Skip to content

[nrf noup] boot: zephyr: Protect only the bootloader #419

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[nrf noup] boot: zephyr: Protect only the bootloader #419

wants to merge 1 commit into from
+2 −2

Conversation

SeppoTakalo
Copy link

When using fprotect_area(), only protect the areas assigned to bootloader. Don't assume there is nothing between bootloader and primary slot.

This allows placing TF-M storage between bootloader and MCUboot primary slot.

image

@SeppoTakalo
Copy link
Author

A tiny problem remains.. If bootloader partitions ends are not aligned by SPU size, then

E: Protect mcuboot flash failed, cancel startup.

@SeppoTakalo SeppoTakalo force-pushed the fprotect_bootloader branch from 1367e03 to 106d673 Compare April 17, 2025 07:40
@SeppoTakalo
Copy link
Author

Refactored.
Now uses ALIGN_DOWN() for the start address and ALIGN_UP() for the end address.
So if end addresses are not aligned, it still protects the whole block.

nordicjm
nordicjm reviewed Apr 17, 2025
View reviewed changes
@SeppoTakalo
[nrf noup] boot: zephyr: Protect only the bootloader
c71f09b 
When using fprotect_area(), only protect the areas assigned
to bootloader. Don't assume there is nothing between
bootloader and primary slot.

This allows placing TF-M storage between bootloader and
MCUboot primary slot.

Signed-off-by: Seppo Takalo <[email protected]>
@SeppoTakalo SeppoTakalo force-pushed the fprotect_bootloader branch from 106d673 to c71f09b Compare April 17, 2025 10:03
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@SeppoTakalo
Copy link
Author

Removed the runtime alignment code, and I propose that we fix it in nrfconnect/sdk-nrf#21920

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nordicjm nordicjm nordicjm left review comments

@de-nordic de-nordic Awaiting requested review from de-nordic de-nordic is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@SeppoTakalo @nordicjm