diff --git a/ncs/Kconfig b/ncs/Kconfig index fd87c153..4085e181 100755 --- a/ncs/Kconfig +++ b/ncs/Kconfig @@ -127,6 +127,15 @@ config SUIT_ENVELOPE_SECDOM_TEMPLATE Jinja2 template file used to generate yaml file for secure domain update. default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/secdom_update_envelope.yaml.jinja2" +config SUIT_ENVELOPE_SYSCTRL_TEMPLATE + string "Path to the default system controller envelope template" + default "${ZEPHYR_SUIT_GENERATOR_MODULE_DIR}/ncs/sysctrl_envelope.yaml.jinja2" + help + Path to the default system controller envelope template, that is used if the system controller directory does not + contain an input system controller envelope template file. + You can use either absolute or relative path. + In case relative path is used, the build system uses PROJECT_BINARY_DIR directory. + config SUIT_ENVELOPE_SECDOM_IMPRIMATUR_SICR_BIN string "Name of Imprimatur's build artifact containing SICR section needed for SDFW update" default "sicr.bin" diff --git a/ncs/nordic_top_with_secdom_hierarchical_envelope.yaml.jinja2 b/ncs/nordic_top_with_secdom_hierarchical_envelope.yaml.jinja2 new file mode 100644 index 00000000..c8ef6717 --- /dev/null +++ b/ncs/nordic_top_with_secdom_hierarchical_envelope.yaml.jinja2 @@ -0,0 +1,97 @@ +SUIT_Envelope_Tagged: + suit-authentication-wrapper: + SuitDigest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-manifest: + suit-manifest-version: 1 + suit-manifest-sequence-number: {{ version }} + suit-common: + suit-components: + - - CAND_MFST + - 0 + - - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sec + suit-shared-sequence: + - suit-directive-set-component-index: 1 + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: nordicsemi.com + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sec + - suit-directive-set-component-index: 1 + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-dependencies: + # Key is the index of suit-components that describe the dependency manifest + "0": {} + "1": {} + suit-validate: + - suit-directive-set-component-index: 1 + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + + suit-invoke: + - suit-directive-set-component-index: 1 + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + + suit-install: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ secdom['name'] }}' + suit-parameter-image-digest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-digest-bytes: + envelope: {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }} + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-image-match: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-manifest-component-id: + - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top + suit-integrated-dependencies: + '#{{ secdom['name'] }}': {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }} \ No newline at end of file diff --git a/ncs/root_hierarchical_envelope.yaml.jinja2 b/ncs/root_hierarchical_envelope.yaml.jinja2 index aba2187f..55f22ba3 100644 --- a/ncs/root_hierarchical_envelope.yaml.jinja2 +++ b/ncs/root_hierarchical_envelope.yaml.jinja2 @@ -233,21 +233,11 @@ SUIT_Envelope_Tagged: - suit-send-sysinfo-success - suit-send-sysinfo-failure {%- endif %} - suit-text: - suit-digest-algorithm-id: cose-alg-sha-256 suit-manifest-component-id: - INSTLD_MFST - RFC4122_UUID: namespace: nordicsemi.com name: nRF54H20_sample_root - suit-text: - '["CAND_MFST", 0]': - suit-text-vendor-name: Nordic Semiconductor ASA - suit-text-model-name: nRF54H20 - suit-text-vendor-domain: nordicsemi.com - suit-text-model-info: The nRF54H20 root manifest - suit-text-component-description: Sample root manifest - suit-text-component-version: v1.0.0 suit-integrated-dependencies: {%- if hci_rpmsg_subimage is defined %} '#{{ hci_rpmsg_subimage['name'] }}': {{ hci_rpmsg_subimage['binary'] | replace('zephyr.bin', hci_rpmsg_subimage['name'] ~ '.suit') }} diff --git a/ncs/root_with_nordic_top_sysctrl_secdom_hierarchical_envelope.yaml.jinja2 b/ncs/root_with_nordic_top_sysctrl_secdom_hierarchical_envelope.yaml.jinja2 new file mode 100644 index 00000000..8e7ae8d5 --- /dev/null +++ b/ncs/root_with_nordic_top_sysctrl_secdom_hierarchical_envelope.yaml.jinja2 @@ -0,0 +1,191 @@ +SUIT_Dependent_Manifests: + top_envelope: &nordic_top + SUIT_Envelope_Tagged: + suit-authentication-wrapper: + SuitDigest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-manifest: + suit-manifest-version: 1 + suit-manifest-sequence-number: 1 + suit-common: + suit-components: + - - CAND_MFST + - 0 + - - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sec + - - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sys + suit-shared-sequence: + - suit-directive-set-component-index: 1 + - suit-directive-override-parameters: + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sec + - suit-directive-set-component-index: 2 + - suit-directive-override-parameters: + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sys + - suit-directive-set-component-index: [1,2] + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: nordicsemi.com + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-dependencies: + # Key is the index of suit-components that describe the dependency manifest + "0": {} + "1": {} + "2": {} + suit-validate: + - suit-directive-set-component-index: 2 + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-load: + - suit-directive-set-component-index: 2 + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-invoke: + - suit-directive-set-component-index: 2 + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-install: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ secdom['name'] }}' + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ sysctrl['name'] }}' + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-manifest-component-id: + - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top + suit-integrated-dependencies: + '#{{ secdom['name'] }}': {{ secdom['binary'] | replace('secdom_update_payload.bin', secdom['name'] ~ '.suit') }} + '#{{ sysctrl['name'] }}': {{ sysctrl['binary'] | replace('zephyr.bin', sysctrl['name'] ~ '.suit') }} + +SUIT_Envelope_Tagged: + suit-authentication-wrapper: + SuitDigest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-manifest: + suit-manifest-version: 1 + suit-manifest-sequence-number: {{ version }} + suit-common: + suit-components: + - - CAND_MFST + - 0 + - - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top + suit-shared-sequence: + - suit-directive-set-component-index: 1 + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: nordicsemi.com + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_nordic_top + - suit-directive-set-component-index: 1 + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-dependencies: + # Key is the index of suit-components that describe the dependency manifest + "0": {} + "1": {} + + suit-install: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-uri: '#top' + - suit-directive-fetch: + - suit-send-record-failure + - suit-condition-dependency-integrity: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-directive-process-dependency: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-manifest-component-id: + - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sample_root + suit-integrated-dependencies: + '#top': *nordic_top \ No newline at end of file diff --git a/ncs/secdom_update_envelope.yaml.jinja2 b/ncs/secdom_update_envelope.yaml.jinja2 index b092062e..a5aba536 100644 --- a/ncs/secdom_update_envelope.yaml.jinja2 +++ b/ncs/secdom_update_envelope.yaml.jinja2 @@ -1,3 +1,7 @@ +{%- if secdom is not defined %} + {# secure domain build as main application #} + {%- set secdom = app %} +{%- endif %} SUIT_Envelope_Tagged: suit-authentication-wrapper: SuitDigest: diff --git a/ncs/sysctrl_envelope.yaml.jinja2 b/ncs/sysctrl_envelope.yaml.jinja2 new file mode 100644 index 00000000..eb669423 --- /dev/null +++ b/ncs/sysctrl_envelope.yaml.jinja2 @@ -0,0 +1,57 @@ +{# example template - need to be update #} +{%- if sysctrl is not defined %} + {# sysctrl domain build as main application #} + {%- set sysctrl = app %} +{%- endif %} +SUIT_Envelope_Tagged: + suit-authentication-wrapper: + SuitDigest: + suit-digest-algorithm-id: cose-alg-sha-256 + suit-manifest: + suit-manifest-version: 1 + suit-manifest-sequence-number: 1 + suit-common: + suit-components: + # fixme: template copied from secdom for testing purposes - update component using valid values for sysctrl when ready + - - SOC_SPEC + - 1 + - - CAND_IMG + - 0 + suit-shared-sequence: + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-vendor-identifier: + RFC4122_UUID: + name: nordicsemi.com + suit-parameter-class-identifier: + RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sys + - suit-condition-vendor-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + - suit-condition-class-identifier: + - suit-send-record-success + - suit-send-record-failure + - suit-send-sysinfo-success + - suit-send-sysinfo-failure + suit-install: + - suit-directive-set-component-index: 1 + - suit-directive-override-parameters: + suit-parameter-uri: '#{{ sysctrl['name'] }}' + - suit-directive-fetch: + - suit-send-record-failure + - suit-directive-set-component-index: 0 + - suit-directive-override-parameters: + suit-parameter-source-component: 1 + - suit-directive-copy: + - suit-send-record-failure + suit-manifest-component-id: + - INSTLD_MFST + - RFC4122_UUID: + namespace: nordicsemi.com + name: nRF54H20_sys + suit-integrated-payloads: + '#{{ sysctrl['name'] }}': {{ sysctrl['binary'] }}