NISB with ECDSA-P256 for nrf54l15

Hi,

I recently checked support of MCUBoot validation and from NSIB for nrf54l15. (sdk 3.0.0 and above)

During this, I enabled Signature algo as ecdsa-p256.

SB_CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y

And it worked. However, I noticed, this config was applied to mcuboot only and not to NSIB. NSIB used ed25519 algo only.

Later on, reading some documentation come to know for nrf54l15 only ed25519 is supported.

I assume, this is due to the key provisioning support.

Wanted to clarify my above points here if anyone can help.

Also, wanted to know is there is any plan to support ecdsa-p256 for nrf54l15? If not, then is there any limitations we see and needs to be considered in case need to enable it?

I also noticed, even if we enable

CONFIG_FPROTECT=y

getting warning and the flag remains disabled. This is for nrf54l15 only.

Can anyone please help?

Thanks,

Nilesh

0 Sigurd Hellesvik 11 months ago in reply to Nilesh

You can set that configuration different places.
The IS_SECURE_BOOTLOADER flag checks if you set it for the NSIB project, so I suspect that the configuration is set for the wrong project.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Nilesh 11 months ago in reply to Sigurd Hellesvik

Hi,

I tried to rebuild (pristine build) and still getting the same warning.

Maybe, I am getting confused here. Can you please elaborate your point?

Some more information from my end. I am trying to build NSIB with default available configs and MCUBoot as upgradable bootloader. And I am able to test the functionality.

CONFIG_IS_SECURE_BOOTLOADER is set in NSIB prj.conf file (available in nrf\samples\bootloader).

I did not change anything in the file.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Sigurd Hellesvik 11 months ago in reply to Nilesh

Which file did you set CONFIG_FPROTECT in?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Nilesh 11 months ago in reply to Sigurd Hellesvik

By default, it is in prj.conf of NSIB bootloader.

And as you suggested above, I also tried with applications sysbuild/b0.conf. However, getting same warning.

Below attached config files I have in sysbuild folder.

b0.conf

8688.mcuboot.conf

4478.sysbuild.conf

And using below file.

https://github.com/nrfconnect/sdk-nrf/blob/main/samples/bootloader/prj.conf
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Menon 11 months ago

Hello Nilesh,

Apologies for the delayed response. Sigurd is currently away, so I’ll be taking over from here.

I just wanted to check in, have you made any progress since the last discussion, or are you still encountering the same issue? Please let me know, and I’ll be happy to assist further.

Kind regards,
Abhijith
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel