Skip to content

[nrf fromlist] cmake: mcuboot: SHA512/pure image signing #3074

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 4, 2025
Merged

[nrf fromlist] cmake: mcuboot: SHA512/pure image signing #3074

merged 2 commits into from
Aug 4, 2025

Conversation

@nordic-mik7
Copy link
Contributor

@nordic-mik7 nordic-mik7 commented Jul 23, 2025
edited
Loading

Update signing script to use proper arguments for imgtool when SHA512 or pure signature is needed.

Upstream PR #: 93813

This was referenced Jul 23, 2025
Closed
Merged
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from 2769fac to bcb8673 Compare July 23, 2025 12:30
@nordic-mik7 nordic-mik7 changed the title [nrf fromlist] cmake: mcuboot: SHA512/pure image signing [nrf noup] cmake: mcuboot: SHA512/pure image signing Jul 23, 2025
tomchy
tomchy approved these changes Jul 24, 2025
View reviewed changes
cmake/mcuboot.cmake Outdated
endif()

# Set proper hash calculation algorithm for signing
if(CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512 AND NOT CONFIG_MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If found better, you may change the order of ifs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch 2 times, most recently from 8601d86 to ca746d8 Compare July 24, 2025 12:25
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch 2 times, most recently from 9f6a64e to afb0f66 Compare July 28, 2025 15:08
nordicjm
nordicjm requested changes Jul 29, 2025
View reviewed changes
Copy link
Contributor

@nordicjm nordicjm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move this (and config MCUBOOT_BOOTLOADER_USES_SHA512) upstream

@nordic-mik7
Copy link
Contributor Author

nordic-mik7 commented Jul 29, 2025
edited
Loading

move this (and config MCUBOOT_BOOTLOADER_USES_SHA512) upstream

Wasn't there a reason for config MCUBOOT_BOOTLOADER_USES_SHA512 to be [noup] ? I aligned to existing solution, why now it should be changed ?

@nordic-mik7 nordic-mik7 requested a review from nordicjm July 29, 2025 09:51
@nordicjm
Copy link
Contributor

move this (and config MCUBOOT_BOOTLOADER_USES_SHA512) upstream

Wasn't there a reason for config MCUBOOT_BOOTLOADER_USES_SHA512 to be [noup] ? I aligned to existing solution, why now it should be changed ?

That should not have been added to ncs at all, it's not ncs specific and just causes issues in upmerges with conflicts

@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from afb0f66 to eea08e1 Compare July 29, 2025 10:52
@nordic-mik7 nordic-mik7 changed the title [nrf noup] cmake: mcuboot: SHA512/pure image signing [nrf fromlist] cmake: mcuboot: SHA512/pure image signing Jul 29, 2025
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch 2 times, most recently from f433fae to 7bf019c Compare July 29, 2025 11:38
@nordic-mik7
Copy link
Contributor Author

move this (and config MCUBOOT_BOOTLOADER_USES_SHA512) upstream

Wasn't there a reason for config MCUBOOT_BOOTLOADER_USES_SHA512 to be [noup] ? I aligned to existing solution, why now it should be changed ?

That should not have been added to ncs at all, it's not ncs specific and just causes issues in upmerges with conflicts

done

@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from 7bf019c to f774c89 Compare July 30, 2025 07:00
nordicjm
nordicjm reviewed Jul 30, 2025
View reviewed changes
scripts/ci/check_compliance.py Outdated
Comment on lines 1120 to 1121
"MCUBOOT_BOOTLOADER_SIGNATURE_TYPE_PURE", # Used in mcuboot.cmake
"MCUBOOT_BOOTLOADER_USES_SHA512", # Used in mcuboot.cmake
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove as per upstream pr

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from cf3c4b1 to fc881c1 Compare July 30, 2025 11:25
@nordic-mik7 nordic-mik7 requested a review from nordicjm July 30, 2025 11:25
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch 2 times, most recently from e80496c to 9e78a04 Compare August 1, 2025 07:33
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from 9e78a04 to f4a9178 Compare August 1, 2025 10:04
@nordic-mik7
Revert "[nrf noup] mcuboot: Add CONFIG_MCUBOOT_BOOTLOADER_USES_SHA512"
3c403ca 
This reverts commit 6b37917.
Changes were moved to upstream in PR #93813.

Signed-off-by: Michal Kozikowski <[email protected]>
@nordic-mik7
[nrf fromtree] cmake: mcuboot: SHA512/pure image signing
1a1f36f 
Update signing script to use proper arguments for imgtool when SHA512
or pure signature is needed.

Signed-off-by: Michal Kozikowski <[email protected]>
(cherry picked from commit 6c72cd3)
@nordic-mik7 nordic-mik7 force-pushed the dev/sha512_ironboard branch from f4a9178 to 1a1f36f Compare August 4, 2025 09:11
@rlubos rlubos merged commit c136755 into nrfconnect:main Aug 4, 2025
18 checks passed
@github-actions github-actions bot mentioned this pull request Aug 7, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomchy tomchy tomchy approved these changes

@nordicjm nordicjm nordicjm approved these changes

@ahasztag ahasztag ahasztag approved these changes

@adsz-nordic adsz-nordic Awaiting requested review from adsz-nordic

@de-nordic de-nordic Awaiting requested review from de-nordic

Assignees

No one assigned

Labels

backport ncs-v3.1-branch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@nordic-mik7 @nordicjm @tomchy @ahasztag @rlubos