diff --git a/.gitignore b/.gitignore index 66fb8559..8c56fcce 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ __pycache__ /doc/build/* /build/* +suit-generator.log diff --git a/ncs/Kconfig b/ncs/Kconfig index 03994414..955bd286 100755 --- a/ncs/Kconfig +++ b/ncs/Kconfig @@ -4,6 +4,41 @@ # SPDX-License-Identifier: LicenseRef-Nordic-5-Clause # +# The following nine KConfigs are maintained for backward compatibility with the sdk-nrf-next repository. +# They are slated for removal once sdk-nrf-next is no longer in use. +config SOC_NRF54H20_ENGA_CPUAPP + bool +config SOC_NRF54H20_CPUAPP + bool +config SOC_NRF54H20_CPUSEC + bool +config SOC_NRF54H20_CPUSYS + bool +config SSF_SUIT_SERVICE_ENABLED + bool +config INCLUDE_SECDOM + bool +config IS_SECURE_DOMAIN_FW + bool +config HW_REVISION_SOC1 + bool +config INCLUDE_SYSCTRL + bool + +menuconfig SUIT_ENVELOPE_GENERATION + bool "SUIT envelope generation config" + default y if SOC_SERIES_NRF54HX + +config SUIT_ENVELOPE_TEMPLATE + string "Path to the envelope template" + default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/app_envelope.yaml.jinja2" if SOC_NRF54H20_ENGA_CPUAPP + default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/rad_envelope.yaml.jinja2" if SOC_NRF54H20_ENGA_CPURAD + +config SUIT_ENVELOPE_TARGET + string "Target name inside the envelope templates" + default "app" if SOC_NRF54H20_ENGA_CPUAPP + default "rad" if SOC_NRF54H20_ENGA_CPURAD + menuconfig SUIT_ENVELOPE bool "Create SUIT envelope" help @@ -26,6 +61,7 @@ config SUIT_ENVELOPE_SEQUENCE_NUM config SUIT_ENVELOPE_DEFAULT_TEMPLATE string "Path to the default envelope template (deprecated)" default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/root_with_nordic_top_envelope.yaml.jinja2" if SOC_NRF54H20_CPUAPP + default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/root_with_binary_nordic_top.yaml.jinja2" if SOC_NRF54H20_ENGA_CPUAPP default SUIT_ENVELOPE_SYSCTRL_TEMPLATE if SOC_NRF54H20_CPUSYS default SUIT_ENVELOPE_SECDOM_TEMPLATE if SOC_NRF54H20_CPUSEC help @@ -80,7 +116,7 @@ config SUIT_ENVELOPE_802154_RPMSG_SUBIMAGE_TEMPLATE config SUIT_ENVELOPE_EDITABLE_TEMPLATES_LOCATION string "Path to the folder with envelope templates" - default "../../" + default "../" help Path to the folder containing editable templates used to create binary envelopes. Input templates are created by the build system during first build from the SUIT_ENVELOPE_DEFAULT_TEMPLATE. @@ -117,15 +153,6 @@ config SUIT_ENVELOPE_SECDOM_TEMPLATE Jinja2 template file used to generate yaml file for secure domain update. default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/secdom_update_envelope.yaml.jinja2" -config SUIT_ENVELOPE_SYSCTRL_TEMPLATE - string "Path to the default system controller envelope template" - default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/sysctrl_envelope.yaml.jinja2" - help - Path to the default system controller envelope template, that is used if the system controller directory does not - contain an input system controller envelope template file. - You can use either absolute or relative path. - In case relative path is used, the build system uses PROJECT_BINARY_DIR directory. - config SUIT_ENVELOPE_SECDOM_IMPRIMATUR_SICR_BIN string "Name of Imprimatur's build artifact containing SICR section needed for SDFW update" default "urot_update_sm.bin" @@ -176,8 +203,14 @@ config SUIT_ENVELOPE_TOP_TEMPLATE default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/nordic_top_envelope.yaml.jinja2" if SOC_NRF54H20_CPUAPP config SUIT_ENVELOPE_ROOT_TARGET - string "Map root target to custom target to overwite output aftifacts names." + string "Map root target to custom target to overwite output artifacts names." default "secdom" if SOC_NRF54H20_CPUSEC && !HW_REVISION_SOC1 default "sysctrl" if SOC_NRF54H20_CPUSYS && !HW_REVISION_SOC1 +config SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY + string "Path to the folder with nordic top artifacts" + default "./" if SOC_NRF54H20_ENGA_CPUAPP + help + Path to the folder containing nordic-top.suit envelope. + endif # SUIT_ENVELOPE diff --git a/ncs/root_with_binary_nordic_top.yaml.jinja2 b/ncs/root_with_binary_nordic_top.yaml.jinja2 new file mode 100644 index 00000000..d59e35f9 --- /dev/null +++ b/ncs/root_with_binary_nordic_top.yaml.jinja2 @@ -0,0 +1,225 @@ +{%- set component_index = 0 %} +{%- set component_list = [] %} +{%- set mpi_root_vendor_name = app['config']['CONFIG_SUIT_MPI_ROOT_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_root_class_name = app['config']['CONFIG_SUIT_MPI_ROOT_CLASS_NAME']|default('nRF54H20_sample_root') %} +{%- set mpi_app_vendor_name = app['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_app_class_name = app['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF54H20_sample_app') %} +{%- set mpi_rad_vendor_name = app['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_rad_class_name = app['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME']|default('nRF54H20_sample_rad') %} +{%- set sequence_number = app['config']['CONFIG_SUIT_ENVELOPE_SEQUENCE_NUM'] %} +{%- if hci_rpmsg_subimage is defined %} + {% set rad = hci_rpmsg_subimage %} +{%- elif _802154_rpmsg_subimage is defined %} + {% set rad = _802154_rpmsg_subimage %} +{%- elif multiprotocol_rpmsg_subimage is defined %} + {% set rad = multiprotocol_rpmsg_subimage %} +{%- endif %} +SUIT_Envelope_Tagged: + suit-authentication-wrapper: + SuitDigest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-manifest: + suit-manifest-version: 1 + suit-manifest-sequence-number: {{ sequence_number }} + suit-common: + suit-components: + - - CAND_MFST + - 0 +{%- if rad is defined %} + {%- set component_index = component_index + 1 %} + {%- set rad_component_index = component_index %} + {{- component_list.append( rad_component_index ) or ""}} + - - INSTLD_MFST + - RFC4122_UUID: + namespace: {{ mpi_rad_vendor_name }} + name: {{ mpi_rad_class_name }} +{%- endif %} +{%- if app is defined %} + {%- set component_index = component_index + 1 %} + {%- set app_component_index = component_index %} + {{- component_list.append( app_component_index ) or ""}} + - - INSTLD_MFST + - RFC4122_UUID: + namespace: {{ mpi_app_vendor_name }} + name: {{ mpi_app_class_name }} +{%- endif %} + +{%- set component_list_without_top = component_list[:] %} +{%- if 'CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY' in app['config'] %} + {%- set component_index = component_index + 1 %} + {%- set top_component_index = component_index %} + {{- component_list.append( top_component_index ) or ""}} + - - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top +{%- endif %} + + suit-shared-sequence: +{%- if rad is defined %} + - suit-directive-set-component-index: {{ rad_component_index }} + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: {{ mpi_rad_vendor_name }} + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: {{ mpi_rad_vendor_name }} + name: {{ mpi_rad_class_name }} +{%- endif %} +{%- if app is defined %} + - suit-directive-set-component-index: {{ app_component_index }} + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: {{ mpi_app_vendor_name }} + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: {{ mpi_app_vendor_name }} + name: {{ mpi_app_class_name }} +{%- endif %} + +{%- if top is defined %} + - suit-directive-set-component-index: {{ top_component_index }} + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: nordicsemi.com + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top +{%- endif %} + + - suit-directive-set-component-index: [{{ component_list|join(',') }}] + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-dependencies: + # Key is the index of suit-components that describe the dependency manifest + "0": {} +{%- for component_element in component_list %} + "{{ component_element }}": {} +{%- endfor %} + suit-validate: + - suit-directive-set-component-index: [{{ component_list_without_top|join(',') }}] + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + + suit-invoke: + - suit-directive-set-component-index: [{{ component_list_without_top|join(',') }}] + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + + suit-install: + - suit-directive-set-component-index: 0 +{%- if rad is defined %} + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ rad['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ rad['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure +{%- endif %} +{%- if app is defined %} + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ app['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ app['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure +{%- endif %} +{%- if 'CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY' in app['config'] %} + - suit-directive-override-parameters: + suit-parameter-uri: '#top' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ app['config']['CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY'] }}/nordic-top.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure +{%- endif %} + suit-manifest-component-id: + - INSTLD_MFST + - RFC4122_UUID: + namespace: {{ mpi_root_vendor_name }} + name: {{ mpi_root_class_name }} + suit-integrated-dependencies: +{%- if rad is defined %} + '#{{ rad['name'] }}': {{ artifacts_folder ~ rad['name'] }}.suit +{%- endif %} +{%- if app is defined %} + '#{{ app['name'] }}': {{ artifacts_folder ~ app['name'] }}.suit +{%- endif %} +{%- if 'CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY' in app['config'] %} + '#top': {{ app['config']['CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY'] }}/nordic-top.suit +{%- endif %}