diff --git a/cmake/sysbuild/suit_provisioning.cmake b/cmake/sysbuild/suit_provisioning.cmake index 52c802cfb1d2..ee15a3cc8aa3 100644 --- a/cmake/sysbuild/suit_provisioning.cmake +++ b/cmake/sysbuild/suit_provisioning.cmake @@ -227,12 +227,15 @@ function (generate_mpi_area area) message(INFO " Generate merged MPI for ${area} (${output})") endfunction() -if(DEFINED SB_CONFIG_SOC_SERIES_NRF54HX) +if((DEFINED SB_CONFIG_SOC_SERIES_NRF54HX) OR + (DEFINED SB_CONFIG_SOC_SERIES_NRF92X)) configure_storage_address_cache() -endif() # SB_CONFIG_SOC_SERIES_NRF54HX +endif() # SB_CONFIG_SOC_SERIES_NRF54HX OR SB_CONFIG_SOC_SERIES_NRF92X if(DEFINED SB_CONFIG_SUIT_MPI_GENERATE) if(DEFINED SB_CONFIG_SUIT_MPI_SOC_NRF54H20) include(${CMAKE_CURRENT_LIST_DIR}/suit_provisioning_nrf54h20.cmake) + elseif(DEFINED SB_CONFIG_SUIT_MPI_SOC_NRF9280) + include(${CMAKE_CURRENT_LIST_DIR}/suit_provisioning_nrf9280.cmake) endif() # SB_CONFIG_SUIT_MPI_SOC_NRF54H20 endif() # SB_CONFIG_SUIT_MPI_GENERATE diff --git a/cmake/sysbuild/suit_provisioning_nrf9280.cmake b/cmake/sysbuild/suit_provisioning_nrf9280.cmake new file mode 100644 index 000000000000..743ced78e575 --- /dev/null +++ b/cmake/sysbuild/suit_provisioning_nrf9280.cmake @@ -0,0 +1,47 @@ +# +# Copyright (c) 2024 Nordic Semiconductor ASA +# +# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause +# +include(${CMAKE_CURRENT_LIST_DIR}/suit_utilities.cmake) + +# List all manifest roles. +# The function internally checks if the enabling symbol is defined. +# If role is enabled, the function verifies if all required options are defined. + +generate_mpi_hex(ROOT) +generate_mpi_hex(APP_RECOVERY) +generate_mpi_hex(APP_LOCAL_1) +generate_mpi_hex(APP_LOCAL_2) +generate_mpi_hex(APP_LOCAL_3) +generate_mpi_area( + APP_AREA + ROOT + APP_RECOVERY + APP_LOCAL_1 + APP_LOCAL_2 + APP_LOCAL_3 +) + +generate_mpi_hex(RAD_RECOVERY) +generate_mpi_hex(RAD_LOCAL_1) +generate_mpi_hex(RAD_LOCAL_2) +generate_mpi_area( + RAD_AREA + RAD_RECOVERY + RAD_LOCAL_1 + RAD_LOCAL_2 +) + +if(SB_CONFIG_SUIT_ENVELOPE_OUTPUT_MPI_MERGE) + suit_add_merge_hex_file( + FILES ${MPI_BINARY_DIR}/${SB_CONFIG_SUIT_MPI_APP_AREA_PATH} + DEPENDENCIES ${MPI_BINARY_DIR}/${SB_CONFIG_SUIT_MPI_APP_AREA_PATH} + TARGET "application" + ) + suit_add_merge_hex_file( + FILES ${MPI_BINARY_DIR}/${SB_CONFIG_SUIT_MPI_RAD_AREA_PATH} + DEPENDENCIES ${MPI_BINARY_DIR}/${SB_CONFIG_SUIT_MPI_RAD_AREA_PATH} + TARGET "radio" + ) +endif() diff --git a/config/suit/templates/nrf9280/default/v1/app_envelope.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/app_envelope.yaml.jinja2 index 3fa86952d928..f847a29132c0 100644 --- a/config/suit/templates/nrf9280/default/v1/app_envelope.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/app_envelope.yaml.jinja2 @@ -1,5 +1,5 @@ -{%- set mpi_application_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_application_class_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_app') %} +{%- set mpi_application_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_application_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_app') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -74,12 +74,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if application['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Application DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} - suit-directive-set-component-index: 1 - suit-directive-override-parameters: {%- if 'CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI' in application['config'] and application['config']['CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI'] != '' %} diff --git a/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_app_local.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_app_local.yaml.jinja2 index 16247d565656..4c6110a8aa09 100644 --- a/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_app_local.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_app_local.yaml.jinja2 @@ -1,12 +1,12 @@ {%- set component_index = 0 %} {%- set component_list = [] %} {%- set dependencies_list = [] %} -{%- set mpi_app_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_app_recovery_class_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME']|default('nRF9280_app_recovery') %} -{%- set mpi_rad_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_rad_recovery_class_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_rad_recovery') %} -{%- set mpi_app_recovery_local_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_3_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_app_recovery_local_class_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_3_CLASS_NAME']|default('nRF9280_sample_app_2') %} +{%- set mpi_app_recovery_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_app_recovery_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME']|default('nRF9280_app_recovery') %} +{%- set mpi_rad_recovery_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_rad_recovery_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_rad_recovery') %} +{%- set mpi_app_recovery_local_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_app_recovery_local_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_CLASS_NAME']|default('nRF9280_sample_app_2') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -122,12 +122,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if application['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Application DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} {%- if rad_recovery is defined %} - suit-directive-set-component-index: 0 - suit-directive-override-parameters: diff --git a/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2 index 64d357606d3a..c970d7b1a6b9 100644 --- a/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/app_recovery_envelope_direct.yaml.jinja2 @@ -1,10 +1,10 @@ {%- set component_index = 0 %} {%- set component_list = [] %} {%- set dependencies_list = [] %} -{%- set mpi_app_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_app_recovery_class_name = application['config']['CONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME']|default('nRF9280_app_recovery') %} -{%- set mpi_rad_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_rad_recovery_class_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_rad_recovery') %} +{%- set mpi_app_recovery_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_app_recovery_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_RECOVERY_CLASS_NAME']|default('nRF9280_app_recovery') %} +{%- set mpi_rad_recovery_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_rad_recovery_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_rad_recovery') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -141,12 +141,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if application['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Application DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} {%- if rad_recovery is defined %} - suit-directive-set-component-index: 1 - suit-directive-override-parameters: diff --git a/config/suit/templates/nrf9280/default/v1/app_recovery_local_envelope.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/app_recovery_local_envelope.yaml.jinja2 index c8e8aa6fb7ee..6d1ebf5e8a31 100644 --- a/config/suit/templates/nrf9280/default/v1/app_recovery_local_envelope.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/app_recovery_local_envelope.yaml.jinja2 @@ -1,5 +1,5 @@ -{%- set mpi_app_recovery_local_vendor_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_3_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_app_recovery_local_class_name = application['config']['CONFIG_SUIT_MPI_APP_LOCAL_3_CLASS_NAME']|default('nRF9280_sample_app_3') %} +{%- set mpi_app_recovery_local_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_app_recovery_local_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_CLASS_NAME']|default('nRF9280_sample_app_3') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -65,6 +65,12 @@ SUIT_Envelope_Tagged: - suit-send-sysinfo-failure suit-invoke: - suit-directive-set-component-index: 0 +{%- if 'CONFIG_SUIT_INVOKE_APP_LOCAL_3_BEFORE_MAIN_APP' in app_recovery_img['config'] and app_recovery_img['config'][CONFIG_SUIT_INVOKE_APP_LOCAL_3_BEFORE_MAIN_APP] != '' %} + - suit-directive-override-parameters: + suit-parameter-invoke-args: + suit-synchronous-invoke: True + suit-timeout: 1000 +{%- endif %} - suit-directive-invoke: - suit-send-record-failure @@ -74,12 +80,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if application['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Application DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} - suit-directive-set-component-index: 1 - suit-directive-override-parameters: {%- if 'CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI' in app_recovery_img['config'] and app_recovery_img['config']['CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI'] != '' %} diff --git a/config/suit/templates/nrf9280/default/v1/rad_envelope.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/rad_envelope.yaml.jinja2 index e79850cb4a29..8096641cd34c 100644 --- a/config/suit/templates/nrf9280/default/v1/rad_envelope.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/rad_envelope.yaml.jinja2 @@ -1,10 +1,5 @@ -{%- if application is defined %} - {%- set main_config = application %} -{%- else %} - {%- set main_config = radio %} -{%- endif %} -{%- set mpi_radio_vendor_name = main_config['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_radio_class_name = main_config['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_rad') %} +{%- set mpi_radio_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_radio_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_rad') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -79,12 +74,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if radio['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Radio DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} - suit-directive-set-component-index: 1 - suit-directive-override-parameters: {%- if 'CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI' in radio['config'] and radio['config']['CONFIG_SUIT_DFU_CACHE_EXTRACT_IMAGE_URI'] != '' %} diff --git a/config/suit/templates/nrf9280/default/v1/rad_recovery_envelope.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/rad_recovery_envelope.yaml.jinja2 index f70d00f77630..dfb7d0b20ea2 100644 --- a/config/suit/templates/nrf9280/default/v1/rad_recovery_envelope.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/rad_recovery_envelope.yaml.jinja2 @@ -1,5 +1,5 @@ -{%- set mpi_rad_recovery_vendor_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_rad_recovery_class_name = application['config']['CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_sample_rad_recovery') %} +{%- set mpi_rad_recovery_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_rad_recovery_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_RECOVERY_CLASS_NAME']|default('nRF9280_sample_rad_recovery') %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -70,12 +70,7 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if radio['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Radio DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} - suit-directive-set-component-index: 1 - suit-directive-override-parameters: suit-parameter-uri: '#{{ rad_recovery['name'] }}' diff --git a/config/suit/templates/nrf9280/default/v1/root_with_binary_nordic_top.yaml.jinja2 b/config/suit/templates/nrf9280/default/v1/root_with_binary_nordic_top.yaml.jinja2 index 1d9aa41c4ac5..0d196af29b10 100644 --- a/config/suit/templates/nrf9280/default/v1/root_with_binary_nordic_top.yaml.jinja2 +++ b/config/suit/templates/nrf9280/default/v1/root_with_binary_nordic_top.yaml.jinja2 @@ -1,21 +1,43 @@ +# This SUIT manifest template can be for various scenarios, +# depending on which components are defined in the input context and which payloads +# are included/detached from the envelope. +# This manifest will only be installed if the SoC Binaries (nordic_top envelope) installed +# in the device have a semantic version of at least 0.8.0. +# If a partial update (only radio or only application) needs to be performed, +# several rules are enforced: +# - If the candidate only contains the radio core image, it is ensured that +# the major version of the candidate radio manifest is at most greater by 1 +# than the installed application manifest major version. +# - If the candidate only contains the application core image, it is ensured that +# the semantic version of the candidate application manifest exactly +# matches the installed radio manifest semantic version. {%- set component_index = 0 %} {%- set component_list = [] %} -{%- if application is not defined %} - {%- set main_config = radio %} +{%- set mpi_root_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_ROOT_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_root_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_ROOT_CLASS_NAME']|default('nRF9280_sample_root') %} +{%- set mpi_application_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_application_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_app') %} +{%- set mpi_radio_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} +{%- set mpi_radio_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_rad') %} +{%- if RAD_LOCAL_1_VERSION is defined %} +{% set RAD_LOCAL_1_VERSION_MAJOR = ( RAD_LOCAL_1_VERSION.split('.')[0] | int ) %} {%- else %} - {%- set main_config = application %} +{% set RAD_LOCAL_1_VERSION_MAJOR = 0 %} {%- endif %} -{%- set mpi_root_vendor_name = main_config['config']['CONFIG_SUIT_MPI_ROOT_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_root_class_name = main_config['config']['CONFIG_SUIT_MPI_ROOT_CLASS_NAME']|default('nRF9280_sample_root') %} -{%- set mpi_application_vendor_name = main_config['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_application_class_name = main_config['config']['CONFIG_SUIT_MPI_APP_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_app') %} -{%- set mpi_radio_vendor_name = main_config['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_VENDOR_NAME']|default('nordicsemi.com') %} -{%- set mpi_radio_class_name = main_config['config']['CONFIG_SUIT_MPI_RAD_LOCAL_1_CLASS_NAME']|default('nRF9280_sample_rad') %} {%- if 'SB_CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY' in sysbuild['config'] and sysbuild['config']['SB_CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY'] != '' %} {%- set nordic_top = True %} {%- else %} {%- set nordic_top = False %} {%- endif %} +{%- if 'SB_CONFIG_SUIT_RECOVERY_APPLICATION_IMAGE_MANIFEST_APP_LOCAL_3' in sysbuild['config'] and sysbuild['config']['SB_CONFIG_SUIT_RECOVERY_APPLICATION_IMAGE_MANIFEST_APP_LOCAL_3'] != '' %} + {%- set mpi_app_recovery_local_vendor_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_VENDOR_NAME']|default('nordicsemi.com') %} + {%- set mpi_app_recovery_local_class_name = sysbuild['config']['SB_CONFIG_SUIT_MPI_APP_LOCAL_3_CLASS_NAME']|default('nRF9280_sample_app_3') %} +{%- endif %} +{%- if app_recovery_img is defined and 'CONFIG_SUIT_INVOKE_APP_LOCAL_3_BEFORE_MAIN_APP' in app_recovery_img['config'] and app_recovery_img['config'][CONFIG_SUIT_INVOKE_APP_LOCAL_3_BEFORE_MAIN_APP] != '' %} + {%- set recovery_button_check_on_invoke = True %} +{%- else %} + {%- set recovery_button_check_on_invoke = False %} +{%- endif %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: @@ -33,14 +55,14 @@ SUIT_Envelope_Tagged: suit-components: - - CAND_MFST - 0 -{%- if radio is defined %} +{% if recovery_button_check_on_invoke %} {%- set component_index = component_index + 1 %} - {%- set rad_component_index = component_index %} - {{- component_list.append( rad_component_index ) or ""}} + {%- set app_recovery_local_component_index = component_index %} + {{- component_list.append( app_recovery_local_component_index ) or ""}} - - INSTLD_MFST - RFC4122_UUID: - namespace: {{ mpi_radio_vendor_name }} - name: {{ mpi_radio_class_name }} + namespace: {{ mpi_app_recovery_local_vendor_name }} + name: {{ mpi_app_recovery_local_class_name }} {%- endif %} {%- if application is defined %} {%- set component_index = component_index + 1 %} @@ -51,9 +73,17 @@ SUIT_Envelope_Tagged: namespace: {{ mpi_application_vendor_name }} name: {{ mpi_application_class_name }} {%- endif %} +{%- if radio is defined %} + {%- set component_index = component_index + 1 %} + {%- set rad_component_index = component_index %} + {{- component_list.append( rad_component_index ) or ""}} + - - INSTLD_MFST + - RFC4122_UUID: + namespace: {{ mpi_radio_vendor_name }} + name: {{ mpi_radio_class_name }} +{%- endif %} {%- set component_list_without_top = component_list[:] %} -{%- if nordic_top %} {%- set component_index = component_index + 1 %} {%- set top_component_index = component_index %} {{- component_list.append( top_component_index ) or ""}} @@ -61,10 +91,27 @@ SUIT_Envelope_Tagged: - RFC4122_UUID: namespace: nordicsemi.com name: nRF9280_nordic_top -{%- endif %} suit-shared-sequence: - - suit-directive-set-component-index: [{{ component_list|join(',') }}] + - suit-directive-set-component-index: [{{ component_list_without_top|join(',') }}] + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: {{ mpi_root_vendor_name }} + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: {{ mpi_root_vendor_name }} + name: {{ mpi_root_class_name }} + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-set-component-index: [{{ top_component_index }}] - suit-directive-override-parameters: suit-parameter-vendor-identifier: RFC4122_UUID: {{ mpi_root_vendor_name }} @@ -120,44 +167,86 @@ SUIT_Envelope_Tagged: suit-current-version: {{ DEFAULT_VERSION }} {%- endif %} -{%- if main_config['dt'].label2node['suit_storage_partition'].regs[0].size == 24576 %} - # Main DTS contains larger SUIT storage - use legacy encoding - suit-install-legacy: -{%- else %} suit-install: -{%- endif %} - suit-directive-set-component-index: 0 + # As the candidate-verification sequence has already verified that the envelope includes + # either a full set of images or a single image which is compatible with the installed images, + # We can blindly proceed with installing the images which are attached to this envelope. {%- if radio is defined %} - - suit-directive-override-parameters: - suit-parameter-uri: '#{{ radio['name'] }}' - - suit-directive-fetch: - - suit-send-record-failure - - suit-condition-dependency-integrity: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure - - suit-directive-process-dependency: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure + - suit-directive-run-sequence: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ radio['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ radio['name'] }}.suit + suit-parameter-soft-failure: True + # The soft-failure parameter is set to True, so that if only one of the radio or application + # payloads is present in the current envelope, the installation process won't fail. + # Only processing of the current sequence in suit-directive-run-sequence will be interrupted. + # This serves as a "if radio payload is present" condition. + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + # At this stage it is already known that the radio payload is available in the envelope. + # A failure in the commands below means that the attached payload is invalid, which + # should result in a failure of the whole update process. + # Thus, the soft-failure parameter should be set to false. + - suit-directive-override-parameters: + suit-parameter-soft-failure: False + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure {%- endif %} {%- if application is defined %} - - suit-directive-override-parameters: - suit-parameter-uri: '#{{ application['name'] }}' - - suit-directive-fetch: - - suit-send-record-failure - - suit-condition-dependency-integrity: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure - - suit-directive-process-dependency: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure + - suit-directive-run-sequence: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ application['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ application['name'] }}.suit + suit-parameter-soft-failure: True + # The soft-failure parameter is set to True, so that if only one of the radio or application + # payloads is present in the current envelope, the installation process won't fail. + # Only processing of the current sequence in suit-directive-run-sequence will be interrupted. + # This serves as a "if application payload is present" condition. + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + # At this stage it is already known that the application payload is available in the envelope. + # A failure in the commands below means that the attached payload is invalid, which + # should result in a failure of the whole update process. + # Thus, the soft-failure parameter should be set to false. + - suit-directive-override-parameters: + suit-parameter-soft-failure: False + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure {%- endif %} {%- if nordic_top %} - suit-directive-override-parameters: @@ -177,77 +266,204 @@ SUIT_Envelope_Tagged: {%- endif %} suit-candidate-verification: - - suit-directive-set-component-index: 0 -{%- if radio is defined %} + - suit-directive-set-component-index: {{ top_component_index }} + # The version check below should be modified if a different installed SoC Binaries version + # is required for the update. - suit-directive-override-parameters: - suit-parameter-uri: '#{{ radio['name'] }}' - suit-parameter-image-digest: - suit-digest-algorithm-id: cose-alg-sha-256 - suit-digest-bytes: - envelope: {{ artifacts_folder ~ radio['name'] }}.suit - - suit-directive-fetch: + suit-parameter-version: + suit-condition-version-comparison-greater-equal: 0.8.0 + - suit-condition-version: + - suit-send-record-success - suit-send-record-failure - # In the case of streaming operations it is worth to retry them at least once. - # This increases the robustness against bit flips on the transport, - # for example when storing the data on an external memory device. - # The suit-directive-try-each will complete on the first successful subsequence. + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-try-each: - - - suit-condition-image-match: +{%- if radio is not defined or application is not defined %} +# suit-directive-try-each needs at least two sequences. +# If the application is single core, add this dummy sequence, +# to provide the needed second sequence. + - - suit-condition-abort: + - suit-send-record-failure +{%- endif %} +{%- if radio is defined and application is defined %} + - - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ radio['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ radio['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: - suit-send-record-success - suit-send-record-failure - suit-send-sysinfo-success - suit-send-sysinfo-failure - - - suit-condition-image-match: + + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ application['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ application['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure +{%- endif %} +{%- if radio is defined %} + - - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ radio['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ radio['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + # Radio payload is available and correct. Proceed with radio verification. + +{%- if RAD_LOCAL_1_VERSION_MAJOR > 0 and application is defined %} + - suit-directive-set-component-index: {{ app_component_index }} + - suit-directive-override-parameters: + suit-parameter-version: + # Verify that the major version of the new radio manifest is greater from the + # currently installed application manifest major version by at most 1. + suit-condition-version-comparison-greater-equal: {{ RAD_LOCAL_1_VERSION_MAJOR - 1 }}.0.0 + suit-parameter-soft-failure: False + - suit-condition-version: - suit-send-record-success - suit-send-record-failure - suit-send-sysinfo-success - suit-send-sysinfo-failure - - suit-condition-dependency-integrity: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure - - suit-directive-process-dependency: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure +{%- endif %} + {%- endif %} {%- if application is defined %} - - suit-directive-override-parameters: - suit-parameter-uri: '#{{ application['name'] }}' - suit-parameter-image-digest: - suit-digest-algorithm-id: cose-alg-sha-256 - suit-digest-bytes: - envelope: {{ artifacts_folder ~ application['name'] }}.suit - - suit-directive-fetch: - - suit-send-record-failure - # In the case of streaming operations it is worth to retry them at least once. - # This increases the robustness against bit flips on the transport, - # for example when storing the data on an external memory device. - # The suit-directive-try-each will complete on the first successful subsequence. - - suit-directive-try-each: - - - suit-condition-image-match: + # Radio payload is unavailable. + # Verify that the application payload is available and compatible with the currently installed + # radio image. In the case of this manifest this means the semantic version number of the + # candidate application manifest is identical to that of the installed radio manifest. + - - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ application['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ application['name'] }}.suit + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: - suit-send-record-success - suit-send-record-failure - suit-send-sysinfo-success - suit-send-sysinfo-failure - - - suit-condition-image-match: + {%- if radio is defined and APP_LOCAL_1_VERSION is defined %} + # Ensure that the application manifest version matches exactly the installed radio manifest version. + - suit-directive-set-component-index: {{ rad_component_index }} + - suit-directive-override-parameters: + suit-parameter-version: + suit-condition-version-comparison-equal: {{ APP_LOCAL_1_VERSION }} + suit-parameter-soft-failure: False + - suit-condition-version: - suit-send-record-success - suit-send-record-failure - suit-send-sysinfo-success - suit-send-sysinfo-failure - - suit-condition-dependency-integrity: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure - - suit-directive-process-dependency: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure + {%- endif %} +{%- endif %} + + # At this stage the suit-processor has already verified that the envelope includes + # either a full set of images or a single image which is compatible with the installed images, + # we can proceed with simply validating the payloads which are attached to this envelope. +{%- if radio is defined %} + - suit-directive-run-sequence: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ radio['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ radio['name'] }}.suit + suit-parameter-soft-failure: True + # The soft-failure parameter is set to True, so that if only one of the radio or application + # payloads is present in the current envelope, the installation process won't fail. + # Only processing of the current sequence in suit-directive-run-sequence will be interrupted. + # This serves as a "if radio payload is present" condition. + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + # At this stage it is already known that the radio payload is available in the envelope. + # A failure in the commands below means that the attached payload is invalid, which + # should result in a failure of the whole update process. + # Thus, the soft-failure parameter should be set to false. + - suit-directive-override-parameters: + suit-parameter-soft-failure: False + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure +{%- endif %} +{%- if application is defined %} + - suit-directive-run-sequence: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ application['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ artifacts_folder ~ application['name'] }}.suit + suit-parameter-soft-failure: True + # The soft-failure parameter is set to True, so that if only one of the radio or application + # payloads is present in the current envelope, the installation process won't fail. + # Only processing of the current sequence in suit-directive-run-sequence will be interrupted. + # This serves as a "if application payload is present" condition. + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + # At this stage it is already known that the application payload is available in the envelope. + # A failure in the commands below means that the attached payload is invalid, which + # should result in a failure of the whole update process. + # Thus, the soft-failure parameter should be set to false. + - suit-directive-override-parameters: + suit-parameter-soft-failure: False + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure {%- endif %} + {%- if nordic_top %} - suit-directive-override-parameters: suit-parameter-uri: '#top' @@ -257,21 +473,11 @@ SUIT_Envelope_Tagged: envelope: {{ sysbuild['config']['SB_CONFIG_SUIT_ENVELOPE_NORDIC_TOP_DIRECTORY'] }}/nordic_top.suit - suit-directive-fetch: - suit-send-record-failure - # In the case of streaming operations it is worth to retry them at least once. - # This increases the robustness against bit flips on the transport, - # for example when storing the data on an external memory device. - # The suit-directive-try-each will complete on the first successful subsequence. - - suit-directive-try-each: - - - suit-condition-image-match: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure - - - suit-condition-image-match: - - suit-send-record-success - - suit-send-record-failure - - suit-send-sysinfo-success - - suit-send-sysinfo-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure - suit-condition-dependency-integrity: - suit-send-record-success - suit-send-record-failure diff --git a/sysbuild/suit_provisioning/Kconfig.nrf9280 b/sysbuild/suit_provisioning/Kconfig.nrf9280 index 62550adc7e91..2235df49d19a 100644 --- a/sysbuild/suit_provisioning/Kconfig.nrf9280 +++ b/sysbuild/suit_provisioning/Kconfig.nrf9280 @@ -47,6 +47,7 @@ manifest-mpi-offset=0x3030 menuconfig SUIT_MPI_$(manifest) bool "Application recovery manifest configuration" + default y if SUIT_BUILD_RECOVERY rsource "Kconfig.template.manifest_config" @@ -84,6 +85,7 @@ manifest-mpi-offset=0x30c0 menuconfig SUIT_MPI_$(manifest) bool "Application local (3) manifest configuration" + default y if SUIT_RECOVERY_APPLICATION_IMAGE_MANIFEST_APP_LOCAL_3 rsource "Kconfig.template.manifest_config" @@ -113,6 +115,7 @@ manifest-mpi-offset=0x2000 menuconfig SUIT_MPI_$(manifest) bool "Radio recovery manifest configuration" + default y if SUIT_BUILD_RECOVERY rsource "Kconfig.template.manifest_config"