Skip to content

Commit 1817b91

Browse files
tomchytomchy
committed
sysbuild: Rollback protection in merged slots
Add a possibility to enable HW-based rollback protection when a project uses the merged slots. Ref: NCSDK-36295 Signed-off-by: Tomasz Chyrowicz <[email protected]>
1 parent 9550392 commit 1817b91

File tree

1 file changed

+13
-4
lines changed

1 file changed

+13
-4
lines changed

cmake/sysbuild/sign_nrf54h20.cmake

Lines changed: 13 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -183,6 +183,8 @@ function(mcuboot_sign_merged_nrf54h20 merged_hex main_image)
183183
set(CONFIG_MCUBOOT_IMGTOOL_UUID_CID)
184184
set(CONFIG_MCUBOOT_IMGTOOL_UUID_VID_NAME)
185185
set(CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME)
186+
set(CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION)
187+
set(CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE)
186188
sysbuild_get(CONFIG_MCUBOOT_IMGTOOL_UUID_VID IMAGE ${main_image} VAR
187189
CONFIG_MCUBOOT_IMGTOOL_UUID_VID KCONFIG)
188190
sysbuild_get(CONFIG_MCUBOOT_IMGTOOL_UUID_CID IMAGE ${main_image} VAR
@@ -191,15 +193,22 @@ function(mcuboot_sign_merged_nrf54h20 merged_hex main_image)
191193
CONFIG_MCUBOOT_IMGTOOL_UUID_VID_NAME KCONFIG)
192194
sysbuild_get(CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME IMAGE ${main_image} VAR
193195
CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME KCONFIG)
196+
sysbuild_get(CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION IMAGE ${main_image} VAR
197+
CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION KCONFIG)
198+
sysbuild_get(CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE IMAGE ${main_image} VAR
199+
CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE KCONFIG)
200+
201+
if(CONFIG_MCUBOOT_HARDWARE_DOWNGRADE_PREVENTION)
202+
set(imgtool_args ${imgtool_args} --security-counter
203+
${CONFIG_MCUBOOT_HW_DOWNGRADE_PREVENTION_COUNTER_VALUE})
204+
endif()
194205

195206
if(CONFIG_MCUBOOT_IMGTOOL_UUID_VID)
196-
set(imgtool_args ${imgtool_args} --vid
197-
"${CONFIG_MCUBOOT_IMGTOOL_UUID_VID_NAME}")
207+
set(imgtool_args ${imgtool_args} --vid "${CONFIG_MCUBOOT_IMGTOOL_UUID_VID_NAME}")
198208
endif()
199209

200210
if(CONFIG_MCUBOOT_IMGTOOL_UUID_CID)
201-
set(imgtool_args ${imgtool_args} --cid
202-
"${CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME}")
211+
set(imgtool_args ${imgtool_args} --cid "${CONFIG_MCUBOOT_IMGTOOL_UUID_CID_NAME}")
203212
endif()
204213

205214
# Fetch version and flags from the main image Kconfig.

0 commit comments

Comments
 (0)