == NULL) {
@@ -712,7 +726,7 @@ int app_jwt_get_uuid(char *uuid_buffer, const size_t uuid_buffer_size)
 
 	uint8_t uuid_bytes[UUID_BINARY_BYTES_SZ];
 
-	if (0 != ssf_device_info_get_uuid(uuid_bytes)) {
+	if (0 != device_info_get_uuid(uuid_bytes)) {
 		/* Couldn't read data */
 		return -ENXIO;
 	}

@@ -28,13 +28,3 @@ CONFIG_APP_JWT_PRINT_EXPORTED_PUBKEY_DER=y
 
 # Enable nordic security backend and PSA APIs
 CONFIG_NRF_SECURITY=y
-
-# Enable PSA crypto from SSF client
-CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
-
-# Enable Device Info service
-CONFIG_SSF_DEVICE_INFO_SERVICE_ENABLED=y
-
-# Enable SUIT bundling
-CONFIG_SUIT=y
-CONFIG_ZCBOR_CANONICAL=y
@@ -13,19 +13,9 @@ CONFIG_APP_JWT_LOG_LEVEL_INF=y
 # Verify JWT signature after signing
 CONFIG_APP_JWT_VERIFY_SIGNATURE=y
 
+# Requiered to use subsys nrf_security
+CONFIG_NRF_SECURITY=y
+
 # Optional : print the exported public key in DER format to logging terminal,
 # requieres CONFIG_APP_JWT_LOG_LEVEL_INF=y to be made visible.
 CONFIG_APP_JWT_PRINT_EXPORTED_PUBKEY_DER=y
-
-# Enable nordic security backend and PSA APIs
-CONFIG_NRF_SECURITY=y
-
-# Enable PSA crypto from SSF client
-CONFIG_SSF_PSA_CRYPTO_SERVICE_ENABLED=y
-
-# Enable Device Info service
-CONFIG_SSF_DEVICE_INFO_SERVICE_ENABLED=y
-
-# Enable SUIT bundling
-CONFIG_SUIT=y
-CONFIG_ZCBOR_CANONICAL=y
@@ -19,12 +19,5 @@ tests:
       - nrf54h20dk/nrf54h20/cpuapp
     extra_args:
       - EXTRA_CONF_FILE=uart_logging.conf
-      - SB_CONFIG_SUIT_ENVELOPE=y
     extra_configs:
       - CONFIG_LOG_BUFFER_SIZE=4098
-      - CONFIG_SUIT=y
-      - CONFIG_ZCBOR=y
-      - CONFIG_ZCBOR_CANONICAL=y
-      - CONFIG_SUIT_ENVELOPE_TARGET="application"
-      - CONFIG_SUIT_ENVELOPE_TEMPLATE_FILENAME="app_envelope.yaml.jinja2"
-      - CONFIG_SUIT_LOCAL_ENVELOPE_GENERATE=y
@@ -8,7 +8,7 @@ config PSA_SSF_CRYPTO_CLIENT
 	bool
 	prompt "PSA crypto provided through SSF"
 	default y
-	depends on SSF_CLIENT || SOC_NRF54H20
+	depends on SSF_CLIENT || SOC_NRF54H20 || SOC_NRF9280
 	select NRF_IRONSIDE_CALL if !SSF_CLIENT
 
 if PSA_SSF_CRYPTO_CLIENT

@@ -65,7 +65,7 @@ manifest:
     # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
     - name: zephyr
       repo-path: sdk-zephyr
-      revision: 53824876e35648dc8c2d6fb99e3756e7cd4d779f
+      revision: pull/3208/head
       import:
         # In addition to the zephyr repository itself, NCS also
         # imports the contents of zephyr/west.yml at the above