cmake: mcuboot: Flash encrypted image when loading to RAM #99096
+3
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When both `SB_CONFIG_MCUBOOT_MODE_RAM_LOAD` and `SB_CONFIG_BOOT_ENCRYPTION` are enabled, MCUBoot loads an encrypted image from flash, decrypts it, and then executes it from RAM. Previously, the unencrypted image was being flashed. This caused a boot failure because MCUBoot would attempt to decrypt an unencrypted image. This commit ensures the encrypted image is flashed when this configuration is active, allowing the system to boot correctly. Signed-off-by: Arthur Gay <[email protected]>
zephyrbot
requested review from
57300,
jeremybettis,
nashif,
nordicjm and
tejlmand
|
Contributor
|
Makes sense. Can you submit an accompanying bug issue? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When image encryption is enabled with sysbuild configuration variable
SB_CONFIG_BOOT_ENCRYPTION, we get 4 files in the build directory:build/project/zephyr/zephyr.signed.encrypted.hexbuild/project/zephyr/zephyr.signed.hexbuild/project/zephyr/zephyr.slot1.signed.encrypted.hexbuild/project/zephyr/zephyr.slot1.signed.hexWhen running
west flash, the runner flashes filezephyr.signed.hex.When using
SB_CONFIG_MCUBOOT_MODE_RAM_LOADto load the image from external flash to ram and execute from ram, the image is encrypted in the external flash, and MCUBoot decrypts it when loading to ram.west flashwrites the un-encrypted image in external flash so it fails when mcuboot tries to decrypt it.This PR set file
zephyr.signed.encrypted.hexto be flashed instead in this situation.cc @nordicjm as discussed on discord : https://discord.com/channels/720317445772017664/906521547672522752/1431263691055042591