• State Not Answered
  • Replies 8 replies
  • Subscribers 75 subscribers
  • Views 205 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 346132
Options

NISB with ECDSA-P256 for nrf54l15

Nilesh

Hi,

I recently checked support of MCUBoot validation and from NSIB for nrf54l15. (sdk 3.0.0 and above)

During this, I enabled Signature algo as ecdsa-p256. 

SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
And it worked. However, I noticed, this config was applied to mcuboot only and not to NSIB. NSIB used ed25519 algo only.
Later on, reading some documentation come to know for nrf54l15 only ed25519 is supported. 
I assume, this is due to the key provisioning support.
Wanted to clarify my above points here if anyone can help.
Also, wanted to know is there is any plan to support ecdsa-p256 for nrf54l15? If not, then is there any limitations we see and needs to be considered in case need to enable it?
I also noticed, even if we enable 
CONFIG_FPROTECT=y
getting warning and the flag remains disabled. This is for nrf54l15 only.
Can anyone please help?
Thanks,
Nilesh
Parents Reply Children
  • 0 in reply to Nilesh
    Later on, reading some documentation come to know for nrf54l15 only ed25519 is supported. 
    I assume, this is due to the key provisioning support.

    As far as I know, this is a design choice, to make NSIB as small as possible.

    Also, wanted to know is there is any plan to support ecdsa-p256 for nrf54l15?

    I am not able to answer questions about our timeline. You can try to ask your local sales representative from Nordic Semiconductor for information about our timeline.

    Can you explain more about the FPROTECT issue?

    Regards,
    Sigurd Hellesvik

  • 0 in reply to Sigurd Hellesvik

    Hi,

    Thanks for the information. I thought so, it might be to keep NSIB size minimum. But then, got confused as it is applicable for nrf54l15 only and for others ecdsa-p256 is supported (Read on one of the documentations).

    Regarding FPROTECT, on enabling I am getting below warning.

    was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies:
(!(SOC_SERIES_NRF54LX && IS_SECURE_BOOTLOADER)) (=n). See 
http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_FPROTECT and/or look up FPROTECT in the 
menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values,
and Kconfig - Tips and Best Practices sections of the manual might be helpful too.

    Thanks!

    Nilesh

  • 0 in reply to Nilesh

    If you want to enable FPROTECT for NSIB, set it in sysbuild/b0.conf. See this DevAcademy on Sysbuild to learn how to set configurations for images in sysbuild builds.

  • 0 in reply to Sigurd Hellesvik

    Hi,

    I am sorry If I misunderstood your point. I am enabling CONFIG_FPROTECT, however it is giving me a warning due to dependency on another flag and due to which this flag is not getting set.

    menuconfig FPROTECT
	bool "Enable FPROTECT"
	depends on SOC_FAMILY_NORDIC_NRF
	depends on !(SOC_SERIES_NRF54LX && IS_SECURE_BOOTLOADER)
	select NRFX_RRAMC if SOC_SERIES_NRF54LX
	help
	  Enable the software library FPROTECT that may or may not be used
	  by other systems to protect flash from writes and possibly also
	  reads. Does not protect against execution.
	  May use the HW peripherals BPROT, ACL, or SPU to achieve this.

    Warning is coming from here, I think.

    However, I'll still try your suggestion and will update here.

    Thanks,

    Nilesh

  • 0 in reply to Nilesh

    You can set that configuration different places.
    The IS_SECURE_BOOTLOADER flag checks if you set it for the NSIB project, so I suspect that the configuration is set for the wrong project.

Related
Terms of service