Guide to build and test NSIB, MCUboot as upgradable bootloader and application

Hello,

I see SDK version 3.0 and latest version of SDK has experimental support of NSIB for nrf54l15.

Correct

I am trying to build it as per the steps given in Enabling a bootloader chain using sysbuild and I am able to build the code. And able to see multiple hex files. 

Could you share the configuration files you've set up i.e sysbuild and prj.conf? Any build and/or device logs is also helpful

Kind regards,
Andreas

Hello Andreas,

Please find below configs which I am using

sysbuild.conf:

SB_CONFIG_BOOTLOADER_MCUBOOT=y
SB_CONFIG_SECURE_BOOT_APPCORE=y
#SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
SB_CONFIG_BOOT_SIGNATURE_TYPE_ED25519=y
SB_CONFIG_MCUBOOT_MODE_OVERWRITE_ONLY=y

SB_CONFIG_BOOT_SIGNATURE_KEY_FILE="\${APP_DIR}/mcuboot_priv_key_ed25519.pem"
SB_CONFIG_SECURE_BOOT_SIGNING_KEY_FILE="\${APP_DIR}/b0_private_key_ed25519.pem"

CONFIG_IS_SECURE_BOOTLOADER=y
CONFIG_MULTITHREADING=n
CONFIG_GPIO=n
CONFIG_ARM_MPU=n
CONFIG_TICKLESS_KERNEL=n
CONFIG_ERRNO=n
CONFIG_SYS_CLOCK_EXISTS=y
CONFIG_FPROTECT=y
CONFIG_FW_INFO=y
CONFIG_SECURE_BOOT_CRYPTO=y
CONFIG_SECURE_BOOT_VALIDATION=y
CONFIG_SECURE_BOOT_STORAGE=y
CONFIG_PCD_NET=y
CONFIG_FLASH=y
CONFIG_FLASH_PAGE_LAYOUT=y
CONFIG_LOG=y

CONFIG_MCUBOOT_LOG_LEVEL_WRN=y
CONFIG_BOOT_UPGRADE_ONLY=y
CONFIG_MCUBOOT_DOWNGRADE_PREVENTION=y

west flash --recover

Fprotect disabled. No protection applied.Attempting to boot slot 0.Attempting to boot from address 0x8800.I: Trying to get Firmware version
E: Firmware validation failed with error -102.
E: Failed to validate signature.
Failed to validate, permanently invalidating!Attempting to boot slot 1.Attempting to boot from address 0x16800.I: Trying to get Firmware version
E: Firmware validation failed with error -102.
E: Failed to validate signature.
Failed to validate, permanently invalidating!No bootable image found. Aborting boot.Fprotect disabled. No protection applied.Attempting to boot slot 0.Attempting to boot from address 0x8800.E: Firmware has been invalidated: 0xffff0000.
Failed to validate, permanently invalidating!Attempting to boot slot 1.Attempting to boot from address 0x16800.E: Firmware has been invalidated: 0xffff0000.
Failed to validate, permanentl

Small update on top of this message, I used ECDSA key as well.

As in one of the page it was mentioned to use ECDSA. However, result was same.

Then at one place I read for nrf54l15 ed25519 algo is required and for other SoC's ECDSA. So, I enabled same.

Also, I tried with default keys as well. No luck.

I compared public key by exporting from private key using imgtool.py and one which is generated and available at build\nrf\subsys\bootloader\generated\public.pem

public keys are same.

Not sure whether this info will help. Just thought to share with you.

Small update on top of this message, I used ECDSA key as well.

As in one of the page it was mentioned to use ECDSA. However, result was same.

Then at one place I read for nrf54l15 ed25519 algo is required and for other SoC's ECDSA. So, I enabled same.

Also, I tried with default keys as well. No luck.

I compared public key by exporting from private key using imgtool.py and one which is generated and available at build\nrf\subsys\bootloader\generated\public.pem

public keys are same.

Not sure whether this info will help. Just thought to share with you.