diff --git a/application/app/boards/custom_plank.conf b/application/app/boards/custom_plank.conf new file mode 100644 index 000000000..43e621c85 --- /dev/null +++ b/application/app/boards/custom_plank.conf @@ -0,0 +1,36 @@ +# Copyright (c) 2021 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 +# +# Board-specific configuration for custom_plank (nrf52840). +# Enables MCUboot integration and firmware update support via MCUmgr/SMP over UART. + +# ── MCUboot integration ──────────────────────────────────────────────────────── +# Tell Zephyr the application image is managed by MCUboot so it links the image +# to slot0_partition and includes the image trailer expected by the bootloader. +CONFIG_BOOTLOADER_MCUBOOT=y + +# ── Flash access ─────────────────────────────────────────────────────────────── +CONFIG_FLASH=y +CONFIG_FLASH_MAP=y +CONFIG_FLASH_PAGE_LAYOUT=y +CONFIG_STREAM_FLASH=y + +# ── Firmware image management ────────────────────────────────────────────────── +# IMG_MANAGER tracks the update state (pending / confirmed / reverted). +# IMG_ERASE_PROGRESSIVELY avoids erasing the entire slot before writing. +CONFIG_IMG_MANAGER=y +CONFIG_IMG_ERASE_PROGRESSIVELY=y + +# ── MCUmgr – management subsystem (SMP protocol) ────────────────────────────── +CONFIG_MCUMGR=y +CONFIG_NET_BUF=y +CONFIG_ZCBOR=y +CONFIG_CRC=y + +# SMP transport: expose the management interface over UART0. +# Use `mcumgr` or `nrfutil device` on the host to upload images. +CONFIG_MCUMGR_TRANSPORT_UART=y + +# Management command groups +CONFIG_MCUMGR_GRP_IMG=y # image upload / list / confirm / erase +CONFIG_MCUMGR_GRP_OS=y # reset, echo diff --git a/application/app/sysbuild/mcuboot.conf b/application/app/sysbuild/mcuboot.conf new file mode 100644 index 000000000..f7e4d978e --- /dev/null +++ b/application/app/sysbuild/mcuboot.conf @@ -0,0 +1,35 @@ +# Copyright (c) 2021 Nordic Semiconductor ASA +# SPDX-License-Identifier: Apache-2.0 +# +# MCUboot bootloader configuration used by Zephyr sysbuild. +# Applied on top of MCUboot's own defaults when building with: +# west build --sysbuild -b custom_plank application/app +# +# Key references: +# https://docs.mcuboot.com/readme-zephyr.html +# https://docs.zephyrproject.org/latest/build/sysbuild/index.html + +# ── Swap strategy ────────────────────────────────────────────────────────────── +# SWAP_USING_MOVE does not need a dedicated scratch sector; it moves sectors +# one at a time using a small status area inside the image trailer. +CONFIG_BOOT_SWAP_USING_MOVE=y + +# ── Flash sector budget ──────────────────────────────────────────────────────── +# Must be ≥ the number of flash sectors in the largest image slot. +# slot0/slot1 = 448 KB / 4 KB per sector = 112 sectors → 256 is safe. +CONFIG_BOOT_MAX_IMG_SECTORS=256 + +# ── Image signing ────────────────────────────────────────────────────────────── +# RSA-2048 is widely supported and straightforward to use with imgtool. +# For production, replace the development key (root-rsa-2048.pem) with your own. +CONFIG_BOOT_SIGNATURE_TYPE_RSA=y +CONFIG_BOOT_SIGNATURE_TYPE_RSA_LEN=2048 + +# ── Upgrade mode ────────────────────────────────────────────────────────────── +# Allow permanent upgrades without requiring an explicit confirm(). +# Set to n (and confirm via MCUmgr) for stricter rollback safety. +CONFIG_BOOT_UPGRADE_ONLY=n + +# ── Logging ──────────────────────────────────────────────────────────────────── +CONFIG_LOG=y +CONFIG_MCUBOOT_LOG_LEVEL_INF=y diff --git a/application/boards/vendor/custom_plank/custom_plank.dts b/application/boards/vendor/custom_plank/custom_plank.dts index 2da3308f2..9f0aadd42 100644 --- a/application/boards/vendor/custom_plank/custom_plank.dts +++ b/application/boards/vendor/custom_plank/custom_plank.dts @@ -15,6 +15,7 @@ zephyr,console = &uart0; zephyr,sram = &sram0; zephyr,flash = &flash0; + zephyr,code-partition = &slot0_partition; }; example_sensor: example-sensor { @@ -58,3 +59,52 @@ pinctrl-1 = <&uart0_sleep>; pinctrl-names = "default", "sleep"; }; + +/* + * Flash layout (1 MB total): + * + * 0x000000 +----------+ --\ + * | MCUboot | | 48 KB (boot_partition) + * 0x00C000 +----------+ --+ + * | Slot 0 | | 448 KB (slot0_partition – active image) + * 0x07C000 +----------+ --+ + * | Slot 1 | | 448 KB (slot1_partition – update candidate) + * 0x0EC000 +----------+ --+ + * | Scratch | | 16 KB (scratch_partition – swap workspace) + * 0x0F0000 +----------+ --+ + * | Storage | | 64 KB (storage_partition – NVS/settings) + * 0x100000 +----------+ --/ + */ +&flash0 { + partitions { + compatible = "fixed-partitions"; + #address-cells = <1>; + #size-cells = <1>; + + boot_partition: partition@0 { + label = "mcuboot"; + reg = <0x00000000 0x0000c000>; + read-only; + }; + + slot0_partition: partition@c000 { + label = "image-0"; + reg = <0x0000c000 0x00070000>; + }; + + slot1_partition: partition@7c000 { + label = "image-1"; + reg = <0x0007c000 0x00070000>; + }; + + scratch_partition: partition@ec000 { + label = "image-scratch"; + reg = <0x000ec000 0x00004000>; + }; + + storage_partition: partition@f0000 { + label = "storage"; + reg = <0x000f0000 0x00010000>; + }; + }; +}; diff --git a/application/west.yml b/application/west.yml index 2b101c52a..927c80f30 100644 --- a/application/west.yml +++ b/application/west.yml @@ -14,3 +14,8 @@ manifest: remote: zephyrproject-rtos revision: main west-commands: scripts/west-commands.yml + + - name: mcuboot + remote: zephyrproject-rtos + revision: main + path: bootloader/mcuboot diff --git a/dfetch.yaml b/dfetch.yaml index 544fdfaf6..e2b25d915 100644 --- a/dfetch.yaml +++ b/dfetch.yaml @@ -34,3 +34,8 @@ manifest: revision: 57803da28e985e1cbc32a7ea993578f7267d0935 repo-path: hal_stm32.git dst: modules/hal/stm32 + + - name: mcuboot # secure bootloader with firmware update support + repo-path: mcuboot.git + branch: main + dst: bootloader/mcuboot