Skip to content

Commit

Permalink
Feature/ncsdk 24446 suit build system refactoring (#84)
Browse files Browse the repository at this point in the history 
* feat: add possibility to use secdom_update_envelope.yaml.jinja2 as app template in case secdom is build as main application
* feat: add template for root contains only secdom as dependent envelope
* feat: add support for sysctrl envelope
* feat: simplify root and nordic-top in the root_with_nordic_top_sysctrl_secdom_hierarchical_envelope.yaml.jinja2


Signed-off-by: Robert Stypa <[email protected]>
  • Loading branch information
@robertstypa
robertstypa authored Feb 8, 2024
1 parent 11f43f1 commit 9411a49
Show file tree
Hide file tree
Showing 6 changed files with 358 additions and 10 deletions.
9 changes: 9 additions & 0 deletions ncs/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,15 @@ config SUIT_ENVELOPE_SECDOM_TEMPLATE
Jinja2 template file used to generate yaml file for secure domain update.
default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/secdom_update_envelope.yaml.jinja2"

config SUIT_ENVELOPE_SYSCTRL_TEMPLATE
string "Path to the default system controller envelope template"
default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/sysctrl_envelope.yaml.jinja2"
help
Path to the default system controller envelope template, that is used if the system controller directory does not
contain an input system controller envelope template file.
You can use either absolute or relative path.
In case relative path is used, the build system uses PROJECT_BINARY_DIR directory.

config SUIT_ENVELOPE_SECDOM_IMPRIMATUR_SICR_BIN
string "Name of Imprimatur's build artifact containing SICR section needed for SDFW update"
default "sicr.bin"
Expand Down
97 changes: 97 additions & 0 deletions ncs/nordic_top_with_secdom_hierarchical_envelope.yaml.jinja2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
SUIT_Envelope_Tagged:
suit-authentication-wrapper:
SuitDigest:
suit-digest-algorithm-id: cose-alg-sha-256
suit-manifest:
suit-manifest-version: 1
suit-manifest-sequence-number: {{ version }}
suit-common:
suit-components:
- - CAND_MFST
- 0
- - INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sec
suit-shared-sequence:
- suit-directive-set-component-index: 1
- suit-directive-override-parameters:
suit-parameter-vendor-identifier:
RFC4122_UUID: nordicsemi.com
suit-parameter-class-identifier:
RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sec
- suit-directive-set-component-index: 1
- suit-condition-vendor-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-condition-class-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-dependencies:
# Key is the index of suit-components that describe the dependency manifest
"0": {}
"1": {}
suit-validate:
- suit-directive-set-component-index: 1
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure

suit-invoke:
- suit-directive-set-component-index: 1
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure

suit-install:
- suit-directive-set-component-index: 0
- suit-directive-override-parameters:
suit-parameter-uri: '#{{ secdom['name'] }}'
suit-parameter-image-digest:
suit-digest-algorithm-id: cose-alg-sha-256
suit-digest-bytes:
envelope: {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }}
- suit-directive-fetch:
- suit-send-record-failure
- suit-condition-image-match:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-manifest-component-id:
- INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_nordic_top
suit-integrated-dependencies:
'#{{ secdom['name'] }}': {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }}
10 changes: 0 additions & 10 deletions ncs/root_hierarchical_envelope.yaml.jinja2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,21 +233,11 @@ SUIT_Envelope_Tagged:
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
{%- endif %}
suit-text:
suit-digest-algorithm-id: cose-alg-sha-256
suit-manifest-component-id:
- INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sample_root
suit-text:
'["CAND_MFST", 0]':
suit-text-vendor-name: Nordic Semiconductor ASA
suit-text-model-name: nRF54H20
suit-text-vendor-domain: nordicsemi.com
suit-text-model-info: The nRF54H20 root manifest
suit-text-component-description: Sample root manifest
suit-text-component-version: v1.0.0
suit-integrated-dependencies:
{%- if hci_rpmsg_subimage is defined %}
'#{{ hci_rpmsg_subimage['name'] }}': {{ hci_rpmsg_subimage['binary'] | replace('zephyr.bin', hci_rpmsg_subimage['name'] ~ '.suit') }}
Expand Down
191 changes: 191 additions & 0 deletions ncs/root_with_nordic_top_sysctrl_secdom_hierarchical_envelope.yaml.jinja2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
SUIT_Dependent_Manifests:
top_envelope: &nordic_top
SUIT_Envelope_Tagged:
suit-authentication-wrapper:
SuitDigest:
suit-digest-algorithm-id: cose-alg-sha-256
suit-manifest:
suit-manifest-version: 1
suit-manifest-sequence-number: 1
suit-common:
suit-components:
- - CAND_MFST
- 0
- - INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sec
- - INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sys
suit-shared-sequence:
- suit-directive-set-component-index: 1
- suit-directive-override-parameters:
suit-parameter-class-identifier:
RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sec
- suit-directive-set-component-index: 2
- suit-directive-override-parameters:
suit-parameter-class-identifier:
RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sys
- suit-directive-set-component-index: [1,2]
- suit-directive-override-parameters:
suit-parameter-vendor-identifier:
RFC4122_UUID: nordicsemi.com
- suit-condition-vendor-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-condition-class-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-dependencies:
# Key is the index of suit-components that describe the dependency manifest
"0": {}
"1": {}
"2": {}
suit-validate:
- suit-directive-set-component-index: 2
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-load:
- suit-directive-set-component-index: 2
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-invoke:
- suit-directive-set-component-index: 2
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-install:
- suit-directive-set-component-index: 0
- suit-directive-override-parameters:
suit-parameter-uri: '#{{ secdom['name'] }}'
- suit-directive-fetch:
- suit-send-record-failure
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-override-parameters:
suit-parameter-uri: '#{{ sysctrl['name'] }}'
- suit-directive-fetch:
- suit-send-record-failure
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-manifest-component-id:
- INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_nordic_top
suit-integrated-dependencies:
'#{{ secdom['name'] }}': {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }}
'#{{ sysctrl['name'] }}': {{ sysctrl['binary'] | replace('zephyr.bin', sysctrl['name'] ~ '.suit') }}

SUIT_Envelope_Tagged:
suit-authentication-wrapper:
SuitDigest:
suit-digest-algorithm-id: cose-alg-sha-256
suit-manifest:
suit-manifest-version: 1
suit-manifest-sequence-number: {{ version }}
suit-common:
suit-components:
- - CAND_MFST
- 0
- - INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_nordic_top
suit-shared-sequence:
- suit-directive-set-component-index: 1
- suit-directive-override-parameters:
suit-parameter-vendor-identifier:
RFC4122_UUID: nordicsemi.com
suit-parameter-class-identifier:
RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_nordic_top
- suit-directive-set-component-index: 1
- suit-condition-vendor-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-condition-class-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-dependencies:
# Key is the index of suit-components that describe the dependency manifest
"0": {}
"1": {}

suit-install:
- suit-directive-set-component-index: 0
- suit-directive-override-parameters:
suit-parameter-uri: '#top'
- suit-directive-fetch:
- suit-send-record-failure
- suit-condition-dependency-integrity:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-directive-process-dependency:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-manifest-component-id:
- INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sample_root
suit-integrated-dependencies:
'#top': *nordic_top
4 changes: 4 additions & 0 deletions ncs/secdom_update_envelope.yaml.jinja2
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
{%- if secdom is not defined %}
{# secure domain build as main application #}
{%- set secdom = app %}
{%- endif %}
SUIT_Envelope_Tagged:
suit-authentication-wrapper:
SuitDigest:
Expand Down
57 changes: 57 additions & 0 deletions ncs/sysctrl_envelope.yaml.jinja2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
{# example template - need to be update #}
{%- if sysctrl is not defined %}
{# sysctrl domain build as main application #}
{%- set sysctrl = app %}
{%- endif %}
SUIT_Envelope_Tagged:
suit-authentication-wrapper:
SuitDigest:
suit-digest-algorithm-id: cose-alg-sha-256
suit-manifest:
suit-manifest-version: 1
suit-manifest-sequence-number: 1
suit-common:
suit-components:
# fixme: template copied from secdom for testing purposes - update component using valid values for sysctrl when ready
- - SOC_SPEC
- 1
- - CAND_IMG
- 0
suit-shared-sequence:
- suit-directive-set-component-index: 0
- suit-directive-override-parameters:
suit-parameter-vendor-identifier:
RFC4122_UUID:
name: nordicsemi.com
suit-parameter-class-identifier:
RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sys
- suit-condition-vendor-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
- suit-condition-class-identifier:
- suit-send-record-success
- suit-send-record-failure
- suit-send-sysinfo-success
- suit-send-sysinfo-failure
suit-install:
- suit-directive-set-component-index: 1
- suit-directive-override-parameters:
suit-parameter-uri: '#{{ sysctrl['name'] }}'
- suit-directive-fetch:
- suit-send-record-failure
- suit-directive-set-component-index: 0
- suit-directive-override-parameters:
suit-parameter-source-component: 1
- suit-directive-copy:
- suit-send-record-failure
suit-manifest-component-id:
- INSTLD_MFST
- RFC4122_UUID:
namespace: nordicsemi.com
name: nRF54H20_sys
suit-integrated-payloads:
'#{{ sysctrl['name'] }}': {{ sysctrl['binary'] }}

0 comments on commit 9411a49

Please sign in to comment.