applications: nrf_desktop: nrf54h20: migrate to ironside se

[kapi-no]

Updated the nrf54h20dk/nrf54h20/cpuapp and nrf54h20dk/nrf54h20/cpurad board target configurations in the nRF Desktop application to align them with the new nRF54H20 SW architecture that is based on the IronSide SE.

Added the MCUboot bootloader configuration and replaced the default nRF54H20 partition map with the custom application-optimized memory map.

The updated configuration is the first step towards the complete feature migration. The following features are disabled and not yet supported:

• MCUmgr DFU with the Bluetooth transport
• Config Channel DFU with both the USB and Bluetooth transports
• DVFS

Ref: NCSDK-34151

[NordicBuilder]

CI Information

^{To view the history of this post, clich the 'edited' button above}
Build number: 7

Inputs:

Sources:

sdk-nrf: PR head: bf2b39c4827386fa9ebeb70a45dd21bafcfc18dc

more details

sdk-nrf:

PR head: bf2b39c4827386fa9ebeb70a45dd21bafcfc18dc
merge base: 2e9e19076d6b6fc30ad9b000bf4b9c9517b66ea5
target head (main): de585ea110df84d4f941a5e57a71b6fac086c4a6
Diff

Github labels

Enabled	Name	Description
	ci-disabled	Disable the ci execution
	ci-all-test	Run all of ci, no test spec filtering will be done
	ci-force-downstream	Force execution of downstream even if twister fails
	ci-run-twister	Force run twister
	ci-run-zephyr-twister	Force run zephyr twister

List of changed files detected by CI (20)

applications
│  ├── nrf_desktop
│  │  ├── configuration
│  │  │  ├── nrf54h20dk_nrf54h20_cpuapp
│  │  │  │  ├── app_common.dtsi
│  │  │  │  ├── images
│  │  │  │  │  ├── mcuboot
│  │  │  │  │  │  ├── app.overlay
│  │  │  │  │  │  ├── mcuboot_private.pem
│  │  │  │  │  │  ├── prj.conf
│  │  │  │  │  │  ├── prj_dongle.conf
│  │  │  │  │  │  ├── prj_release.conf
│  │  │  │  │  │  │ prj_release_dongle.conf
│  │  │  │  ├── memory_map.dtsi
│  │  │  │  ├── prj.conf
│  │  │  │  ├── prj_dongle.conf
│  │  │  │  ├── prj_release.conf
│  │  │  │  ├── prj_release_dongle.conf
│  │  │  │  ├── sysbuild.conf
│  │  │  │  ├── sysbuild_dongle.conf
│  │  │  │  ├── sysbuild_release.conf
│  │  │  │  │ sysbuild_release_dongle.conf
│  │  │  ├── nrf54h20dk_nrf54h20_cpurad
│  │  │  │  ├── images
│  │  │  │  │  ├── ipc_radio
│  │  │  │  │  │  ├── app.overlay
│  │  │  │  │  │  ├── prj.conf
│  │  │  │  │  │  │ prj_release.conf
scripts
│  │ quarantine.yaml

Outputs:

Toolchain

Version: 2b2cd9579a
Build docker image: docker-dtr.nordicsemi.no/sw-production/ncs-build:2b2cd9579a_bba2ea5f2e

Test Spec & Results: ✅ Success; ❌ Failure; 🟠 Queued; 🟡 Progress; ◻️ Skipped; ⚠️ Quarantine

• ◻️ Toolchain - Skipped: existing toolchain is used
• ✅ Build twister
  • sdk-nrf test count: 49
• ✅ Integration tests
  • ✅ desktop52_verification

Disabled integration tests

• • test-fw-nrfconnect-nrf_lrcs_mosh
  • test-fw-nrfconnect-nrf_lrcs_positioning
  • doc-internal
  • test_ble_nrf_config
  • test-fw-nrfconnect-apps
  • test-fw-nrfconnect-ble_mesh
  • test-fw-nrfconnect-ble_samples
  • test-fw-nrfconnect-chip
  • test-fw-nrfconnect-fem
  • test-fw-nrfconnect-nfc
  • test-fw-nrfconnect-nrf-iot_libmodem-nrf
  • test-fw-nrfconnect-nrf-iot_lwm2m
  • test-fw-nrfconnect-nrf-iot_samples
  • test-fw-nrfconnect-nrf-iot_serial_lte_modem
  • test-fw-nrfconnect-nrf-iot_thingy91
  • test-fw-nrfconnect-nrf-iot_zephyr_lwm2m
  • test-fw-nrfconnect-nrf_crypto
  • test-fw-nrfconnect-proprietary_esb
  • test-fw-nrfconnect-ps-main
  • test-fw-nrfconnect-rpc
  • test-fw-nrfconnect-rs
  • test-fw-nrfconnect-tfm
  • test-fw-nrfconnect-thread-main
  • test-low-level
  • test-sdk-audio
  • test-sdk-dfu
  • test-sdk-find-my
  • test-sdk-mcuboot
  • test-sdk-pmic-samples
  • test-sdk-wifi
  • test-secdom-samples-public

Note: This message is automatically posted and updated by the CI

[github-actions]

Since quarantine was modified, please make sure you are following the process described in Quarantine Process.

[github-actions]

You can find the documentation preview for this PR here.

[kapi-no]

Switch to HW crypto by enabling the nRF Security module with the next PR update operation.
(Currently, the CONFIG_BOOT_USE_TINYCRYPT is enabled).

Apply to other MCUboot configurations.

[kapi-no]

addressed

[kapi-no]

The S2RAM issues for the dongle configuration should be resolved once the following PR set is merged:

#24522
nrfconnect/sdk-zephyr#3275

[tomchy]

Note that in some future - there might be an allocation here for the SDFW recovery logic.
The draft default values are:

• 0x1b0000 - 0x1c0000: the secondary_partition for the code
• 0x1c0000 - 0x1c2000: the secondary_periphconf_partition for the alternative periphconf

[kapi-no]

This is incorrect; the DFU transport logic (MCUmgr) must have the same view of the slot layout as the MCUboot.

/* Define the necessary aliases for the MCUboot slots that will be used by the DFU transports. */
slot0_partition: &cpux_slot0_partition {
	label = "image-0";
};

slot1_partition: &cpux_slot1_partition {
	label = "image-1";
};

However, the code partition still needs to point to cpuapp_slot0_partition to display the correct memory footprint of the application. This is easy to do for the default image:

/ {
	chosen {
		zephyr,code-partition = &cpuapp_slot0_partition;
	};
};

but it is harder to do for the secondary variant of the default image (direct-xip) as it requires override of the nrf/subsys/mcuboot/mcuboot_secondary_app.overlay file with the following logic:

/ {
	chosen {
		zephyr,code-partition = &cpuapp_slot1_partition;
	};
};

Of course, to cover also the IPC radio image pair, we should abstract the alias and call it, for example, slot0_image_subpartition / slot1_image_subpartition.

[kapi-no]

Unlocking the possibility to fix this issue once the following sysbuild extension is available in the main branch:

#24561

[kapi-no]

Due to significant issues in applying this improvement, I decided to define a partition similarly to how it is done in the Zephyr SMP Server sample (to be more precise, it is a copy of the original sample that we use in sdk-nrf).

I added an additional comment to indicate the consequences of this approach.

[kapi-no]

Pure rebase, the file diff remains the same

[MarekPieta]

I would consider explicitly enabling the CONFIG_PSA_SSF_CRYPTO_CLIENT instead of commenting on that (to ensure it's actually set here). I also wonder if we actually need keep the CONFIG_PSA_CRYPTO_DRIVER_OBERON enabled. Do we actually use the driver?

[kapi-no]

No, we don't need it. However, disabling this Kconfig option doesn't change the memory footprint of the mcuboot image, so I think this Kconfig option is not even used for the nRF54H20 platform.

I would leave the default configuration and let the bootloader team optimize the Kconfig set and get rid of unnecessary Kconfigs.

[MarekPieta]

Contacting bootloader team regarding this might be a good idea. It would be great if the configuration could be improved here.

[kapi-no]

small fix to address compliance